Charles Sprickman writes:
> On Tue, 4 Nov 2003, Paul L. Allen wrote:
> > Sqwebmail's filters do this and more. You don't have to use Sqwebmail
> > for them to take effect, only to define them
>
> Hmmm. I hate the look of that thing,
The cosmetics can be chang
Charles Sprickman writes:
> > I'm finding that autorespond doesn't look like a good choice for people
> > used to a standard vacation responder
It is a BAD choice for a vacation responder. It lacks many features
ESSENTIAL in a vacation responder. You might as well ask if sticking
your naughty
Nick Harring writes:
> That's funny, it looked a lot like signal to me.
Not only did I refer you to a seminal work by Claude Shannon from the
late 1940s, I gave you a summary of the salient details - yet you fail to
understand. A new subscriber to this list who has not checked the
archives, or
X-Istence writes:
> He cant do MD 5 auths, or does vchkpw allow for MD5 auth logins?
If my unreliable memory is not letting me down, it can do CRAM-MD5 if you
have plaintext passwords set. For some versions of vpopmail.
--
Paul Allen
Softflare Support
Reinis Rozitis writes:
> To be sure in that way if dont provide previously used salt (in the user
> passwords which havent been added using 'vadduser') in crypt will the
> authorization through pop work?
>
> Theoretically salt is the first 2 symbols, but will vpopmail (vchkpsw)
> understand/use
Nick Harring writes:
> Storing cleartext passwords is generally horrible security, so this and
> that don't really relate to each other.
Except to the extent that vpopmail now supports cleartext passwords
(I have a vague memory they're needed for CRAM authentication)
> I whole heartedly agree.
Roze writes:
> The idea is such: There is an existing user database which I have to move
> to a mailsystem (qmail + vpopmail + mysql). All the passwords are
> encypted (no way to get plain-text) (with standart CRYPT) though there
> is also SALT provided which is 2 first symbols from username.
I'm going to try to answer both you and Tom at the same time. One of
the few times I didn't bother checking mail at least once after finishing
on Friday night and I have over 300 waiting for me on Monday morning.
Nick Harring writes:
> Tom Collins wrote:
> > For generating a salt, I think we're
X-Istence writes:
> I agree, that is totally not right. If he thinks he has something great,
> let him tell others, it has been quite usefull for quite a few people
> that asked me for help.
Claude Shannon. Information Theory. Entropy. Do these things
mean anything to you?
Well, if those t
Oliver Etzel - GoodnGo.COM \(R\) writes:
> Oh my god, that is what I was looking for!
There is a lesson to be learned. Next time, tell us where your immediate
problem stands in the overall scheme of things. Something like "I'm
trying to add a user from perl by inserting them into the MySQL dat
Nick Harring writes:
> This isn't actually true. Mysql provides an encrypt() function, which
> takes two strings, the password and the salt.
You learn something every day. I'd not enountered that function before.
> On linux, and I would guess *BSD as well, when you supply $1$ as the
> start of
Oliver Etzel - GoodnGo.COM \(R\) writes:
> Paul: The reason why I do NOT want vadduser or any commandline tool is
> that I want to write a perl script which automatize user generation.
>
> Cool would would be If one could run:
> vadduser $variable_password
> or something like this in
> Perl or P
John Johnson writes:
> He can also enable the learn password option in vpopmail, I think
> this would be an easy way to deal with it myself.
It's hard to tell since he didn't say why he wanted to do it in the
first place. The problems with the learn password option are that there
is a window o
Hans Rakers writes:
> Quick question: Using qmail/vpopmail, how can i make mail for things
> like [EMAIL PROTECTED] or [EMAIL PROTECTED] go to
> one single maildir/account/alias for all my virtual doms, without having
> to create .qmail-abuse and .qmail-hostmaster files for all my virtual
> d
Oliver Etzel - GoodnGo.COM \(R\) writes:
> I want to create new users like [EMAIL PROTECTED] NOT with vadduser
> BUT with just inserting it via mysql-insert into the vpopmail
> database.
OK, you have now explained what you want to use instead. Somebody else
pointed out that the maildir will be
Oliver Etzel - GoodnGo.COM \(R\) writes:
> I want to create new users like [EMAIL PROTECTED] NOT with vadduser
Why would you not want to use vadduser?
> BUT with just .
With just what?
> Any hints,
> how I can generate the encrypted password in the column pw_passwd
> (looks like this $1$S/TP
Justin Heesemann writes:
> i don't now if you are using php or anything like that, but most
> languages support some kind of crypt() call.
