[vchkpw] My excuses -- Multiple bounces for the same message

[X-Istence]

Hello,
This weekend i have been having an issue with one of the MTA's that is 
a backup MX for my domain, it seems to have bounced every message 
addressed to me, more than once. I would like to apologize for the 
bounces you may have gotten to message you have posted to this list.

J-W Regeer.

smime.p7s
Description: S/MIME cryptographic signature

Re: [vchkpw] vpopmail don't see users logging

[X-Istence]

On Jan 25, 2005, at 1:37 AM, nathanaël wrote:
Hello,
Please to be here...
I've a standard Qmail installation - with QMR - and vpopmail as a 
popper.
I've a domain and when I try to log with a [EMAIL PROTECTED] the AUTH 
failed
saying bad password. I know passwd is ok.

so what is the problem ?
My best guess with the info you gave us?
Your server hates you.
X-Istence
P.S. We need a lot more info, what does your pop3d run script look like 
for example?

This message is authored under the license which can be found at 
http://x-istence.com/LICENSE


smime.p7s
Description: S/MIME cryptographic signature

Re: [vchkpw] multiple issues.....cannot get in!!

[X-Istence]

On Jan 20, 2005, at 2:57 PM, Bob Ababurko wrote:
X-Istence wrote:
On Jan 19, 2005, at 1:45 PM, Charles J. Boening wrote:
How many messages does the user have?  I have seen this error when 
there
are thousands of messages in a user's Maildir.

Charlie
I agree with Charlie.
Thing to do is set the DATALIMIT higher, it is because it is unable 
to use that amount of memory that is required to run through the 
entire directory structure.
There is normally nothing wrong with the Maildir itself most of the 
time.
J-W Regeer
Is this synonomous with changing qmails softlimit via tcpserver?

It is the softlimit that is causing it. Not vpopmail. vchkpw hands it 
off to qmail-pop3d, and it can not secure enough memory to process the 
Maildir. Ive put mine up higher, and it works perfectly again.

J-W

Re: [vchkpw] multiple issues.....cannot get in!!

[X-Istence]

On Jan 19, 2005, at 1:45 PM, Charles J. Boening wrote:
How many messages does the user have?  I have seen this error when 
there
are thousands of messages in a user's Maildir.

Charlie
I agree with Charlie.
Thing to do is set the DATALIMIT higher, it is because it is unable to 
use that amount of memory that is required to run through the entire 
directory structure.

There is normally nothing wrong with the Maildir itself most of the 
time.

J-W Regeer

Re: [vchkpw] Problems to get e-mail when domain names are capitalized

[X-Istence]

On Jan 4, 2005, at 11:48 AM, Jeremy Kitchen wrote:
On Tuesday 04 January 2005 09:13 am, Walter Souto R. Junior wrote:
Hi,
My regitrar always capitalize the name of domains for the contacts 
(e.g.
name@DOMAIN.TLD and the messages he send to me never comes. I try 
to
change the the e-mail and I get the message normally, but after the
confirmation, the system of the registrar capitalizes the domain 
again...
domains have no case sensitivity.  DoMaIn.TlD is the same as 
domain.tld,
DOMAIN.TLD, dOmAIN.tlD, etc.  Technically, local parts can be case 
sensitive,
but qmail converts all local parts to lowercase (as I believe most 
other UNIX
mtas do as well).  On a qmail system, LaRRY is the same as larry, 
lArRy,
LarRy, etc, they're all delivered to 'larry'

So if i have a user whose username is GlaanieBoy, he would not recv any 
email? Since he does not have email enabled on his account it is not a 
problem, but i am asking in case that is true, which would mean i could 
only create accounts with lowercase letters.

--
Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet 
Technologies, Inc.
  [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 
int'l
  kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail
 GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED]


X-Istence

Re: [vchkpw] courier-imap

[X-Istence]

On Dec 7, 2004, at 12:43 PM, Oden Eriksson wrote:
fredag 03 december 2004 21.27 skrev Tom Collins:
Is it possible to configure kmail to not keep a persistent IMAP
connection?  Can you add a bogus POP account to kmail so it's popping
into the server every 15 minutes?
It's not persistent. As a work around I guess I could pop it now and 
then to
still be a relay client.

Maybe it's just kmail that sucks and I'm barking at the wrong tree. No 
one
here uses this combo?

--
Regards // Oden Eriksson

Well, most people that are using Kmail plus courier use SMTP auth.
X-Istence

Re: [vchkpw] vdelivermail, user quotas and the maildirsize file

[X-Istence]

On Dec 3, 2004, at 7:24 PM, Tom Collins wrote:
I don't know.  I've only started to look into the mail quota code.
I may pull fresh code from the most recent Courier-IMAP (original 
source of most of the code) and make sure that I spend as little time 
with the file open as necessary.  I think that vdelivermail will open 
it for exclusive write access and then append the new size.

I have no idea how it will behave if multiple processes want to append 
to it at the same time.  It may be difficult, but I guess I could 
write a shell script that attempts to deliver two very large emails 
simultaneously.  I could also add an artificial delay in vdelivermail 
so it keeps the file open longer than necessary in order to force one 
process to wait for write access.

--
Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: 
http://vpopmail.sf.net/
Info on the Sniffter hand-held Network Tester: http://sniffter.com/


How about locking the file from reading and writing until the writing 
task is complete, that way there should never be an inconsistent 
moment, unless off course two vdelivermails try to grab the file lock 
at the same time, and kernel both grants them (Happened to me on BSD 
4.2, was solved in a later version). So that should never happen.

If you make the time spent with the file as little as possible, then 
there should be no slowdown at all.

X-Istence

Re: [vchkpw] courier-imap

[X-Istence]

On Dec 3, 2004, at 2:42 PM, Oden Eriksson wrote:
Thanks Jeremy, but smtp auth isn't the answer I was looking for. I 
know mr.
sam and some other profilic people in this sphere thinks 
pop-before-smtp is
dead, is silly and obsolete, but I can say it isn't.

The question still, is how to make this work, not to make me start 
using smtp
auth.

If was really smart I would stop using an utterly dead (not developed 
since
1998), and unsupported software like qmail is and use _any_ of the 
others
that is still alive, supported, developed and in much wider use.

I bet that's not something you wanted to hear...
--
Regards // Oden Eriksson
Ohhh, that is music to my ears. Hell, switch to postfix, but please 
don't come crawling back when you have to use smtp auth as they offer 
not alternative, or make it hard to use an alternative. Or switch to 
exim, where smtp auth is almost a necessity, unless off course you can 
add your IP to the allowed to relay, in which case you need to find out 
how to do that with vpopmail's relay mechanism and not worry about 
popping in before sending mail.

Say, should I recommend sendmail as well? :P.
X-Istence

Re: [vchkpw] vchkpw authentication fails

[X-Istence]

On Nov 30, 2004, at 11:49 AM, Rainer Duffner wrote:
John Berliner wrote:
In the kernel, is UFS_DIRHASH enabled, or whatever the option is?  
This caused a lot of trouble on another server i admin, where it  
would be so slow, that at times login sporadically failed. It is  
enabled by default, and it would be stupid to have been removed, but  
you never know.
Hm...I'm pretty new to BSD (more used to Linux) so I'm not sure how  
to discover kernel compile options...but AFAIK the guy who set all  
this stuff up just used a generic 4.6 kernel config.



The FreeBSD handbook and FAQ (directly linked from  
http://www.freebsd.org) makes an excellent reading and goes to great  
lengths explaining the details, which in the end boils down to editing  
one file and executing a handful of commands (in the right sequence.
The UFS_DIRHASH options is - TTBOMK - only useful when creating new  
filesystems.
It doesn't have any effect later-on. Well, shouldn't. ;-)
UFS_DIRHASH was introduced with or post-RELENG_4_6, IIRC, together  
with making softupdates the default at installtime
Did not know this. Stepped into freeBSD from Linux in RELENG_4_6_2, and  
then did a reinstall for RELENG_4_7.


If anything see if it is possible to at least upgrade to the last  
4.10 version, as there have been a lot of overall improvements (This  
is off topic BTW)
Yeah, that's on my overly long to-do list.

It should be on top. ;-)
4.6 contains numerous vulnerabilites and is no longer supported.  
Looking at it, it was released in June 2002 - that's a long time in  
FreeBSD-land.

If you have a test-machine, you can try going from 4.6 to 4.10  
directly via cvsup.
Otherwhise, I'm not 100%sure if going straight from 4.6 to 4.10 works  
(it should, but the devil is a squirrel, as we say here around) - read  
/usr/src/UPDATING for more information.
I suggest a clean reinstall, if you pick RELENG_4_10, it will be a  
clean start, as there are a ton of old libraries that are in  
RELENG_4_6.

Personally i suggest RELENG_5_3 though, has given me a more stable  
system, that is far more responsive, but i guess it is personal choice.


Also, when you manually auth using pop3:
telnet localhost 110
user username
pass password
list
What is the output? (Please truncate, if the user has a ton of  
emails, we don't need the entire list)

Or does it die saying can't scan maildir?
per my earlier post, it dies with the Maildir scan ERR.
Does this only happen for his account,
yes
and have you tried to mv the Maildir,and then  
/var/qmail/bin/maildirmake Maildir in the same dir, then chowning it  
to the right user and then trying to login again to see if it  
succeeds then?
I didn't try that, but when I do, it authenticates correctly. This is  
good.
So now: I read somewhere that it's not a great idea to manipulate the  
queues directly; what's the consensus? Can I not just move the  
messages back into the appropriate directories in the new Maildir I  
just created?

The queue is in /var/qmail/queue and it *is* a bad idea to  
manipulate it directly (unless You Know What You Are Doing (TM).
But what you're manipulating here is the maildir. If you shut down  
qmail while you move the mail to the old place, you are 100% safe.
As it crashes with POP, the error should be in the top-level  
maildirectory somewhere, I assume.
If you're bored, you can truss -p the process after you connected with  
telnet and before you authenticated ;-)
I did that when i had the same problem, and did not find anything.
It seems to happen when some message is screwed up in some way. But  
this user i was tryingt it out on had over 60,000 emails, so finding  
the culprit woulda been painfull.


If you have further ambitions with your Qmail-installation, you might  
want to check-out Matt Simerson's Qmail-FreeBSD-Toaster at  
http://www.tnpi.biz.
Though it's geared towards ISPs, it does also work very nicely for  
smaller installations.
Shameless plug  
url:http://bsdguides.org/guides/freebsd/mailserver/ 
qmail+vpopmail+qmailadmin.php. Guide was written by me, site owned by  
a friend of mine. It is geared to using the FreeBSD ports tree to make  
install easier. And includes all the standard stuff you would want  
(imap, pop3, sa, qmailadmin, qmail, vpopmail)


cheers,
Rainer

Good luck with your install.
X-Istence

Re: [vchkpw] incorrect usage reporting

[X-Istence]

On Nov 30, 2004, at 11:43 AM, Tom Collins wrote:
On Nov 30, 2004, at 5:48 AM, Gajen Anandamuruga wrote:
I tried sending few mails to that account .The usage increase from 
that 15% to above. When I delete the mails still the usage shows 15% 
and not 0%.  Even some other email accounts which were working 
properly now started showing usage 16% even if I delete all mails.

If I create a new email account that usage shows as 0% and even after 
I delete all mails it correctly shows 0%. This problem started 
happening for already existing accounts.

Please help if anyone had the similar problem?
Delete your maildirsize files and they'll get recreated with correct 
values.
cd to the domain of your choice, and then run:
find . -name maildirsize -delete
That will delete all the maildirsize files it finds. Run it without the 
-delete if you just want to see a list of what it would delete if you 
would add the -delete.

--
Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: 
http://vpopmail.sf.net/
Info on the Sniffter hand-held Network Tester: http://sniffter.com/

X-Istence

Re: [vchkpw] killed email

[X-Istence]

On Nov 29, 2004, at 3:57 PM, Jeremy Kitchen wrote:
I had to kill this mail... 2.5MB email to the vchkpw mailing list 
(over 1100
subscribers) kills our puny 400kbit upstream :(  Please don't send 
such large
messages to the list.. it's much better to put them up on a website or
something and pass out the url.  Some of you may have gotten the 
message, but
the rest won't, I had to kill it.

Thanks :)
-Jeremy
What email would this be? you did not put in a header, or a title, or 
is the title of the origional mail killed email?

X-Istence

Re: [vchkpw] vchkpw authentication fails

[X-Istence]

On Nov 29, 2004, at 6:33 PM, John Berliner wrote:
I am a web and application developer who has inherited sysadmin duties 
for our school's servers. Thus I'm basically a novice. I have scoured 
the web and mailing lists for clues to solving my problem here, but no 
luck. So here goes:

Our mail services are all working fine, with the exception of a single 
user (the heaviest mail user, by far) who has previously had 
intermittent issues with POPping mail. Now it very rarely succeeds -- 
and currently, does not succeed at all -- in picking up mail. Using 
any POP client, we get authentication errors (vchkpw: password fail 
in maillog).

We are running vpopmail 5.2.1 + qmail 1.03 on a FreeBSD 4.6 server. No 
imap. No inetd/ xinetd, just tcpserver + daemontools...


In the kernel, is UFS_DIRHASH enabled, or whatever the option is? This 
caused a lot of trouble on another server i admin, where it would be so 
slow, that at times login sporadically failed. It is enabled by 
default, and it would be stupid to have been removed, but you never 
know.

If anything see if it is possible to at least upgrade to the last 4.10 
version, as there have been a lot of overall improvements (This is off 
topic BTW)

Thanks in advance,
John Berliner
Live Oak School
Also, when you manually auth using pop3:
telnet localhost 110
user username
pass password
list
What is the output? (Please truncate, if the user has a ton of emails, 
we don't need the entire list)

Or does it die saying can't scan maildir?
Does this only happen for his account, and have you tried to mv the 
Maildir,and then /var/qmail/bin/maildirmake Maildir in the same dir, 
then chowning it to the right user and then trying to login again to 
see if it succeeds then?


