Re: [vchkpw] vpopmail authenticate to oracle internet directory (OID)
sazaney wrote: Dear Friends, Recently i had been directed from my boss to authenticate email users to Oracle Internet Directory (OID). I know that vpopmail support ldap authentication (based on openldap) but how can i achieve that using Oracle Internet Directory? Any suggestion? Read about the functions of OID that you will need for vpopmail, such as: add entry, delete entry, modify entry, read entry. Then look at the current vpopmail authentication modules and pick one that looks close to OID. Modify it to use the OID functions and start testing. If OID is based on ldap you might be able to tweak the vpopmail ldap module to use the OID schema. -- Ken Jones
Re: [vchkpw] Re: Unable to login with POP
Hello Lars, Sorry - no HTML now: [EMAIL PROTECTED] ~]# ls -ld /usr/lib/mysql/libmysqlclient.so.14 lrwxrwxrwx 1 root root 24 Sep 20 2006 /usr/lib/mysql/libmysqlclient.so.14 -> libmysqlclient.so.14.0.0 vpopmail is compiled from source rpm along with the rest of the Qmailtoaster package and was built on this host. Nothing was upgraded afterwards. I also checked the Mysql vpopmail DB and everything's ok there. I'll try a rebuild of vpopmail - hope that helps. If not i'll try an upgrade with the script located here: http://www.qmailtoaster.com/info/upgrade.sh If you have any more ideas, you are welcome. Cantemir On 20/09/06, Lars Uhlmann <[EMAIL PROTECTED]> wrote: On Wed, 20 Sep 2006 12:55:05 +0300, Cantemir wrote: > [html chunk] My brain lacks of a HTML parser. If you expect fast help please provide your question/informations in a suitable way. The common and preferred content type is and stays 'text/plain'. > /usr/lib/mysql/libmysqlclient.so.14: no version information available Sounds like the installed mysql library isn't the same vpopmail is compiled with. Did you build vpopmail on another host with a different version of mysql? What prints: # ls -ld /usr/lib/mysql/libmysqlclient.so.14 HTH Lars
[vchkpw] Re: Unable to login with POP
On Wed, 20 Sep 2006 12:55:05 +0300, Cantemir wrote: > [html chunk] My brain lacks of a HTML parser. If you expect fast help please provide your question/informations in a suitable way. The common and preferred content type is and stays 'text/plain'. > /usr/lib/mysql/libmysqlclient.so.14: no version information available Sounds like the installed mysql library isn't the same vpopmail is compiled with. Did you build vpopmail on another host with a different version of mysql? What prints: # ls -ld /usr/lib/mysql/libmysqlclient.so.14 HTH Lars
[vchkpw] Unable to login with POP
Hello, Please, this is a desperate call for help. I have installed the Qmailtoaster package on CentOS 4.4 with vpopmail included. Everything worked fine until the other day when POP-ing in didn't work anymore. Now I'm getting the following error: +OK <[EMAIL PROTECTED]> user [EMAIL PROTECTED] +OK pass my_pass /home/vpopmail/bin/vchkpw: /usr/lib/mysql/libmysqlclient.so.14: no version information available (required by /home/vpopmail/bin/vchkpw) +OK Imap login is OK - no problems there. I'm using Courier-IMAP. Please tell me what output to post here to speed up this troubleshooting. I'm really desperate because the server is in production and I can't do a reinstall. Thank you in advance, Cantemir
[vchkpw] [chkuser] suggestions for future changes
On Tue, 22 Aug 2006 13:19:32 +0200 "tonix (Antonio Nati)" <[EMAIL PROTECTED]> wrote: > > > > > I've noticed some spam sending hosts, which use e.g. > > > > > localhost/ 127.0.0.1 > > > > > as their sender MX. When my mailserver tries to verify the > > > > > sending account via bounce check (connecting to 127.0.0.1), > > > > > the rcpt to: check is ok, because chkuser accepts "unknown" > > > > > rcpt to's from localhost. Is there a settings to get rid of > > > > > that? > > > > > > > > Better would be a patch to qmail-smtpd that only accepted > > > > localhost and 127.0.0.1 as the HELO name on connections from > > > > 127.0.0.1. I don't know enough about chkuser to answer your > > > > original question. > > > > > >This would be one possibility but in this case the mail is already > > >in the local queue - what we try to prevent. I think an extended > > >chkuser patch is the better way. While chkuser already checks for > > >an existing MX-record it could easily test the received A-Record > > >against 127.0.0.0/8, RFC1918 or in case of a fqdn is it resolveable > > >at all. > > > > If you send me more details on how check should be done, I could try > > to put in in 2.0.10 version of chkuser. My comment above was not quite correkt. I suggest to realize it this way: 1) Test for a valid MX-RR (RFC 1035, para. 3.3.9) A MX-Record must contain a host name, not an IP address. This could be a compile time option (MX_STRICT_FQDN_CHECK ;-) log rejects with meaningful messages (e.g. "Sender MX (domain.tld MX=1.2.3.4) violates RFC1035, 3.3.9" 2) Do an A-RR lookup with the acquired fqdn and test the resolved IP against any of the following scopes[0] (reject on match). "Private Use" IP addresses: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 "Autoconfiguration" IP Addresses: 169.254.0.0 - 169.254.255.255 "Loopback" IP addresses: 127.0.0.0 - 127.255.255.255 log rejects with meaningful messages (e.g. "Sender MX (fastmail.com -> MX=we-dont-accept-mail.fastmail.com -> A=127.0.0.1) never reachable") This could be compile time option(s) too or (what I prefer) a file loaded at runtime (e.g. $QMAIL_ROOT/control/chkuser_bad_mx_ip). The latter solution lets you add or remove ranges without recompiling (e.g. for smtpds in private LANs) Example for 'chkuser_bad_mx_ip' (I prefer the CIDR notation) ,- | # do we need comments? would be really nice ;-) | # RFC1018 | 10.0.0.0/8 | 172.16.0.0/12 | 192.168.0.0/16 | | # windows auto config range | 169.254.0.0/16 | | # loopback | 127.0.0.0/8 | | # this is my day off ;-) | 0.0.0.0/0 `- Problem: How do we handle multiple MX records? I think we only take care of the best prioritized record because this is the one nearly always used. regards Lars [0] http://www.iana.org/faqs/abuse-faq.htm#SpecialUseAddresses
