filter question

[Raymond Orchison]

Hi,

I am running vpopmail with qmail on RedHat 6.1. I have a 2 part question:

1] Is there a way for me to block all mail thar contain attachments with
certain extentions, i.e. .exe, .mpg?

2] If there is a way, how do I do it? Can I block on a per user level and on
a per domain level?

Thank you

Raymond

weird 4.10.35 installation problem.

[Dushyanth Harinath]

Hi folks,

Trying to upgrade from 4.9.10 to 4.10.35 on a production machine.
Installation works like a charm.Everything works fine in a test environmenet
with the same option's.The problem in production environment is iam not able
to authenticate virtual domain users.

The error i get is table 'vpopmail.vpopmail' does'nt exist.So its looking
for vpopmail table and not domain_ext tables.

Test Environment:Linux 2.4.5 kernel,mandrake 8,mysql 3.23.36
Production Environment :Linux 2.2.19,slackware 8.0,mysql 3.23.39

My configure options..

./configure  --enable-roaming-users=y
--enable-tcpserver-file=/home/vpopmail/etc/tcp.smtp 
--enable-logging=y 
--enable-default-domain=archeanlabs.net 
--enable-mysql=y 
--enable-incdir=/opt/mysql/include/mysql/ --enable-libdir=/opt/mysql/lib/mysql 
--enable-mysql-replication=n 
--enable-many-domains=y 
--enable-qmail-newu=/opt/qmail/bin/qmail-newu
--enable-qmail-inject=/opt/qmail/bin/qmail-inject
--enable-qmail-newmrh=/opt/qmail/bin/qmail-newmrh
--enable-libs=/opt/mysql/lib/mysql 
--enable-qmaildir=/opt/qmail

The difference's b/w my test and production environment is 
1) qmail installation directory differs
2) running supervice in production and in test machine tcpserver only.

Anyone had this problem with 4.10.35 or am i overlooking something.

TIA
dushyanth

-- 
My computer, my documents, my briefcase, my A??!

Dushyanth Harinath
Programmer/Sys Admin
Archean Infotech Limited
Ph No:091-040-3228666,6570704,3228674
http://www.archeanit.com



-
This email was sent using SquirrelMail.
   Webmail for nuts!
http://squirrelmail.org/

Re: eTrack and EPS

[Kman]

 Again, if you have any ideas, or interest in the EPS project, which
 will eventually contain our spam filtering, and virus scanning code,
 please, by all means, subscribe to [EMAIL PROTECTED], and
 post. :)


Yep... have been waiting for this kind of thing for a long long time.
Thanks to a team at inter7.

-Kittiwat

SV: weird 4.10.35 installation problem.

[Joel Aasma]

Hi!
you have to add --enable-many-domains=n
cheers
Joel Aasma

-Ursprungligt meddelande-
Från: Dushyanth Harinath [mailto:[EMAIL PROTECTED]]
Skickat: den 31 augusti 2001 08:38
Till: [EMAIL PROTECTED]
Ämne: weird 4.10.35 installation problem.


Hi folks,

Trying to upgrade from 4.9.10 to 4.10.35 on a production machine.
Installation works like a charm.Everything works fine in a test environmenet
with the same option's.The problem in production environment is iam not able
to authenticate virtual domain users.

The error i get is table 'vpopmail.vpopmail' does'nt exist.So its looking
for vpopmail table and not domain_ext tables.

Test Environment:Linux 2.4.5 kernel,mandrake 8,mysql 3.23.36
Production Environment :Linux 2.2.19,slackware 8.0,mysql 3.23.39

My configure options..

./configure  --enable-roaming-users=y
--enable-tcpserver-file=/home/vpopmail/etc/tcp.smtp
--enable-logging=y
--enable-default-domain=archeanlabs.net
--enable-mysql=y
--enable-incdir=/opt/mysql/include/mysql/ --enable-libdir=/opt/mysql/lib/mys
ql
--enable-mysql-replication=n
--enable-many-domains=y
--enable-qmail-newu=/opt/qmail/bin/qmail-newu
--enable-qmail-inject=/opt/qmail/bin/qmail-inject
--enable-qmail-newmrh=/opt/qmail/bin/qmail-newmrh
--enable-libs=/opt/mysql/lib/mysql
--enable-qmaildir=/opt/qmail

The difference's b/w my test and production environment is
1) qmail installation directory differs
2) running supervice in production and in test machine tcpserver only.