X-Istence

Re: [vchkpw] Fields' use?

[X-Istence]

On Nov 20, 2004, at 1:17 AM, Tom Collins wrote:
On Nov 19, 2004, at 6:33 PM, shadowplay.net wrote:
um.. the uid and gid are used on a unix file systems to identify
permission levels of access to files and directories.
they allow an administrator to compartementalize
access on a *nix box.
they are closely tied with the applications
chmod chown and chgrp.
Perhaps you should have read the rest of this thread before posting.
In the case of vpopmail, the fields are called pw_uid and pw_gid but 
they are used for other purposes.  We had considered renaming pw_gid 
to pw_flags, but as Ken pointed out previously, there's too much code 
that refers to the field by its old name, pw_gid.

--
Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: 
http://vpopmail.sf.net/
Info on the Sniffter hand-held Network Tester: http://sniffter.com/


Can't we make both point to the same location in memory? Yet have them 
behave the same way?

If the change were done in a major revision, then people might accept 
it.

Once you know what it does, it does not seem to be a logic name for the 
variable, but you get used to it.

X-Istence

Re: [vchkpw] Fields' use?

[X-Istence]

On Nov 18, 2004, at 3:44 PM, Matthew Walker wrote:
What are the pw_uid and pw_gid fields in the user info actually used
for? I did a quick read through the docs, and couldn't find any
information about what they do other than the fact that they're the
user id and group id.
Matthew
They are named to confuse people. :P
Actually i have no clue, but there should be some documentation on 
them, and they should possible be renamed to something more suiting for 
the task they are doing or being used for.

X-Istence

Re: [vchkpw] vchkpw segfault with smtp auth on amd64

[X-Istence]

On Nov 16, 2004, at 5:28 PM, Martin Kos wrote:
hi
i've done a fresh qmail/vpopmail installation on a debian amd64 port. 
everything seems to work just fine, except the smtp auth. sending an 
email without smtp auth works just fine. but if i try it with smtp 
auth i get the following in my logs:

kernel: vchkpw[28473] segfault at  rip 
 rsp 007fbab0 error 14

the only thing that i have found on the net is the following:
http://archives.neohapsis.com/archives/openbsd/2004-05/1814.html
i'm not sure if it is really a vpopmail problem. perhaps somebody has 
already had the same problem? i've tried with disalbing the -02 in the 
CFLAGS but that does not help. compiling vpopmail with gcc 3.4 was the 
same thing :-(

greets
 KoS

I was trying to trouble shoot this with an AMD 64 server, but was 
unable to find the culprit, since then we just grabbed a 32 bit old P3, 
and put that up as our mail gateway with SMTP auth, and all works well 
again.

It would seem that the data that qmail-smtpd sends is not correct, for 
some reason it sends incorrect base64 decoded information.

Best way to test it that i have done is use strace:
telnet localhost 25
in another terminal:
ps aux | grep qmail-smtpd
look for the qmail-smtpd which is not tcpserver, and then use strace to 
hook onto its PID.

Then in the telnet window send the commands to the server until it says 
auth failed, in which case you just QUIT and then grab the strace 
output.

X-Istence

Re: [vchkpw] .quotawarn.msg header issue

[X-Istence]

On Nov 14, 2004, at 11:46 PM, Tom Collins wrote:
On Nov 14, 2004, at 5:58 PM, Michael Bowe wrote:
In the headers of the overquota warning, the Return-Path: is set to 
email
address of the person who sent the message that caused the overquota 
warning
to be generated.

I dont know if this is really the desirable result. Probably would be 
better
not having this field generated at all ?
I've got a new version of vdelivermail that I'm planning to roll out 
in a vpopmail beta.  I'll change it so it uses a different Return-Path 
than that of the original sender.  Unless I hear otherwise from 
others, I'll just leave it out -- if someone wanted to include it, 
they could manually add it to the overquota warning file.


How about just [EMAIL PROTECTED] ? That would let the postmaster 
know about the full mail box, if the message bounces, and also then 
gives the postmaster the choice of acting upon it.

If my logic is flawed, i apologize, it is late, and i need sleep :P
X-Istence

[vchkpw] Message pasted on top of message.

[X-Istence]

Hello,
I would like to excuse myself for cross posting, but i thought it would 
be important enough, as it pertains to both devel and the normal 
mailling list.

I have a .qmail file like this one:
/* Yes, i did change my email address. For obvious reasons. I get 
enough spam allready */
[EMAIL PROTECTED]:/usr/local/vpopmail/domains/osnn.net/xistence] # cat .qmail
xistence [at] x-istence.com
/usr/local/vpopmail/domains/osnn.net/xistence/Maildir/

That is what qmailadmin created when i told it to forward it to another 
email account, and save a local copy.

Well, the forwarding works perfectly, but the mail stored in the 
Maildir looks like this:

Return-Path: xistence [at] x-istence.com
Delivered-To: xistence [at] osnn.net
Received: (qmail 47604 invoked by uid 0); 11 Nov 2004 21:26:48 -
Received: from unknown (HELO mail.spammers-paradise.com) (67.19.228.228)
  by slate.osnn.net with SMTP; 11 Nov 2004 21:26:48 -
Received: (qmail 52586 invoked by uid 0); 11 Nov 2004 21:14:19 -
Received: from unknown (HELO Breached.X-Istence.com) (67.84.194.214)
  by sedated.spammers-paradise.com with SMTP; 11 Nov 2004 21:14:19 -
Received: (qmail 74339 invoked by uid 0); 11 Nov 2004 21:16:45 -
Received: from unknown (HELO ?10.10.10.100?) (10.10.10.99)
  by Breached.X-Istence.com with SMTP; 11 Nov 2004 21:16:45 -
Mime-Version: 1.0 (Apple Message framework v619)
Content-Transfer-Encoding: 7bit
Message-Id: [EMAIL PROTECTED]
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: [EMAIL PROTECTED]
From: X-Istence xistence [at] x-istence.com
Subject: Can someone say mail loop?
Date: Thu, 11 Nov 2004 16:16:50 -0500
X-Mailer: Apple Mail (2.619)
Hello
Test.
Received: (qmail 47604 invoked by uid 0); 11 Nov 2004 21:26:48 -
Received: from unknown (HELO mail.spammers-paradise.com) (67.19.228.228)
  by slate.osnn.net with SMTP; 11 Nov 2004 21:26:48 -
Received: (qmail 52586 invoked by uid 0); 11 Nov 2004 21:14:19 -
Received: from unknown (HELO Breached.X-Istence.com) (67.84.194.214)
  by sedated.spammers-paradise.com with SMTP; 11 Nov 2004 21:14:19 -
Received: (qmail 74339 invoked by uid 0); 11 Nov 2004 21:16:45 -
Received: from unknown (HELO ?10.10.10.100?) (10.10.10.99)
  by Breached.X-Istence.com with SMTP; 11 Nov 2004 21:16:45 -
Mime-Version: 1.0 (Apple Message framework v619)
Content-Transfer-Encoding: 7bit
Message-Id: [EMAIL PROTECTED]
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: [EMAIL PROTECTED]
From: X-Istence xistence [at] x-istence.com
Subject: Can someone say mail loop?
Date: Thu, 11 Nov 2004 16:16:50 -0500
X-Mailer: Apple Mail (2.619)
X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on slate.osnn.net
X-Spam-Level: *
X-Spam-Status: No, hits=1.6 required=5.0 tests=AWL autolearn=ham 
version=2.64

Hello
Test.
I have no clue where the error lies, and what i need to do to fix it, 
or if qmailadmin needs to be fixed, but it is causing quite a bit of 
problem. A client has his email set up like this as well, and he checks 
both accounts, unlike me who just did not notice the double message 
pasting stuff until pointed towards it. Where would i need to start 
looking for the error?

X-Istence

Re: [vchkpw] Pop3 auth problems (vpopmail+mysql)

[X-Istence]

On Nov 10, 2004, at 12:17 PM, [EMAIL PROTECTED] wrote:
New discovery:
...
+OK [EMAIL PROTECTED]
user [EMAIL PROTECTED]
+OK
pass 123
list
...
This is interesting.
It seems to not give you the +OK that it does when i telnet to my 
server and send it the same commands.

have you applied any patches?
X-Istence

Re: [vchkpw] MySql load causes bounced mail

[X-Istence]

On Oct 25, 2004, at 4:08 PM, tonix (Antonio Nati) wrote:
At 22/10/2004 22/10/2004 -0400, you wrote:
On Oct 22, 2004, at 8:13 AM, tonix (Antonio Nati) wrote:
Any comment?
Tonino
Why is qMail calling _exit() and not exit()? Is there a reason it 
does not want its files closed, and other stuff properly cleaned up? 
Or is it because DJB is just not happy with using calls that are in 
the libc library and thus are not thread safe for the most part?
Threads? I don't see where qmail is using threads...
I know, i was just pointing out a useless fact i picked up while 
reading a book.


Anyways, eventhough i do not agree with using #define's to override a 
function, i don't see it as a bad one necessarily, as it clears up 
the entire MySQL mess.
Funny, I'm checking my (chkuser) patch and I see also auth patch (Bill 
Shupp's toaster version) does the same thing (overriding _exit).

I feel it could be time to redesign qmail and use atexit() functions.
This could be a lengthy process. But if you are willing to undertake 
it, and write the patches for it, then it is certainly worth it.

Tonino

X-Istence

Re: [vchkpw] Archiving mail

[X-Istence]

On Oct 25, 2004, at 6:38 PM, aichains wrote:
very interested.

I am as well.
Note for AIChains: Next time cut away all the crud that is not needed, 
in other words, pretty much the entire message, saves on bandwidth. 
Thanks.

X-Istence

Re: [vchkpw] How can I identify a spammer?

[X-Istence]

On Oct 23, 2004, at 11:22 AM, Jeremy Kitchen wrote:
On Fri, 2004-10-22 at 18:57 -0300, Walter Souto R. Junior wrote:
Thanks Tom and Jeremy,
I do fix my run file for smtp, but now I have a 501 malformed auth 
input
(#5.5.4) using telnet. I'm also trying with Opera with plain, auth 
and
cram-md5 without success. My run file looks like:

#!/bin/sh
LOCAL=`head -1 /var/qmail/control/me`
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
Can the qmaild user read your vpopmail information?  I certainly hope
not.  This is why you are unabled to authenticate.  Now, go fix this 
and
disable your open relay.

-Jeremy

I agree with jeremy. I took the patch that vpopmail provides in its 
contrib dir, and made it one big rolled in one patch file, instead of 
seperate files. This patch requires no hostname in the qmail-smtpd run 
file;

in your qmail source dir just do the following:
wget http://www.bsdguides.org/downloads/freebsd/qmail-smtpd-auth.patch 
(It is used in a guide of mine, but it is for stock qmail)
patch  qmail-smtpd-auth.patch

Then edit your qmail-smtpd run file to run it as A) root, or B) 
vpopmail (I personally do root, stops all the permissions crap from 
sneaking in), and then add ~vpopmail/bin/vchkpw /bin/true right after 
the call to qmail-smtpd.

Don't add a hostname anywhere at all, and you are set.
X-Istence

Re: [vchkpw] How can I identify a spammer?

[X-Istence]

On Oct 23, 2004, at 4:16 PM, Erwin Hoffmann wrote:
This is a very old story.
Pls. visit: http://www.fehcom.de/qmail/smtpauth.html
Essentially, with all the disturbed discussion, I'ld like to conclude:
- Putting the hostname in the call of qmail-smtpd for SMTP 
Authentication
conforms to the use of qmail-popup/qmail-pop3f, however

- forgetting the hostname in there leaves the SMTP server open, 
wheres

- dropping the requirement for the hostname yields (in worst 
condition) an
error message to the client.

Thus, my implementation of the SMTP Authentication for Qmail (apart 
from
the many bug-fixes) is fail save. As outlined, technically there is 
*NO*
need to include a hostname in the call of the PAM; even not for 
qmail-popup
- it's simply historic.

regards.
--eh.
Hello,
Just to let you know, i was just pointing the person to a patch that 
would do what they wanted without the hostname. I have visited your 
site before, and have read it's entire contents, and I know that you 
don't need the hostname. Also, the patch i described is part of the 
vpopmail distribution, and i was just presenting it in an alternate 
form.

I am sorry if your message was towards someone else on the mailling 
list, but i am rather offended by the thought that you meant me, and 
thus thought that i did not have the knowledge that it is historic and 
not needed.

J-W

Re: [vchkpw] MySql load causes bounced mail

[X-Istence]

On Oct 22, 2004, at 8:13 AM, tonix (Antonio Nati) wrote:
Any comment?
Tonino
Why is qMail calling _exit() and not exit()? Is there a reason it does 
not want its files closed, and other stuff properly cleaned up? Or is 
it because DJB is just not happy with using calls that are in the libc 
library and thus are not thread safe for the most part?

Anyways, eventhough i do not agree with using #define's to override a 
function, i don't see it as a bad one necessarily, as it clears up the 
entire MySQL mess.

X-Istence

Re: [vchkpw] MySql load causes bounced mail

[X-Istence]

On Oct 21, 2004, at 3:09 PM, Tom Collins wrote:
vdelivermail calls _exit() when running a command in a .qmail file 
(exit codes 99, 100 and 111).  It should really be calling vexit() to 
give the MySQL lib a chance to close its connections.
According to my book here, calling _exit() does not run any atexit() 
registered functions. This is also the only reason it is async safe, 
and thus also safe to use when you are in a signal handler. Whereas 
exit() does call the atexit() registered functions, and thus is not 
async safe.

