[vchkpw] SMTP-AUTH fails, POP3 auth works. Mysql, Linux

[ISP Lists]

I've built vpopmail 5.4.5 with mysql 3.23.57-ish on Debian potato. I've
enabled roaming users and have included the SMTP-AUTH patch.  Courier,
vpopmail, qmail, and everything else compiled fine (I did not use Debian
packages).

POP3 works fine.  Spam filtering works fine.  Squirrelmail fine.  
Squirrelmail sends via 127.0.0.1 SMTP fine via
/home/vpopmail/etc/tcp.smtp.  SMTP-AUTH fails on password look ups and
therefore roaming users cannot send email.

ERROR LOG:
Aug  7 06:58:21 puffer vpopmail[28939]: vchkpw-smtp: password fail [email
protected]:[ip protected]

vpopmail was compiled like this:
./configure --enable-roaming-users=y --enable-logging=y
--enable-ip-alias-domains=y --enable-auth-module=mysql
--enable-clear-passwd=n --enable-libdir=/usr/include/mysql/
--enable-tcpserver-path=/home/vpopmail/etc/
--enable-tcpserver-file=/home/vpopmail/etc/tcp.smtp --enable-qmail-ext
--enable-logging=e --enable-tcprules-prog=/usr/local/bin/tcprules
--enable-rebuild-tcpserver-file

My qmail-smtp/run file reads:
#!/bin/sh
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE
VPOPMAILUID=`id -u vpopmail`
VPOPMAILGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ];
then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
exec /usr/local/bin/softlimit -m 1500 \
/usr/local/bin/tcpserver \
-H -l [server hostname protected] \
-v -x /etc/tcp.smtp.cdb \
-c 20 -R -u "$VPOPMAILUID" -g "$VPOPMAILGID" 0 smtp \
  /usr/local/bin/rblsmtpd -b -C \
-r 'relays.ordb.org:Your message was rejected. \
-r 'sbl-xbl.spamhaus.org:Your message was rejected \
  /var/qmail/bin/qmail-smtpd $LOCAL /home/vpopmail/bin/vchkpw \
  /usr/bin/true 2>&1


/home/vpopmail/bin/vchkpw is owned by vpopmail.vchkpw

/usr/local/courier-imap/etc/imapd bears the line
AUTHMODULES="authdaemon"

How do I go further debug this?
Thanks.
D.

Re: [vchkpw] SMTP-AUTH fails, POP3 auth works. Mysql, Linux

[ISP Lists]

> I've built vpopmail 5.4.5 with mysql 3.23.57-ish on Debian potato. I've
> enabled roaming users and have included the SMTP-AUTH patch.  Courier,
> vpopmail, qmail, and everything else compiled fine (I did not use Debian
> packages).
>
> POP3 works fine.  Spam filtering works fine.  Squirrelmail fine.
> Squirrelmail sends via 127.0.0.1 SMTP fine via
> /home/vpopmail/etc/tcp.smtp.  SMTP-AUTH fails on password look ups and
> therefore roaming users cannot send email.

[SNIP]

OK, I've found that it was a client software error where CRAM-MD5 login is
advertised first.  Pegasus mail wouldn't keep trying to get to plain
LOGIN, but The BAT! would "fail back" from CRAM-MD5 to plain LOGIN and
roaming SMTP relay works fine.

Sorry for the initial concern, but I'd like to remove CRAM-MD5 from the
advertised capabilities to avoid this kind of confusion with users.

Any help there?!
Sorry, but thanks so far!

[vchkpw] fetchmail and maildrop to a vpopmail account

[ISP Lists]

I'm struggling finding a "howto" on a particular issue:

I have a webmail/pop3 account, no IMAP.  I do not run that server and only
have user privs on the email account.  I want to do a ONE-TIME conversion
to pull the 400+ messages from this account using fetchmail (or whatever
you recommend) for delivery to my vpopmail user account.

I run the destination server, it runs vpopmail/courier/mysql, and has a
domain with the particular ./Maildir account that I want to deliver the
mail into.

I was going to use fetchmail -> maildrop -> ./Maildir

I was doing okay pulling together information to accomplish this until I
realized that I didn't have a local account for maildrop since the
destination account is a virtual user in vpopmail
(/home/vpopmail/domains/example.com/username/Maildir)

Does anybody have some guidance on where I should go to cook up a solution?
All help appreciated!  Thanks, Dave.

Re: [vchkpw] fetchmail and maildrop to a vpopmail account

[ISP Lists]

> On Tue, 2004-09-28 at 10:06, ISP Lists wrote:
>> I'm struggling finding a "howto" on a particular issue:
>>
>> I have a webmail/pop3 account, no IMAP.  I do not run that server and
>> only
>> have user privs on the email account.  I want to do a ONE-TIME
>> conversion
>> to pull the 400+ messages from this account using fetchmail (or whatever
>> you recommend) for delivery to my vpopmail user account.
>>
>> I run the destination server, it runs vpopmail/courier/mysql, and has a
>> domain with the particular ./Maildir account that I want to deliver the
>> mail into.
>>
>> I was going to use fetchmail -> maildrop -> ./Maildir
>>
>> I was doing okay pulling together information to accomplish this until I
>> realized that I didn't have a local account for maildrop since the
>> destination account is a virtual user in vpopmail
>> (/home/vpopmail/domains/example.com/username/Maildir)
>>
>> Does anybody have some guidance on where I should go to cook up a
>> solution?
>> All help appreciated!  Thanks, Dave.
>
> You're fine just using Fetchmail - after that, IMHO, you're
> overcomplicating it with maildrop :)
>
> I do fetchmail like so:
> /usr/local/bin/fetchmail -s -f /home/root/fetchmail/fetchmail2.rc
>
> where fetcmail2.rc contains:
> poll mail.com.com proto POP3 user "username" pass "password" smtpname
> [EMAIL PROTECTED] fetchall
>
> Basically grab anything from the remote user's mailbox and redirect it via
> smtp
> to '[EMAIL PROTECTED]'.   Then your SMTP setup takes care of the
> delivery as if all those
> emails came in to your localuser originally.
>
> Rick
>
>

Shucks, that was too easy.  Worked great!  Thanks Rick!

[vchkpw] Howto reject invalid recipients AFTER SMTPD receipt of msg?

[ISP Lists]

I want to reject incoming email to invalid users AFTER accepting the email
by SMTPd. Where can I insert a small bash script to check valid users
against VPOPMAIL MYSQL DB before allowing SPAMD, CLAMAV, qmail-inject,
etc. to run???