Anyone had this problem with 4.10.35 or am i overlooking something.

TIA
dushyanth

--
My computer, my documents, my briefcase, my A??!

Dushyanth Harinath
Programmer/Sys Admin
Archean Infotech Limited
Ph No:091-040-3228666,6570704,3228674
http://www.archeanit.com



-
This email was sent using SquirrelMail.
   Webmail for nuts!
http://squirrelmail.org/

attachment size limit

[[EMAIL PROTECTED]]

Hello,

i have installed qmail + vpopmail + sqwebmail + qmailadmin; everything
works fine, but i noticed that a users cannot send out a messages with
an attachment over 2M. How can i tell qmail to accept until 5M outbound
messages?

Thank you in advance for your interest,

bye!

Francesco Collini

User Transfer

[Jerkovic Bosko]

Can i add users and passwords from existing Linux mail 
server(sendmail auth type: /etc/password and /etc/shadow) as 
avirtual domain on new mail server running FreeBSD?
--Jerkovic Bosko

Re: attachment size limit

[Andrea Cerrito]

 
-BEGIN PGP SIGNED MESSAGE-

 Hello,
  
 i have installed qmail + vpopmail + sqwebmail + qmailadmin;
 everything  works fine, but i noticed that a users cannot send out
 a messages with  an attachment over 2M. How can i tell qmail to
 accept until 5M outbound  messages?

Mmmhh. I don't like to send mail like this, but you are asking a lot
of faqs.
You can solve your problem searching, reading the faq, using man, and
running qmail-showctl too.

Please try to learn qmail before asking.

- --- solution
(1) http://www.google.com/search?q=qmail+limit+sizehl=itlr=
...
http://www.ultraviolet.org/mail-archives/qmail.2000/15833.html

(2) http://www.lifewithqmail.org/lwq.html#config-files
...
databytes  0  qmail-smtpd  max number of bytes in message (0=no
limit)  
...

(3) man qmail-control
...
  databytes   0  qmail-smtpd
...

(4) qmail-showctl
...
databytes: SMTP DATA limit is 200 bytes.
...
- ---
Cordiali saluti / Best regards
Andrea Cerrito
^^
Net.Admin @ Centro MultiMediale di Terni S.p.A.
P.zzale Bosco 3A
05100 Terni IT
Tel. +39 0744 5441330
Fax. +39 0744 5441372

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use http://www.pgp.com

iQEVAwUBO49kMvo9HK4+yTI3AQGG+AgAgdIpyOSIp0AA116DU1eT/1slPe7pH1uD
ijjWmQ6m5fJUmzlhl4AwsFqlMhnaCGf+0hYjRqEhWJYm5nzYyaxDwarY3M+zQJY7
wiOyLXd2yf4s4j5eJaNUaTSMOWmJuDTH7PPW6bUdGfYr7NR8IeTEgt1kLJfSd3y3
Aa2u2LFq9NA0kmjoEBybdk5lb/FHQBKC1B2SZtcxbioZJLEvNv+OFkb/Sxiu4tqV
M9lDMEOyHbr2U1ie9roKuZVAx8qmyIXg0VyD1vz5q6GAcIDHlKaPwBrPbFbQQhxw
bbxgFE6P3bEn5CLuyNzXDIhRG4ySuOp0Fw24u1D4ZdSrU8Fki7k4tA==
=uoaq
-END PGP SIGNATURE-

RE: attachment size limit

[cpax]

Hmm, ive never heard of any attachment limit errors when sending mail with a 
mailclient(MUA)? However there are limits in sqwebmail. If thats so, suggest be more 
specific when explaining and send them to sqwebmaillist.

/AB

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
 Sent: den 31 augusti 2001 11:12
 To: [EMAIL PROTECTED]
 Subject: attachment size limit
 
 
 Hello,
  
 i have installed qmail + vpopmail + sqwebmail + qmailadmin; everything 
 works fine, but i noticed that a users cannot send out a messages with 
 an attachment over 2M. How can i tell qmail to accept until 5M outbound 
 messages?
 
