Re: [vchkpw] Variable for current delivery address???
On Thursday 09 December 2004 23:06, Rick Macdougall wrote: > Yes shell escaping like that does work in maildroprc, or at least 30 of > my servers think it does :) Hmm, I tested it out and it _does_ work now. I must not have been specifying the path properly before or something. I'm just manually specifying the --user argument in the .qmail files, and everything seems to be working properly now. It's a bit of a mystery to me though...if I send myself mail to [EMAIL PROTECTED], $EXT is cshobe and $HOST is osss.net, but I get some spam where $EXT and $HOST are set to casey and aixos.net - very strange. Also strange is that it will sometimes be allcaps instead of lower-case. Ahh well, all is working well now. Cheers, -- Casey Allen Shobe - Open Source Software Solutions [EMAIL PROTECTED] - http://osss.net
Re: [vchkpw] vchkpw fails and then succeeds!
Tom Collins wrote: If you stored a single encoded password, anyone sniffing the line could learn the encoded version and just re-use it. So I have to choose: using a cryptography authentication method that's not safe or having the password being save as plain (wich is not safe either)? Sure I can guarantee that getting access to my DB is more difficult than getting access to my LAN (in case of sniffing), so I would choose having the plain password stored, but it's still being a hole on the system (if some guy gains access to DB, he'll have access to ALL passwords, while sniffing would just compromise some users). Is there any plans for workaround this problem? Is there a way to do it? How does behavior other softwares that uses CRAM-MD5? They always kept the plain password? -- Best regards, Eduardo M. Bragatto.
Re: [vchkpw] vchkpw fails and then succeeds!
On Dec 10, 2004, at 11:28 AM, Pedro Pais wrote: But why isn't the password stored in the passwd/mysql using CRAM-MD5 format? That way you could always check it. It wouldn't matter if the client authenticated using plain or using CRAM-MD5. You could even double cypher the password using mysql PASSWORD(). a) Client authenticates using plain username/password Create CRAM-MD5 from those tokens and check with the password stored. b) Client authenticates usign CRAM-MD5 username/password. Directly compare with the stored password. Am I missing something important in here? Every time the client authenticates, it uses a different challenge (issued by the server) to encode the response. CRAM-MD5 works in a way that if you and I both know the cleartext password (secret), we can both generate the same response to the common challenge. You can tell me the response, and I can verify whether you know the password, but someone overhearing our conversation can't determine the actual password. If you stored a single encoded password, anyone sniffing the line could learn the encoded version and just re-use it. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] vchkpw fails and then succeeds!
On Fri, 10 Dec 2004 19:28:32 +, Pedro Pais <[EMAIL PROTECTED]> wrote: > On Thu, 9 Dec 2004 21:39:22 -0800, Tom Collins <[EMAIL PROTECTED]> wrote: > > > > On Dec 9, 2004, at 3:20 PM, Pedro Pais wrote: > > >> Also, I'm fairly certain that CRAM-MD5 requires that you have > > >> clear-text > > >> passwords enabled. I still need to look at my pop and smtp servers > > >> to see > > >> how I can make them not advertise something that's not available on my > > >> system... > > > > > > Really? That doesn't sound too secure, or even ethical. > > > > CRAM-MD5 is more secure because someone sniffing the network can't > > derive the sender's password. With all other SMTP AUTH methods, you > > can easily decode sniffed packets to get the email address and > > password. The only way for CRAM-MD5 to work is for the server to know > > the user's cleartext password. > > > > Granted, you need to make sure the cleartext password is stored > > securely... > But why isn't the password stored in the passwd/mysql using CRAM-MD5 > format? That way you could always check it. It wouldn't matter if the > client authenticated using plain or using CRAM-MD5. You could even > double cypher the password using mysql PASSWORD(). > a) Client authenticates using plain username/password Create CRAM-MD5 > from those tokens and check with the password stored. > b) Client authenticates usign CRAM-MD5 username/password. Directly > compare with the stored password. > > Am I missing something important in here? Maybe I'm over-simplifying things a bit, right? I'm skimming the RFC and the process of creation of the CRAM-MD5 authentication token doesn't seem to be very straight-forward... > > > > > -- > > > > > > > > Tom Collins - [EMAIL PROTECTED] > > QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ > > Info on the Sniffter hand-held Network Tester: http://sniffter.com/ > > > > > > -- > Pedro Pais > Skype name: pedro.pais > MSN: [EMAIL PROTECTED] > Get Firefox! > http://www.spreadfirefox.com/community/?q=affiliates&id=3759&t=1 > -- Pedro Pais Skype name: pedro.pais MSN: [EMAIL PROTECTED] Get Firefox! http://www.spreadfirefox.com/community/?q=affiliates&id=3759&t=1
Re: [vchkpw] vchkpw fails and then succeeds!
