[vchkpw] Encrypted vpasswd
dear all, How can I make vpopmail not to display passwords in clear text.im using vqadmin as user management interface. Regards Rizwan Iqbal Malik
[vchkpw] What causes bounce messages to be sent to forged addresses?
server1# qmail-qread | grep remote | wc -l 0 server2# qmail-qread | grep remote | wc -l 754 h # find /var/qmail/queue/mess/ -type f -exec grep '^[EMAIL PROTECTED]:$' {} \; | grep -v Binary | cut -d '@' -f 2 | cut -d '' -f 1 | sort | uniq | wc -l 19 Only 19 domains out of: # cat /var/qmail/users/assign | wc -l 147 Of these, # find /var/vpopmail/domains/ -type d -maxdepth 1 -mindepth 1 | wc -l 97 are real domains, the rest are alias domains. Guessing by the numbers, this doesn't matter. As a matter of coincidence, none of the 19 domains trying to send bounces are aliases. Every single one of these 19 domains was migrated from an *old* crusty Redhat 7.3 server with whatever version of vpopmail had been new at the time. # for i in `find /var/qmail/queue/mess/ -type f -exec grep '^[EMAIL PROTECTED]:$' {} \; | grep -v Binary | cut -d '@' -f 2 | cut -d '' -f 1 | sort | uniq`; do grep $i /var/qmail/users/assign | sed -e s/$i/DOMAIN_NAME/g; done +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +REAL_DOMAIN-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +REAL_DOMAIN-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: 17 of the 19 are real domains, and the 2 which are aliases both point to real domains which are in the list of 17. All accounts look the same as far as I can tell: # cat /var/vpopmail/domains/*/.qmail-default | sort | uniq | /var/vpopmail/bin/vdelivermail '' bounce-no-mailbox No unusual .qmail files: # for i in `find /var/vpopmail/domains/*/.qmail-* -not -name '.qmail*owner'`; do cat $i | grep -v '^[EMAIL PROTECTED]' | grep -v 'bounce-no-mailbox' | grep -v ezmlm; done | wc -l 0 # for i in `find /var/vpopmail/domains/*/*/.qmail`; do cat $i | grep -v '^| /usr/bin/maildrop'; done | wc -l 0 ...and nothing unusual that I can spot, no obvious differences between contents of the different domain directories, or files contained within. Every message in the queue looks like this one: Received: (qmail 17683 invoked for bounce); 17 Jun 2005 09:48:53 + Date: 17 Jun 2005 09:48:53 + From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: failure notice Hi. This is the qmail-send program at stuart.seattleserver.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. [EMAIL PROTECTED]: Sorry, no mailbox here by that name. (#5.1.1) Any advice, please? Cheers, -- Casey Allen Shobe | http://casey.shobe.info [EMAIL PROTECTED] | cell 425-443-4653 AIM Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
Re: [vchkpw] Encrypted vpasswd
On Friday 17 June 2005 09:49, Rizwan Iqbal Malik wrote: How can I make vpopmail not to display passwords in clear text.im using vqadmin as user management interface. Recompile vpopmail with cleartext passwords disabled. And/or you can do it manually by deleting the cleartext passwords out of the vpasswd files (and then remove the corresponding vpasswd.cdb files). On Gentoo: # echo 'net-mail/vpopmail clearpasswd' /etc/portage/package.use # emerge -uDva --newuse net-mail/vpopmail Cheers, -- Casey Allen Shobe | http://casey.shobe.info [EMAIL PROTECTED] | cell 425-443-4653 AIM Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
Re: [vchkpw] What causes bounce messages to be sent to forged addresses?
Hi Casey, I don't know if I understood very well all these evidences you have shown. But appears to me you are not using the Chkuser patch, right? If not, chkuser is a patch to qmail-smtpd that enables it to check the existence of a local user before accepting the message. Without it, qmail-smtpd has to accept every message destined to its local domains, and try to deliver the messages later. If the delivery fails, because the user doesn't exist, qmail will try to bounce the message to the sender, even if it's fake. Chkuser also adds a lot of other nice features. (it can reject messages from senders with strange patterns or with inexistent domain names) It's website is: http://www.interazioni.it/opensource/chkuser/ A (hopefully) nice installation guide is: http://www.qmailwiki.org/Simscan/Related_Docs/Simscan_ClamAV_Chkuser_Installation_Guide regards, bnegrao What causes bounce messages to be sent to forged addresses? server1# qmail-qread | grep remote | wc -l 0 server2# qmail-qread | grep remote | wc -l 754 h # find /var/qmail/queue/mess/ -type f -exec grep '^[EMAIL PROTECTED]:$' {} \; | grep -v Binary | cut -d '@' -f 2 | cut -d '' -f 1 | sort | uniq | wc -l 19 Only 19 domains out of: # cat /var/qmail/users/assign | wc -l 147 Of these, # find /var/vpopmail/domains/ -type d -maxdepth 1 -mindepth 1 | wc -l 97 are real domains, the rest are alias domains. Guessing by the numbers, this doesn't matter. As a matter of coincidence, none of the 19 domains trying to send bounces are aliases. Every single one of these 19 domains was migrated from an *old* crusty Redhat 7.3 server with whatever version of vpopmail had been new at the time. # for i in `find /var/qmail/queue/mess/ -type f -exec grep '^[EMAIL PROTECTED]:$' {} \; | grep -v Binary | cut -d '@' -f 2 | cut -d '' -f 1 | sort | uniq`; do grep $i /var/qmail/users/assign | sed -e s/$i/DOMAIN_NAME/g; done +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +REAL_DOMAIN-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +REAL_DOMAIN-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: +DOMAIN_NAME-:DOMAIN_NAME:89:89:/var/vpopmail/domains/DOMAIN_NAME:-:: 17 of the 19 are real domains, and the 2 which are aliases both point to real domains which are in the list of 17. All accounts look the same as far as I can tell: # cat /var/vpopmail/domains/*/.qmail-default | sort | uniq | /var/vpopmail/bin/vdelivermail '' bounce-no-mailbox No unusual .qmail files: # for i in `find /var/vpopmail/domains/*/.qmail-* -not -name '.qmail*owner'`; do cat $i | grep -v '^[EMAIL PROTECTED]' | grep -v 'bounce-no-mailbox' | grep -v ezmlm; done | wc -l 0 # for i in `find /var/vpopmail/domains/*/*/.qmail`; do cat $i | grep -v '^| /usr/bin/maildrop'; done | wc -l 0 ...and nothing unusual that I can spot, no obvious differences between contents of the different domain directories, or files contained within. Every message in the queue looks like this one: Received: (qmail 17683 invoked for bounce); 17 Jun 2005 09:48:53 + Date: 17 Jun 2005 09:48:53 + From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: failure notice Hi. This is the qmail-send program at stuart.seattleserver.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. [EMAIL PROTECTED]: Sorry, no mailbox here by that name. (#5.1.1) Any advice, please? Cheers, -- Casey Allen Shobe | http://casey.shobe.info [EMAIL PROTECTED] | cell 425-443-4653 AIM Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
[vchkpw] no $HOME/Maildir
Hello,i'm getting this error when telneting to 110, on freebsd 5.3,vpopmail 5.4.10+mysql-4.1.12 freebsd# telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK 2948.1119011293@/home/vpopmail/bin/vchkpw user testusr +OK pass 123 -ERR this user has no $HOME/Maildir Connection closed by foreign host. i can't get out what does it mean,it's supposed to use mysql:(? thanks in advanse! Best regards, Ruslanmailto:[EMAIL PROTECTED]
Re: [vchkpw] no $HOME/Maildir
