Re: auth_smtp with qmail-ldap-20030901

[Claudio Jeker]

On Mon, Sep 15, 2003 at 05:54:49PM +0200, Stephan Sachse wrote:
> Hi,
> 
> is there a patch for auth_smtp that works with current release?
> 

Yes and no. I have one running against -current. This will be in 20031001
hopefully I make a preview patch with auth_smtp and rcpt/sender verify.
This should be finished somewhen this week.

-- 
:wq Claudio

Re: Imap do not work and del old users

[Claudio Jeker]

On Mon, Sep 15, 2003 at 04:01:37PM -0300, Rodrigo Pinheiro wrote:
> Hi..
> 
>   I would like to know whether qmail-ldap there "delolduser"
>   implementation, because exist many users that dont access their
>   accounts,
> I'd like to delete theses  accounts.

Nope we do not have such a feature. Manly because it is not that easy to
implement (where should we store the timestamp of last access?) and
because there are more important things first.

> I've have a problem with auth_imap with courier-imap.
> 
> bellow the log:
> tail /var/log/qmail/imap/current
> @40003f655adc023b9dfc init: control/ldaplocaldelivery: 1
> @40003f655adc023c6534 init: control/dirmaker: /var/qmail/bin/dirmaker
> @40003f655adc0241a10c warning: auth_error: authorization failed (needed value is 
> missing)
> @40003f655ae102671acc ERR: LOGIN FAILED, ip=[127.0.0.1]
> @40003f655ae30e700d74 ERR: DISCONNECTED, ip=[127.0.0.1], headers=0, body=0
> 
> pop3 works
> 

Is this the A release (20030901a)? Which version of courier are you using?
Can you enable logging (LOGLEVEL=255)?

-- 
:wq Claudio

Re: Imap do not work and del old users

[Claudio Jeker]

On Mon, Sep 15, 2003 at 04:26:03PM -0300, Rodrigo Pinheiro wrote:
> Hi Claudio and List..
> 
> My qmail-ldap is 20030901, courier-imap version is 1.7.3
> 
> #!/bin/sh
> . /etc/courier/imapd
> LOGLEVEL=255
> export LOGLEVEL
> exec  /usr/bin/tcpserver -v -R -l 0 -H 0  143  /usr/lib/courier/courier/imaplogin  
> /var/qmail/bin/auth_imap /usr/bin/imapd Maildir  2>&1
> 
> 

There is a known bug in the 20030901 auth_imap which was fixed in the
a-release 20030901a. Anyway I attached the needed patch for 20030901.
 
-- 
:wq Claudio
Index: auth_imap.c
===
RCS file: /home/cvs-qmail-ldap/CVS/qmail-ldap/auth_imap.c,v
retrieving revision 1.14
retrieving revision 1.18
diff -u -r1.14 -r1.18
--- auth_imap.c 19 Aug 2003 15:13:55 -  1.14
+++ auth_imap.c 3 Sep 2003 22:32:20 -   1.18
@@ -84,12 +84,12 @@
i = 0;
s = auth_up; /* ignore service field */
while (auth_up[i] && auth_up[i] != '\n' ) i++;
-   if (i == auth_uplen)
+   if (i >= auth_uplen)
auth_error(NEEDED);
auth_up[i++] = '\0';
t = auth_up + i; /* type has to be "login" else fail ... */
while (auth_up[i] && auth_up[i] != '\n' ) i++;
-   if (i == auth_uplen)
+   if (i >= auth_uplen)
auth_error(NEEDED);
auth_up[i++] = '\0';
if (str_diff("login", t)) {
@@ -102,15 +102,15 @@
}
l = auth_up + i; /* next login */
while (auth_up[i] && auth_up[i] != '\n' ) i++;
-   if (i == auth_uplen)
+   if (i >= auth_uplen)
auth_error(NEEDED);
auth_up[i++] = '\0';
p = auth_up + i; /* and the password */
while (auth_up[i] && auth_up[i] != '\n' ) i++;
-   if (i == auth_uplen)
+   if (i >= auth_uplen)
auth_error(NEEDED);
auth_up[i++] = '\0';
-   if (i != auth_uplen) /* paranoia */
+   if (i > auth_uplen) /* paranoia */
auth_error(NEEDED);
 
/* copy the login and password into the coresponding structures */
@@ -134,8 +134,8 @@
t = auth_up;

log(2, "warning: auth_fail: user %s failed\n", login);
-   if (reason == NOSUCH ) {
-   log(4, "warning: auth_fail: user %s not found\n", login);
+   if (reason == NOSUCH || reason == AUTH_TYPE) {
+   log(4, "warning: auth_fail: %s\n", qldap_err_str(reason));
if (!env_unset("AUTHENTICATED"))
auth_error(ERRNO);
for (i=0; i

Re: QMQP

[Claudio Jeker]

On Tue, Sep 16, 2003 at 01:06:53PM +0300, Taymour A. El Erian wrote:
> Hi,
> 
>I have a setup where there are 2 qmail servers (stock, qmail-ldap) 
> the customers use the stock qmail to send e-mail to anywhere while the 
> ladp one only accepts mail for our clients, now when one customer sends 
> an e-mail to another on our system the stock one will connect (smtp) on 
> the ldap one to deliver messages. If I use qmqp on both will this speed 
> up my deliveries ?
> 

QMQP is a bit faster then SMTP because it does not use that many
roundtrips till it starts sending data. If this is noticeable in a high
speed LAN is hard to tell.

The big plus is that QMQP consumes less recources (memory and cpu) than
SMTP.

-- 
:wq Claudio

Re: spamassassin and procmail with qmail-ldap.

[Claudio Jeker]

On Tue, Sep 16, 2003 at 06:29:54PM -0500, Mike Manders wrote:
> I've recently setup qmail-ldap to filter incoming messages through 
> spamassassin using the qmail-queue patch(within qmail-ldap). 
> 
> I'm relatively new to the way procmail works with qmail.  For the users 
> who want the "spam" to be put into a separate structure of their mail 
> home, I've created this procmailrc file:
> 
> :0:
> * ^X-Spam-Status: Yes
> ./Maildir/.Junk-Mail/
> 
> This works in that it puts the messages tagged as spam into the 
> Junk-Mail folder, but it also puts a copy in their main Inbox as well.
> 
> I've run this with different delivery modes, dotonly(using .qmail), 
> ldapwithprog(using deliveryProgramPath)..  Both have the same effect. 
> 
> If procmail matches a pattern(Spam-Status: Yes), is there a way to get 
> qmail-ldap to not deliver locally?
> 

AFAIK if you want to use procmail you need to disable local deliveries (in
ldap with deliveryMode: nombox).

I have a local user that uses procmail and he has the following .qmail:
|preline /usr/local/bin/procmail

and a .procmailrc that contains ALL delivery instructions, especially don't
forget something like:
:0
./Maildir/

An other approach would be to use the flag99 feature: if a programdelivery
exits with code 99 all subsequent delivery instructions are skipped.

PS: I'm the oposite of a procmail user. My .qmail is 63 lines long :)
-- 
:wq Claudio

Re: No Quotawarnings?

[Claudio Jeker]

On Wed, Sep 17, 2003 at 09:21:33AM -0400, Matt wrote:
> Hello,
> I am running qmail + qmail-ldap + qmailscanner with courier IMAP.
> 
> When running with bincimap I would get all kinds of quota warning
> messges that were false so we rename the quotawarning file to
> BLAH.quotawarning.
> 
> Now.. running courier I wanted to enable the warning to customers to so
> I renamed quotawarning back and restarted qmail... however I'm not get
> warnings in my mailbox when I either hit 500messages (the limit) or
> arounad 15 meg.
> 

There is a bug in the quota string generation. That could generate this
error. The problem is, that only the mailquotacount is used if both are
defined. Patch is attached.

If this is not the problem check maildirsize, the qmail log for any errors
and especially test if the hard limit of quota is working.

-- 
:wq Claudio
Index: checkpassword.c
===
RCS file: /home/cvs-qmail-ldap/CVS/qmail-ldap/checkpassword.c,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -r1.60 -r1.61
--- checkpassword.c 14 Sep 2003 09:46:07 -  1.60
+++ checkpassword.c 16 Sep 2003 16:48:44 -  1.61
@@ -129,8 +129,9 @@
auth_error(ERRNO);
}
if (size != 0 || count != 0) {
+   if (!stralloc_copys(&ld, "")) auth_error(ERRNO);
if (size != 0) {
-   if (!stralloc_copyb(&ld, num,
+   if (!stralloc_catb(&ld, num,
fmt_ulong(num, size)))
auth_error(ERRNO);
if (!stralloc_append(&ld, "S"))
@@ -140,7 +141,7 @@
if (size != 0)
if (!stralloc_append(&ld, ","))
auth_error(ERRNO);
-   if (!stralloc_copyb(&ld, num,
+   if (!stralloc_catb(&ld, num,
fmt_ulong(num, count)))
auth_error(ERRNO);
if (!stralloc_append(&ld, "C"))
Index: qmail-lspawn.c
===
RCS file: /home/cvs-qmail-ldap/CVS/qmail-ldap/qmail-lspawn.c,v
retrieving revision 1.86
retrieving revision 1.87
diff -u -r1.86 -r1.87
--- qmail-lspawn.c  2 Sep 2003 17:52:20 -   1.86
+++ qmail-lspawn.c  16 Sep 2003 16:48:43 -  1.87
@@ -480,14 +486,15 @@
 * set the quota environment
 */
if (size != 0 || count != 0) {
+ if (!stralloc_copys(&foo, "")) cae(q, QLX_NOMEM);
  if (size != 0) {
-   if (!stralloc_copyb(&foo, num, fmt_ulong(num, size))) cae(q, QLX_NOMEM);
+   if (!stralloc_catb(&foo, num, fmt_ulong(num, size))) cae(q, QLX_NOMEM);
if (!stralloc_append(&foo, "S")) cae(q, QLX_NOMEM);
  }
  if (count != 0) {
if (size != 0)
 if (!stralloc_append(&foo, ",")) cae(q, QLX_NOMEM);
-   if (!stralloc_copyb(&foo, num, fmt_ulong(num, count))) cae(q, QLX_NOMEM);
+   if (!stralloc_catb(&foo, num, fmt_ulong(num, count))) cae(q, QLX_NOMEM);
if (!stralloc_append(&foo, "C")) cae(q, QLX_NOMEM);
  }
  if (!stralloc_0(&foo)) cae(q, QLX_NOMEM);

Re: smtp_auth with CRAM-MD5? (was: Is it possible to use smtp_auth with other than base64 encoding?)

[Claudio Jeker]

On Thu, Sep 18, 2003 at 03:37:17PM -0500, Thomas Klettke wrote:
> (My previous subject line was somewhat unclear - hence the re-phrase.)
> 
> Has anyone found a way to make smtp_auth use another mechanism than
> "plain" or "login"? (e.g. CRAM-MD5, DIGEST-MD5, etc.)
>  

CRAM-MD5 is a no go because you need to store and access cleartext
password in the ldap tree.
As for DIGEST-MD5 I'm unsure, I need to read the RFC. IIRC the server
needs to store a secret key but the passwords are encrypted but in a
special way (perhaps incompatible with auth_pop).


-- 
:wq Claudio

Re: qmail-local_crashed

[Claudio Jeker]

On Tue, Sep 23, 2003 at 01:58:45PM +0800, Chong Chin Chin wrote:
> I am still not able to configure qmail+ldap successfully after several days
> of ordeal...
> The box is Solaris 8 X86, OpenLDAP-2.1.22 and patched with
> qmail-ldap-1.03-20030901a.
> whenever there is a qmail local delivery, a core dump is generated in
> /var/qmail.
> 
> I followed the instruction from http://www.lifewithqmail.org/ldap/, and use
> "LDAPLIBS=-L/usr/local/lib -lldap -llber -lresolv -R/usr/local/lib" in
> Makefile
> 

There is a bug in qldap.c qldap_get_status function. A diff that fixes
this problem is attached to this mail.

-- 
:wq Claudio

Index: qldap.c
===
RCS file: /home/cvs-qmail-ldap/CVS/qmail-ldap/qldap.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- qldap.c 16 Sep 2003 16:55:27 -  1.12
+++ qldap.c 17 Sep 2003 09:00:51 -  1.13
@@ -624,7 +624,7 @@
*status = STATUS_BOUNCE;
else if (!case_diffs(ldap_attr.s, ISACTIVE_DELETE))
*status = STATUS_DELETE;
-   else if (!case_diffs(ldap_attr.s, STATUS_NOPOP))
+   else if (!case_diffs(ldap_attr.s, ISACTIVE_NOPOP))
*status = STATUS_NOPOP;
else*status = STATUS_OK; /* default to OK */
/* perhaps we should spill out a warning for unknown settings */

Re: Problem using 'deliveryprogrampath'

[Claudio Jeker]

On Tue, Sep 23, 2003 at 04:22:07PM +0100, Carlos Jorge Andrade wrote:
> Hi there,
> 
> I'm using qmail-ldap patch 20030101 with the qmailqueue-patch and the
> smtp-auth-20020501a.patch with OpenLDAP.
> 
> I had to create an email account that would *only* recieve and email
> and them pass it to a Perl script.
> For that i used the 'deliveryprogrampath' attribute with 'qmailDotMode'
> set to 'ldapwithprog' as stated in the documentation. I removed some
> attributes i thought were unnecessary.
> 



> Finally i found a post that sugested "Try defining 'mailmessagestore'.".
> Well, that turned out to be the "trick". An attribute that is not used
> or neaded to deliver the mail is this case. Is this an "required on
> all entries" attribute ?
> Adding "mailmessagestore: /some/path/user" to the entry solved the
> problem but no email was placed in that dir, not even a Maildir structure.
> 
> Is this normal ? Is this on any kind of documentation ?
> Were did all the other mails went ? Thin air ? :-(

Short answer: yes, yes, /dev/null
Long answer:
For program delivery a valid "home" directory must exist. If neither
"mailMessageStore" nor "homeDirectory" is defined qmail-ldap defaults to a
forwardonly account. Only mailforwardingaddress will be respected the rest
will be dumped. 

Also in the never patches a nice bounce will occur if you try to deliver
mail to a wrong configured forwardonly account.

-- 
:wq Claudio

Re: qmail ldap patch 20030909a + smtp_auth patch

[Claudio Jeker]

On Wed, Sep 24, 2003 at 08:10:30PM +0700, Cecep Mahbub R wrote:
> Dear All,
> 
> It is possible to combine qmail ldap patch 20030909a with smtp_auth (come from
> www.lifewithqmail.org)?
> 
> or any clue for this (read from QLDAPNEWS):
> 
>  new auth_pop, auth_imap and checkpassword implementation. The files are
>  now better seperated so that it should be possible to implement auth_smtp
>  ^ 
>  without copying most of the auth* code. It is now possible to run the auth_*
>  tools without root priviledges and root priviledges are dropped as soon as
>  possible.
> 
> 

The next release will have auth_smtp support.

-- 
:wq Claudio

Re: Multiple forwarding addresses per alias. (Newbie question)

[Claudio Jeker]

On Thu, Sep 25, 2003 at 08:05:35AM -0400, Ace Suares wrote:
> 
> Hi,
> 
> forwarding goes like this:
> 
> >
> >   uid: a
> >   mail: [EMAIL PROTECTED]
> 
> uid: a
> mail: [EMAIL PROTECTED]
> mailforwardingaddress: [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED]
> 
> That's the way it works here ;-)
> 

Having csv list in mailforwardingaddress will not work (at least with the
newer patches). Use multiple mailforwardingaddress fields one per address.

