Re: IMHO, qmail should exit ....

[Robert Sander]

On Mon, May 29, 2000 at 06:19:46AM -, Russell Nelson wrote:
> It's *always* a mistake for an alias to match a real user's name.

No, I do not think so. It is even impossible to determine all the aliases at
startup, because the underlying system is a "living" one. And in ~alias
there may exist .qmail-user entries for existing users. They are used when
the homedir of the user is not accessible.

Greetings
-- 
Robert Sander www.gurubert.de

Re: fastforward wierdness

[Peter Samuel]

On Fri, 12 May 2000, Peter Samuel wrote:

> I'm seeing some strange behaviour with fastforward-0.51 and qmail-1.03
> on Solaris-2.5.1. No patches applied to any DJB software.
> 
[ stuff deleted ]

Basically, if fastforward was setup to call a program EG

teladm-postmaster@:
| forward\ `teladm\ $SENDER`\ &&\ exit\ 99,
;

It would NOT honour the 99 exit status. It would exit with 111 and
cause a deferral. This results in multiple deliveries until the
queueulifetime value is reached.

Looking at the fastforward code shows:

217  wait_pid(&wstat,child);
218  if (wait_crashed(wstat))
219 strerr_die4sys(111,FATAL,"child crashed in ",arg,": ");
220 
221  switch(wait_exitcode(wstat)) {
222 case 64: case 65: case 70: case 76: case 77: case 78: case 112:
223 case 100: _exit(100);
224 case 0: break;
225 default: _exit(111);
226  }

Dan, any reason why you don't have an extra case to handle a child
whose exit status is 99?

Does anyone else consider this a bug?

Regards
Peter
--
Peter Samuel[EMAIL PROTECTED]
Technical Consultantor at present:
eServ. Pty Ltd  [EMAIL PROTECTED]
Phone: +61 2 9206 3410  Fax: +61 2 9281 1301

"If you kill all your unhappy customers, you'll only have happy ones left"

POP and biff

[Larry Lindsay]

Hi,

I have installed qmail using Maildirs on my Linux box (Slackware).  I have a
couple of questions:

I tried setting up a pop toaster, but it is not working.  Instead of looking
for the messages in the Maildirs, it looks for the messages in
/var/spool/mail/user instead.  my rc file is as follows:

exec env - Path="var/qmail/bin:$PATH" \
qmail-start "'cat /var/qmail/control/defaultdelivery'" splogger qmail  #
where /var/qmail/control/defaultdelivery has ./Maildir/

tcpserver 0 110 /var/qmail/bin/qmail-popup bummer.net \
/bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir &

when testing my pop connection, I get the following:

$ telnet localhost 110
Trying localhost...
Connected to bummer.net.
Escape character is '^]'.
+OK <[EMAIL PROTECTED]>
user popuser
+OK
pass
+OK 0 messages ready for popuser in /var/spool/mail/popuser

Any suggeations?

Also, I was wondering if I could configure the program biff to recognize
when new messages are sent or can I only use gbiff?

Regards,

Larry Lindsay

qmail-smtp problem

[Tore Micaelsen]

Hi there!
 
Have a strange problem with qmail-smtpd.. when i 
use pine to send a mail from my mailserver..it stands for a long time waiting 
before it sends the mail, same when i telnet to port 25 from the mailserver to 
the mailserver...it takes a while before the "220 hostname ESMTP" comes 
up..
 
But if i send or telnet from another host it goes 
right away...
 
Anyone have a pointer what might be 
wrong?
 
Tore
 

smtp-auth and MS Outlook Express 5

[Denise Williams]

Hello,

I am having problems using smtp-auth from an MS Outlook Express 5 client.
Namely I can do pop but I can't smtp-auth. I can also smtp.

My setup:
Server: Running Linux 2.2.12-20, Redhat 6.1
Qmail-1.03
tcpserver out of ucspi-tcp-0.88
supervise out of daemontools-0.70

SMTP-AUTH patch:
http://members.elysium.pl/brush/qmail-smtpd-auth/dist/qmail-smtpd-auth-0.23.tar.gz

Client: Windows 2000/Outlook Express 5


On the Unix side my qmail-smtpd command looks as follows:
/usr/local/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb -u $QMAILDUID -g
$NOFILESGID 0 smtp rblsmtpd /var/qmail/bin/qmail-smtpd /bin/checkpassword
/bin/true /bin/cmd5checkpw /bin/true

Here is the problem: I can do pop but I can't do smtp-auth.

The client comes back and keeps asking for the username and password combo
over and over again. Since I can do pop with the same username/password, I
don't think either checkpassword or the username/password has a problem.
Doing non-authenticated smtp works fine as well.

Also: What I am interested in doing is allow relaying from
smtp-authenticated clients and not allow relaying from anybody else. Any
pointers on how to do that?

Best regards,
Denise

__
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup

Re: SMTP SIZE command?

[Will Harris]

At 20:11 27.05.2000, Jim Breton wrote:
 >Are there any patches available that will make qmail support the RFC 1870
 >SMTP SIZE extension?
 >
 >(I tried searching the ORNL list archive but since the word "size" is
 >returned with every response, my search was useless and returned tons of
 >irrelevant responses. :(  )
 >
 >Thanks.

