Re: How to handle mail for multiple (10-15) domains w/o localpart conflicts?

2003-04-07 Thread Ralf G. R. Bergs 
On Mon, 07 Apr 2003 12:12:46 +1000, Donovan Baarda wrote:

[...]
>> I don't want to move away from Exim unless there are serious (or even 
>> compelling) reasons to do so.
>
>This has to rate as a FAQ. Time to start documenting it in the wiki;
>
>http://wiki.debian.net/EmailConfiguration
>
>Includes documentation on configuring Debian for Maildir using procmail
>with exim or postfix.

Thank you for taking the time to provide this.

Now that I've had a look at this I still don't see strong reasons NOT to use 
Exim any longer. I do see reasons to migrate to "maildir"-style mailboxes which 
I might do (altho as I mentioned performance probably won't EVER be an issue at 
all since the server will be running more or less "idle.")


-- 
   L I N U X   .~.
  The  Choice  /V\
   of a  GNU  /( )\
  Generation  ^^-^^

Re: How to handle mail for multiple (10-15) domains w/o localpart conflicts?

2003-04-07 Thread Ralf G. R. Bergs 
On Mon, 07 Apr 2003 10:13:43 +1000 (EST), Brad Lay wrote:

[...]
>I've just setup this exact same thing on my mail server. You don't need
>any debian packages for everything. Heres my configs.

Thanks for sharing this with us. As I already pointed out I would really like 
a solution that can be realized without not-yet-Debianized software (even it's 
unofficial packages that I have to use.)

[...]
>   server_condition = "${if eq{${md5:$3}}{${substr_5:${lookup mysql{select 
password_hash from popbox where local_part='${local_part:$2}' and 
domain_name='${domain:$2}'}{$value{1}{0}}"

But how can I *easily* enter new users into MySQL? I'm not exactly a MySQL 
expert... Is there a web interface for these kind of jobs? Maybe as part of 
"vmail-sql?"

>Hope this helped. If you need more help shoot me an email offlist.

Well, I'm currently only collecting infos. I've still to rent my server (I'm 
already running a private one since 5 years or so, but this time I'm providing 
the service for "customers" (read: friends) in a somewhat larger scale (but 
still it's small-scale for "real" ISPs ;-)

>[1] Debian's exim needs to be recompiled to use mysql (I can give you a
>url to the one I created).

That's no problem for me. I published an Exim4 package I created myself LONG 
before there were even experimental official ones. But thanks for your offer, 
and thanks for taking the time of writing this all up.


-- 
   L I N U X   .~.
  The  Choice  /V\
   of a  GNU  /( )\
  Generation  ^^-^^

Re: How to handle mail for multiple (10-15) domains w/o localpart conflicts?

2003-04-07 Thread Ralf G. R. Bergs 
On Sun, 06 Apr 2003 22:04:32 +0200, Markus Welsch wrote:

>> Well, performance is not a problem for me. As I already mentioned I'm just 
>> hosting a dozen of domains with only a couple of (low-use) mailboxes 
>> altogether.
>
>Well that really doesn't make a difference, but nevermind !

Well, I think it does. Solutions that are perfect for my needs are probably 
just inacceptable for "real" ISPs (because of the lack of performance, 
comfort, billing facilities, etc.)

>> Sure, but I like the option of quickly having a glance at them using 
"Mutt," 
>> in case something goes wrong etc. This way I can ssh in and remove 
offending 
>> mails, instead having to telnet to 110 and DELE it.
>
>Well you could also set up webmail if you don't like to telnet.

That's right. I will be doing that, in fact, using OpenWebMail (which seems to 
run great UNLESS the home directories are on NFS, which won't be the case for 
me.)

>What do you count to "offending mails" ?

Well, HUGE messages which users can't (or don't want to) download, and which I 
can easily delete using Mutt on the mbox file.

>> What exactly does the above do? I'm sorry but I don't quite get your point.
>
>Well I thought you meant just for some hosts e. g. the mailserver host 
>you would like to have local deliverage and for all others you would 
>like to use cyrus.

Call me stupid but I still don't quite get you. Maybe you would like to 
explain me your point off-list?