-- 
:wq Claudio

Re: FEATURE REQUEST

[Claudio Jeker]

On Thu, Sep 25, 2003 at 08:43:01AM -0400, Ace Suares wrote:
> 
> > I've noticed if for some reason qmail looses it's connection to the ldap
> > server, the ldap server is not available, etc, etc qmail will bounce
> > messages... also if local customers are trying to send mail to local
> > customers, it bouncesand gets lost (obviously since the bounce address
> > isn't going to be valid since it doesn't exist at the moment).
> >
> > Is it possible to make qmail do a temporary failure when it can't contact
> > the ldap database?
> 
> I noticed the same with an error in 'dirmaker'. 
> 
> Earlier, it deferred mail when the ldap server was down, or when dirmaker 
> didn't work !? Much better, since then I can fix dirmaker as soon as such 
> problem shows up in the logs...
> 

Could you tell me which errors show up. Normaly most errors should be
transient (at least if there is a problem with the ldap server).

I will have a look at it.

-- 
:wq Claudio

PS: FYI it seems that your IP is listed by spamcop.

Re: Clustering problem

[Claudio Jeker]

On Thu, Sep 25, 2003 at 06:33:08PM +0200, Carvajal, Antonio wrote:
> I tried the next configuration.
> 
> qmail-ldap patch -> 20030301
> smtp-auth-patch -> 20030301
> 
> Computer A:   
>   ~control/me:smtp1.domain.com
>   ~control/locals domain.com
>   ~control/rcpthosts  domain.com
>   ~control/ldapcluster:   1
>   ~control/ldapclusterhosts:  smtp2.domain.com
>   
> Computer B:   
>   ~control/me:smtp2.domain.com
>   ~control/locals domain.com
>   ~control/rcpthosts  domain.com
>   ~control/ldapcluster:   1
>   ~control/ldapclusterhosts:  smtp1.domain.com

ldapclusterhosts is not needed. ldapclusterhosts contains a number of
hostnames (FQDM) to check togehter with ~control/me when clustering is on.

So Computer A thinks that smtp1.domain.com AND smtp2.domain.com are local.

Just remove ldapclusterhosts and all should be OK.

-- 
:wq Claudio

Re: Restrict no. of smtp connections based on IP

[Claudio Jeker]

On Fri, Sep 26, 2003 at 04:36:31PM +0200, Toni Mueller wrote:
> 
> Hello,
> 
> On Fri, Sep 26, 2003 at 07:45:11PM +0600, Syed Qutubuddin Ahmad wrote:
> >   Is there any way to restrict no. of smtp connections a particular IP 
> > establishes with my mailserver, for say ,  per day , or per hour basis.
> 
> in theory, I'd interpose some program that eg. makes the appropriate
> checks in a similar manner than tcpserver does, before running the smtp
> receiver. You will probably have to program this yourself, or at least
> I'm not aware of any such a thing.
> 

Something like this is planed for the pbs tools. Limit the maximum amount
of messages sent to the cluster from on IP for a specified time. This is
trapit on steroids :)

-- 
:wq Claudio

Re: Patches to be listed on site

[Claudio Jeker]

On Sat, Sep 27, 2003 at 10:50:44AM +0530, Mayank Sarup wrote:
> Claudio,
> 
>Could you put the bugfix patches for qmail-ldap on the site as
> well? 20030901 has had quite a few patches and it's not easy to
> find the patches off the mail archives. 
> 
>On site with a quick description of the fix would help a lot. 
> 

Wait a few days and there will be a new patch release with all the bug
fixes.

-- 
:wq Claudio

Re: ezmlm with 20030901a

[Claudio Jeker]

On Tue, Sep 30, 2003 at 08:49:35PM +0200, Taymour A. El Erian wrote:
> I just found a way to get it to work, I previously had ldapdotmode=both, 
> changing it to dotonly made things work 
> 
> Taymour A. El Erian wrote:
> 
> >Hi,
> >
> >   I have just upgraded to the latest patch and all of a sudden ezmlm 
> >is not working, whenever a message is being delivered to one of the 
> >lists I get qmail_local_crashed in my log file.
> >I am unable to find the problem.
> >
> 

Could you please send me the account settings (ldap entry and .qmail) that
caused the qmail-local crash. I will then try to trigger and fix the bug.

-- 
:wq Claudio

Re: ezmlm with 20030901a

[Claudio Jeker]

On Wed, Oct 01, 2003 at 11:12:24AM +0200, Taymour A. El Erian wrote:
> 
> Here is my full config for the list.
> 

OK. I tested it with the same settings and my qmail-local does not crash.
Currently I'm a bit unsuspecting about the problem.

What could help a lot would be a core dump and a backtrace.


-- 
:wq Claudio

Re: List of patches included in qmail-ldap patch?

[Claudio Jeker]

On Thu, Oct 02, 2003 at 11:58:05PM +0100, Robin Bowes wrote:
> Hi,
> 
> I'm just getting to grips with qmail-ldap and creating my own ebuild on
> gentoo linux to install it.
> 
> Is there a list of qmail patches that are include in the qmail-ldap
> patch. Obviously, I won't need to apply these separately!
> 

I do not remember all patches that we added but let's try:
- make Netscape work patch to pop3d
- respect 0.0.0.0 in ipme patch
- most of the smtp patches but done differently:
   - tarpit patch
   - return MX
   - EHLO SIZE (also in remote)
   - TLS/SSL patch (also in remote)
   - reject executables patch
- qmail-remote to send using QMTP patch
- big todo/ext todo patch
- qmail-queue patch
- concurrency greater 240 patch
- qmail-local bug fix
- and definitifly some more

Normaly it is easier to ask which patches are not included but perhaps
needed. Currently I know only one that could be needed and this is the
glibc-errno patch.

The last release should include everything a mail admin needs. Perhaps
queue-fix and a few other tools are handy but these are not patches.

-- 
:wq Claudio

Re: ezmlm with 20030901a

[Claudio Jeker]

On Wed, Oct 01, 2003 at 02:27:48PM +0159, Claudio Jeker wrote:
> On Wed, Oct 01, 2003 at 11:12:24AM +0200, Taymour A. El Erian wrote:
> > 
> > Here is my full config for the list.
> > 
> 
> OK. I tested it with the same settings and my qmail-local does not crash.
> Currently I'm a bit unsuspecting about the problem.
> 
> What could help a lot would be a core dump and a backtrace.
> 
> 
As I just realized the 20030901a patch still had the qldap_get_status()
bug. I thought it was fixed but I was wrong.
So probably this was the problem of the crashes.

-- 
:wq Claudio

Re: List of patches included in qmail-ldap patch?

[Claudio Jeker]

On Fri, Oct 03, 2003 at 03:21:18PM +0800, DinoM wrote:
> Dear Claudio,
> 
> What is tarpit patch mainly used for ?
> 

Slowing down spammers.

-- 
:wq Claudio

Re: Object clas violation

[Claudio Jeker]

On Fri, Oct 03, 2003 at 03:35:00PM +0700, Muhamad Soleh Fajari wrote:
> Hi.. I'm new in qmail-ldap environment, and now I have to set a
> qmail-ldap server. After setting a qmail ldap, I want to add a data
> base, just like in http://www.lifewithqmail.org/qmail example.
> 
 
> my ldif is :
> 
> dn: dc=company, dc=com
> objectclass: top
> 
> dn: ou=accounts, dc=company, dc=com
> objectclass: top
> objectclass: organizationalUnit
> 
> dn: uid=elvis, ou=accounts, dc=company, dc=com
> cn: Elvis Presley
> sn: Presley
> objectClass: top
> objectClass: person
> objectClass: inetOrgPerson
> objectClass: qmailUser
> mail: [EMAIL PROTECTED]
> mailAlternateAddress: [EMAIL PROTECTED]
> mailAlternateAddress: [EMAIL PROTECTED]
> mailAlternateAddress: [EMAIL PROTECTED]
> mailHost: mailhost1.graceland.com
> mailMessageStore: /var/qmail/maildirs/elvis
> uid: elvis
> userPassword: {MD5}X03MO1qnZdYdgyfeuILPmQ==
>  
> and the result is :
> bash-2.03# ldapadd -acrv -D "cn=root,dc=company,dc=com" -w secret -f company.ldif
> add objectclass:
> top
> adding new entry dc=company, dc=com
> ldap_add_s: Object class violation
> 
> add objectclass:
> top
> organizationalUnit
> adding new entry ou=accounts, dc=company, dc=com
> ldap_add_s: Naming violation
> 
> adding new entry uid=elvis, ou=accounts, dc=company, dc=com
> ldap_add_s: No such object
> 
> 
> what's the coused of "object class violation" ?

OpenLDAP 2.1.x started to be extremly picky about schemas and especially
the Objectclass inheritance. In your case I think the main problem is that your
root node "dc=company, dc=com" is missing a structural object (e.g.
organization). Also it is necessary to specify the first part of a dn in
the object itself.

IMHO the use of dc=company,dc=com should not be used becasue it causes
more trouble than it helps (especially since dcObject is auxillary and so
you need an additional structrual object like organization). Especially if
you try to add a ou=account afterwards.

I would try something like this:

dn: o=comapany,c=ch
objectclass: top
objectclass: organization
o: company

dn: ou=accounts,o=comapany,c=ch
objectclass: top
objectclass: organizationalUnit
ou: accounts

dn: uid=elvis,ou=accounts,o=comapany,c=ch
objectclass: top
objectclass: person
objectclass: qmailUser
uid: elvis
sn: The King of Rock
cn: Elivs
mail: [EMAIL PROTECTED]
... and so on


-- 
:wq Claudio

Re: a problem when startup openldap with qmail-ldap-1.03-20031001.patch

[Claudio Jeker]

On Fri, Oct 03, 2003 at 02:31:18AM -0700, joe wong wrote:
> Today I update my qmail-ldap path from 20030901a to 20031001,but when I
> startup openldap,I get some wrong messages:
> [EMAIL PROTECTED] libexec]# ./slapd 
> /usr/local/openldap/etc/openldap/schema/qmail.schema: line 249: Missing
> closing parenthesis before  8

> But the original system works well.
> Thanks!
>  

Typo in the qmail.schema. Add a ')' on the last line and it should work.

-- 
:wq Claudio

Re: problems with qmail-ldap release 20031001 and deliveryProgramPath

[Claudio Jeker]

On Fri, Oct 03, 2003 at 10:49:39PM +0200, Stephan Sachse wrote:
> On Fri, 03 Oct 2003 09:52:07 -0500 Brian Clark wrote:
> 
> > What is your deliveryMode set to? I had this same problem when my 
> > deliveryMode was set to "localdelivery". I changed it to "normal" and 
> > the problem went away.
> 
> with "deliveryMode" set to "normale" comes the following error
> 
>  delivery 23: success:
> Warning:_undefined_mail_delivery_mode:_normal_(ignored)./did_1+0+1/
> 
> and i have 2 mails in maildir again.
> 
> but when i set deliveryMode to "nolocal" all works fine, only one mail
> from maildrop. But i think this is very unuseable.
> 
> i have one account "[EMAIL PROTECTED]" and i want all mails forward to
> a lokal intranetserver so i need a Pipe "| forward [EMAIL PROTECTED]".
> But when i set deliveryMode to "nolocal" all .qmail are ignored :(
> when i set qmailDotMode to ldapwithprog, i got 2 mails in Maildir and
> .qmail are ignored, so i must set qmailDotMode to dotonly/both but the i
> have 2 mails in Maildir and .qmail are not ignored.
> 

Hmmm. When you need to forward those mail use a programdelivery with
"forward [EMAIL PROTECTED]" and set the deliverymode to "nolocal" and
qmailDotMode to ldapwithprog. If you are using a .qmail file set the
qmailDotMode to dotonly and then you will have plain old qmail behaviour.

> so the only possibility is one .qmail file with all entrys
> 
> | forward [EMAIL PROTECTED]
> & [EMAIL PROTECTED]
> ./Maildir/
> 
> so my question. is this a bug or a feature?

My question is what do you want? I think you would like to forward all
mails to [EMAIL PROTECTED] In the last example your also forwarding the
mail to [EMAIL PROTECTED] and writing the mail to ./Maildir/.

-- 
:wq Claudio

Re: List of patches included in qmail-ldap patch?

[Claudio Jeker]

On Fri, Oct 03, 2003 at 11:14:27PM +0100, Robin Bowes wrote:
> Brian Clark  wrote on 03 October 2003 19:52:
> > Most of these are compile-time options, so you can opt out of a patch
> > if you don't want it.
> 
> Brian,
> 
> Only if you know what patches have been applied.
> 
> We need a definitive list of patches that have been applied.
> 

qmail-ldap comes as a bundle of features a ISP needs. It is complete so
that no other patches are needed and if you do not configure them you will
end with a behaviour like stock qmail.

Also most of the stuff you find as external patches has been integrated in
a different way in qmail-ldap. So it is almost impossible to apply one of
those patches. Also the maintenance of a qmail-ldap patch set is
exponentially more complex with no gain.

So if you like to have a list of all patches applied read QLDAPNEWS and
QLDAPINSTALL and compare the features with the list of patches a
www.qmail.org.

If you have a patch that absolutly needs to be included you could send a
request to the list.

-- 
:wq Claudio

Re: Compilation problem (conflicting types for `fork')

[Claudio Jeker]

On Montag, Oktober 6, 2003, at 06:58  Uhr, Rafael Angarita wrote:

   Hi, I'm getting the problem indicated below with when trying to 
compile qmail with ldap patch under a Solaris 8 machine
   Any suggestions to fix this will be appreciatted...

/compile -DQLDAP_CLUSTER -DEXTERNAL_TODO -DDASH_EXT -DDATA_COMPRESS 
-DQMQP_COMPRESS -DBIGTODO -DCLEARTEXTPASSWD -DAUTOHOMEDIRMAKE 
-I/usr/local/include -I/usr/local/openldap-1.2.13/include -DDEBUG \
qmail-lspawn.c
In file included from qmail-lspawn.c:20:
/usr/include/unistd.h:245: conflicting types for `fork'
fork.h:4: previous declaration of `fork'
/usr/include/unistd.h:461: conflicting types for `vfork'
fork.h:5: previous declaration of `vfork'
make: *** [qmail-lspawn.o] Error 1

This is a known problem. Somebody suggested to replace the files 
fork.h1 fork.h2 and fork.h with empty ones. The correct way would be to 
remove the
fork.h include in qmail-lspawn.c

--
:wq Claudio

Re: RCPTCHECK

[Claudio Jeker]

On Montag, Oktober 6, 2003, at 11:40  Uhr, Brendon Colby wrote:

In QLAPINSTALL:

RCPTCHECK
[snip]
Note: Only applies to recipients whose domain is listed in
~control/locals.
   Recipients domains listed in ~control/rcpthosts are allowed 
without
   further checks. If RELAYCLIENT is set, all other recipients are 
allowed
   as well. Addresses or domains listed in ~control/goodmailaddr 
are
   unconditionally allowed in all cases.



Does this mean that when enabled, the recipient is checked if the 
domain
exists _only_ in locals, but NOT in rcpthosts? As in, if the domain is
in both files, then the recipient is NOT checked?
For recipient/sender verify only locals matters, because we can only 
verify local domains against our local user database.

Does this check every recipient in the RCPT TO?

Yes.

Lastly, if this only checks domains listed in locals, what happens when
you have backup mail servers with domains only listed in rcpthosts? A
person could possibly send loads of mail through these servers,
bypassing the checks - unless I'm mistaken.
That is a typical problem of secondary mail servers. How should a 
backup mail server know if a specific user exists on the primary mail 
server.
Normally the primary mail server is unavailable if a mail gets 
delivered to the secondary. In this case we also can assume that we do 
not have access to the user database of the primary.