 Thank you in advance for your interest,
 
 bye!
 
 Francesco Collini
 
 

Re: filter question

[Tren Blackburn]

Hi;

You might want to look at qmail-scanner.  It can be used without a virus
scanner to strip off various attachment types based on rules you setup.
http://qmail-scanner.sourceforge.net

Regards,

Tren.

On Fri, 31 Aug 2001, Raymond Orchison wrote:

 Hi,

 I am running vpopmail with qmail on RedHat 6.1. I have a 2 part question:

 1] Is there a way for me to block all mail thar contain attachments with
 certain extentions, i.e. .exe, .mpg?

 2] If there is a way, how do I do it? Can I block on a per user level and on
 a per domain level?

 Thank you

 Raymond



-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- Tren Blackburn - Ownermailto:[EMAIL PROTECTED]  =
= End of Time Networks  http://www.eotnetworks.com   -
- (403) 269-2122 =
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Re[2]: vaddaliasdomain() patches....

[Gabriel Ambuehl]

-BEGIN PGP SIGNED MESSAGE-

Hello Einar,

 I've started to push my C-programer in the direction of vpopmail,
 and he will be taking a look on this problem.

 With the above scenario, you already have a domains/aliasdomain
 in the virtualdomainsfile, since a real domain would have the same
 value on the right hand side of :, while a aliasdomain would have
 the realdomain there.  

 Every time an alias domain is added, only virtualdomains and
 rcpthosts/morercpthosts would be affected.


That might do the job as well, but it will require much deeper
changes to
vpopmail whereas I tryed to change as few lines of code as possible.
I
for myself don't care too much for the aliasdomains file...


Anyway, fixed patch, which builds on Bill's RedHat box (the original
one always did on mine, though) is attached.

Best regards,
 Gabriel

-BEGIN PGP SIGNATURE-
Version: PGP 6.5i

iQEVAwUBO4+n/cZa2WpymlDxAQGcEgf+Podh5FD3T96OORe/4L9dUVz3olOuOZEJ
cyDRfPKLy0B10e6JRffQqXhIrZd55WvoMwyAH8GFRCO32wjEziXHs9d4edyIwZWn
+690fI/QNOJkpxzuYyqxTNCk3MQVIUi2RK7pzIv95Q9huhvdzLFbInh+U/dtuL1C
u2ReGBFLI48dvAleTUJb2gh1sPtYucXHHTDQ1iPHP3fkdRPvPdJiPdNT75Ba8Byg
ydVtxo5KeR4NLa90s6PVqiJE21MbP4xiQzSZg5uWKz/Z2UR1wS3tk0qm1Dw8Z9Ko
5LKjSlsBI1+ySKaEwn1suirprXKJ65cGlR001cE5+VrDpTRt0fKgCA==
=Bf1p
-END PGP SIGNATURE-
 vpopmail.patch

IMAP before SMTP

[Chris Keating]

PLEASE note that I am not a subscriber to this list, if you need to ask me
any questions about this, remember to cc me.

Quoted from mail-archive.com:
on 8/29/01 11:50 AM, [EMAIL PROTECTED] at [EMAIL PROTECTED] spake:

 Latest CourierIMAP works with the latest development of
 vpopmail which has authentication structure changes.

Except for IMAP before SMTP (roaming users).

My previous posts:

http://www.mail-archive.com/vchkpw@inter7.com/msg06208.html
http://www.mail-archive.com/vchkpw@inter7.com/msg06246.html

No one has responded to these posts, so either I'm the only one using this
feature with these versions, or the only one that is having the problem.
I'd love to know if someone else has it working successfully with
4.10.35/1.3.10.

Cheers,

Bill Shupp


Bill, I took a crack at your roaming users problem last night and I came
up with a solution that I'm happy with.