Vpopmail 5.4.5, Mysql 3.23.54.  Also, I'm aware of Tonix's patch to
prevent invalid users BEFORE SMTPD accepts mail.  Am considering it, but
want to understand options if I'm willing to take the bandwidth hit but
not provide hints to dictionary attackers.  Really hoping to put a small
script inline to SMTP processing.  THANKS!

My current /var/qmail/supervise/qmail-smtpd/run file reads thusly.

#!/bin/sh
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE
VPOPMAILUID=`id -u vpopmail`
VPOPMAILGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`

if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL"
]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi

exec /usr/local/bin/softlimit -m 1500 \
/usr/local/bin/tcpserver \
  -H -l server.example.com \
  -v -x /etc/tcp.smtp.cdb \
  -c 20 -R -u "$VPOPMAILUID" -g "$VPOPMAILGID" 0 smtp \
  /usr/local/bin/rblsmtpd -b -C \
  -r 'relays.ordb.org: denied' \
  -r 'sbl-xbl.spamhaus.org: denied' \
  /var/qmail/bin/qmail-smtpd $LOCAL \
  /home/vpopmail/bin/vchkpw /usr/bin/true 2>&1

[vchkpw] Re: Howto reject invalid recipients AFTER SMTPD receipt of msg?

[ISP Lists]

> On Jan 11, 2005, at 6:07 AM, ISP Lists wrote:
>> I want to reject incoming email to invalid users AFTER accepting the
>> email
>> by SMTPd. Where can I insert a small bash script to check valid users
>> against VPOPMAIL MYSQL DB before allowing SPAMD, CLAMAV, qmail-inject,
>> etc. to run???
>>
>> Vpopmail 5.4.5, Mysql 3.23.54.  Also, I'm aware of Tonix's patch to
>> prevent invalid users BEFORE SMTPD accepts mail.  Am considering it,
>> but
>> want to understand options if I'm willing to take the bandwidth hit but
>> not provide hints to dictionary attackers.  Really hoping to put a
>> small
>> script inline to SMTP processing.  THANKS!
>>
>> My current /var/qmail/supervise/qmail-smtpd/run file reads thusly.
>>
>> #!/bin/sh
>> QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE
>
> You can incorporate it into qmail-scanner-queue.pl.  If the qmail-queue
> program exits with the proper exit code, qmail-smtpd will reject the
> message.
>
> You can run vuserinfo and check the exit code to determine if an
> account is valid or not.  You'll need to check the catchall setting
> (unless catchall is bounce/delete, all addresses are valid).  You'll
> have to add some additional code though to check for mailing list,
> autoresponder and alias/forward accounts.  We have bounced around the
> idea of writing a simple vpopmail program that checks to see if an
> account is valid or not (taking into consideration the catchall
> setting).
>
> Another option would be to modify Tonix's patch to do the checking
> after receiving the message.  I have no idea how hard that would be
> though.
>
> On possible problem with this setup is that if I legitimately email two
> people at your company and one address is invalid, the entire message
> bounces and I don't know which address was wrong.
>
> --
> Tom Collins  -  [EMAIL PROTECTED]
> QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
> Info on the Sniffter hand-held Network Tester: http://sniffter.com/
>
>

Tom, thanks for your well considered message.  Your last point is probably
the most troubling to any scenario that rejects by name.  I haven't taken
a serious look yet into the docs/code from Tonino to see its behavior in
such a case.

I, for one, would like to see some additional movement in vpopmail to
expand control of smtpd - if not replace it as LinuxMagic have done. 
That's a bit far-reaching, so perhaps your thought of extending some
service for checking valid IDs is useful.  I, for one, do NOT run with a
catchall, BTW

Re: [vchkpw] OT: Migration of Lotus Notes to Vpopmail

[ISP Lists]

Googling shall set ye free

http://www.google.com/search?hl=en&q=convert+lotus+notes+to+mbox&btnG=Google+Search




> Hi list.
>
> I need migrate accounts and mailbox from Lotus Notes 5.0.1 to
> Qmail+Vpopmail. The accounts creation isn't problem, but my main problem
> is migrate the mailbox to maildir. The mailbox for one user, in Lotus, is
> into a file .nsf (database Lotus). I need convert 1062 mailbox to
> Maildir. Somebody know how convert this?
>
> If isn't possible convert directly the file nsf, I'm think use imap
> migration tool
> http://migrationtool.sourceforge.net/  but I never use this tool
>
> Somebody has some experience using tools like to fetchmail, migrationtool,
> or others?
>
> Any suggestion is been thankful
>
> Bye friends
>
> Juan Enciso Condeña
> Área de Operaciones
> Qnet
> Soluciones Tecnológicas
> Av. Paseo de la República 4675 - Lima 34
> Telf: (511) 241-4122 Anexo 2244
> Fax: (511) 446-8135
> www.qnet.com.pe

Re: [vchkpw] RBL setup

[ISP Lists]

> Hello,
>
> how to setup RBL cheking to my qmail-vpopmail instalation. How can I
> chack if my RBL check works.
>
> TNX
>
>
>

Hello,
Check the relevant section of this guide
http://www.pipeline.com.au/staff/mbowe/isp/webmail-server.htm

[vchkpw] SMTP-AUTH works POP3 not SMTPd?

[ISP Lists]

sys: Fedora core3, manually compiled vpopmail 3.4.10, RPM Mysql 3.23.59?,
compiled courier imap 4.0.2, compiled qmail-1.03, patched
qmail-ej-cocktail-14.tar.gz, manually patched Tonix' chkuser 2.0.

I have installed vpopmail with roaming/SMTP-AUTH before, again using
Michael Bowe's webmail guide.  SMTP-AUTH is failing authentication and I
cannot tell why.

