Re: [vchkpw] vpopmail quota bugs
i use vpopmail 5.3.8 with pop3d quota supported and sqwebmail 3.3.4. i had moved the email from "sent" folder to inbox. i think vpopmail should treat it as normal incoming email in inbox. any idea? Chris - Original Message - From: "Tren Blackburn" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 24, 2002 1:14 PM Subject: RE: [vchkpw] vpopmail quota bugs Pop3 doesn't know anything about folders. It only knows about the inbox. Regards, Tren -Original Message- From: Chris [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 23, 2002 7:54 PM To: [EMAIL PROTECTED] Subject: [vchkpw] vpopmail quota bugs when i sent an email using sqwebmail it save a copy in my "sent" folder and i can see the quota report increase. i use sqwebmail move the sent email from "sent" folder to "inbox" and download and remove such email using Outlook Express. but there is no changes on the quota report. is there any patches available for this? or it's the sqwebmail problem? P.S. it's fine if we download and remove the normal incoming email. Chris
[vchkpw] Vpopmail - Qmail - pop3d
Hi I compiled qmail, vpopmail, checkpasswd, ucspi-tcp, daemontools form source. I follow 'lifewithqmail' as much as I can understand it. I also followed the Install-file of vpopmail and that says on line 203: env - PATH="/var/qmail/bin:/usr/local/bin" \ tcpserver -H -R 0 pop-3 \ /var/qmail/bin/qmail-popup your.domain.com \ /home-dir-of-vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir & This gives me on my maschine: ywesee@alphonse:~$ sudo env - PATH="/var/qmail/bin:/user/local/bin" tcpserver -H -R 0 pop-3 /var/qmail/bin/qmail-popup yweseelocal.com /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir & [1] 26822 ywesee@alphonse:~$ env: tcpserver: No such file or directory What do I have to do to make this work. Thanks for any help and hints. Zeno
RE: [vchkpw] Re: Delete bounced msg to postmaster?
> -Original Message- > From: Peter Palmreuther [mailto:lists@;pitpalme.de] > Sent: Sunday, 13 October 2002 6:46 AM > To: [EMAIL PROTECTED] > Subject: [vchkpw] Re: Delete bounced msg to postmaster? > > > Hello Neo, > > On Saturday, October 12, 2002 at 7:30:16 PM you wrote: > > > I read that but it still send to the postmaster of the domain... > > $> cat /var/qmail/control/doublebounceto > doublebounce > $> cat ~alias/.qmail-doublebounceto I think that line above have been : "cat ~alias/.qmail-doublebounce" ? > # > $> Michael.
Re: [vchkpw] Re: Delete bounced msg to postmaster?
Hi Michael, On Thu, 24 Oct 2002 17:37:08 +1000 "Michael Bowe" <[EMAIL PROTECTED]> wrote: >> $> cat /var/qmail/control/doublebounceto >> doublebounce >> $> cat ~alias/.qmail-doublebounceto > I think that line above have been : "cat ~alias/.qmail-doublebounce" ? Yes, you're correct. Wasn't copy/paste and my fingers were faster than the brain could stop them :-( -- Pit
Re: [vchkpw] Vpopmail - Qmail - pop3d
Hi Zeno, On Thu, 24 Oct 2002 09:36:39 +0200 Zeno Davatz <[EMAIL PROTECTED]> wrote: > I follow 'lifewithqmail' as much as I can understand it. I also > followed the Install-file of vpopmail and that says on line 203: > > env - PATH="/var/qmail/bin:/usr/local/bin" \ > tcpserver -H -R 0 pop-3 \ > /var/qmail/bin/qmail-popup your.domain.com \ > /home-dir-of-vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d > Maildir > & > > This gives me on my maschine: > ywesee@alphonse:~$ sudo env - PATH="/var/qmail/bin:/user/local/bin" > tcpserver -H -R 0 pop-3 /var/qmail/bin/qmail-popup yweseelocal.com > /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir & > [1] 26822 > ywesee@alphonse:~$ env: tcpserver: No such file or directory > > What do I have to do to make this work. Replace 'tcpserver' with the the complete path-call to tcpserver (maybe '/usr/local/bin/tcpserver'?) Counting the number problems you have with setting up a simple mail server and the simpleness of a lot of your problems (second time a path problem, IIRC) you should consider to engage somebody that is used to Linux and qmail stuff. Could be safer for your server if it is intended to run 24/7 in public access at a later time. -- Pit
Re: [vchkpw] vpopmail quota bugs
Are you sure they're not marked as Read, and maybe your POP email client is set to only download unread mail? Rick On Thu, 2002-10-24 at 02:12, Chris wrote: > > i use vpopmail 5.3.8 with pop3d quota supported and sqwebmail 3.3.4. i had > moved the email from "sent" folder to inbox. i think vpopmail should treat > it as normal incoming email in inbox. any idea? > > >Chris > > - Original Message - > From: "Tren Blackburn" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, October 24, 2002 1:14 PM > Subject: RE: [vchkpw] vpopmail quota bugs > > > Pop3 doesn't know anything about folders. It only knows about the > inbox. > > Regards, > > Tren > > -Original Message- > From: Chris [mailto:chris@;hkseek.com] > Sent: Wednesday, October 23, 2002 7:54 PM > To: [EMAIL PROTECTED] > Subject: [vchkpw] vpopmail quota bugs > > > > when i sent an email using sqwebmail it save a copy in my "sent" folder > and i can see the quota report increase. i use sqwebmail move the sent > email from "sent" folder to "inbox" and download and remove such email > using Outlook Express. but there is no changes on the quota report. is > there any patches available for this? or it's the sqwebmail problem? > > P.S. it's fine if we download and remove the normal incoming email. > > >Chris > > > > > > >
Re: [vchkpw] Vpopmail - Qmail - pop3d
On 24.10.2002 14:14 Uhr, "Peter Palmreuther" <[EMAIL PROTECTED]> wrote: > Replace 'tcpserver' with the the complete path-call to tcpserver (maybe > '/usr/local/bin/tcpserver'?) Thanks for the hint. > Counting the number problems you have with setting up a simple mail > server and the simpleness of a lot of your problems (second time a path > problem, IIRC) you should consider to engage somebody that is used to > Linux and qmail stuff. Could be safer for your server if it is intended > to run 24/7 in public access at a later time. Lets see - I believe I can manage. Have you never been a beginner? Zeno
Re: [vchkpw] Vpopmail - Qmail - pop3d
Hi Zeno, On Thu, 24 Oct 2002 14:27:50 +0200 Zeno Davatz <[EMAIL PROTECTED]> wrote: >> Counting the number problems you have with setting up a simple mail >> server and the simpleness of a lot of your problems (second time a >> path problem, IIRC) you should consider to engage somebody that is >> used to Linux and qmail stuff. Could be safer for your server if it >> is intended to run 24/7 in public access at a later time. > Lets see - I believe I can manage. > > Have you never been a beginner? I have been. But 'til I managed this stuff safely I did not intend to install a server that's accessible from outside my LAN for obvious reasons: If I had overlooked only a small detail I could have been in big trouble. And a vpopmail installation is not the 'usual stuff' for a small LAN server not accessible from public; simply because _somewhere_ the mails have to come from. -- Pit
Re: [vchkpw] Vpopmail - Qmail - pop3d
