Re: qmail + pop
> Jasper Jans <[EMAIL PROTECTED]>: > > and does anyone know if there is > pop software available that does not reply on /etc/passwd > or /etc/shadow for password authentication but uses an other file? > > The reason for this is - I want to create many (10k+) email > accounts on a qmail machine with pop ability - without giving > those people access to the machine for anything else. I suggest you use Berkeley DB files to store your mail users password file information. Then write a small library containing your own implementation of getpwnam() and getspnam() that looks up users in those files, and link the library with the standard checkpassword program. This will give you very good results with litte work. -- Gjermund Sorseth
Re: password database
Clemens Hermann" <[EMAIL PROTECTED]> writes: > how can I use a password database instead of a textfile to authenticate > pop-users in qmail? Easy. Make a C library that implements getpwnam() such that it looks up users in a Berkeley DB or GDBM database, then link the library into the stock checkpassword. No need to switch software or change any existing source code. > Now my question: how many users can be kept within a text passord > file until it gets slow? In my experience, about 1 but it probably varies. I ran into that limit a few years back and made a C library package as described above that I can probably make available if you like. Today, my server has roughly one million mail accounts and my current password authentication scheme is a bit more sophisticated, but that's another story. -- Gjermund Sorseth
Re: password database
> > Clemens Hermann" <[EMAIL PROTECTED]> writes: > > > Now my question: how many users can be kept within a text passord > > > file until it gets slow? > > > > Gjermund Sorseth replies: > > In my experience, about 1 but it probably varies. > > Jenny Holmberg <[EMAIL PROTECTED]> replies: > We've got servers with 1,200,000 users in /etc/passwd and they still > work fine. But we'll probably switch that setup before the passwd gets > much larger than this... I should have added that my number of 1 comes from the days before some vendors added caching, like Sun with their nscd program. With these new schemes the number can be much higher, but programs like nscd introduce other problems and I recomend against using them when the number of /etc/passwd entries gets very very large. Gjermund Sorseth
Re: qmails queue and disk io
> I have a qmail server that is running on a Sun Netra T1 > (solaris 2.6). Its receiving about 300-500k emails per day. > > Unfortunatly it appears to be dieing a VERY quick death. > The IO loads on the disk are huge and I need up performance > quite a bit. The cpu and memory are fine but disk io is killing > me. I was think about a couple possible solutions and I wanted > your input (since you are qmail experts - at least compared to me:) Consider getting a solid-state-disk type device. I use the "Xcelerator" product from Seek systems (www.seek.com), it seems to work very well. Gjermund Sorseth
Re: Why not inetd?
> I run a relatively low traffic mailserver. > It runs qmail smptd and pop3 from inetd. > I hear all the time that inetd sucks, but i never hear any reasons why. > So my question is: why does inetd sucks? > > /Magnus Näslund It does not give the programs it runs any information about the client, like ip-address etc. It does not log connections. It does not offer any access-control features. It may have a built-in unconfigurable max-limit as to how many programs it will run per minute or second. It may call listen() with a too low tcp connection backlog number. -- Gjermund Sorseth
Re: Clustering Qmail
>do there exist any solutions for clustering qmail to build high-volume-servers >i`m looking for some tools or patches to do load-balancing, put pop-boxes on >more than one server, use more than one smtp-server... >help??? There are several server load balancer solutions available. I use the 'ServerIron' product from Foundry Networks (www.foundrynet.com), it seems to perform very well. You also have Alteon (www.alteonwebsystems.com), cisco, and others. These boxes are regular layer-2 switches. In addition to switching packets like other switches, they perform load balancing. One way they can do this is to reply to ARP requests for the IP addresses your mail server is known by on the Internet. Your router will therefore send all incoming IP packets to the ethernet address of the switch. The switch will pick up a packet, choose the front-end mail processor (FEP) it thinks has the lowest load at the moment, put that ethernet address on the packet instead of its own and put the packet back on the wire for the FEP to pick up. The switch also monitors the FEP's and routes connection requests to other working servers if a FEP is discovered to be faulty. This makes error situations and maintainance downtime invisible to the clients. -- Gjermund Sorseth
Re: Problem mit qmail-pop
> I habe a problem with qmail-pop. The users Maildir exist > and new Mail will be delivered properly. > > This shows the local telnetsession on pop3: > > Connected to localhost. > Escape character is '^]'. > +OK <665.973685418@/bin/checkpassword> ^^ It looks like you forgot the hostname argument to qmail-popup. -- Gjermund Sorseth
Re: Does qmail-pop3d lock the mailbox?