On Fri, 2005-06-17 at 19:02 +0600, Ruslan Molbashev wrote: Hello,i'm getting this error when telneting to 110, on freebsd 5.3,vpopmail 5.4.10+mysql-4.1.12 freebsd# telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK 2948.1119011293@/home/vpopmail/bin/vchkpw user testusr +OK pass 123 -ERR this user has no $HOME/Maildir Connection closed by foreign host. i can't get out what does it mean,it's supposed to use mysql:(? thanks in advanse! Using MySQL doesnt put the email into MySQL, it only stores the domain and users details (username, pass, domain etc). The user should have a home dir at something like /home/vpopmail/domain.com/user/Maildir You can use Maildirmake to create the Maildir if you need to. Make sure you run it as the vpopmail user though. Shane
[vchkpw] Help with my Chkuser Installation Guide
Hi guys, I'm editing my Simscan + ClamAV + Chkuser installation guide at: http://www.qmailwiki.org/Simscan/Related_Docs/Simscan_ClamAV_Chkuser_Installation_Guide And I added a new part where I persuade the reader to enable some of chkuser's features that came disabled by default. To persuade the reader, I make some comments of the usefulness of each feature. I'd like you to read and criticize my comments to prevent me teaching bullshit to the others. The text is this bellow: --- Enable some nice Chkuser features [OPTIONAL] Chkuser has disabled by default some of it's nice features: a.. CHKUSER_SENDER_FORMAT: checks if the SENDER of each message has the username part matching [a-z0-9_-], and the domain part matching [a-z0-9-.] with not consecutive -., not leading or ending -. == Great for identifying spam. a.. CHKUSER_RCPT_FORMAT: Equals to the above checking, but for the RCPT of each message. Good to prevent your users to send crap to the net. a.. CHKUSER_SENDER_MX: Checks if the SENDER domain has a valid MX configured for it, thus, discovering fake domain names. Great for identifying spam. a.. CHKUSER_RCPT_MX: Checks if the RCPT domain has a valid MX configured for it. Good to discover typos your users do when sending e-mails. To enable these features, we have to edit the chkuser_setting.h file and uncomment them. vi chkuser_settings.h Search and uncomment the line for each feature: /* #define CHKUSER_RCPT_FORMAT */ #define CHKUSER_RCPT_FORMAT /* #define CHKUSER_RCPT_MX */ #define CHKUSER_RCPT_MX /* #define CHKUSER_SENDER_FORMAT */ #define CHKUSER_SENDER_FORMAT /* #define CHKUSER_SENDER_MX */ #define CHKUSER_SENDER_MX Save the chkuser_settings.h file with the above modifications. --- Regards, Bruno Negrao - Network Manager Engepel Teleinformtica. 55-31-34812311 Belo Horizonte, MG, Brazil
Re: [vchkpw] no $HOME/Maildir
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Shane Chrisp wrote: | On Fri, 2005-06-17 at 19:02 +0600, Ruslan Molbashev wrote: | |Hello,i'm getting this error when telneting to 110, |on freebsd 5.3,vpopmail 5.4.10+mysql-4.1.12 | |freebsd# telnet localhost 110 |Trying 127.0.0.1... |Connected to localhost. |Escape character is '^]'. |+OK 2948.1119011293@/home/vpopmail/bin/vchkpw It's obvious right here that your POP3 startup script has some problems. Your hostname is obviously not /home/vpopmail/bin/vchkpw. Looks to me like you accidentally left out the host argument before the call to vchkpw. - -- /* ~Matt Brookings [EMAIL PROTECTED] GnuPG Key 7D7E5F37 ~Software developer Systems technician ~Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCstj1/pZz8n1+XzcRAloeAJ4kU5uJLA05Zk2GKLA1mw48+1B5AQCgrkIs 6/7eGLaSbaHOZs31ncMFn1M= =dsv6 -END PGP SIGNATURE-
Re: [vchkpw] Help with my Chkuser Installation Guide
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bruno Negro wrote: | a.. CHKUSER_SENDER_FORMAT: checks if the SENDER of each message has the | username part matching [a-z0-9_-], and the domain part matching | [a-z0-9-.] with not consecutive -., not leading or ending -. == | Great for identifying spam. This really doesn't do much to identify spam. In fact, the only purpose it would tend to serve, is to limit the users on your system to traditional email addresses, which could, ironically, make your system more easily spammed. | a.. CHKUSER_RCPT_FORMAT: Equals to the above checking, but for the RCPT | of each message. Good to prevent your users to send crap to the net. Same as CHKUSER_SENDER_FORMAT except here, if your users try to relay mail to a non-traditional email address, you will find yourself with a phone call from a curious customer :) | a.. CHKUSER_SENDER_MX: Checks if the SENDER domain has a valid MX | configured for it, thus, discovering fake domain names. Great for | identifying spam. Unfortunately, while we'd all love to force everyone to have an MX record, the fact remains that some hosts just dont have them. Connecting directly to the host named should be left available, for now. Also, being dictionary attacked could leave you making a good deal of DNS lookups, which can sometimes be slow. | a.. CHKUSER_RCPT_MX: Checks if the RCPT domain has a valid MX | configured for it. Good to discover typos your users do when sending | e-mails. | | To enable these features, we have to edit the chkuser_setting.h file and | uncomment them. | | vi chkuser_settings.h | Search and uncomment the line for each feature: | | /* #define CHKUSER_RCPT_FORMAT */ | #define CHKUSER_RCPT_FORMAT | /* #define CHKUSER_RCPT_MX */ | #define CHKUSER_RCPT_MX | /* #define CHKUSER_SENDER_FORMAT */ | #define CHKUSER_SENDER_FORMAT | /* #define CHKUSER_SENDER_MX */ | #define CHKUSER_SENDER_MX | Save the chkuser_settings.h file with the above modifications. | | --- | | | Regards, | | | Bruno Negrao - Network Manager | Engepel Teleinformtica. 55-31-34812311 | Belo Horizonte, MG, Brazil | | - -- /* ~Matt Brookings [EMAIL PROTECTED] GnuPG Key 7D7E5F37 ~Software developer Systems technician ~Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCstpU/pZz8n1+XzcRAs1yAKCR+KnHkYHSy37vf9FLSLB5WHLrHgCfbvVX YKHXzravxHG1XmyJ3Vm6mHc= =LCDn -END PGP SIGNATURE-
Re: [vchkpw] Help with my Chkuser Installation Guide
Hi Matt, thanks for answering. | a.. CHKUSER_SENDER_FORMAT: checks if the SENDER of each message has the | username part matching [a-z0-9_-], and the domain part matching | [a-z0-9-.] with not consecutive -., not leading or ending -. == | Great for identifying spam. This really doesn't do much to identify spam. In fact, the only purpose it would tend to serve, is to limit the users on your system to traditional email addresses, which could, ironically, make your system more easily spammed. When the SENDER is a local user, I have to agree with what you say. But when the SENDER is a remote user, specially a spammer, this check will block all those weird fake addresses the spammers like to use, that's why I told this feature was good to block spam. Can you comment on this? Would this case worth to enable this feature? But now I looking closely to this check I'm recalling some of my customers like to have e-mails of the format: [EMAIL PROTECTED] I't seems that this check would block my usernames with the 'user.lastname' syntax, since it doesn't accept a '.' character in the USER part. Is this customizable? If it's not, this feature does not work even for me!! | a.. CHKUSER_RCPT_FORMAT: Equals to the above checking, but for the RCPT | of each message. Good to prevent your users to send crap to the net. Same as CHKUSER_SENDER_FORMAT except here, if your users try to relay mail to a non-traditional email address, you will find yourself with a phone call from a curious customer :) Hmmm, oh no!! :-) So I see no utility at all to this feature. | a.. CHKUSER_SENDER_MX: Checks if the SENDER domain has a valid MX | configured for it, thus, discovering fake domain names. Great for | identifying spam. Unfortunately, while we'd all love to force everyone to have an MX record, the fact remains that some hosts just dont have them. Connecting directly to the host named should be left available, for now. I didn't understand what you said in Connecting directly to the host named should be left available, for now. Can you explain it better? Also, being dictionary attacked could leave you making a good deal of DNS lookups, which can sometimes be slow. Yes... I'm seeing there are some good reasons for these features being commented out... Regards, bnegrao