X-Istence

Re: [vchkpw] chkuser 2.0

[X-Istence]

On Oct 19, 2004, at 11:14 PM, Charles Sprickman wrote:
While it's apparently not fatal to not properly close the mysql 
connection, I suspect that it's adversely affecting performance.

Well, the connection will remain open till MySQL notices the connection 
is closed. We had this with several C programs a while back. Since the 
connection is still open according to MySQL its connection limit could 
be reached, and would start dropping new connections to it.

Re: [vchkpw] /home/vpopmail/etc/tcp.smtp.cdb keeps being rebuild

[X-Istence]

On Sep 13, 2004, at 11:09 AM, Miolinux wrote:
Ken Jones wrote:
On Monday 13 September 2004 09:08 am, Miolinux wrote:
Probably because --enable-roaming-users tells vpopmail to rebuild
the tcp.smtp.cdb file after each pop connection.
Ken Jones
But if i set --disable-roaming-user the sql table doesn't get updated.
How can i tell vpopmail to update ONLY mysql table after a user pop in?
Thanks
It sounds like a patch needs to be written for it. But what you are 
doing is highly uncommon (In my judgement), so i think it was just 
something that was overlooked.

I will see if i can get something done tommorow.
X-Istence

Re: [vchkpw] Re: un-subscribe

[X-Istence]

On Sep 9, 2004, at 2:14 AM, Jeremy Kitchen wrote:
I've always been a fan of having an internet license where you can't 
get an
ISP without taking a short class on common sense and safe internet
practices :)

I guess not everyone can be helped.
An ISP in europe will sell you internet that is firewalled, and the 
only way to open a port up is to call tech support and get one of the 
guys on the phone, explain why you need the port open (Enough ports are 
open for normal day to day stuff), and answer a few questions. So if 
you answer the questions wrong, you will not have the port opened. So a 
lot of home servers can be run on that without fear because you know 
that the owners have at least answered enough questions right that they 
know how to run the particular server (For instance, mail, or HTTPD).

On their IP block, there is no damage done yet cause of spamming. And 
any PC's that are spamming, even with the port closed, get their 
internet taken away until they fix the problem, or decide to switch 
ISP. They offer tech support (walk in) for $50 (one time) and they fix 
whatever the problem was, and reactivate your internet :).

Pretty cool actually. Wish i could remember the name, read about it in 
the Financiale Telegraaf (Dutch newspaper about finances).

-Jeremy
X-Istence

Re: [vchkpw] Re: un-subscribe

[X-Istence]

On Sep 8, 2004, at 8:43 PM, Rainer Duffner wrote:
Am Do, den 09.09.2004 schrieb Jeremy Kitchen um 0:50:
On Wednesday 08 September 2004 04:44 pm, Kirti S. Bajwa wrote:
[EMAIL PROTECTED]
please stop this madness.  read the headers of every message sent to 
you by
the mailing list to figure out how to unsubscribe.
You'd think that people subscribing to a list about a
mailserver-management software would know how to read (let alone find) 
a
header.

But the last time someone posted the above advice, the person in
question promptly asked how to find the header...
It should be obvious though, unless they use Outhouse or any of its 
variants.

It scares me to think that these people might actually run a 
mailserver.
Gives a whole new meaning to the joke about on the internet, nobody
knows you're a dog, doesn't it ?
Scary indeed.
Perhaps you could implement a filter that directs people wanting
subscribe with Outlook-clients to a web-page describing how to view the
header in various Outlook-variants.
Then, before the subscription is approved, they have to fill out a
little multiple choice test

I think this would be a great idea. The multiple choice test would weed 
out all people needing support in the first place, so we would have 
nothing to do :) :P.

Just kidding, but yes, i think it would be good to have like a small 
entrance exam.


Rainer
--
===
~ Rainer Duffner - [EMAIL PROTECTED] ~
~   Freising - Munich - Germany   ~
~Unix - Linux - BSD - OpenSource - Security   ~
~  http://www.ultra-secure.de/~rainer/pubkey.pgp  ~
===

Re: [vchkpw] mail server on the loose!

[X-Istence]

On Aug 29, 2004, at 1:23 PM, Jeremy Kitchen wrote:
If you get this message before I shut the mail server down, consider 
yourself
lucky :)  Our mail server will be down for about 3 hours as I drive it 
across
Illinois.  Our website will still be available, but our mail server 
won't.

So long as traffic isn't horrible, it should be back up in about 3-4 
hours.
Sorry for any inconvenience :)

-Jeremy
Inter7 Internet Technologies, Inc.

I am lucky! :P
Err, well i think so anyways. I hope the move went without a lot of 
trouble :)

X-Istence

Re: [vchkpw] spamassassin errors using vpopmail (vuserinfo)

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Charles M. Gerungan wrote:
 What's going on? This appears in my spamd log while processing a single
 message:

 2004-06-22 00:06:14.621893500 clean message (0.8/5.0) for (unknown):89
in 0.5 seconds, 823 bytes.

That is what causes it. since it does not pass vuserinfo a proper
username, it can do nothing.

Which is why you get the error messages you are getting.

What i found is that if i give vpopmail a shell (/bin/sh), all works
perfectly and i have no problems what so ever. (This is on FreeBSD 4.10)

So i don't know where the problem lies, but i know it fixed it for me.
See if that works for you :).

X-Istence

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA14QEJukONu5DUaQRAl/yAJ97vC2itMfQKmXn65ukfSXteWpeigCfbsxZ
CEOEhjHI8yyA1uDxht9oVwk=
=FZ1i
-END PGP SIGNATURE-

Re: [vchkpw] spamassassin errors using vpopmail (vuserinfo)

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Charles M. Gerungan wrote:
 Hello X-Istence,

 On Mon, 21 Jun 2004 20:57:40 -0400 X-Istence wrote:

 XI What i found is that if i give vpopmail a shell (/bin/sh), all works
 XI perfectly and i have no problems what so ever. (This is on FreeBSD
4.10)

 Which makes me wonder. How do you invoke spamd? (I'll show you mine if
 you'll show me yours :)

 [EMAIL PROTECTED] /usr/local/etc/svc.d/spamd # cat run
 #!/bin/sh
 exec /usr/local/bin/spamd -m 20 -a -H -v -u vpopmail -s stderr 21


mkdir /var/spamd-service
cd /var/spamd-service
echo #\!/bin/sh  run
echo exec /usr/local/bin/spamd -a -c -m 20 -v -u vpopmail  run
chmod +x run
mkdir log
cd log
cat  EOF  run
#!/bin/sh
exec setuidgid qmaill \
multilog \
t \
./main
EOF
chmod +x run
mkdir main
chown qmaill:qmail main
chmod +s main

:)

X-Istence
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA15lZJukONu5DUaQRAuiVAJ4pb17GrG5e0JPrSsLnYIThyddLMACeMFjH
dadvVPXbhepZx3IEACoauRk=
=klcv
-END PGP SIGNATURE-

Re: [vchkpw] Sort of skel files for maildrop

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Charles M. Gerungan wrote:
 I've followed the instructions w.r.t. maildrop and vpopmail according to
 Johan Almqvist[1] and it's working as expected. Is it possible to have
 vpopmail create the required files -- MAILDIRFILTER, MAILDIR and the
 adopted .qmail file -- automatically upon creation of a new virtual use,
 like skel files for the shell?

 [1] http://www.almqvist.net/johan/qmail/vpopmail+maildrop.html


Not yet, there might be a patch for it in cvs at sourceforge, if there
is not, this would certainly be a good feature.

There was a thread a long time ago about this, but the author never
replied again when asked to update his code, so that it would work better.

X-Istence
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAz5gmJukONu5DUaQRAj+2AKCNad0nHZngnXbaaaly7drJ50Wd6ACfUbIw
dmlGDdpaqAtLtq9aUwFmnP4=
=uzdC
-END PGP SIGNATURE-

Re: [vchkpw] dot qmail processing

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Rick Widmer wrote:


 Paul Oehler wrote:

 It's in the qmail docs.

 man dot-qmail

 It isn't in there explicitly, but it says that lines starting with #
 are
 ignored, and that qmail-local will only process .qmail files that
 aren't
 empty.



 Is this how qmailadmin creates a blackhole e-mail address?


 I don't think there is a way to create a blackhole address within
 qmailadmin yet, but I plan to use it in the version I am working on.


I don't know where you get your info, but qmailadmin certainly does.

Breached# cat .qmail
|/usr/bin/true delete
Breached# pwd
/usr/storage/mail/x-istence.com/blackhole/

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAy1+nJukONu5DUaQRAvWIAJ9dQMZP9tbN8T911jTbCSV0wBaeDgCeMDqc
5qaAs+W2CpZQmWsoijFpRf4=
=ag+u
-END PGP SIGNATURE-

Re: [vchkpw] dot qmail processing

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Tom Collins wrote:
 On Jun 9, 2004, at 5:46 PM, Paul Oehler wrote:

 Out of curiosity, is this a documented feature?  I don't remember ever
 reading this anywhere.


 It's in the qmail docs.

 man dot-qmail

 It isn't in there explicitly, but it says that lines starting with # are
 ignored, and that qmail-local will only process .qmail files that aren't
 empty.

Bug and feature :P


 --
 Tom Collins  -  [EMAIL PROTECTED]
 QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
 Info on the Sniffter hand-held Network Tester: http://sniffter.com/


X-Istence
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAyl2iJukONu5DUaQRAgroAKCMgD0SYqrXL4s7phNRA1lhJx/q4wCfTKMe
mG+/NcFhgkmm7uH5FC8VdPs=
=rmst
-END PGP SIGNATURE-

Re: [vchkpw] For X-Istence (was webmail)

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Jeremy Kitchen wrote:
 On Thursday 03 June 2004 09:31 pm, Troy E Bouchard wrote:

True, he never asked ... but I was trying to be helpful ... your reply
wasn't ... No not a shameless plug ... a helpful suggestion.


 That's fine.


VPOP3 has a webmail server with it.  That is why I replied the way I
did.


 what's this vpop3 and what webmail server are you speaking of?

 -Jeremy


Go to the site he is speaking off, and you can find:

Our VPOP3 suite of software provides an extensive range of facilities
for sending, receiving and handling Internet and Internal email on your
company network. Addins are also available for network faxing, virus
scanning, etc - http://www.pscs.co.uk/

X-Istence
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAwE9DJukONu5DUaQRAkNNAKCHEiq0AcoX0qrbg7hKpLbfC5fImQCgjbaq
RJ2AC346itDARB//tgdXyik=
=W6hd
-END PGP SIGNATURE-

Re: [vchkpw] For X-Istence (was webmail)

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Troy E Bouchard wrote:
 True, he never asked ... but I was trying to be helpful ... your reply
 wasn't ... No not a shameless plug ... a helpful suggestion.


My reply was just pointing out the obvious. That there is no point in
telling someone to use a different product when they obviously want help
with another.

 Take it or leave it.

 VPOP3 has a webmail server with it.  That is why I replied the way I
 did.

POP3 is a protocol, which is what qmail-pop3d does. He was asking if
there was some way to use this protocol instead of imap for squirelmail.
If VPOP3 is a totally different product not related to vpopmail, then
there was no point reply with what you did reply, considering the fact
he wants to use squirelmail with vpopmail, and not install a totally
different product.


 I will say no more.

 HOIT!

 TroyB
 On Thu, 2004-06-03 at 18:46, X-Istence wrote:

Troy E Bouchard wrote:

If you want to use a Windows Box point yourself to
http://www.pscs.co.uk/


Shameless plug? Even then he never asked to use a Windows server, so
there is absolutely no need for this link.

X-Istence


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAv+CVJukONu5DUaQRAsLWAJ0QScAsNP0KGGotJqbbLmsYe1vhYwCfboVw
98nUj/NMikkXcr+qy7BDRJc=
=ysIn
-END PGP SIGNATURE-

Re: [vchkpw] Change passwd howto

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Rick Widmer wrote:
 snip


 I'm not sure what thread you are looking at, but considering that I
 wrote all the PHP code on http://pmailadmin.sourceforge.net/, more than
 doubled the size of the code in the vpopmail extension for PHP, and have
 patches in vpopmail and qmail admin, I think I have some idea which code
 does what.  :)

My bad. It's in that thread where we discussed the PHP extensions and
how it could be improved. I remember you or someone else saying that the
 functions that would be added to the php extensions would in fact just
be wrapper functions for the deamon so that there is no hassle with that.

My memory has failed me, time for me to go search for the thread, and
reread it.

 snip
 Cool!   Just because it works on my machine doesn't mean its done.  Let
 me know what happens...  Since I am the last one to touch much of the
 code in vpopmail and qmailadmin, [1] I should probably be the first to
 look at the problems.  sigh...  That discussion should probably be on
 the SourceFORGE vpopmail-devel list.


Thanks for reminding me, i need to signup for that list.

http://lists.sourceforge.net/mailman/listinfo/vpopmail-devel

 Rick


 [1]  This refers to the CVS versions only.


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAv/khJukONu5DUaQRAnveAJ9YMmKAknWySrbKsdANyfmHP3L1+gCglV+4
PcGJCK6OMbn+yvvLfubz3qc=
=1h0T
-END PGP SIGNATURE-

Re: [vchkpw] Quota is not working

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Joao Rechena wrote:
 Greetings,
 I have several accounts on one domain, every one with quota and working
 fine, but I have this mailbox that the quota is not working, it stayed
 on the 48% of usage and the mail keeps increasing, the quota is 50MB and
 it already goes on the 100MB
 Did anyone had this problem before ?
 Thank you for your help.