On 24.10.2002 15:23 Uhr, "Peter Palmreuther" <[EMAIL PROTECTED]> wrote: > Hi Zeno, > > On Thu, 24 Oct 2002 14:27:50 +0200 > Zeno Davatz <[EMAIL PROTECTED]> wrote: > >>> Counting the number problems you have with setting up a simple mail >>> server and the simpleness of a lot of your problems (second time a >>> path problem, IIRC) you should consider to engage somebody that is >>> used to Linux and qmail stuff. Could be safer for your server if it >>> is intended to run 24/7 in public access at a later time. > >> Lets see - I believe I can manage. >> >> Have you never been a beginner? > > I have been. But 'til I managed this stuff safely I did not intend to > install a server that's accessible from outside my LAN for obvious > reasons: If I had overlooked only a small detail I could have been in > big trouble. > > And a vpopmail installation is not the 'usual stuff' for a small LAN > server not accessible from public; simply because _somewhere_ the mails > have to come from. I agree with you. That is why I am still testing on my LAN environment. I also would never only test vpopmail online. I also want to test that first locally. And till then I will still have _a_lot_of beginner questions - I guess. Thanks for helping in the meantime. Zeno
[vchkpw] vpopbull Question
Greetings, I'm trying to use vpopbull to broadcast a message to all my users. Drive space is critical and I'd like to use the -h flag to softlink the file containing the message, but it looks hoaky. Does it work??? Also, whenever I do "./vpopbull -vn mydomain.net" from the /home/vpopmail/bin dir I only get a version number returned to me Shouldn't I be getting a verbose list with all the user email addresses instead? Is this the right way to do this, or should I be using/doing something else... Here's a copy of the man page for vpopbull for your reference convience! ;-) NAME vpopbull - post a message to virtual domain users SYNOPSYS vpopbull [-f filename ] [-e exclude email addresses file] [-v] [-n] [-c] [-h] [-s] [virtual domain ...] DESCRIPTION Post a message to virtual domain users OPTIONS [-f filename] File containing the email message to be posted. [-e exclude email addresses file] File containing a list of email addresses to exclude from posting. [-v] Verbose mode. Prints out each email address it is sending to. [-n] Don't actuall mail it. using -v and -n can be used to list out all virtual domain email accounts. [-c] Default, copy message to users directory. [-h] Make a hard link from email file to virtual users directory. Email file must be on the same physical device as the virtual users directories. This will save disk space. [-s] Make a soft link from the email file to the virutal users directory. This will save on disk space but will not remove the file when all users read it. If the original file is deleted, users will not be able to read the message. [virtual domain ... ] List of domains to send the message to. If this is not supplied then the message is sent to all virtual domains.
Re: [vchkpw] vpopbull Question
Don´t know about the symlink. About the vpopbull -vn you shoud use "./vpopbull -v -n mydomain.net" This how it works for me. Salu2 Andres At 09:11 24/10/2002 -0500, Michael Funk wrote: Greetings, I'm trying to use vpopbull to broadcast a message to all my users. Drive space is critical and I'd like to use the -h flag to softlink the file containing the message, but it looks hoaky. Does it work??? Also, whenever I do "./vpopbull -vn mydomain.net" from the /home/vpopmail/bin dir I only get a version number returned to me Shouldn't I be getting a verbose list with all the user email addresses instead? Is this the right way to do this, or should I be using/doing something else... Here's a copy of the man page for vpopbull for your reference convience! ; -) NAME vpopbull - post a message to virtual domain users SYNOPSYS vpopbull [-f filename ] [-e exclude email addresses file] [-v] [-n] [-c] [-h] [-s] [virtual domain ...] DESCRIPTION Post a message to virtual domain users OPTIONS [-f filename] File containing the email message to be posted. [-e exclude email addresses file] File containing a list of email addresses to exclude from posting. [-v] Verbose mode. Prints out each email address it is sending to. [-n] Don't actuall mail it. using -v and -n can be used to list out all virtual domain email accounts. [-c] Default, copy message to users directory. [-h] Make a hard link from email file to virtual users directory. Email file must be on the same physical device as the virtual users directories. This will save disk space. [-s] Make a soft link from the email file to the virutal users directory. This will save on disk space but will not remove the file when all users read it. If the original file is deleted, users will not be able to read the message. [virtual domain ... ] List of domains to send the message to. If this is not supplied then the message is sent to all virtual domains.
RE: [vchkpw] vqadmin problem
Does the permission denied error come from apache or vqadmin? Tail your apache error log and see what it says. -Clayton -Original Message- From: zafar [mailto:zafar_f3@;my.web.pk] Sent: Wednesday, October 23, 2002 11:34 PM To: [EMAIL PROTECTED] Subject: [vchkpw] vqadmin problem hello all i am install the vqadmin on redhat. i successfully install it but when i add any domain or view any domain it give me error of permission denied . i can't understand what kind of permission he required. i give full apache permission but it can't working fine. help required with regards.
Re: [vchkpw] Vpopmail Debian
On 24.10.2002 3:14 Uhr, "Iain" <[EMAIL PROTECTED]> wrote: > Try my up to date debian vpopmail packages here: > > http://linux.myspinach.org/debian \snip David Phillips <[EMAIL PROTECTED]> * Change the run script for qmail-smtpd (/service/qmail-smtpd/run) to use vpopmail. The tcp.smtp.cdb file needs to point to the one in the vpopmail home directory (ex. /home/vpopmail/etc/tcp.smtp.cdb). This step makes POP-before-SMTP work. /snip There is no such file if I install your package. Thanks for help and hints. Zeno > On Wed, 23 Oct 2002 02:10, Zeno Davatz wrote: >> Hi >> >> I'm a Debian user and installed Vpopmail >> vpopmail-bin 4.9.9-1 >> >> And all the other Debian packages that depend on this version. >> >> I done vadddomain and vadduser >> >> When I try to login with my UN and PW my syslog tells me: >> Oct 22 17:54:09 alphonse vpopmail[31832]: vchkpw: password fail >> [EMAIL PROTECTED]:192.168.0.71 >> >> >> Also my TOP tells me: >> 28280 root 20 0 792 792 488 R15.8 0.3 5:49 vchkpw >> 24769 root 20 0 564 564 432 R15.1 0.2 19:49 clearopensmtp >> 28390 root 20 0 576 576 444 R15.1 0.2 5:36 clearopensmtp >> 28556 root 20 0 804 804 492 R15.1 0.3 5:23 vchkpw >> 32047 root 20 0 576 576 444 R15.1 0.2 1:56 clearopensmtp >> 32107 root 20 0 804 804 492 R15.1 0.3 1:54 vchkpw >> >> There goes my CPU power - if I let the server run all night it will >> eventually crash as the processes start doubling themselves. >> >> 1. Why can't I log in >> 2. Why does clearopensmtp and vchkpw eat all my processing power. >> >> Thanks for any help and hints. >> >> Zeno > > -- Mit freundlichen Grüssen / best regards Zeno Davatz Strategie & Akquisition +41 1 350 85 86 www.ywesee.com > intellectual capital connected > www.generika.cc
[vchkpw] temporarily disable delivery & retrieval for a domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am trying to do a migration to some new hardware over NFS, however the details aren't that important. Basically I need to know if there is a way to temporarily disable delivery and retrieval for a domain for a short amount of time. I read someplace that for normal users, you can set the sticky bit on the home directory to disable delivery. And I know that qmailadmin and vpopmail provide for a way to turn off POP3 and/or IMAP access on a per-domain basis. Does anyone know: 1) if there is a comparable way to defer delivery for a virtual domain, similar to setting the sticky bit on a home directory 2) if there is a certain file that I can place in a domain to disable retrieval (i.e. what does qmailadmin do to turn this on?) Thanks for any and all info. - -- [!] Justin R. Miller <[EMAIL PROTECTED]> Encrypted email preferred (key 0xC9C40C31) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (FreeBSD) iD8DBQE9uFgY94d6K8nEDDERAh3qAJ9xFSIh+rmBwd9/PCHzH3NfaSfe5wCglkpN u1z4pJ4fIY58fM0yKwJKSro= =kQNp -END PGP SIGNATURE-