[vchkpw] spamassassin and vpopmail on ISP-cluster
Hi folks, I wanted to get up-to-date with implementing SA on qmail/vpopmail. I had a look at vpopmail 5.5.1 (because of the SA-support in it), but I currently doesn't compile. Bug-report was sent. What are possible implementations of SA on vpopmail? Currently the cluster counts about 100k mailboxes with an average of ~ 10k messages an hour. Simscan (and clamav) is already installed. Users don't have do have individual settings (would be nice, but needs IMHO too much hacking in qmailadmin). Can anybody provide success-stories or give advice which solution could fit for this installation? TIA Tobias
Re: [vchkpw] Help with my Chkuser Installation Guide
At 15.49 17/06/2005, you wrote: But now I looking closely to this check I'm recalling some of my customers like to have e-mails of the format: [EMAIL PROTECTED] I't seems that this check would block my usernames with the 'user.lastname' syntax, since it doesn't accept a '.' character in the USER part. Is this customizable? If it's not, this feature does not work even for me!! Documentation is wrong (I'll correct it soon): '.' and '=' are accepted in format controls. Ciao, Tonino
Re: [vchkpw] Help with my Chkuser Installation Guide
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bruno Negro wrote: | Hi Matt, thanks for answering. | | | a.. CHKUSER_SENDER_FORMAT: checks if the SENDER of each message has | the | | username part matching [a-z0-9_-], and the domain part matching | | [a-z0-9-.] with not consecutive -., not leading or ending -. == | | Great for identifying spam. | | This really doesn't do much to identify spam. In fact, the only purpose | it would tend to serve, is to limit the users on your system to | traditional email addresses, which could, ironically, make your system | more easily spammed. | | When the SENDER is a local user, I have to agree with what you say. | | But when the SENDER is a remote user, specially a spammer, this check | will block all those weird fake addresses the spammers like to use, | that's why | I told this feature was good to block spam. Can you comment on this? | Would this | case worth to enable this feature? Basically, you're breaking RFCs with the idea that somehow this will protect your system from addresses only a spammer would use. On the same token, you could also restrict the letter 'x' citing that real people generally don't have an x in their names. It really offers no extra protection, and it breaks RFCs. If I try to send you a piece of mail from my non-standard, wacky address containing characters most people have never seen in an email address, you're going to reject it. | | But now I looking closely to this check I'm recalling some of my | customers like to have e-mails of the format: [EMAIL PROTECTED] | I't seems that this check would block my usernames with the | 'user.lastname' syntax, since it doesn't accept a '.' character in the | USER part. Is this customizable? If it's not, this feature does not work | even for me!! Address names are quite limited already, there's no need to further limit them. I recommend against use of this feature. | | | | a.. CHKUSER_RCPT_FORMAT: Equals to the above checking, but for the | RCPT | | of each message. Good to prevent your users to send crap to the net. | | Same as CHKUSER_SENDER_FORMAT except here, if your users try to relay | mail to a non-traditional email address, you will find yourself with | a phone call from a curious customer :) | | Hmmm, oh no!! :-) So I see no utility at all to this feature. | | | | a.. CHKUSER_SENDER_MX: Checks if the SENDER domain has a valid MX | | configured for it, thus, discovering fake domain names. Great for | | identifying spam. | | Unfortunately, while we'd all love to force everyone to have an | MX record, the fact remains that some hosts just dont have them. | Connecting directly to the host named should be left available, | for now. | | I didn't understand what you said in Connecting directly to the host | named should be left available, for now. | Can you explain it better? Since some mail (and DNS) administrators sometimes neglect to add an MX record for their domain, if you try to email [EMAIL PROTECTED], and example.com has not published MX records, most MTAs will take the step to try to connect directly to example.com's A record IP if one exists. | | Also, being dictionary attacked could leave you making a good | deal of DNS lookups, which can sometimes be slow. | | Yes... | | I'm seeing there are some good reasons for these features being | commented out... | | Regards, | bnegrao | | - -- /* ~Matt Brookings [EMAIL PROTECTED] GnuPG Key 7D7E5F37 ~Software developer Systems technician ~Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCsuz+/pZz8n1+XzcRAvOjAKCFtoh/HlCJUdxoPE6Nsyx+rJPzBwCfV3Uo m+0MseXOizxfbRkU07l/rNM= =xygd -END PGP SIGNATURE-
Re: [vchkpw] migration
On Thursday 16 June 2005 02:48 pm, Scott Gamble wrote: This obviously poses something of a problem in terms of migration. From a mysql install of vpopmail to a non-mysql install of vpopmail. First question - I'm going to have to recreate all these email accounts by hand aren't I...? nope, look at ~vpopmail/bin/vconvert Second question - if we're going with a Non-Sql Integrated (NSI) version of vpopmail we're going to stick with it. How does one migrate data from one NSI-vpopmail server to another? How does it keep track of account information if not with mysql? it uses a passwd and passwd.cdb file in each domain's directory. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgpH18mPcUmya.pgp Description: PGP signature
Re: [vchkpw] Encrypted vpasswd
On Friday 17 June 2005 06:19 am, Casey Allen Shobe wrote: On Friday 17 June 2005 09:49, Rizwan Iqbal Malik wrote: How can I make vpopmail not to display passwords in clear text.im using vqadmin as user management interface. Recompile vpopmail with cleartext passwords disabled. And/or you can do it manually by deleting the cleartext passwords out of the vpasswd files (and then remove the corresponding vpasswd.cdb files). On Gentoo: # echo 'net-mail/vpopmail clearpasswd' /etc/portage/package.use # emerge -uDva --newuse net-mail/vpopmail you would actually want to put 'net-mail/vpopmail -clearpasswd' into /etc/portage/package.use but then again.. you shouldn't be using gentoo's qmail ebuilds anyways, they're just awful. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgpqm7GtcLFjI.pgp Description: PGP signature
Re: Re: [vchkpw] migration
Slick! Wish I'd gotten this yesterday. D0H! - Original Message - Subject: Re: [vchkpw] migration From: Jeremy Kitchen [EMAIL PROTECTED] To: vchkpw@inter7.com Date: 06-17-2005 8:46 am On Thursday 16 June 2005 02:48 pm, Scott Gamble wrote: This obviously poses something of a problem in terms of migration. From a mysql install of vpopmail to a non-mysql install of vpopmail. First question - I'm going to have to recreate all these email accounts by hand aren't I...? nope, look at ~vpopmail/bin/vconvert Second question - if we're going with a Non-Sql Integrated (NSI) version of vpopmail we're going to stick with it. How does one migrate data from one NSI-vpopmail server to another? How does it keep track of account information if not with mysql? it uses a passwd and passwd.cdb file in each domain's directory. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED]