>I don't think not using mbox and rather using a better way is not a 
>mistake. And I wouldn't also limit the decision of which 

You're absolutely right, but as I said (because I'm quite familiar with Exim) 
I would like to stick with it unless there are serious (or even compelling) 
reasons to move away fromit. And "better performance" isn't a reason for me 
since the server will be 99% idle all the time.

>POP3/IMAP-server to use just because a MUA can't handle the format of 
>the server ...

Again you're absolutely right, and now that you have reminded me of webmail 
this point is no longer an issue for me.

>> This option I will only consider if there is NO OTHER WAY. I've once 
started 
>> to do that and I have very soon regretted that I did so, so I don't want to 
>> repeat that mistake again.
>
>Those are just php scripts and a sql database creation script. You do 
>not need to compile anything, etc. All it checks for is if you have 
>webserver, php, etc installed.

Ok, in that case I might use it if I don't find a better "environment" for my 
needs.

Thanks,

Ralf


-- 
   L I N U X   .~.
  The  Choice  /V\
   of a  GNU  /( )\
  Generation  ^^-^^

Re: dialin works only once or twice

2003-04-07 Thread robjeh 
Hi Jan,

I had some problems with mgetty too, as i can remember ( he, its monday ) there 
are options to get more logging from pppd and mgetty. Setting more verbose 
logging will help you with finding the problem. 
Another thing you can try is to make a "cleanup" script in /etc/ppp/ip_down.d 
that makes sure the pppd is killed and the line is down and to run some checks 
( its allso possible to add some custom call logging ;) )

If you can't find the problem feel free to send me a email

grtnx,
  Robbert Helling
 
Citeren Jan Harders <[EMAIL PROTECTED]>:

> hi everybody,
> 
> i have woody installed and am trying to build a dialup account for users
> ...
> no problem i couldn't have solved with a few docs ...
> things are running just fine once, maybe twice, then there's no answer to
> the incoming call any more. system uses an internal isdn-card (avm fritz
> pci) and net_tty shows the call in the logs and rings on ttyI0, mgetty
> seems
> to take it
> -
> 04/06 18:02:43 yI0  mgetty: experimental test release 1.1.27-Oct21
> 04/06 18:02:43 yI0  check for lockfiles
> 04/06 18:02:43 yI0  locking the line
> 04/06 18:02:44 yI0  lowering DTR to reset Modem
> 04/06 18:02:44 yI0  send: ATZ[0d]
> 04/06 18:02:44 yI0  waiting for ``OK'' ** found **
> 04/06 18:02:44 yI0  send: AT&E0[0d]
> 04/06 18:02:44 yI0  waiting for ``OK'' ** found **
> 04/06 18:02:44 yI0  send: AT&B512[0d]
> 04/06 18:02:44 yI0  waiting for ``OK'' ** found **
> 04/06 18:02:45 yI0  waiting...
> 04/06 18:03:18 # failed dev=ttyI0, pid=23235, got signal 15, exiting
> 
> 
> but, as you can see, quits. couldn't find any additional information what
> happens just before the signal 15 msg. the client (win 98) just tells me,
> the remote computer didn't answer. tried the exact same config of mgetty,
> isdn and ppp on another computer (with a teledat 100 isa isdn card) and it
> works fine all the time.
> any ideas?
> if you need more information, please let me know.
> 
> thanks in advance,
> 
> jan harders
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
> 
> 
> 





__


http://www.wanadoo.nl/

[HELP] .htaccess problem

2003-04-07 Thread axacheng 

Hello List :

i using .htaccess to restrict user to use web resource . 

However, i type correct username & password in box that the web browser pops up 
when i attempts to access resource in protected area.

i got error message 

● in /var/log/apache/error.log as following : 

[Mon Apr  7 15:31:27 2003] [error] [client 192.168.10.254] Search must return 
exactly 1 entry; found 0 entries for search (&(objectclass=*)(uid=tester)): URI 
/admin
[Mon Apr  7 15:31:28 2003] [error] [client 192.168.10.254] Search must return 
exactly 1 entry; found 0 entries for search (&(objectclass=*)(uid=tester)): URI 
/admin



● in /var/log/syslog :