 Vpopmail version 5.2.2
 --
 Joao Rechena
 mailto:[EMAIL PROTECTED]
 http://ispower.org
 =
 Have no phear I is here

Try removing the quota file for the user, and then sending it a mail and
see if it is updated. If it is, then there you go, if not, then i have
no clue.

I do know for a fact though that quota has never really worked on any of
the servers i used it on, so instead i enforce file system quota's.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAv/mPJukONu5DUaQRAlJKAJ9nXX41TloQQ3OwA2OV0Lr7JA9AAACfapFE
bHKhnrI4tfNHvkeT2aqqKTQ=
=LdZv
-END PGP SIGNATURE-

Re: [vchkpw] Unable_to_run_/bin/sh

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Bill Gradwohl wrote:
 I've installed qmail and vpopmail on 2 different test boxes. One is
working
 just fine and the other is giving me the Unable_to_run_/bin/sh message in
 /var/log/qmail-send/current. I believe its vdelivermail that's doing
it, but
 I don't know why it works on one box and not the other.

 I'm running vpopmail V 5.4.0, on Fedora Core 2 on both boxes.

 I've checked the archives and I can su vpopmail -c '/bin/sh' so the
archive
 suggestions don't seem to apply.

 What am I missing?


Check that the shell you have for the vpopmail user is valid and
working. If it is not, that would be your problem.

If a shell is properly set (grep -i vpopmail /etc/passwd) then check
that the shell really exists:

ls -al /path/to/shell

If need be, fix it up, and go on with life.

J-W
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAvq7oJukONu5DUaQRAuP/AJ4vO1/s70T1qDPrDfpmTZGvxCYcfwCcCdjx
Aehf+YrTAfeeZMbrCEanOls=
=5C1o
-END PGP SIGNATURE-

Re: [vchkpw] ip After Email

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

zafar wrote:
 Hi All

  I already Posted that Question but can't give any success of any replied
 message. Plz give me any solution of that problem. I am making a
Application
 in .NEt in which i am using pop accounts from Qmail server. When i
configure
 account for pop mail from Qmails. It gives me error in .NEt like that
 Socket Closed and on QMail server i am getting error in that format
in the
 Maillog.

 Jun  1 07:18:07 mail1 vpopmail[28975]: vchkpw: password fail
 [EMAIL PROTECTED]:211.114.109.6

 its adding Ip after email from where request is generating. How can i
remove
 that ip after the email.

Thats normal. It does it on all my servers as well.


 Have any person any idea of such kind of problem.

 with Regards
 ZAFAR


X-Istence
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAvSNEJukONu5DUaQRApDkAKCZvox4PW2LqrXuJ/UzG7VAJm6BfACeJTMN
b0rPd/V1Nb2uzJFJc2WKjhU=
=S2mx
-END PGP SIGNATURE-

Re: [vchkpw] Roaming user don't work

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Franck wrote:
 snip

 But, in var/log/message, i've this :
 vpopmail[15499]: vchkpw-smtp: vpopmail user not found
 [EMAIL PROTECTED]:81.56.xxx.xx

  The login is not [EMAIL PROTECTED] ? It's only for pop before smtp ???


No, the login certainly is. It is just like loggin in to pop, except now
you are loggin into SMTP to send an email.

X-Istence
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAvSPdJukONu5DUaQRAmKeAJsFnjcTgdAqUAWjtH4mkRaqcwWqBgCeLOF9
fSn/J4I3gkZo385tOg9BdHE=
=ucOZ
-END PGP SIGNATURE-

Re: [vchkpw] Change passwd howto

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Jean Wainer wrote:
 snip

 There's a vpopmail plugin for squirrelmail. The only catch is that
you have to run apache as vpopmail user.

Thus giving anyone that has web access or is allowed to run PHP scripts
on your server the allowance to play with vpopmail as much as they want.
If this is just a webmail based server i do think it is okay, but if i
were you i would still be worried.


 --Jw.

Jan-Willem Regeer
X-Istence
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAuzNwJukONu5DUaQRAjYLAJ9vADfu7bWzPgf93nqJTXVUEbB44QCfT+XL
ffzkcZCcwLLYdgdmtliHorQ=
=TAZ6
-END PGP SIGNATURE-

Re: [vchkpw] Change passwd howto

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Jean Wainer wrote:
 Thus giving anyone that has web access or is allowed to run PHP
 scripts on your server the allowance to play with vpopmail as much
 as they want. If this is just a webmail based server i do think it
 is okay, but if i were you i would still be worried.

 We are using it on one of our webmail servers, and since we have a
 lot of anti-spam and account management features which depend on the
 vpopmail user to be configured within the webmail, we have choosen to
 do that..

What i would suggest instead is to create a wrapper in C, that is set
setuid to vpopmail instead, that way only vpasswd can be abused if there
is a hole in some PHP script that is run on the server. Worst thing that
can happen then is that your users passwords are changed, but that is
still a lot of guess work. I personally would prefer to have just one
function, than having Apache be able to access all the vpopmail
functions. I'd rather not be in for a surprise that i am hosting a
random domain without knowing it.



 --Jw.

 Jan-Willem Regeer

 So i'm not the only jw here, eh?

 Jean C. S. Wainer

 --Jw.

Sorry :P Indeed you are not.

Jan-Willem Regeer
X-Istence
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAuzkMJukONu5DUaQRAkWoAJ94TEs1Xa93Tup9zaBWtMjJvB3J6QCeLueo
m6F7FXBPz+BDlZIzS0K5luk=
=ieUi
-END PGP SIGNATURE-

Re: [vchkpw] Change passwd howto

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Rick Widmer wrote:


 X-Istence wrote:


 For cdb there are these things you can do.

 1) Wait till the PHP extensions fully work and the vpopmail deamon that
 the PHP extensions use fully work


 First a little correction, the PHP extension and the vpopmail daemon are
 two different ways to do the same thing.  The extension gives PHP direct
 access to the vpopmail library and should only be run in a closed
 environment because it trusts any PHP user.  The daemon validates
 connections and limits access based on the current users' rights.

Nope, last i checked the vpopmail extensions in PHP USE the vpopmail
deamon and just make wrap around function for the sockets that need to
be opened and validation of data.

That is as far as i can read from the entire thread, but I am of course
totally wrong.


 snip auth backends

 If I wasn't in the process of preparing for a release, I might consider
 putting it up on a live server, and intend to do so right after release.
 If you already run a recent version of vpopmail, you should be able to
 compile the daemon and run it alongside your existing mail system.  I
 have no doubt you can use it for password changes on CDB very easily.


I will have a server i can use for random tests up one of these days.

 You have to use the SourceFORGE CVS version from HEAD to get the daemon.

http://sourceforge.net/projects/vpopmail/

 Then look at the utilities and the daemon interface here:

http://pmailadmin.sourceforge.net/


 (If you are adventurous, install the whole thing from CVS and let us
 know how it goes...  :)


Yeah, was gonna do that on my new test server just for shits and
giggles, ill let everyone know.

X-Istence
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAvAjuJukONu5DUaQRAs/AAJ4j65YgKyiS5AjNxcieNq3eDq2X1gCbBmHe
OyThbzsVFZ5VDYMbJVnVf/8=
=oVxz
-END PGP SIGNATURE-

Re: [vchkpw] Change passwd howto

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Patrick Donker wrote:
 Guys,

 I use qmail + vpopmail + courier-imapd + squirrelmail.
 My question is; what would be the easiest way to inplement a
 change-password option in Squirrel? I have found a plugin, but that is
 based on pam, which I dont use. I need something that uses vchkpw. My
 guess is that somebody on this list has solved this already before, so,
 why not ask ;) ?

 -Patrick


There is no need to post your question to the list twice, i am pretty
sure we all read it, and even if we did not, then nobody knowns the answer.

The easiest way? Well that all depends on how your vpopmail is setup.

Do you use MySQL? cdb? PGSQL? These are all determining factors.

For all of them there are different way's that it could be done. For the
cdb based one it would be a bit harder, but i bet it could be done some
way. Check out the new php module/vpopmail deamon method and see if that
could be an option.

So far, all I know of is that plugin that uses PAM.

X-Istence
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAue8JJukONu5DUaQRAipzAJ993eUizQU+FTDiJhthr1wjx+oVugCgnDPw
Cy4e3bm3o62wLNvp/ZgO6wc=
=MJ8r
-END PGP SIGNATURE-

Re: [vchkpw] Change passwd howto

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Patrick Donker wrote:
 Sorry for my double post, but I didnt see my first posting on the
 list, so I thought something went wrong...my bad apparently...
 Anyhow, I dont use any database backend, just plain old cdb. I did
 find something, but for that I have to recompile imap again, so that
 will be something for another day. If I got things working I'll post
 the solution on this list.
 -Patrick

That's okay.

For cdb there are these things you can do.

1) Wait till the PHP extensions fully work and the vpopmail deamon that
the PHP extensions use fully work

2) Set vpassword's setuid bit and have apache execute it as whatever
user apache runs under (NOTE: INSECURE, AND ALLOWS ANY USER TO CHANGE
ANY PASSWORD FOR ANY ACCOUNT UNDER ANY DOMAIN IN VPOPMAIL)

3) Write some wrapper around it, that first requires a username and
password thru some method and making sure there is no way that this
username and password can be found, and thus securely invoking vpasswd.

4) Using PAM authentication

5) Using MySQL/PGSQL instead of CDB.

X-Istence
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAup31JukONu5DUaQRAl3CAJ4+qxpee/thWeRMcMwILneks5xnEgCeMlrh
aLpZhhHly3GW+HCWjWSs3hk=
=DW52
-END PGP SIGNATURE-

Re: [vchkpw] Looking for patches

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Bill Gradwohl wrote [At least in part]:
 snip

 Then I vdeluser deleted the testuser and the .qmail-testuser file was
still
 there. Maybe I've got the .qmail file in the wrong place. ???

Both locations work.

 Should a user specific .qmail file be inside the domain directory or
inside
 the users directory?

It doesn't seem to matter, but have always made it a point to place them
inside the users directory.


 If it's inside the users directory, then vdeluser will nuke it. If it
has to
 be at the domain level, then it would be nice for vdeluser to nuke it
since
 there isn't any other possible use for that file.


For a workaround i would just suggest placing them in the users
directory :).

X-Istence

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAup7pJukONu5DUaQRAigGAKCT6hbVhyylEfCjfyswF7NUnyTyowCcDKzo
wsgGO2dziWuC6twkMoPRQLc=
=/hY1
-END PGP SIGNATURE-

Re: [vchkpw] User is over quota (whithout beeing over quota)

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Werner Amon wrote:
 Michael Bellears schrieb:

 My users are reporting me they are receiving a warning message that


 they are

 over their user quota, but they know they are not over quota.


 Which pop3 daemon do you use?
 If it is qmail-pop3d, have you patched it with the qmail-maildir++.patch
 from the contrib directory? By default it does not update the
 maildirsize file afaik.

 Werner


I hate to do this, but did you even read the thread starters message?

X-Istence
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAuIxsJukONu5DUaQRAnwmAJ4q9AIotYjdKANNdwwZoQHWBsDEvACdFlFB
OLjjooZ/ssXTUCCqh5DJpbo=
=9mTC
-END PGP SIGNATURE-

Re: [vchkpw] User is over quota (whithout beeing over quota)

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

[EMAIL PROTECTED] wrote:
 Hi guys,

 My users are reporting me they are receiving a warning message that
they are
 over their user quota, but they know they are not over quota.

Do note quote me on this, but i _believe_ the way to fix this is to
remove the quota file, and it should be rebuild on the next delivery.


 Do you know some issue related to maildir quotas and vpopmail?


Read the maillings list, it just doesnt work properly.


 Any comment/idea?

 Thank you,
 Bruno Negrao

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAuAq6JukONu5DUaQRAqJdAJ9Ua7XA2gxRFNHkG7bg9obU/PiQGwCfSAyi
73o/XoMlh6Nx30Rq/mXgj+4=
=Da8M
-END PGP SIGNATURE-

Re: [vchkpw] SMTP Auth HOW? *UPDATE* AMD64

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

DEBO Jurgen E. G. wrote:
 snip

 First, I suggest You verify Your authentication.  Start-tls is initiated,
 in that case the pasword has to be plain-text, not cram.


First off, starttls is not initiated, as then he would have had to enter
 starttls to start it in the first place.

Second, auth login takes a base 64 username and base 64 password which
he supplied.

Dont trust me on that? Please read the RFC's for it. If he was using
cram-md5 he wouldnt have issued a AUTH LOGIN. He would have issued a
AUTH CRAM-MD5.

- 

Anyways, id like to second anything the thread starter said. I have been
on the system myself (not like that matters, i know), but he has read
all the documentation, and anything there is to know about SMTP auth, so
its not a mistake some place.

For some reason something is going wrong some place, and i am thinking
it could be in the base64.c file, however i have no clue most of it.

I highly doubt its vchkpw as vchkpw gets handed just the info it needs,
and works with pop3, so it _should_ work with smtp auth as well.



-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAsTt9JukONu5DUaQRAkJaAJ9qSXy95Cej2AMBedJ9ohKKI51nHgCfcvpM
708uHSBbjo65tOpLZSRhabY=
=JDLs
-END PGP SIGNATURE-

Re: [vchkpw] Re: SMTP Auth HOWTO?

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Your first message, which started this flamewar.

 snip

 Roy,

 In the OLD days, people were happy with SMTP-Auth.  I consider it LESS
 security as SMTP after POP, because with SMTP-Auth, You sent Your
 e-mailadress and Your password of Your mailbox over the internet.
 When a man-in-the-middle catch this e-mail (or worse Your PW), he can
 use it for spam, or access Your mailbox.