Re: [vchkpw] Help with my Chkuser Installation Guide
On Friday 17 June 2005 08:43 am, Bruno Negro wrote: Hi guys, I'm editing my Simscan + ClamAV + Chkuser installation guide at: http://www.qmailwiki.org/Simscan/Related_Docs/Simscan_ClamAV_Chkuser_Instal lation_Guide And I added a new part where I persuade the reader to enable some of chkuser's features that came disabled by default. To persuade the reader, I make some comments of the usefulness of each feature. I'd like you to read and criticize my comments to prevent me teaching bullshit to the others. The text is this bellow: --- Enable some nice Chkuser features [OPTIONAL] Chkuser has disabled by default some of it's nice features: a.. CHKUSER_SENDER_FORMAT: checks if the SENDER of each message has the username part matching [a-z0-9_-], and the domain part matching [a-z0-9-.] with not consecutive -., not leading or ending -. == Great for identifying spam. a.. CHKUSER_RCPT_FORMAT: Equals to the above checking, but for the RCPT of each message. Good to prevent your users to send crap to the net. doesn't this block bounces? I seem to recall one time where this was enabled by default and was blocking all bounce messages, which is a VERY bad thing. a.. CHKUSER_SENDER_MX: Checks if the SENDER domain has a valid MX configured for it, thus, discovering fake domain names. Great for identifying spam. a.. CHKUSER_RCPT_MX: Checks if the RCPT domain has a valid MX configured for it. Good to discover typos your users do when sending e-mails. the latter seems less useful than the former, however it shouldn't cause any performance problems. To enable these features, we have to edit the chkuser_setting.h file and uncomment them. vi chkuser_settings.h nano? *ducks* a lot of new users would get stuck in vi, so I would recommend saying nano or pico there, advanced users will recognize this as a text editor and use their editor of choice. I know the first time I got in vi by accident I was like wtf how do i get out of this thing!?? :) Search and uncomment the line for each feature: /* #define CHKUSER_RCPT_FORMAT */ #define CHKUSER_RCPT_FORMAT /* #define CHKUSER_RCPT_MX */ #define CHKUSER_RCPT_MX /* #define CHKUSER_SENDER_FORMAT */ #define CHKUSER_SENDER_FORMAT /* #define CHKUSER_SENDER_MX */ #define CHKUSER_SENDER_MX Save the chkuser_settings.h file with the above modifications. sounds good :) -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgpQ9uir5OBDj.pgp Description: PGP signature
Re: [vchkpw] spamassassin and vpopmail on ISP-cluster
Tobias Orlamuende wrote: Hi folks, I wanted to get up-to-date with implementing SA on qmail/vpopmail. I had a look at vpopmail 5.5.1 (because of the SA-support in it), but I currently doesn't compile. Bug-report was sent. What are possible implementations of SA on vpopmail? Currently the cluster counts about 100k mailboxes with an average of ~ 10k messages an hour. Simscan (and clamav) is already installed. Users don't have do have individual settings (would be nice, but needs IMHO too much hacking in qmailadmin). Can anybody provide success-stories or give advice which solution could fit for this installation? Well, not sure if it helps as we currently have less than 10k users on our system. We have two avhosts that run MailScanner, these then send the ClamAV scanned messages down to our toasters running vpopmail. Milter-ahead is installed and verifing addresses against CHKUSER on the toasters. Each toaster runs spamc from a .qmail file with per user prefs. I could not sell or even give away spam filtering without per user prefs. That may be because most of my clients are commercial. We have the Maildirs on a NFS mount from a Sparc Enterprize which also runs spamd. Each toaster connects to the same spamd on an inside interface running 1gb FDX, same interface as the NFS and MySQL. No issues there. Vpopmail user info and SA user prefs are stored in MySQL on the NFS server. We had been running at 100k messages a day with peaks of 20k per hour. With the use of Milter-ahead and CHKUSER this has dropped by 60%. Dictionary attacks never make it inside anymore. We have been experiencing problems with some spam, not completely certain of the cause. Periodicly we see qmail-local just stop, all processes waiting, concurrancy local maxed out. This is only happening on users with spam filtering enabled. I have just upgraded SA to 3.0.4 as they identifed a possible issue of malformed headers causing problems. I also suspect that the script we use may be the cause, it is a modified copy of ifspamh. Overall, the combination of MailScanner + Milter-ahead - qmail + vpopmail(MySQL) + CHKUSER + spamc - NFS Maildir + spamd + MySQL has proven reliable and very configurable. I can give specs on my servers if you like. Hope this helps. DAve
[vchkpw] SMTP-AUTH works POP3 not SMTPd?
sys: Fedora core3, manually compiled vpopmail 3.4.10, RPM Mysql 3.23.59?, compiled courier imap 4.0.2, compiled qmail-1.03, patched qmail-ej-cocktail-14.tar.gz, manually patched Tonix' chkuser 2.0. I have installed vpopmail with roaming/SMTP-AUTH before, again using Michael Bowe's webmail guide. SMTP-AUTH is failing authentication and I cannot tell why. I had created the qmail install with Tonix' chkuser patch and saved that qmail-smtpd binary. Substituting between the original and the Tonix patched qmail-smtpd binaries does not seem to change the behavior. compiled vpopmail as: ./configure \ --enable-roaming-users \ --enable-logging=p \ --disable-passwd \ --enable-clear-passwd \ --disable-domain-quotas \ --enable-auth-module=mysql \ --disable-many-domains \ --enable-auth-logging \ --enable-sql-logging \ --enable-valias \ --disable-mysql-limits /home/vpopmail/etc: qmail]# ls -l ~vpopmail/etc/ total 16 -rw-r--r-- 1 root root 25 Jun 8 19:47 inc_deps -rw-r--r-- 1 root root 81 Jun 8 19:47 lib_deps -rw-r--r-- 1 vpopmail vchkpw 1107 Jun 8 19:47 vlimits.default -rw-r- 1 vpopmail vchkpw 43 Jun 8 19:43 vpopmail.mysql /var/qmail/supervise/qmail-smtpd/run: #!/bin/sh QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl export QMAILQUEUE VPOPMAILUID=`id -u vpopmail` VPOPMAILGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD -o -z $LOCAL ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi exec /usr/local/bin/softlimit -m 1700 \ /usr/local/bin/tcpserver \ -H -l [[[my.host.name]]] \ -v -x /etc/tcp.smtp.cdb \ -c 30 -R -u $VPOPMAILUID -g $VPOPMAILGID 0 smtp \ /usr/local/bin/rblsmtpd -b -C \ -r 'sbl-xbl.spamhaus.org:Your message was rejected ' \ /var/qmail/bin/qmail-smtpd $LOCAL /home/vpopmail/bin/vchkpw \ /usr/bin/true 21 mysql's vpopmail database table vlog contains: | id | user | passwd | domain| logon | remoteip | message | timestamp | error | ++---+--+---+-+--+-++---+ | 1 | daver | [EMAIL PROTECTED] | example.net | [EMAIL PROTECTED] | MYIP | vchkpw-25: password fail (pass: '[EMAIL PROTECTED]') [EMAIL PROTECTED]:MYIP | 1119024854 | 3 | | 2 | daver | [EMAIL PROTECTED] | example.net | [EMAIL PROTECTED] | MYIP | vchkpw-25: password fail (pass: '[EMAIL PROTECTED]') [EMAIL PROTECTED]:MYIP | 1119025751 | 3 | THIS IMPLIES that some element of the hostname and a timestamp(?) are being forwarded instead of the submitted password?? I'm at a loss here, help appreciated! BTW, all incoming SMTP delivery works to all accounts. All POP3 pickup and authentication works too. Just SMTP-AUTH to send is broken.
Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?