Apr  7 15:50:03 backup slapd[17788]: conn=3 op=4 SRCH base="dc=ezplay,dc=tv" 
scope=2 filter="(&(objectClass=*)(uid=tester))"
Apr  7 15:50:03 backup slapd[17788]: conn=3 op=4 SEARCH RESULT tag=101 err=0 
text=
Apr  7 15:50:05 backup slapd[17789]: conn=7 op=2 SRCH base="dc=ezplay,dc=tv" 
scope=2 filter="(&(objectClass=*)(uid=tester))"
Apr  7 15:50:05 backup slapd[17789]: conn=7 op=2 SEARCH RESULT tag=101 err=0 
text=
Apr  7 15:50:07 backup slapd[17788]: conn=4 op=4 SRCH base="dc=ezplay,dc=tv" 
scope=2 filter="(&(objectClass=*)(uid=tester))"
Apr  7 15:50:07 backup slapd[17788]: conn=4 op=4 SEARCH RESULT tag=101 err=0 
text=
Apr  7 15:50:09 backup slapd[17789]: conn=5 op=5 SRCH base="dc=ezplay,dc=tv" 
scope=2 filter="(&(objectClass=*)(uid=tester))"

===

● My .htaccess as follow :

AuthName "For Student to login"
AuthLDAPUrl ldap://192.168.8.8/dc=ezplay,dc=tv?uid?
AuthType Basic


Order deny,allow
Deny from all
Allow from all
require user test




● However, when i execute "ldapsearch" command  , the result as follow:

backup:/var/www/admin# ldapsearch -x -h 192.168.8.8 -b dc=ezplay,dc=tv 
uid=tester
version: 2

#
# filter: uid=tester
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1





i am NO any idea to solve this problem,  and i have been tried to find out 
answer in MaillistUnfortunately,i didnt got answer about my problem

Please Help me.




-- 
Trust & Unique ...
axacheng <[EMAIL PROTECTED]>

Re: [HELP] .htaccess problem

2003-04-07 Thread Andreas Vent-Schmidt 
Hi,
may be it's very simple:
[Mon Apr  7 15:31:27 2003] [error] [client 192.168.10.254] Search must 
return
exactly 1 entry; found 0 entries for search (&(objectclass=*)(uid=tester)):
You typed in the username "tester", didn't you?   ---^^
But in your .htaccess, you said that only the user "test" should be 
allowed to access the area:


Order deny,allow
Deny from all
Allow from all
require user test
  

That's all, I think!
Best regards,
Andreas
--
procommerz - Internet fuer Unternehmen
http://www.procommerz.de | 033925-90710

Re: [HELP] .htaccess problem

2003-04-07 Thread axacheng 
Hello Andreas :

thanks a lot

but..Sorry...its my fault.

my .htaccess as follow



Order deny,allow
Deny from all
Allow from all
require user tester


so that, i still CAN NOT solve this problem @___@


i dont know what mean error message :

[Mon Apr  7 15:31:27 2003] [error] [client 192.168.10.254] Search must return 
exactly 1 entry; found 0 entries for search (&(objectclass=*)(uid=tester)):






-- 
Trust & Unique ...
axacheng <[EMAIL PROTECTED]>

Re: [HELP] .htaccess problem

2003-04-07 Thread Cato Aune 
Hi,

you do actually use the objectclass attribute in your entry for 
uid=tester?
(I think you are supposed to at least have objectclass=top)


Regards,

Cato Aune

mandag 7. april 2003, 12:44, skrev axacheng:
> Hello Andreas :
>
> thanks a lot
>
> but..Sorry...its my fault.
>
> my .htaccess as follow
>
>
> 
> Order deny,allow
> Deny from all
> Allow from all
> require user tester
> 
>
> so that, i still CAN NOT solve this problem @___@
>
>
> i dont know what mean error message :
>
> [Mon Apr  7 15:31:27 2003] [error] [client 192.168.10.254] Search
> must return exactly 1 entry; found 0 entries for search
> (&(objectclass=*)(uid=tester)):
>
>
>
>
>
>
> --
> Trust & Unique ...
> axacheng <[EMAIL PROTECTED]>

