Re: [vchkpw] vdeliver perimission denied for vadddomain -u

2009-12-04 Thread Jukka Kurkela 
rather change the group of vpopmail.mysql to vchkpw and let it be in 
mode 640.. it contains the password for the database, and if anyone who 
don't need to know it has shell access, its a security risk.


++jukka

Michael Mussulis wrote:

Tom/Matt,

I recompiled with spamassassin and maildrop, reinstalled, 
and vpopmail.mysql went back to mode 640, which caused this error:


@40004b184f6a0be9e37c new msg 207176
@40004b184f6a0be9ef34 info msg 207176: bytes 496 from 
 qp 15404 uid 0
@40004b184f6a0be9f704 starting delivery 1: msg 207176 to local 
test10.com-postmas...@test10.com

@40004b184f6a0bea02bc status: local 1/10 remote 0/120
@40004b184f6a0cce9274 delivery 1: deferral: 
vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/vdelivermail:_deferred,_database_down/


As soon as I changed to mode 644, it worked instantly.

@40004b184fe21a1183ec starting delivery 7: msg 206333 to local 
test10.com-postmas...@test10.com

@40004b184fe21a119774 status: local 1/10 remote 0/120
@40004b184fe70d156744 delivery 7: success: 
LibClamAV_Error:_cl_cvdhead:_Can't_open_file_/var/lib/clamav/daily.cvd/maildrop:_non-filtered_mail_delivery/did_0+0+1/

@40004b184fe70da581e4 status: local 0/10 remote 0/120
@40004b184fe70da58d9c end msg 206333

Tom, you're my hero! :)

Now to get rid of that annoying clamav error...

Mike.

 > From: t...@tomlogic.com
 > Date: Thu, 3 Dec 2009 15:25:05 -0800
 > To: vchkpw@inter7.com
 > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u
 >
 > Sorry to just jump in at a random point in the conversation, but here 
are some thoughts.

 >
 > If you su to the mike4 user, can you run ~vpopmail/bin/vdelivermail 
(i.e., do you have execute access on the file)? It needs to be able to 
do that. Can you cd into the directory with email for that domain? Maybe 
a higher-level directory prevents you from changing into it (you'll 
likely have to cd directly to it).

 >
 > I think that vdelivermail is self-contained, so you probably don't 
need to have access to other binaries. Qmail-local runs with the uid/gid 
in the users/assign file.

 >
 > -Tom
 >
 >


View your other email accounts from your Hotmail inbox. Add them now. 
 




!DSPAM:4b18c3b132712015298635!

[vchkpw] vdelivermail:_deferred,_database_down

2009-12-04 Thread Maloupi 

Hi !

I'm not sure this is the good mailling list for my question, if not i 
apologize.


My problem is i'm trying to use autorespond with qmail but it does not 
work properly.
It worked (i get response message if i send a mail to an address with 
autorespond activated)

but after some hours the response messages are stuck in queue and not sent.
if i restart the server after some days, i receive failure messages.

Here is a part of my Send log after the reboot :
12-03 21:42:23 starting delivery 1: msg 416540 to local 
nordiquefrance.com-ora...@nordiquefrance.com

12-03 21:42:23 status: local 1/75 remote 0/150
12-03 21:42:24 delivery 1: failure: 
vdelivermail:_deferred,_database_down/I'm_not_going_to_try_again;_this_message_has_been_in_the_queue_too_long./

12-03 21:42:24 status: local 0/75 remote 0/150
12-03 21:42:24 bounce msg 416540 qp 2870
12-03 21:42:24 end msg 416540

Why dit i get a vdelivermail:_deferred,_database_dow error and how can i 
make it works ?


Thank you for your help.
Maloupi


!DSPAM:4b18cd9b32711610912518!

RE: [vchkpw] vdeliver perimission denied for vadddomain -u

2009-12-04 Thread Michael Mussulis 

Jukka,
Good point, but vpopmail.mysql is already group vchkpw and mode 640 doesn't 
work. I tried and it gives:
@40004b19000104a3957c delivery 37: deferral: 
vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/vdelivermail:_deferred,_database_down/
Any other ideas?
Thanks,Michael.
> Date: Fri, 4 Dec 2009 10:09:44 +0200
> From: jukka.kurk...@tjc.fi
> To: vchkpw@inter7.com
> Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u
> 
> rather change the group of vpopmail.mysql to vchkpw and let it be in 
> mode 640.. it contains the password for the database, and if anyone who 
> don't need to know it has shell access, its a security risk.
> 
> ++jukka
> 

  
_
Add your Gmail and Yahoo! Mail email accounts into Hotmail - it's easy
http://clk.atdmt.com/UKM/go/186394592/direct/01/

!DSPAM:4b1904ff32711926221187!

Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u

2009-12-04 Thread Pavel V. Yanchenko 




Hello Michael,

I'm not sure how it will affect security, but perhaps you could make mike4 and other users who need access to vpopmail.mysql members of vchkpw group?

In linux it should be "usermod -a -G vchkpw mike4"
And you can use "groups mike4" command to see in which groups mike4 is.



Friday, December 4, 2009, 3:47:57 PM, you wrote:




>


Jukka,

Good point, but vpopmail.mysql is already group vchkpw and mode 640 doesn't work. I tried and it gives:

@40004b19000104a3957c delivery 37: deferral: vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/vdelivermail:_deferred,_database_down/

Any other ideas?

Thanks,
Michael.

> Date: Fri, 4 Dec 2009 10:09:44 +0200
> From: jukka.kurk...@tjc.fi
> To: vchkpw@inter7.com
> Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u
> 
> rather change the group of vpopmail.mysql to vchkpw and let it be in 
> mode 640.. it contains the password for the database, and if anyone who 
> don't need to know it has shell access, its a security risk.
> 
> ++jukka
> 




Have more than one Hotmail account? Link them together to easily access both.  








-- 
Best regards,
 Pavel                            mailto:bal...@msmu.ru


!DSPAM:4b19109d32711976249256!

Re: [vchkpw] vdeliver perimission denied for vadddomain -u

2009-12-04 Thread Jukka Kurkela 
Thats kind of odd.. did you make sure the user (mike4 i guess) is in 
that group?


++jukka

Michael Mussulis wrote:

Jukka,

Good point, but vpopmail.mysql is already group vchkpw and mode 640 
doesn't work. I tried and it gives:


@40004b19000104a3957c delivery 37: deferral: 
vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/vdelivermail:_deferred,_database_down/


Any other ideas?

Thanks,
Michael.

 > Date: Fri, 4 Dec 2009 10:09:44 +0200
 > From: jukka.kurk...@tjc.fi
 > To: vchkpw@inter7.com
 > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u
 >
 > rather change the group of vpopmail.mysql to vchkpw and let it be in
 > mode 640.. it contains the password for the database, and if anyone who
 > don't need to know it has shell access, its a security risk.
 >
 > ++jukka
 >



Have more than one Hotmail account? Link them together to easily access 
both. < http://clk.atdmt.com/UKM/go/186394591/direct/01/> 




!DSPAM:4b19126232711894716758!

RE: [vchkpw] vdeliver perimission denied for vadddomain -u

2009-12-04 Thread Michael Mussulis 

Yup... see output of id:
[r...@vmfc12 ~]# id mike4uid=516(mike4) gid=516(mike4) 
groups=516(mike4),502(vchkpw)
Mike.
> Date: Fri, 4 Dec 2009 15:45:30 +0200
> From: jukka.kurk...@tjc.fi
> To: vchkpw@inter7.com
> Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u
> 
> Thats kind of odd.. did you make sure the user (mike4 i guess) is in 
> that group?
> 
> ++jukka
> 
> Michael Mussulis wrote:
> > Jukka,
> > 
> > Good point, but vpopmail.mysql is already group vchkpw and mode 640 
> > doesn't work. I tried and it gives:
> > 
> > @40004b19000104a3957c delivery 37: deferral: 
> > vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/vdelivermail:_deferred,_database_down/
> > 
> > Any other ideas?
> > 
> > Thanks,
> > Michael.
> > 
> >  > Date: Fri, 4 Dec 2009 10:09:44 +0200
> >  > From: jukka.kurk...@tjc.fi
> >  > To: vchkpw@inter7.com
> >  > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u
> >  >
> >  > rather change the group of vpopmail.mysql to vchkpw and let it be in
> >  > mode 640.. it contains the password for the database, and if anyone who
> >  > don't need to know it has shell access, its a security risk.
> >  >
> >  > ++jukka
> >  >
> > 
> > 
> > 
> > Have more than one Hotmail account? Link them together to easily access 
> > both. < http://clk.atdmt.com/UKM/go/186394591/direct/01/> 
> > 
> 
> 
> 
> 
  
_
Add your Gmail and Yahoo! Mail email accounts into Hotmail - it's easy
http://clk.atdmt.com/UKM/go/186394592/direct/01/

!DSPAM:4b1912c732711108910712!