ISP Lists wrote: sys: Fedora core3, manually compiled vpopmail 3.4.10, RPM Mysql 3.23.59?, compiled courier imap 4.0.2, compiled qmail-1.03, patched qmail-ej-cocktail-14.tar.gz, manually patched Tonix' chkuser 2.0. I have installed vpopmail with roaming/SMTP-AUTH before, again using Michael Bowe's webmail guide. SMTP-AUTH is failing authentication and I cannot tell why. I had created the qmail install with Tonix' chkuser patch and saved that qmail-smtpd binary. Substituting between the original and the Tonix patched qmail-smtpd binaries does not seem to change the behavior. compiled vpopmail as: ./configure \ --enable-roaming-users \ --enable-logging=p \ --disable-passwd \ --enable-clear-passwd \ --disable-domain-quotas \ --enable-auth-module=mysql \ --disable-many-domains \ --enable-auth-logging \ --enable-sql-logging \ --enable-valias \ --disable-mysql-limits /home/vpopmail/etc: qmail]# ls -l ~vpopmail/etc/ total 16 -rw-r--r-- 1 root root 25 Jun 8 19:47 inc_deps -rw-r--r-- 1 root root 81 Jun 8 19:47 lib_deps -rw-r--r-- 1 vpopmail vchkpw 1107 Jun 8 19:47 vlimits.default -rw-r- 1 vpopmail vchkpw 43 Jun 8 19:43 vpopmail.mysql /var/qmail/supervise/qmail-smtpd/run: #!/bin/sh QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl export QMAILQUEUE VPOPMAILUID=`id -u vpopmail` VPOPMAILGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD -o -z $LOCAL ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi exec /usr/local/bin/softlimit -m 1700 \ /usr/local/bin/tcpserver \ -H -l [[[my.host.name]]] \ -v -x /etc/tcp.smtp.cdb \ -c 30 -R -u $VPOPMAILUID -g $VPOPMAILGID 0 smtp \ /usr/local/bin/rblsmtpd -b -C \ -r 'sbl-xbl.spamhaus.org:Your message was rejected ' \ /var/qmail/bin/qmail-smtpd $LOCAL /home/vpopmail/bin/vchkpw \ /usr/bin/true 21 mysql's vpopmail database table vlog contains: | id | user | passwd | domain| logon | remoteip | message | timestamp | error | ++---+--+---+-+--+-++---+ | 1 | daver | [EMAIL PROTECTED] | example.net | [EMAIL PROTECTED] | MYIP | vchkpw-25: password fail (pass: '[EMAIL PROTECTED]') [EMAIL PROTECTED]:MYIP | 1119024854 | 3 | | 2 | daver | [EMAIL PROTECTED] | example.net | [EMAIL PROTECTED] | MYIP | vchkpw-25: password fail (pass: '[EMAIL PROTECTED]') [EMAIL PROTECTED]:MYIP | 1119025751 | 3 | THIS IMPLIES that some element of the hostname and a timestamp(?) are being forwarded instead of the submitted password?? I'm at a loss here, help appreciated! BTW, all incoming SMTP delivery works to all accounts. All POP3 pickup and authentication works too. Just SMTP-AUTH to send is broken. Hi, I use Bill Shupp's toaster (www.shupp.org) and I don't know which smtp-auth patch you are using, but the newer patch does NOT use the localhost name ie /var/qmail/bin/qmail-smtpd $LOCAL /home/vpopmail/bin/vchkpw \ should be /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw \ with a recent patch. HTH, Rick
Re: [vchkpw] Help with my Chkuser Installation Guide
At 16.47 17/06/2005, you wrote: Tonino, are these characters enough even in those cases when somebody wants to, for example, send a confirmation reply e-mail to some automatic procedure? Like, confirming a subscribe message for a mailing list or something like that. How were your tests? Documentation says it works with ezmlm and mailman. Please, read the documentation! Ciao, Tonino Regards, bnegrao
Re: [vchkpw] spamassassin and vpopmail on ISP-cluster
On Jun 17, 2005, at 7:52 AM, Tobias Orlamuende wrote: What are possible implementations of SA on vpopmail? Currently the cluster counts about 100k mailboxes with an average of ~ 10k messages an hour. Simscan (and clamav) is already installed. Users don't have do have individual settings (would be nice, but needs IMHO too much hacking in qmailadmin). If you don't need individual settings, the easiest is to just have simscan call spamc. This way, you can reject spam at the SMTP level instead of bouncing it later on. I know that Bill Shupp ported the SpamAssassin code from the 5.5 dev series into 5.4.10. I'm not sure if he made the patch available on SourceForge or not -- I'm sure he'll chime in on this thread before too long. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?
On Jun 17, 2005, at 9:43 AM, ISP Lists wrote: /usr/local/bin/tcpserver \ -H -l [[[my.host.name]]] \ -v -x /etc/tcp.smtp.cdb \ -c 30 -R -u $VPOPMAILUID -g $VPOPMAILGID 0 smtp \ /usr/local/bin/rblsmtpd -b -C \ -r 'sbl-xbl.spamhaus.org:Your message was rejected ' \ /var/qmail/bin/qmail-smtpd $LOCAL /home/vpopmail/bin/vchkpw \ /usr/bin/true 21 mysql's vpopmail database table vlog contains: | id | user | passwd | domain| logon | remoteip | message | timestamp | error | ++---+--+--- +-+-- +-- ---++---+ | 1 | daver | [EMAIL PROTECTED] | example.net | [EMAIL PROTECTED] | MYIP | vchkpw-25: password fail (pass: '[EMAIL PROTECTED]') [EMAIL PROTECTED]:MYIP | 1119024854 | You've got an old SMTP AUTH patch that sends the MD5 challenge and response in the wrong order. Use the patch from the contrib directory of vpopmail, and then remove the $LOCAL from your run file, as the newer SMTP AUTH patch does not use it. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?
You've got an old SMTP AUTH patch that sends the MD5 challenge and response in the wrong order. Use the patch from the contrib directory of vpopmail, and then remove the $LOCAL from your run file, as the newer SMTP AUTH patch does not use it. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com Tom, thanks. I didn't realize there had been a change in patches that did this... Wilco.
Re: [vchkpw] spamassassin and vpopmail on ISP-cluster
Tom Collins wrote: On Jun 17, 2005, at 7:52 AM, Tobias Orlamuende wrote: What are possible implementations of SA on vpopmail? Currently the cluster counts about 100k mailboxes with an average of ~ 10k messages an hour. Simscan (and clamav) is already installed. Users don't have do have individual settings (would be nice, but needs IMHO too much hacking in qmailadmin). If you don't need individual settings, the easiest is to just have simscan call spamc. This way, you can reject spam at the SMTP level instead of bouncing it later on. You can still use individual settings with simscan calling spamc, just fyi. That's the way all the mail servers I build do it. Regards, Rick
Re: [vchkpw] spamassassin and vpopmail on ISP-cluster
Am Freitag, 17. Juni 2005 19:09 schrieb Tom Collins: On Jun 17, 2005, at 7:52 AM, Tobias Orlamuende wrote: What are possible implementations of SA on vpopmail? Currently the cluster counts about 100k mailboxes with an average of ~ 10k messages an hour. Simscan (and clamav) is already installed. Users don't have do have individual settings (would be nice, but needs IMHO too much hacking in qmailadmin). If you don't need individual settings, the easiest is to just have simscan call spamc. This way, you can reject spam at the SMTP level instead of bouncing it later on. The only individual-setting I need, is to move alle messages which are marked as spam, to a subfolder on each users Maildir (let's say .spam). As far as I understand, spam-tagging could be done by simscan and then a script is called by each users .qmail-file which greps the mail for the tagging-result and moves it to the right folder. I know that Bill Shupp ported the SpamAssassin code from the 5.5 dev series into 5.4.10. I'm not sure if he made the patch available on SourceForge or not -- I'm sure he'll chime in on this thread before too long. Seems like Bill is doing quite a lot of work which might make daily-business-life easier. :-) Hope he will join this thread. What are the most important advantages / disadvantages on using vpopmails SA integration in comparison to simscan? Cheers, Tobias PS: Tom, did you see my bug-report for 5.5.1 `show_trace` on the bugtracker?