I had created the qmail install with Tonix' chkuser patch and saved that
qmail-smtpd binary.  Substituting between the original and the Tonix
patched qmail-smtpd binaries does not seem to change the behavior.

compiled vpopmail as:

./configure \
  --enable-roaming-users \
  --enable-logging=p \
  --disable-passwd \
  --enable-clear-passwd \
  --disable-domain-quotas \
  --enable-auth-module=mysql \
  --disable-many-domains \
  --enable-auth-logging \
  --enable-sql-logging \
  --enable-valias \
  --disable-mysql-limits

/home/vpopmail/etc:
qmail]# ls -l ~vpopmail/etc/
total 16
-rw-r--r--  1 root root 25 Jun  8 19:47 inc_deps
-rw-r--r--  1 root root 81 Jun  8 19:47 lib_deps
-rw-r--r--  1 vpopmail vchkpw 1107 Jun  8 19:47 vlimits.default
-rw-r-  1 vpopmail vchkpw   43 Jun  8 19:43 vpopmail.mysql


/var/qmail/supervise/qmail-smtpd/run:
#!/bin/sh
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE
VPOPMAILUID=`id -u vpopmail`
VPOPMAILGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL"
]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
exec /usr/local/bin/softlimit -m 1700 \
/usr/local/bin/tcpserver \
  -H -l [[[my.host.name]]] \
-v -x /etc/tcp.smtp.cdb \
  -c 30 -R -u "$VPOPMAILUID" -g "$VPOPMAILGID" 0 smtp \
  /usr/local/bin/rblsmtpd -b -C \
 -r 'sbl-xbl.spamhaus.org:Your message was rejected ' \
  /var/qmail/bin/qmail-smtpd $LOCAL /home/vpopmail/bin/vchkpw \
  /usr/bin/true 2>&1


mysql's vpopmail database table vlog contains:
| id | user  | passwd   | domain| logon   
   | remoteip | message   
 | timestamp  | error |
++---+--+---+-+--+-++---+
|  1 | daver | <[EMAIL PROTECTED] | example.net |
[EMAIL PROTECTED] | MYIP | vchkpw-25: password fail (pass:
'<[EMAIL PROTECTED]>') [EMAIL PROTECTED]:MYIP | 1119024854 |  
  3 |
|  2 | daver | <[EMAIL PROTECTED] | example.net |
[EMAIL PROTECTED] | MYIP | vchkpw-25: password fail (pass:
'<[EMAIL PROTECTED]>') [EMAIL PROTECTED]:MYIP | 1119025751 |  
  3 |


THIS IMPLIES that some element of the hostname and a timestamp(?) are
being forwarded instead of the submitted password??

I'm at a loss here, help appreciated!

BTW, all incoming SMTP delivery works to all accounts.  All POP3 pickup
and authentication works too.  Just SMTP-AUTH to send is broken.

Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?

[ISP Lists]

>
> You've got an old SMTP AUTH patch that sends the MD5 challenge and
> response in the wrong order.
>
> Use the patch from the contrib directory of vpopmail, and then remove
> the $LOCAL from your run file, as the newer SMTP AUTH patch does not
> use it.
>
> --
> Tom Collins  -  [EMAIL PROTECTED]
> QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
> You don't need a laptop to troubleshoot high-speed Internet:
> sniffter.com
>
>

Tom, thanks.  I didn't realize there had been a "change" in patches that
did this...  Wilco.

Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?

[ISP Lists]

>>
>> You've got an old SMTP AUTH patch that sends the MD5 challenge and
>> response in the wrong order.
>>
>> Use the patch from the contrib directory of vpopmail, and then remove
>> the $LOCAL from your run file, as the newer SMTP AUTH patch does not
>> use it.
>>
>> --
>> Tom Collins  -  [EMAIL PROTECTED]
>> QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
>> You don't need a laptop to troubleshoot high-speed Internet:
>> sniffter.com
>>
>>
>
> Tom, thanks.  I didn't realize there had been a "change" in patches that
> did this...  Wilco.
>
>
Follow-up

Built as netqmail-1.05, patched SMTP-AUTH from vpopmail contrib, then
manually added Tonix' chkuser 2.0

Everything is VERY happy now.

Thanks for the help!
Dave.

Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?

[ISP Lists]

> On Jun 17, 2005, at 11:21 AM, ISP Lists wrote:
>> Built as netqmail-1.05, patched SMTP-AUTH from vpopmail contrib, then
>> manually added Tonix' chkuser 2.0
>>
>> Everything is VERY happy now.
>
> Did you remember to remove $LOCAL from your qmail-smtpd/run file?  If
> not, you can now auth with any username/password.
>
> --
> Tom Collins  -  [EMAIL PROTECTED]
> QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
> You don't need a laptop to troubleshoot high-speed Internet:
> sniffter.com
>
>
Yes, I did and I tried using nonsense/invalid combos to ensure that I
wasn't "AUTH'ing" the world.  Appreciate your concern!  Thanks again!

Re: [vchkpw] Help! /var/qmail removed

[ISP Lists]

>
>> If you have your qmail source tree cd into it and type
>> make setup check
>>
>> You will probably have to re-install vpopmail and qmailadmin as well
>>
>> If not you will have to rebuild from scratch ;-(
>>
>
> Hmm, how do I generate all of the virtualdomains, rcpthosts, append,
> assign
> etc for the vpopmail hosted domains?
>
> Cheers
> Tim.
>
>
>
>From your backup!?

[vchkpw] Spotty behavior authenticating: MySQL server has gone away

[ISP Lists]

Something peculiar happened to mysql during a reboot and now vpopmail
authdaemond is having trouble completing authentications

/var/log/maillog says:

Aug 24 08:36:15 hostname authdaemond: vmysql: sql error[3]: MySQL server
has gone away


This problem is spotty though.  I have several successful authentications
before this error occurs.  I then have to restart mysqld before I can get
any other authentications to succeed.  I am still able to use the mysql
client to connect to the server for an interactive session.

What seems strange to me is that there are only two mysql daemons running:

root 23923  0.0  0.1  5060 1108 pts/0S09:13   0:00 /bin/sh
/usr/bin/safe_mysqld --defaults-file=/etc/my.cnf
--pid-file=/var/run/mysqld/mysqld.pid

mysql23956  0.0  0.5 38620 5656 pts/0Sl   09:13   0:00
/usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedir=/var/lib
--datadir=/var/lib/mysql --user=mysql
--pid-file=/var/run/mysqld/mysqld.pid --skip-locking


Every other instance of mysql 3.23.x I've ever run has about 10 child
threads running, so this seems strange to see only one child thread.

I have not updated any packages on this box recently.  None at all, I swear.

Suggestions to investigate?  Googling on the "MySQL server has gone away"
is a wild goose chase.