It is debatable what level of entropy is required for the salt when
generating a password for vpopmail use.
If you want maximum security, and already requi
John McGivern writes:
> Could anyone point me to a document that would outline how to migrate
> all of the accounts and virtual domains from one server to another?
> I already have the server all set up with the same stuff, I just need
> to get the domains and accounts over.
Rsync is your friend
Michael Bowe writes:
> To auth a username/password, Courier-IMAP takes the supplied username
> and runs vpopmail's vauth_getpw() to retrieve the user's passwd entry.
>
> Courier-IMAP then crypts the supplied password and compares this against
> the (crypted) pw entry supplied by vauth_getpw()
J. Kendzorra writes:
> Not really your fault - ./configure --help shows:
> --enable-tcpserver-file=~vpopmail/etc/tcp.smtp File where tcpserver -x
> relay information is stored.
I remember being bitten by this one, long ago.
> I already sent mail to someone some time before (don't remember an
Michael Bowe writes:
> As far as I know, Courier-IMAP uses it's own functions to auth the
> password,
Yes and no. Courier-IMAP and the Courier POP3 server do have their
own authentication routines which are effectively wrappers calling
whatever authentication method you actually use. So if you
Eduardo P. Román O. writes:
> Hi, i need to do an autorespond but in HTML, qmailadmin now can do
> autorespond with text mail only (i think).
Be warned, this is an autoresponder designed to respond to ANYTHING
(well, it has some checks against responding to mailing lists and the
like). It is th
W.D. McKinney writes:
[...]
> Error: Domain does not exist
[...]
> Error: Domain already exists
Vpopmail does not gracefully deal with inconsistencies in various files
and directory structures. In my opinion, vdeldomain should remove all
traces of a domain before complaining of any inconsistenc
Jeff Koch writes:
> Is there any way to use the commands in /home/vpopmail/bin to setup domain
> catch-all accounts?
When I was stuck with this problem quite a while ago I just wrote a bit of
perl to do the job for me. As others suggested in another thread, it was
smart enough to ask for dom
Feucht, Florian writes:
> > Perhaps he did, but "locked out CONNECTIONS from that IP for 10
> > minutes" reads differently to me. If Tom had meant what you said, then
> > I would have expected something like "locked out authentication attempts
> > from that username/IP pair for 10 minutes."
>
Jesus Ruiz writes:
> The problem is that my clients don't want to lose the email they save in
> the old server. When we change they account to the new server.
>
> Any suggestion?
Copy the existing mail over. Rsync is your friend...
--
Paul Allen
Softflare Support
X-Istence writes:
> Paul L. Allen wrote:
>
> >Tom Collins writes:
> >
> >
> >
> >>What if the system tracked it by IP, and after three failures locked
> >>out connections from that IP for 10 minutes?
[...]
> He meant log it on an acc
Tom Collins writes:
> What if the system tracked it by IP, and after three failures locked
> out connections from that IP for 10 minutes?
That has problems for companies behind a firewall which use external mail
servers (we have several clients in that situation). All it takes is one
person to
Feucht, Florian writes:
> My idea is to store this information per user, so the others keep
> unaffected from locked mailboxes.
>
> Another Possibility is to lock the account only for an specific amount
> of time (lets say 10 minutes) after 3 password fails. So if somebody
> tries some hardcore
Hello Red Herring
Nick Harring writes:
> This whole argument is ridiculous.
Correct. So far I havw seen only one person post a sensible response,
You are NOT that person...
> The correctness of design doesn't really rely on what some random users
> first guess of how it should work would be,
Tom Collins writes:
> We essentially need a way to tell autorespond that it's acting as a
> vacation responder, or an auto responder.
>From the last time I looked at it, autorespond just doesn't have the
smarts necessary. It is designed to respoond to any incoming mail,
no matter what. And fo
Erik Bourget writes:
> You know, intense as this whole argument is, the fact remains that DWIM
> is no substitute for proper documentation.
Let's see, the documentation says vaddaliasdomain original alias.
If you do what the documentation says, it works. If you reverse the
arguments, it still w
Feucht, Florian writes:
> is this problem unsolvable, or did i say something wrong?
Doing it the way you suggest, counting failures, means remembering state
somewhere, somehow. If you have a lot of idiot users, this state could
become very large and slow. Also there are two possible denial of
Hi Anders
Anders Brander writes:
> Hummm Or something like:
> "... the two domains to be aliased ..." - without saying which is which,
> for the user it doesn't matter much.