Here's one:

*** qmail-smtpd.c.orig  Mon May 29 11:54:41 2000
--- qmail-smtpd.c.new   Mon May 29 11:54:59 2000
***
*** 227,235 
--- 227,242 
 smtp_greet("250 "); out("\r\n");
 seenmail = 0; dohelo(arg);
   }
+ char size_buf[FMT_ULONG];
+ void smtp_size()
+ {
+   size_buf[fmt_ulong(size_buf,(unsigned long) databytes)] = 0;
+   out("250-SIZE "); out(size_buf); out("\r\n");
+ }
   void smtp_ehlo(arg) char *arg;
   {
 smtp_greet("250-"); out("\r\n250-PIPELINING\r\n250 8BITMIME\r\n");
+   smtp_size();
 seenmail = 0; dohelo(arg);
   }
   void smtp_rset()


regards,
Will
__

  "I was going to be a Neo-Deconstructivist, but Mom wouldn't let me..."

multimedia laboratorium  [EMAIL PROTECTED]
institut fuer informatik(pgp id)F703D035
der universitaet zuerich(office) +41  1 635 4346
winterthurerstr. 190(fax)+41  1 635 6809
ch-8057 zuerich (mobile) +41 76 372 0913
switzerland www.ifi.unizh.ch/~harris
__

qmail Digest 29 May 2000 10:00:01 -0000 Issue 1016

[qmail-digest-help]

qmail Digest 29 May 2000 10:00:01 - Issue 1016

Topics (messages 42413 through 42433):

Test message. Please disregard
42413 by: Nick Lekic

pop mail from isp wit fetchmail
42414 by: Marco Leeflang
42415 by: Darren Wyn Rees
42416 by: Manfred Bartz
42422 by: Marco Leeflang
42425 by: Peter Green
42427 by: Marco Leeflang

Binary distribution
42417 by: Philippe Lagente
42420 by: Paul Farber

Re: A good book for qmail
42418 by: Darren Wyn Rees

Re: messages sent to msglog?? (how to disable - solved)
42419 by: Peter Bieringer

qmail+patches RPM + logging
42421 by: Christian Wiese
42424 by: Peter Green

EZMLM (0.53) with EZMLM-IDX (0.40) gives me bus-errors..
42423 by: Michael Boman

IMHO, qmail should exit 
42426 by: Russell Nelson
42428 by: Robert Sander

Re: fastforward wierdness
42429 by: Peter Samuel

POP and biff
42430 by: Larry Lindsay

qmail-smtp problem
42431 by: Tore Micaelsen

smtp-auth and MS Outlook Express 5
42432 by: Denise Williams

Re: SMTP SIZE command?
42433 by: Will Harris

Administrivia:

To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]

To subscribe to the digest, e-mail:
[EMAIL PROTECTED]

To bug my human owner, e-mail:
[EMAIL PROTECTED]

To post to the list, e-mail:
[EMAIL PROTECTED]


--



Test only





I setup qmail with several virtual domains and it works great for
several months.
every time the linux-box connect to my isp, the isp try to deliver mail
waiting in the popbox.
qmail deliver this mail to the users in the virtual domains.
right now i want to force retreiving mail from my isp by using
fetchmail.

i can retreive the mail from my isp but all mail is delivered to
root@localhost, thats not wat i want.

Someone experience with qmail/fetchmail combination or another tool to
retreive mail from isp's en local deliver to de virtual domains.

greetings,
marco leeflang




On Sun, May 28, 2000 at 05:05:35PM +0200, Marco Leeflang wrote:

> i can retreive the mail from my isp but all mail is delivered to
> root@localhost, thats not wat i want.

In your .fetchmailrc file, you need something like this :

defaults
forcecr
fetchall
batchlimit 300
fetchlimit 5000 
poll pop3.demon.nl protocol pop3 timeout 50 
 user [EMAIL PROTECTED] password YOURPASS is YOURUSER here
 user [EMAIL PROTECTED] password YOURPASS is YOURUSER2 here
  ^^
 |
  The syntax may be slightly different here, as some pop3 daemons
use "marco+yourhost.demon.nl" etc.  The line translates into English as,
"fetch mail addressed to [EMAIL PROTECTED] and forward it locally
to YOURUSER".

You'll need a default 'catchall' line in the above,
(user yourhost.demon.nl etc.), or some mail will sit unretrieved on
the mail server.

The above is a rather simple configuration.  Read the man pages
for far more elaborate polling/forwarding options.  Also, you need
to put 'localhost' in your /var/qmail/control/rcpthosts ctl file IIRC.

Demon (UK) offer smtp delivery of mail for their customers.  You'll
need to consider this issue when polling for mail if you too are offered this.
Read the Customer Support FAQs available from www.demon.nl

> Someone experience with qmail/fetchmail combination or another tool to
> retreive mail from isp's en local deliver to de virtual domains.

fetchmail is more than adequate for the task.  It worked
fine with my Demon (UK) a/c.  The newsgroup demon.tech.unix is
a good place to ask ISP-specific questions about fetchmail configuration.

-- 
this is my .sig, show me yours




Marco Leeflang <[EMAIL PROTECTED]> writes:

> I setup qmail with several virtual domains and it works great for
> several months.
> every time the linux-box connect to my isp, the isp try to deliver mail
> waiting in the popbox.
> qmail deliver this mail to the users in the virtual domains.
> right now i want to force retreiving mail from my isp by using
> fetchmail.
> 
> i can retreive the mail from my isp but all mail is delivered to
> root@localhost, thats not wat i want.

I have a similar setup and my ISP adds a ``X-Envelope-To'' header to
the emails.  This allows me to direct the email locally.  fetchmail
(with mda option) gets the mail from the pop server and delivers it to
procmail which then redirects it locally according to the
``X-Envelope-To'' header.

