Just for the fun of it; If I was to, (in this lifetime) get tls/auth to work with chkuser, what/who's tls and auth code should i use? Since jms obvious dont need to make he's patches compatible since he's got the needed stuff for himself in validrcptto, i was hoping someone knew what works or not. I stand corrected about the hole auth and no tls security breach jms pointed out. If you want auth you should use tls i guess.
Thanks, /Aleks On 9/22/05, John Simpson <[EMAIL PROTECTED]> wrote: > On 2005-09-21, at 0623, tonix (Antonio Nati) wrote: > > > > > Why are you running it with -u $QMAILDUID ? > > > > You should run it as vpopmail, excluding any uidswitching (if you > > enabled uidswitching within chkuser_settings.h, comment it). > > > > Cert must be owned by vpopmail as well. > > qmail is, and has always been, designed to have qmail-smtpd run as > qmaild. the only reason to make it run as the vpopmail user is so > that you can us "vchkpw" to support AUTH, and the solution there is > to make the "vchkpw" binary setuid so it always runs as the vpopmail > user. > > the servercert.pem file should be owned by root and readable to the > group "nofiles" (which is the group qmaild belongs to.) the > clientcert.pem file (if you have one) should also be owned by root, > but readable to the group "qmail". > > -------------------------------------------------- > | John M. Simpson - KG4ZOW - Programmer At Large | > | http://www.jms1.net/ <[EMAIL PROTECTED]> | > -------------------------------------------------- > | Mac OS X proves that it's easier to make UNIX | > | pretty than it is to make Windows secure. | > -------------------------------------------------- > > > > >