RE: [vchkpw] smtp-auth
On Thu, 2002-10-24 at 11:10, Clayton Weise wrote: > Just stick your hostname in place of the IP address. I don't think an IP > will work.. I've never tried it though ;). Hrm, well, this is quite strange. It's taking the IP from which I'm trying to send the mail and putting that in place of the hostname of the domain that I'm trying to send from, which of course fails. For example, I'm trying to send an email to my personal email address from through that box but it's taking the internal IP of the machine that I'm sending it from: --- Oct 24 11:58:14 kareem vpopmail[337]: vchkpw: vpopmail user not found testuser@:10.1.2.101 --- So my workstation has an IP of 10.1.2.101, but I'm trying to send the email to my real email address using the account of '[EMAIL PROTECTED]'. This is vpopmail 5.2.1 -- I don't know if it has issues or not, but I've never heard of or seen this before. Thanks again, Bill
Re: [vchkpw] Vpopmail Debian
First of all: THANKS for the great advice. Took me some steps further. On 24.10.2002 2:06 Uhr, "David Phillips" <[EMAIL PROTECTED]> wrote: > * Allow incoming connections to pop3d. By default, it does not allow any > connections. There is an add-client script in > /var/qmail/service/qmail-pop3d that can be used. To simply allow > connections from everywhere, create an empty tcp file and run the Makefile. > You will need to run the Makefile after using add-client. Sorry, can you be a bit more specific here - I am a Newbie. > * Restart all of the services: > > svc -t /service/qmail-* When I restart my services I get: svc: warning: unable to chdir to /service/qmail-pop3d: file does not exist A ywesee@alphonse:/service$ sudo find / -name qmail-pop3d Gives me: /usr/sbin/qmail-pop3d /usr/src/q/qmail-1.03/qmail-pop3d /var/qmail/bin/qmail-pop3d find: /proc/11060/fd: No such file or directory /service/qmail-pop3d What did I do wrong? Thanks for your time and help. Zeno
RE: [vchkpw] smtp-auth
On Thu, 2002-10-24 at 10:17, Clayton Weise wrote: > Yes, that's what I was referring to. The FQDN is there only for MD5-CRAM if > my memory serves correct. It is not actually used in any way for > authenticating the username. It's there for a challenge-response system. > The fact that it's missing from your startup would be why it wouldn't work > (or, work for any username/password combination in that case). Hrm, well, I'm presuming that in place of the FQDN, you can simply put in an IP address? This box is just in the testing phase so I've put the IP in for the host name. But now, rather than accept anything, it's refusing everything. I know the passwd that I'm testing with is good (I can verify it in my ~vpopmail/domains//vpasswd file), but it's just not giving me any love. The non-informative Evolution error message doesn't help at all either, so upon sniffing the network, I can see I'm getting a "535 authorization failed (#5.7.0)" error. Anyone have ideas on this one? Could it possibly that that whatever's trying to access ~vpopmail/bin/vchkpw isn't able to due to permission problems? Hmmm... Thanks again, Bill
Re: [vchkpw] Re: smtp-auth
Hi John, version 5.2.1 no extra compile option. TIA,Paulo Henrique Quoting John Johnson ([EMAIL PROTECTED]): > Paulo Henrique Baptista de Oliveira writes: > > > Hi all, > > I installed qmail smtp-remote-auth patch. It works well for outlook > > client but with eudora it fails. What I can do to fix this? > > TIA,Paulo Henrique > > What version of vpopmail are you running and what are your > compile options? > > -John >
[vchkpw] Re: smtp-auth
Paulo Henrique Baptista de Oliveira writes: Hi all, I installed qmail smtp-remote-auth patch. It works well for outlook client but with eudora it fails. What I can do to fix this? TIA, Paulo Henrique What version of vpopmail are you running and what are your compile options? -John
Re: [vchkpw] smtp-auth
Hi all, I installed qmail smtp-remote-auth patch. It works well for outlook client but with eudora it fails. What I can do to fix this? TIA,Paulo Henrique Quoting [EMAIL PROTECTED] ([EMAIL PROTECTED]): > On Wed, 2002-10-23 at 08:30, Clayton Weise wrote: > > How do you startup qmail-smtpd? > > Hi Clayton, thanks for the reply. > > Tunc Gunergun noted that this behaviour is symptomatic of running > qmail-smtpd without a hostname after it. Is that what you were > thinking? But how does this effect the other vpopmail domains on that > box if at all? I'll post my smtpd 'run' below (sorry for the poor > formatting): > > --- > #!/bin/sh > . /usr/share/qmail/run-functions > > # If rblsmtpd is installed, process rbltimeout rbldomains, and > antirbldomains > if [ -x /usr/bin/rblsmtpd ]; then > readdefault domains antirbldomains "" > for domain in $domains; do > rblopts="$rblopts -a $domain" > done > readdefault domains rbldomains "" > for domain in $domains; do > rblopts="$rblopts -r $domain" > done > readdefault timeout rbltimeout 60 > if [ -n "$rblopts" ]; then > rbl="/usr/bin/rblsmtpd -t $timeout $rblopts" > fi > fi > > # Start daemons. > readdefault concurrency concurrencysmtpd 20 > readdefault ulimitdata ulimitdata 200 > > exec \ > softlimit -m $ulimitdata \ > envuidgid qmaild \ > tcpserver -DRUvX -c "$concurrency" -l "`head -1 /var/qmail/control/me`" > \ > -x /etc/tcpcontrol/smtp.cdb 0 smtp \ > fixcrio $rbl qmail-smtpd /usr/local/vpopmail/bin/vchkpw /bin/true > --- > > Thanks again for the reply, > > Bill > >
RE: [vchkpw] smtp-auth
On Wed, 2002-10-23 at 08:30, Clayton Weise wrote: > How do you startup qmail-smtpd? Hi Clayton, thanks for the reply. Tunc Gunergun noted that this behaviour is symptomatic of running qmail-smtpd without a hostname after it. Is that what you were thinking? But how does this effect the other vpopmail domains on that box if at all? I'll post my smtpd 'run' below (sorry for the poor formatting): --- #!/bin/sh . /usr/share/qmail/run-functions # If rblsmtpd is installed, process rbltimeout rbldomains, and antirbldomains if [ -x /usr/bin/rblsmtpd ]; then readdefault domains antirbldomains "" for domain in $domains; do rblopts="$rblopts -a $domain" done readdefault domains rbldomains "" for domain in $domains; do rblopts="$rblopts -r $domain" done readdefault timeout rbltimeout 60 if [ -n "$rblopts" ]; then rbl="/usr/bin/rblsmtpd -t $timeout $rblopts" fi fi # Start daemons. readdefault concurrency concurrencysmtpd 20 readdefault ulimitdata ulimitdata 200 exec \ softlimit -m $ulimitdata \ envuidgid qmaild \ tcpserver -DRUvX -c "$concurrency" -l "`head -1 /var/qmail/control/me`" \ -x /etc/tcpcontrol/smtp.cdb 0 smtp \ fixcrio $rbl qmail-smtpd /usr/local/vpopmail/bin/vchkpw /bin/true --- Thanks again for the reply, Bill
[vchkpw] Re: qmailadmin-limits update
I am not a programmer but from what I can see this
looks like a clean and very efective way to do the
qmailadmin-limits. If you try to bloat things down
for something that MIGHT be added or changed then
we really will not have things really planned, they
will be half planned and still open waiting for the
stuff people might want to add to the tables. I say
we go with this, lock it down and make it happen and
deal with tomarrow when tomarrow happens as far as the
tables.