Here are extracts from my config files:

/etc/fetchmail.conf:
defaults fetchall forcecr 
mda "procmail "
poll my.isps.net protocol pop3
username "me"
password "topsecret"

/etc/procmailrc:
:0
* ^X-Envelope-To:.*(root|master)@xix\.com
! [EMAIL PROTECTED]

:0
* ^.*From:.*egreetings\.com
/dev/null

:0
* ^X-Envelope-To:.*user1@xix\.com
! [EMAIL PROTECTED]

:0
* ^X-Envelope-To:.*(mob|.*bartz|manfred.*)@xix\.com
! [E

Re: SMTP SIZE command? --> Ignore previous post!!!

[Will Harris]

Sorry, I just realised I forgot about the "-" conventions...  this is the 
correct patch.

regards,
Will

At 20:11 27.05.2000, Jim Breton wrote:
 >Are there any patches available that will make qmail support the RFC 1870
 >SMTP SIZE extension?
 >
 >(I tried searching the ORNL list archive but since the word "size" is
 >returned with every response, my search was useless and returned tons of
 >irrelevant responses. :(  )
 >
 >Thanks.

Here's one:

*** qmail-smtpd.c.orig  Mon May 29 11:54:41 2000
--- qmail-smtpd.c.new   Mon May 29 11:54:59 2000
***
*** 227,235 
--- 227,242 
 smtp_greet("250 "); out("\r\n");
 seenmail = 0; dohelo(arg);
   }
+ char size_buf[FMT_ULONG];
+ void smtp_size()
+ {
+   size_buf[fmt_ulong(size_buf,(unsigned long) databytes)] = 0;
+   out("250 SIZE "); out(size_buf); out("\r\n");
+ }
   void smtp_ehlo(arg) char *arg;
   {
 smtp_greet("250-"); out("\r\n250-PIPELINING\r\n250-8BITMIME\r\n");
+   smtp_size();
 seenmail = 0; dohelo(arg);
   }
   void smtp_rset()


regards,
Will
__

  "I was going to be a Neo-Deconstructivist, but Mom wouldn't let me..."

multimedia laboratorium  [EMAIL PROTECTED]
institut fuer informatik(pgp id)F703D035
der universitaet zuerich(office) +41  1 635 4346
winterthurerstr. 190(fax)+41  1 635 6809
ch-8057 zuerich (mobile) +41 76 372 0913
switzerland www.ifi.unizh.ch/~harris
__

Re: SMTP SIZE command?

[Petr Novotny]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 29 May 00, at 11:56, Will Harris wrote:

>void smtp_ehlo(arg) char *arg;
>{
>  smtp_greet("250-"); out("\r\n250-PIPELINING\r\n250
>  8BITMIME\r\n");
> +   smtp_size();

Not quite; you'd need "250-8BITMIME" instead of "250 8BITMIME" 
and also you'd need "250 SIZE" instead of "250-SIZE" (if SIZE is 
the last line of the EHLO reply).

-BEGIN PGP SIGNATURE-
Version: PGP 6.0.2 -- QDPGP 2.60 
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBOTIx/FMwP8g7qbw/EQIOAwCdFMRmehiTNIZaFfbhxE4ZiAOdH24An3YC
iJOWAbMlDBrgaovWmzcFPaqp
=6pTf
-END PGP SIGNATURE-
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
 [Tom Waits]

Re: IMHO, qmail should exit ....

[Peter van Dijk]

On Mon, May 29, 2000 at 09:48:09AM +0200, Robert Sander wrote:
> On Mon, May 29, 2000 at 06:19:46AM -, Russell Nelson wrote:
> > It's *always* a mistake for an alias to match a real user's name.
> 
> No, I do not think so. It is even impossible to determine all the aliases at
> startup, because the underlying system is a "living" one. And in ~alias
> there may exist .qmail-user entries for existing users. They are used when
> the homedir of the user is not accessible.

Russell is stating that it is always a mistake for an alias to match a real
user. Russell is not stating qmail should do this, he just throws this
observation in to enhance his point.

He's not saying (and I don't think he would :) that it's feasible to check
that at startup.

For the 'unaccessible homedir' part: you have a good point, but
users/assign is really a much better solution for that.

Greetz, Peter.
-- 
[EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]

I can't resolve problem with ISP and PPP

[Sinisa Malesevic]

I cant resolve my problem then I must  try to describe my 
configuration.
We have a LAN with 9 workstation (all windows 95/98/NT) and  on one PC 
is DNS with Windows NT 4.0 . Our ISP is eunet.yu (mail servers are 
relay.eunet.yu (SMTP) and solair.eunet.yu (POP)) and we connect with dial up. 
Our local domen is named infor.co.yu.
On my PC (named oper) is RED HAT 6.0. and is connected on isp with dial 
up.
We would like to use my PC like mail server and we would like all 
workstation send mails over my PC.
We have viritual domens infor.co.yu and motor.com and users have mail address 
like: [EMAIL PROTECTED]
POP server is started like:tcpserver 0 110 /var/qmail/bin/qmail-popup 
oper.infor.co.yu \/home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d 
Maildir &
SMTP server is started like:tcpserver -x/etc/smtp.smtp.cdb -u502 -g501 0 
smtp /var/qmail/bin/smtp-smtpd &
I make a maildir for outgoing mail in the "alias" home directory 
(/var/qmail/alias) like:#maildirmake ~alias/pppdir
I put ./pppdir/ into ~alias/.qmail-ppp-default and :alias-ppp into 
/var/qmai/control/viritualdomains