Re: [vchkpw] Spotty behavior authenticating: MySQL server has gone away

[ISP Lists]

> Something peculiar happened to mysql during a reboot and now vpopmail
> authdaemond is having trouble completing authentications
>
> /var/log/maillog says:
>
> Aug 24 08:36:15 hostname authdaemond: vmysql: sql error[3]: MySQL server
> has gone away
>
>
> This problem is spotty though.  I have several successful authentications
> before this error occurs.  I then have to restart mysqld before I can get
> any other authentications to succeed.  I am still able to use the mysql
> client to connect to the server for an interactive session.
>
> What seems strange to me is that there are only two mysql daemons running:
>
> root 23923  0.0  0.1  5060 1108 pts/0S09:13   0:00 /bin/sh
> /usr/bin/safe_mysqld --defaults-file=/etc/my.cnf
> --pid-file=/var/run/mysqld/mysqld.pid
>
> mysql23956  0.0  0.5 38620 5656 pts/0Sl   09:13   0:00
> /usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedir=/var/lib
> --datadir=/var/lib/mysql --user=mysql
> --pid-file=/var/run/mysqld/mysqld.pid --skip-locking
>
>
> Every other instance of mysql 3.23.x I've ever run has about 10 child
> threads running, so this seems strange to see only one child thread.
>
> I have not updated any packages on this box recently.  None at all, I
> swear.
>
> Suggestions to investigate?  Googling on the "MySQL server has gone away"
> is a wild goose chase.
>
>
>
>
>

Hrm, rebooting the box seems to have helped.  Still same number of mysql
daemons, but they're answering now...  Damned strange.  dmesg on reboot
didn't show any ext3 errors being fixed - I was wondering if this was a
disk thing.

Thoughts still welcome and appreciated on this.

[vchkpw] CHKUSER 2.0.8b - banning IPs into tcp.smtp

[ISP Lists]

CHKUSER 2.0.8b on qmail 1.03 and vpopmail 5.4.10.

I LOVE that CHKUSER can single out the unknown recipients and block the
offending SMTP session - big traffic control helper!  However, I've got
one domain that's really being hit hard by dictionary attacks.  Some
attack traffic is a few hits from many IPs, other traffic is many hits
from few IPs.

What I'd like to do is get something that's like an IDS that reads log
output for CHKUSER rejections - currently only outputting to

/var/log/qmail/smtp/current

and have that information parsed for the specific domain and have the
offending sender IP stuffed into a database (probably with a timestamp). 
Then I would build some scripted logic to query the database to figure out
if I've been hit N number of times from an IP in a certain window of time;
thus the trigger to update tcp.smtp with the offender.

I think I might go ahead and just "compile" the tcp.smtp at each pass,
that way I can keep tcp.smtp as compact as possible.  Those who've stopped
being naughty are taken off the blocklist eventually.  Almost an RBL
mentality I guess.  (and yes, I AM running with the Spamhaus RBL also).

I gotta believe some smart person already built this, but I don't know if
it's called something specific.  Big challenge for me is how to keep an
eye on a logfile for any particular time (particularly given DJB's arcane
date values in the above log file) and not end up reprocessing data I've
already seen.

Help appreciated and thanks!
Dave.

[vchkpw] How expensive is reloading the tcp.smtp.cdb?

[ISP Lists]

Related to my earlier post, how expensive is it - resource-wise - to
reload a tcp.smtp file of 100-1000 lines?

If I have processing that is updating tcp.smtp every 5-10 minutes and I
choose to reload the cdb from that tcp.smtp, is that a bad idea?

The "qmailctl cdb" command runs very fast for me now, but I don't have any
idea what impact it has on any smtpd instances having to restart or
re-read.

Anyone know?

[vchkpw] announce: bantcp for CHKUSER patch

[ISP Lists]

I wanted to announce a little script project I'm starting called 'bantcp'.

I got frustrated by a dictionary attack on one of my domains.  Tonix'
CHKUSER patch did it's job in repelling the offending IPs (who were not
already RBLd) but I wanted more.

I wanted a (semi-)automated way to extract the attacking IPs from my qmail
logs and insert them into my tcp.smtp file using selection criteria based
upon how many attacks had been made from an IP during a specific window of
time.  I felt this was a way to prevent further abuse from these IPs.

bantcp is version 0.01   It's a cobbling of bash and perl to provide the
output suitable for pasting into your tcp.smtp file.  It's not terribly
elegant yet, but I'm hoping for some suggestions.

Flames are welcome too, though please be kind.  I'm not a coder.  I'm also
guessing that a 'sed/awk' guru could tighten bantcp up a lot - maybe kill
off the perl jumps altogether.

http://www.bantcp.com/

Thanks,
Dave.

[vchkpw] Ping - list running?

[ISP Lists]

No messages from list today to my inbox.  Pinging.

[vchkpw] Anti-spam solution - favs?

[ISP Lists]

I've got vpopmail/netqmail built using typical clamav and spamassassin
(clamd, spamd).  I've got XBL filtering and CHKUSER enabled on smtp.  I'm
actively training my Bayes filters.  I do not use verified sender or SPF.

Spamassassin's local.cf look like this:

required_score 6
rewrite_header Subject [SPAM]
report_safe 0
use_pyzor 0
use_razor2 1
use_dcc 0
dcc_home /var/dcc
skip_rbl_checks 0
rbl_timeout 3
score RCVD_IN_BL_SPAMCOP_NET 2
use_bayes 1
bayes_auto_learn 1
bayes_path /home/spamd/.spamassassin/bayes


I STILL find a good bit of spam is getting through. (pharma, mortgages,
stock hype, etc)

I wonder whether there are other/better anti-spam tools I should use to
cull the spam more effectively.  Suggestions most welcome.

[vchkpw] Alternate routing for failed send

[ISP Lists]

I had a case where a single destination SMTP MX server was denying my send
request from what appeared to be an IP range-based RBL blacklist.  Nobody
elses MXs levered that blacklist, so I only had the one problem delivery.

I was able to mockup a gateway on another server of mine in another IP
block and I temporarily used 'smtproutes' to clear my queue for that
issue.

Q: What solutions are being used in the wild to deal with this kind of case?

I could see an 'smtproutes' file that uses a ":farm.of.hostnames.tld" in
order to send your outbound email through a farm of servers in diverse
netblocks, but that implies a bit more scale than I can offer/afford.

I don't believe there's any available logic that says something like
"after a message is SMTP-connect-refused XX times, please try alternate
send path via 'othersmtproutes'"  That's probably more overhead than
value, but it occurred to me...