-John
Brian Kolaci writes:
I've done some thinking about the many suggestions about handling
the limits and wanted to summarize some of the pros & cons.
First was whether to use a generic approach that had a
table with domain, name, value which has a row for each
parameter, or to use a single row will all values per domain.
The pros:
- allows extensability - we can easily add new attributes with a new row
The cons:
- consumes more space - there's overhead of N-1 times the size of
the domainname, plus N times the size of the option name, plus
overhead for the value to be able to hold the largest possible value
even for smaller items.
- updates not atomic - there would have to be N update statements to
change a value. We would have to encapsulate the updates within a
transaction.
- performance - there would be more data going back and forth to/from
the sql server. We would also have to store all data as strings in
the database and do conversions. When we perform updates, there would
have to be N updates sent to the server, which is N round trips plus
the transaction overhead.
At first when I saw the suggestion I thought it was a great idea,
however after thinking it over, I believe performance and reliability
would suffer just to save an "alter table" if/when the schema needs to
be extended.
That being said, I'll continue down the path of a single row per domain,
however if others have arguments to the contrary, please speak up.
The schema needs to be adjusted to accomodate all the requests I've seen.
Both the C structure and the database schema needs to change.
I've read the Maildir++ quotas and understand that the concept of a
"Maildir quota" encapsulates both a maximum size and maximum message count.
It appears to be just a string that contains "#S,#C", which combines
the Size and the Count into one string, where the #C is optional. I
personally would want them separated as two values, since you can't do
much with the combined string but pass it around. To actually use it,
you need to split them up with a parser and convert them to numbers.
I think the API should keep them as numbers in the structure in C. Its
easy enough to combine them with a snprintf(), but more work to parse
them out to actually use/enforce them. How they're stored in the database
and/or file doesn't really matter (but should be discussed). I believe
they were combined due to the old hack to put the quota value into
the "shell" field of a password record. Being that we're in new
territory here, we don't even have the concept of message count in
.qmailadmin-limits files or the database, so adding a field/column
for the "default per-user message count" or "per-domain message count"
shouldn't be an issue, and would even keep the old fileformat backward
compatible. In fact, it appears the vqpasswd structure has already
been amended to add a "clear password", so why wasn't it just updated
to add fields for "storage quota" and "max message count" ? Wouldn't
that be cleaner? Sorry for going off topic... I'll stick to the subject
now.
So my suggestion would be to store 4 "quota type" fields to handle
storage/message count for per-domain/per-user. Any comments?
Here's what I would see as a new C structure:
/*
* permissions for non-postmaster admins
*/
#define VLIMIT_DISABLE_CREATE 0x01
#define VLIMIT_DISABLE_MODIFY 0x02
#define VLIMIT_DISABLE_DELETE 0x04
struct vlimits {
int maxpopaccounts;
int maxaliases;
int maxforwards;
int maxautoresponders;
int maxmailinglists;
int diskquota;
int maxmsgcount;
int defaultquota;
int defaultmaxmsgcount;
/* the following are 0 (false) or 1 (true) */
short disable_pop;
short disable_imap;
short disable_dialup;
short disable_passwordchanging;
short disable_webmail;
short disable_relay;
short disable_smtp;
/* the following permissions are for non-postmaster admins */
short perm_account;
short perm_alias;
short perm_forward;
short perm_autoresponder;
short perm_maillist;
short perm_maillist_users;
short perm_maillist_moderators;
short perm_quota;
short perm_defaultquota;
};
We need to patch qmailadmin to create another "AdminType"
to distinguish between "postmaster" and user admins. The
per
[vchkpw] qmailadmin-limits update
I've done some thinking about the many suggestions about handling
the limits and wanted to summarize some of the pros & cons.
First was whether to use a generic approach that had a
table with domain, name, value which has a row for each
parameter, or to use a single row will all values per domain.
The pros:
- allows extensability - we can easily add new attributes with a new row
The cons:
- consumes more space - there's overhead of N-1 times the size of
the domainname, plus N times the size of the option name, plus
overhead for the value to be able to hold the largest possible value
even for smaller items.
- updates not atomic - there would have to be N update statements to
change a value. We would have to encapsulate the updates within a
transaction.
- performance - there would be more data going back and forth to/from
the sql server. We would also have to store all data as strings in
the database and do conversions. When we perform updates, there would
have to be N updates sent to the server, which is N round trips plus
the transaction overhead.
At first when I saw the suggestion I thought it was a great idea,
however after thinking it over, I believe performance and reliability
would suffer just to save an "alter table" if/when the schema needs to
be extended.
That being said, I'll continue down the path of a single row per domain,
however if others have arguments to the contrary, please speak up.
The schema needs to be adjusted to accomodate all the requests I've seen.
Both the C structure and the database schema needs to change.
I've read the Maildir++ quotas and understand that the concept of a
"Maildir quota" encapsulates both a maximum size and maximum message count.
It appears to be just a string that contains "#S,#C", which combines
the Size and the Count into one string, where the #C is optional. I
personally would want them separated as two values, since you can't do
much with the combined string but pass it around. To actually use it,
you need to split them up with a parser and convert them to numbers.
I think the API should keep them as numbers in the structure in C. Its
easy enough to combine them with a snprintf(), but more work to parse
them out to actually use/enforce them. How they're stored in the database
and/or file doesn't really matter (but should be discussed). I believe
they were combined due to the old hack to put the quota value into
the "shell" field of a password record. Being that we're in new
territory here, we don't even have the concept of message count in
.qmailadmin-limits files or the database, so adding a field/column
for the "default per-user message count" or "per-domain message count"
shouldn't be an issue, and would even keep the old fileformat backward
compatible. In fact, it appears the vqpasswd structure has already
been amended to add a "clear password", so why wasn't it just updated
to add fields for "storage quota" and "max message count" ? Wouldn't
that be cleaner? Sorry for going off topic... I'll stick to the subject
now.
So my suggestion would be to store 4 "quota type" fields to handle
storage/message count for per-domain/per-user. Any comments?