Well, considering you send your entire email over the line to get access
to pop, this claim is not true. Just thought id bring this up, as
everywhere else you are suggesting that it is not true that you said that.

Hell, pop3-ssl would be the same as smtp-ssl both would allow secure
authentication.

SMTP after POP is a pain, and it doesnt help against these so called man
 in the middle attacks. Unless off course you would also provide a patch
to make it pop3-ssl, in which cause the next thing you say would be a
better solution.


 I suggest You use: SHUPP's version with netqmail like :

 fetch http://www.qmail.org/netqmail-1.05.tar.gz
 tar xzvf netqmail-1.05.tar.gz.tar
 cd netqmail-1.05
 ./collate.sh

 # patch with Shupp's TLS and SMTP-Auth
 fetch http://shupp.org/patches/netqmail-1.05-tls-smtpauth-20040207.patch
 patch  ./netqmail-1.05-tls-smtpauth-20040207.patch


So now that we have smtp-ssl, or smtps, how is SMTP after POP still more
secure? Why not just start an SSL connection and then auth with SMTP? I
dont see a difference at all. You brough POP in for no apperant reason
at all. Hell, id rather use SMTP auth than first pop and then sending
the mail, as its a pain in the ass to configure most mail clients to do
POP before SMTP.

 certificate:

 You can copy thoses (extension .pem) from :
 freeBSD, vpopmail stuff
 cd /var/qmail/control
 cp /usr/local/cert/ipop3d.pem servercert.pem
 ln -s servercert.pem ./clientcert.pem


Breached# ls /usr/local/cert/ipop3d.pem
ls: /usr/local/cert/ipop3d.pem: No such file or directory

hrm, thats FreeBSD BTW.

 Activate TLS by create a certificate, and You will be much better off
 to create an encrypted connecton to Your SMTP server by the SMTP Enc
 smtps   465/tcp#smtp protocol over TLS/SSL (was ssmtp)
 smtps   465/udp#smtp protocol over TLS/SSL (was ssmtp)

 snip 500 million line sig

X-Istence

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAr8DYJukONu5DUaQRAt+1AJ4rE88Og4vvjtJmrr6an0jCZYrduwCgk1C5
WKsxNOR6msDCJFK7wwaboqs=
=vm3x
-END PGP SIGNATURE-

Re: [vchkpw] SMTP Auth HOWTO?

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Brooks Roy wrote:
 I do not have an open relay.  I am trying to setup SMTP Auth.  It is not
 working.. When users try to auth, it just keeps asking for username
 password over and over.  Never sends.

How are they authentication? with [EMAIL PROTECTED] or just username?


 X-Istence wrote:

 Brooks Roy wrote:


 I have put in the patch as described in the contrib README and changed
 it to be /bin/checkpassword instead of vchkpw and I still have the
 same senario.



 What does your data.cdb or smtp.cdb look like that gets created from a
 file?

 Also, it should still be to vchkpw if you want to use vpopmail.


 This is what your run file should look like:

 exec /usr/local/bin/softlimit -m 1000 \
 /usr/local/bin/tcpserver -v -H -R -l $LOCAL -x \
 /usr/local/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD -u \
 $QMAILDUID -g vchkpw 192.168.5.50 25 \
 /usr/local/bin/fixcrio \
 /usr/local/bin/rblsmtpd -r relays.ordb.org \
 /var/qmail/bin/qmail-smtpd /usr/local/vpopmail/bin/vchkpw /usr/bin/true 


 Also make sure $QMAILDUID $MAXSMTPD and $LOCAL are set properly.


 I see that you have your /usr/local/vpopmail/etc/tcp.smtp.cdb, are you
 sure that is no causing the open relay? Try pointing it to one that only
 has:

 :allow

 in it, and see if you are still an open relay then.

 X-Istence


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFArmIMJukONu5DUaQRAmnpAKCCfD0TAifKW9/j9tV5u9PZRo8c4wCgk/B1
UPQrlLc6uG27pYQXT5Sh1kY=
=ry3M
-END PGP SIGNATURE-

Re: [vchkpw] vpopmail

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Clayton Weise wrote:
 If you're using maildrop it does.  Or at least, mine did.


Seconded.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFArmMDJukONu5DUaQRAhvgAJ4ksBb5c8cfyEPtxHt4sN4nPlh3xQCggcHS
qbN/f25i+Ji0kC0EHZ3WJOM=
=g8Ol
-END PGP SIGNATURE-

Re: [vchkpw] SMTP Auth HOWTO?

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Jeremy Kitchen wrote:
 On Thursday 20 May 2004 07:00 pm, blist wrote:
Here is my run tcpserver script for qmail-smtpd:

exec /usr/local/bin/softlimit -m 1000 \
/usr/local/bin/tcpserver -v -H -R -l $LOCAL -x \
/usr/local/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD -u \
$QMAILDUID -g vchkpw 192.168.5.50 25 \
/usr/local/bin/fixcrio \
/usr/local/bin/rblsmtpd -r relays.ordb.org \
/var/qmail/bin/qmail-smtpd ps1.prostream.net \
/usr/local/vpopmail/bin/vchkpw /bin/true 

Simple, remove the hostname, and all should be well.



 what's the value of $QMAILDUID in that script?

 also, if you take out the hostname you're an open relay, because you're
 authenticating with /bin/true

Wrong, vchkpw needs another program to change the directory for, check
the way qmail-pop3d works.

pop3-popup checkpasswrd realpop3 (Which is now in the users directory)

If vchkpw is not given another argument to execute after it auth's the
user, qmail-smtpd has no way to check if it was successfull.


 -Jeremy



-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFArV1GJukONu5DUaQRAt/SAJ9Ubh1+KnXuKN9p+AGtnz3OvPEi4wCgmS2k
lqa015oQi4ITRgNw0nECxRI=
=LOQ4
-END PGP SIGNATURE-

Re: [vchkpw] SMTP Auth HOWTO?

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


My apologies, the solution i provided *WILL* not work. Considering the
code still contains the hostname stuff.

What i suggest is you grab the patch from the vpopmail contrib
directory, it contains a copy that *will* work.

X-Istence
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFArV6EJukONu5DUaQRAuMQAJ4oPWzzYWeeAKRlYOop6DWxovBy/wCghqre
PvraZ1VWDiBT4Yx++8H0Xho=
=pS6m
-END PGP SIGNATURE-

Re: [vchkpw] SMTP Auth HOWTO?

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Brooks Roy wrote:
 So use the patch from the vpopmail contrib directory WITHOUT the
 hostname in the run script for tcpserver?

 Wont this make the server an open relay?

No, cause that patch doesnt require a hostname on purpose, as to many
poeple were unsure if it was needed or not. It is not needed, thus it
was removed. So no, you will not make yourself an open relay.


 X-Istence wrote:


 My apologies, the solution i provided *WILL* not work. Considering the
 code still contains the hostname stuff.

 What i suggest is you grab the patch from the vpopmail contrib
 directory, it contains a copy that *will* work.

 X-Istence
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFArWgSJukONu5DUaQRApA6AKCM+q+2R0ErkBTWX1AK+swrOrruLgCfbBZs
x1XaueBT++M1ovsaIvevqpw=
=Ubls
-END PGP SIGNATURE-

Re: [vchkpw] webmail

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Jeremy Kitchen wrote:
 On Monday 17 May 2004 05:29 pm, null wrote:

Hello folks,

  Ive been trying to find a webmail to use with qmail+vpopmail but im
afraid that i couldnt find. I used squirrelwebmail for ages (IMAP)
and now
I wanted one for my pop server. If anyone is using some web-mail that
seems
to be good please give me a hint!


 www.squirrelmail.org
 www.horde.org
 www.ilohamail.org

 -Jeremy



I would like to second the motion for the last link. Its an awesome
webmail client, and can fully do both IMAP and POP3.

X-Istence
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAqUX/JukONu5DUaQRAiYvAJ0RhN4nG/ibB4P/ZbGgZ+1lvMY/FQCfeMXS
nn19TOfYiuk733QbgaPWGGk=
=Ffqc
-END PGP SIGNATURE-

Re: [vchkpw] Problems with multi domains in vpopmail

[X-Istence]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Mário Gamito wrote:
 Hi,

 I've installed vpopmail, but i'm having problems with adding domains.
 The first one i add works just fine.

 From the second one on i get this error:
 Signal 1 caught by ps (procps version 2.0.13).
 Please send bug reports to [EMAIL PROTECTED]

 I've compiled vpopmail with --enable-many-domains=y

 What can be wrong ?

 Any help would be gratly appreciated.

 Warm Regards,
 Mário Gamito



PLease run:

strace ./vadddomain domain to add postmaster password

and give us the output.

This procps stuff, can you provide me more info about it? It seems this
is the first case that it goes wrong.

How did you compile vpopmail, what flags, did you use an rpm? Did you
set any special cflags or anything of that sort?

X-Istence
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAp3KYJukONu5DUaQRAlNkAKCY3xWCDAcBKSp5RYKhUEWIV8K8lgCgrAZW
IGSuAbB//6lCcAyhTQmLhtQ=
=Yh8Q
-END PGP SIGNATURE-

Re: [vchkpw] Qmail popmail and relay-ctrl problem

[X-Istence]

Paul Theodoropoulos wrote:
oh dear god. now we have to have this crap posted to the vchkpw list too?
Please keep your religion to yourself. Not everyone believes in a god.

top posting is not against the law, violates no RFC's, and has only 
become an issue in the last three or four years, due to a very vocal 
minority. top posting is not wrong, no kitties will actually die if you 
top post, and FURTHERMORE, the lengthy, badgering top post complaining 
about top posting is far more annoying and intrusive than top posting 
itself.
No, but it makes it really annoying to read list archives at sites that 
have the entire message. Cause it doesnt really let you know where new 
stuff is post compared to older info.

here's one for you x-istence - how about TRIMMING your posts. you've 
been posting to this list for a long time now, and half of your post 
consist of the entire, long original post, and your one liner at the 
bottom. a much, much older tradition on the net was that one should TRIM 
one's posts to include only the most relevant, quoted parts.
Sorry, i mostly do this, forgot this one time. Forgive me.

i find untrimmed posts annoying. shall i start berating the list every 
time you do it?
Sure. I couldnt care less.

apologies in advance, this kind of passive-aggressive control freak 
behavior gets under my skin.
So does top posting.

At 09:24 PM 5/7/2004, you wrote:

snip
Paul Theodoropoulos
http://www.anastrophe.com



X-Istence

Re: [vchkpw] Trouble with dotqmail2valias

[X-Istence]

Gabriel Ambuehl wrote:
Hi Gabriel Ambuehl,
you wrote.
GA Hi,
GA running vconvert -c -m works perfectly so I presume my settings are
GA correct. However, running dotqmail2valias -a (to add all domains)
GA will create the valias table but not enter any values into it.
GA What am I doing wrong?
Seems like dotqmail2valias has a bug and removes .qmail files even if
it couldn't add them to the DB (of which it suffered the first time).
I was using a copy of our live tree, phw.


Regards,
Gabriel
There is an ongoing project to move all the code from dotqmail2valias 
into vconvert as well, check the list archives. I dont think 
dotqmail2valias works as it was designed, or has a bug in it.

X-istence

Re: [vchkpw] Qmail popmail and relay-ctrl problem

[X-Istence]

Paul Theodoropoulos wrote:
sorry for the double post.

At 07:13 AM 5/8/2004, you wrote:

At 05:10 AM 5/8/2004, X-Istence wrote:

Paul Theodoropoulos wrote:


Paul Theodoropoulos
http://www.anastrophe.com





Thats quite allright.

X-Istence

Re: [vchkpw] Qmail popmail and relay-ctrl problem

[X-Istence]

[EMAIL PROTECTED] wrote:
Hi All

I have installed Qmail on linux 7.2 with vpopmail support and relay-ctrl 
patch. I am trying to pop my mails from that qmail mail on other 
application server through remote pop accounts procedure. When i give 
him user name as email and send password then Qmail server reject that 
password and append the IP after the email, although user name and 
password is correct, i check it manually on telnet.
But giving me error of that kind.

May  6 07:52:21 mail2 vpopmail[25532]: vchkpw: password fail
[EMAIL PROTECTED]:211.117.134.11_
What's and where it is wrong. bcz of ip concatenating pop server unable 
to authenticate that user. So any solution or setting to remove. There 
is nothingin application like that adding ip after the email.

Waiting for a good reply.
tx.
Zafar


The IP is added by vchkpw itself, and doesnt matter at all. Its for 
administrative purposes only.

X-Istence

Re: [vchkpw] Qmail popmail and relay-ctrl problem

[X-Istence]

Your message was top-posted.  Please configure your MUA to quote 
correctly before sending messages to mailing lists.  If you don't know 
what this means, read this: http://www.faqs.org/docs/jargon/T/top-post.html

To learn what quote correctly means, read this:
http://www.netmeister.org/news/learn2quote2.html
If you are using MS MUA, these free add-on packages can apparently fix 
their quoting style for you: 
http://home.in.tum.de/~jain/software/oe-quotefix/
http://home.in.tum.de/~jain/software/outlook-quotefix/

I've corrected your quoting for this reply, but will ignore further 
top-posted messages.

(Thanks charles, qmail list)

[EMAIL PROTECTED] wrote:
Send reply to:  [EMAIL PROTECTED]
Date sent:  Fri, 07 May 2004 15:01:58 -0400
From:   X-Istence [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject:Re: [vchkpw] Qmail popmail and relay-ctrl problem
[ Double-click this line for list subscription options ] 

[EMAIL PROTECTED] wrote:

Hi All

I have installed Qmail on linux 7.2 with vpopmail support and relay-ctrl 
patch. I am trying to pop my mails from that qmail mail on other 
application server through remote pop accounts procedure. When i give 
him user name as email and send password then Qmail server reject that 
password and append the IP after the email, although user name and 
password is correct, i check it manually on telnet.
But giving me error of that kind.