--
:wq Claudio

Re: Qmail-ldap with openldap1.2.13

[Claudio Jeker]

On Montag, Oktober 6, 2003, at 07:35  Uhr, Rafael Angarita wrote:

   Hi,

   Does the qmailldap20031001 patch works (compiles?) with 
openldap1.2.13 libs?, is  it necesary to indicate something additional 
to LDAPLIBS variable in makefile?, this is my LDAPLIBS variable...
LDAPLIBS=-L/usr/local/lib -L/usr/local/openldap-1.2.13/lib -lldap 
-llber -lresolv -lnsl -lsocket -R/usr/local/openldap-1.2.13/lib

   I'm getting  the error below when trying to compile qmail with 
qmailldap20031001 patch...

Undefined   first referenced
symbol in file
ldap_memfreeqldap.a(qldap.o)
ld: fatal: Symbol referencing errors. No output written to qmail-lspawn
collect2: ld returned 1 exit status
make: *** [qmail-lspawn] Error 1
   Any suggestions to make it work without upgrade to openldap 2.x?

You could try to change the ldap_memfree() call with a free() call.
I think that should work.
--
:wq Claudio

Re: undefined reference to errno

[Claudio Jeker]

On Dienstag, Oktober 7, 2003, at 09:49  Uhr, Boily Sylvain wrote:

Hi,

I have this error when i compile qmail-ldap with the lastest patch.

./load auto-str substdio.a error.a str.a
substdio.a(substdo.o)(.text+0x47): In function `allwrite':
: undefined reference to `errno'
collect2: ld returned 1 exit status
make: *** [auto-str] Error 1
I setting this FLAGS :

LDAPFLAGS=-DALTQUEUE -DDASH_EXT -DDATA_COMPRESS -DEXTERNAL_TODO 
-DIGNOREVERISIGN -DQUOTATRASH -DSMTPEXECCHECK

On what OS version does that happen?
The newest glibc have broken most apps by defining errno as function.
--
:wq Claudio

Re: Qmail ldap patch 20031001 and Openldap 1.2.13

[Claudio Jeker]

On Dienstag, Oktober 7, 2003, at 03:20  Uhr, Rafael Angarita wrote:

   Hi!,

   I would like to know if  it's ok to  use a qmail-ldap patched qmail 
(20031001) compiled with openldap 2.1.22 libs  with an openldap 1.3.13 
server.
   Is there any problem with this mix?

There should be no problem with that setup. I have tried that once with 
success.

--
:wq Claudio

Re: Compilation problem (conflicting types for `fork')

[Claudio Jeker]

On Dienstag, Oktober 7, 2003, at 12:25  Uhr, Toni Mueller wrote:

Hi,

On Tue, Oct 07, 2003 at 12:12:52PM +0200, Claudio Jeker wrote:
This is a known problem. Somebody suggested to replace the files
fork.h1 fork.h2 and fork.h with empty ones. The correct way would be 
to
remove the
fork.h include in qmail-lspawn.c
dumb question: This doesn't sound like rocket science. Why has it not
been done?
Perhaps because we do not have systems where it caused troubles.
AFAIK it only happens on Solaris and I do not have a machine running it.
--
:wq Claudio

auth_imap bug fix

[Claudio Jeker]

Hello all,

here is a bug ifx that should solve the troubles with auth_imap.
I'm currently on vacation so I my testing is a bit limited.
--
:wq Claudio
Index: auth_imap.c
===
RCS file: /home/cvs-qmail-ldap/CVS/qmail-ldap/auth_imap.c,v
retrieving revision 1.19
diff -u -r1.19 auth_imap.c
--- auth_imap.c 14 Sep 2003 09:46:06 -  1.19
+++ auth_imap.c 9 Oct 2003 14:03:51 -
@@ -1,4 +1,6 @@
 /* auth_imap.c for courier-imap */
+#include 
+#include 
 #include 
 #include 
 #include "alloc.h"
@@ -36,6 +38,7 @@
 auth_init(int argc, char **argv, stralloc *login, stralloc *authdata)
 {
char*a, *s, *t, *l, *p;
+   int waitstat;
int i;
 
if (argc < 2)
@@ -59,8 +62,11 @@
auth_error(AUTH_EXEC);
}

-#if 0
-   /* remove all zombies, why should I do that ??? */
+#if 1
+   /*
+* remove all zombies, why should I do that?
+* Because courier makes zombies for breakfast
+*/
sig_childdefault();
while (wait(&waitstat) >= 0) ;
 #endif
@@ -80,7 +86,9 @@
close(3);
auth_up[auth_uplen] = '\0';

-   /* get the different fields: serviceAUTHTYPEAUTHDATA */
+   /*
+* get the different fields: serviceAUTHTYPEAUTHDATA
+*/
i = 0;
s = auth_up; /* ignore service field */
while (auth_up[i] && auth_up[i] != '\n' ) i++;
@@ -95,7 +103,7 @@
if (str_diff("login", t)) {
/* 
 * this modul supports only "login"-type,
-* fail with AUTH_NOSUCH, so the 
+* fail with AUTH_TYPE, so the 
 * next modul is called, perhaps with greater success
 */
auth_fail("unknown", AUTH_TYPE);
@@ -148,14 +156,17 @@
case -1:
auth_error(ERRNO);
case 0:
+   break;
+   default: /* parent process */
close(pi[1]);
sig_pipedefault();
/* start next auth module */
execvp(*auth_argv, auth_argv);
auth_error(AUTH_EXEC);
}
+   /* child process */
close(pi[0]);
-   while (t) {
+   while (auth_uplen) {
i = write(pi[1],t,auth_uplen);
if (i == -1) {
if (errno == error_intr) continue;
@@ -215,7 +226,10 @@
}
argvs[i+1] = (char *)0;
 #if 0
-   /* can no longer find AUTHUSER in authlib(7) of courier-imap 1.7.2 */
+   /*
+* can no longer find AUTHUSER in authlib(7) of courier-imap 1.7.2
+* but it still exists. So what should I do? Drop my pants?
+*/
if (!(env = env_get("AUTHUSER")))
_exit(100);
 #endif

Re: Message sender confirmation

[Claudio Jeker]

On Donnerstag, Oktober 9, 2003, at 08:03  Uhr, Ace Suares wrote:

Just a question, does *every* message need to be confirmed ?
I thought (!) that I already send a message to the list from this 
address and
confirmed that one. I might be mistaken, but what's the general rule ?

If you are not subscribed you need to confirm every message. If you are 
subscribed you do not need to confirm. So the best is to use the 
accoount you subscribed to the list for sending mails.

--
:wq Claudio

Re: auth_imap bug fix

[Claudio Jeker]

On Donnerstag, Oktober 9, 2003, at 05:02  Uhr, Taymour A. El Erian 
wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
which version is this patch for 20030901a or  20031001

The patch should be for 20031001. Probably it will also work for 
20030901a because auth_imap.c did not change much in the last month.

--
:wq Claudio

Re: deliveryProgramPath and MDIRMAKE not playing well together

[Claudio Jeker]

On Freitag, Oktober 10, 2003, at 02:55  Uhr, Ben wrote:

Okay, after playing around with things for the entire afternoon I think
I've found the problem and a workaround. But the design seems pretty
unclean, which is not what I've come to expect from qmail-ldap, so 
maybe
I'm not looking at things right.

If mail comes in for a virtual user and that user doesn't yet have a
home directory, that home directory is created. If the user has a
deliveryProgramPath attribute set, it is run next. Finally, local
delivery occures - which will create the missing maildir.
A maildir will be created only if there is a delivery to that directory.
This is the way automatic maildir make works and this will not be 
changed.

So the problem is that the mail which gets piped to the
deliveryProgramPath needs a place to store its filtered form, but the
maildir structure isn't created until the local delivery step. What's
more, if I create the maildir structure with my deliveryProgramPath
script, then I have to set nolocal as a deliveryMode or I'll get both a
filtered and unfiltered version of new mails. That implies that any 
time
one uses deliveryProgramPath, they need to turn off local deliveries.
Which may be as was intended it just seems less elegant than the
rest of the delivery system.
Your main problem is that your deliveryProgram does no automatic 
maildir make. But this is easy fixable but see later for the solution.

Now, all that said, I'll probably have to go and create the Maildir
structure via the deliverProgramPath script anyway, because I'm going 
to
want every user to have some default IMAP folders. But I would like to
make sure I'm looking at this correctly, or if I've once again missed
something very obvious.
As you said you could enhance your script to make the maildir automatic 
if it does not exist.
An other sollution and that's the easiest is to tune the automatic 
homedir maker script. As in the docu noted beside the homedir path also 
the maildir path is passed to the script. First arg is homedir second 
is maildir

So you could extend your dirmaker script to include something like:
maildirmake $1/$2
may be you would like to do some checks first...
--
:wq Claudio

Re: Painfull upgrade from openldap-1.X (SOLVED)

[Claudio Jeker]

On Tue, Oct 14, 2003 at 12:57:44PM +0200, Szabo Nandor wrote:
> After some day of debugging, I realized the problem: the prefix
> of UserPassword attribute. 
> 
> I use {crypt} prefix, but more client (ldappasswd, sqwebmail,ldapbrowser) 
> put {CRYPT}.
> auth_pop returns a "User record incorrect" error, then finds a {CRYPT} 
> prefix. 
> 
> Other applications can authenticate both {crypt} or {CRYPT} prefix. 
> 
> So my questions:
> 1. Which is the correct (RFC standard) prefix?
> 2. Is it possible that auth_pop can work with both prefix, like other 
> applications? 
> 

You seem to be using a old patch. Current auth_pop is using case_diff to
compare the prefixes in a case ignore way. So {crypt}, {CRYPT} and {CrYpT}
are all accepted. At least this is the desired behaviour.

-- 
:wq Claudio

Re: ALIASDEVNULL on nolocal forwards

[Claudio Jeker]

On Tue, Oct 14, 2003 at 08:37:06AM -0500, Brendon Colby wrote:
> On Mon, 2003-10-13 at 16:50, Claudio Jeker wrote:
> > For forward only accounts only mail and mailForwardingAddress is mandatory
> > (acctually sn and cn are also needed by objectClass: person). 
> > The deliveryMode is forced to forwardonly and most other infos are
> > ignored. (only accountStatus is taken into account if I remember
> > correctly).
> > 
> > A minimal ldif would look like this:
> > objectClass: top
> > objectClass: person 
> > objectClass: qmailuser 
> > cn: [EMAIL PROTECTED]
> > sn: [EMAIL PROTECTED] 
> > mail: [EMAIL PROTECTED]
> > mailForwardingAddress: [EMAIL PROTECTED]
> > 
> > You could also use a other structural objectClass that only defines mail
> > and that you could dump the cn and sn.
> 
> Great - that's what I thought. However, what confuses me though is this
> in qmail-ldap.h:
> 
> /* ALIASDEVNULL replacement for the std. aliasempty for user with
>  * neither homeDirectory nor mailMessageStore defined */
>^
> #define ALIASDEVNULL "|echo \"Unable to deliver mail: account
> incorrectly configured. (#5.3.5)\"; exit 100"
> 
> This tells me that _any_ user w/o a homeDirectory or mailMessageStore
> defined gets the ALIASDEVNULL message. And the fact that
> qmail-ldaplookup compiled with the new patch (20031001) reports:
> 
> forward only delivery via alias user
> alias user: alias
> alias user uid: 1001
> alias user gid: 1002
> alias user home: /var/qmail/alias
> alias user aliasempty: |echo "Unable to deliver mail: account
> incorrectly configured. (#5.3.5)"; exit 100
> 
> compounds my anxiety, which is what triggered this inquiry. I'd hate to
> break all the forward accounts when I upgrade. I'm running
> qmail-ldaplookup out of the qmail-1.03 source dir by the way, compiled
> with 20031001.
> 

The ALIASDEVNULL replaces the standard aliasempty setting to prevent
unwanted message deliveries to the alias user. It works mainly as a sort
of assertion to bark if a forward only account somehow managed to make a
local delivery. In normal operation it should be impossible to trigger it.

-- 
:wq Claudio

Re: Cluster not working...

[Claudio Jeker]

On Wed, Oct 15, 2003 at 01:29:12PM -0400, Rafael Angarita wrote:
>Hi,
> 
>I'm getting the message shown below when trying to add a new host 
> with a new qmail ldap patch to a cluster with an old qmail ldap patch.
> @40003f8d80a63b4149e4 delivery 2: deferral: 
> Unable_to_cluster-forward_message:_communication_with_mail_server_failed_(#4.4.2)./
>Is it possible to use a mix of patches in the same cluster?  How 
> could I debug this? (I set LOGLEVEL to 128 but it does not give me more 
> detail)
>When I run "netstat -an "  after the error message  there is no 
> reference to the remote host (the host that store the email that I'm 
> using to try) it looks like  it's not  trying to open the TCP conection.
>Any suggestions?
> 

Mixing new and old qmail-ldap patches should normally work but ther are
some issues to know.  The last two patches changed the way how they handle
ldap entries. This changes affect only the local delivery and not the
cluster forwarding but can cause strange effects if old entries point to a
new machine or reserve.

Important is that you don't compile the new patch with -DQMQP_COMPRESS
because then it will be impossible to send from a new machine to a old and
probably vice versa.

Also turn the verbose option of tcpserver on. qmail-qmqpd does not write
to the log (even in case of an error).

Currently it seems that the server you forward to drops the connection so
I think that you compiled a -DQMQP_COMPRESS version on the new machine.

-- 
:wq Claudio

Re: Domain aliasing

[Claudio Jeker]

On Mon, Oct 20, 2003 at 03:50:11PM +0200, Jörg Sippel wrote:
> Hello,
> 
> I'm using qmail-ldap with several domains. Is it possible to set up a
> domain alias that automatically forward mails to another domain?
> 
> Ex:  [EMAIL PROTECTED] to [EMAIL PROTECTED] 
> 
> I have found some informations on the net, but i can't get this working.
> Can anybody help me with this issue and tell me how to get it working?
> 

Add kdvz-frechen.de:alias-whatever to control/virtualdomains and create a
~alias/.qmail-whatever with `| forward "$LOCAL"@kdvz-frechen.com` in it.

You could do the same with a catchall account but I think this is faster. 
Perhaps there is an even cooler sollution ...

-- 
:wq Claudio

Re: auto homedir creation help

[Claudio Jeker]

On Mon, Oct 20, 2003 at 03:36:34PM -0600, Sancho2k.net Lists wrote:
> Could someone expound how to handle the auto-homedir creation
> functionality in qmail-ldap? My current setup results in:
> 
> failure: Permanent_error_in_automatic_homedir_creation._(#5.3.0)
> 
> $ cat /var/qmail/control/dirmaker
> /var/qmail/bin/dirmaker.sh
> 
> $ cat /var/qmail/bin/dirmaker.sh
> #!/bin/sh
> mkdir -m 0700 $1
> # EOF
> 
> $ cat ldapmessagestore
> /var/vmail
> 
> $ ls -ld /var/vmail/
> drwxr-xr-x  4 vmail  vmail  512 Oct 20 07:47 /var/vmail/
> 

It seems that the exec fails.
Normaly this sounds like bad permissions of the dirmaker script.

