[vchkpw] Vpopmail, Roaming Users, Qmail-Scanner (vpopmail-5.2.1_qmailqueue.patch)
Hello vpopmailers
I encountered a problem when using qmail-1.03(with qmail-queue patch),
vpopmail-5.2.1 with roaming users, and qmail-scanner-1.15 w/ spamassassin 2.43
sophos sweep. The problem exists when vpopmail rebuilds the relay database,
setting only the env var RELAYCLIENT=. If QMAILQUEUE is not set to the qmail-
scanner binary path or other application to be invoked before the real qmail-
queue, emails sent by roaming users will not be scanned (for viruses, spam,
etc.) i.e. emails will be directly sent to the qmail-queue without analysis.
Below is a patch to allow setting QMAILQUEUE to qmail-scanner-queue.pl for
roaming users (change path to your pre-qmail-queue script)
I am also using matt simerson's tcpserver mysql patch to read relay
information directly from vpopmail's relay table in mysql. works like a charm!
cd vpopmail-5.2.1
patch -p0 vpopmail-5.2.1_qmailqueue.patch
--- configure.origFri May 17 23:27:57 2002
+++ configureSun Dec 29 04:57:04 2002
@@ -1631,7 +1631,7 @@
if test $tcpserver_file =
then
-echo 127.:allow,RELAYCLIENT=\\ $vpopmaildir/etc/tcp.smtp
+
echo 127.:allow,RELAYCLIENT=\\,QMAILQUEUE=\/var/qmail/bin/qmail-scanner-
queue.pl\ $vpopmaildir/etc/tcp.smtp
tcpserver_file=$vpopmaildir/etc/tcp.smtp
echo configure: warning: Unable to find your tcpserver relay
file. 12
--- configure.in.origFri May 17 23:23:42 2002
+++ configure.inSun Dec 29 04:57:48 2002
@@ -294,7 +294,7 @@
[
if test $tcpserver_file =
then
-echo 127.:allow,RELAYCLIENT=\\ $vpopmaildir/etc/tcp.smtp
+
echo 127.:allow,RELAYCLIENT=\\,QMAILQUEUE=\/var/qmail/bin/qmail-scanner-
queue.pl\ $vpopmaildir/etc/tcp.smtp
tcpserver_file=$vpopmaildir/etc/tcp.smtp
AC_MSG_WARN([Unable to find your tcpserver relay file.])
--- vmysql.c.origFri Feb 1 17:43:24 2002
+++ vmysql.cSun Dec 29 04:51:20 2002
@@ -750,7 +750,7 @@
return;
}
while((row = mysql_fetch_row(res_read))) {
-snprintf(SqlBufRead, SQL_BUF_SIZE, %s:allow,RELAYCLIENT=\\\n, row
[0]);
+snprintf(SqlBufRead, SQL_BUF_SIZE, %
s:allow,RELAYCLIENT=\\,QMAILQUEUE=\/var/qmail/bin/qmail-scanner-
queue.pl\\n, row[0]);
write(fdm,SqlBufRead, strlen(SqlBufRead));
}
mysql_free_result(res_read);
--- voracle.pc.origSat Jan 19 23:07:58 2002
+++ voracle.pcSun Dec 29 04:55:14 2002
@@ -694,7 +694,7 @@
EXEC SQL FETCH CF INTO :Vip_addr;
if (sqlca.sqlcode == 1403) break;
-sprintf(SqlBuf, %s:allow,RELAYCLIENT=\\\n, Vip_addr);
+sprintf(SqlBuf, %
s:allow,RELAYCLIENT=\\,QMAILQUEUE=\/var/qmail/bin/qmail-scanner-
queue.pl\\n, Vip_addr);
write(fdm,SqlBuf, strlen(SqlBuf));
}
--- vpgsql.c.origSat Jan 19 23:08:02 2002
+++ vpgsql.cSun Dec 29 04:54:21 2002
@@ -675,7 +675,7 @@
{
PGresult *pgres;
const char *qr=select ip_addr from relay;
-const char re[]=:allow,RELAYCLIENT=\\\n;
+const char re[]
=:allow,RELAYCLIENT=\\,QMAILQUEUE=\/var/qmail/bin/qmail-scanner-
queue.pl\\n;
register unsigned i=0, n, len=strlen(re)+1;
char *buf=NULL;
--- vpopmail.c.origFri May 17 23:25:49 2002
+++ vpopmail.cSun Dec 29 04:53:19 2002
@@ -2140,7 +2140,7 @@
rebuild_cdb = 0;
}
}
-fprintf( fs1, %s:allow,RELAYCLIENT=\\,RBLSMTPD=\\ %d\n,
+fprintf( fs1, %
s:allow,RELAYCLIENT=\\,RBLSMTPD=\\,QMAILQUEUE=\/var/qmail/bin/qmail-
scanner-queue.pl\ %d\n,
ipaddr, (int)mytime);
fclose(fs);
fclose(fs1);
Re: [vchkpw] Vpopmail, Roaming Users, Qmail-Scanner (vpopmail-5.2.1_qmailqueue.patch)
Tim Hasson writes: Below is a patch to allow setting QMAILQUEUE to qmail-scanner-queue.pl for roaming users (change path to your pre-qmail-queue script) You could also just set it in your run script. No need for patching. If you use qmail-conf, add it to the env directory. -- David Phillips [EMAIL PROTECTED] http://david.acz.org/
Re: [vchkpw] Relay Problems: tcpserver?
