UID/GID
Hi all, Let's say my vchkpw UID/GID is 500/500. If I want the whole domain files to move to another site/hdd, I would simply tar gzip all files under ~vpopmail/domains/ At the new target, I will simply restore the tar gzip file under the same location. Now, must I use the same UID/GID as in the old machine? What effect if I use other UID/GID, the new one? What is this UID/GID used for? Thanks!
RE: UID/GID
As was pointed out in an email by another user recently, the UID and GID is stored in the config.status file after compiling vpopmail. To the best of my knowledge, if you compile a clean source tree of vpopmail on the new system after you have added the vpopmail/vchkpw user/group, then you shouldn't have any problems on the new system as long as long as file ownerships are correct. Shawn __ Shawn Delano [EMAIL PROTECTED] Director of Technology [EMAIL PROTECTED] Southern California Systems http://www.socalsys.com/ -Original Message- From: Francis P. Ling [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 16, 2001 12:39 AM To: [EMAIL PROTECTED] Subject: UID/GID Hi all, Let's say my vchkpw UID/GID is 500/500. If I want the whole domain files to move to another site/hdd, I would simply tar gzip all files under ~vpopmail/domains/ At the new target, I will simply restore the tar gzip file under the same location. Now, must I use the same UID/GID as in the old machine? What effect if I use other UID/GID, the new one? What is this UID/GID used for? Thanks!
Re: vchkpw lacking authentication security
On Tue, Jan 16, 2001 at 06:08:56AM +, Tim Hassan wrote: No matter how long you set the password to when adding a new user, only the first 8 characters of the password are used. So for example, if I do: ./vadduser [EMAIL PROTECTED] this-is-hard-to-guess-234234235-23423 and then I try to login to my email as user "test" and password "this-is-", it would let me in. This is standard Unix crypt behaviour. Unless you are using MD5 passwords on your system (or Blowfish, I believe, on OpenBSD), then your system accounts will show the same behaviour. Even an 8-character password, provided it is sufficiently complex, will probably prove unreasonably difficult to break. There is probably a way to force vpopmail to use MD5 if the system supports it. Anyone know what is it? Better still, do all your mail transfer over an encrypted SSH tunnel (the fetchmail docs show you how to do it with fetchmail, it's very simple). Unless you are using APOP (not well supported in vpopmail, IIRC), your password is going over the network in clear-text anyway. cheers, damon -- Damon Muller http://killfilter.com GPG Key: 0xA136E829
Re: UID/GID
Just remember that the vpopmail.vchkpw uid/gid is stored in the /var/qmail/users/assign file. If you are manually recreating the virtualdomain on the new box (vadddomain), then this isn't an issue. But if you're copying over the qmail control files (like I did once), you need to make sure they are correct in the assign file. Otherwise local delivery will fail on the new box. -Bill on 1/16/01 2:45 AM, Shawn Delano at [EMAIL PROTECTED] wrote: As was pointed out in an email by another user recently, the UID and GID is stored in the config.status file after compiling vpopmail. To the best of my knowledge, if you compile a clean source tree of vpopmail on the new system after you have added the vpopmail/vchkpw user/group, then you shouldn't have any problems on the new system as long as long as file ownerships are correct. Shawn __ Shawn Delano [EMAIL PROTECTED] Director of Technology [EMAIL PROTECTED] Southern California Systems http://www.socalsys.com/ -Original Message- From: Francis P. Ling [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 16, 2001 12:39 AM To: [EMAIL PROTECTED] Subject: UID/GID Hi all, Let's say my vchkpw UID/GID is 500/500. If I want the whole domain files to move to another site/hdd, I would simply tar gzip all files under ~vpopmail/domains/ At the new target, I will simply restore the tar gzip file under the same location. Now, must I use the same UID/GID as in the old machine? What effect if I use other UID/GID, the new one? What is this UID/GID used for? Thanks!
Spanning vpopmail across multiple servers
Hi, I would like to use vpopmail spanned across multiple, back-end servers, using LDAP for authentication. A main POP server will be the front-end server and send the requests to the back-end servers. I know this is possible using qmail-ldap. Is that possible? Also, I would like to use qmailadmin to administer the accounts - is it possible to for it to do so across multiple machines or will I have to run a copy on each backend server? Of course this makes administration a bit of a headache. Thanks in advance, Steve.