Re: [HELP] .htaccess problem

2003-04-07 Thread Tinus Nijmeijers 
On Mon, 2003-04-07 at 12:44, axacheng wrote:
> i dont know what mean error message :
> 
> [Mon Apr  7 15:31:27 2003] [error] [client 192.168.10.254] Search must return 
> exactly 1 entry; found 0 entries for search (&(objectclass=*)(uid=tester)):
> 

google says it's an ldap error.

hav you got mod_auth_ldap loaded and not configured?

tinus

Re: [HELP] .htaccess problem

2003-04-07 Thread Tinus Nijmeijers 
> > [Mon Apr  7 15:31:27 2003] [error] [client 192.168.10.254] Search must 
> > return exactly 1 entry; found 0 entries for search 
> > (&(objectclass=*)(uid=tester)):
> google says it's an ldap error.
> hav you got mod_auth_ldap loaded and not configured?

sorry, didn't pay attention.

tinus

Re: [HELP] .htaccess problem

2003-04-07 Thread eirik dentz 
Hmm, I'm not totally sure, because I haven't worked with this in some (Btime and I'm also not sure which LDAP authentication module you are (Busing, but my auth_ldap-1.6.0-4 configuration follows: (B (B (BAuthType Basic (B (BAuthName Login (B (BAuthLDAPURL (Bldap://localhost:389/ou=People,dc=yourdomain,dc=org?uid?sub (B (BAllowOverride AuthConfig (B (Brequire valid-user (B (B (BAlso, this configuration is included in httpd.conf for a  (Bcontext. But you should be able to apply it to your case. (B (B (BHope that helps. (B (B (BEirik (B (B (BOn Monday, April 7, 2003, at 04:14  AM, axacheng wrote: (B (B (B (B$B!|(B My .htaccess as follow : (B (B (BAuthName "For Student to login" (B (BAuthLDAPUrl ldap://192.168.8.8/dc=ezplay,dc=tv?uid? (B (BAuthType Basic (B (B (B (B (BOrder deny,allow (B (BDeny from all (B (BAllow from all (B (Brequire user test (B (B (B (B (B (B

Privacy in virtual hosting environment

2003-04-07 Thread Fraser Campbell 
Hi,

Since I'm currently setting up my first shared hosting environment in a few 
years I'm wondering how to adequately address privacy issues.

I plan to provide python (with and without mod_python), perl (perhaps just 
CGI) as well as PHP support.  Is there any way to prevent people from 
sourcing things above their document root?  My main concern is db passwords 
stored in config files or scripts.

I think with apache2 and the mpm that allows different users for different 
virtual hosts it should be possible but since apache2 isn't in woody I don't 
like the idea too much.

My other thoughts are to run multiple instances of apache wth different uids, 
an alternative might be to run user mode linux or other virtual environment.  
Both of these options seem quite resource intensive though and multiple 
apaches would require an IP for every site (I think).

What are you guys using?

Thanks,
-- 
Fraser Campbell <[EMAIL PROTECTED]> http://www.wehave.net/
Brampton, Ontario, Canada Debian GNU/Linux

Re: Privacy in virtual hosting environment

2003-04-07 Thread Vector 
- Original Message -
From: "Fraser Campbell" <[EMAIL PROTECTED]>
To: 
Sent: Monday, April 07, 2003 7:36 AM
Subject: Privacy in virtual hosting environment


> Hi,
>
> Since I'm currently setting up my first shared hosting environment in a
few
> years I'm wondering how to adequately address privacy issues.

Good, lots of 'em don't care.

> I plan to provide python (with and without mod_python), perl (perhaps just
> CGI) as well as PHP support.  Is there any way to prevent people from
> sourcing things above their document root?  My main concern is db
passwords
> stored in config files or scripts.