For masquerade my local name with name of ISP I added 
"[EMAIL PROTECTED]:alias-eunet.yu"
On file ./qmail-eunet.yu-myispusername (/var/qmail/alias) I added one line 
"&[EMAIL PROTECTED]"
I when I established PPP conection with my ISP (I determine my ppp IP with 
ifconfig) I use command like this:
# /usr/local/bin/mailsirsmtp /var/qmail/alias/pppdir alias-ppp- 
solair.eunet.yu MyIP 
I get this:"tcpclient:unable to connect to solair.eunet.yu 
on port 25: host unreachablemaildirserial:fatal:making no progress,giving 
up"
I try to ping 194.247.192.52 and it is OK (194.247.192.52=ip of 
solair.eunet.yu)
WHAT IS WRONG.
How I automate process for sending and receive messages
I do not  try to get messages from my ISP
PS: sorry for my bad english

RE: smtp-auth and 421 out of memory

[Denise Williams]

Hello again,

Some more info on the situation:

%telnet myserver 25
Server: 220 myserver.com ESMTP
Client: ehlo
Server: 250-myserver.com
Server: 250-AUTH=LOGIN CRAM-MD5 PLAIN
SERVER: 250-AUTH LOGIN CRAM-MD5 PLAIN
SERVER: 250 PIPELINING
SERVER: 250 8BITMIME
CLIENT: AUTH LOGIN
SERVER: VXNlmc5hbWU6
CLIENT: 
server: UGF2c3dvcmQ6
client: 
server: 421 out of memory #4.3.0
server: 535 authorization failure

Note that this is not a capture of what outlook express does, rather just
telnetting into the server to see around.

I am running a stock qmail program aside from the patch for oversize DNS
lookups from http://www.ckdhr.com/ckd/qmail-103.patch

Has anybody else seen this 421 out of memory error?  This is my test machine
with 256 Meg and nobody logged on, with an empty mailqueue.

Best regards,
Denise



--Original Message--
From: Denise Williams <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Sent: May 29, 2000 9:32:33 AM GMT
Subject: smtp-auth and MS Outlook Express 5


Hello,

I am having problems using smtp-auth from an MS Outlook Express 5 client.
Namely I can do pop but I can't smtp-auth. I can also smtp.

My setup:
Server: Running Linux 2.2.12-20, Redhat 6.1
Qmail-1.03
tcpserver out of ucspi-tcp-0.88
supervise out of daemontools-0.70

SMTP-AUTH patch:
http://members.elysium.pl/brush/qmail-smtpd-auth/dist/qmail-smtpd-auth-0.23.tar.gz

Client: Windows 2000/Outlook Express 5


On the Unix side my qmail-smtpd command looks as follows:
/usr/local/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb -u $QMAILDUID -g
$NOFILESGID 0 smtp rblsmtpd /var/qmail/bin/qmail-smtpd /bin/checkpassword
/bin/true /bin/cmd5checkpw /bin/true

Here is the problem: I can do pop but I can't do smtp-auth.

The client comes back and keeps asking for the username and password combo
over and over again. Since I can do pop with the same username/password, I
don't think either checkpassword or the username/password has a problem.
Doing non-authenticated smtp works fine as well.

Also: What I am interested in doing is allow relaying from
smtp-authenticated clients and not allow relaying from anybody else. Any
pointers on how to do that?

Best regards,
Denise

__
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup

__
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup

Re: IMHO, qmail should exit ....

[Robert Sander]

On Mon, May 29, 2000 at 12:23:54PM +0200, Peter van Dijk wrote:
> For the 'unaccessible homedir' part: you have a good point, but
> users/assign is really a much better solution for that.
Yes, but this is just another place for me to define aliases, or not?
And why it is so much better than plain ~alias/.qmail, performance left aside?

Greetings
-- 
Robert Sander www.gurubert.de

Re: IMHO, qmail should exit ....

[Peter van Dijk]

On Mon, May 29, 2000 at 01:28:19PM +0200, Robert Sander wrote:
> On Mon, May 29, 2000 at 12:23:54PM +0200, Peter van Dijk wrote:
> > For the 'unaccessible homedir' part: you have a good point, but
> > users/assign is really a much better solution for that.
> Yes, but this is just another place for me to define aliases, or not?
> And why it is so much better than plain ~alias/.qmail, performance left aside?

It's much easier to keep an overview in one file instead of in ~alias.

Greetz, Peter.
-- 
[EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]

Re: qmail+patches RPM + logging

[Christian Wiese]

Hi Peter,

thank you very much for your help.
Now the logging mechanism is working nice.

Thanks

Christian

Peter Green schrieb:

> also sprach cw:
> > Hi all,
> >
> > for my previous qmail installations I used the "Memphis" RPMS.
> > Today I've tried to setup a qmail server with the latest qmail+patches
> > RPM from Bruce.
> > The base system is up and running, but I can't find any logfiles.
> > Where can I find some logfiles ?
> > Could somebody explain me the logging machanism.
>
> You could also ask this on the rpms mailing list Bruce has set up for this
> application. Send mail to <[EMAIL PROTECTED]> to subscribe.
>
> Anyhoo, the default for the RPM is to use splogger. This sends log entries
> to syslog for processing.
>
> To set it up differently, you have two options:
>
> 1)  Choose your preferred
> logging method and install the appropriate RPM. I don't do this so I can't
> help much beyond this...
>
> 2) Put your desired logging mechanism in /var/qmail/control/logger and it
> will be used instead of splogger. I have the following in mine:
>
>   /usr/bin/multilog t s10 /var/log/{}
>
> This sticks the multilog entries in /var/log/SERVICE, where SERVICE is
> `qmail', `pop3d', `smtpd', or whatever.
>
> HTH!
>
> /pg
> --
> Peter Green : Gospel Communications Network, SysAdmin : [EMAIL PROTECTED]
> ---
> > : Any porters out there should feel happier knowing that DEC is shipping
> > : me an AlphaPC that I intend to try getting linux running on: this will
> > : definitely help flush out some of the most flagrant unportable stuff.
> > : The Alpha is much more different from the i386 than the 68k stuff is, so
> > : it's likely to get most of the stuff fixed.
> >
> > It's posts like this that almost convince us non-believers that there
> > really is a god.
> (A follow-up by [EMAIL PROTECTED], Anthony Lovell, to Linus's
> remarks about porting)

RE: smtp-auth and MS Outlook Express 5

[Denise Williams]

Hi, I received mail from Krzysztof Dabrowski that solved my problem.

solution: /bin/checkpassword needs to be suid'ed to root for those systems
using shadow passwords.