Here's what I would see as a new C structure:
/*
* permissions for non-postmaster admins
*/
#define VLIMIT_DISABLE_CREATE 0x01
#define VLIMIT_DISABLE_MODIFY 0x02
#define VLIMIT_DISABLE_DELETE 0x04
struct vlimits {
int maxpopaccounts;
int maxaliases;
int maxforwards;
int maxautoresponders;
int maxmailinglists;
int diskquota;
int maxmsgcount;
int defaultquota;
int defaultmaxmsgcount;
/* the following are 0 (false) or 1 (true) */
short disable_pop;
short disable_imap;
short disable_dialup;
short disable_passwordchanging;
short disable_webmail;
short disable_relay;
short disable_smtp;
/* the following permissions are for non-postmaster admins */
short perm_account;
short perm_alias;
short perm_forward;
short perm_autoresponder;
short perm_maillist;
short perm_maillist_users;
short perm_maillist_moderators;
short perm_quota;
short perm_defaultquota;
};
We need to patch qmailadmin to create another "AdminType"
to distinguish between "postmaster" and user admins. The
perm_??? items would have the VLIMIT_DISABLE_xxx masks
applied to them.
I'm sure there are other ways to handle this, such as
consolidate the maillist permissions to a single item
and add more bit flags to handle users & moderators.
But this can be done in the API function before it hits
the file or database.
And here's what I would see as a new database schema:
create table vlimits (
domain CHAR(64) PRIMARY KEY,
maxpopaccounts INT(10) NOT NULL DEFAULT -1,
maxaliases
Re: [vchkpw] Re: smtp-auth
Probably you use OpenSSL 0.9.6e, at least, and Eudora has problems talking
TLS with new versions of OpenSSL (it talks with 0.9.6c, that has security
holes).
You must add this (+) line in qmail-smtpd.c:
void smtp_tls(arg) char *arg;
{
SSL_CTX *ctx;
if (*arg)
{out("501 Syntax error (no parameters allowed) (#5.5.4)\r\n");
return;}
SSL_library_init();
if(!(ctx=SSL_CTX_new(SSLv23_server_method(
{out("454 TLS not available: unable to initialize ctx (#4.3.0)\r\n");
return;}
+ SSL_CTX_set_options(ctx,SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
if(!SSL_CTX_use_RSAPrivateKey_file(ctx, "control/servercert.pem",
SSL_FILETYPE_PEM))
{out("454 TLS not available: missing RSA private key (#4.3.0)\r\n");
return;}
This turns off something in SSL protocol (I trust who told me it's safe
anyway) that Eudora does not handle.
Tonino
At 24/10/02 24/10/02 -0700, John Johnson wrote:
Paulo Henrique Baptista de Oliveira writes:
Hi all,
I installed qmail smtp-remote-auth patch. It works well for outlook
client but with eudora it fails. What I can do to fix this?
TIA,Paulo Henrique
What version of vpopmail are you running and what are your
compile options?
-John
Inter@zioniInterazioni di Antonio Nati
http://www.interazioni.it [EMAIL PROTECTED]
RE: [vchkpw] smtp-auth
Yes, that's what I was referring to. The FQDN is there only for MD5-CRAM if my memory serves correct. It is not actually used in any way for authenticating the username. It's there for a challenge-response system. The fact that it's missing from your startup would be why it wouldn't work (or, work for any username/password combination in that case). -Clayton p.s. Stop replying to all, I'm subscribed to the list already, I don't need 6 copies of the same email. -Original Message- From: [EMAIL PROTECTED] [mailto:vpopmail@;gory.org] Sent: Thursday, October 24, 2002 9:08 AM To: Clayton Weise Cc: [EMAIL PROTECTED] Subject: RE: [vchkpw] smtp-auth On Wed, 2002-10-23 at 08:30, Clayton Weise wrote: > How do you startup qmail-smtpd? Hi Clayton, thanks for the reply. Tunc Gunergun noted that this behaviour is symptomatic of running qmail-smtpd without a hostname after it. Is that what you were thinking? But how does this effect the other vpopmail domains on that box if at all? I'll post my smtpd 'run' below (sorry for the poor formatting): --- #!/bin/sh . /usr/share/qmail/run-functions # If rblsmtpd is installed, process rbltimeout rbldomains, and antirbldomains if [ -x /usr/bin/rblsmtpd ]; then readdefault domains antirbldomains "" for domain in $domains; do rblopts="$rblopts -a $domain" done readdefault domains rbldomains "" for domain in $domains; do rblopts="$rblopts -r $domain" done readdefault timeout rbltimeout 60 if [ -n "$rblopts" ]; then rbl="/usr/bin/rblsmtpd -t $timeout $rblopts" fi fi # Start daemons. readdefault concurrency concurrencysmtpd 20 readdefault ulimitdata ulimitdata 200 exec \ softlimit -m $ulimitdata \ envuidgid qmaild \ tcpserver -DRUvX -c "$concurrency" -l "`head -1 /var/qmail/control/me`" \ -x /etc/tcpcontrol/smtp.cdb 0 smtp \ fixcrio $rbl qmail-smtpd /usr/local/vpopmail/bin/vchkpw /bin/true --- Thanks again for the reply, Bill
Re: [vchkpw] Vpopmail Debian
On 24.10.2002 2:06 Uhr, "David Phillips" <[EMAIL PROTECTED]> wrote: > * Install vpopmail from source. The Debian packages are pretty old and seem > to be buggy, at least the last time I tried. I done this... > * Change the run script for qmail-smtpd (/service/qmail-smtpd/run) to use > vpopmail. The tcp.smtp.cdb file needs to point to the one in the vpopmail > home directory (ex. /home/vpopmail/etc/tcp.smtp.cdb). This step makes > POP-before-SMTP work. But can not find the tcp.smtp.cdb anywhere in my vpopmail directory. Thanks for any help and hints. Zeno
[vchkpw] IP Domains and Courier IMAP
Hi All, Does anyone have IP Domains (ie just user instead of user@domain) and courier-imap working together with any version of vpopmail and courier-imap? I think from my testing that it's just plain broken, but I'd like to hear if any does have it working. Oh, forgot to mention, using couriertcpd to launch imapdlogin, not using tcpserver. tcpserver works but it doesn't drop from root to the localuser. Regards, Rick
[vchkpw] creating vpasswd from vpasswd.cdb
Does anyone have a util to create a vpasswd file from a vpasswd.cdb file? I couldn't find anything in the archives or in the bin dir to do this. I don't know if it is fixed in the devel versions but all previous versions seem to have an issue with zeroing out the vpasswd file when the disk is full or nearly full. I've not had time to track down the issue but I would imagine that programs that work on the file need to check for free disk space before re-writing the file (or create a vpassword.temp and then mv it into place after the file is complete). Hope this helps. If anyone has a script to generate vpasswd I am in desperate need of it :) Thanks! __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/
Re: [vchkpw] creating vpasswd from vpasswd.cdb
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Said Bryce C on Thu, Oct 24, 2002 at 01:50:13PM -0700: > Does anyone have a util to create a vpasswd file from a vpasswd.cdb > file? I think that cdbtools comes with a cdbdump. - -- [!] Justin R. Miller <[EMAIL PROTECTED]> Encrypted email preferred (key 0xC9C40C31) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (FreeBSD) iD8DBQE9uGJi94d6K8nEDDERAnutAKCOzOj1B7VV69VXLNp/+3MVC2Cn8ACbBmpx Gt/8T2SSJ7nDCqbmxKr7ru0= =CHqR -END PGP SIGNATURE-
Re: [vchkpw] creating vpasswd from vpasswd.cdb