I tried using PHP's ini settings within each vhost to ensure people weren't
access directories outside the directory for their vhost but that didn't
work because PHP screws it all up and gets mixed up with some vhosts
parameters bleeding into others and it generates errors in a seemingly
random way.

suexec is nice for cgi but still doesn't limit a scripts ability to read
files outside the a certain directory.  It only enforces permissions.  So at
first my solution to that was to restrict vhost directories by permissions
and have a separate group for each vhost that has the apache user in it and
then under that directory, everything is world readable.  That way, only the
user and apache have access to the primary directory and then standard
permissions apply after that.  So if suexec is running cgi as one user
another can get outside their own vhost directory but no inside anyone
elses.
e.g.

directory,   owner,   group,   perms
vhost1,user1,   group1-apache, 750
vhost1/htdocs,  user1,  group1,  755
vhost2,user2,   group2-apache, 750
vhost2/htdocs,  user2,  group2,  755

Well that breaks down as soon as apache is in more than the maximum allowed
number of groups per user thus limiting you to that number of vhosts per
apache instance.

> I think with apache2 and the mpm that allows different users for different
> virtual hosts it should be possible but since apache2 isn't in woody I
don't
> like the idea too much.

that's finally what I've resorted to.  Even though mpm is experimental I
have to use it anyway because it really is the best option..USE THE
SOURCE, LUKE..heheh

> My other thoughts are to run multiple instances of apache wth different
uids,
> an alternative might be to run user mode linux or other virtual
environment.
> Both of these options seem quite resource intensive though and multiple
> apaches would require an IP for every site (I think).

 been there done thatvery uglymost secure but very ugly.  It is a
pain to administer and it is pig on the box.  Yes each one requires it's own
IP address if you are going to have them all listen on port 80 anyway.

> What are you guys using?
>

I know some that have switched to web servers like Roxen to help solve this
issue and make things more secure.  I don't know if PHP will run on stuff
like that without running it as a CGI instead of having PHP built-in.
I know of admins that have run separate instances of apache like you mention
above.

vec

Re: port blocking

2003-04-07 Thread Keegan Quinn 
On Saturday 05 April 2003 01:36 pm, [EMAIL PROTECTED] wrote:
> I'm trying to lock down my server, which, for historical reasons *has*
> to run the various nis services.  No problem, I'll just block the ports
> that ypfrx, yppasswdd, ypbind, etc bind to.  However, it seems that they
> choose a different port each time.  As I don't want to switch to the
> 'block everything, only open needed' methodology (too much overhead to
> keep all my clients working), how do I force the various nis services to
> use only certain specified ports?  Looking at the man page, some of them
> take a -p switch, but putting that into the /etc/init.d/nis file in the
> --exec line 1) doesn't seem to work and 2) would be overwritten by the
> next upgrade (iirc, the init scripts are not marked as config files).
> Any ideas?

I'm not exactly sure if locking the NIS ports is possible, but I can verify 
that init.d scripts are (almost?) always marked as conffiles.  You do not 
need to worry about them being overwritten without being asked.

That said, I would really recommend that you switch to the "block everything" 
firewall methodology, especially if you need legacy software like NIS around.  
You'll sleep easier.

Also, about the -p switch: make sure you're passing "--" between the program 
name and the -p.  start-stop-daemon needs this, to seperate its own arguments 
from those of the daemon it's starting.  (This may not be your problem - like 
I said, I don't use NIS, those scripts might not call start-stop-daemon.)

Hope this helps.

 - Keegan

[HELP] .htaccess problem.......thanks.

2003-04-07 Thread axacheng 
Very Thanks for all reply.  :-)


Now , i type correct username & password in box that the web browser pops up 
when i attempts to access resource in protected area .

its still didn't work--

its made me a pretty BAD mess of this problem ...Help ... 
help.i wanna die...


● My LDAP tree as follow :

dc=ezplay,dc=tv
  |
  |>uid=tester
  |
  |>uid=axa.cheng
  |
  |__ou=td
  | |
  | |>uid=bigbrother
  | |>uid=bigcow
  |
  |__ou=md
|
|
|>uid=freesec


● However, when i execute "ldapsearch" command  , the result as follow:

ldapsearch -W -x -h localhost -b "dc=ezplay,dc=tv" -D 
"uid=tester,dc=ezplay,dc=tv" '(&(objectclass=*)(uid=tester))'
version: 2

#
# filter: (&(objectclass=*)(uid=tester))
# requesting: ALL
# tester, ezplay, tv
dn: uid=tester,dc=ezplay,dc=tv
uid: tester
cn: tester
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJDddf5VU0YU5SJEQvQjRd3kFVdkppNTFQsdsISzl5WS8=
shadowLastChange: 12128
shadowMax: 9
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1008
gidNumber: 100
homeDirectory: /home/tester
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
^^
 i got a entry now... :-)