Best regards,
Denise


--Original Message--
From: Denise Williams <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Sent: May 29, 2000 9:32:33 AM GMT
Subject: smtp-auth and MS Outlook Express 5


Hello,

I am having problems using smtp-auth from an MS Outlook Express 5 client.
Namely I can do pop but I can't smtp-auth. I can also smtp.

__
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup

Re: smtp-auth and MS Outlook Express 5

[Peter van Dijk]

On Mon, May 29, 2000 at 08:52:05AM -0400, Denise Williams wrote:
> Hi, I received mail from Krzysztof Dabrowski that solved my problem.
> 
> solution: /bin/checkpassword needs to be suid'ed to root for those systems
> using shadow passwords.

Do not, EVER, do that. The moment you do, checkpassword becomes a /bin/su
replacement without any logging or limiting.

Greetz, Peter.
-- 
[EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]

RE: smtp-auth and MS Outlook Express 5

[Petr Novotny]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 29 May 00, at 8:52, Denise Williams wrote:

> solution: /bin/checkpassword needs to be suid'ed to root for those
> systems using shadow passwords.

Don't do that! You have just created a target for a dictionary attack; 
suid /bin/checkpassword is /bin/su without bad attempts logging 
(and with somewhat unusual interface).

If you definitely need to run /bin/checkpassword as root, it's 
healthier to run tcpserver on port 25 as root (not as qmaild) and 
drop root after checking name and password. It's still far from being 
ideal, though.

On a PAMified system, you should be able to get away with it 
without running code as root (root is neccessary to install the PAM 
script in /etc/pam.d only).

-BEGIN PGP SIGNATURE-
Version: PGP 6.0.2 -- QDPGP 2.60 
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBOTJb5lMwP8g7qbw/EQKDCwCfYAjiqKwfaBU8AxRUu/rVcBBV88IAoIHO
0nw4CFMIbsIxi+OpMqRT8qvj
=Lh5Y
-END PGP SIGNATURE-
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
 [Tom Waits]

Mail Routing question

[david . heydari]

Hi Everybody,

We use qmail as a mail gateway on two different boxes, one for incoming mail
(incomingmail.foo.com),
and one for outgonig mail "outgoingmail.foo.com". All incoming mail at
"incomingmail.foo.com" sends 
to the internal networks, and there is no users account on the
"incomingmail.foo.com", 
the file "smtproutes"  looks like this:
SubDomain1.foo.com:SomeMailserver.foo.com
SubDomain2.foo.com:AnotherMailserver.foo.com
foo.com:internal_mailserver.foo.com
and so on... 

The question is: How kan i route incoming mail per user basis, i.e. mail for
"[EMAIL PROTECTED]" should go
to say "[EMAIL PROTECTED]"

Best regards
David Heydari

Re: POP and biff

[Chris Johnson]

On Mon, May 29, 2000 at 04:57:29AM -0400, Larry Lindsay wrote:
> I have installed qmail using Maildirs on my Linux box (Slackware).  I have a
> couple of questions:
> 
> I tried setting up a pop toaster, but it is not working.  Instead of looking
> for the messages in the Maildirs, it looks for the messages in
> /var/spool/mail/user instead.  my rc file is as follows:
> 
> exec env - Path="var/qmail/bin:$PATH" \
> qmail-start "'cat /var/qmail/control/defaultdelivery'" splogger qmail  #

Change ' to ` above, i.e.

exec env - Path="var/qmail/bin:$PATH" \
qmail-start "`cat /var/qmail/control/defaultdelivery`" splogger qmail

> tcpserver 0 110 /var/qmail/bin/qmail-popup bummer.net \
> /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir &
> 
> when testing my pop connection, I get the following:
> 
> $ telnet localhost 110
> Trying localhost...
> Connected to bummer.net.
> Escape character is '^]'.
> +OK <[EMAIL PROTECTED]>
> user popuser
> +OK
> pass
> +OK 0 messages ready for popuser in /var/spool/mail/popuser

This doesn't look like anything qmail-pop3d would say. Check /etc/inetd.conf
and see if you're running another POP server.

Chris

Re: smtp-auth and MS Outlook Express 5

[Krzysztof Dabrowski]

>Do not, EVER, do that. The moment you do, checkpassword becomes a /bin/su
>replacement without any logging or limiting.

Don't you think that this histeric reaction is a bit too far?
checkpassword is certainly safer suid program that most of suids in your 
system.

And another one:

 >Don't do that! You have just created a target for a dictionary attack;
 >suid /bin/checkpassword is /bin/su without bad attempts logging
 >(and with somewhat unusual interface).
 >If you definitely need to run /bin/checkpassword as root, it's
 >healthier to run tcpserver on port 25 as root (not as qmaild) and
 >drop root after checking name and password. It's still far from being
 >ideal, though.
 >On a PAMified system, you should be able to get away with it
 >without running code as root (root is neccessary to install the PAM
 >script in /etc/pam.d only).

