[vchkpw] Failure to update tcp.smtp - No authorized relaying for roaming user!
Hello all, I'm having a problem with qmail + vpopmail that I am at my wit's end with, on a mailserver running Slackware. This mailserver is also our webserver. We use Apache; the primary domain is my dad's and my domain is a virtual host. There aren't any issues with DNS, or with A records... our web sites work fine, and mail from senders outside our network has been getting delivered normally to both dad's domain and mine. Outgoing mail from inside our network also worked fine with any recipient. Dad was running sendmail and had no issues with it. Since sendmail is so much less secure than qmail, and since I wanted to be able to send e-mail from my laptop using a dynamic IP address while away from home (without turning dad's server into an open relay), I disabled sendmail, then installed qmail and configured it. So far so good. Incoming and outgoing mail for both domains worked as before: We could send and receive anything to/from anyone as long as we did it from inside our network. Then I compiled vpopmail with --enable-roaming-users. I am still able to send and receive from my laptop as long as I am inside the network, but when I turn my wi-fi off and fire up my aircard to try the same thing from outside the network, I can only receive. Attempts to send e-mail when I am connected from outside the local network cause my e-mail client (Sylpheed) to deliver an error saying "553 sorry, that domain isn't in my list of allowed rcpthosts." OK, true enough, but the recipient of the e-mail I am trying to send shouldn't NEED to be in rcpthosts if I am authenticated and being allowed to relay mail. I do seem to be authenticating with no problems, both when receiving mail and when trying to send it... but it looks like /home/vpopmail/etc/tcp.smtp is not being updated in order to allow my authenticated username to relay mail. I also discovered that no cronjob had been created to run /home/vpopmail/bin/clearopensmtp so I went ahead and ran crontab -e to add the appropriate job. The first thing I thought of was that tcpserver must be using /etc/tcp.smtp, while vpwchk is writing my dynamic IP address to /home/vpopmail/etc/tcp.smtp... but authenticating (and getting the error) and then checking both /etc/tcp.smtp and /home/vpopmail/etc/tcp.smtp shows that neither of them has been changed. Shouldn't my dynamic IP address be written to the tcp.smtp file at this point, to be cleared out later when the cronjob runs clearopensmtp? It isn't, and naturally qmail is treating me like the rest of the peasants as a result. I've been diddling around with various things, making one change at a time and then testing. At one point, I tried chmodding both and /etc/tcp.smtp and /etc itself to 664 and chowning them both to root:vchkpw (temporarily; I've already undone this) with no results. With that change in place, I also edited /home/vpopmail/include/vpopmail_config.h and changed '#define TCP_FILE' to define it as /etc/tcp.smtp instead of /home/vpopmail/etc/tcp.smtp (I've undone that change as well). When I cat /var/log/qmail/smtpd/current I can see the many entries where I connected from my laptop while outside the local network, but there's nothing there that looks like an error or problem. When I tail -f /var/log/maillog and watch it while I attempt to send from my laptop, nothing new is appended to the maillog. If I enable SMTP-AUTH in my e-mail client on my laptop and then try to send, I can't authenticate, and /var/log/maillog DOES get updated with the error "vchkpw-smtp: system user shadow entry not found [my username]:[my laptop's dynamic IP address]" And yet, if I cat /etc/shadow, I can see the entry for that username. WTF? Anyone? Bueller? Please keep in mind that I'm very new to both qmail and vpopmail. Also, my skillz as a server administrator are mighty spotty at best, so I might need the baby-talk version of any advice you might have to offer. ADVthanksANCE! !DSPAM:4af92e2232711699517793!
Re: [vchkpw] Failure to update tcp.smtp - No authorized relaying for roaming user!
atomdeb...@gmail.com wrote: When I cat /var/log/qmail/smtpd/current I can see the many entries where I connected from my laptop while outside the local network, but there's nothing there that looks like an error or problem. When I tail -f /var/log/maillog and watch it while I attempt to send from my laptop, nothing new is appended to the maillog. If I enable SMTP-AUTH in my e-mail client on my laptop and then try to send, I can't authenticate, and /var/log/maillog DOES get updated with the error "vchkpw-smtp: system user shadow entry not found [my username]:[my laptop's dynamic IP address]" And yet, if I cat /etc/shadow, I can see the entry for that username. When using SMTP-AUTH, you username will be your full email address if its a virtual domain. Your better off sticking to smtp-auth rather than roaming users, which is pop-before-smtp unless things have changed that im not aware of. Shane !DSPAM:4af9348c32711719792328!