May  6 07:52:21 mail2 vpopmail[25532]: vchkpw: password fail
[EMAIL PROTECTED]:211.117.134.11_
What's and where it is wrong. bcz of ip concatenating pop server unable 
to authenticate that user. So any solution or setting to remove. There 
is nothingin application like that adding ip after the email.

Waiting for a good reply.
tx.
Zafar


The IP is added by vchkpw itself, and doesnt matter at all. Its for 
administrative purposes only.

X-Istence
Hi All,
Thanks for reply. But i am still unable to understand that why vchkpw added ip while 
pop my qmail account from other application, although i am using telnet, in which 
nothing ip added like that.
So plz tell me is it possible that i can remove or handle that. so That ppl can use pop account from qmail otherwise qmail will be ?

 
plz reply.

tx.
ZAFar


May  8 00:15:24 Breached vpopmail[83838]: vchkpw-imap: (PLAIN) login 
success [EMAIL PROTECTED]:10.10.10.55
May  8 00:15:25 Breached vpopmail[83840]: vchkpw-imap: (PLAIN) login 
success [EMAIL PROTECTED]:10.10.10.55

This is from my logs. It works as expected, your run scripts are either 
wrong, or you are sending wrong password.

X-Istence

Re: [vchkpw] MySQL error messages vpalias.c

[X-Istence]

Rick Widmer wrote:
My travels have finally brought me to the MySQL database module...  I am
working on improving the error messages returned by vconvert, as part of
the process of testing the MySQL back end.
The first thing I've noticed is that a number of errors call
fprintf(stderr) directly from the extension.  I would like to make them
record the error in a string, set errori and return the error code where
it is apropriate.  Then I have to look at the places it is called and
update the error handling there.  I would prefer to leave the formatting
of error messages up to the end user program:  ~vpopmail/bin/*,
qmailadmin, etc.
Any objections?

None, code cleanup is always nice :P. I am diving into the source every 
so often as well for jobs people ask me to do.

At first glance, it appers that vpalias.c, vmysql.c and vpgsql.c share
common functions.  It seems to me that if the code is in vmysql.c and
vpgsql.c it should also appear in vcdb.c and vpalias.c should not exist.
 It looks like there is some ifdef magic going on to hide the code in
this file.  It seems to me it would be better to add vpalias.c to vcdb.c
and add empty function definitions in the other auth back-ends.  Ifdefs 
would remain so you can still switch valias on or off with a ./configure 
option.

Should I move it to cdb.c?
Why not? Would be just as easy.



Next, there are two programs vconvert and dotqmail2valias that both
translate data from file to database, or from database to file.  Should 
I merge the programs into one.  Future conversions would then be one 
step.  If the users or aliases have already been converted, you just get 
duplicate warnings.

Merge them?
Yes, i was planning on doing this, but i dont have the time.



Rick




Useless stats on why not to listen to me:
0 patches to vpopmail
Just random blabbing :P
To busy to do it myself (I still think it needs to be done)
X-Istence

Re: [vchkpw] Troubles running make [SOLVED]

[X-Istence]

Tom Collins wrote:
On May 4, 2004, at 3:31 PM, X-Istence wrote:
Mabey its time to fix your server time.
This shouldnt happen.

If I don't build the tarball correctly, it will happen.
--
Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
Info on the Sniffter hand-held Network Tester: http://sniffter.com/

Ah, so its your mistake :P
ntpdate ntp.nasa.gov before you build the tar ball :P.
X-Istence

Re: [vchkpw] sending e-mail error

[X-Istence]

null wrote:
Hello folks,
 

Im having some odd problems with qmail+vpopmail in sending e-mails. I 
set everything correct in my mail client and I tried first to send 
e-mails to a mail account in my mail server and it worked just fine, I 
can log in and receive emails/attachments. When I try to send e-mails I 
get this error:

 The message could not be sent because one of the recipients was 
rejected by the server. Server response: '533 sorry, that domain isn't 
in my list of allowed rcpthosts (#5.7.1)'. (Account: 
'mail.6s-gaming.com', SMTP Server: 'mail.6s-gaming.com', Error Number: 
0x800ccc79).

snip
Thanks for all the help that comes!
Rgs,
Alex

http://scriptkitchen.com/qmail/553.html
X-Istence

Re: [vchkpw] Troubles running make [SOLVED]

[X-Istence]

Jeremy Kitchen wrote:
On Tuesday 04 May 2004 03:28 pm, Patrick Donker wrote:

have you tried:

touch *
in the root of the source tree?
-Jeremy
Thanks for this tip Jeremy; it solved my problem.
Only thing is that I dont understand why. I've looked at man touch, and
I know what it does, but dont understand why and how it solved my
problem(?). Maybe you can clue me in? If it is too off-topic for this
list, maybe you can explain it too me (briefly) by emailing me direcly?
Thanks and sorry for the impatience :)


man make

it describes how make uses timestamps to determine what needs to be built.  
Surely you can put that together with the information you got from 'man 
touch' and know why what you did fixed the problem.

-Jeremy



Mabey its time to fix your server time.

This shouldnt happen.

X-Istence

Re: [vchkpw] Re: strange behavior in from header.

[X-Istence]

Sebastien FOUTREL wrote:
Thank you for your informations Peter.
In fact, the mailto:; part in the From:, To: headers were added to my 
mail by my Mozilla Thunderbird when I pasted the original message to 
this mailing-list.

So, I should remove the @IP part by adding a -R to my tcpserver option 
and/or change my username from [EMAIL PROTECTED] to user%vhost or user+vhost ?

Peter Palmreuther wrote:

snip



The @IP should not be a problem at all. I sent a mail to over 1,000 
servers for a mailling list and i used SMTP auth to authenticate with my 
SMTP to send it, and it worked fine, EVEN though @IP is added. This 
includes quite a few french servers.

X-Istence

Re: [vchkpw] Re: strange behavior in from header.

[X-Istence]

Tom Collins wrote:
On May 2, 2004, at 8:03 AM, X-Istence wrote:

The @IP should not be a problem at all. I sent a mail to over 1,000 
servers for a mailling list and i used SMTP auth to authenticate with 
my SMTP to send it, and it worked fine, EVEN though @IP is added. This 
includes quite a few french servers.


If it's an ezmlm list, it strips all Received headers before sending the 
message out, and it handles all bounces (so you won't see them).

--
Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Its not though.

All headers stay in tact with the mailling list software that is used. 
They do it in case they have problems with spam, allowing most people to 
collectively come together and find where it origionated from.

X-Istence

Re: [vchkpw] Tip for using chkuser with Maildrop

[X-Istence]

tonix (Antonio Nati) wrote:
Jeremy,

why does the actual suck?

It's the first time I hear that.

Tonino

At 29/04/2004 29/04/2004 -0500, you wrote:

On Thursday 29 April 2004 09:49 am, tonix (Antonio Nati) wrote:
 P.S. I'm studying for version 2.0 of chkuser, this could be another 
issue.

please make it not suck (like the current one does), that's all I ask.

-Jeremy

--
Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet 
Technologies, Inc.
  [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 
int'l
kitchen @ #qmail on EFNET ++ scriptkitchen.com/qmail



[EMAIL PROTECTED]Interazioni di Antonio Nati
   http://www.interazioni.it  [EMAIL PROTECTED]



The code is one big ball of messyness.

X-Istence

Re: [vchkpw] Cdb and mysql auth modules at a time?

[X-Istence]

Cesare D'Amico wrote:
snip

Ciao
 ce


Not possible. At this time.

X-Istence

Re: [vchkpw] vpopmail + postfix

[X-Istence]

Paulo Fragoso wrote:
Hi,

How can we setup vpopmail to work with Postfix? Is necessary have qmail 
installed too?

Thanks,
Paulo.

vpopmail was created for qmail only, postfix and qmail are two different 
MTA's so this is not a solution you can use with postfix.

X-IStence

Re: [vchkpw] Upgrading vpopmail

[X-Istence]

Christian Reeves wrote:
I am/was running vpopmail 5.2.1 and want to upgrade to 5.4.3.
I read the FAQ about upgrading and it seems pretty straightforward. I backup
up the recommended dir's, downloaded the latest stable release, compiled
with the same options I did when installing the current running version, did
make, then make stripNow, the touch times on /vpop/bin/* indicate the
files were replaced by the newer version's files but I'm not so sure I got
the job done. All seems to be working fine though.
1. How do I know definitivley that I'm runnin the newer version?
2. qmailadmin reports the older version on it's login screen. Is this a sign
the upgrade didn't take?
No, its a sign that you didnt recompile qmailadmin like your supposed to.

I did the upgrade to overcome a bug I've posted about but never received a
response on. The bug is that when I run 'vdeldomain', it deletes the domain
fine but then the permissions on /var/qmail/control/rcpthosts gets changed
to 600. Weird...so I though getting the newest release would be a good place
to start.
Christian

Re: [vchkpw] vdelivermail is soo slow..

[X-Istence]

Brian wrote:
Hello All,

I'm at a loss and all I can come up with is this:

last pid: 70373;  load averages:  4.32,  3.48,  3.53
up 33+19:31:48  09:32:36
148 processes: 26 running, 122 sleeping
CPU states:  5.6% user,  0.0% nice, 94.0% system,  0.2% interrupt,  0.2% 
idle
Mem: 125M Active, 262M Inact, 67M Wired, 19M Cache, 61M Buf, 28M Free
Swap: 512M Total, 512M Free

  PID USERNAME  PRI NICE  SIZERES STATE  C   TIME   WCPUCPU COMMAND
93447 www18   0 15384K 13288K lockf  1   3:06  2.20%  2.20% httpd
68988 vpopmail   56   0  1376K   944K RUN1   0:00 17.94%  1.71% 
vdelivermai
snip

Ouch, that looks painfull. Do the messages get delivered at all?



This is a snapshot from top as I'm trying to send an email to a local 
ezmlm list that goes to about 50 local people.
This shouldnt be slow at all. I have a mailling list that goes to 300 
local people, with vdelivermail and never have this problem, however, i 
do not use MySQL.

I get 50 vdelivermails (which is fine) but they are all slow to deliver.

I've had this server for almost a year (dual 933's 512Ecc U160 drives) 
and it does nothing but qmail+vpopmail and a webmail client.

I have clam antivirus and spamassassin which I'm calling through 
qmail-scanner.

this is my tcp.rules file:

127.0.0.:allow,RELAYCLIENT=,RBLSMTPD=,QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue 

192.168.1.:allow,RELAYCLIENT=,RBLSMTPD=,QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue 

:allow,QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue
This is useless to us if its vdelivermail that is screwing up and not 
qmail-smtpd.


snip


and yesterday I was getting intermittent errors like this:

2004-04-06 09:28:48.197123500 delivery 19551: deferral: 
vmysql:_sql_error[1]:_Can't_create_database_'vpopmail'._Database_exists/
2004-04-06 09:28:48.211717500 delivery 19534: deferral: 
vmysql:_sql_error[1]:_Can't_create_database_'vpopmail'._Database_exists/
2004-04-06 09:28:48.232450500 delivery 19544: deferral: 
vmysql:_sql_error[1]:_Can't_create_database_'vpopmail'._Database_exists/
This cant be good.


snip
but so far today things have been ok.. except that vdeliver mail is *so* 
high..

Have you tried recompiling vpopmail from scratch/ports tree, and 
installing a new copy. It shouldnt make a difference, but if it does 
then something was wrong with your old binaries.

2004-04-07 09:41:06.857760500 delivery 956: success: did_0+0+1/
How long does it take approxamitly for each mail to be delivered with 
vdelivermail? And do you have it compiled with the spamassassin patch or 
not.

This is on a FreeBSD 4.9-p3 system ( I know I have to patch to p4 )

Go patch yourself :P

vpopmail-5.4.0 and mysql 3.23.57 (compiled for freebsd 4.8)

Should be fine.

Uptime: 23 hours 32 min 43 sec
Threads: 3  Questions: 18086  Slow queries: 0  Opens: 19  Flush tables: 
1  Open tables: 13 Queries per second avg: 0.213

TIA

- Brian


X-Istence

Re: [vchkpw] vpopmaild - errors on login

[X-Istence]

Marcin Soltysiak wrote:
- Original Message - 

I see you have different error messages during login for:

invalid email address

user does not exist

invalid password



It might be better to return the same message for all so the hostile 
hacker can't learn as much about your users.


Good point. I'd suggest 

- ERR XXX Login invalid

 to stdout and detailed info to syslog

Solt


Its using tcpserver, so why not to multilog. I personally try to limit 
as much as possible the use of syslog.

X-Istence

Re: [vchkpw] test copy of vpopmaild.c

[X-Istence]

Ken Jones wrote:
Anyone want a test copy of vpopmaild 
before it gets posted? It could use another
set of eyes.

Ken




Sure, shoot me a copy this way :)

X-Istence

Re: [vchkpw] proposed vpopmaild commands/usage

[X-Istence]

Iavor Raytchev wrote:
Guys,

I am in hospital at the moment - one of the muscles of my left leg refused
to work and the doctors look for the reason.
Get better first, then think about this, its a second priority.

I could not read all posts - I would just like to tell you that two more
people are interested in this daemon - and they want to write it - so it
seems that this project has the unique chance to be something supported by a
broad community of top people. I have never managed such huge community
effort, so I have no idea about the dynamics. I only hope that personal
pursuits will not allow any of the great people interested in the daemon to
be lost.


Ken Jones has allready written one, and was releasing a beta on Monday, 
we shall see how that goes.