The basic problem is that the newer version of courierIMAP has seperated
the authentication process from the couriertcp process by using
authdaemond. So when vpopmail's open_smtp_relay function get's called it's
unable to retreive the remote user's IP address from the environment
variables. To fix this I've written a program that can be dropped in
between imaplogin and imapd. This program will only be called if the user
has been authenticated. It will call open_smtp_relay with the proper
environment variables set, then it will call whatever program is passed
into it's argv[1] parameter.

Run sh ./build to build open_relay, if the compile fails with complaints
about crypt add -lcrypt to your ~vpopmail/etc/lib_deps. Install open_relay
whereever you like, I put mine in /usr/local/bin. Modify imapd.rc, or use
the one I attached. The important line is this one:

$PORT ${exec_prefix}/sbin/imaplogin $LIBAUTHMODULES \
 ${exec_prefix}/bin/open_relay \ #This will setup open_relay for roaming users
 ${exec_prefix}/bin/imapd Maildir

Don't forget to put ~vpopmail/bin/clearopensmtp into your cron!

Enjoy,
Chris


#include stdio.h
#include sys/types.h
#include pwd.h
#include vpopmail.h

int main(int argc, char *argv[])
{
fprintf(stderr, INFO:Opening smtp relay for ip [%s]\n, getenv(TCPREMOTEIP));
open_smtp_relay();
/*fprintf(stderr, INFO:Executing %s\n, argv[1]);*/
execv(argv[1], argv+1);
fprintf(stderr, INFO:Should never get here.\n);
return 0;
}


#! /bin/sh
# $Id: imapd.rc.in,v 1.18 2001/07/30 00:02:32 mrsam Exp $
#
# Copyright 1998 - 2000 Double Precision, Inc.
# See COPYING for distribution information.


prefix=/usr/local
exec_prefix=/usr/local
bindir=${exec_prefix}/bin
libexecdir=/usr/local/libexec

. ${prefix}/etc/imapd-ssl
. ${prefix}/etc/imapd

case $1 in
start)
LIBAUTHMODULES=
for f in `echo $AUTHMODULES`
do
LIBAUTHMODULES=$LIBAUTHMODULES /usr/local/libexec/authlib/$f
done

if test -x ${libexecdir}/authlib/authdaemond
then
/usr/bin/env - ${libexecdir}/authlib/authdaemond start
fi

ulimit -d $IMAP_ULIMITD
/usr/bin/env - /bin/sh -c  . ${prefix}/etc/imapd ; \
. ${prefix}/etc/imapd-ssl ; \
IMAP_STARTTLS=$IMAPDSTARTTLS ; export IMAP_STARTTLS ; \
TLS_PROTOCOL=$TLS_STARTTLS_PROTOCOL ; \
`sed -n '/^#/d;/=/p' ${prefix}/etc/imapd | \
sed 's/=.*//;s/^/export /;s/$/;/'`
`sed -n '/^#/d;/=/p' ${prefix}/etc/imapd-ssl | \
sed 's/=.*//;s/^/export /;s/$/;/'`
/usr/local/libexec/couriertcpd -address=$ADDRESS \
-stderrlogger=/usr/local/libexec/logger \
-stderrloggername=imapd \
-maxprocs=$MAXDAEMONS -maxperip=$MAXPERIP \
-pid=$PIDFILE $TCPDOPTS \
$PORT ${exec_prefix}/sbin/imaplogin $LIBAUTHMODULES \
${exec_prefix}/bin/open_relay \
${exec_prefix}/bin/imapd Maildir
;;
stop)
/usr/local/libexec/couriertcpd -pid=$PIDFILE -stop
if test -x ${libexecdir}/authlib/authdaemond
then
${libexecdir}/authlib/authdaemond stop
fi
;;
esac
exit 0


gcc -o open_relay open_relay.c `cat ~vpopmail/etc/*deps`

Re: IMAP before SMTP

[Bill Shupp]

on 8/31/01 11:14 AM, Chris Keating at [EMAIL PROTECTED] spake:

 
 PLEASE note that I am not a subscriber to this list, if you need to ask me
 any questions about this, remember to cc me.
 
 Quoted from mail-archive.com:
 on 8/29/01 11:50 AM, [EMAIL PROTECTED] at [EMAIL PROTECTED] spake:
 
 Latest CourierIMAP works with the latest development of
 vpopmail which has authentication structure changes.
 