Re: [vchkpw] Failure to update tcp.smtp - No authorized relaying for roaming user!
Thanks for the reply, Shane. Yes, roaming users is a POP-before-SMTP scheme that is supposed to write the IP address of the authenticated user to /home/vpopmail/etc/tcp.smtp, thus explicitly allowing mail coming from that IP to be relayed. A cronjob removes the entry after a set period of time, taking relay permission away from the dynamic IP address. Hmm, good tip regarding the username being the full e-mail address, that's something I missed. OK... in the e-mail client on my laptop, I've re-enabled SMTP-AUTH and changed the username to my e-mail address. Now I get "535 refused. Authentication failed." My /var/log/maillog shows the same error as when I tried SMTP-AUTH before, only with my full e-mail address instead of just my username: "vchkpw-smtp: system user shadow entry not found [my e-mail address] [my laptop's IP address]" On Tue, Nov 10, 2009 at 1:38 AM, Shane Chrisp wrote: > > When using SMTP-AUTH, you username will be your full email address if its a > virtual domain. Your better off sticking to smtp-auth rather than roaming > users, which is pop-before-smtp unless things have changed that im not aware > of. > !DSPAM:4af949de32712145868576!
Re: [vchkpw] Failure to update tcp.smtp - No authorized relaying for roaming user!
Ah, here's a little bit of progress. I gave ownership of vchkpw to root:vchkpw, and setuid on it: %chown root:vchkpw /home/vpopmail/bin/vchkpw %chmod 4711 /home/vpopmail/bin/vchkpw Now I authenticate while using SMTP-AUTH... which is great, since it's more secure than the roaming users thing. Unfortunately, I still get the error about the recipient not being listed in rcpthosts: "553 sorry, that domain isn't in my list of allowed rcpthosts." !DSPAM:4af9526a32711762921135!
Re: [vchkpw] Failure to update tcp.smtp - No authorized relaying for roaming user!
atomdeb...@gmail.com wrote: Ah, here's a little bit of progress. I gave ownership of vchkpw to root:vchkpw, and setuid on it: %chown root:vchkpw /home/vpopmail/bin/vchkpw %chmod 4711 /home/vpopmail/bin/vchkpw Now I authenticate while using SMTP-AUTH... which is great, since it's more secure than the roaming users thing. Unfortunately, I still get the error about the recipient not being listed in rcpthosts: "553 sorry, that domain isn't in my list of allowed rcpthosts." What guide did you use to setup vpopmail? You should not have vchkpw setuid as root, it should be set as vpopmail:vchkpw. How about the permissions on the /home/vpopmail dir? Also :~# id vpopmail uid=89(vpopmail) gid=89(vchkpw) groups=89(vchkpw) Try running /var/qmail/bin/qmail-showctl to list the configs and allowed domains. Shane !DSPAM:4af9573c32711766318134!
Re: [vchkpw] Failure to update tcp.smtp - No authorized relaying for roaming user!
Meh. Also unfortunate is the fact that CRAM-MD5 doesn't work... I get "502 unimplemented" when I try to use it. PLAIN and LOGIN work fine. !DSPAM:4af957c232713168067118!
Re: [vchkpw] Failure to update tcp.smtp - No authorized relaying for roaming user!
On Tue, Nov 10, 2009 at 4:06 AM, Shane Chrisp wrote: > What guide did you use to setup vpopmail? You should not have vchkpw setuid > as root, it should be set as > vpopmail:vchkpw. I used the README and INSTALL files that came with vpopmail to set it up. > How about the permissions on the /home/vpopmail dir? Permissions on /home/vpopmail are set to 755, with ownership set to vpopmail:vchkpw > Also > > :~# id vpopmail > uid=89(vpopmail) gid=89(vchkpw) groups=89(vchkpw) > > I get: uid=1013(vpopmail) gid=105(vchkpw) groups=105(vchkpw) > Try running /var/qmail/bin/qmail-showctl to list the configs and allowed > domains. > I have no clue what I'm looking for when I run qmail-showctl. My domain shows up there, listed under 'virtualdomains' as well as in the list of domains from /var/qmail/control/locals and /var/qmail/control/rcpthosts. Using cat, I note that while my domain is listed in the locals file, the rcpthosts file, and the virtualdomains file, the virtualhosts file is empty. !DSPAM:4af95ce532716395114762!