RE: vchkpw lacking authentication security
I can't see how that could possibly be construed as a security drawback. POP is inherently insecure in the first place (sending clear text passwords across the net) and password sniffing is much more of a problem (and the easiest way to collect passwords) than people cracking passwords. So, unless you're exclusively using a) POP3-SSL or POP over SSH to prevent password sniffing, b) shadow passwords (who isn't?), c) MD5 (or blowfish) passwords on your current system (to utilize more than 8 char passwords), and d) forcing users to actually USE long passwords it's quite silly to say that using DES is a security drawback to using vpopmail. The risk of having a password cracked is minimal on a userless system. Matt -Original Message- From: Tim Hassan [mailto:[EMAIL PROTECTED]] Sent: Monday, January 15, 2001 10:09 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: vchkpw lacking authentication security Dear Inter7 Developer: I recently discovered the following security drawback in vpopmail with vchkpw authentication: No matter how long you set the password to when adding a new user, only the first 8 characters of the password are used. So for example, if I do: ./vadduser [EMAIL PROTECTED] this-is-hard-to-guess-234234235-23423 and then I try to login to my email as user "test" and password "this-is-", it would let me in. As you may already know, any password below 8 characters is considered insecure, even if it was a combination of letters, numbers, and special characters. In other words, Standard DES crypto is used :( Best Regards, Tamer Hassan
Re: vchkpw lacking authentication security
Damon Muller [EMAIL PROTECTED] writes: This is standard Unix crypt behaviour. Unless you are using MD5 passwords on your system (or Blowfish, I believe, on OpenBSD), then your system accounts will show the same behaviour. There is probably a way to force vpopmail to use MD5 if the system supports it. Anyone know what is it? Is there any doc on how vchkpw uses DES versus MD5? Didn't see anything that details in the online stuff or man pages. I installed it on FreeBSD with MD5 and not DES and couldn't auth. After installing DES on BSD and rebuilding vchkpw it worked. Also, I'd like to migrate a few thousand users out of /etc/passwd with sendmail/popper and into vchkpw/sqwebmail/etc -- I'm very concerned about how to keep the authentication working. Any clues would be welcomed -- thanks!
sqwebmail (vpopmail 4.9.7+mysql) compile fails
I installed vpopmail with mysql support and qmailadminno problems works good. Now I want to get sqwebmail 1.2.1 running, but have problem around the authlib part. I even tried sqwebmail 1.1.2 both with same results. I run: ./configure --with-htmllibdir=/usr/local/share/sqwebmail --with-cachedir=/var/cache/sqwebmail --enable-webpass=vpopmail --libexecdir=/usr/libexec/sqwebmail --enable-cgi-bindir=/opt/www/cgi-bin --enable-imagedir=/opt/www/htdocs/webmail --enable-imageurl=/webmail --with-cacheowner=root --sysconfdir=/usr/local/share/sqwebmail make . /home/vpopmail/lib/libvpopmail.a(vauth.o): In function `vauth_open':/root/src/email/vpopmail-4.9.7/vauth.c:66: undefined reference to `mysql_init'/root/src/email/vpopmail-4.9.7/vauth.c:68: undefined reference to `mysql_real_connect' ... ... /root/src/email/vpopmail-4.9.7/vauth.c:910: undefined reference to `mysql_free_result'collect2: ld returned 1 exit status I have even tried a suggestion to add -L/usr/lib/mysql -lmysqlclient to the Makefile's LDFLAGS in ./authlib and ./sqwebmail, but this didn't change any of the output. My system config: RedHat7.0 MySQL-3.23.30-1.i386.rpm MySQL-devel-3.23.30-1.i386.rpm Thanks MarkGet your FREE download of MSN Explorer at http://explorer.msn.com
Re: sqwebmail (vpopmail 4.9.7+mysql) compile fails
MySQL-3.23.30-1.i386.rpm, is the server. I also have the clients installed as well as the mentioned development libraries.- Original Message - From:Aaron Carr Sent:Tuesday, January 16, 2001 9:18 PM To:Mark Steller Subject:RE: sqwebmail (vpopmail 4.9.7+mysql) compile fails I don't mean to sound odd, but you mention havingMySQL-3.23.30-1.i386.rpm and MySQL-devel-3.23.30-1.i386.rpm installed, but you do not mention having MySQL-server-3.23.30-1.i386.rpm installed. Could this be a source of your problem? Get your FREE download of MSN Explorer at http://explorer.msn.com