 Except for IMAP before SMTP (roaming users).
 
 My previous posts:
 
 http://www.mail-archive.com/vchkpw@inter7.com/msg06208.html
 http://www.mail-archive.com/vchkpw@inter7.com/msg06246.html
 
 No one has responded to these posts, so either I'm the only one using this
 feature with these versions, or the only one that is having the problem.
 I'd love to know if someone else has it working successfully with
 4.10.35/1.3.10.
 
 Cheers,
 
 Bill Shupp
 
 
 Bill, I took a crack at your roaming users problem last night and I came
 up with a solution that I'm happy with.
 
 The basic problem is that the newer version of courierIMAP has seperated
 the authentication process from the couriertcp process by using
 authdaemond. So when vpopmail's open_smtp_relay function get's called it's
 unable to retreive the remote user's IP address from the environment
 variables. To fix this I've written a program that can be dropped in
 between imaplogin and imapd. This program will only be called if the user
 has been authenticated. It will call open_smtp_relay with the proper
 environment variables set, then it will call whatever program is passed
 into it's argv[1] parameter.
 
 Run sh ./build to build open_relay, if the compile fails with complaints
 about crypt add -lcrypt to your ~vpopmail/etc/lib_deps. Install open_relay
 whereever you like, I put mine in /usr/local/bin. Modify imapd.rc, or use
 the one I attached. The important line is this one:
 
 $PORT ${exec_prefix}/sbin/imaplogin $LIBAUTHMODULES \
 ${exec_prefix}/bin/open_relay \ #This will setup open_relay for roaming users
 ${exec_prefix}/bin/imapd Maildir
 
 Don't forget to put ~vpopmail/bin/clearopensmtp into your cron!
 
 Enjoy,
 Chris


Chris,

Thanks for your efforts.  This works for me.  However, this workaround has a
few drawbacks that you may already be aware of:

1. If imap access is turned off (via vmoduser -i), then imap access is not
granted, but open_relay still tries to run and just leaves the open_smtp
file owned by root.root, making roaming break until permissions are changed
back.

2. If roaming is disabled for that user (via vmoduser -r), open_relay has no
way of knowing since it's separate from authvchkpw now.  So they get to roam
anyway.

3. For people using multiple authentication modules (not me), anyone who is
authenticated will get roaming access.

Since we are now forced to use authdaemon (as far as I can tell, anyway),
seems like the best solution would be for imaplogin to pass the environment
to authdaemond.  This would fix everything mentioned above, I think, and
perhaps similar issues for other authentication modules.

Thanks again, Chris!

Regards,

Bill Shupp

Re: Half Topic question : stunnel and vpopmail

[Gabriel Ambuehl]

-BEGIN PGP SIGNED MESSAGE-

Hello Florent,

Friday, August 31, 2001, 11:44:56 AM, you wrote:
 In both cases, the distant user won't be able to have the server
 relaying is mails. And even more, if I want to provide the smtp-ssl
 (ssmtp) feature to those users :  stunnel -d ssmtp -r smtp I will
 have my server getting an openrelay through ssmtp.

#!/bin/sh
exec /usr/local/bin/tcpserver -R -H -D -c 50 \
- -v -u `id -u vpopmail` -g `id -g vpopmail` 0 pop3s
/usr/local/sbin/stunnel -T -p /etc/stunnel.pem -l \
/var/qmail/bin/qmail-popup -- qmail-popup `hostname`
/bin/checkpassword \
/var/qmail/bin/qmail-pop3d Maildir 21

This is a FAQ so I recommend using the mail archive...