Oh Anders, I need rigidly defined areas of doubt and uncertainty! It's
because I'm a boring old fart that I desperate
X-Istence writes:
>
> This is my patch, it doesnt allow for both types, but does what you want
> :).
It does do what I want, and if that were my only concern I have other
solutions that I could use. I would like both options to be available so
that those who have one preference can get exactl
Hi Anders
Anders Brander writes:
> I think we should just ignore the "old" way of calling vaddaliasdomain
> in the usage message, in that way new users will adobt the "new" way of
> doing things.
Ummm, that implies that one way is more "correct" than the other. I do
not believe that to be the
Anders Brander writes:
> A bit odd to document,
Damn right. I still haven't figured out a sensible usage message.
> but otherwise a fabulous idea.
Bad Anders. Bad, bad, Anders. Letting people do what they find
easiest is BAD. Ask the people who criticised me for suggesting it.
> Pleas
Toasterz Admin writes:
> Paul L. Allen wrote:
>
> >Toasterz Admin writes:
> >Actually, you're wrong.
> >
> how could i be wrong just because you say it's so.
What a wonderfully compelling argument. How could you possibly be
wrong just because I say so?
JB writes:
> A one line bash script, which I provided
Sorrry, I did not see your attachment in any of your posts. Please
repost it so that we all can benefit and the vpopmail maintainers can
distribute your wonderful script (if they think it is a sensible
solution).
> will do the job for Milli
[EMAIL PROTECTED] writes:
> Gotta give this Paul guy a round of applause.
Indeed. I know you meant that ironically, but I understand your
misperceptions.
> I have never seen anyone who uses his sheer incompetency as a brutal
> attack weapon. Have you ?
Many, many times when I have dealt wit
You don't read so good, do you?
JB writes:
> Write a shell script that takes the arguments in the order you want and
> pass them to vaddaliasdomain in the order expected,
I already explained that while I am more than capable of coming up with
that idea and implementing it all by myself, that s
[EMAIL PROTECTED] writes:
> If you do this often enough, why not just write a simple little shell
> script to accomplish this:
I'm way ahead of you. It asks for the main domain, the postmaster password
and prompts for alias domains (finishing if nothing is entered for an
alias. Then it sets t
A feature request for vaddaliasdomin. I would like a configure option
(best) or a command-line switch (not so good) that reverses the order of
the two arguments. I'd like it for two reasons:
1) It is then the same order as for ln (original, alias) so easier to
remember if they're that way
David McMahon writes:
> What's the best way to set up a combo local and vpopmail
> system?
One way is to make it entirely virtual. The downside is that your local
users have to configure their mail clients to use [EMAIL PROTECTED] instead
of
just username. The upside is that it's consistent; i
Tim Hasson writes:
> I am developing a web based interface on it using php/mysql
[...]
> My worst fear is of a exploit like the recent SSL v2 vulnerability
> where an unautheticated user, or an anonymous user, could just simply
> exploit the apache process, and use it as a step stone.
You're w
Jeremy Kitchen writes:
> However, qmailadmin also uses this for its 'vacation replies'
Yes, the newer versions do. When I move it to our production servers
the HTML will be hacked to ensure that our users cannot misuse the
autoresponder in this way.
> So, there's the dilemma, it appears that o
Charles Sprickman writes:
> They probably would have gotten an answer had they shown the perms on
> their ~vpopmail/bin directory and their ~vpopmail/domains/*/* directories.
Giving information like that always helps. :)
> I think "polite" in this case referred to the "I installed it correctly
Hi Derek
[Replied to on the list because I think it marginally relevant[
Derek writes:
> And, just for future reference, people may be a little more willing to
> help you if you're a little more polite with your postings.
OK, "polite" is eomething I associate with saying "Hi Derek" at the star
Hi Anders
Anders Brander writes:
> Extra security? I've always hated the vpopmail model, "all users are one
> user"
It has advantages and disavantages. It means that vpopmail runs under
a dedicated user and group without (at the moment) any need for set-id.
IMAP and POP servers do need setuid
Hi Anders
Anders Brander writes:
> IMHO it's the correct (tm) way to do things. It's not just a fiddle,
> it's the best solution. I would say that the setuid-thing is a fiddle.
I think which way you regard as a fiddle depends very much upon what you
do on your system.
> I think we confused ea
Anders Brander writes:
> > It could get rather unwieldy if you use MySQL for other things.