--- "Justin R. Miller" <[EMAIL PROTECTED]> wrote: > > I think that cdbtools comes with a cdbdump. > Any location for that? google is revealing much. Also, does anyone know if bin/vconvert is supposed to be able to do this? Nothing I've tried has worked :( I'm using 5.2 by the way. Thanks All! __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/
Re: [vchkpw] creating vpasswd from vpasswd.cdb
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Said Bryce C on Thu, Oct 24, 2002 at 02:16:37PM -0700: > Any location for that? google is revealing much. http://cr.yp.to/cdb.html - -- [!] Justin R. Miller <[EMAIL PROTECTED]> Encrypted email preferred (key 0xC9C40C31) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (FreeBSD) iD8DBQE9uGTs94d6K8nEDDERAoveAJ9p9By9rRkvs/ldTFR+sXa9isotlACfb7eL PlsDsPOmtVVLaKY5xxttFlk= =kjxE -END PGP SIGNATURE-
[vchkpw] Vpopmail Exploits on Bugtraq
Have the remote exploits that came out on BugTraq today been addressed at all? Here are the links: http://online.securityfocus.com/archive/1/297002/2002-10-21/2002-10-27/0 http://online.securityfocus.com/archive/1/297021/2002-10-21/2002-10-27/0 _ Get faster connections -- switch to MSN Internet Access! http://resourcecenter.msn.com/access/plans/default.asp
Re: [vchkpw] Vpopmail Exploits on Bugtraq
Read the articles from beginning to end, and you'll find the answer. Note - it's not an exploit in vpopmail. At 02:33 PM 10/24/2002, K a z wrote: Have the remote exploits that came out on BugTraq today been addressed at all? Here are the links: http://online.securityfocus.com/archive/1/297002/2002-10-21/2002-10-27/0 http://online.securityfocus.com/archive/1/297021/2002-10-21/2002-10-27/0 _ Get faster connections -- switch to MSN Internet Access! http://resourcecenter.msn.com/access/plans/default.asp Paul Theodoropoulos http://www.anastrophe.com http://folding.stanford.edu The Nicest Misanthrope on the Net
Re: [vchkpw] Vpopmail Exploits on Bugtraq
Hi, How do these relate to vpopmail itself? The vpopmail-CGIApps is the program with the exploit. Regards, Rick - Original Message - From: "K a z" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 24, 2002 5:33 PM Subject: [vchkpw] Vpopmail Exploits on Bugtraq Have the remote exploits that came out on BugTraq today been addressed at all? Here are the links: http://online.securityfocus.com/archive/1/297002/2002-10-21/2002-10-27/0 http://online.securityfocus.com/archive/1/297021/2002-10-21/2002-10-27/0 _ Get faster connections -- switch to MSN Internet Access! http://resourcecenter.msn.com/access/plans/default.asp
Re: [vchkpw] IP Domains and Courier IMAP
On Thursday, October 24, 2002, at 01:54 PM, Rick Macdougall wrote: Hi All, Does anyone have IP Domains (ie just user instead of user@domain) and courier-imap working together with any version of vpopmail and courier-imap? I think from my testing that it's just plain broken, but I'd like to hear if any does have it working. Oh, forgot to mention, using couriertcpd to launch imapdlogin, not using tcpserver. tcpserver works but it doesn't drop from root to the localuser. I don't see any ip alias domains support in http://www.inter7.com/vpopmail/preauthvchkpw.c. That's probably why it doesn't work. ; ) You could add it pretty easily... just use vchkpw.c as an example. Bill
Re: [vchkpw] IP Domains and Courier IMAP
Hi Bill, Original response below, but one question... Why does it work when using tcpserver (but I'll still take a look a preauthvchkpw.c) ie tcpserver -R -t 2 -g 89 -u 89 0 110 /usr/lib/courier-imap/sbin/pop3login \ /usr/lib/courier-imap/libexec/authlib/authvchkpw /usr/lib/courier-imap/bin/pop3d Maildir Thanks for the response. It feels so good when I stop banging my head. Not much of a C programmer anymore, but I'll whip out my old books and see what I can do in the next couple of hours. Thanks again for the response, that helps greatly. Regards, Rick - Original Message - From: "Bill Shupp" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 24, 2002 6:16 PM Subject: Re: [vchkpw] IP Domains and Courier IMAP On Thursday, October 24, 2002, at 01:54 PM, Rick Macdougall wrote: > Hi All, > > Does anyone have IP Domains (ie just user instead of user@domain) and > courier-imap working together with any version of vpopmail and > courier-imap? > I think from my testing that it's just plain broken, but I'd like to > hear if > any does have it working. > > Oh, forgot to mention, using couriertcpd to launch imapdlogin, not > using > tcpserver. tcpserver works but it doesn't drop from root to the > localuser. I don't see any ip alias domains support in http://www.inter7.com/vpopmail/preauthvchkpw.c. That's probably why it doesn't work. ; ) You could add it pretty easily... just use vchkpw.c as an example. Bill
Re: [vchkpw] IP Domains and Courier IMAP
On Thursday, October 24, 2002, at 03:27 PM, Rick Macdougall wrote: Hi Bill, Original response below, but one question... Why does it work when using tcpserver (but I'll still take a look a preauthvchkpw.c) ie tcpserver -R -t 2 -g 89 -u 89 0 110 /usr/lib/courier-imap/sbin/pop3login \ /usr/lib/courier-imap/libexec/authlib/authvchkpw /usr/lib/courier-imap/bin/pop3d Maildir Thanks for the response. It feels so good when I stop banging my head. Not much of a C programmer anymore, but I'll whip out my old books and see what I can do in the next couple of hours. Thanks again for the response, that helps greatly. Regards, Rick Well, I spoke too quickly. I'm looking at it now, and it looks like that occurs in vauth_getpw(), so it should work. (note to self: check answer BEFORE hitting send). I'm going to run some tests, but my hunch is that it may be related to getting the IP from couriertcpd. I'll post my findings shortlly. Regards, Bill Shupp
Re: [vchkpw] Re: smtp-auth
At 1:46 PM -0200 10/24/02, Paulo Henrique Baptista de Oliveira wrote: Hi John, version 5.2.1 no extra compile option. TIA, Paulo Henrique Somebody flame me if I'm wrong, but IIRC vpopmail 5.2.1 will not work with SMTP-AUTH & Eudora. Eudora requires CRAM-MD5, so vpopmail 5.3.6 looks like the minimum version for your requirements. (5.3.9 is up on the dev page, 5.3.11 is the most current that I know of, 5.3.6 is probably long gone.) HTH, -Kit Quoting John Johnson ([EMAIL PROTECTED]): Paulo Henrique Baptista de Oliveira writes: > Hi all, > I installed qmail smtp-remote-auth patch. It works well for outlook > client but with eudora it fails. What I can do to fix this? > TIA, Paulo Henrique What version of vpopmail are you running and what are your compile options? -John -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin "...qui desiderat pacem, praeparet bellum" (...if you would have peace, be prepared for war) -Flavius Vegetius Renatus
Re: [vchkpw] temporarily disable delivery & retrieval for a domain
Hi, On Thursday 24 October 2002 22:29, you wrote: [snip] > 1) if there is a comparable way to defer delivery for a virtual domain, > similar to setting the sticky bit on a home directory How about a .qmail-default like this?: |exit 111 - That would make the mail-delivery fail temporarily (afaik), and qmail would try again later. /Anders
Re: [vchkpw] Re: smtp-auth