I'll try to come back to the list on Monday.

Until then - best to all,

Iavor



X-Istence

Re: [vchkpw] indirect reasons for 5.7.1? - behavior confirmed

[X-Istence]

Kurt Bigler wrote:
snip
The plot thickens.  sockstat produced no output, apparently a limitation of
the virtual server implementation.  Inquiring into this, the parent server
apparently had default processes answering (stupidly) when virtual server
email servers were not running.  The administrator fixed this with a quick
configuration change, and now everything behaves as expected.
Thanks for your help, which lead to the resolution.  Still a mystery to me
why a default SMTP answerer would respond with 5.7.1.  I inquired about that
but got no reply yet.
-Kurt



Well, that is an easy one, if they are running qmail as well, it would 
answer with a 5.7.1 meaning your domain is not in their rcpthosts.

X-Istence

Re: [vchkpw] vpopmail 5.4.x + SMTP AUTH + TLS

[X-Istence]

Jøran Kvalvaag wrote:
Hi,

Can someone merge the SMTP AUTH patch that is in the contrib directory with
a TLS patch such as this one for netqmail-1.05?
http://inoa.net/qmail-tls/netqmail-1.04-tls-20040120.patch



Like this?
http://shupp.org/patches/netqmail-1.05-tls-smtpauth-20040207.patch
--
JKvalvaag

Was about to reply saying search on google, there is one allready :P.

X-Istence

Re: [vchkpw] Encryption

[X-Istence]

Cory Barton wrote:
Hello,

I am currently working on setting up an extranet site for my company. I 
would like to import the information from the mysql vpopmail db into the 
cms's (Content Management System) user database, however the cms db 
stores passwords like so: 7729ca956c9bdb1ea9e498ebeb57ffda
However the passwords in the vpopmail db are stored like so: 
$1$D065m$p8ZGr5V/L.rnHmYvi1KAu/

So I was wondering if anyone knows of a way that I can:
1. Convert the passwords in the vpopmail database to work with the other 
database (without making changes to the email system)
or
2. Change the way the email system stores its passwords to match the way 
the cms stores its passwords. The cms uses php.

Thanks for the help




Well, let me answer this one.

The first one is MD5 generated, the second one i believe is general 
crypt generated. What this means is that you would either need to 
rewrite the CMS so it accepts crypt'ed passwords, or rewrite vpopmail to 
instead of crypt use MD5, as there is no way to convert one to the other.

X-Istence

Re: [vchkpw] php vpopmail daemon etc. - developing story

[X-Istence]

Rick Macdougall wrote:
Hi,

Ken Jones wrote:

I've been thinking about this and I think the daemon is definitly the
way to go. If Rick can't release the code I can write one. I think
the protocol could be like this:


I found the code and although it is not as pretty as I remember it is 
available for release.  It's in php with a tcpserver front end.  It 
currently lacks user authentication though.


From then on we could pass commands like:
For admin accounts:
vadduser [EMAIL PROTECTED] pass
vdeluser [EMAIL PROTECTED]
vadddomain domain postmaster-pass
vdeldomain domain


Very easy to add modules to the server, just add a case statement.

I already have server code to handle this kind of daemon
in both single threaded and multithreaded modes.


Since it's written in php, and uses tcpserver as the socket connector, 
it should scale quite well.

Regards,

Rick



Now what i want to ask is, could we write it efficiently. As i would 
want to deploy this over multiple servers, and having everything written 
out in normal ASCII would be a waste of bandwidth (all bytes count), i 
think that we should make it binary communication, just like DJB is 
trying to do with IM2000.

just my 0.02$.

X-Istence

Re: [vchkpw] php vpopmail daemon etc. - developing story

[X-Istence]

Marcin Soltysiak wrote:
Ken Jones wrote:

I've been thinking about this and I think the daemon is definitly the
way to go. If Rick can't release the code I can write one. I think
the protocol could be like this:
I found the code and although it is not as pretty as I remember it is
available for release.  It's in php with a tcpserver front end.  It
currently lacks user authentication though.

From then on we could pass commands like:
For admin accounts:
vadduser [EMAIL PROTECTED] pass
vdeluser [EMAIL PROTECTED]
vadddomain domain postmaster-pass
vdeldomain domain
Very easy to add modules to the server, just add a case statement.


I already have server code to handle this kind of daemon
in both single threaded and multithreaded modes.
Since it's written in php, and uses tcpserver as the socket connector,
it should scale quite well.
How about security? If we got it secures by SSL we coiuld use it on multiple
servers from one console. Rick, could you post a URL to the code?

That sounds good. Of course as a C programmer I'd prefer it be
written in C linking in the vpopmail API. I'd like to take a swing
at building it in C over the weekend.  vmailmgr has something
like this already, including a php module to talk to it. Perhaps
we can re-use some of that code.


That woudl be the best way. However, then we'd need a PHP API to use in
web-apps
Solt



why? We could talk to it using normal sockets. I dont see why it would 
require a special API to talk to a normal deamon on a TCP/IP. Even Unix 
sockets.

X-Istence

Re: [vchkpw] php vpopmail daemon etc. - developing story

[X-Istence]

Rick Widmer wrote:
snip
[1] Maybe it is my age showing, but it seems to me you want daemons lean
and mean, and having to load the whole PHP interpreter just doesn't do
it for me.  (This is from someone who usually prefers to do everything
in PHP.)
I agree.

X-istence

Re: [vchkpw] php vpopmail daemon etc. - developing story

[X-Istence]

Rick Macdougall wrote:
Ken Jones wrote:

On Friday 02 April 2004 1:27 pm, Rick Macdougall wrote:

That sounds good. Of course as a C programmer I'd prefer it be written 
in C linking in the vpopmail API. I'd like to take a swing
at building it in C over the weekend.  vmailmgr has something
like this already, including a php module to talk to it. Perhaps
we can re-use some of that code. 


Fine by me, although I'd prefer a C daemon myself, I do find php easier 
to read and to debug.

Regards,

Rick



C is smaller, and leaner. Id rather have it in C than PHP, running 
spamassassin allready eats server resources cause of perl, lets not get 
a PHP deamon written that needs PHP to run.

X-istence

Re: [vchkpw] php vpopmail daemon etc. - developing story

[X-Istence]

Ken Jones wrote:
On Friday 02 April 2004 2:32 pm, Iavor Raytchev wrote:

Hello everybody,

As it seems that the daemon idea prevails - what about a 'home' for the
daemon?
When I spoke to Boian Bonev (one of the authors of the php vpopmail
extension) he was absolutely for the daemon idea, but he said that it is
very important to decide about its home -
Is it going to be somewhere around vpopmail or somewhere around php or
somewhere around itself.
In certain way it somehow belongs to all these places.

As in addition to a home - it will need also a group of people who believe
in it - the place where it lives should be easily accessible.
Would be best to open a Sourceforge.net project and open a wiki for an easy
white board?
Iavor


I'd like to keep it in the vpopmail project. The daemon could be part of
the regular code and the php client module could be part of contrib?
I really like the idea of a wiki, too bad we don't have one for vpopmail.
Ken




This would cause problems. Then it would not be in PHP releases, and 
only in the contrib directory, thus making it still an remote option 
and not likely a widely adopted one.

X-Istence

Re: [vchkpw] indirect reasons for 5.7.1?

[X-Istence]

Kurt Bigler wrote:
This is regarding qmail + vpopmail 5.3.12 running under tcpserver, on
FreeBSD 4.6.1.
My server was bouncing *everything* with 5.7.1, that is including stuff that
should have been delivered to domains hosted by my server.
5.7.1 can mean a domain is not on your rcpthosts list. 
/var/control/rcpthosts

I panicked and just rebooted my server (because reboot is very quick and it
is the most reliable way to fix a bunch of things quickly without having to
take time to identify a problem), and thus lost some of the evidence.
Reboot should be your last thing to try, what if it was more serious and 
the box never came back up?

But I am suspicious based on previous expeirences that if a certain process
dies that some process starts responding to all smtp requests with 5.7.1.
Or is there any other obvious reason why qmail might go into a permanent
5.7.1 mode?
Check rcpthosts, restart qmail-smtpd, only things that would affect a 
5.7.1. Which means permanent error, or permanent not allowed.

Thanks for any thoughts, and sorry to be so lacking in info.  I did do a
quick ps when I discovered the problem and I'm pretty sure that the
tcpserver process involving qmail-smtpd was probably not there.  I only
remembered it should have been there after rebooting and doing another ps.
Is there some default mode for smtp connections that takes over under such a
circumstance?
Well, if your SMTP service was not there, your server could not be 
accepting mail, thus there would be nothing to bounce. Thus it would not 
be able to create 5.7.1 bounces in the first place.

Thanks,
Kurt Bigler

Re: [vchkpw] indirect reasons for 5.7.1? - behavior confirmed

[X-Istence]

Kurt Bigler wrote:
snip


I confirmed that if I kill this process (line from ps output):

  qmaild86243  0.0  0.1   904  360  ??  SNJ   3:05PM   0:00.09
tcpserver -v -H -R -lvps.breathsense.com -x
/var/vpopmail/etc/tcp.smtp.cdb -c200 -u1003 -g1001 0 25 fixcrio
/var/qmail/bin/qmail-smtpd
that incoming SMTP attempts are greeted by a 5.7.1 error.

Does anyone understand how this happens?

Thanks,
Kurt Bigler




Well, considering that is your SMTP service, it looks like another 
server on the same system is taking over, or you configured something wrong.

since its freebsd, take a look at:

sockstat -4, and look for port 25 and what process has it in use if you 
kill that process you mentioned.

X-Istence

Re: [vchkpw] php vpopmail daemon etc. - developing story

[X-Istence]

Doug Clements wrote:
Iavor Raytchev wrote:

[snip]
X-Istence wrote:
Now what i want to ask is, could we write it efficiently. As i would
want to deploy this over multiple servers, and having everything
written out in normal ASCII would be a waste of bandwidth (all bytes
count), i think that we should make it binary communication, just
like DJB is trying to do with IM2000.
[snip]

We must write it efficiently and with all (as many as possible)
aspects in mind. If we create the next thing that 'works, but...' -
it would be not very useful.


Efficiency is good, but you lose a lot of debugging ease when you go to
binary protocols. How many times have you used telnet to debug pop and smtp
sessions? Converting to binary communications does not save that much
bandwidth at all, and for a large price of complexity.
--Doug
I have written apps to test certain stuff for me. Telnet on windows at 
the time was horrible, and would not work for what i wanted. But good point.

X-Istence

Re: [vchkpw] call for scripts/tools

[X-Istence]

Brad Davis wrote:
On Monday 22 March 2004 19:18, Charles Sprickman wrote:

Hi,

I'm finally settling in to a nice vpopmail install, and I'm trying to help
our support staff deal with this wildly different system (the old
mailserver was sendmail/uw-imap).  There were a number of shell scripts
and whatnot on the old server to show things like what aliases from any
hosted domain pointed to what accounts, mail usage reports, etc.
Before I go nuts and re-invent the wheel, does anyone have anything that
could either go in the contrib directory of the vpopmail distribution or
perhaps somewhere on the sf.net site?
Some handy things I have in mind:

-alias mapper (something to show what aliases go where)
qmailadmin
-quota report (who is over quota at the moment, who's approaching quota)
qmailadmin
-.qmail checker (look for completely bogus/illegal .qmail files, verify
that somewhere in each domain vdelivermail is called)
None yet
-any log parsing tools that deal with vpopmail's mysql logging
None yet
-any web tools beyond qmailadmin/vqadmin
None yet
There's more, but I'm curious what people have and what you'd like to
publically share.


Hi Charles,

I'd like to see what you find. Maybe we could have a repository of tools like 
these on sourceforge.

Regards,
Brad Davis

Re: [vchkpw] call for scripts/tools

[X-Istence]

Rick Macdougall wrote:
Hi,
snip
I have a couple of these in production including a showqueue script 
(handy for adding domains to badmailfrom), and showsmtpip script (handy 
for blacklisting IP spammers).

If someone wants to setup a sourceforge account I'll gladly donate them 
and write up some others.

Regards,

Rick
Just post em to the vpopmail sourceforge site, its a quick easy thing to 
signup, and then post em to be added to the contrib directory.

X-Istence

Re: [vchkpw] spamassassin features added to cvs version

[X-Istence]

Ken wrote:
On Sunday 14 March 2004 6:42 pm, X-Istence wrote:

snip
-gx enable automatically deleting email marked as spam
Do we get to set the limit? Like i prefer to not delete anything over 4,
but delete anyting higher than 8. If we delete anything marked as spam,
it would delete at level 4, which is not what i would like, as i have
one or two messages daily that are from family and friends that are at
that level, but i cant whitelist them all one by one. Anything over 8
would really be spam, and i could care less about them.


You could always whitelist_from email from family and friends
then delete everything over 4. That's what I do. Seems to
work really well. We are going to start integrating control
over the user_prefs file into qmailadmin, so you could 
manage your whitelist_from lists.

Thats exactly what i had hoped to avoid, i have a lot of family and 
friends, and adding them one by one, and then email adress changes is 
kind of hard. I will look into adding a patch to put the double check in 
place, so that it has the functions that i am looking for, and allows 
them to be turned on and off at will, also specifying a limit.

snip

X-Istence

Re: [vchkpw] spamassassin features added to cvs version

[X-Istence]

Ken Jones wrote:
I added the spamassasin features to the cvs version today.

New configure option:
--enable-spamassassin 
With this option, spamassassin is turned on by default

New vmoddomlimits options
-gc disable spamassassin for whole domain
-gx enable automatically deleting email marked as spam
Do we get to set the limit? Like i prefer to not delete anything over 4, 
but delete anyting higher than 8. If we delete anything marked as spam, 
it would delete at level 4, which is not what i would like, as i have 
one or two messages daily that are from family and friends that are at 
that level, but i cant whitelist them all one by one. Anything over 8 
would really be spam, and i could care less about them.