-- 
:wq Claudio

Re: auto homedir creation help

[Claudio Jeker]

On Mon, Oct 20, 2003 at 05:29:44PM -0600, Sancho2k.net Lists wrote:
> Sancho2k.net Lists said:
> 
> >  sudo -u vmail sh -c "/var/qmail/bin/dirmaker.sh /var/vmail/NEWUSER"
> >
> > ...this successfully creates a NEWUSER directory under /var/vmail without
> > complaints.
> >
> > Thinking the issue may have been that the user which rights are used to
> > create the new directory may not have had access (write access to
> > /var/vmail), I made the directory mode 0777 - same results. Still got the
> > same error...
> 
> Reading more, I came across this bit of text:
> 
> ..
> "Note: this script runs under the affected user's permissions, so, if the
> homedir for a system user "joe" should be created in /home, joe must have
> write permissions in /home."
> ..
> 
> So - does this mean if my user is a virtual user account and the real
> system account 'vmail' will be used for system access, that the script
> will fail because the username used for write access does not exist on the
> system?
> 

Nope. dirmaker will be executed with the uid/gid set via qmailUid/Gid
values either form ldap or form ~/control. In your case that should be
`id vmail`

-- 
:wq Claudio

Re: Compile 20031001 Solaris9 gcc-3.3: conflicting types: fork, vfork, log

[Claudio Jeker]

On Thu, Oct 23, 2003 at 05:28:49PM -0400, Brad Burdick wrote:
> On Thu, Oct 23, 2003 at 05:15:02PM -0400, Chris Shenton wrote:
> > It fails with conflicting definitions of "fork", "vfork", and "log":
> > 

This is known but not yet solved. The simplest sollution is to remove
either the fork.h include or the unistd.h include.

> > 
> > Looks like GCC's picking up definitions from its include files instead
> > of using DJB's include files.  Not sure why -- when I compile stock
> > qmail-1.03 on this box I don't see this.
> 
> stock qmail-1.03 doesn't include unistd.h, from what i remember.  DJB has a
> *better* way to do most of these standard things.

I hope that was sarcastic. I'm not a fan of GNU/autohell but the qmail way
is sometimes as bad.

> 
> #ifdef the externs in qmail's fork.h for now as that's probably the easiest
> work around.
> 

That's also a sollution.

> is log() conflicting with a math library log or something else?
> 

Don't know, probably but that would be a stupid addition. But that does
currently not matter because it is just a warning.

-- 
:wq Claudio

Re: -ERR unable to scan $HOME/Maildir

[Claudio Jeker]

On Fri, Oct 24, 2003 at 02:34:39PM -0400, Serguei Oukladov wrote:
> Hi again,
> 
> I'm setting up virtual users using LDAP.
> Their mailMessageStore is /var/qmail/maildirs/
> Delivery works just fine, messages get through to their mailboxes.
> 
> However, when I try to read it through POP, I get
> -ERR unable to scan $HOME/Maildir
> POP logfile says:
> environment successfully set: USER , HOME
> /var/qmail/maildirs/, MAILDIR unset, using aliasempty
> tcpserver: end 12944 status 256
> 
> At this point I have just a slash (/) in
> /var/qmail/service/pop3d/env/MAILDIRNAME -
> probably that isn't correct, what should it be? Why does it say "MAILDIR
> unset"?
> I've tried other things there, but without any luck.
> 

The last argument to qmail-pop3d should be equal to that of qmail-start.
DJB uses ./Maildir/ I prefer ./ for pop toasters. Don't forget the "." or
you will end in /Maildir.

The MAILDIR unset message comes from the fact that if you are using
homedirectory and mailmessagestore in the ldap entry qmail uses homedir as
$HOME and mailmessstore as MAILDIR. But in almost any cases MAILDIR will
be unset and the default aliasempty will be used.

-- 
:wq Claudio

Re: The new auth_smtp functionality

[Claudio Jeker]

On Tue, Oct 28, 2003 at 01:38:19PM -0500, Serguei Oukladov wrote:
> Hi everybody,
> 
> The clueless questions from me just never end, do they?
> 
> I have virtual mail set up with LDAP and authentication works for pop3d.
> 
> smtpd has environment variables SMTPAUTH and AUTHREQUIRED 
> set to 1 (does it matter what SMTPAUTH is as long as it isn't 
> TLSREQUIRED?).
> When I try to send, I get this:
> ..
> init_ldap: control/ldaplogin: 
> warning: auth_error: authorization failed (configuration error)
> authentication failed: temporary authentication failure (#4.3.0)
> qmail-smtpd 30567: read error, connection closed
> 
> Looks like I've missed something in the configuration, but what? 
> Any pointers?
> pop3d checks control/ldappassword after ldaplogin - that file's there.

Remember qmail-smtpd and all sub processes are run as qmaild or a similar
non privileged user while auth_pop runs as root.
I guess you need to modify the read privilege of ~control/ldappassword.

-- 
:wq Claudio

Re: The new auth_smtp functionality

[Claudio Jeker]

On Tue, Oct 28, 2003 at 04:59:33PM -0500, Serguei Oukladov wrote:
> From: "Claudio Jeker" <[EMAIL PROTECTED]>
> Sent: Tuesday, October 28, 2003 4:47 PM
> 
> > Remember qmail-smtpd and all sub processes are run as qmaild or a similar
> > non privileged user while auth_pop runs as root.
> 
> Oh. Thank you, I didn't know.
> 
> > I guess you need to modify the read privilege of ~control/ldappassword.
> 
> Guess so. But a clear text readable password file? Ugh.
> 

I normaly set the ldappassword permissons like this:
-r  1 qmaild  qmail  1750 Sep 17 11:36 ldappassword

The group could also be wheel but that doesn't matter.
The programs accessing this file run either under root or qmaild and
normaly only qmail-smtpd runs under qmaild.
An other sollution would be to make qmail-verify setuid (not necessary
root) so that you can restrict the access better.

-- 
:wq Claudio

Re: Gentoo Compile problem

[Claudio Jeker]

On Wed, Oct 29, 2003 at 02:02:05AM -0700, Tyler wrote:
> Hello All,I'm just jumping into the qmail-ldap
> arena.  I've run regular qmail servers for 2
> years, but I'd like to try qmail-ldap but I'm running into
> compile problems.2 separate systems, both running Gentoo
> Linux.  Glibc 2.3.2GCC 3.2.3On both systems I
> untarred the qmail-1.03 tarball, applied the glibc errno patch, and
> applied qmail-ldap-1.03-20031001.patch.The patches went through
> fine, but it wont compile.I tried with no modifications to the
> Makefile and I get these errors.passwd.o(.text+0x4e): In function
> `cmp_passwd':: undefined reference to `crypt'passwd.o(.text+0x6a):
> In function `cmp_passwd':: undefined reference to
> `crypt'passwd.o(.text+0x2f6): In function `do_crypt':: undefined
> reference to `crypt'collect2: ld returned 1 exit statusmake: ***
> [auth_pop] Error 1Then I tried changing the LdapFlags to
> this.LDAPFLAGS=-DQLDAP_CLUSTER -DEXTERNAL_TODO -DDASH_EXT
> -DDATA_COMPRESS -DQMQP_COMPRESS -DALTQUEUE -DBIGTODO
> -DIGNOREVERISIGNAnd I get these errors on
> compile.qmail-remote.o(.text+0x4e1): In function
> `compression_init':: undefined reference to
> `deflateInit_'qmail-remote.o(.text+0x53b): In function
> `compression_done':: undefined reference to
> `deflate'qmail-remote.o(.text+0x5ce): In function
> `compression_done':: undefined reference to
> `deflateEnd'qmail-remote.o(.text+0x75b): In function `safewrite'::
> undefined reference to `deflate'collect2: ld returned 1 exit
> statusmake: *** [qmail-remote] Error 1Does anyone know if
> this is Gentoo specific?  I don't normally use any other distro, but
> I can try with Redhat or BSD just to make sure this isn't a pebkac
> issue.Tyler

First, could you fix your mail client.

Now to your problem:
If you enable the -DDATA_COMPRESS or -DQMQP_COMPRESS options don't forget
to uncomment also the ZLIB=-lz option.
The problem with crypt seems to come form missing SHADOWLIBS / SHADOWOPTS
options.

-- 
:wq Claudio

Re: Migration Issues: uid/mail/cn attributes, balanced trees, etc.

[Claudio Jeker]

On Wed, Oct 29, 2003 at 08:42:19PM -0500, [EMAIL PROTECTED] wrote:
> 
> I hope to be migrating 35,000 users (in 1,000 virtual domains) from
> qmail/vpopmail+MySQL to qmail-ldap in the very near future, and have
> come across a few issues.  First, our LDAP design is such that our CN is
> in [EMAIL PROTECTED] form; this matches, of course, the 'mail'
> attribute, and ideally the 'uid' attribute as well.  Can I expect
> problems if I modify qmail-ldap.h such that LDAP_MAIL and LDAP_UID are
> both set to 'cn'?

For qmail-ldap it does not matter but you will get troubles with your LDAP
server. You have to modify some schemas to make that possible. E.g. newer
OpenLDAP releases do very restrictive schema checking.

> Also, vpopmail automagically split our mail store like..
>   ./mailstore/VIRTUAL_DOMAIN/USERID
> Where USERID might actually be within an adaptive balanced tree
> directory structure of up to 62 subdirectories in 3 levels, with no more
> than 100 users per directory.  Other than determining a split at the
> application level (as I'm adding users to the directory) and maintaining
> this information externally, is there any (cleaner) way of doing
> something similar with qmail-ldap?
> 

qmail-ldap has no atomatic directory split. I think most people are either
doing it via a admin interface or have a policy about the mailstore
layout. Personally I prefer the current behaviour, it is simple to locate
a user mailbox and makes mailstore management easier and more generic.
By the way, modern file systems are also capable to store many
files/subdirectories in a directory without big performance loss.

-- 
:wq Claudio

Re: Courier imap starts with supervise or from /etc/init.d/ ?

[Claudio Jeker]

On Thu, Oct 30, 2003 at 09:16:34AM +0100, amendola maurizio wrote:
> Hi
> I have a question for you.
> At the moment I have configured my qmail-ldap server with a courier-imap
> that it starts together at pop3 and smtp in supervise.
> I know that i could start its with a script in /etc/init.d.
> The only advantage(big) that I have found to start imap in supervise it is
> that if imap process go down it is restarted by supervise.
> What are  the advantages to start imap in /etc/init.d?

Probably that's not what you like to know :)
# ls /etc/init.d
ls: /etc/init.d: No such file or directory


Anyway, I choosed supervise because it works and works and works.
The normal run script do not ensure that a porcess you once started keeps
on running. I think that just that feature makes /etc/init.d a joke. The
only drawback is the lack of that nice [OK] message on startup but who cares.

I also consider multilog a much better solution than the syslog
logger/splogger combo. But hey that's my personal opinion.

-- 
:wq Claudio

Re: doubledot probrem

[Claudio Jeker]

On Fri, Oct 31, 2003 at 05:30:19PM +0900, OGISO Kenji wrote:
> On Thu, Oct 30, 2003 at 07:13:02AM -0700, Sancho2k.net Lists wrote:
> > > I migrated from qmail-1.03 to qmail-ldap(20030101) and I encountered
> > > some probrems.
> > > Accounted user named like [EMAIL PROTECTED] can't receive a mail
> > > nor pop login.
> > 
> > Why use a pointless naming convention like that in the first place?
> 
> It wasn't my choice.  This is for an isp system where the users can choose
> their own address.
> 
> > > I read source codes, and I found that the probrem is caused by
> > > sanitypathcheckb(). [EMAIL PROTECTED]'s home directory name is
> > > /export/home/x..x, so sanitypathcheckb() returns error.
> > > 
> > > Please tell me why home directory should not include '..'
> > 
> > .. Is one of those tokens for a path identifier. Most data sanitization
> > and checking calls for throwing flags on anything that has reference to
> > relative path specifiers such as '.', '..', '../..' and so on ;)
> 
> True, but specifically the .. is not a problem for RFC 822, the filesystem or
> qmail.  Is there something specific that will break in qmail-ldap if it
> encounters a double period within a directory name?
> 

Yup, this is a restriction in qmail-ldap. The function sanitypathcheckb()
is to restrictive and denies strings with double dots. The correct way
would be to check for the regexp /^\.\.|\/\.\./

I added it to my todo list for 20031201.

-- 
:wq Claudio

Re: New functinonality qmailGroup problem

[Claudio Jeker]

On Thu, Oct 30, 2003 at 03:55:16PM +0100, amendola maurizio wrote:
> Hi
> I'm testing the new functinality qmailGroup but i have  a little problem
> This the group
> 
> dn: uid=all.user2,ou=test,dc=nf.pinco,dc=it
> objectClass: top
> objectClass: qmailUser
> objectClass: qmailGroup
> objectClass: inetOrgPerson
> sn: all.user2
> cn: all.user2
> uid: all.user2
> mailMessageStore: /home/vmail/all.user2/
> mail: [EMAIL PROTECTED]
> mailAlternateAddress: [EMAIL PROTECTED]
> membersonly: TRUE
> senderconfirm: FALSE
> rfc822member: [EMAIL PROTECTED]
> rfc822member: [EMAIL PROTECTED]
> rfc822member: [EMAIL PROTECTED]
> rfc822member: [EMAIL PROTECTED]
> rfc822member: [EMAIL PROTECTED]
> rfc822moderator: [EMAIL PROTECTED]
> rfc822moderator: [EMAIL PROTECTED]
> filtermember: (&(!(objectclass=qmailGroup))([EMAIL PROTECTED]))
> confirmtext: Vuoi permettere di mandare una mail a questo gruppo?
> moderatortext: Ciao,? Permettiamo di uscire alla mail?
> 
> All work ok til the moderator reply to e-mail, after this action the email
> arrives at all user under e-mail address @nf.pinco.it and not only to
> rfcmember. I have also tried to delete into filtermember [EMAIL PROTECTED],
> but I look a error :
> qmail-group_fatal:_expand_group_attr:_filtermember:_unspecified_error/
> Any idea?

If you specify a filtermember with ([EMAIL PROTECTED]) it will deliver
mail to all addressee that are found with this filter.

Why you are getting the error after removing filtermember is unclear.

-- 
:wq Claudio

Re: RBL functionality testing

[Claudio Jeker]

On Sat, Nov 01, 2003 at 01:55:58AM -0700, Sancho2k.net Lists wrote:
> I have set up /var/qmail/control/rbllist as follows (tab separated):
> 

Newer patches are no longer so picky about the tab separation. See
QLDAPNEWS file.

> sbl.spamhaus.org reject 127.0.0.2 See http://www.spamhaus.org/SBL/
> relays.ordb.org addheader 127.0.0.2 See http://www.ordb.org/faq/
> list.dsbl.org addheader 127.0.0.2 See http://dsbl.org/main/
> bl.spamcop.net addheader 127.0.0.2 See http://spamcop.net/
> relays.ordb.org reject any See http://ordb.org/
> spamguard.leadmon.net addheader 127.0.0.2 Address is a dialup address
> 
> And my smtpd tcp.cdb has the following rule compiled into it:
> 
> 127.:allow,RELAYCLIENT="",RBL=""
> 
> I set an alias on my loopback interface lo0 for 127.0.0.2 and use telnet 
> -b 127.0.0.1  to connect to the smtp port on my qmail-ldap box. 
> I send a test message and it is successfully delivered to the recipient, 
> untagged in the header.
> 

I think that should be -b 127.0.0.2. If the message gets delivered you
know that the rbl file was parsed succesfully.

> My expectation is that the connection would have been dropped, according 
> to my configuration.
> 
> 1. Is my configuration correct?

Depends on the rbl list. If the have a default bad entry for 127.0.0.2
then yes you should either get a 550 error or a X-RBL header in the mail.

> 2. If it is correct, is my test valid? I don't know of any other way to 
> test the RBL setup other than connecting from IP 127.0.0.2.
> 

Normaly it is the simplest to start qmail-smtp from your shell with the
tcp-environ(5) needed values set. Tcp-environ(5) is a man file delivered
with qmail. Normaly it is enough to set TCPLOCALIP, TCPREMOTEIP and RBL
for testing.