On Thu, 2002-10-24 at 15:35, Kit Halsted wrote: > > Somebody flame me if I'm wrong, but IIRC vpopmail 5.2.1 will not work > with SMTP-AUTH & Eudora. Eudora requires CRAM-MD5, so vpopmail 5.3.6 > looks like the minimum version for your requirements. (5.3.9 is up on > the dev page, 5.3.11 is the most current that I know of, 5.3.6 is > probably long gone.) Hrm, in researching more about my problem (vpopmail using the IP of the mail _client_ as the domain to authenticate against). I came across an interesting thread on the google groups. The type of error I'm encountering is this, BTW: Oct 24 12:06:36 kareem vpopmail[411]: vchkpw: vpopmail user not found testuser@:10.1.2.101 Is this the author of this post correct in saying that 5.2.1 has known bugs with respect to smtp-auth? http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=1L1c9.304668%24UU1.54038%40sccrnsc03&rnum=1&prev=/groups%3Fq%3D%2522vchkpw:%2Bvpopmail%2Buser%2Bnot%2Bfound%2522%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3D1L1c9.304668%2524UU1.54038%2540sccrnsc03%26rnum%3D1 I downloaded and installed vpopmail 5.3.9, but I'm still running into the same problem. Anyone have any ideas? Thanks, Bill
Re: [vchkpw] temporarily disable delivery & retrieval for a domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Said Anders Brander on Fri, Oct 25, 2002 at 12:38:21AM +0200: > How about a .qmail-default like this?: > |exit 111 > > - That would make the mail-delivery fail temporarily (afaik), and > qmail would try again later. Thanks for the tip, but I think that would only work on mail to the default, or catch-all, and not all other users. Regardless, I found that if you set the sticky bit on a domain directory (i.e. chmod +t), then qmail will properly queue mail for that domain and try back later. Works just like regularly, non-vpopmail qmail. As for the retrieval, I see that if you limit POP3 and/or IMAP access via vqadmin, it places a .qmailadmin-limits file with the lines disable_pop and/or disable_imap lines in it. However, this doesn't seem to actually limit POP3 or IMAP logins. Any tips there? - -- [!] Justin R. Miller <[EMAIL PROTECTED]> Encrypted email preferred (key 0xC9C40C31) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (FreeBSD) iD8DBQE9uH7P94d6K8nEDDERAgznAJ9ABs1fpqyO511IsdxEM3H+4BzEJACgj2Tp T+Kz3yN6WOMSvGXQwmhfuj0= =M2+S -END PGP SIGNATURE-
[vchkpw] courier + roaming users = how can it possibly work
As near as I can tell from the courier auth*vchkpw.c code, it only triggers either the vset_lastauth or the open_smtp_relay() routines BEFORE authentication. What good is that? Two problems - 1. The way it calls vset_lastauth in the pre* code means that you can have a denial of service race since it explicity sets the remote_ip field to "imap". If it already had a useful value in it, it's lost. As above - this is done before checking the password, so any putz that tries to fake a login can dork the contents of the table. Plus - it never updates the lastauth with a real ip, so that table is essentially useless when used with courier. 2. The open_smtp_relay() call is also done prior to login, so it's not actually protecting anything. Seems like the current code implements "Last time someone TRIED to log in from this IP", as opposed to "last successful auth from this ip". Anyone have a patch to courier to fix this completely useless/broken behavior? -- Nathan Nathan Neulinger EMail: [EMAIL PROTECTED] University of Missouri - Rolla Phone: (573) 341-4841 Computing Services Fax: (573) 341-4216
Re: [vchkpw] temporarily disable delivery & retrieval for a domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Said Justin R. Miller on Thu, Oct 24, 2002 at 07:14:23PM -0400: > As for the retrieval, I see that if you limit POP3 and/or IMAP access > via vqadmin, it places a .qmailadmin-limits file with the lines > disable_pop and/or disable_imap lines in it. However, this doesn't > seem to actually limit POP3 or IMAP logins. Any tips there? Figured this one out too. vmoduser is used on a user or a domain to disable POP3 or IMAP access. It seems to change the second numerical field in a user's vpasswd file entry. It adds a 2 to disable POP3 and an 8 to disable IMAP. So you can put a 10 there to disable both. Presumably there are other values for disabling qmailadmin access, etc. Pretty cool! - -- [!] Justin R. Miller <[EMAIL PROTECTED]> Encrypted email preferred (key 0xC9C40C31) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (FreeBSD) iD8DBQE9uIZY94d6K8nEDDERAu6JAJ9gcgopDzjIpuoQ1Zned7t/JyRn2ACeIHCz hTG/DRxB+LLyfqxsVttwfRE= =b7MH -END PGP SIGNATURE-
Re: [vchkpw] temporarily disable delivery & retrieval for a domain
Hi, On Friday 25 October 2002 01:14, you wrote: > Said Anders Brander on Fri, Oct 25, 2002 at 12:38:21AM +0200: > > How about a .qmail-default like this?: > > |exit 111 > > - That would make the mail-delivery fail temporarily (afaik), and > > qmail would try again later. > Thanks for the tip, but I think that would only work on mail to the > default, or catch-all, and not all other users. The sticky-bit idea is better, but this would work. Try it :) /Anders
Re: [vchkpw] IP Domains and Courier IMAP
On Thursday, October 24, 2002, at 03:27 PM, Rick Macdougall wrote: Hi Bill, Original response below, but one question... Why does it work when using tcpserver (but I'll still take a look a preauthvchkpw.c) ie tcpserver -R -t 2 -g 89 -u 89 0 110 /usr/lib/courier-imap/sbin/pop3login \ /usr/lib/courier-imap/libexec/authlib/authvchkpw /usr/lib/courier-imap/bin/pop3d Maildir Thanks for the response. It feels so good when I stop banging my head. Not much of a C programmer anymore, but I'll whip out my old books and see what I can do in the next couple of hours. Thanks again for the response, that helps greatly. Regards, Rick Are you using authdaemon? I know for sure that this will not work. If so, try again without it (--without-authdaemon). I'm rebuilding courier-imap to run some tests, and see if there's a problem with the IP formatting (IPV6) of TCPLOCALIP that couriertcpd sets (as suggested offlist by Vladimir Kabanov). Regards, Bill
Re: [vchkpw] IP Domains and Courier IMAP
On Thursday, October 24, 2002, at 05:31 PM, Bill Shupp wrote:
On Thursday, October 24, 2002, at 03:27 PM, Rick Macdougall wrote:
Hi Bill,
Original response below, but one question... Why does it work when
using
tcpserver (but I'll still take a look a preauthvchkpw.c)
ie
tcpserver -R -t 2 -g 89 -u 89 0 110
/usr/lib/courier-imap/sbin/pop3login \
/usr/lib/courier-imap/libexec/authlib/authvchkpw
/usr/lib/courier-imap/bin/pop3d Maildir
Thanks for the response. It feels so good when I stop banging my
head.
Not much of a C programmer anymore, but I'll whip out my old books
and see
what I can do in the next couple of hours.
Thanks again for the response, that helps greatly.
Regards,
Rick
Are you using authdaemon? I know for sure that this will not work.
If so, try again without it (--without-authdaemon). I'm rebuilding
courier-imap to run some tests, and see if there's a problem with the
IP formatting (IPV6) of TCPLOCALIP that couriertcpd sets (as suggested
offlist by Vladimir Kabanov).
Ok, Vladimir was right, TCPLOCALIP is in IPv6 from couriertcpd. So, I
just converted it in host_in_locals(), and now authvchkpw works.