Best regards,
 Gabriel

-BEGIN PGP SIGNATURE-
Version: PGP 6.5i

iQEVAwUBO4++hsZa2WpymlDxAQGC/Qf+MWNXenjQZswt5dqsx6JaDw47uJfakJfb
9aL1KiQYjRFtQ3iIn4C8JQeEN6AYN8pqKXHFg0SEgJi89WokJpfkRc8PIXsa5ru/
5ITQMz8OTdYzVxPx9+pCbSjnngncldHeLhZvqRmPKc8scqFw20SBUM8HgOzttYnz
wEo4AGTvte8E/xrpISn2LsIDui5wix9RGEE+IO6beyDQeFGr5+Xe9ex3lD/RHX/F
28S3zqHgFc7YBwJ6fEzomj9x+q7sbFKjB7uv0IaCap9fGOhMQiSUmBoY8tC7ql7b
x5Ga+ELvjzcCr4bGvBSxwvDyU19GrZv7dE+EvVR2xJL9w0zwtW/CNQ==
=NOvG
-END PGP SIGNATURE-

Temporary_error_on_maildir_delivery._(#4.3.0)

[Divyank Turakhia]

I am getting the following error:

@40003b8fcd3124539174 delivery 576: deferral:
Temporary_error_on_maildir_delivery._(#4.3.0)/

I suppose this error comes when quota has exceeded so vpopmail cannot write
to disk.

What i need to know is which file throws this error while trying to write
the mail to disk. I thought it must be vdelivermail.c but #4.3.0 is not
found in any of the vpopmail files. Can anyone tell me which file i can edit
as i want to make it a permanent failure failperm instead of a failtemp

Thanks,
Divyank

Re: IMAP before SMTP

[Chris Keating]

 Chris,

 Thanks for your efforts.  This works for me.  However, this workaround has a
 few drawbacks that you may already be aware of:

 1. If imap access is turned off (via vmoduser -i), then imap access is not
 granted, but open_relay still tries to run and just leaves the open_smtp
 file owned by root.root, making roaming break until permissions are changed
 back.

 2. If roaming is disabled for that user (via vmoduser -r), open_relay has no
 way of knowing since it's separate from authvchkpw now.  So they get to roam
 anyway.

 3. For people using multiple authentication modules (not me), anyone who is
 authenticated will get roaming access.

 Since we are now forced to use authdaemon (as far as I can tell, anyway),
 seems like the best solution would be for imaplogin to pass the environment
 to authdaemond.  This would fix everything mentioned above, I think, and
 perhaps similar issues for other authentication modules.


1. This is a problem with the vpopmail.c code, IMHO it doesn't recover
from hiccups as well as it should.

2,3. The real problem here is that a side effect (SMTP relay authentication)
is being piggy-backed onto authentication. authdaemond is soley concerned
with checking the validity of username/passwd pairs against various
sources. In this sense smtp_open_relay is a bit of a hack. And I've just
whipped together a hack to fix a broken hack. I'm currently looking into
patching/adding SMTP AUTH over TLS/SSL with an authdaemon backend into
qmail-smtp. This would be a more pragmatic solution that could fall back
on smtp_open_relay for roaming users who can't do SMTP AUTH over SSL. Of
course falling back on smtp_open_relay entails the weaknesses that you've
described above.

For imaplogin to pass all of the environment information to authdaemond
would break the abstraction, and force specialized code into both
imaplogin and parts of authdaemond. Now that I think about the problem
some more, it would be possible to fix problems 1-3 from open_relay.c,
since imaplogin sets an environment variable with the user's
username/email address. I'm pretty sure this could be used to check and
see if the user should have roaming access.

Chris

RE: Temporary_error_on_maildir_delivery._(#4.3.0)

[Divyank Turakhia]

i got the solution. I had to install qmail-1.03-quotas-1.1.patch from
http://www.qmail.org/qmail-1.03-quotas-1.1.patch . When i implemented system
quotas in vpopmail it works when vdelivermail is delivering the mail. But
when qmail-local is delivering the mail it was still doing temporary
deferal. I believe qmail-local delivers mail when aliases and forwards are
used. please let me know if i am wrong about this. After installing the
above patch everything seems to be working ok.

Divyank

 -Original Message-
 From: Divyank Turakhia [mailto:[EMAIL PROTECTED]]
 Sent: Friday, August 31, 2001 11:28 PM
 To: vpopmail
 Subject: Temporary_error_on_maildir_delivery._(#4.3.0)


 I am getting the following error:

 @40003b8fcd3124539174 delivery 576: deferral:
 Temporary_error_on_maildir_delivery._(#4.3.0)/

 I suppose this error comes when quota has exceeded so vpopmail
 cannot write
 to disk.