>
> Why?
Just a gut feeling that if you have many MySQL users for one purpose
and many more MySQL users who are there purely as a fiddle to allow
vpopmail to work then it could make life difficult to dist
Anders Brander writes:
> If you add a special group to every user you are back where you started.
I didn't say it was a good solution. I said it was a solution. Compared
to that, a lot of the alternatives look good.
> I can't see what's wrong with a mysql user per system user. That would
> be
Tom Collins writes:
> This is an interesting point and I'd love to find a clean solution to
> this issue.
I don't think you'll find a clean solution which doesn't involve set-id.
All the others are messy to administer, like a MySQL username per system
user or adding a special group to every use
VeNoMouS writes:
> in short, YES, because how is it related to what any one here reads,
I'm someone here. I'm reading your latest post. Surely, by your own
standards, I have a right to reply to it.
> as far as ive seen this has been a post a q and answer forum,
For six months it was a q and
VeNoMouS writes:
[A load of crap]
So you quote the WHOLE of my mail to lecture me about wasting bandwidth
and brainwidth in the mailing list and post it to the mailing list.
Please find a dictionary and look up the meaning of the folliwing words:
"hypocrite" and "moron."
--
Paul Allen
Softfla
Hello Rick
Rick Macdougall writes:
> I think Tom and Ken have resolved their issues off list
So it appears. Ken has not resolved my issue with his involvement with
vpopmail.
> and we
We??? Do you claim to speak for everyone on the list? Surely not
because at best you can speak for everyone
Robert Kropiewnicki writes:
> I've spoken definitively to no such thing. What Ken Jones will do now
> that he has been granted admin access (bravo Tom!) is not at the core of
> my argument. My argument is that he has done enough in the past for
> vpopmail development to warrant his inclusion as
Robert Kropiewnicki writes:
> Do you work for Inter7? Can you speak definitively to the fact that
> they've shelved vpopmail for good on their end? No, you can't.
And can you speak definitively to say that they haven't? Despite Ken's
sudden re-appearance here, can you positively, definitely s
Ken Jones writes:
> Since I have been working on vpopmail almost every day
> for the last 5 years (including most weekends), it is very
> difficult for me to hear people saying I have not done enough
> lately. Even during these last 6 months where we have not
> made a new devel release
If I had
Mike Miller writes:
> I believe what you say (that if I enable MD5 passwords, then it will work
> for both),
I didn't say that. I said that if vpopmail were written correctly then
it would work for both.
> There should really be a note that it will accept existing crypt
> passwords but store
Mike Miller writes:
> Any way to convert an entire large site of cdb files (probably
> 150 domains) into MD5? Actually coverting is the wrong word [since you
> can't do that unless there is clear text passwords], but rather to have it
> choose between both MD5 and CRYPT passwords (based on le
Mike Miller writes:
> Okay, but should it be _allowing_ this as a password or don't you think
> that it should reject it?
I think that it is behaving at it is documented to behave and that your
expectations are wrong.
> There is a very big difference between 'webmaste' and 'webmaster23445'
> i
Mike Miller writes:
> Nope. Not using MD5 passwords.
That would explain it then. As Tom said, DES-style crypt ignores
everything
after the first eight characters of the password. MD5-style crypt has a
higher limit, from memory I believe it's something like 126.
--
Paul Allen
Softflare Supp
Chris Pugh writes:
> If this statement is true then make impartiality the
> byword. Total admin control over the project should be
> given neither to Tom nor Ken, but to an independent
> indiviual, a moderator, not necessarily someone with a
> vested interest in the vpopmail project.
But somebod
dalmata writes:
> No need to use bad words.
Those words expressed my feelings exactly; other words would not.
> That is a personal attack
Correct. As were her comments about Tom. Her attack was more subtle
but it was still a personal attack. I consider her attack to be worse
than mine preci
Ms. Catherine Kouzmanoff writes:
> It is a time to call together everyone on this list to insist that Tom
> Collins add Ken Jones or another representative from Inter7.
I've been using vpopmail for a few years now and didn't really care who
was in control as long as somebody was. When I saw
Tom Collins writes:
> A small group of developers is actively maintaining it there.
It would be nice to know what some of the more dangerous-sounding programs
in ~vpopmail/bin do without running them without giving a -? option and
hoping that it will be treated as an invalid option and therefore
[EMAIL PROTECTED] writes:
> The approach of tarpitting is to slow down the attacker without impacting
> your network or requiring additional resources on your end to deal with
> the cracker.