On PAMified system you can still use it as dictionary cracker :)

all in all, on a non-shell system (like most ISP's mail servers) where only 
admins have shell access. making checkpassword suid is nothing bad. 
CERTAINLY not as bad as you portrait it.

Kris

Re: smtp-auth and MS Outlook Express 5

[Petr Novotny]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 29 May 00, at 15:31, Krzysztof Dabrowski wrote:

> Don't you think that this histeric reaction is a bit too far?
> checkpassword is certainly safer suid program that most of suids in
> your system.

No it is not. Any program which allows to enumerating /etc/shadow 
is a gaping security hole. Full stop.

checkpassword is "safe" only in the sense that there's no buffer 
overflow or race condition or something like that. It has been 
designed to read /etc/shadow. However, reading /etc/shadow 
_must_ be limited to root - that's essential. Please not DJB's 
installation instructions: Not only don't make it suid root, but don't 
even make it runnable by non-root; chmod 700 is what djb 
suggests.

> On PAMified system you can still use it as dictionary cracker :)

Yes; but after each attempt the system sleep()s before answering, 
and after this (three?) many failed attempts, an entry in the logs is 
generated.

So you can use a dictionary; but only with like ten attempts per 
day to go unnoticed.

> all in all, on a non-shell system (like most ISP's mail servers) where
> only admins have shell access. making checkpassword suid is nothing
> bad. CERTAINLY not as bad as you portrait it.

On a box where only root is ever allowed, you're right. As soon as 
there's a single non-root login account, suid checkpassword is a no 
way. (Once the users can upload their cgi scripts, php pages, edit 
their .qmail files, they can spawn off the dictionary attack.)

It's as simple as that.

-BEGIN PGP SIGNATURE-
Version: PGP 6.0.2 -- QDPGP 2.60 
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBOTJlE1MwP8g7qbw/EQIfSgCdGePRM/BLCwHOzbH/fX9ajCZPx6AAoKLe
l54ewNpLjzes+7CoGJQOqnQK
=34Bd
-END PGP SIGNATURE-
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
 [Tom Waits]

qmail-smtpd-auth 0.24

[Krzysztof Dabrowski]

Hello..

New version of qmail-stmpd-auth patch is available at:

http://members.elysium.pl/brush/qmail-smtpd-auth/

It fixes a nasty problem with cram-md5 auth. It worked perfectly for me for 
2 months and i've found the bug only recently.

Brush

Re: smtp-auth and MS Outlook Express 5

[Krzysztof Dabrowski]

>It's as simple as that.

so we finally need a good , versatile solution for it. Because a lot of 
users have problems with it and not everyone wants to go ahead and patch 
his way through qmail-smtpd.

Brush

Re: smtp-auth and MS Outlook Express 5

[Petr Novotny]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 29 May 00, at 15:49, Krzysztof Dabrowski wrote:

> so we finally need a good , versatile solution for it. Because a lot
> of users have problems with it and not everyone wants to go ahead and
> patch his way through qmail-smtpd.

I'm not completely sure how the authenticated SMTP conversation 
looks like. You have two possible approaches:

1. qmail-popup like. You start SMTP conversation as a root, grab a 
username/password, verify it, drop root and go on. (That's what 
qmail-popup -> checkpassword -> qmail-pop3d sequence 
accomplishes.)

2. pam_pwdb like. You patch qmail-smtpd to fork()/exec() an 
external program to check the password. That program is suid and 
is executable only for root and group of qmaild user (nofiles - doh! 
create a special group for qmaild user, and don't put anyone else in 
it). The program also has the correct logging of failed attempts and 
correct timeouts.


[I am leaving aside other approaches like having an extra database 
for smtp-auth passwords, and not touching /etc/shadow. It's not a 
bad idea either, though. That database now can be limited to 
qmaild user - and there you go!]

-BEGIN PGP SIGNATURE-
Version: PGP 6.0.2 -- QDPGP 2.60 
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBOTJpTVMwP8g7qbw/EQI2gwCfb+ZiquKkl8MpH6KuQSBu2HSfNFYAnj/p
izVg5r5r5qNJ55rhs9LLZnvd
=+5ek
-END PGP SIGNATURE-
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
 [Tom Waits]

Re: smtp-auth and MS Outlook Express 5

[Krzysztof Dabrowski]

>I'm not completely sure how the authenticated SMTP conversation
>looks like. You have two possible approaches:
>
>1. qmail-popup like. You start SMTP conversation as a root, grab a
>username/password, verify it, drop root and go on. (That's what
>qmail-popup -> checkpassword -> qmail-pop3d sequence
>accomplishes.)

possible but requires major rewrite of both programs (new qmail-popup 
(smtpup) and qmail-smtpd).


>2. pam_pwdb like. You patch qmail-smtpd to fork()/exec() an
>external program to check the password. That program is suid and
>is executable only for root and group of qmaild user (nofiles - doh!
>create a special group for qmaild user, and don't put anyone else in
>it). The program also has the correct logging of failed attempts and
>correct timeouts.

so this is basicaly what i have now except that logging (= make 
checkpassowrd suid and accessible only to root and qmaild).

Kris

Re: I want to leave this list

[Tullio Andreatta]

>>How I do to leave this list ?
>
>we see a lot of these messages coming across.
>did you think of a header or footer, with some text like:
>
>--
>to unsubscribe, send a message to [EMAIL PROTECTED]
>to view the archive, take a look at: http://www.where.the/archive/is
>--
>
>most of the mailing lists i am subscribed have something like this.

Most of the mailing lists I'm subscribed have these "newbie help" footers.
But I see a lot of "How I do to leave this list ?" even on these lists ...