-- 
:wq Claudio

Re: RBL functionality testing

[Claudio Jeker]

On Sat, Nov 01, 2003 at 12:37:22PM -0700, Sancho2k.net Lists wrote:
> Claudio Jeker wrote:
> 
> >On Sat, Nov 01, 2003 at 01:55:58AM -0700, Sancho2k.net Lists wrote:
> >
> >>I have set up /var/qmail/control/rbllist as follows (tab separated):
> >>
> >
> >
> >Newer patches are no longer so picky about the tab separation. See
> >QLDAPNEWS file.
> 
> That I'd read. Is single-space separation fine for the fields in the file?
> 

Yes, that should do.

> >
> >
> >>sbl.spamhaus.org reject 127.0.0.2 See http://www.spamhaus.org/SBL/
> >>relays.ordb.org addheader 127.0.0.2 See http://www.ordb.org/faq/
> >>list.dsbl.org addheader 127.0.0.2 See http://dsbl.org/main/
> >>bl.spamcop.net addheader 127.0.0.2 See http://spamcop.net/
> >>relays.ordb.org reject any See http://ordb.org/
> >>spamguard.leadmon.net addheader 127.0.0.2 Address is a dialup address
> >>
> >>And my smtpd tcp.cdb has the following rule compiled into it:
> >>
> >>127.:allow,RELAYCLIENT="",RBL=""
> >>

I'm a silly little rabbit. If you set RELAYCLIENT no RBL checks will be
done. So you need to change your tcp.cdb file.

> >
> >
> >>My expectation is that the connection would have been dropped, according 
> >>to my configuration.
> >>
> >>1. Is my configuration correct?
> >
> >
> >Depends on the rbl list. If the have a default bad entry for 127.0.0.2
> >then yes you should either get a 550 error or a X-RBL header in the mail.
> 
> In my example, where I have 6 RBLs in my rbllist, would my connection 
> from 127.0.0.2 be checked against all of them or only the first one to 
> return a response of either good or reject?
> 

Normaly all 6 will be checked. The only exception is if a rbl tells you to
reject the message then no more checks are done.

> >>2. If it is correct, is my test valid? I don't know of any other way to 
> >>test the RBL setup other than connecting from IP 127.0.0.2.
> >>
> >
> >Normaly it is the simplest to start qmail-smtp from your shell with the
> >tcp-environ(5) needed values set. Tcp-environ(5) is a man file delivered
> >with qmail. Normaly it is enough to set TCPLOCALIP, TCPREMOTEIP and RBL
> >for testing.
> >
> 
> Could you provide a more detailed description of this? I am using the 
> qmail-conf setup for the smtpd service. So I placed 127.0.0.2 in 
> /service/smtpd/env/TCPREMOTEIP and performed svc -t on the service. I 
> expected this to set TCPREMOTEIP to 127.0.0.2 for every inbound 
> connection to the SMTP port but it appears I misunderstand how that 
> works as tcpserver still registered my connection as coming from the 
> real network address.
> 

That won't work because tcpserver will overwrite the env var.
Normaly the simplest is to do something like this:
env TCPREMOTEIP=127.0.0.2 TCPLOCALIP=127.0.0.1 RBL= /var/qmail/bin/qmail-smtpd

-- 
:wq Claudio

Re: blocking sender addresses and mail filtering

[Claudio Jeker]

On Mon, Nov 03, 2003 at 05:04:36PM +0600, dipak wrote:
> At 11:55 AM 11/3/2003 +0100, Boily Sylvain wrote:
> >dipak wrote:
> >>is it possible to block certain sender addresses per user basis using 
> >>qmail-ldap ?
> >>is it possible to filter mails using regex  in qmail-ldap ?
> >>dipak
> >
> >hi,
> >
> >yes you can use badrcptto and badmailfrom in control.
> >regards,
> >
> >Sylvain
> >
> 
> thanks. but writing in the /var/qmail/control will work for all mails 
> coming or going through the mail server. i want that a mail user can block 
> certain sender address so that mails from those addresses will not come to 
> his/her mailbox.
> 

This can only be solved with a program delivery. e.g with bouncesaying or
procmail/maildrop.

-- 
:wq Claudio

Re: smtp-auth problem...

[Claudio Jeker]

On Tue, Nov 04, 2003 at 03:08:47PM -0800, Asaf Shakarchi wrote:
> Hello,
>  
> I posted a question regarding smtp-auth and I recieved an answer no
> external patch required for smtp-auth in the new version of the
> qmail-ldap.

Yup, that's right. Also our auth-smtp implementation is diffrent form all
others. We're updateing the Docu to show the differences.
  
> it seems like smtp-auth just doesn't work. this is my startup file for
> the smtpd daemon:
>  
> exec /usr/local/bin/softlimit -m 500 \
> /usr/local/ucspi-tcp/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c 
> "$MAXSMTPD" \
> -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd
> /var/qmail/bin/auth_smtp /bin/true 2>&1
>  

There is no need to to add any arguments to qmail-smtpd. To enable
auth_smtp set the SMTPAUTH environment var. The rest will be done by
qmail-smtpd.

>From QLDAPNEWS:
 Added auth_smtp and AUTH capabilities to qmail-smtpd. Enabled via the 
 SMTPAUTH env var. If SMTPAUTH is set to TLSREQUIRED it is neccesairy to
 do a STARTTLS before issuing an AUTH command. If AUTHREQUIRED is set any
 user MUST successfully authenticate before issuing a MAIL FROM command.
 The string in the env var AUTHPREPEND will be prepended to the userid in
 the received line.

>  
> on the log file I can't see nothing related to smtpd (DEBUGLEVEL=255 for
> pop3d work just fine so it's nothing about the --DEBUG option on the
> Makefile)
>  
> also, openldap's daemon(slapd) does not create any logs while running in
> a debug mode, so it seems like auth-smtp just doesn't do anything.
>  

The best way to test if auth_smtp is available is via telnet localhost 25
and issuing a "EHLO dude" command. If there is no "250-AUTH LOGIN PLAIN" line
auth_smtp is not active.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: smtp-auth problem...

[Claudio Jeker]

On Tue, Nov 04, 2003 at 03:45:08PM -0500, Chris Shenton wrote:
> Claudio Jeker <[EMAIL PROTECTED]> writes:
> 
> > The best way to test if auth_smtp is available is via telnet localhost 25
> > and issuing a "EHLO dude" command. If there is no "250-AUTH LOGIN PLAIN" line
> > auth_smtp is not active.
> 
> I've tried this, setting SMTPAUTH to TLSREQUIRED and optionally
> setting AUTHREQUIRED.  Neither of these changes the SMTP EHLO greeting
> to include the "250-AUTH LOGIN PLAIN" line.
> 
> When I check the logs, it does do SMTP AUTH just fine.
> 
>   [EMAIL PROTECTED](256> telnet fester 25
>   Trying 198.116.138.140...
>   Connected to fester.saic.hq.nasa.gov.
>   Escape character is '^]'.
>   220 Fester.SAIC.HQ.NASA.Gov ESMTP 
>   EHLO dude!
>   250-Fester.SAIC.HQ.NASA.Gov 
>   250-PIPELINING
>   250-SIZE 0
>   250-STARTTLS
>   250 8BITMIME
> 
> I see in qmail-smtpd.c where it wants to output this so I'm not sure
> why it's not emitting it.
> 

Becasue you set TLSREQUIRED. It will only anounce the AUTH feature if the
STARTTLS was successful. Why should qmail-smtpd announce a feature that
will definitifly fail...

To verify that you either speak TLS as a second language or you need some
very freaky software. Perhaps stunnel can do the job? 

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: 20031001 relaying (without AUTH) despite tcp.cdb with LOCALHOSTonly

[Claudio Jeker]

On Tue, Nov 04, 2003 at 04:22:31PM -0500, Chris Shenton wrote:
> Andre Oppermann <[EMAIL PROTECTED]> writes:
> 
> > Alternatively you can upgrade to qmail-ldap r20031101 which I have
> > just put on the website and fixes all these bugs. In addition it has
> > got a couple of new features as well. Among them is one for X.400
> > emulation... ;-)
> 
> X.400, woo hoo!  UUCP next?? :-)
> 

We already support uucp, acctually qmail does. There is a entry about it
in FAQ.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: netqmail

[Claudio Jeker]

On Tue, Nov 04, 2003 at 11:07:05PM +0100, Sylvain Boily wrote:
> Hi all,
> 
> Does all patch from netqmail in http://www.qmail.org/netqmail are 
> included in qmail-ldap ?
> Does futur versions are based from this version or we can always 
> download qmail-1.03 sources ?
> 

I have seen netqmail today for the first time and currently I do not know
what they changed in it. If it is the obvious bugs in qmail then we are
already on step further. The current patch was included a major
ANSI-fication of qmail ($EDITOR *.h). Also the errno, fork() and
read/write stories should be histroy.
That's why the compressed patch growed about 20% in one month.

Could anybody with Solaris 9, linux-whatever-is-the-newest and some other
freaky UNIX variants do a test compile?
I tested the code on OpenBSD(i386, sparc, sparc64), FreeBSD and MacOS X.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: smtp-auth problem...

[Claudio Jeker]

On Wed, Nov 05, 2003 at 12:07:52AM +0100, Stefan Paletta wrote:
> Claudio Jeker wrote/schrieb/scripsit:
> > To verify that you either speak TLS as a second language or you need some
> > very freaky software. Perhaps stunnel can do the job? 
> 
> Indeed it can; 'stunnel -c -n smtp -r mail.domain.com:smtp'.
> Sending STARTTLS when TLS is already enabled can be fun with some
> SMTP servers ...
> 

Should not work as per RFC. At least that's what my brain is telling me.
AFAIK there is some paragraph about that.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: courier-imap work with auth_imap issue

[Claudio Jeker]

On Fri, Nov 07, 2003 at 04:45:03AM +0800, Jack Liu wrote:
> Hello,
> 
> I have 4 mail server, all running qmail-ldap, and the user mailbox are
> store at different server, I have a problem that is I cannot access
> email from another mail server by using courier-imap with auth_imap.
> 



> dGgZQwOa1x4bgX+QCn1DCDhSdSTOqCljop4tIl8amNRXOlp6c7mQ7No39iTe5t6I8EnianOwDEW0
> X+Yun1lWKelkcTZwadvuUzSGuMIlfl0gDjj2XH5E1+qO/ApSfKRPse4TThEzZDNguU62Md7JqeeU
> 0pkTsaUh904pDYpkKxh5sF3C4hJ3RQjOKY4FPKQhMKMuQuKckcE3oQYbei7anHhNBWMDlFmkqConnection 
> closed by foreign host.
> #
> 
> But, when I do the same command on mail1, everything is fine.
> 

Which version of qmail-ldap are you using. I remember that once we had a
bug in the forwarding which made it impossible to forward larger mails.
This should be fixed since some time.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: courier-imap work with auth_imap issue

[Claudio Jeker]

On Fri, Nov 07, 2003 at 04:58:08AM +0800, Jack Liu wrote:
> Hello Claudio,
> 
> I'm using qmail-ldap 20021201a patch.
> 
> may I only update auth_imap.c? tks.
> 

What could work ist to download the 20030801a patch (the last one befor
the 20030901 patch). Then you can compile and replace auth_imap and
auth_pop. But keep the old one because I'm not 100% sure that it works.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: Executable content filter patch

[Claudio Jeker]

On Fri, Nov 07, 2003 at 10:32:39PM +1100, Roland Chan wrote:
> Hi All,
> 
> I don't know about the rest of you, but I prefer 
> http://www.qmail.org/qmail-smtpd-viruscan-1.2.patch to the 
> SMTPEXECHECKing in qmail-ldap. The configuration file approach to 
> pattern checking seems like a much better idea than hard coding the pattern.
> 
> It also gives the opportunity for somewhat finegrained approaches if you 
> want to block viruses but not other executables.
> 
> While this isn't a democracy, any other votes for using a config file to 
> store bad first parts of attachments?

We also like the new virusscan patch from Russel Nelson. It will be
integrated in the next release. For this it was to late.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: qmail-ldap-1.03-20031101 boot scripts

[Claudio Jeker]

On Fri, Nov 07, 2003 at 02:03:44PM -0500, Skinny Puppy wrote:
> Marcelo Aguero [EMAIL PROTECTED] wrote:
> > A _really_ excellent new version!
> > 
> > Make sense to you to include the tcpserver -c parameter in boot scripts
> > to control max concurrent connections? I mean, include in the patch.
> > 
> > I usually add for example control/concurrencysmtp,
> > control/concurrencypop, control/concurrencyimap with the values for max
> > concurrent connections and change boot/qmail-smtpd/run adding for
> [Snip example]
> 
> 
> What error message is returned to the connection host that has gone over
> its connection limit.  With ipsvd you can set limits based on IP/Hostname
> and return differeny SMTP codes for each. 
> 
> http://smarden.org/ipsvd/examples.html

Not a good idea. Stock qmail will defer the mail if there is a problem
after the connection is opened instead of using a lower percedence MX
server. This could be considered a bug of stock qmail. It does not break
mail delivery but should be considered. If tcpserver hits the limit it
will drop the connestion without a error message. This could also be
considered as a bug.  Nobody will forbid you to use a different tcpserver.
Currently we are very happy with tcpserver and so we will keep it in our
example run scripts.

Also keep in mind, that the run scripts, rules file and Makefile installed
by qmail-ldap will not be replaced upon reinstall. So it is save to modify
these files.

We are also willing to add more stuff to the runscripts.
The idea with the concurrency limit is good and will be added for the next
release.


-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: home and maildirs ( yup again ) - just need a tipp...

[Claudio Jeker]

On Sat, Nov 08, 2003 at 12:20:20AM +0100, SEFEROVIC Edvin wrote:
> Hello everyone,
> 
> This is not another email begging for help because AUTODIR or AUTOHOMEDIR
> isn't functioning. I just need a little tip from the professionals among
> you.
> 
> I want to have a mail and web server for my users, and therefore I wish to
> have all my homes under /home/user. Does it make sense to disable the
> homeDirectory attribute in qmail-ldap.h and leave vmail user the maildirs
> directory?

That is absolutly OK. You could also use a OpenLDAP ACL to deny qmail-ldap
the access to the homedirectory attribute.

> In this case, who is gonna make my homedirs for the users in LDAP
> ( pls don't say it has to be done manually ) ? 

No sure not. If there is no homedirectory qmail-ldap will use
mailmessagestore as $HOME and the autohomedirmake will use $HOME.