Re: [vchkpw] Help with my Chkuser Installation Guide
Hi Tonino, thanks for answering. Documentation says it works with ezmlm and mailman. Please, read the documentation! Tonino Dude, let me tell you: I ran a 'find ezmlm' in your whole website and the only matches I found were these statements (shown bellow) explaining about settings inside chkuser_settings.h file: CHKUSER_ENABLE_EZMLM_LISTS 2.0.7defined Enables checking of EZMLM mailing lists. In versions 2.0.5 and 2.0.6 it was named CHKUSER_ENABLE_LISTS. CHKUSER_EZMLM_DASH 2.0.5 defined'-' Defines the character used to start the extensions of mailing lists. [must always be defined if CHKUSER_ENABLE_LISTS is defined] Are you saying that one that never heard about chkuser before would read all that documentation and then find these statements in the middle of 50 settings he never had seen so far and then conclude logically: [start logic] Oh! (exclamation of a logical insight); IF I read 30 lines above that chkuser has a CHKUSER_RCPT_FORMAT feature to block strange patterns in the mail addresses; AND now I read that it contains a CHKUSER_ENABLE_EZMLM_LISTS feature to enable ezmlm lists; THEN chkuser's CHKUSER_RCPT_FORMAT won't mess with CHKUSER_ENABLE_EZMLM_LISTS; It's logical!!; [end logic] (are you sure?) I don't think so. I would never grasp this without asking on the mailing list. I think you could and a note on this somewhere close to the CHKUSER_RCPT_FORMAT and CHKUSER_SENDER_FORMAT documentation. Well, it's just my opinion. Also, I'm not asking about just ezmlm and mailman lists. Maybe there are other mailing lists or mail mechanisms that require not common characters on the RCPT and/or SENDER addresses. Do you already know about an issue on this? Best regards, bruno
Re: [vchkpw] spamassassin and vpopmail on ISP-cluster
Am Freitag, 17. Juni 2005 19:22 schrieb Rick Macdougall: If you don't need individual settings, the easiest is to just have simscan call spamc. This way, you can reject spam at the SMTP level instead of bouncing it later on. You can still use individual settings with simscan calling spamc, just fyi. That's the way all the mail servers I build do it. Regards, Rick How do you achieve this goal? How do you let your users manage these settings? How is performance when using SA with simscan? Cheers Tobias
[vchkpw] smtp auth - md5 learn pass
Dear all, does anybody know is there any faq or instruction set to make upgrade from normal pop-before-smtp to SMTP AUTH with MD5 ? I have problems with MD5 (plain auth works ok) and donna know whats wrong because I configured that with instructions written to sbdy who had problems with that, read at this forum. I've made the following scenario: 1. I've reconfigured vpopmail and added --enable-learn-passwords=y and --enable-clear-passwd=y 2. I've add the following line into vpopmail table in mysql db: ALTER TABLE `vpopmail` ADD `pw_clear_passwd` CHAR( 16 ) AFTER `pw_shell` ; 3. I try to send mail with SMTP AUTH MD5 and it gives me AUTH FAILED 4. I try to send the same mail with SMTP AUTH PLAIN and it works 5. I try to put my password in pw_clear_passwd field in and after that md5 auth works perfectly. I know that I have to have pw_clear_passwd to make md5 hash from that and to compare with that written during smtp conversation. However I thought that learn-passwords switch will do that for me. I read that I should try clear pw_passwd and try to send an email then, but it doesn't work and I get the following error: oops, unable to write pipe and I can't auth (#4.3.0) I know that I'm doing sth wrong, but I donna know what. -- regards, Sylwester Biernacki [EMAIL PROTECTED]
Re: [vchkpw] spamassassin and vpopmail on ISP-cluster
Am Freitag, 17. Juni 2005 18:08 schrieb DAve: Well, not sure if it helps as we currently have less than 10k users on our system. We have two avhosts that run MailScanner, these then send the ClamAV scanned messages down to our toasters running vpopmail. Milter-ahead is installed and verifing addresses against CHKUSER on the toasters. Each toaster runs spamc from a .qmail file with per user prefs. I could not sell or even give away spam filtering without per user prefs. That may be because most of my clients are commercial. We have the Maildirs on a NFS mount from a Sparc Enterprize which also runs spamd. Each toaster connects to the same spamd on an inside interface running 1gb FDX, same interface as the NFS and MySQL. No issues there. Vpopmail user info and SA user prefs are stored in MySQL on the NFS server. We had been running at 100k messages a day with peaks of 20k per hour. With the use of Milter-ahead and CHKUSER this has dropped by 60%. Dictionary attacks never make it inside anymore. We have been experiencing problems with some spam, not completely certain of the cause. Periodicly we see qmail-local just stop, all processes waiting, concurrancy local maxed out. This is only happening on users with spam filtering enabled. I have just upgraded SA to 3.0.4 as they identifed a possible issue of malformed headers causing problems. I also suspect that the script we use may be the cause, it is a modified copy of ifspamh. Overall, the combination of MailScanner + Milter-ahead - qmail + vpopmail(MySQL) + CHKUSER + spamc - NFS Maildir + spamd + MySQL has proven reliable and very configurable. I can give specs on my servers if you like. Hope this helps. DAve Sounds very interresting, but is too far away from our current environment. Currently it is impossible to change the whole thing. But: I am still interrested in deeper details of this setup. IMHO it is always good to see how anybody else does implement it and in most of the cases one could learn something. Maybe I need to build a whole new email-solution in the future where these well-probed concepts could be useful. If you don't want to post all the details on the list, leave me a message and I'll give you my private email-address. Cheers Tobias
Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?
You've got an old SMTP AUTH patch that sends the MD5 challenge and response in the wrong order. Use the patch from the contrib directory of vpopmail, and then remove the $LOCAL from your run file, as the newer SMTP AUTH patch does not use it. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com Tom, thanks. I didn't realize there had been a change in patches that did this... Wilco. Follow-up Built as netqmail-1.05, patched SMTP-AUTH from vpopmail contrib, then manually added Tonix' chkuser 2.0 Everything is VERY happy now. Thanks for the help! Dave.
Re: [vchkpw] spamassassin and vpopmail on ISP-cluster
Tobias Orlamuende wrote: Am Freitag, 17. Juni 2005 19:22 schrieb Rick Macdougall: If you don't need individual settings, the easiest is to just have simscan call spamc. This way, you can reject spam at the SMTP level instead of bouncing it later on. You can still use individual settings with simscan calling spamc, just fyi. That's the way all the mail servers I build do it. Regards, Rick How do you achieve this goal? How do you let your users manage these settings? How is performance when using SA with simscan? Hi, By using --enable-spamc-user=y with simscan and by using MySQL based preferences for spamd. Users manage their options via a web page I modified from an earlier version of SA. Performance is pretty good. With have spamd running on it's own machine with 2 different servers calling it. One server gets about 100K messages a day and the other gets about 40K messages a day. Regards, Rick
Re: [vchkpw] Help with my Chkuser Installation Guide
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | | Also, I'm not asking about just ezmlm and mailman lists. Maybe there are | other mailing lists or mail mechanisms that require not common | characters on the RCPT and/or SENDER addresses. If I remember correctly, the RFCs state that any alphanumeric, non-control character, and any characters not used in message structure may be used inside the local portion of an address. This includes characters such as '*', '', '{', and so on. While these are not 'common' characters, they certianly should not be rejected. - -- /* ~Matt Brookings [EMAIL PROTECTED] GnuPG Key 7D7E5F37 ~Software developer Systems technician ~Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCsxwD/pZz8n1+XzcRAjHWAJ4yUU5qScnfWDgqFOu1iTWJnBEdAQCdH6Vf b3mxgZykox8W/PlcG8Gt/MA= =A4po -END PGP SIGNATURE-
Re: [vchkpw] spamassassin and vpopmail on ISP-cluster
Am Freitag, 17. Juni 2005 20:29 schrieb Rick Macdougall: [...] How do you achieve this goal? How do you let your users manage these settings? How is performance when using SA with simscan? Hi, By using --enable-spamc-user=y with simscan and by using MySQL based preferences for spamd. Users manage their options via a web page I modified from an earlier version of SA. Could you please provide more detailed information - e.g. scripts how you do the MySQL thing? What web-frontend do you use? Are there any known implementations into qmailadmin or even horde? Performance is pretty good. With have spamd running on it's own machine with 2 different servers calling it. One server gets about 100K messages a day and the other gets about 40K messages a day. I don't want to give it its own machine. Currently there are two identical machines running with kind of a load-balancer in front of it. Both machines are Opteron 242 with each 4 GB of RAM. IMHO this should be enough, shouldn't it? Regards, Rick Cheers Tobias
Re: [vchkpw] spamassassin and vpopmail on ISP-cluster
Tobias Orlamuende wrote: Am Freitag, 17. Juni 2005 20:29 schrieb Rick Macdougall: [...] How do you achieve this goal? How do you let your users manage these settings? How is performance when using SA with simscan? Hi, By using --enable-spamc-user=y with simscan and by using MySQL based preferences for spamd. Users manage their options via a web page I modified from an earlier version of SA. Could you please provide more detailed information - e.g. scripts how you do the MySQL thing? What web-frontend do you use? Are there any known implementations into qmailadmin or even horde? Performance is pretty good. With have spamd running on it's own machine with 2 different servers calling it. One server gets about 100K messages a day and the other gets about 40K messages a day. I don't want to give it its own machine. Currently there are two identical machines running with kind of a load-balancer in front of it. Both machines are Opteron 242 with each 4 GB of RAM. IMHO this should be enough, shouldn't it? Hi, I use http://mail.limelyte.com/downloads/standalone3.0.tgz There is also a standalone.tgz for 2.6x users and a squirrel-plugin.tgz for 2.6x users. They both require register_globals to be on in php.ini. There are other web based front end out there, you can find them on the wiki. I guess those machines should handle it. It really depends on the volume and the type of messages you are scanning. You won't know until you try it I guess. Regards, Rick
Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?