On Thu, 9 Dec 2004 21:39:22 -0800, Tom Collins <[EMAIL PROTECTED]> wrote: > On Dec 9, 2004, at 3:20 PM, Pedro Pais wrote: > >> Also, I'm fairly certain that CRAM-MD5 requires that you have > >> clear-text > >> passwords enabled. I still need to look at my pop and smtp servers > >> to see > >> how I can make them not advertise something that's not available on my > >> system... > > > > Really? That doesn't sound too secure, or even ethical. > > CRAM-MD5 is more secure because someone sniffing the network can't > derive the sender's password. With all other SMTP AUTH methods, you > can easily decode sniffed packets to get the email address and > password. The only way for CRAM-MD5 to work is for the server to know > the user's cleartext password. > > Granted, you need to make sure the cleartext password is stored > securely... But why isn't the password stored in the passwd/mysql using CRAM-MD5 format? That way you could always check it. It wouldn't matter if the client authenticated using plain or using CRAM-MD5. You could even double cypher the password using mysql PASSWORD(). a) Client authenticates using plain username/password Create CRAM-MD5 from those tokens and check with the password stored. b) Client authenticates usign CRAM-MD5 username/password. Directly compare with the stored password. Am I missing something important in here? > > -- > > > Tom Collins - [EMAIL PROTECTED] > QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ > Info on the Sniffter hand-held Network Tester: http://sniffter.com/ > > -- Pedro Pais Skype name: pedro.pais MSN: [EMAIL PROTECTED] Get Firefox! http://www.spreadfirefox.com/community/?q=affiliates&id=3759&t=1
Re: [vchkpw] vchkpw problemm!
On Friday 10 December 2004 08:43 am, vit slipchenko wrote: [snip] > and have a problemm with chkuser. [...] > #!/bin/sh > QMAILDUID=`id -u qmaild` > NOFILESGID=`id -g qmaild` the qmaild user probably isn't able to read your vpopmail information. Run qmail-smtpd as the vpopmail user or as root. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgpkghReA2ZAL.pgp Description: PGP signature
Re: [vchkpw] vchkpw problemm!
Hi, watching better your post. If you are using Shupp's toaster, you must run qmail-smtpd as vpopmail user, not qmail (see documentation). You may also comment CHKUSER_ENABLE_UIDGID. Tonino At 15.43 10/12/2004, you wrote: Hello all! i install netqmail-1.05 qmail-toaster-0.6-1.patch netqmail-1.05_toaster-0.6-1_chkuser-2.0.8b.patch and have a problemm with chkuser. this is my chkuser_settings.h #define CHKUSER_VPOPMAIL #define CHKUSER_STARTING_VARIABLE "CHKUSER_START" #define CHKUSER_ENABLE_UIDGID other by default this is my qmail-smtpd run file #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` # CHKUSER_START="DOMAIN" export CHKUSER_START # exec /usr/local/bin/softlimit -m 600 \ /usr/local/bin/tcpserver -H -R -v -p -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd -r relays.ordb.org /var/qmail/bin/qmail-smtpd 2>&1 = my /usr/local/vpopmail/domains/vs..ua/.qmail-default | /usr/local/vpopmail/bin/vdelivermail '' bounce-no-mailbox = when i test mail qmail-smtpd CHKUSER_START="DOMAIN" export CHKUSER_START ./qmail-smtpd 220 venus.vs..ua ESMTP mail from: [EMAIL PROTECTED] 250 ok rcpt to: [EMAIL PROTECTED] CHKUSER accepted rcpt: from <[EMAIL PROTECTED]::> remote <:unknown:unknown> rcpt <[EMAIL PROTECTED]> : found exi sting recipient 250 ok rcpt to: [EMAIL PROTECTED] CHKUSER accepted rcpt: from <[EMAIL PROTECTED]::> remote <:unknown:unknown> rcpt <[EMAIL PROTECTED]> : found exi sting recipient 250 ok [EMAIL PROTECTED] exist ing recipient [EMAIL PROTECTED] non exist i see that patched qmail-smtpd d't work fine! where is my mistake ? -- ó Õ×ÁÖÅÎÉÅÍ, vit mailto:[EMAIL PROTECTED] -=> SV365-RIPE -=> VS574-UANIC -=> ICQ 1811
Re: [vchkpw] vchkpw problemm!