> 2 option is - allow vmail user to create homedirs und maildirs under /home.
> in this case, I would have to change the owner of the homedir to user (
> security ), what means that qmail wont be able to deliver any mail in this
> dir and subdir afterwards - right? Another problem is the maildir.. what
> happens if the user deletes it ( accessing through Samba for example )..
> 
You could also use a more komplex dirmaker script that uses e.g. sudo to
create the homedirs. About the minimal rights needed for a successful
delivery I can only say qmail is not sendmail. qmail will only check if
the $HOME directory is not writeable to all (or what ever you have set in
conf-patrn).
If the maildir is removed qmail-ldap will recreate one automatic via
automaildirmake feature.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: AUTH capabilities in qmail-remote

[Claudio Jeker]

On Fri, Nov 07, 2003 at 10:30:25PM -0500, Donny Davies wrote:
> I'm using an older qmail-ldap into which I butchered a feature where
> qmail-remote can AUTH LOGIN to my upstream ISP relay configured in
> ~control/smtproutes like this:
> 
>:upstream.server.tld username password
> 
> I was wondering if 20031101 supported something like this, because my
> ISP requires it.  Check the headers of this message to see evidence.
> 
> So what's the deal -- am I hacking it myself again or is there already
> support in 20031101?  If there isn't now, how about adding to 20031201?
> 

No we do not support that in qmail-ldap and I'm not sure if we will.
Qmail-ldap is a mta designed to deliver the mail directly to the
destination mta and so the need to autenticate the outgoing connection is
somewhat freaky.
Currently you are the only one needing that feature unless there are more
yelling for this feature it will be considered non important.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: Problems with SMTP550DISCONNECT and others on 20031101

[Claudio Jeker]

On Tue, Nov 11, 2003 at 03:13:37PM +0100, Vicente Aguilar wrote:
> Hello
> 
> We've recently upgraded our mail server from an old qmail-ldap version
> (don't know the exact release number, but it was about 2 years old) to
> 20031101, and it's been working great for about a week now. We've really
> noticed the improvements, great work!
> 
> Yesterday we started playing with the SMTP550DISCONNECT, SANITYCHECK,
> SENDERCHECK and RCPTCHECK options, in order to filter out some SPAM and
> diminish mail traffic due to bounces, incorrect addresses and the like.
> We've already identified these problems (don't know if they're already
> known by the list, sorry if this is an already known issue but I haven't
> found anything on the docs):

Yeah, the docs are currently not in the best shape. But hopefully we
update it until December.

> - SMTP550DISCONNECT breaks some MUAs, verified with Outlook Express 
> 6.00.2800.1106 (xp sp1.020.828-1920) and Eudora 6. I've sniffed some
> Eudora 6 traffic and it *always* sends a RSET after the EHLO and before
> the MAIL FROM:, so it gets disconnected if SMTP550DISCONNECT is active.
> 

OK changed the code so that it no longer disconnects on RSET.
This was a one line fix.

> - A combination of SANITYCHECK, SENDERCHECK and RCPTCHECK seems to break
> some Macintosh MUAs (only MACs? not sure about that). Disabling all
> those options seems to solve the problem. Still have to investigate a
> little bit more about this...
> 

Sounds intresting ;-)

> On the other hand, we've had no problems at all with several other
> versions of Outlook on both MACs and PCs, Evolution on Linux, and
> Mozilla & Netscape on PCs and Linux.
> 
> I'll report to the list any other findings regarding these problems...
> 

thanks for the info

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: Problems with SMTP550DISCONNECT and others on 20031101

[Claudio Jeker]

On Tue, Nov 11, 2003 at 06:48:42PM +0100, Vicente Aguilar wrote:
> El mar, 11-11-2003 a las 17:00, Claudio Jeker escribió:
> > > - A combination of SANITYCHECK, SENDERCHECK and RCPTCHECK seems to break
> > > some Macintosh MUAs (only MACs? not sure about that). Disabling all
> > Sounds intresting ;-)
> 
> Macintosh Outlook Express 5.0.3 is affected by this, 5.0.6 is not.
> 
> I've got a 5.0.6 here and it's working, I've sniffed some traffic and
> everything seems ok... Now I'm trying to grab a copy of 5.0.3 off the
> net but our friends at MS have removed every trace of its existence, you
> can only download the latest version off their site and I've had no luck
> trying to find a mirror or something with and older release with Google.
> 
> A co-worker is trying to find a 5.0.3 installed in another office, if he
> finds one I'll install it here and try to find out what's going on, if
> this particular Outlook release is sending some broken SMTP headers or
> what.
> 
> I'm almost sure this is an Outlook bug, not a qmail-ldap one. Anyway
> I'll try to find it out for sure.

The chances are good that it is a Outlook bug.
 
> ps: could I have a patch with the RSET SMTP550DISCONNECT fix?
> 
Here it is:
Index: qmail-smtpd.c
===
RCS file: /home/cvs-qmail-ldap/CVS/qmail-ldap/qmail-smtpd.c,v
retrieving revision 1.97
diff -u -r1.97 qmail-smtpd.c
--- qmail-smtpd.c   29 Oct 2003 14:25:20 -  1.97
+++ qmail-smtpd.c   11 Nov 2003 19:52:25 -
@@ -790,7 +790,6 @@
   relayclient = relayok; /* restore original relayclient setting */
   out("250 flushed\r\n");
   logline(3,"remote rset");
-  if (errdisconnect) err_quit();
 }
 
 struct qmail qqt;
===
As I said one line fix.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: Problems with SMTP550DISCONNECT and others on 20031101

[Claudio Jeker]

On Tue, Nov 11, 2003 at 12:45:22PM -0800, J. S. Townsley wrote:
> 
> I reported this flaw a while back.  This error is created when the end
> user has virus protection software also.
> 

Your right, found the mail in the archive. Somehow that slipped through my
bug radar. Sorry.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: typo in rcpthosts.c

[Claudio Jeker]

On Tue, Nov 11, 2003 at 04:20:07PM -0500, Neil Sequeira wrote:
> Hey folks,
> 
> I'm not sure if this has already been spotted, but there's a typo into 
> rcpthosts.c in the latest qmail-ldap release.  
> 
Copy-paste bug. Applied. Thanks for the info.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: qmail-ldap with Bincimap

[Claudio Jeker]

On Thu, Nov 13, 2003 at 04:51:28PM +0100, Morten Grunnet Buhl wrote:
> 
> Hey I was wondering if any of you guy shave Bincimap running with our
> everybody's favorite qmail patch?
> I'm starting Bincimap like this:
> 

...

> --logtype=multilog  \
> --conf=/usr/local/etc/bincimap/bincimap.conf -- \
> /var/qmail/bin/auth_imap\
> /usr/local/bin/bincimapd
> '
> 

...

> also when the user doesnt exists and in the Bincimap log i get
> 93336 0 [EMAIL PROTECTED]:] User  entered authenticated mode
> 

auth_imap was designed for courier-imap use only. It will currently not
work with binc

> I have also tried with /var/qmail/bin/auth_pop and here I just see:
> 92906 0 [EMAIL PROTECTED]:] Client connected to Binc IMAP from 10.0.0.5
> 92906 1 [EMAIL PROTECTED]:] Unprivileged stub shutting down - read:0
> bytes, wrote:0 bytes.
> whenever I  issue a '1 LOGIN user pass' and then the client end
> terminates.
> 
IIRC binc uses the same checkpassword functionallity as qmail-pop{up,3d}
so auth_pop could probably work (cluster forwards will not work but I
don't think this is the problem here).
I don't understand what "Unprivileged stub" should mean. Do we have to get
the privileg to run auth_pop ???

Somewhen this month I planned to test binc with qmail-ldap, we will see...

> I am probably doing something silly here. so if anyone has some
> experience they would like to share it would be most appreciated.
> --
> Morten Grunnet Buhl
> fortune: Command not found.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: Case sensitivity using locals.cdb

[Claudio Jeker]

On Thu, Nov 20, 2003 at 10:47:33AM -0800, Doug Council wrote:
> We just installed the new 20031101a patch and are attempting to use the
> new locals.cdb functionality.  But, during testing, we noticed that domain
> compares in qmail-smtpd to determine if a message was local or remote
> is case sensitive vs. case insensitive.  When we revert back to the normal
> locals processing, the domain compare is case insensitive.
> 
> For example, with "domain.com" listed in locals and locals.cdb, using the
> locals.cdb will treat "[EMAIL PROTECTED]" and "[EMAIL PROTECTED]" as remote
> vs. local deliveries.  But, using locals (with locals.cdb removed), they
> are both treated as local deliveries.
> 
> Has anyone else noticed this behavior?
> 

Not until now. There is indeed this problem :(
While the constmap is caseinsensitive cdb isn't. "It was an easy mistake
to make."

Patch that should solve those troubles is attached. I also fixed it in
qmail-send/qmail-todo.

Sorry and thanks for the report.
-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Index: qmail-send.c
===
RCS file: /home/cvs-djbware/CVS/qmail-ldap/qmail-send.c,v
retrieving revision 1.28
diff -u -r1.28 qmail-send.c
--- qmail-send.c29 Oct 2003 14:25:20 -  1.28
+++ qmail-send.c20 Nov 2003 19:41:07 -
@@ -150,11 +150,15 @@
   at = byte_rchr(addr.s,addr.len,'@');
 
   if (localscdb.s && localscdb.len > 1) {
+static stralloc lowaddr = {0};
 int fd, r;
 uint32 dlen;
+
+if (!stralloc_copyb(&lowaddr,addr.s + at + 1,addr.len - at - 1)) return 0;
+case_lowerb(lowaddr.s, lowaddr.len);
 fd = open_read(localscdb.s);
 if (fd == -1) return -1;
-r = cdb_seek(fd, addr.s + at + 1,addr.len - at - 1, &dlen);
+r = cdb_seek(fd, lowaddr.s,lowaddr.len, &dlen);
 close(fd);
 if (r == -1) return -1;
 if (r == 1) {
Index: qmail-todo.c
===
RCS file: /home/cvs-djbware/CVS/qmail-ldap/qmail-todo.c,v
retrieving revision 1.14
diff -u -r1.14 qmail-todo.c
--- qmail-todo.c29 Oct 2003 14:25:20 -  1.14
+++ qmail-todo.c20 Nov 2003 19:41:07 -
@@ -5,6 +5,7 @@
 #include "alloc.h"
 #include "auto_qmail.h"
 #include "byte.h"
+#include "case.h"
 #include "cdb.h"
 #include "constmap.h"
 #include "control.h"
@@ -131,11 +132,15 @@
   at = byte_rchr(addr.s,addr.len,'@');
 
   if (localscdb.s && localscdb.len > 1) {
+static stralloc lowaddr = {0};
 int fd, r;
 uint32 dlen;
+
+if (!stralloc_copyb(&lowaddr,addr.s + at + 1,addr.len - at - 1)) return 0;
+case_lowerb(lowaddr.s, lowaddr.len);
 fd = open_read(localscdb.s);
 if (fd == -1) return -1;
-r = cdb_seek(fd, addr.s + at + 1,addr.len - at - 1, &dlen);
+r = cdb_seek(fd, lowaddr.s,lowaddr.len, &dlen);
 close(fd);
 if (r == -1) return -1;
 if (r == 1) {
Index: rcpthosts.c
===
RCS file: /home/cvs-djbware/CVS/qmail-ldap/rcpthosts.c,v
retrieving revision 1.6
diff -u -r1.6 rcpthosts.c
--- rcpthosts.c 11 Nov 2003 22:06:08 -  1.6
+++ rcpthosts.c 20 Nov 2003 19:41:07 -
@@ -38,6 +38,8 @@
   return 0;
 }
 
+static stralloc host = {0};
+
 int localhosts(char *buf, int len)
 {
   int j;
@@ -49,6 +51,10 @@
   if (j >= len) return 0; /* envnoathost is not acceptable */
   ++j; buf += j; len -= j;
   
+  if (!stralloc_copyb(&host,buf,len)) return -1;
+  buf = host.s;
+  case_lowerb(buf,len);
+
   /* if local.cdb available use this as source */
   if (fdlo != -1) 
 return cdb_seek(fdlo, buf, len, &dlen);
@@ -56,8 +62,6 @@
 if (constmap(&maplocals, buf, len)) return 1;
   return 0;
 }
-
-static stralloc host = {0};
 
 int rcpthosts(buf,len)
 char *buf;

Re: /etc/openldap/schema/qmail.schema: line 54: Duplicate attributeType:"mailHost"

[Claudio Jeker]

On Fri, Nov 21, 2003 at 09:55:45AM +0800, John wrote:
> Hello,
> 
> We just installed the new 20031101a patch and are attempting to use the new
> OpenLDAP 2.12. But I am
> currently using a schema I found and I get the following errors
> 
> /etc/openldap/schema/qmail.schema: line 54: Duplicate attributeType:
> "mailHost"
> 
> Here is the entry for that attribute in the schema
> 
> attributetype ( 1.3.6.1.4.1.7914.1.2.1.6 NAME 'mailHost'
>  DESC 'On which qmail server the messagestore of this user is located.'
>  EQUALITY caseIgnoreIA5Match
>  SUBSTR caseIgnoreIA5SubstringsMatch
>  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE)
> 
> Can I post this question at the qmail-ldap list?
> 

Yes, why not.

The problem is that misc.schema and qmail.schema may not coexist. So
remove the "include */schema/misc.schema" from your slapd.conf.
Afterwards it should work.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: question about qmail-ldap and mail routing

[Claudio Jeker]

On Thu, Nov 20, 2003 at 04:40:54PM -0800, Ryan Matthews wrote:
> Hi all,
> 
> I would like to use qmail as a mail relay only, not a POP toaster, but 
> would like the functionality of qmail-ldap to accept mail only if the 
> user exists.  I am using stalker.com's communigate product.  Basically 
> it looks like if I setup the qmail-ldap patch, and put the communigate 
> server as the mailHost it *should* work, I was just looking for some 
> confirmation, or and explanation of a better solution.
> 

I don't know the communigate product but I can give you a hint.
You can use qmail/qmail-ldap as incomming mail gateway by setting a
default ~control/smtproute (something like ":internal-smtp.your.doamin").
Then setup a rcpthosts or rcpthosts.cdb file with all accepted domains but
no locals repsectivly locals.cdb file and qmail-ldap will happily forward all mail.

For recipient verify you need to have access to your userbase over LDAP.
At least the mail and mailAlternateAddress should be available.
Then it should be no problem to set that up but your on your own.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: question about qmail-ldap and mail routing

[Claudio Jeker]

On Fri, Nov 21, 2003 at 10:13:55AM -0500, Chris Shenton wrote:
> Claudio Jeker <[EMAIL PROTECTED]> writes:
> 
> > For recipient verify you need to have access to your userbase over
> > LDAP.  At least the mail and mailAlternateAddress should be
> > available.  Then it should be no problem to set that up but your on
> > your own.
> 
> Presuming CommuniGate uses LDAP and that the user info is available
> to other systems.  :-). 
> 
> Idle question: if CommuniGate uses different attribute names than
> "mail" and "mailAlternateAddress" is there a way to get qmail-ldap to
> map it's names to Communigate's? Or do you have to tweak the
> source code to change the names it searches in LDAP?

You have to edit qmail-ldap.h and change the attribute names, afterwards
it should work. At least it is what I expect.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: mail delivery with maildrop

[Claudio Jeker]

On Sat, Nov 22, 2003 at 05:15:14PM +0600, dipak wrote:
> 
> I am using maildrop with qmail-ldap. but qmail-ldap executes maildrop 
> mailfilter after delivering the mail to the maildir.  Is there anyway to 
> execute maildrop mailfilter before doing delivery to maildir ?
> 

Program deliveries are done first. Afterwards forwards and the the maildir
delivery. You need to set deliverymode to nolocal to stop delivering to
maildir.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: mail delivery with maildrop

[Claudio Jeker]

On Sat, Nov 22, 2003 at 06:16:55PM +0600, dipak wrote:
> At 12:55 PM 11/22/2003 +0100, Claudio Jeker wrote:
> >On Sat, Nov 22, 2003 at 05:15:14PM +0600, dipak wrote:
> >>
> >> I am using maildrop with qmail-ldap. but qmail-ldap executes maildrop
> >> mailfilter after delivering the mail to the maildir.  Is there anyway to
> >> execute maildrop mailfilter before doing delivery to maildir ?
> >>
> >
> >Program deliveries are done first. Afterwards forwards and the the maildir
> >delivery. You need to set deliverymode to nolocal to stop delivering to
> >maildir.
> 
> Thanks i got the point.  one more question . quotachecking is done before 
> the program delivery or after ?
> 

After. quotachecking is only done when a mail is delivered to a mailbox by
qmail-local.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: dash_ext not native to qmail? .qmail delivery problem

[Claudio Jeker]

On Sun, Nov 23, 2003 at 03:31:53PM -0700, Sancho2k.net Lists wrote:
> As a question about the following option from Makefile:
> 
> -DDASH_EXT to enable the dash_ext patch for extended mail addresses
> 
> ...Am I wrong in thinking that native qmail-1.03 already has the ability 
> to support email addresses such as [EMAIL PROTECTED] On my old 
> installation I successfully used extension addresses without having to 
> patch the distribution. Thanks in advance for an answer to this.
> 
> I pose this question while troubleshooting a problem I'm having with 
> deliveries to a user called 'sancho-spam' on my qmail-ldap server. I 
> believe I have my qmail-ldap configuration correct, and here are some 
> snippets from the output of qmail-showctl:
> 
>  user-ext delimiter: -.
>  ldapdefaultdotmode: Default dot mode for ldap users is both.
> 
> Some information from qmail-ldaplookup on this user:
> 
>  qmailDotMode: both
>  homeDirectory: /var/vmail/sancho
> 
> # ls -lA /var/vmail/sancho
> -rw-r--r--   1 vmail  vmail   11 Jul 10 00:24 .qmail-spam
> drwx--  20 vmail  vmail  512 Nov 23 15:15 Maildir
> 
> # cat /var/vmail/sancho/.qmail-spam
>  Leave this commented out to silently drop mail going
>  to [EMAIL PROTECTED]
> 

qmail-ldap is not doing what you expect. If you wanna catch the mail for
sancho-spam you need a ldap entry for sancho-spam else qmail-ldap will
tell you the account does not exist.