On Jun 17, 2005, at 11:21 AM, ISP Lists wrote: Built as netqmail-1.05, patched SMTP-AUTH from vpopmail contrib, then manually added Tonix' chkuser 2.0 Everything is VERY happy now. Did you remember to remove $LOCAL from your qmail-smtpd/run file? If not, you can now auth with any username/password. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] Help with my Chkuser Installation Guide
Thanks Matt, I removed that part from the document. I let this for the experienced administrators to try by themselves. Bruno - Original Message - From: Matt Brookings [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Friday, June 17, 2005 3:52 PM Subject: Re: [vchkpw] Help with my Chkuser Installation Guide -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | | Also, I'm not asking about just ezmlm and mailman lists. Maybe there are | other mailing lists or mail mechanisms that require not common | characters on the RCPT and/or SENDER addresses. If I remember correctly, the RFCs state that any alphanumeric, non-control character, and any characters not used in message structure may be used inside the local portion of an address. This includes characters such as '*', '', '{', and so on. While these are not 'common' characters, they certianly should not be rejected. - -- /* ~Matt Brookings [EMAIL PROTECTED] GnuPG Key 7D7E5F37 ~Software developer Systems technician ~Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCsxwD/pZz8n1+XzcRAjHWAJ4yUU5qScnfWDgqFOu1iTWJnBEdAQCdH6Vf b3mxgZykox8W/PlcG8Gt/MA= =A4po -END PGP SIGNATURE-
Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?
On Jun 17, 2005, at 11:21 AM, ISP Lists wrote: Built as netqmail-1.05, patched SMTP-AUTH from vpopmail contrib, then manually added Tonix' chkuser 2.0 Everything is VERY happy now. Did you remember to remove $LOCAL from your qmail-smtpd/run file? If not, you can now auth with any username/password. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com Yes, I did and I tried using nonsense/invalid combos to ensure that I wasn't AUTH'ing the world. Appreciate your concern! Thanks again!
[vchkpw] Thread-safe Vpopmail Quota Check
We have a threaded mail agent that controls mail clearing, and use Vpopmail for mail delivery. We want to use some of the internal vpopmail functionality within our mail clearing agents to allow for trapping bad mail faster -- the main portion is quota checking. A review of the vpopmail code in this area indicates that the library is not currently thread safe. Would there be any interest in applying patches to vpopmail for thread safety if we submit them? Russell Nelson would be the developer working on this project, and we would be happy to discuss the changes in depth. Our immediate concerns are with the thread safety of the below calls: * vauth_getpw(user, domain) * vmaildir_readquota(maildir, format_maildirquota(mypw-pw_shell)) We would prefer to donate patches back to the vpopmail application, via quality review and other standard approval processes, than write our own methods to accomplish a similar task. Part 2 of this project may include an improved quota check method for greatly reduced overhead. regards, Rod
Re: [vchkpw] Encrypted vpasswd
On Friday 17 June 2005 15:49, Jeremy Kitchen wrote: but then again.. you shouldn't be using gentoo's qmail ebuilds anyways, they're just awful. Why do you feel that way? They work wonderfully for us (currently using -r15) with no complaints whatsoever. There were a few minor annoyances with the -r13 (stable) build, but nothing major. Cheers, -- Casey Allen Shobe | http://casey.shobe.info [EMAIL PROTECTED] | cell 425-443-4653 AIM Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
Re: [vchkpw] What causes bounce messages to be sent to forged addresses?
(please don't top-post) On Friday 17 June 2005 12:47, Bruno Negro wrote: But appears to me you are not using the Chkuser patch, right? We are not, but I don't understand how that matters, since I'm only seeing these bounce messages coming from a handful of the domains we host (17). If not, chkuser is a patch to qmail-smtpd that enables it to check the existence of a local user before accepting the message. I know what it is, but we as of yet do not run it because it is: A Not included in the Gentoo ebuild (we could likely add it easily enough though). B More importantly, I don't know how it would work with a backup MX. Some Postfix nuts have said that you can somehow make the backup MX aware of all the users, but I don't know how or if the qmail patch supports anything like this, and I've also heard that it can be done with LDAP, but having never set up LDAP, that seems overly complex, and sounds like it would rely on some LDAP server being up which would defeat the purpose (our backup MX is at a geographically distant location, and is intended to be able to run fine in the event of all our other machines going down). Ideas? Further knowledge? Cheers, -- Casey Allen Shobe | http://casey.shobe.info [EMAIL PROTECTED] | cell 425-443-4653 AIM Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
Re: [vchkpw] spamassassin and vpopmail on ISP-cluster
On Jun 17, 2005, at 10:35 AM, Tobias Orlamuende wrote: Seems like Bill is doing quite a lot of work which might make daily-business-life easier. :-) Hope he will join this thread. As a side note, I've been approached by a company interested in sponsoring me to add features to vdelivermail that would automatically direct spam into a .Spam (or other appropriately named) folder in the user's mailbox. They're currently trying to get management to fund the coding. If it's critical enough to pay for, please get in touch with me and I'll see if multiple companies chipping in may lower the cost enough to get it done. PS: Tom, did you see my bug-report for 5.5.1 `show_trace` on the bugtracker? I did, but I've pretty much ignored it. Others are managing the 5.5 branch and I try to stick to 5.4. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] Help with my Chkuser Installation Guide
On Friday 17 June 2005 13:43, Bruno Negro wrote: a.. CHKUSER_SENDER_FORMAT: checks if the SENDER of each message has the username part matching [a-z0-9_-] No .??? We have many users who opt for addresses like [EMAIL PROTECTED] Cheers, -- Casey Allen Shobe | http://casey.shobe.info [EMAIL PROTECTED] | cell 425-443-4653 AIM Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
Re: [vchkpw] Thread-safe Vpopmail Quota Check
On Jun 17, 2005, at 12:31 PM, Rod Taylor wrote: Would there be any interest in applying patches to vpopmail for thread safety if we submit them? Russell Nelson would be the developer working on this project, and we would be happy to discuss the changes in depth. Our immediate concerns are with the thread safety of the below calls: * vauth_getpw(user, domain) * vmaildir_readquota(maildir, format_maildirquota(mypw-pw_shell)) We would prefer to donate patches back to the vpopmail application, via quality review and other standard approval processes, than write our own methods to accomplish a similar task. Part 2 of this project may include an improved quota check method for greatly reduced overhead. I would be very interested. Please make sure you start from 5.4.12, which I'll try to release shortly. It includes a re-written vdelivermail and some changes to the maildirquota code. You can get it from CVS on SourceForge if you use the stable-5_4 tag. It corrects a few quota-related problems with 5.4.10 and earlier. Keep in mind that qmail, vpopmail, courier and other programs all implement the same maildirquota methods. You would need to make sure an improved system either doesn't break the other programs, or can be a drop-in replacement for the old code. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] What causes bounce messages to be sent to forged addresses?