However, authdaemon still will NOT work, since TCPLOCALIP does not get
passed to authvchkpw. The patch below applies to 5.3.11 (available at
http://shupp.org only right now), but you may be able to apply it to
your version with little effort. Let me know if this works for you.
Regards,
Bill Shupp
--- ../vpopmail-5.3.11/vpopmail.c Wed Oct 23 13:01:40 2002
+++ vpopmail.c Thu Oct 24 17:38:40 2002
@@ -1668,6 +1668,14 @@
#ifdef IP_ALIAS_DOMAINS
tmpstr = getenv("TCPLOCALIP");
+
+ /* courier-imap uses IPv6 */
+ if ( tmpstr != NULL && tmpstr[0] == ':') {
+tmpstr +=2;
+while(*tmpstr!=':') ++tmpstr;
+++tmpstr;
+ }
+
memset(host,0,156);
if ( vget_ip_map(tmpstr,host,156)==0 && !host_in_locals(host)){
if ( strlen(host) > 0 ) {
RE: [vchkpw] Vpopmail Exploits on Bugtraq
The exploits are for a 3rd part web based admin.. Nothing in vpopmail or Qmailadmin from what I Can see.. -John -Original Message- From: K a z [mailto:ikazdek@;hotmail.com] Sent: Thursday, October 24, 2002 2:34 PM To: [EMAIL PROTECTED] Subject: [vchkpw] Vpopmail Exploits on Bugtraq Have the remote exploits that came out on BugTraq today been addressed at all? Here are the links: http://online.securityfocus.com/archive/1/297002/2002-10-21/2002-10-27/0 http://online.securityfocus.com/archive/1/297021/2002-10-21/2002-10-27/0 _ Get faster connections -- switch to MSN Internet Access! http://resourcecenter.msn.com/access/plans/default.asp
Re: [vchkpw] IP Domains and Courier IMAP
Hi Bill,
I'm running 5.3.8 and I am running without authdaemon
(ie --without-authdaemon). I'll try the patch later on tonight or first
thing in the morning (I have little one's to put to bed now).
Thanks for the help.
Regards,
Rick
- Original Message -
From: "Bill Shupp" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 24, 2002 8:48 PM
Subject: Re: [vchkpw] IP Domains and Courier IMAP
On Thursday, October 24, 2002, at 05:31 PM, Bill Shupp wrote:
> On Thursday, October 24, 2002, at 03:27 PM, Rick Macdougall wrote:
>
>> Hi Bill,
>>
>> Original response below, but one question... Why does it work when
>> using
>> tcpserver (but I'll still take a look a preauthvchkpw.c)
>>
>> ie
>> tcpserver -R -t 2 -g 89 -u 89 0 110
>> /usr/lib/courier-imap/sbin/pop3login \
>> /usr/lib/courier-imap/libexec/authlib/authvchkpw
>> /usr/lib/courier-imap/bin/pop3d Maildir
>>
>> Thanks for the response. It feels so good when I stop banging my
>> head.
>>
>> Not much of a C programmer anymore, but I'll whip out my old books
>> and see
>> what I can do in the next couple of hours.
>>
>> Thanks again for the response, that helps greatly.
>>
>> Regards,
>>
>> Rick
>
> Are you using authdaemon? I know for sure that this will not work.
> If so, try again without it (--without-authdaemon). I'm rebuilding
> courier-imap to run some tests, and see if there's a problem with the
> IP formatting (IPV6) of TCPLOCALIP that couriertcpd sets (as suggested
> offlist by Vladimir Kabanov).
Ok, Vladimir was right, TCPLOCALIP is in IPv6 from couriertcpd. So, I
just converted it in host_in_locals(), and now authvchkpw works.
However, authdaemon still will NOT work, since TCPLOCALIP does not get
passed to authvchkpw. The patch below applies to 5.3.11 (available at
http://shupp.org only right now), but you may be able to apply it to
your version with little effort. Let me know if this works for you.
Regards,
Bill Shupp
--- ../vpopmail-5.3.11/vpopmail.c Wed Oct 23 13:01:40 2002
+++ vpopmail.c Thu Oct 24 17:38:40 2002
@@ -1668,6 +1668,14 @@
#ifdef IP_ALIAS_DOMAINS
tmpstr = getenv("TCPLOCALIP");
+
+ /* courier-imap uses IPv6 */
+ if ( tmpstr != NULL && tmpstr[0] == ':') {
+tmpstr +=2;
+while(*tmpstr!=':') ++tmpstr;
+++tmpstr;
+ }
+
memset(host,0,156);
if ( vget_ip_map(tmpstr,host,156)==0 && !host_in_locals(host)){
if ( strlen(host) > 0 ) {
Re: [vchkpw] courier + roaming users = how can it possibly work
On Thursday, October 24, 2002, at 04:30 PM, Nathan Neulinger wrote:
As near as I can tell from the courier auth*vchkpw.c code, it only
triggers either the vset_lastauth or the open_smtp_relay() routines
BEFORE authentication.
What good is that?
Two problems -
1. The way it calls vset_lastauth in the pre* code means that you can
have a denial of service race since it explicity sets the remote_ip
field to "imap". If it already had a useful value in it, it's lost. As
above - this is done before checking the password, so any putz that
tries to fake a login can dork the contents of the table.
Plus - it never updates the lastauth with a real ip, so that table is
essentially useless when used with courier.
2. The open_smtp_relay() call is also done prior to login, so it's not
actually protecting anything.
Seems like the current code implements "Last time someone TRIED to log
in from this IP", as opposed to "last successful auth from this ip".
Anyone have a patch to courier to fix this completely useless/broken
behavior?
Yup, you're right. This is pretty stupid. I'm surprised no one
noticed before.
I have a couple of ideas for fixing it:
1. move the open_smtp_relay() and vset_lastauth() stuff to a new
vchkpw_post() function that is called AFTER authentication is verified.
The downside is that this will be a second lookup in the vchkpw auth
module (the authinfo struct doesn't have a method to store the vpopmail
gid field), which would double auth traffic for anyone that uses these
functions.
2. Modify auth_vchkpw_pre() to include the password provided. But I
don't fully understand all the components of Sam's auth module
structure, so I'm not sure of any ramifications of doing this. This is
probably the simplest method, though.
Thoughts?
Regarding the logging of "service" in the lastauth table, probably the
cleanest thing would be to update the vset_lastauth() function to
include both service and IP. In the short term, though, you could
always replace "servcice" with getenv("TCPREMOTEIP").
Regards,
Bill Shupp
[vchkpw] Re: temporarily disable delivery & retrieval for a domain
Hello Justin, On Thursday, October 24, 2002 at 10:29:12 PM you wrote: > 1) if there is a comparable way to defer delivery for a virtual domain, > similar to setting the sticky bit on a home directory Shut down the SMTP server. The mails that would like to come in from outside should sit in mail queue on the other end for 5 days while your SMTP is not accessible, so if you don't need the SMTP for outgoing mails or you can tell your users you scheduled a time frame for working on server and they're unable to use the SMTP for approximated xx minutes/hours you're done. -- Best regards Peter Palmreuther
[vchkpw] vpopmail & qmail
we have multiple domain. like [EMAIL PROTECTED], [EMAIL PROTECTED] etc. my email address is [EMAIL PROTECTED] when somebody email me using other domain. i receive it. my question is how can i configure in vpopmail. so that i don't receive it and the error message should no such user. pls help me with this problem. thank you very much. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.408 / Virus Database: 230 - Release Date: 10/24/2002