How about this footer?
--
Do not ask us how to unsubscribe. You can't. If you don't want to receive
these messages, please quit Internet.
--

;-)


--
Tullio Andreatta   Logicom s.r.l. - Via L.Gambara, 55 - I-25100 Brescia ITALY
[EMAIL PROTECTED]  http://www.logicom.it/

Re: I can't resolve problem with ISP and PPP

[Jörgen Persson]

On Mon, May 29, 2000 at 01:13:09PM +0200, Sinisa Malesevic wrote:
> I cant resolve my problem then I must  try to describe my configuration.
> 
> We have a LAN with 9 workstation (all windows 95/98/NT) and  on one PC
> is DNS with Windows NT 4.0 . Our ISP is eunet.yu (mail servers are
> relay.eunet.yu (SMTP) and solair.eunet.yu (POP)) and we connect with
> dial up. Our local domen is named infor.co.yu.

[snip]

> # /usr/local/bin/mailsirsmtp /var/qmail/alias/pppdir alias-ppp-
> solair.eunet.yu MyIP 
  ^^^

maildirsmtp wants your ISP's SMTP - that is:
# /usr/local/bin/mailsirsmtp /var/qmail/alias/pppdir alias-ppp- relay.eunet.yu MyIP

[snip]
> How I automate process for sending and receive messages
[snip]

PPP usually gives you that ability. On my system (Linux 
Debian, Potato) I'll find the main script at /etc/ppp/ip-up and
the 'subscripts' under /etc/ppp/ip-up.d/

-- 
Jörgen Persson

Re: IMHO, qmail should exit ....

[Russell Nelson]

Peter van Dijk writes:
 > He's not saying (and I don't think he would :) that it's feasible to check
 > that at startup.

Actually, I do.  It would be quite reasonable to run through the files
in ~alias to see if qmail-getpw or users/assign returns a match for
any of them.  If so, qmail should not start up, because something is
Obviously Wrong.  I'm not talking about -default files, just the rest
of them.

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com
Crynwr sells support for free software  | PGPok | "Ask not what your country
521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | do for you..."  -Perry M.

Re: IMHO, qmail should exit ....

[Robert Sander]

On Mon, May 29, 2000 at 01:25:14PM -0400, Russell Nelson wrote:
> any of them.  If so, qmail should not start up, because something is
> Obviously Wrong.  I'm not talking about -default files, just the rest
> of them.

No, I do not think that there is something wrong when there are
alias entries for existing users. I need them, because I have
some of my users homedir mounted via an unreliable network.

Greetings
-- 
Robert Sander www.gurubert.de

Re: IMHO, qmail should exit ....

[Peter van Dijk]

On Mon, May 29, 2000 at 09:18:11PM +0200, Robert Sander wrote:
> On Mon, May 29, 2000 at 01:25:14PM -0400, Russell Nelson wrote:
> > any of them.  If so, qmail should not start up, because something is
> > Obviously Wrong.  I'm not talking about -default files, just the rest
> > of them.
> 
> No, I do not think that there is something wrong when there are
> alias entries for existing users. I need them, because I have
> some of my users homedir mounted via an unreliable network.

That's what users/assign is for.

Greetz, Peter.
-- 
[EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]

Re: SMTP SIZE command?

[Rodrigo Severo]

I was just taking a look at RFC 1870. Just at the end section: "7. 
Minimal usage" I found:

"A minimal server (...) must accept the
   extended MAIL command and return a 552 reply code if the client's
   declared size exceeds its fixed size limit (if any), but it need not
   detect "temporary" limitations on message size."

Won´t we need this extra feature do use the SIZE extention properly?

I am asking this AFTER I put Will Harris patch to work... Bad timing,
uh?

Anyway my smtp server has it and the gretting part seems to be working
just fine.


Rodrigo Severo

Will Harris wrote:
> 
> Sorry, I just realised I forgot about the "-" conventions...  this is the
> correct patch.
> 
> regards,
> Will
> 
> At 20:11 27.05.2000, Jim Breton wrote:
>  >Are there any patches available that will make qmail support the RFC 1870
>  >SMTP SIZE extension?
>  >
> 
> Here's one:
> 
> *** qmail-smtpd.c.orig  Mon May 29 11:54:41 2000
> --- qmail-smtpd.c.new   Mon May 29 11:54:59 2000
> ***
> *** 227,235 
> --- 227,242 

-- 
---
Fábrica de Idéias
sbs - ed. empire center - bl. s - sala 109
cep 70070-904 - brasília-df - brazil
tel: (61) 321 1357
fax: (61) 321 6096
[EMAIL PROTECTED]
---

qmail + vpopmail error

[Christian Wiese]

Hi all,

I've installed qmail (RPM from Bruce) and vpopmail 3.4.11-2.
Authentication is done via MySQL 3.22.32-1
I've installed the first virtualdomain and added the first user, and
everything is ok.
After some time I get the message "Sorry,no mailbox here by that name"
for the same user.
If I delete the virtualdomain and add the domain and the user again, the
user is able to get messages for a short time, and I'll get the error
message again.
Does anybody knows what's going wrong ?