New vmoduser options
-f disables spamassassin for a user
-F enable automatic deletion of email marked as spam for a user
To make it as clean as possible and support individual users
spam assassin preferences, it only calls spamd when writing
the email to a users Maildir. It uses the spamassassin vpopmail
features to read a users .spamassassin/user_prefs file. And uses
spamd with a unix socket. Right now the spamd options are
hard coded in vdelivermail.c
using spamc right?

I found some problems with the current SpamAssassin 2.63 code
for automated creation of user_prefs files. I'll post the patch to
vpopmail source forge and submit it to the spamassassin folks.
I had posted a patch for this before, but it was rejected, for some 
reason it is unable to create it at the moment, and it causes 
spamassassin to hang for ages (over 300 seconds per message) for some 
unknown reason before just letting it pass.

We have been using the code in production for weeks with
no problems. So hopefully it will work for you.
Good to know :)

Ken Jones


X-Istence

Re: [vchkpw] Spamassassin: i wish..

[X-Istence]

Cristiano Deana wrote:
Now spam threshold is hardcoded with --enable-spam-threshold=15
shouldn't be better to put it in vlimits.default?

I think this should be made an option, if it is not set, look for 
vlimits.default, if it is set, then use it hard coded, i prefer that as 
i dont want vdelivermail to open files each time it runs, which can be a 
lot of times, as i get a lot of mail, id rather have it hard coded.

X-Istence

Re: [vchkpw] Spamassassin: i wish..

[X-Istence]

Ken Jones wrote:
On Friday 12 March 2004 6:35 am, Cristiano Deana wrote:

Il giorno Friday 12 March 2004 12:53, X-Istence mi scriveva:

Now spam threshold is hardcoded with --enable-spam-threshold=15
shouldn't be better to put it in vlimits.default?
I think this should be made an option, if it is not set, look for
vlimits.default, if it is set, then use it hard coded,
Yes, better.
Very well.


In the patch I have based on the BSD patch, it uses
the required_hits in the system global setting, normally in 
/etc/mail/spamassassin/local.cf and can be overriden by
a users .spamassassin/users_pref file. So there is no
need for an --enable-spam-threshold option. Spamassassin
adds a header X-Spam-Flag: YES if the email goes over
the required_hit count. 

I'm going to try and add the code to the cvs version over the
weekend. 

Ken Jones





The BSD code had a hard set limit, with the --enable-spam-threshold=15, 
which means that anything over 15 would get DELETED, and not just 
tagged, which is what SA does normally.

See, i like to have anything over 4 points tagged, then if for some 
reason, it is really spam, it will reach the 10 points i set with the 
enable flag, and vldelivermail will delete it instead of writing it to 
disk. Its one way i have kept my mail box clean of a lot of crud, as 
really, i dont want it to be saved if it is just spam.

X-Istence

Re: [vchkpw] Spamassassin: i wish..

[X-Istence]

Jeremy Kitchen wrote:
On Fri, 2004-03-12 at 14:35, X-Istence wrote:

Ken Jones wrote:

On Friday 12 March 2004 6:35 am, Cristiano Deana wrote:


Il giorno Friday 12 March 2004 12:53, X-Istence mi scriveva:


Now spam threshold is hardcoded with --enable-spam-threshold=15
shouldn't be better to put it in vlimits.default?
I think this should be made an option, if it is not set, look for
vlimits.default, if it is set, then use it hard coded,
Yes, better.
Very well.


In the patch I have based on the BSD patch, it uses
the required_hits in the system global setting, normally in 
/etc/mail/spamassassin/local.cf and can be overriden by
a users .spamassassin/users_pref file. So there is no
need for an --enable-spam-threshold option. Spamassassin
adds a header X-Spam-Flag: YES if the email goes over
the required_hit count. 

I'm going to try and add the code to the cvs version over the
weekend. 

Ken Jones





The BSD code had a hard set limit, with the --enable-spam-threshold=15, 
which means that anything over 15 would get DELETED, and not just 
tagged, which is what SA does normally.


does normally?  SA is only used for tagging mail.  You can send me a
GTUBE email and it won't get deleted, even with a score of 1000.

See, i like to have anything over 4 points tagged, then if for some 
reason, it is really spam, it will reach the 10 points i set with the 
enable flag, and vldelivermail will delete it instead of writing it to 
disk. Its one way i have kept my mail box clean of a lot of crud, as 
really, i dont want it to be saved if it is just spam.


yea, I like that sort of dual threshold setup as well.  Perhaps
spamassassin could be made to have dual thresholds and have like a
X-REALLY-SPAM: header.  I prefer not trying to compare values, but check
for 'flags' personally.
-Jeremy

Well, spamc somehow returns the amount of points it got some how, and 
that is how it gets deleted.

X-Istence

Re: [vchkpw] vuserinfo quotas delay

[X-Istence]

Alex Borges wrote:
I have a vpopmail+qmail

Vpopmail has been upgraded to 5.2.1 and well... i send a large email to
an account and it gets there fine...BUT vuserinfo does not report the
usage increase correctly i assume some quota file is corrupt or
something...
What can i do to fix this?


A lot of issues were fixed in 5.2.2 or, even in 5.4.3 (Which is the new 
stable, 5.5.0 is the new development.). You could try those.

If anything, just go to the users Maildir, and delete the quota file, 
and recreate it with vusermod, or whatever that one tool is called (I am 
at school, sorry).

X-Istence

Re: [vchkpw] Re: vpopmail - stunnel

[X-Istence]

Peter Palmreuther wrote:
On Wed, Feb 25, 2004 at 01:45:53PM -0500, Jeff Koch wrote:

I have started seeing stunnel processes owned by vpopmail in the process 
log. Can anyone explain what that's about? or should I be concerned?

vpopmail  6977  0.0  0.0  3272  848 ?SFeb19   0:00 
/usr/sbin/stunnel -f -p /var/qmail/control/servercert.pem -l /var/qma


Probably POP, IMAP or SMTP over SSL.  If you get a longer listing (ps 
auxw) you'd probably see that it's qmail-popup or qmail-smtpd running.


Thanks. That's interesting. So we can do encrypted smtp and pop or imap 
sessions without bothering with PGP? 


PGP does not encrypt a 'SMTP|POP3|IMAP4' /session/, but the /message
content/.
SSL in fact does only encrypt the 'session', i.e. the transfer from
'client A to server B'.
PGP ( Co.) protects your mail being read from /anybody/ without proper
key, SSL protects your mail from being intercepted and read on transport
over SSL encrypted path. This means: if you SSL connect your primary
SMTP server your message is 'safe'. If this very server send the mail
out using a not SSL protected connection anybody else can again reasd
it, if he somehow manages it to fetch the packets.

Any idea which email clients support that?
 
There're some: Lookout Quickly can do, IIRC, so can 'The Bat!',
'Pocomai', 'Becky' and Eudora (to name the Windows fraction). Some of
them even can 'STARTTLS'. For *nix there also a few: I know at least
about 'mutt' and 'Sylpheed', but I'm quite sure 'Evolution' has SSL
support as well, if not it's on the straight way to having it.
Forgot to mention the lovely ThunderBird, which runs on both windows and 
Linux, BSD, Solaris, and many more. Its nice and fast, and easy to use.	

SSL for mail issues at client side is not that uncommon anymore, albeits
it's use is rather limited. It can be of use if you send/receive your
mail using an external SMTP/POP3/IMAP server and do not want your ISP to
be able to read it.
For any unkown term or program: use Google to locate it or it's meaning,
I'm to lazy to provide all applicable URLs. :-)

Re: [vchkpw] OFFTOPIC! how come ppl don't start new threads when creating mails??

[X-Istence]

Raboo Treed wrote:
how come ppl don't start new threads when creating mails??

or is my mail client broken?

/Raboo



Looks like you as well need to not start threads in the middle of an old 
one.

As you just did what you said you didnt like.

X-Istence

Re: [vchkpw] Re: [qmailadmin] Re: PHP vpopmail extension

[X-Istence]

Rick Widmer wrote:



Existence wrote:

Rick Widmer wrote:

That is what i meant, not everyone is able to have a special server 
just for mail, and thus running Apache as vpopmail:vchkpw is not an 
option. If you created some sort of deamon that allows you with 
public and privatekey's to communicate. Then you can run apache as 
www:www and not have to worry about users being able to alter 
vpopmail stuff cause of the mail server running under vpopmail:vchkpw.


It is very easy to start a second instance of Apache.  Just create a 
second httpd.conf file with different users, different DocumentRoot 
and add Listen directives to both httpd.conf files specifying which 
ports and IP addresses each server handles.

The more I think about it the more it looks like the most secure 
solution.  (Other than a separate mail server.)
I personally dont like the idea that i have to use resources on two 
running Apache's, but it is indeed possible.



A binary that handled a few information retrieval functions is probably
all that would be needed.  I think there would be about 4-6 
functions it
should be able to return data from.  I actually considered writing it
before I decided to attack the PHP extension.

For the rest we may as well exec the existing progtrams and not
re-invent existing functionality.  I've already got a PHP program that
manages mail domains that way, but it reads the ~vpopmail/domains/
directory to get all its information.
Well, what i meant is that having one binary that can do everything 
in one, is easier than having to run several different commands each 
time to add or remove domains, and having to parse different output 
each time.

I personally might start on this, if i get the chance, as it would be 
a lot better than running apache as the mail user, when other there 
are other websites on it.


If you do, please be sure to implement security within your program. 
Each page hit the php program needs to pass user supplied credentials 
so you can verify the user.  The vpopmail library does not do this 
security checking, so you have to.  If the vpopmail library becomes 
directly available to anyone running as www:www, they can do ANYTHING 
to your mail accounts.
Yeah, that much i have figured out :P.

I would use http auth, and then use the checkpasswd implementation in 
this long running deamon, to check if it is correct or not, if it is not 
correct, we drop the connection, if this happens 3 times in a row, that 
user is disallowed to contact the deamon again, until they have waited 1 
hour.

Rick

Re: [vchkpw] Re: [qmailadmin] Re: PHP vpopmail extension

[X-Istence]

Rick Widmer wrote:



X-Istence wrote:

Rick Widmer wrote (At least in part):


I am adding the following functions to vpopmail:
valias_select_names, valias_select_names_next, valias_select_names_end
Kinda like C++'s std::vector things, allowing you to walk thru an 
array of aliased domain names.


I don't know about std::vector, this is stolen from valias_select_all()
and valias_select_all_next().  I wanted just the alias names, preferably
sorted.  Since it is so easy from any of the database front ends, I
decided to sort the names for cdb and say vpopmail always returns them
sorted.  That is very handy for QmailAdmin... it does't have to sort 
them.
Makes sense. Would make it a whole lot easier to parse the names coming 
at you, and no need to allocate more memory for sorting and then 
outputting it, output as it comes along.



Submit a patch on sourceforge is what tom would say :P


Already done...  :P   [ 895348 ] Ordered Alias Names for cdb


I am testing the extension running PHP as an Apache module, with 
Apache running as vpopmail:vchkpw.  I think it should also run from 
CGI as long as it is run as the vpopmail user.  I don't see any way 
to get around running as the mail system user, and considering how 
easy it is to setup a separate instance of Apache I don't see any 
reason to worry about anything else.  If you don't agree, now is the 
time to show me a better way.


How about a public private key sort of thing like SSH?


For what?  As I see it the vpopmail extension for PHP is for web servers
that are running on the mail server, like QmailAdmin or sqWebmail are
run now.  Since everything is done by one process I don't see any need
for fancy communications in the extension.
That is what i meant, not everyone is able to have a special server just 
for mail, and thus running Apache as vpopmail:vchkpw is not an option. 
If you created some sort of deamon that allows you with public and 
privatekey's to communicate. Then you can run apache as www:www and not 
have to worry about users being able to alter vpopmail stuff cause of 
the mail server running under vpopmail:vchkpw.



Using named pipes as a means to talk to each other. This would 
require a deamon. 


If I had that daemon, I wouldn't bother with an extension.  It would be
much easier to code a library in PHP to accesses the daemon.
Hitting something like this via a SSH tunnel would be very cool! You
could manage a mail server from many web servers.  It is serious
overkill for what I want.  This little project is about using PHP for
prototyping the user interface for QmailAdmin 1.3.

Or even, just exec, and having a binary setuid vpopmail:vchkpw and 
talk over stdin, and stdout.


A binary that handled a few information retrieval functions is probably
all that would be needed.  I think there would be about 4-6 functions it
should be able to return data from.  I actually considered writing it
before I decided to attack the PHP extension.
For the rest we may as well exec the existing progtrams and not
re-invent existing functionality.  I've already got a PHP program that
manages mail domains that way, but it reads the ~vpopmail/domains/
directory to get all its information.
Well, what i meant is that having one binary that can do everything in 
one, is easier than having to run several different commands each time 
to add or remove domains, and having to parse different output each time.

I personally might start on this, if i get the chance, as it would be a 
lot better than running apache as the mail user, when other there are 
other websites on it.


This would be better than running apache as vpopmail:vchkpw.i prefer
not to run two different apache's side by side, just one, running as
www:www :)


I don't run two web servers side by side either... the ONLY things
Apache does on my mail server are mail related.  There are NO web sites
and very few people who login to it directly.  I see it as an extension
of the mail system, not a web server, so running as the vpopmail user is
natural.
Not everyone has the ability to have one server just for mail, which is 
why i suggest some sort of deamon, or a program that is setuid, to 
execute and talk with..

snip

Thanks for responding...
Rick