Greetings, I'm running vpopmail+qmail+mysql on RedHat 7.3. Everything seems to be working fine except for roaming user POP authentication. I've tried a number of different tcpserver configs I've found in the docs and through googling, but none seem to solve the problem. ~vpopmail/etc/tcp.smtp.cdb is updated (time stamp changes) whenever I POP to the server, but the remote IP is never added to the .cdb database and roaming users are getting relaying denied errors after POPing. I've got the same setup, and I'm experiencing the same thing, I think. If anyone has insight, I'd love to know the solution. Any suggestion/pointers would be greatly appreciated. TIA, --Duncan
Re: [vchkpw] Vpopmail, Roaming Users, Qmail-Scanner (vpopmail-5.2.1_qmailqueue.patch)
Thanks David for the info. Unfortunately, I have previously done that (adding the qmailqueue env in qmail- smtpd run file --as some posts on this mailing list or Q-S's list). However, the problem still existed since some users use the webmail interface (IMP www.horde.org/imp) to send messages which runs as a different user than qmail- smtpd and in turn doesn't pickup the env var QMAILQUEUE. The webmail's default behavior is it uses local /usr/sbin/sendmail binary to send mails out (which is linked to qmail's sendmail) which doesn't pass qmail-smtpd at all. I think qmail-sendmail will automatically write the message to the real queue (or it passes through qmail-send first.) I probablly could've gotton around that by also adding the QMAILQUEUE env line to qmail-send run script?? What I done is I added a exec() line in the webmail's php code to set the var QMAILQUEUE to my scanner. This worked for the webmail only but not for outlook/eudora users (again, could've put env qmailqueue in qmail-smtpd run file -- but then it becomes a mess). Quoting David Phillips [EMAIL PROTECTED]: Tim Hasson writes: Below is a patch to allow setting QMAILQUEUE to qmail-scanner-queue.pl for roaming users (change path to your pre-qmail-queue script) You could also just set it in your run script. No need for patching. If you use qmail-conf, add it to the env directory. -- David Phillips [EMAIL PROTECTED] http://david.acz.org/
Re: [vchkpw] Relay Problems: tcpserver?
Are you using tcpserver -x ~vpopmail/etc/tcp.smtp.cdb in your qmail-smtpd run file? If yes, then proceed.. I was using tcp.smtp.cdb in vpopmail for roaming users until I upgraded to 5.2.1 w/ mysql, so i ended up also applying matt simerson's mysql patch to tcpserver (or ucscpi package -- as recommended by README.mysql): http://matt.simerson.net/computing/mail/qmail/ucspi-tcp-0.88-mysql.patch After that you could run tcpserver with the new -S option (to enable tcpserver to read relay information from vpopmail's relay table in mysql) Just make sure you create a file /var/qmail/control/sql containing: server localhost port3306 databasevpopmail table relay userusername passsecret time7200 Then you could compile your tcp.smtp to another location (for example /etc/tcp.smtp.cdb) and change tcpserver -x to that new file (maintaining the additional -S option). This way, you will have a slim tcp.smtp.cdb that never changes except when you change it. This is a much better approach if you are using both --enable-roaming-users=y and --enable- mysql=y. Quoting Matthew Walker [EMAIL PROTECTED]: Greetings, I'm running vpopmail+qmail+mysql on RedHat 7.3. Everything seems to be working fine except for roaming user POP authentication. I've tried a number of different tcpserver configs I've found in the docs and through googling, but none seem to solve the problem. ~vpopmail/etc/tcp.smtp.cdb is updated (time stamp changes) whenever I POP to the server, but the remote IP is never added to the .cdb database and roaming users are getting relaying denied errors after POPing. I've got the same setup, and I'm experiencing the same thing, I think. If anyone has insight, I'd love to know the solution. Any suggestion/pointers would be greatly appreciated. TIA, --Duncan