Feedback is most welcome.  (Please let me know if this is more appropriate
for the qmail list than vpopmail.)

Dave

Re: [vchkpw] Problem compiling courier-auth 0.59.3+

[ISP Lists]

Some very smart person - I'm REALLY sorry I cannot easily find the link to
give proper credit - posted this patch "out there" a few weeks ago.  I
don't think it's become mainstream yet, but I literally just went through
the same problem with authlib 0.59.3 and vpopmail 5.4.17.   Yes, the patch
works; no I don't know why.

the patch I used came from discussion here:
http://www.mail-archive.com/vchkpw@inter7.com/msg24923.html

I tried to google for the filename of the patch below but I think it's a
filename I made up...  I was in a rush to get something built, so my notes
are incomplete.  Bad dog, I know.

Meanwhile, here's the patch code
===
--- courier-authlib-0.59.3/authvchkpw.c 2007-04-22 20:53:30.0 +0200
+++ courier-authlib-0.59.3b/authvchkpw.c2007-04-25
17:53:58.908980669 +0200
@@ -55,16 +55,19 @@
return (*i->callback_func)(a, i->callback_arg);
 }

 #if HAVE_HMACLIB

 #include"libhmac/hmac.h"
 #include"cramlib.h"

+static int auth_vchkpw_login(const char *service, char *authdata,
+int (*callback_func)(struct authinfo *, void *), void
*callback_arg);
+

 static int auth_vchkpw_cram(const char *service,
const char *authtype, char *authdata,
int (*callback_func)(struct authinfo *, void *),
void *callback_arg)
 {
 struct  cram_callback_info  cci;
===

And how I build the authlib for my system

cd /usr/src/qmail
wget
http://superb-west.dl.sourceforge.net/sourceforge/courier/courier-authlib-0.59.3.tar.bz2
bunzip2 courier-authlib-0.59.3.tar.bz2
tar xf courier-authlib-0.59.3.tar
chown -R root.root courier-authlib-0.59.3
cd courier-authlib-0.59.3
wget http://www.dermanagement.com/qmail/courier-0.59.3-authvchkpw.patch
patch < courier-0.59.3-authvchkpw.patch

./configure \
  --prefix=/usr/local/courier-authlib \
  --without-authpam \
  --without-authldap \
  --without-authpwd \
  --without-authmysql \
  --without-authpgsql \
  --without-authshadow \
  --without-authuserdb \
  --without-authcustom \
  --without-authcram \
  --without-authpipe \
  --with-authdaemon \
  --with-redhat \
  --with-authvchkpw




Good luck.
Dave.



> I can compile courier-authlib version 0.59.2 or lower just fine with
> vpopmail
> 5.4.17 but I cannot get newer versions to compile.  I tried asking on the
> courier-imap list but they say "not our problem."
>
> Here's the errors:
>
> --
>
> authvchkpw.c: In function 'auth_vchkpw_login':
> authvchkpw.c:40: warning: empty declaration
> authvchkpw.c:43: error: expected '=', ',', ';', 'asm' or '__attribute__'
> before '{' token
> In file included from authvchkpw.c:63:
> libhmac/hmac.h:15: error: storage class specified for parameter
> 'hmac_h_rcsid'
> libhmac/hmac.h:15: error: parameter 'hmac_h_rcsid' is initialized
> libhmac/hmac.h:50: warning: empty declaration
> libhmac/hmac.h:54: error: storage class specified for parameter 'hmac_md5'
> libhmac/hmac.h:54: error: storage class specified for parameter
> 'hmac_sha1'
> libhmac/hmac.h:54: error: storage class specified for parameter
> 'hmac_sha256'
> libhmac/hmac.h:61: error: storage class specified for parameter
> 'hmac_list'
> In file included from authvchkpw.c:64:
> cramlib.h:17: warning: empty declaration
> cramlib.h:19: error: storage class specified for
> parameter 'auth_cram_callback'
> cramlib.h:26: warning: empty declaration
> authvchkpw.c:71: error: expected '=', ',', ';', 'asm' or '__attribute__'
> before '{' token
> authvchkpw.c:87: error: expected '=', ',', ';', 'asm' or '__attribute__'
> before '{' token
> authvchkpw.c:106: error: expected '=', ',', ';', 'asm' or '__attribute__'
> before '{' token
> authvchkpw.c:170: error: expected '=', ',', ';', 'asm' or '__attribute__'
> before '{' token
> authvchkpw.c:177: error: expected '=', ',', ';', 'asm' or '__attribute__'
> before '{' token
> authvchkpw.c:227: error: parameter 'authvchkpw_info' is initialized
> authvchkpw.c:229: error: 'auth_vchkpw' undeclared (first use in this
> function)
> authvchkpw.c:229: error: (Each undeclared identifier is reported only once
> authvchkpw.c:229: error: for each function it appears in.)
> authvchkpw.c:231: error: 'authvchkpwclose' undeclared (first use in this
> function)
> authvchkpw.c:232: error: 'auth_vchkpw_changepass' undeclared (first use in
> this function)
> authvchkpw.c:238: error: expected '=', ',', ';', 'asm' or '__attribute__'
> before '{' token
> authvchkpw.c:240: error: old-style parameter declarations in prototyped
> function definition
> authvchkpw.c:240: error: expected '{' at end of input
> make[2]: *** [authvchkpw.lo] Error 1
> make[2]: Leaving directory `/netsrc/courier-authlib-0.59.3.20070721'
>
> --
>
> This is NOT just for the pre-release, before anyone asks.  I tried it
> because
> they mentioned some authvchkpw fixes.
>
> --
> --
> Cheers,
> Steve
>

Re: [vchkpw] Problem compiling courier-auth 0.59.3+

[ISP Lists]

Crud, NO that is not the correct link for what I thought was the patch
source.

OK, I found it! It's in French, that's why it's kinda hard to find.  You
can run this page through Babelfish and get something readable, but the
patch originated from this page

http://christian.caleca.free.fr/qmail/courier-imap.htm

Credit due.

D.