Thank you,

Christian

Re: I want to leave this list

[Troy Frericks]

This has been beat to death.  Let it die.
#

At 12:35 PM 5/29/00 , Tullio Andreatta wrote:
>>>How I do to leave this list ?
>>
>>we see a lot of these messages coming across.
>>did you think of a header or footer, with some text like:
>>
>>--
>>to unsubscribe, send a message to [EMAIL PROTECTED]
>>to view the archive, take a look at: http://www.where.the/archive/is
>>--
>>
>>most of the mailing lists i am subscribed have something like this.
>
>Most of the mailing lists I'm subscribed have these "newbie help" footers.
>But I see a lot of "How I do to leave this list ?" even on these lists ...
>
>How about this footer?
>--
>Do not ask us how to unsubscribe. You can't. If you don't want to receive
>these messages, please quit Internet.
>--
>
>;-)
>
>
>--
>Tullio Andreatta   Logicom s.r.l. - Via L.Gambara, 55 - I-25100 Brescia ITALY
>[EMAIL PROTECTED]  http://www.logicom.it/

Re: qmail + vpopmail error

[Andy Grimberg]

Yeah I just had this problem and Drazen Ferencic on the vpopmail list
helped.  Here's the solution:

In cron.hourly there is a script that the rpm installs.  If you remove
this script everything will start working properly.  Basically the
script checks on an hourly basis looking for if new _users_ were added
to the machine and cleaning up the users CDB.  The drawback to this is
that it cleans it of any VD that vpopmail adds in.

-Andy-

On Mon, 29 May 2000, you wrote:
> Hi all,
> 
> I've installed qmail (RPM from Bruce) and vpopmail 3.4.11-2.
> Authentication is done via MySQL 3.22.32-1
> I've installed the first virtualdomain and added the first user, and
> everything is ok.
> After some time I get the message "Sorry,no mailbox here by that name"
> for the same user.
> If I delete the virtualdomain and add the domain and the user again, the
> user is able to get messages for a short time, and I'll get the error
> message again.
> Does anybody knows what's going wrong ?
> 
> Thank you,
> 
> Christian
-- 
Andrew J. Grimberg
Programmer
WebSuite.com
206-988-2233
---

-- 
Andrew J. Grimberg
Programmer
WebSuite.com
206-988-2233

tcpserver & ftpd

[Craig Tickle]

Hi,

Not a qmail question I know, but after installing qmail, (no 
problems) I thought it would probably be a good idea to run ftpd 
under tcpserver

so tried the command

/usr/local/bin/tcpserver -x /etc/tcp.ftp.cdb 0 ftp in.ftpd -l -a

where tcp.ftp.cdb was constructed from
192.168.0.:allow
:deny

however the command never completes and I have to issue ctrl-C to
get back to the command prompt - what have I missed ?

System is Redhat 6.1

Regards
Craig Tickle
Design Engineer
ADP Industries
[EMAIL PROTECTED]

Re: tcpserver & ftpd

[Chris Johnson]

On Tue, May 30, 2000 at 01:40:12PM +1200, Craig Tickle wrote:
> Not a qmail question I know, but after installing qmail, (no 
> problems) I thought it would probably be a good idea to run ftpd 
> under tcpserver
> 
> so tried the command
> 
> /usr/local/bin/tcpserver -x /etc/tcp.ftp.cdb 0 ftp in.ftpd -l -a
> 
> where tcp.ftp.cdb was constructed from
> 192.168.0.:allow
> :deny
> 
> however the command never completes and I have to issue ctrl-C to
> get back to the command prompt - what have I missed ?

Stick an & at the end to put it in the background.

Chris

Re: A good book for qmail

[Tim O'Reilly]

Darren Wyn Rees wrote:
> 
> On Thu, May 18, 2000 at 01:45:03PM +0200,
> Peter van Dijk wrote in [EMAIL PROTECTED] :
> 
> > > Can anyone recommend a good all round book for qmail?
> > > Something like an O'Rielly book
> >
> > The O'Reilly book is Not There Yet(tm).
> 
> I wrote to O'Reilly about a year and a half ago, and they said
> the Qmail book would be ready "soon".
> 
> I wrote to O'Reilly again about a fortnight ago, and they said
> one of the authors had "dropped out" and it would not be ready
> soon.
> 
> Now, my 'Ask Tim' qmail question... What *is* really happening, Tim ?
> 
> Darren
> 

What *is* really happening is just what you heard a fortnight ago.  It
happens all the time:  authors say that they can get something done, but
then they can't.  All this was complicated by the fact that Dan B. was
apparently saying a new version is afoot, but was not willing to say
just when it would arrive.

I poked John Levine, who is the author of the pair who has worked with
O'Reilly before, and who I know can get the book done if he gets his
other committments out of the way, and here's what he said:

John Levine wrote:

> I am finishing up some other books, one just went in the can last week, 
> the other is 90% ghosted and should be done the first week in June.  
> After that I plan to get to work on the qmail book.  I'll get Russ to 
> write as much as he can, but I figure I'll be writing most of it, and it 
> should be done before Labor Day.

If John does in fact get it to O'Reilly by the end of the summer, expect
it sometime in late fall.  It's hard to be more specific than that,
since we need a hard schedule (and some chapters in hand to demonstrate
that the schedule is going to be met) from authors before we can slot
the book for production and marketing.  

That's the problem with making any kind of affirmative statement early
on.  People start to depend on it, and are ticked off if it doesn't come
through.

If, by any chance, readers are wondering if this means that O'Reilly has
only a half-hearted interest in qmail, I'll merely point out that it
took us six years to get our sendmail book out, and a total of six
different authors, each of whom was given about a year to produce, and
given the boot when what they turned in wasn't acceptable.  Sometimes a
book comes in easily, other times it comes in hard.  But unlike other
publishers, we don't just hire a hack writer to crank something out on
schedule.  We try to get someone who can do it right, and that sometimes
seems to mean waiting for all the stars to come into alignment.

-- 
Tim O'Reilly @ O'Reilly & Associates, Inc.
101 Morris Street, Sebastopol, CA 95472
+1 707-829-0515, FAX +1 707-829-0104
[EMAIL PROTECTED], http://www.oreilly.com