Re: [vchkpw] Failure to update tcp.smtp - No authorized relaying for roaming user!
atomdeb...@gmail.com wrote: I get: uid=1013(vpopmail) gid=105(vchkpw) groups=105(vchkpw) What version of vpopmail did you install? Older versions required that the id was 89, but I believe that has changed in the latest version. Try running /var/qmail/bin/qmail-showctl to list the configs and allowed domains. I have no clue what I'm looking for when I run qmail-showctl. My domain shows up there, listed under 'virtualdomains' as well as in the list of domains from /var/qmail/control/locals and /var/qmail/control/rcpthosts. Using cat, I note that while my domain is listed in the locals file, the rcpthosts file, and the virtualdomains file, the virtualhosts file is empty. If your domain is meant to be a virtual domain, then it should not be in locals. !DSPAM:4af9628632711506078322!
Re: [vchkpw] Failure to update tcp.smtp - No authorized relaying for roaming user!
On Tue, 10 Nov 2009, atomdeb...@gmail.com wrote: Ah, here's a little bit of progress. I gave ownership of vchkpw to root:vchkpw, and setuid on it: %chown root:vchkpw /home/vpopmail/bin/vchkpw %chmod 4711 /home/vpopmail/bin/vchkpw Now I authenticate while using SMTP-AUTH... which is great, since it's more secure than the roaming users thing. Unfortunately, I still get the error about the recipient not being listed in rcpthosts: "553 sorry, that domain isn't in my list of allowed rcpthosts." One issue I've had with vpopmail and roaming is the location of the tcp.smtp.cdb file. For example, FreeBSD ports wants to put in in /var/etc/vpopmail, or some bizarre place like that. Do a search on the file and make sure there's only one of them and check the time stamp, to make sure it's being updated every time somebody POPs in. James Smallacombe PlantageNet, Inc. CEO and Janitor u...@3.am http://3.am = !DSPAM:4af97f0032711042420519!
[vchkpw] Clamav update problems
I have problems to update the clamav antiviurs when I rename the file update daily.cvd to qmail daily.cld and stops sending me emails. This happens whenever the antivirus update, someone has had this problem too? Greetings !DSPAM:4af9825832711827410300!
[vchkpw] autoresponder does not replace subject line
Hi Guys: I wonder if someone can advise me on whether the 'autorepond 2.0.5' program downloaded from inter7 is broken. We're using it with Qmailadmin and find that although we've provided a subject line and 'from' address for the autoresponder the subject line is not replaced in the email back to the original sender. The email just comes back to the originator with 'Re:' added in front of the original subject. Isn't the autoresponder subject supposed to replace the original subject and not just show up in the body of the email? Is anyone else seeing this behavior? Best Regards, Jeff Koch !DSPAM:4af98fc832715451174373!
Re: [vchkpw] Failure to update tcp.smtp - No authorized relaying for roaming user!
@Shane: I installed the latest version of vpopmail. I notice that your uid and gid match, whereas mine are not only not 89, they are also different from each other. As for the virtual domain thing, I'm not sure exactly what 'virtual domain' means in terms of qmail/vpopmail. My domain is a virtual host in Apache terms; it isn't the primary domain. Should I remove it from locals? @James: I used 'find' to look for both tcp.smtp and tcp.smtp.cdb, and found only two: the one in /etc, and the one in /home/vpopmail/etc. None of them get updated when I authenticate. !DSPAM:4af9b81932712430412926!
Re: [vchkpw] Failure to update tcp.smtp - No authorized relaying for roaming user!
On Tue, 10 Nov 2009, atomdeb...@gmail.com wrote: @James: I used 'find' to look for both tcp.smtp and tcp.smtp.cdb, and found only two: the one in /etc, and the one in /home/vpopmail/etc. None of them get updated when I authenticate. Of those two, only the .cdb file gets updated by vpopmail. Look for another file called "open-smtp". vpopmail is supposed to merge that and /etc/tcp.smtp into one cdb file. You likely need to symlink one of them to the other. Possibly: cd ~vpopmail/etc/ rm tcp.smtp.cdb ln -s /etc/tcp.smtp.cdb tcp.smtp.cdb Or something similar... James Smallacombe PlantageNet, Inc. CEO and Janitor u...@3.am http://3.am = !DSPAM:4af9c0fd32711866011105!