If you enable the dash-ext feature qmail-ldap tries a few more accounts.
In your case:
1) [EMAIL PROTECTED]
2) [EMAIL PROTECTED]
3) [EMAIL PROTECTED]

Now if you add [EMAIL PROTECTED] to mailalternateaddress you can emulate
the old qmail behaviour. This works only if you set qmailDotMode to both
or even better dotonly. If you use dotonly mail to sancho-blabla will
result in a no such mailbox error while with both it will be delivered to the
main box. At least this is the theory.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: qmail-reply.db problem ?

[Claudio Jeker]

On Mon, Nov 24, 2003 at 06:38:25PM +0800, Dino Ming wrote:
> Sorry, I'm not sure either this email posted to the list or not, so I
> resend.
> 
> ---
> 
> Hello,
> 
> I encountered the same qmail-reply.db mailReplyText problem. At first, I
> change the deliveryMode to reply,then I fill in the Reply Text, and it's
> work.
> 
> For some reason, I would like to reset the text of rely text at openldap.
> and The auto-reply function seem stopped after the change, and no reply send
> back to the sender. Untill I remove that qmail-reply.db manually.
> 
> So, the question is, it is a features or bug or something I miss-understand
> ? How qmail-reply remove remove old entries ?
> 

Known issue, fix is on the way.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: auth_pop error on libdb2.so.2 lib.

[Claudio Jeker]

On Mon, Nov 24, 2003 at 09:38:36PM +0800, Dino Ming wrote:
> Hello,
> 
> I'm attempting to setup qmail-ldap latest on my Debian Woody. I'm also need to use 
> pop & imap with it. but when I login from M$ OE6. It prompt with the following 
> error. 
> 
> There was a problem logging onto your mail server. Your Password was rejected.
> Account: 'xxx.xxx.xxx.xxx', Server: 'xxx.xxx.xxx.xxx', Protocol: POP3, Server 
> Response:
> '/var/qmail/bin/auth_pop: error while loading shared libraries:
> libdb2.so.2: failed to map segment from shared object: Cannot allocate memory',
 ^^
> Port: 110, Secure(SSL):No, Server error: 0x800CCC90, Error Number: 0x800CCC92
> 
> I've tried to use ldd to check the shared lib of auth_pop: And the result at below:
> 

You hit the memory limit. You need to increase the datasize. softlimit,
ulimit or limit is your friend.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: RBL rejects - logged by qmail-smtpd?

[Claudio Jeker]

On Mon, Nov 24, 2003 at 05:40:53PM -0700, Sancho2k.net Lists wrote:
> I have the following /var/qmail/control/rbllist:
> 
>  sbl.spamhaus.orgreject  127.0.0.2   Spamhaus
>  relays.ordb.org reject  127.0.0.2   ORDB
>  list.dsbl.org   reject  127.0.0.2   DSBL
>  bl.spamcop.net  reject  127.0.0.2   Spamcop
>  spamguard.leadmon.net   reject  127.0.0.2   Spamguard
> 
> And RBL="" is defined in tcpserver for external deliveries. qmail-showctl
> does acknowledge rbllist: for my configuration.
> 
> I don't see any references to rbl or RBL or anything in my qmail-send log
> files, but given past spam attempts as experienced using rblsmptd with
> qmail-1.03, I should have several connections per day that would be
> caught.
> 
> Will this activity (anything detected by RBL functionality and tagged or
> blocked) be logged by qmail-smtpd? If so, is something missing from my
> configuration?
> 

You need to set the LOGLEVEL to 2 to see the rbl checks.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: mailmessagestore and how it works

[Claudio Jeker]

On Mon, Nov 24, 2003 at 09:43:24PM -0400, Ace Suares wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> 
> 
> Hi,
> 
> How do ~controls/ldapmessagestore tie in with homeDirectory and 
> mailMessageStore attributes in LDAP ?
> 
> Is it correct that if homeDirectory and mailMessagestore do NOT start with a 
> slash (/) that all three of them get tied together ?
> 
> say:
> 
> !control/ldapmessagestore is /maildisk
> and homeDirectory is domain.com
> and mailMessagestore is [EMAIL PROTECTED]
> 
> that the mail wil be stored in
> /maildisk/domain.com/[EMAIL PROTECTED]/cur
> /maildisk/domain.com/[EMAIL PROTECTED]/new
> /maildisk/domain.com/[EMAIL PROTECTED]/tmp
> 

Nope, the logic is a bit more complicated.

a) homeDirectory has to be a absolute path (the homedir of a user needs to be
   an absolute path).
b) if both homeDirectory and mailMessagestore are defined, homeDirectory
   is $HOME and mailMessagestore replaces aliasempty.
c) if mailMessagestore is a relative path and there is no homeDirectory
   ~controls/ldapmessagestore will be prepended.
d) if either homeDirectory or mailMessagestore is defined, it will be used
   as $HOME and aliasempty will be used without modification.

Hope that helps.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: SMTP_AUTH and QMAILQUEUE

[Claudio Jeker]

On Tue, Nov 25, 2003 at 12:12:33AM -0500, Paul G. Weiss wrote:
> Is there any way for a QMAILQUEUE program to know if the SMTP session was 
> authenticated, and if so, what the username of the authenticated user is?  
> Before I go ahead and patch it in, has anyone else done this already?
> 

Currently there is no way to know if a session was authenticated.
The fix is simple in smtp_auth() line 1515
add something like:
if (!env_put2("AUTHENTICATED", line.s)) die_nomem();

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: SMTP_AUTH and QMAILQUEUE

[Claudio Jeker]

On Tue, Nov 25, 2003 at 06:34:08AM -0500, Paul G. Weiss wrote:
> On Tue, 25 Nov 2003 06:20:45 -0500, Paul G. Weiss <[EMAIL PROTECTED]> wrote:
> 
> >On Tue, 25 Nov 2003 10:25:22 +0100, Claudio Jeker <[EMAIL PROTECTED]> 
> >wrote:
> >
> >>On Tue, Nov 25, 2003 at 12:12:33AM -0500, Paul G. Weiss wrote:
> >>>Is there any way for a QMAILQUEUE program to know if the SMTP session 
> >>>was
> >>>authenticated, and if so, what the username of the authenticated user 
> >>>is?
> >>>Before I go ahead and patch it in, has anyone else done this already?
> >>>
> >>
> >>Currently there is no way to know if a session was authenticated.
> >>The fix is simple in smtp_auth() line 1515
> >>add something like:
> >>if (!env_put2("AUTHENTICATED", line.s)) die_nomem();
> >>
> >
> >Are you sure?  Doesn't this run in a different process than qmail-smtpd?
> >
> 
> I take it back.  But your solution doesn't give me the unencoded user name 
> does it?  I would need to unencode it in the AUTH LOGIN and AUTH PLAIN 
> cases.  If we ever do AUTH CRAM-MD5 and AUTH DIGEST-MD5 I would have to 
> add cases for that as well.
> 
It does. After calling auth_close line will be set to the concatenation of
authprepend and the login.

> It would seem to make more sense to have the auth_smtp.c module pass back 
> the name of the authenticated user back to the calling process and have it 
> set the environment variable then.
> 
It already does.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: Confused with auth_smtp

[Claudio Jeker]

On Tue, Nov 25, 2003 at 11:24:14PM +0800, Dino Ming wrote:
> Hi Thomas,
> 
> I've followed your suggestion on the AUTHPREPEND="authenticated:", But I can
> saw that all wrong smtp outgoing mail with wrong password authenticated
> include this in their mail header. :(
> 
> This is my current contents of /etc/tcp.smtp file.
> 
> 127.:allow,RELAYCLIENT=""
> :allow,SMTPAUTH="",AUTHPREPEND="Authenticated:"
> 
Add a LOGLEVEL="3" line to all rules and remake the cdb.
Afterwards you should get a lot of info about what is enabled and what is
going on.

In extrem cases 'env TCPREMOTEIP=1.2.3.4 SMTPAUTH= AUTHPREPEND="XXX"
LOGLEVEL=3 /var/qmail/bin/qmail-smtp' could give you a hint too.

Remeber auth_smtp is not run as root so check that it has read permissions
on the needed control files (see big-qmail-ldap picture for a list)

> From your last comment, I didn't found any way have smtp relay enabled
> within my /var/qmail/control/*
> or RELAYCLIENT. But I found that there have 4 rules files sit inside the
> /var/qmail/control/directory which are
> qmail-smtpd.rules,qmail-pop3d.rules,qmail-imapd.rules,qmail-qmqd.rules
> 
> Does these files affect the smtp authentication especially on
> qmail-smtpd.rules ?
> 

Not unless you are using the startup scripts shipped in qmail-ldap
(~/boot).

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: auth_imap ... pls help me - run out of ideas...

[Claudio Jeker]

On Tue, Nov 25, 2003 at 07:32:02PM +0100, SEFEROVIC Edvin wrote:
> Hello everyone, 
> 
>  
> 
> I already wrote a mail asking about courier-imap and auth_imap but no one
> answered. this is my second chance to get the mail server working. I have to
> get my email server working until Thursday or I am as good as dead. I
> configured courier-imap as described on
> http://rootshell.be/~shekhar/qmail.html ... after I start CourierIMAP and
> try to authenticate with my LDAP server - it fails. here is the log of my
> slapd :
> 
> As you can see, the user that is trying to log in is "adolf_b08". after the
> user is found, the process is broken, and I don't know why. The user exists
> and has a plain text password in field userPassword.. 
^^^

Plain text passwords are disable unless the -DCLEARTEXTPASSWD option is
set. Normaly it is a bad idea to use clear textpasswords. To generate
passwords use digest bundeled with qmail-ldap.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: Automatic Homedir Creation

[Claudio Jeker]

On Tue, Nov 25, 2003 at 06:08:56PM -0400, Ace Suares wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> 
> > I recompiled (same Makefile) and not it works fine, weird, no clue why it
> > happend, Anyway, popping to the account first time also creates the
> > directory just like sending 1st email :)
> >
> 
> Does it ? Can anyone confirm ? Would be a *nice* new feature!
> 

That's true for the newer patches. See QLDAPNEWS:
 Rewrite of the homedirmake and maildirmake feature. Finaly auth_imap will
 create the maildir for courier.

The pop3 chain always worked. It was courier that failed horribly.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: auth_pop wont work with plain text passwds

[Claudio Jeker]

On Tue, Nov 25, 2003 at 11:12:30PM +0100, SEFEROVIC Edvin wrote:
> Hello people..
> 
>  
> 
> It s me again.. I know - it is getting boring now :-( I just tried
> qmail-pop3d, and it wont work either with auth_pop.
> 
> I started qmail-pop3d with xinetd but again I got login failed message.. I
> am working 13 h now on this. is there anyone out there who could help me
> out?
> 

OK. First of all compile a version with -DDEBUG so that you get additional
logging.

Then check if you can find your user.
/var/qmail/bin/qmail-ldaplookup -d 255 -u 
if this succeeds try to verify the password
/var/qmail/bin/qmail-ldaplookup -d 255 -u  -p 

Now you know that there is no trouble in your ldap setup. Next step is to
check pop3 becaus it is simpler.

env LOGLEVEL=255 /var/qmail/bin/qmail-popup  /var/qmail/bin/auth_pop \
/bin/echo "SUCCESS"
You can exchange the /bin/echo call with /var/qmail/bin/qmail-pop3d
If the login was a SUCCESS it's time for courier.

env LOGLEVEL=255 /imaplogin /var/qmail/bin/auth_imap \
   /imapd ./Maildir/

If you get stuck somewhere attach the output of your last step so that we
can see where it fails.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: user delivery botched, improper account config?

[Claudio Jeker]

On Wed, Nov 26, 2003 at 04:08:33PM -0700, Sancho2k.net Lists wrote:
> Chris Wilkes said:
> >
> > Looking at the QLDAPINSTALL file:
> >
> >   LDAP_HOMEDIR (default: "homeDirectory")
> >
> >   Path to the maildir/mbox on the mail system is extracted from those
> >   fields. If LDAP_HOMEDIR is found this field is used as $HOME, using
> >   aliasempty or mailMessagestore if defined as default delivery method.
> >
> > So you could edit qmail-ldap.h and change this line:
> >   #define LDAP_HOMEDIR "homeDirectory"
> > To something like
> >   #define LDAP_HOMEDIR "noHomeDirectory"
> >
> > And then, according to QLDAPNEWS, qmailldap will then look to
> > LDAP_MAILSTORE / mailMessageStore for where the $HOME directory is.  So
> > define a "mailMessageStore" for all your users that points to their
> > qmail home directory.
> 
> Would this require adding the new attribute to the qmail.schema?
> 
No.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: problem with RCPTCHECK

[Claudio Jeker]

On Sat, Nov 29, 2003 at 12:47:00PM +0100, Christian Eisendle wrote:
> Hi!
> 
> I'm using qmail with qmail-ldap-patch-20031101.
> Everything works fine (no problems with qmail nor ldap), but when i'm enable
> RCPTCHECK, i get the following error message:
> 
> 
> 220 mail.eisendle.net ESMTP
> ehlo test
> 250-mail.eisendle.net
> 250-PIPELINING
> 250-SIZE 1000
> 250-STARTTLS
> 250-AUTH LOGIN PLAIN
> 250 8BITMIME
> mail from: [EMAIL PROTECTED]
> 250 ok
> rcpt to: [EMAIL PROTECTED]
> 451 temporary ldap lookup failure, try again later
> 
> 
> What's wrong?

Check if the ~control/ldap* files -- especially ldappassword -- are
readable by the qmail-smtp user -- normaly qmaild.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: cdb issues

[Claudio Jeker]

On Tue, Dec 02, 2003 at 01:25:36AM -0700, Travis LaWall wrote:
> help please. any ideas on this would be appreciated. apparently i am 
> having an issue with how large the qmail-smtpd.rules(and hence 
> qmail-smtpd.cdb) file may be.  i upgraded a working instance from 
> 20031001 to 20031101a and i am using the exact same file i have compiled 
> with tcprules for the tcpserver to use in the run script for qmail-smtpd 
> and i am now having dificulties with tcpserver setting the proper 
> environment variables.  when i truncate the rules file to just two lines 
> at the head of the file it works as expected but if i dont then 
> tcpserver doesnt pickup the environment vars it needs to set.  this is 
> bizzare behaviour since tcpserver didnt have issues with this until the 
> upgrade and its not a component that is upgraded.  any ideas? tia. travis
> 

Strange. Just to make sure, you checked ~control/qmail-smtp.rules and
verified that the cdb is in sync. I'm asking that because there was a bug
in the install tool (an existing ~control/qmail-smtp.rules will be
overwritten with the standard one :( )

qmail-ldap did neither change tcpserver nor tcprules so I guess they
should work as expected.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: Vacation; change password; auto-create Trash folder; log blocked exec?