> Some very smart person - I'm REALLY sorry I cannot easily find the link to
> give proper credit - posted this patch "out there" a few weeks ago.  I
> don't think it's become mainstream yet, but I literally just went through
> the same problem with authlib 0.59.3 and vpopmail 5.4.17.   Yes, the patch
> works; no I don't know why.
>
> the patch I used came from discussion here:
> http://www.mail-archive.com/vchkpw@inter7.com/msg24923.html
>
> I tried to google for the filename of the patch below but I think it's a
> filename I made up...  I was in a rush to get something built, so my notes
> are incomplete.  Bad dog, I know.
>
> Meanwhile, here's the patch code
> ===
> --- courier-authlib-0.59.3/authvchkpw.c 2007-04-22 20:53:30.0
> +0200
> +++ courier-authlib-0.59.3b/authvchkpw.c2007-04-25
> 17:53:58.908980669 +0200
> @@ -55,16 +55,19 @@
> return (*i->callback_func)(a, i->callback_arg);
>  }
>
>  #if HAVE_HMACLIB
>
>  #include"libhmac/hmac.h"
>  #include"cramlib.h"
>
> +static int auth_vchkpw_login(const char *service, char *authdata,
> +int (*callback_func)(struct authinfo *, void *), void
> *callback_arg);
> +
>
>  static int auth_vchkpw_cram(const char *service,
> const char *authtype, char *authdata,
> int (*callback_func)(struct authinfo *, void
> *),
> void *callback_arg)
>  {
>  struct  cram_callback_info  cci;
> ===
>
> And how I build the authlib for my system
>
> cd /usr/src/qmail
> wget
> http://superb-west.dl.sourceforge.net/sourceforge/courier/courier-authlib-0.59.3.tar.bz2
> bunzip2 courier-authlib-0.59.3.tar.bz2
> tar xf courier-authlib-0.59.3.tar
> chown -R root.root courier-authlib-0.59.3
> cd courier-authlib-0.59.3
> wget http://www.dermanagement.com/qmail/courier-0.59.3-authvchkpw.patch
> patch < courier-0.59.3-authvchkpw.patch
>
> ./configure \
>   --prefix=/usr/local/courier-authlib \
>   --without-authpam \
>   --without-authldap \
>   --without-authpwd \
>   --without-authmysql \
>   --without-authpgsql \
>   --without-authshadow \
>   --without-authuserdb \
>   --without-authcustom \
>   --without-authcram \
>   --without-authpipe \
>   --with-authdaemon \
>   --with-redhat \
>   --with-authvchkpw
>
>
>
>
> Good luck.
> Dave.
>
>
>
>> I can compile courier-authlib version 0.59.2 or lower just fine with
>> vpopmail
>> 5.4.17 but I cannot get newer versions to compile.  I tried asking on
>> the
>> courier-imap list but they say "not our problem."
>>
>> Here's the errors:
>>
>> --
>>
>> authvchkpw.c: In function 'auth_vchkpw_login':
>> authvchkpw.c:40: warning: empty declaration
>> authvchkpw.c:43: error: expected '=', ',', ';', 'asm' or '__attribute__'
>> before '{' token
>> In file included from authvchkpw.c:63:
>> libhmac/hmac.h:15: error: storage class specified for parameter
>> 'hmac_h_rcsid'
>> libhmac/hmac.h:15: error: parameter 'hmac_h_rcsid' is initialized
>> libhmac/hmac.h:50: warning: empty declaration
>> libhmac/hmac.h:54: error: storage class specified for parameter
>> 'hmac_md5'
>> libhmac/hmac.h:54: error: storage class specified for parameter
>> 'hmac_sha1'
>> libhmac/hmac.h:54: error: storage class specified for parameter
>> 'hmac_sha256'
>> libhmac/hmac.h:61: error: storage class specified for parameter
>> 'hmac_list'
>> In file included from authvchkpw.c:64:
>> cramlib.h:17: warning: empty declaration
>> cramlib.h:19: error: storage class specified for
>> parameter 'auth_cram_callback'
>> cramlib.h:26: warning: empty declaration
>> authvchkpw.c:71: error: expected '=', ',', ';', 'asm' or '__attribute__'
>> before '{' token
>> authvchkpw.c:87: error: expected '=', ',', ';', 'asm' or '__attribute__'
>> before '{' token
>> authvchkpw.c:106: error: expected '=', ',', ';', 'asm' or
>> '__attribute__'
>> before '{' token
>> authvchkpw.c:170: error: expected '=', ',', ';', 'asm' or
>> '__attribute__'
>> before '{' token
>> authvchkpw.c:177: error: expected '=', ',', ';', 'asm' or
>> '__attribute__'
>> before '{' token
>> authvchkpw.c:227: error: parameter 'authvchkpw_info' is initialized
>> authvchkpw.c:229: error: 'auth_vchkpw' undeclared (first use in this
>> function)
>> authvchkpw.c:229: error: (Each undeclared identifier is reported only
>> once
>> authvchkpw.c:229: error: for each function it appears in.)
>> authvchkpw.c:231: error: 'authvchkpwclose' undeclared (first use in this
>> function)
>> authvchkpw.c:232: error: 'auth_vchkpw_changepass' undeclared (first use
>> in
>> this function)
>> authvchkpw.c:238: error: expected '=', ',', ';',

[vchkpw] courier maildirfolder files

[ISP Lists]

I'm sorry to ask this here, but Mr Sam isn't always receptive to "mixed"
company...

Can anyone confirm these statements about the requirement/use for the
'maildirfolder' empty file in folders under a Courier IMAP 4.x
implementation?


I read this somewhere:
"Within each subdirectory there's an empty file, maildirfolder. Its
existence tells the mail delivery agent that this Maildir is a really a
folder underneath a parent Maildir"
=

Therefore, to fix a partially failed rsync during a migration, I should
use the following rules:

/Maildir/.Sent|.Drafts|.Trash/maildirfolder
is NOT correct usage

/Maildir/.MyFolder/maildirfolder
is NOT correct usage

/Maildir/.MyFolder.MySubFolder/maildirfolder
IS correct usage.

Is the presence of 'maildirfolder' in subfolders actually MANDATORY for
IMAP to function properly?

Thanks in advance!
D.



!DSPAM:474f23e732002056216681!