Are you testing as root? If yes, it should work... If not, you should setuid and setgid qmail-smtpd as indicated in documentation. Tonino At 15.43 10/12/2004, you wrote: Hello all! i install netqmail-1.05 qmail-toaster-0.6-1.patch netqmail-1.05_toaster-0.6-1_chkuser-2.0.8b.patch and have a problemm with chkuser. this is my chkuser_settings.h #define CHKUSER_VPOPMAIL #define CHKUSER_STARTING_VARIABLE "CHKUSER_START" #define CHKUSER_ENABLE_UIDGID other by default this is my qmail-smtpd run file #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` # CHKUSER_START="DOMAIN" export CHKUSER_START # exec /usr/local/bin/softlimit -m 600 \ /usr/local/bin/tcpserver -H -R -v -p -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd -r relays.ordb.org /var/qmail/bin/qmail-smtpd 2>&1 = my /usr/local/vpopmail/domains/vs..ua/.qmail-default | /usr/local/vpopmail/bin/vdelivermail '' bounce-no-mailbox = when i test mail qmail-smtpd CHKUSER_START="DOMAIN" export CHKUSER_START ./qmail-smtpd 220 venus.vs..ua ESMTP mail from: [EMAIL PROTECTED] 250 ok rcpt to: [EMAIL PROTECTED] CHKUSER accepted rcpt: from <[EMAIL PROTECTED]::> remote <:unknown:unknown> rcpt <[EMAIL PROTECTED]> : found exi sting recipient 250 ok rcpt to: [EMAIL PROTECTED] CHKUSER accepted rcpt: from <[EMAIL PROTECTED]::> remote <:unknown:unknown> rcpt <[EMAIL PROTECTED]> : found exi sting recipient 250 ok [EMAIL PROTECTED] exist ing recipient [EMAIL PROTECTED] non exist i see that patched qmail-smtpd d't work fine! where is my mistake ? -- ó Õ×ÁÖÅÎÉÅÍ, vit mailto:[EMAIL PROTECTED] -=> SV365-RIPE -=> VS574-UANIC -=> ICQ 1811
[vchkpw] vchkpw problemm!
Hello all! i install netqmail-1.05 qmail-toaster-0.6-1.patch netqmail-1.05_toaster-0.6-1_chkuser-2.0.8b.patch and have a problemm with chkuser. this is my chkuser_settings.h #define CHKUSER_VPOPMAIL #define CHKUSER_STARTING_VARIABLE "CHKUSER_START" #define CHKUSER_ENABLE_UIDGID other by default this is my qmail-smtpd run file #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` # CHKUSER_START="DOMAIN" export CHKUSER_START # exec /usr/local/bin/softlimit -m 600 \ /usr/local/bin/tcpserver -H -R -v -p -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd -r relays.ordb.org /var/qmail/bin/qmail-smtpd 2>&1 = my /usr/local/vpopmail/domains/vs..ua/.qmail-default | /usr/local/vpopmail/bin/vdelivermail '' bounce-no-mailbox = when i test mail qmail-smtpd CHKUSER_START="DOMAIN" export CHKUSER_START ./qmail-smtpd 220 venus.vs..ua ESMTP mail from: [EMAIL PROTECTED] 250 ok rcpt to: [EMAIL PROTECTED] CHKUSER accepted rcpt: from <[EMAIL PROTECTED]::> remote <:unknown:unknown> rcpt <[EMAIL PROTECTED]> : found exi sting recipient 250 ok rcpt to: [EMAIL PROTECTED] CHKUSER accepted rcpt: from <[EMAIL PROTECTED]::> remote <:unknown:unknown> rcpt <[EMAIL PROTECTED]> : found exi sting recipient 250 ok [EMAIL PROTECTED] exist ing recipient [EMAIL PROTECTED] non exist i see that patched qmail-smtpd d't work fine! where is my mistake ? -- С уважением, vit mailto:[EMAIL PROTECTED] -=> SV365-RIPE -=> VS574-UANIC -=> ICQ 1811
Re: [vchkpw] delivering a mail to every account
hi together, many thanks for your support! that command did it! regards alex Ispas Paul wrote: On Thursday 09 December 2004 15:46, Alexander Gruber wrote: hi together, i would like to know if it is possbile to send one mail to every account on a vpopmail installation. perhaps via vdeliver or maildrop?! thanks! alex How about vpopbull ??? [EMAIL PROTECTED]:~# vpopbull -v version: 5.4.8 Error: email_file not specified usage: vpopbull [options] -f [email_file] [virtual_domain] [...] -v (print version number) -V (verbose) -f email_file (file with message contents) -e exclude_email_addr_file (list of addresses to exclude) -n (don't mail. Use with -V to list accounts) -c (default, copy file) -h (use hard links) -s (use symbolic links) [EMAIL PROTECTED]:~#
[vchkpw] VPopmail+Qmail+Quota
I am currently running a slightly older version of vpopmail (5.2.1). I have been attempting to update to 5.4.0 or 5.4.8, but regardless of what compile options I give I consistently get the following error on any mail deliveries to the domain and the message fails to go through. It is also funny that mail quota usage all shows up as 0% (this is in a production machine). There is an NFS mount involved, but I've tested this as well on the server with the NFS share, and that isn't changing anything. Everything else vpopmail works (pop, imap, etc...) Any ideas? @400041b98f4b27326e74 delivery 382616: failure: user_is_over_quota/ Thanks, -- Clint Ricker Systems and Network Administrator NorthEast Georgia Internet Access (706)546-5787