Re: [vchkpw] Using qmail-smtp-auth with vchkpw

[Kit Halsted]

At 3:36 PM +0000 3/10/04, Roger Lipscombe wrote:
Hi,

I'm installing vpopmail on a new system, and I've got a question about SMTP
AUTH.  I want to allow selective relaying, and I can't use SMTP-after-POP
(and frankly, it strikes me as a hack, anyway).
It's pretty hackish, but better than nothing. I've always hated it, 
as Eudora is my MUA of choice & Eudora likes to send before checking. 
I am REALLY happy to have SMTP-AUTH finally working! Thanks again to 
everyone who got it there!

I'm using the qmail-smtp-auth patch listed here:
http://www.qmail.org/netqmail/
Aaargh! Terminal just quit on me! I can't remember whether I'm using 
Bill Shupp's patch or the straight 0.4.2 patch, but they should be 
the same from the SMTP-AUTH perspective.

I've installed qmail according to LWQ, which means that my qmail-smtpd
service runs as qmaild.nofiles which, in turn, means that vchkpw cannot
access the /home/vpopmail/domains directory.  My
/var/qmail/supervise/qmail-smtpd/run file is attached below.
Mine's there now instead.

Now, I've fixed it by making vchkpw setuid/setgid, as follows:

# chmod u+s /home/vpopmail/bin/vchkpw
# chmod g+s /home/vpopmail/bin/vchkpw
My question: is this the right thing to do?
I don't think so.

Is there a better way to do this?
AFAIK, you must run qmail-smtpd as the vpopmail user, see below for 
what works for me.

HTH,
-Kit
athena:kit {32} less /var/qmail/supervise/qmail-smtpd/run



#!/bin/sh

# QMAILDUID=`id -u qmaild`
# NOFILESGID=`id -g qmaild`
VPOPUID=`id -u vpopmail`
VPOPGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$VPOPUID" -o -z "$VPOPGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
    echo VPOPUID, VPOPGID, MAXSMTPD, or LOCAL is unset in
    echo /var/qmail/supervise/qmail-smtpd/run
    exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
    echo "No /var/qmail/control/rcpthosts!"
    echo "Refusing to start SMTP listener because it'll create an open relay"
    exit 1
fi
exec /usr/local/bin/softlimit -m 20000000 \
    /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x 
/home/vpopmail/etc/tcp.smtp.cd
b -c "$MAXSMTPD" \
        -u "$VPOPUID" -g "$VPOPGID" 0 smtp \
        /var/qmail/bin/qmail-smtpd  /home/vpopmail/bin/vchkpw 
/usr/bin/true 2>&1
(END)

--
"They that can give up essential liberty to obtain a little temporary 
safety deserve neither liberty nor safety."  -Benjamin Franklin

"...qui desiderat pacem, praeparet bellum"
(...if you would have peace, be prepared for war)  -Flavius Vegetius Renatus