> Does the qmail-pop3d service lock access to the mailbox while a client > is connected? No. > I have situations where the same user may attempt to > connect from different locations simultaneously. The POP3 RFC says > that while one connection is active, other connections to the same > mailbox should be locked out. POP was not meant to be used that way. What may happen is that one qmail-pop3d returns an error if another deletes a file that was there when the first one started. The POP server does need to "lock" the mailbox to prevent newly delivered messages to mess it up while the POP server is active, however. For qmail, the Maildir storage method prevents this from happening so there is no need for locks. -- Gjermund Sorseth
Re: big mail spool
> My spool root is: /var/qmail/mail and every user dir is lied into this > directory. > The user directory is given by a function hash, this function gets the > id and return a path to it, for instance: > > id Relative path to /var/qmail/mail > 0 0/0/0/0/0/0/0/0 > 1 0/0/0/0/0/0/0/1 > . > . > 15 0/0/0/0/0/0/0/f > 16 0/0/0/0/0/0/1/0 > 17 0/0/0/0/0/0/1/1 > > Got the ideia ? > > I would like to hear from you if my approach is good (performance in > mind). To get into the user maildir, i get at most 16*8 lookup_dir > routines, so at least it's better than having all user dir into a single > directory. My approach is only better if you have morer than 16*8 pop > accounts. The basic idea is good, but I think your directory tree is much deeper than neccesary. If you use NFS, I think it will have a performance impact. On my system I also map each account to a number which is used to construct the path to the mailbox, but I only use three levels, something like this: /var/mail/26/83/username These mailboxes are distrubuted across 100 x 100 = 1 directories, which is probably sufficient for up to 10 million users. -- Gjermund Sorseth
Re: Running qmail-pop3d as non-root user
> Laurence Brockman writes: > > Is there any reason why I couldn't run qmail-pop3d as a non-root user? > Using tcpserver to start the process I could easily set it to run as a > qmail user (Or yet another user, with almost no permissions). Is this > possible? And if so, is there anything that I should be looking out for? If you use checkpassword, there are two reasons why tcpserver must be started as root: 1) checkpassword needs root priveliges to call setgroups() to set supplementary groups. 2) If you use shadow password files, checkpassword needs root proveliges to read them. (And of course, if your mail users have different UID's, checkpassword needs root priveliges to switch its UID to the user logging in before it starts qmail-pop3d.) If you use a replacement checkpassword, tcpserver may or may not be started as an unpriveliged user depending on what the checkpassword replacement needs to do. -- Gjermund Sorseth
Re: Bogus popularity claims for Sendmail
Mark Delany write: > I would (...) just > use the 250 responses from the remote SMTP servers. > > I wouldn't bother chasing down the MX and then probing it, from the > perspective of Sendmail vs qmail vs the-rest, the queue-id responses > are sufficiently distinct with a few pattern matches. > > The best server logs to look at are probably those that are running > diverse-interest mailing lists. ISP logs - regardless of whether they > are running qmail - are probably fine since we're not counting local > deliveries. Good idea. For fun, I decided to look at the logs from our server for the last two weeks. The sample size comes to 3,016,454 messages delived to 62,786 different SMTP servers around the world. Out of these 62,786 remote SMTP servers, 16,658 are running sendmail (27%) and 5098 are running qmail (8%). (The server providing these logs belongs to an ISP and includes a good mix of private, commercial, educational and government users. The remote servers are mostly active servers at other ISP's, schools or businesses I presume, few `idle workstations') -- Gjermund Sorseth
Re: Bogus popularity claims for Sendmail
> Out of these 62,786 remote SMTP servers, 16,658 are running sendmail (27%) > and 5098 are running qmail (8%). Perhaps it is also interesting to look at how many of the messages were delivered to what type of server. Out of the 3,016,454 messages in the sample, 484,010 were delivered to servers running sendmail (16%) and 313,195 to servers running qmail (11%). This shifts the numbers in favor of qmail, which suggests that large sites prefer to run qmail rather than sendmail. -- Gjermund Sorseth
Re: Looking for definitive 250 ok response identifiers
Henning Brauer writes: > > What I'm doing with this post is to solicit your help in creating a > > list of definitive patterns that identify particular MTAs. > > Dan has _lots_ of pattern from his internet mail surveys - check > http://cr.yp.to/surveys/smtpsoftware5.txt Those are patterns that describe the greeting that a server sends to the client when it connects. What is wanted here are patterns that describe what the server sends to the client after it has received a message. The client puts this text in its log, which makes it possible to generate statistics by reading the logs rather than connecting to a lot of servers. -- Gjermund Sorseth
Re: logging alternatives to qmail-pop3d and checkpassword
> Can someone help me to find logging alternatives to qmail-pop3d and
> checkpassword?
>
> Jörgen
On my system, I've added some code to qmail-pop3d.c to make it log
the clients username and IP address to syslog every time a user quits.
Here is the extra code:
/* Add syslog logging
*/
static void log_summary()
{
#include
extern char **environ;
char **p;
char *user, *ip;
/* TCPREMOTEIP is inherited from tcpserver.
*/
for (p = environ; *p && strncmp(*p, "TCPREMOTEIP=", 12) != 0; ++p);
ip = (*p) ? (*p + 12) : "0.0.0.0";
/* USER is inherited from checkpassword.
* Make sure that USER is not already set when tcpserver starts.
*/
for (p = environ; *p && strncmp(*p, "USER=", 5) != 0; ++p);
user = (*p) ? (*p + 5) : "unknown";
openlog("qmail-pop3d", 0, LOG_MAIL);
syslog(LOG_INFO, "%s %s", ip, user);
closelog();
}
static void log_and_die() { log_summary(); die(); }
....Then substitute log_and_die() for die() in the pop3_quit() function.
--
Gjermund Sorseth
Re: Inserting messages into Maildir?
> I backed up the contents of a few Maildirs and now I'd like to put > these messages into the new Maildirs. What's the best way to do this? > Is it safe to simply copy them in? In practice it's often safe to copy them in. You don't risk overwriting anything because of the unique filenames, for example. There is the theoretical possibility of leaving partially truncated messages in the maildir (if someone trips over the power cord in the middle of your copying or your program crashes). Or if a POP server accesses the mailbox while mesages are being written the user might not see the whole message. It's far better to restore the messages into the tmp subdirectory (or create your own temporary directory for this) and then mv them into whatever directory they go in (cur or new). Gjermund