That is the ideal. The ideal is unachievable.
> I *think* it does this by analyzing the volume of incom
Tom Collins writes:
> I'd love to hear from someone who's tried with a recent version, and
> whether it worked or failed (and if it did fail, where/how did it fail).
I tried it with 5.3.24 and authdaemon authentication worked fine. I
then had to switch to 5.3.26 because of a bug in 5.3.24 and
Casey Zacek writes:
> Basically, I'm looking for any pointers for getting vpopmail,
> maildrop, and sqwebmail working together nicely.
Since it's been a long time since you've looked at it, you will probably
be surprised to learn that sqwebmail now supports the generation of
maildrop filter file
Hello Peter
Peter Palmreuther writes:
> > I know a lot of users who are paranoid about giving their passwords
> > out to anyone.
>
> But obviously not paranoid enough to use non-plain-text authentication
> like APOP, which would make it impossible to learn the password *head
> shaking*.
And no
Andrej Dragicevic writes:
> Here is a sample.
>
> $pwd = "\$1\$LObTh\$LcOWUS4U6glAr2vB4oycr0"; // this is the vpopmail
> password
> $decrypted = "test";
>
> if ( crypt($decrypted, "\$1\$LObTh\$") == $pwd)
> echo "success!";
> else
> echo "failure!";
> ?>
That approach works but
Tom Predmore writes:
> Wouldn't 5.2.2 be better to use rather then 5.3.24?
It depends upon how many risks you want to take and how much you
need stuff that's in the 5.3 line but not in 5.2.2.
Sadly, the inter7 link to development versions led me to 5.3.23 and
not 5.3.24. I did have a vag
I upgraded from 5.2.1 to 5.3.23 recently to get a fix for the bug in vchkpw
that stopped the authdaemond authentication working. I found that vadduser
has a segmentation fault when I try to add a user (no switchs used). By
not giving the password as a parameter I find that it waits until I press
Hi nik
nik [tm] writes:
> I am sure you have heard this one before,
Yes, but only recently.
> I have the problem where once you login to imp (with IMAP) with more
> than 5 characters long user part of the email, then all the shorter
> usernames cannot login (until I restart the services)
Th
Hi
jon kutassy writes:
> I took the windoze approach and restarted mysql, and its all working
> fine!!
Which has the same effect as the suggestion in an earlier reply:
flush privileges, but results in a longer outage of mysql. An
alternative to doing "flush privileges" from the mysql client
Mailing Lists writes:
> Hi folks, need an help.
> I set up my qmail-vpopmail system to filter mail via maildrop. So i put
> this two lines in my .qmail-default file
>
> | /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox
> | /usr/bin/maildropmailfilter
>
[...]
> Obviously, removing the fir
Benjamin Tomhave writes:
> .qmail-default in the sofast.net domain root -- it's the standard call of
> maildrop ../mailfilter within that file.
Do you have just maildrop or /usr/local/bin/maildrop? That might
not be on vpopmail's path. Is /usr/local/bin/maildrop actually there?
If you cd into
Hi Benjamin
Benjamin Tomhave writes:
> (Cross-posting to vchkpw and qmailadmin mailing lists.)
>
> I'm currently running qmailadmin 1.0.25 and vpopmail 5.3.20 (been waiting
> for a 5.4 release). When users login to qmailadmin with their personal,
> non-postmaster accounts and create a forward,
Hi Ron
Ron Guerin writes:
> There will probably always be gems in the archives that appear nowhere
> else. But "search the archives" should only be the answer for very
> recent, or very obscure things that have yet to find their way into the
> documentation. Archives should supplement document
Ron Guerin writes:
> I don't think spending an evening wandering around Google and hitting
> dead links is a substitute for proper documentation.
I would agree there - googling is very much a last resort. And the
whole point of open source is that we all put back in whatever way we
can, so a co
Hi
I'm trying to figure out how to get the new filter functionality in
sqwemail (I have 3.5.3) working with vpopmail 5.3.23 (which I'm just
about to install because I was using 5.2.1 until I found the authentication
bug affecting courier-imap).
I've searched mailing list archives, dug around on
Adam Hooper writes:
[FAQs]
> But nobody wants to maintain it! I sure as hell don't, I find it
> infuriating. None of the 5 other admins can be bothered with it either.
> Users STILL use the faq all the time, with 6-month-old data, but nobody
> wants to bother keeping it up to date, because it
83 matches
Mail list logo