Re: [vchkpw] Failure to update tcp.smtp - No authorized relaying for roaming user!
> @James: I used 'find' to look for both tcp.smtp and tcp.smtp.cdb, and > found > only two: the one in /etc, and the one in /home/vpopmail/etc. None of > them > get updated when I authenticate. > tcp.smtp does NOT get updated by vpopmail, only the tcp.smtp.cdb file does. The tcp.smtp file contains the static list of relay addresses, and is combined with a dynamic list maintained by the back end to build the tcp.smtp.cdb file. The pop-before-smtp stuff is maintained separately depending on what backend you use (the open-smtp file for cdb, in the SQL db for others) - grep for the UP in the actual CDB file to see if it's being updated or not. But as others said, don't use pop-before-smtp, use SMTP AUTH. Josh Joshua Megerman SJGames MIB #5273 - OGRE AI Testing Division You can't win; You can't break even; You can't even quit the game. - Layman's translation of the Laws of Thermodynamics vpopm...@honorablemenschen.com !DSPAM:4af9c12032714672444735!
Re: [vchkpw] Failure to update tcp.smtp - No authorized relaying for roaming user!
OK, I'm sold; I'll use SMTP-AUTH instead of POP-before-SMTP. I can authenticate from inside or outside the network, using SMTP-AUTH in either PLAIN or LOGIN mode. CRAM-MD5 is apparently not implemented (yet). I can only relay when I connect from inside the network. Attempting to relay from outside the network gives me the error "553 sorry, that domain isn't in my list of allowed rcpthosts." I am not using a SQL db for the backend. Should I be seeing a file called open-smtp? It doesn't exist. How do I get this thing to allow me to relay from my dynamic IP address once I've authenticated with SMTP-AUTH? !DSPAM:4af9cd4732712061415888!
[vchkpw] Re: Failure to update tcp.smtp - No authorized relaying for roaming user!
atomdeb...@gmail.com wrote: OK, I'm sold; I'll use SMTP-AUTH instead of POP-before-SMTP. I can authenticate from inside or outside the network, using SMTP-AUTH in either PLAIN or LOGIN mode. CRAM-MD5 is apparently not implemented (yet). I can only relay when I connect from inside the network. Attempting to relay from outside the network gives me the error "553 sorry, that domain isn't in my list of allowed rcpthosts." I am not using a SQL db for the backend. Should I be seeing a file called open-smtp? It doesn't exist. How do I get this thing to allow me to relay from my dynamic IP address once I've authenticated with SMTP-AUTH? If you're using rblsmtpd, you'll need to either configure and use port 587 for submission (with no rblsmtpd but required authentication), or install spamdyke (highly recommended). -- -Eric 'shubes' !DSPAM:4af9d04d32713891315593!
Re: [vchkpw] Re: Failure to update tcp.smtp - No authorized relaying for roaming user!
@Eric: I don't know what rblsmtpd is, but I went ahead and installed spamdyke. I've got pretty much everything in /etc/spamdyke.conf commented out for now. !DSPAM:4af9d47f32711378297749!
Re: [vchkpw] Failure to update tcp.smtp - No authorized relaying for roaming user!
atomdeb...@gmail.com wrote: OK, I'm sold; I'll use SMTP-AUTH instead of POP-before-SMTP. I can authenticate from inside or outside the network, using SMTP-AUTH in either PLAIN or LOGIN mode. CRAM-MD5 is apparently not implemented (yet). I can only relay when I connect from inside the network. Attempting to relay from outside the network gives me the error "553 sorry, that domain isn't in my list of allowed rcpthosts." I am not using a SQL db for the backend. Should I be seeing a file called open-smtp? It doesn't exist. How do I get this thing to allow me to relay from my dynamic IP address once I've authenticated with SMTP-AUTH? CRAM-MD5 is only going to work if you have clear text passwords stored. If your email domain is in locals, it will probably not work since it will try to auth via the local passwd/shadow files. Your locals file should contain the name of your machine, not your email domain. Regards, Rick !DSPAM:4af9d57232712411720135!