Re: [vchkpw] courier maildirfolder files

[ISP Lists]

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> ISP Lists wrote:
>> Therefore, to fix a partially failed rsync during a migration, I should
>> use the following rules:
>>
>> /Maildir/.Sent|.Drafts|.Trash/maildirfolder
>> is NOT correct usage
>>
>> /Maildir/.MyFolder/maildirfolder
>> is NOT correct usage
>>
>> /Maildir/.MyFolder.MySubFolder/maildirfolder
>> IS correct usage.
>
> I'm not sure what you're saying here about incorrect usage.  maildirfolder
> files must exist under any folder directory you wish Courier-IMAP to
> honor.
>
>>
>> Is the presence of 'maildirfolder' in subfolders actually MANDATORY for
>> IMAP to function properly?
>
> Not for IMAP, for Courier-IMAP.  I'm sure you knew that, but I figured I'd
> be
> a little more technical on this point for anyone else who may not have
> caught
> that.
> - --
> /*
> Matt Brookings <[EMAIL PROTECTED]>   GnuPG Key ABA26FE7
> Software developer Systems technician
> Inter7 Internet Technologies, Inc. (815)776-9465
> */
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.2.6 (GNU/Linux)
> Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org
>
> iD8DBQFHTzBeYaj0Mauib+cRAhsDAJ0TYcF6vqbndnV5Pe+nIsIC1CthCgCgmkrN
> xE/PM6o3fJZTkthW6gFHtr4=
> =E+3Q
> -END PGP SIGNATURE-
>

Matt, thanks for your post, the answer surprises me.  Is there a resource
you can recommend?  I hadn't anticipated that 'maildirfolder' is a
requirement for all folders; by inspection, my existing vpopmail/courier
kit seems to run fine with very few 'maildirfolder' files that don't seem
to conform to any particular methodology/rule.  Thus the basis for my
confusion.
Again, I really appreciate the help!
Dave.




!DSPAM:474f442732002376413044!

[vchkpw] OT: Webmail trends for vpopmail/qmail/IMAP

[ISP Lists]

Off-topic, perhaps respond off-list?

What are the hot applications in F/OSS webmail that start to move towards
AJAX  clients (yahoo! mail beta, gmail) that might function well on a
vpopmail/qmail/IMAP infrastructure?  I looked at Sourceforge and didn't
see much that would leap past squirrelmail.



!DSPAM:477d4215310543745219514!

Re: [vchkpw] OT: Webmail trends for vpopmail/qmail/IMAP

[ISP Lists]

> ISP Lists wrote:
>> Off-topic, perhaps respond off-list?
>>
>> What are the hot applications in F/OSS webmail that start to move
>> towards
>> AJAX  clients (yahoo! mail beta, gmail) that might function well on a
>> vpopmail/qmail/IMAP infrastructure?  I looked at Sourceforge and didn't
>> see much that would leap past squirrelmail.
>>
>
> We use RoundCube in addition to Squirell.
>
> http://roundcube.net/
>
> Regards,
>
> Rick
>
>
> 
>
>

Thanks Rick, good stuff!  Any other ideas are most appreciated.


!DSPAM:477d4fd9310541599016348!

[vchkpw] OT: Which RBLsmtpd lookups are you using?

[ISP Lists]

Which RBLsmtpd references are you using in your smtpd listeners and why?
(example sbl-xbl.spamhaus.org in /var/qmail/supervise/qmail-smtp/run)


!DSPAM:47a1f0e1310547134712337!

Re: [vchkpw] OT: Which RBLsmtpd lookups are you using?

[ISP Lists]

> Adi Pircalabu wrote:
>> On Fri, 01 Feb 2008 07:33:53 +1000 Quey wrote:
>>
>>
>>> dnsbl.sorbs.net
>>> bl.spamcop.net
>>>
>>
>> Don't use these to reject connections at SMTP level, they give many
>> false-positives. Eventually use them only after queueing, and only to
>> increase the spam score.
>> zen.spamhaus.org and list.dsbl.org, au contraire, are much better
>> choices for rblsmtpd.
>>
>> My 0,02RON
>>
>>
> each to our own, I dont consider they give many false positives at all,
> not in this part of the world, but of course it may be different for
> where you are,  however even with the acceptable FP's they *may* give,
> the massive reduction in spam makes it completely worth it.
> The more they hit there, the less work MailScanner has to do, it can use
> system resources just to scan for viruses and phishing and of course
> whatever spam it detects that get past the RBL's  :-)
>
> A good thing to do as well  which also dramatically reduces spam, is
> enforce DNS forward and reverse, if someone can't be bothered making
> sure their mail server is RFC compliant, then I am under no obligation
> to allow my servers to accept connections from them.
>
>
>
> 
>
>

My thanks to everyone who contributed!  I'm on zen.spamhaus.org now! 
Noticed at least some increase in stopped connections at smtpd!  A good
thing, in my review.  I'll research FPs for downside.  Thanks!




!DSPAM:47a381a0310549759113929!

Re: [vchkpw] Distribute Qmail + Vpopmail bundle

[ISP Lists]

> Joshua Megerman wrote:
>> On Saturday 23 February 2008 01:55:14 pm Nick Bright wrote:
>>> While the qmail sources are available, it is not GPL. It's my
>>> understanding that the way qmail is licensed specifically forbids
>>> repackaging.
>>>
>> Um, no.  As the original poster stated qmail is now in the public
>> domain,
>> which means there is not only no restrictions to its distribution,
>> there's
>> not even any license anymore.
>
> Well, that is excellent. I was not aware that it had been placed into
> the public domain.
>
> Perhaps now someone could get a project together with some traction to
> integrate all of the best patches into qmail and make a technologically
> recent package that doesn't have to have 15 patches applied to get
> anything resembling a recent feature set.


Are you aware of the netqmail project or Bill Shupp's qmail toaster project?
Easily googled if you weren't.

>
> I for one would love to see inter7 take the lead on such a project, as
> they have a proven track record and as far as I can tell, know qmail
> quite well.
>
>>
>> And please try not to top-post :)
>
> I'll never understand why people don't like top posting. I find it
> easier to read, but lets not get OT on this; I'm sure it's been argued
> about before.
>
>>
>> Josh
>
> 
>
>



!DSPAM:47c4001f31054114656!

[vchkpw] How to route local delivery through a separate SMTP spam scanner

[ISP Lists]

A customer has challenged whether this can be done...

Anti-SPAM appliances "A", "B", and "C" are available on an internal LAN
via DNS round-robin through SMTP at "appliance.example.com"

VPOPMAIL server "D" is on the same LAN.

Customer has had a few local accounts that had their password guessed and
spammers sent spam through webmail.

S

We're considering doing something inline to the delivery process that
would 1) accept the authenticated user's email for remote/local delivery,
2) force that delivery off of box "D" to "A-C" over SMTP in ALL cases (not
just remote), 3) Scan on "A-C", 4) return the inbound (local) mail back to
"D" for further delivery to the locals.