On Jun 17, 2005, at 12:40 PM, Casey Allen Shobe wrote: On Friday 17 June 2005 12:47, Bruno Negro wrote: But appears to me you are not using the Chkuser patch, right? We are not, but I don't understand how that matters, since I'm only seeing these bounce messages coming from a handful of the domains we host (17). All other domains have catchall or delete instead of bounce-no-mailbox? -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] no $HOME/Maildir
On Friday 17 June 2005 13:08, Shane Chrisp wrote: You can use Maildirmake to create the Maildir if you need to. Make sure you run it as the vpopmail user though. Or you can just change ownership... maildirmake Maildir chown -R vpopmail:vpopmail Maildir I wonder how you set up the account though - you should have used vadduser, which would have done this all for you. Cheers, -- Casey Allen Shobe | http://casey.shobe.info [EMAIL PROTECTED] | cell 425-443-4653 AIM Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
Re: [vchkpw] Help with my Chkuser Installation Guide
No .??? We have many users who opt for addresses like [EMAIL PROTECTED] Tonino (chkuser developer) said that . and = are being allowed and the documentation is outdated. But, despite of this, the main function of chkuser, that is, checking user existence before accepting any e-mail is perfect and everybody would like to use it. bnegrao
Re: [vchkpw] Help with my Chkuser Installation Guide
On Friday 17 June 2005 15:47, Bruno Negro wrote: Documentation is wrong (I'll correct it soon): '.' and '=' are accepted in format controls. Sorry I didn't read this message before my last reply asking about this... Guys, with the valid characters now being: user= [a-z0-9_-.=] domain = [a-z0-9-.=] with not consecutive -., not leading or ending -. Maybe now they are cover the majority of the real life messages, is that right? Domains ending with . are perfectly valid (and technically more correct as . is the root domain). I don't know how common it is for people to type a trailing dot on email addresses, but I do it all the time (and on this message too, just to prove a point). Cheers, -- Casey Allen Shobe | http://casey.shobe.info [EMAIL PROTECTED] | cell 425-443-4653 AIM Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
Re: [vchkpw] Help with my Chkuser Installation Guide
On Friday 17 June 2005 19:56, Casey Allen Shobe wrote: On Friday 17 June 2005 15:47, Bruno Negro wrote: Documentation is wrong (I'll correct it soon): '.' and '=' are accepted in format controls. Sorry I didn't read this message before my last reply asking about this... Guys, with the valid characters now being: user= [a-z0-9_-.=] domain = [a-z0-9-.=] with not consecutive -., not leading or ending -. Maybe now they are cover the majority of the real life messages, is that right? Domains ending with . are perfectly valid (and technically more correct as . is the root domain). I don't know how common it is for people to type a trailing dot on email addresses, but I do it all the time (and on this message too, just to prove a point). Actually, let me resend this to the list without the trailing dot, in case you might not get it otherwise!! (yes, this definitely needs to be accomodated for, I would say) Cheers, -- Casey Allen Shobe | http://casey.shobe.info [EMAIL PROTECTED] | cell 425-443-4653 AIM Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
Re: [vchkpw] What causes bounce messages to be sent to forged addresses?
On Friday 17 June 2005 19:48, Tom Collins wrote: All other domains have catchall or delete instead of bounce-no-mailbox? No. From my original message: On Friday 17 June 2005 10:18, Casey Allen Shobe wrote: All accounts look the same as far as I can tell: # cat /var/vpopmail/domains/*/.qmail-default | sort | uniq | /var/vpopmail/bin/vdelivermail '' bounce-no-mailbox Cheers, -- Casey Allen Shobe | http://casey.shobe.info [EMAIL PROTECTED] | cell 425-443-4653 AIM Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
Re: [vchkpw] smtp auth - md5 learn pass
On Friday 17 June 2005 17:42, Sylwester S. Biernacki wrote: 1. I've reconfigured vpopmail and added --enable-learn-passwords=y and --enable-clear-passwd=y What is --enable-learn-passwords? If it does what I'm guessing it does by name and starts recording missing cleartext entries in vpasswd files, that would be very useful to us!! Cheers, -- Casey Allen Shobe | http://casey.shobe.info [EMAIL PROTECTED] | cell 425-443-4653 AIM Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
Re: [vchkpw] Thread-safe Vpopmail Quota Check
On Friday 17 June 2005 19:31, Rod Taylor wrote: We would prefer to donate patches back to the vpopmail application, via quality review and other standard approval processes, than write our own methods to accomplish a similar task. That's the spirit! Congratulations! Cheers, -- Casey Allen Shobe | http://casey.shobe.info [EMAIL PROTECTED] | cell 425-443-4653 AIM Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
Re[2]: [vchkpw] smtp auth - md5 learn pass
On Friday, June 17, 2005, 10:06:46 PM, Casey wrote: On Friday 17 June 2005 17:42, Sylwester S. Biernacki wrote: 1. I've reconfigured vpopmail and added --enable-learn-passwords=y and --enable-clear-passwd=y What is --enable-learn-passwords? If it does what I'm guessing it does by name and starts recording missing cleartext entries in vpasswd files, that would be very useful to us!! AFAIR it does exactly what you said. -- regards, Sylwester Biernacki [EMAIL PROTECTED]
Re: [vchkpw] Thread-safe Vpopmail Quota Check
Tom Collins writes: Keep in mind that qmail, vpopmail, courier and other programs all implement the same maildirquota methods. You would need to make sure an improved system either doesn't break the other programs, or can be a drop-in replacement for the old code. Alas, these calls are intrinsically not thread-safe, so the API into them needs to be changed: * vauth_getpw(user, domain) * vmaildir_readquota(maildir, * format_maildirquota(mypw-pw_shell)) Are you willing to change the way that they're called so that they may be called from threaded code? I expect that they'll be called the same way, but the value they return will be malloc'ed and will thus need to be freed. That introduces the least new complication. Yeah, /me sings the I've Got a Memory Leak in my Head song. Did I ever tell you how much I dislike threading? Still, software uses it and, um, it's good practice for writing thread-safe code. -- --My blog is at blog.russnelson.com | If you want to find Crynwr sells support for free software | PGPok | injustice in economic 521 Pleasant Valley Rd. | +1 315-323-1241 cell | affairs, look for the Potsdam, NY 13676-3213 | +1 212-202-2318 VOIP | hand of a legislator.
Re[2]: [vchkpw] no $HOME/Maildir
Hello Shane, Friday, June 17, 2005, 7:08:07 PM, you wrote: SC On Fri, 2005-06-17 at 19:02 +0600, Ruslan Molbashev wrote: Hello,i'm getting this error when telneting to 110, on freebsd 5.3,vpopmail 5.4.10+mysql-4.1.12 freebsd# telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK 2948.1119011293@/home/vpopmail/bin/vchkpw user testusr +OK pass 123 -ERR this user has no $HOME/Maildir Connection closed by foreign host. i can't get out what does it mean,it's supposed to use mysql:(? thanks in advanse! SC Using MySQL doesnt put the email into MySQL, it only stores the domain SC and users details (username, pass, domain etc). The user should have a SC home dir at something like /home/vpopmail/domain.com/user/Maildir SC You can use Maildirmake to create the Maildir if you need to. Make sure SC you run it as the vpopmail user though. SC Shane i added user with vadduser and there is Maildir in /home/vpopmail/domains/testdomain.net/testusr/Maildir Do i need to use courier-imap? -- Best regards, Ruslanmailto:[EMAIL PROTECTED]