 What i need to know is which file throws this error while trying to write
 the mail to disk. I thought it must be vdelivermail.c but #4.3.0 is not
 found in any of the vpopmail files. Can anyone tell me which file
 i can edit
 as i want to make it a permanent failure failperm instead of a
 failtemp

 Thanks,
 Divyank

OT: idle timeouts for dial-in users

[cbunnell]

Hello list,

I know that this is OT for this list, but I know that there's lots of people
on this list that may have some input to my problem...

I need to disconnect abusers of my dial-up network that are sitting idle for
extended periods of time.  I am running a Cisco 72xx terminating an L2
tunnel with the traffic going into VPDN's.  The Cisco IOS command for ppp
timeout idle should work, but unfortunately, with virtual-templates, you
can't set what is considered interesting traffic.  So the abusers have
found that setting their email client to pop their mailbox resets this timer
and they are able to stay on.

So far, my only option has been to set an absolute timer which kicks them
off regardless of their traffic.  I would prefer to not do this in this
manner as it's not fair to someone who is truly x-fer'ing a large file...  I
am an unlimited service...

Any suggestions?  I thank you for reading this OT message.

Sincerely,

Chris Bunnell

Senior Engineer - Network Implementation
Sonic Internet Services
9719 Lincoln Village Dr. #505
Sacramento, CA. 95827
(916) 854-5940
www.sonicisp.net

passwd and shadow auth.

[Jerkovic Bosko]

I installed vpopmail on new freeBSD box, and nov i created a 
few virtual domains, now, on old Linux box im using linux and it uses sendmail 
(/etc/passwd auth), can i transfer mail users from that server to my new box 
witch is using vpopmail and add it as virtual domain ?
--Jerkovic Bosko

Re: IMAP before SMTP

[Sam Varshavchik]

Chris Keating writes: 

  
 Chris, 

 Thanks for your efforts.  This works for me.  However, this workaround has a
 few drawbacks that you may already be aware of: 

 1. If imap access is turned off (via vmoduser -i), then imap access is not
 granted, but open_relay still tries to run and just leaves the open_smtp
 file owned by root.root, making roaming break until permissions are changed
 back. 

 2. If roaming is disabled for that user (via vmoduser -r), open_relay has no
 way of knowing since it's separate from authvchkpw now.  So they get to roam
 anyway. 

 3. For people using multiple authentication modules (not me), anyone who is
 authenticated will get roaming access. 

 Since we are now forced to use authdaemon (as far as I can tell, anyway),
 seems like the best solution would be for imaplogin to pass the environment
 to authdaemond.  This would fix everything mentioned above, I think, and
 perhaps similar issues for other authentication modules. 

  
 1. This is a problem with the vpopmail.c code, IMHO it doesn't recover
 from hiccups as well as it should.
  
 2,3. The real problem here is that a side effect (SMTP relay authentication)
 is being piggy-backed onto authentication. authdaemond is soley concerned

Correct. 

I have said many times before that my opinion is that POP-before-SMTP and 
IMAP-before-SMTP approach is a hack, nothing more.  This approach might have 
made sense 2-3 years ago, but not any more.  Pretty much every mail client 
out there supports authenticated SMTP, and that's the right solution for 
this particular problem.  That's what people should be doing.  Authenticated 
SMTP is a much more reliable, and a technically sane approach. 

FWIW, you can still get the old authentication configuration by specifying 
 --without-authdaemon to Courier-IMAP's configuration script.  It's just that 
the default setting now builds authdaemon, because it's simply easier for me 
with everyone on the same playing field, and everyone using authdaemon. 


-- 
Sam

RE: attachment size limit

[Juan Carlos Priotti]

By default sqwebmail is set to 2 MB of maximum size of messages, including
attachments. You can define
it when you configure the sqwebmail with te option --with-maxmsgsize=n. Read
the sqwebmail install included in the sqwebmail tarball.
Using a MUA you don't have attachment limits if it is not set a
/var/qmail/control/databytes file with the allowed attachment size.
Have a nice day
Juan Carlos Priotti