● My .htaccess as follow :

AuthName "For Student to login"
AuthLDAPUrl ldap://192.168.8.8/dc=ezplay,dc=tv?uid?
AuthType Basic


Order deny,allow
Deny from all
Allow from all
require user tester




● in /var/log/apache/error.log as following : 

[Mon Apr  7 15:31:27 2003] [error] [client 192.168.10.254] Search must return 
exactly 1 entry; found 0 entries for search (&(objectclass=*)(uid=tester)): URI 
/admin
[Mon Apr  7 15:31:28 2003] [error] [client 192.168.10.254] Search must return 
exactly 1 entry; found 0 entries for search (&(objectclass=*)(uid=tester)): URI 
/admin



● in /var/log/syslog :

Apr  7 15:50:03 backup slapd[17788]: conn=3 op=4 SRCH base="dc=ezplay,dc=tv" 
scope=2 filter="(&(objectClass=*)(uid=tester))"
Apr  7 15:50:03 backup slapd[17788]: conn=3 op=4 SEARCH RESULT tag=101 err=0 
text=
Apr  7 15:50:05 backup slapd[17789]: conn=7 op=2 SRCH base="dc=ezplay,dc=tv" 
scope=2 filter="(&(objectClass=*)(uid=tester))"
Apr  7 15:50:05 backup slapd[17789]: conn=7 op=2 SEARCH RESULT tag=101 err=0 
text=



==
Hello List :

i using .htaccess to restrict user to use web resource . 

However, i type correct username & password in box that the web browser pops up 
when i attempts to access resource in protected area.

i got error message 

● in /var/log/apache/error.log as following : 

[Mon Apr  7 15:31:27 2003] [error] [client 192.168.10.254] Search must return 
exactly 1 entry; found 0 entries for search (&(objectclass=*)(uid=tester)): URI 
/admin
[Mon Apr  7 15:31:28 2003] [error] [client 192.168.10.254] Search must return 
exactly 1 entry; found 0 entries for search (&(objectclass=*)(uid=tester)): URI 
/admin



● in /var/log/syslog :

Apr  7 15:50:03 backup slapd[17788]: conn=3 op=4 SRCH base="dc=ezplay,dc=tv" 
scope=2 filter="(&(objectClass=*)(uid=tester))"
Apr  7 15:50:03 backup slapd[17788]: conn=3 op=4 SEARCH RESULT tag=101 err=0 
text=
Apr  7 15:50:05 backup slapd[17789]: conn=7 op=2 SRCH base="dc=ezplay,dc=tv" 
scope=2 filter="(&(objectClass=*)(uid=tester))"
Apr  7 15:50:05 backup slapd[17789]: conn=7 op=2 SEARCH RESULT tag=101 err=0 
text=
Apr  7 15:50:07 backup slapd[17788]: conn=4 op=4 SRCH base="dc=ezplay,dc=tv" 
scope=2 filter="(&(objectClass=*)(uid=tester))"
Apr  7 15:50:07 backup slapd[17788]: conn=4 op=4 SEARCH RESULT tag=101 err=0 
text=
Apr  7 15:50:09 backup slapd[17789]: conn=5 op=5 SRCH base="dc=ezplay,dc=tv" 
scope=2 filter="(&(objectClass=*)(uid=tester))"

===

● My .htaccess as follow :

AuthName "For Student to login"
AuthLDAPUrl ldap://192.168.8.8/dc=ezplay,dc=tv?uid?
AuthType Basic


Order deny,allow
Deny from all
Allow from all
require user test




● However, when i execute "ldapsearch" command  , the result as follow:

backup:/var/www/admin# ldapsearch -x -h 192.168.8.8 -b dc=ezplay,dc=tv 
uid=tester
version: 2

#
# filter: uid=tester
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1





i am NO any idea to solve this problem,  and i have been tried to find out 
answer in MaillistUnfortunately,i didnt got answer about my problem

Please Help me.




-- 
Trust & Unique ...
axacheng <[EMAIL PROTECTED]>