[Claudio Jeker]

On Thu, Dec 04, 2003 at 01:22:02PM -0500, Chris Shenton wrote:
> We're now finally running qmail-ldap 20031001 on a small handful of
> load-balanced servers here with a shared NFS mailstore.  Very cool.
> I've got a few unrelated questions about practical usage.
> 
> 
> * Vacation
> 
>   What are you folks using to implement vacation-style autoreply
>   messages?  Setting deliveryMode and mailReplyText will answer every
>   inbound msg, while vacation programs typically only send one notice to
>   a sender during a time-period.  Or am I missing something?
> 
>   I'm seeing some vacation-ish and reply timeout code in qmail-reply.c
>   don't recall seeing how qmail-reply would be used for this.  The
>   recent_lookup() appears to read qmail-reply.db, which I presume is
>   DBM/GDB/BDB-type of file; this would not be safe if stored on NFS,
>   and would be painful to propagate to our multiple qmail-ldap mail
>   servers.  It looks like it does have some locking code but do you
>   all use this over NFS?  Any pointers to how to set up vacation?
>   Any thoughts on storing user vacation information in LDAP?
>   

The simple db used by qmail-reply should be as nfs save as possible. The
file locking is done with a stat and open(*O_EXCL*) not with flock.
Storing the data in LDAP is a now go. LDAP write performance just sucks.

> * Password changing
> 
>   How are you changing qmail-ldap passwords for users?  I'd like to
>   have two web GUIs: one for users to change their own password (and
>   check their quota usage, etc) and another for admins to reset
>   anyone's password.  This doesn't seem very hard (e.g., some PHP
>   talking to the LDAP master), but I'd prefer to recycle some already
>   written code rather than reinventing it.
> 

We have a simple plugin for squirrelmail that we probably make available
until end of year (depends on our work load).

>   
> * Auto-create Trash, Junk and other folders
> 
>   We used AUTO_MAILDIRMAKE to create user Maildirs.  We're using
>   Courier-IMAP and our users get confused when their Eudora clients
>   push mail to "Trash" or "Junk" folders if those folders don't
>   already exist.  Is there a clean way to autocreate these when the
>   user's Maildir is created? or when IMAP is first invoked? It would
>   be nice if I could keep any local changes like this out of the
>   qmail-ldap code so I don't have to apply local patches (e.g., to
>   maildirmake.c or mailmaker.c) when I upgrade qmail-ldap.
> 

That is a courier-IMAP issue, you should bang Mr. Sam for such a feature.
qmail-ldap knows nothing about subfolders -- except the quota code.

> * deliveryMode no longer likes "normal"
> 
>   In 20031001, the "normal" deliveryMode is no longer valid according
>   to the schema and our users which we foolishly created with this
>   attribute generate warnings upon local delivery.  Do you suggest
>   just removing this attribute from each of our users?
> 

Yes.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: Vacation; change password; auto-create Trash folder; log blocked exec?

[Claudio Jeker]

On Fri, Dec 05, 2003 at 02:03:34PM -0500, Chris Shenton wrote:
> Claudio Jeker <[EMAIL PROTECTED]> writes:
> 
> >> * Vacation
> >
> > The simple db used by qmail-reply should be as nfs save as possible. The
> > file locking is done with a stat and open(*O_EXCL*) not with flock.
> > Storing the data in LDAP is a now go. LDAP write performance just sucks.
> 
> OK, thanks for the info on the lock issues.
> 
> Can you point me at some clues on how to use qmail-replay for 
> vacation types of use?  How does a user enable it, set the message,
> disable it? I presume it needs some changes to the user's LDAP
> attributes; does it also require .qmail files and such? Got any
> examples?

DeliveryMode: reply
MailReplyText: This is a reply text.

MailReplyText is a multiline field with the reply text -- see also the
LDAP_REPLYTEXT entry in QLDAPINSTALL.
A more sofisticated reply text is e.g.:
%HEADER%
From: Claudio Jeker <[EMAIL PROTECTED]>
Subject: [Vacation Message] Re: %SUBJECT%

Aloha,

I'm on vacation till somewhen, so don't even try to reach me :)

regards
Claudio

The example uses the headermagic %HEADER% to set the interesting header
fields and also the subject expansion. Normaly it is the simplest thing to
write the message in a mua and using that as draft.
 
-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: qmail-ldap cluster

[Claudio Jeker]

On Sat, Dec 06, 2003 at 12:26:18AM +0100, Alan wrote:
> Hello,
> 
> First, Thanks for your work.
> 
> I am familiary with qmail-ldap but for the first time I need to implement
> cluster fonctionalities.
> I understant how mails going into the cluster members who have the user
> maildir (with mailhost)
> but i didn't understand how IMAP sessions is forwarded into the good server,
> and howto implement IMAP in a cluster environnement.
> 

pop3 and imap are forwarded by auth_pop3 or auth_imap. They use a simple
session forwarding mechanism.

 Client > Server A ---> Server B

Client connects to Server A. Server A authenticates the user and while
doing that it finds out that a forwarding to Server B is needed.
If everything succeeds Server A opens a connection to Server B and sends
the needed authentication command. For IMAP this is " login 
". After that everything sent from Server B is forwarded to the
client and vice versa until one connection is closed.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: qmail-ldap cluster

[Claudio Jeker]

On Sat, Dec 06, 2003 at 10:41:38AM -0700, Sancho2k.net Lists wrote:
> Claudio Jeker wrote:
> 
> >pop3 and imap are forwarded by auth_pop3 or auth_imap. They use a simple
> >session forwarding mechanism.
> >
> > Client > Server A ---> Server B
> >
> >Client connects to Server A. Server A authenticates the user and while
> >doing that it finds out that a forwarding to Server B is needed.
> >If everything succeeds Server A opens a connection to Server B and sends
> >the needed authentication command. For IMAP this is " login 
> >". After that everything sent from Server B is forwarded to the
> >client and vice versa until one connection is closed.
> 
> Is this determination made by finding the host specified in the 
> 'mailHost' attribute?
> 
Yes. mailHost compared to ~control/me and ~control/ldapclusterhosts if no
match forward els localdelivery.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: Vacation; change password; auto-create Trash folder; log blocked exec?

[Claudio Jeker]

On Sat, Dec 06, 2003 at 10:45:26AM -0700, Sancho2k.net Lists wrote:
> Claudio Jeker wrote:
> 
> >A more sofisticated reply text is e.g.:
> >%HEADER%
> >From: Claudio Jeker <[EMAIL PROTECTED]>
> >Subject: [Vacation Message] Re: %SUBJECT%
> >
> >Aloha,
> >
> >I'm on vacation till somewhen, so don't even try to reach me :)
> >
> >regards
> >Claudio

> >The example uses the headermagic %HEADER% to set the interesting header
> >fields and also the subject expansion. Normaly it is the simplest thing to
> >write the message in a mua and using that as draft.
> 
> Where can I find more information on the headermagic? (i.e. it's 
> purpose, how to use it properly, the advantages...).

If the first line of a reply text starts with %HEADER% all lines up to the
first empty line (/^$/ resp. "\n") are interpreted as header.
qmail-reply does the following expands:
From: $RECIPIENToverwriteable
To:   $SENDER   forced
Subject:  "[Auto-Reply] %SUBJECT%\n"overwriteable
MIME-Version: "1.0" forced
Content-Type: "text/plain; charset=utf-8\n" overwriteable
Content-Transfer-Encoding: "8bit\n" overwriteable
X-Mailer: "qmail-reply (by qmail-ldap)" forced
Precedence: "junk"  forced
X-.*:   no default  overwriteable
DEFAULT denied

Everything that is overwritable can be overwritten by adding that header
to the %HEADER% section. If there is a default this will be used if no
header was present.
Forced fileds are always set to that specified value.
Denied headers are ignored if present in the %HEADER% section.

If there is no %HEADER% section then all defaults are used (forced or
overwritabale)

With header magic it should be possible to send replies with e.g a chinese
character set or  html encoded. It would also be possible to add a
attachement to the reply. It's up to you what you make with it.

> Also, isn't the multiline version of mailReplyText supposed to be base64 
> encoded? How can one easily get this into the right format?
> 
Using a graphical ldap frontend (web based or e.g. GQ) is normaly the
easiest solution. You can also use ldapadd and use "mailReplyText:<
file:///tmp/replyText" form.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: qmail-ldap cluster

[Claudio Jeker]

On Sat, Dec 06, 2003 at 08:55:17PM +0100, Alan wrote:
> What is the percentage charge (load) between server A and server B for
> connexion going to server B.
> does server A need to be dedicated in large site (server A,B,C...)
> 

Never measured that but the forwarding uses not more resources than the
normal local mailbox access. Having a dedicated gateway may make sense in
some situations but is not necessary.


-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: deliveryMode and normal

[Claudio Jeker]

On Sun, Dec 07, 2003 at 09:55:34AM -0400, Ace Suares wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> 
> 
> Hi,
> 
> What happens when I have
> 
> deliverymode: normal
> deliverymode: noforward
> 
> in an entry ?
> 
> Is 'deliveryMode: normal' silently discarded ?
> 

You will get a warning but normal is ignored and you end with a delivery
doing local and if set program delivery but no forwards.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: Vacation; change password; auto-create Trash folder; log blocked exec?

[Claudio Jeker]

On Sun, Dec 07, 2003 at 10:14:56AM -0400, Ace Suares wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> 
> Hi,
> 
> > The simple db used by qmail-reply should be as nfs save as possible. The
> > file locking is done with a stat and open(*O_EXCL*) not with flock.
> > Storing the data in LDAP is a now go. LDAP write performance just sucks.
> 
> Where is that db stored, is it a central db or a per user thing ? is it
> stored in the users maildir ?
> 

It is stored in the users maildir and the size is limited to 32kB.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: deliveryMode and normal

[Claudio Jeker]

On Sun, Dec 07, 2003 at 11:48:24AM -0400, Ace Suares wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> 
> 
> Sorry about that.
> 
> 
> > > deliverymode: normal
> > > deliverymode: noforward
> 
> 
> You mean that with these settings, normal is ignord, local and programdelivery 
> is enables, and we're not getting forwards *becuase of* the noforward value.
> 
> I misinterpreted your answer, sorry again.
> 
> Conlcusion: apart from the warning, 'normal' has no effect ad i can safely 
> leave it where it is, right ?
> 

Yes.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: What happens: mailaternateaddress empty

[Claudio Jeker]

On Sun, Dec 07, 2003 at 10:33:55PM -0400, Ace Suares wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> 
> Hi,
> 
> I am still trying to circumvent things I don't want to circumvent.
> 
> Hence my question:
> 
> What happens when mailalternateaddress of mailforwardingaddress has en empty 
> value ?
> 
> The schema doesn't allow that, but let's assume I am using a schema that does 
> allow empty values.
> 
> Like this:
> 
> mail: [EMAIL PROTECTED]
> mailalternateaddress:
> uid: theone
> mailforwardingaddress: 
> userpassword: xxx
> 
> Would that break qmail-ldap ?
> 

I don't know. The best is you try it out.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: qmail-local's stuck, how to debug? 20031001, NFS mailstore

[Claudio Jeker]

On Fri, Dec 12, 2003 at 12:18:49PM -0500, Chris Shenton wrote:
> We're running qmail-ldap-1.03-20031001 on 4x Solaris boxes behind a
> load balancer; they all have local LDAP replicas and deliver to a
> shared NetApp NFS server.  When we do a small stress test -- quickly
> sending a few thousand messages to a local account via SMTP -- we see
> hung qmail-ldap processes and stuck messages.  It's been like this for
> about three hours now:
> 
>   qldap 17797  1723 10 07:53:21 ?   16:10 bin/qmail-local -- rdunbar
>   /nasahq/data/maildir2/rdunbar rdunbar   newhorse.hq.
> 

Qmail-local will give up after one day. That's the default timeout for
stalled processes.
 
> 
> I also see this error, which is generated from maildir++; I don't
> believe it's related to the stuck message above but occurs right after
> the first logs for it, so I thought it might be related
> 
>   2003-12-12 07:53:20.855999500 delivery 11197: deferral:
>   Warning:_undefined_mail_delivery_mode:_normal_(ignored)./
>   Problems_while_trying_to_get_maildirsize:_file_already_exists._(QUOTA_#1.1.1)/
> 

This is a Warning that is caused because at least two processes try to
do the same thing -- writing a new maildirsize file. Normaly that should
not be a problem.

> 
> Have other folks using NFS for maildirs noticed issues? Any hints on
> tuning?

I'm not a heavy user of NFS but I know that there are issues with
different syscalls. They tend to block infinitely when there is concurrent
access from many different servers. This seems to be a common NFS issue. 

A possible tuning would be to reduce the alarm timeout from 86400 seconds
to a more reasonable value (~3600 seconds). I don't know why djb uses that
long timeouts.

-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."

Re: qmail-local's stuck, how to debug? 20031001, NFS mailstore

[Claudio Jeker]

On Mon, Dec 15, 2003 at 01:22:46PM -0500, Dan Melomedman wrote:
> Kevin McCarthy wrote:
> > maildirsize is _not_ NFS safe.
> > 
> > The whole point of using maildir instead of mbox is to avoid file locking
> > because all peers will create filenames that will never compete. By using a
> > single maildirsize file you undo that protection and it is almost guaranteed
> > you will have locking problems at very high volumes. The good news is that it
> > is trivial to re-create this file but know that high mail volumes on NFS will
> > have contention problems here.
> > 
> > Kevin
> 
> There has to be a better way to handle quotas than maildirsize. I wish
> the OS had a per-directory quota support, but as such is lacking what
> else is there? I actually think an equivalent of 'du' on each delivery
> wouldn't be as terrible a performance hog as it seems; knowing that many,
> if not most busy servers use very large FS caches at the hardware and
> software level. Other than that, we could have qmail quota daemon
> tallying up quotas for each delivery, and keeping quotas in memory,
> periodically flushing tallys into a simple db wouldn't be much a of a
> big deal. I lean towards a simple du mechanism though. If we assume
> most of the directory metadata is kept in the cache, it shouldn't take
> much time to run an equivalent of qmail 'du' on each message to get
> space used. You also get precision which is lacking with maildirsize.
> 
> Or how about calculating space used periodically through cron instead of
> each delivery, having quotas accurate let's say to five minutes? Any
> thoughts?

Your du mechanism does not scale. If you have a lot of users and a few of
them have a lot of mails it takes time to get all the metadata and people
start calling the support line if the pop3 server does not progress for
about 10 sec.
A periodic cron job will not put a limit on maildir sizes and normaly it
takes an awful lot of time to quota check all maildirs. Especially over
NFS both methods are a lot slower.
A quota daemon would work but is an awful lot of work for the little gain.
Currently I think the default maildirsize maildir++ approach is not that
bad -- especially for non NFS mounted stores. 

Especially it is unclear if it is maildirsize that causes NFS troubles. It
could be some other I/O that is blocking.
-- 
:wq Claudio

"Contrary to popular belief, penguins are not the salvation of modern   
technology.  Neither do they throw parties for the urban proletariat."