I realize this is pretty insane, but the customer isn't excited about
adding a local spam daemon to "D" and would like to leverage the
investment in the appliances "A-C" to control for local delivery abuses. 
The appliances are doing a nice job on SMTP scanning, but the vendor says
that their appliance does not have a "port listener" (like a spamd daemon)
that could answer a stream request - thus only SMTP will do.

Ideas?  THANKS!  Dave.


!DSPAM:48223e3e120508248733278!

RE: [vchkpw] How to route local delivery through a separate SMTP spam scanner

[ISP Lists]

/me  Very cool!  Thanks for the idea on options!

>
> It can be done quite easily.
>
>
> Two options:
>
>
> Preferred:
>
> Configure webmail to send messages directly to the appliances.
>
>
>
> Alternatively:
>
> Install a dumb SMTP mailer on "D" that listens on a port other than 25.
> Configure that dumb-mailer to forward all mail to the appliances.
> Configure
> webmail to send messages to the dumb mailer's listening port.
>
>
> webmail -SMTP-> "D" dumb-mailer listening on tcp:125(example) -SMTP->
> appliances via static SMTP route -SMTP-> back to "D" tcp:25 via static
> SMTP
> route for local deliveries
>
>
>
>
>
> -Original Message-
> From: ISP Lists [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, May 07, 2008 4:41 PM
> To: vchkpw@inter7.com
> Subject: [vchkpw] How to route local delivery through a separate SMTP spam
> scanner
>
> A customer has challenged whether this can be done...
>
> Anti-SPAM appliances "A", "B", and "C" are available on an internal LAN
> via DNS round-robin through SMTP at "appliance.example.com"
>
> VPOPMAIL server "D" is on the same LAN.
>
> Customer has had a few local accounts that had their password guessed and
> spammers sent spam through webmail.
>
> S
>
> We're considering doing something inline to the delivery process that
> would 1) accept the authenticated user's email for remote/local delivery,
> 2) force that delivery off of box "D" to "A-C" over SMTP in ALL cases (not
> just remote), 3) Scan on "A-C", 4) return the inbound (local) mail back to
> "D" for further delivery to the locals.
>
> I realize this is pretty insane, but the customer isn't excited about
> adding a local spam daemon to "D" and would like to leverage the
> investment in the appliances "A-C" to control for local delivery abuses.
> The appliances are doing a nice job on SMTP scanning, but the vendor says
> that their appliance does not have a "port listener" (like a spamd daemon)
> that could answer a stream request - thus only SMTP will do.
>
> Ideas?  THANKS!  Dave.
>
>
>
>
>
> 
>
>



!DSPAM:48225a58120502068847775!

Re: [vchkpw] vpopmail development

[ISP Lists]

> On Fri, 2009-01-09 at 08:57 -0600, Matt Brookings wrote:
>> This would not work because users can be deleted out of the hash tree
>> anywhere.  It appears your patch assumes a FILO ordering of user
>> additions
>> and deletions.
> I have not been able to explain properly. It would be FIFO.
>
>> If the hashes, 'a' through 'd' existed, and the 'b' hash directory
>> cleared
>> out, your method would fail to backfill correctly.
> Let's take an example
> suppose
> there are 100 users (with 100 directories) in /var/vpopmail/domains
> there are 100 users (with 100 directories) in /var/vpopmail/domains/0
> there are 100 users (with 100 directories) in /var/vpopmail/domains/1
> there are 100 users (with 100 directories) in /var/vpopmail/domains/2
> there are 50  users (with  50 direcotires) in /var/vpopmail/domains/3
>
> Now let say I delete a user who has a directory
> in /var/vpopmail/domains/1
> The backfill code will put the entry '1' in the first line in the file
> dir_control_free.
> Also let us say that we delete two users in /var/vpopmail/domains/2
> The backfill code in vdeluser will put entry '2' twice in the file
> dir_control_free
>
> So after deleting 3 users, the file dir_control_free will have 3 lines
> 1
> 2
> 2
>
>
> So now we have 99 users in /var/vpopmail/domains/1
> andwe have 98 users in /var/vpopmail/domains/2
>
> Now the modified vadduser will call a function called backfill() which
> will open this file, lock the file and pickup the first line, delete the
> line and return the value as user_hash
>
> #ifdef USERS_BIG_DIR
>   /* go into a user hash dir if required */
>   if (!(user_hash = backfill(domain)))
>   {
>   open_big_dir(domain, uid, gid);
>   user_hash = next_big_dir(uid, gid);
>   close_big_dir(domain, uid, gid);
>   chdir(user_hash);
>   }
> #endif
>
> Each time the function backfill() is called it will deplete the file
> dir_control_free by one line and will always return the first line as
> the user_hash. When all lines get depleted, backfill() will return NULL
> in which case the regular dir_control will again come into effect and
> start from where it had left earlier.
>
> The advantage of this method is that you can use the find command to
> generate the missing directories in dir_control_free to catch up with
> the actual dir_control.
>
> Another way to explain this is that when backfill is in operation,
> dir_control stops working and when backfill() gets depleted and stops
> working, dir_control starts working
>
>
> 
>
>

Can someone please provide a brief discussion as to when a vpopmail hashed
folder tree becomes "big enough" to warrant backfilling?  Or, is "big"
just one concern amongst others such as: "rate of deletes and adds",
"filesystem choice"...
I'm not quite picking up why the backfill is important.



!DSPAM:496b3c1332671349816825!

[vchkpw] chkuser 2.0b - somes false positives

[ISP Lists]

A system that's been running with 9000 users is now experiencing
intermittent false positives when checking for invalid recipients.  It's
allowing invalid recipients "sometimes".  I cannot find a pattern.

Any guess on areas that might be culprits?  Does chkuser have a default
"permit" behavior if it cannot reach IMAP or Sql?  Not sure if there's a
resource issue on the machine yet.

Mysql backend, linux, courier imap, vpopmail 5.4.17, chkuser 2.08b

Thanks.


!DSPAM:497e28c432685692751208!

Re: [vchkpw] Courier support

[ISP Lists]

Where's the best documentation to migrate off of Courier?
I presume Dovecot is the favored IMAP now for Vpopmail?
Any known issues in making this switch?

> Matt Brookings wrote:
>> My question is this: Courier-IMAP has dropped us, should we drop
Courier-IMAP?
>
> Most definitely Yes!
>
> 
>
>





!DSPAM:49ba554232689351814391!