RE: Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u

2009-12-04 Thread Michael Mussulis 

Hi Pavel,
It already is, see output of id:
[r...@vmfc12 ~]# id mike4uid=516(mike4) gid=516(mike4) 
groups=516(mike4),502(vchkpw)
Mike.
Date: Fri, 4 Dec 2009 16:36:46 +0300
From: bal...@msmu.ru
To: vchkpw@inter7.com
Subject: Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u











Hello Michael,




I'm not sure how it will affect security, but perhaps you could make mike4 and 
other users who need access to vpopmail.mysql members of vchkpw group?




In linux it should be "usermod -a -G vchkpw mike4"

And you can use "groups mike4" command to see in which groups mike4 is.









  
_
Use Hotmail to send and receive mail from your different email accounts
http://clk.atdmt.com/UKM/go/186394592/direct/01/

!DSPAM:4b1912f132712110113787!

RE: [vchkpw] vdeliver perimission denied for vadddomain -u

2009-12-04 Thread Michael Mussulis 

Jukka,
To clarify, the user was part of 'vhckpw' group before I tried reverting to 
mode 640.So still having the issue. At the moment it's working with mode 644.
Mike.

> Date: Fri, 4 Dec 2009 15:45:30 +0200
> From: jukka.kurk...@tjc.fi
> To: vchkpw@inter7.com
> Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u
> 
> Thats kind of odd.. did you make sure the user (mike4 i guess) is in 
> that group?
> 
> ++jukka
> 
> Michael Mussulis wrote:

  
_
Have more than one Hotmail account? Link them together to easily access both
 http://clk.atdmt.com/UKM/go/186394591/direct/01/

!DSPAM:4b19136b32711767011716!

Re: [vchkpw] vdeliver perimission denied for vadddomain -u

2009-12-04 Thread Rick Macdougall 

Matt Brookings wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Michael Mussulis wrote:

Furthermore, having followed the instructions to the letter, I would
expect it to simply work - unless there's something silly I've missed
(or perhaps undocumented). If other people have -u to work perhaps they
can shed some light on whether they had to take special steps to make it
work. 


I would also expect it to work.  I have no reports of failure of this feature
anywhere, and my local tests show that it's working with all of the recent 
versions
available.  Are you running a version prior to 5.4.15?

Unfortunately I do not have any further ideas what it might be.


Hi,

I believe when I used to run it with other users, I had to run 
qmail-smtpd as root.  Otherwise it can't setuid to the other users.


Regards,

Rick


!DSPAM:4b191aa032712038539215!

[vchkpw] Re: vdelivermail:_deferred,_database_down

2009-12-04 Thread Eric Shubert 

Maloupi wrote:

Hi !

I'm not sure this is the good mailling list for my question, if not i 
apologize.


My problem is i'm trying to use autorespond with qmail but it does not 
work properly.
It worked (i get response message if i send a mail to an address with 
autorespond activated)

but after some hours the response messages are stuck in queue and not sent.
if i restart the server after some days, i receive failure messages.

Here is a part of my Send log after the reboot :
12-03 21:42:23 starting delivery 1: msg 416540 to local 
nordiquefrance.com-ora...@nordiquefrance.com

12-03 21:42:23 status: local 1/75 remote 0/150
12-03 21:42:24 delivery 1: failure: 
vdelivermail:_deferred,_database_down/I'm_not_going_to_try_again;_this_message_has_been_in_the_queue_too_long./ 


12-03 21:42:24 status: local 0/75 remote 0/150
12-03 21:42:24 bounce msg 416540 qp 2870
12-03 21:42:24 end msg 416540

Why dit i get a vdelivermail:_deferred,_database_dow error and how can i 
make it works ?


Thank you for your help.
Maloupi







You might have a damaged queue. Try running the queue-repair.py tool 
(included in the qmailtoaster-plus package) and see if that fixes things up.


--
-Eric 'shubes'


!DSPAM:4b19289532718922255801!

Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u

2009-12-04 Thread Pavel V. Yanchenko 




Hmmm, I've created a test domain belonging to user balrog, and although vpopmail.mysql file is accesible, messages are not delivered until I change its permissions to 644:

permissions:
/home/vpopmail  40711
/home/vpopmail/etc 40755
/home/vpopmail/etc/vpopmail.mysql 100640

[bal...@mail ~]$ id
uid=508(balrog) gid=508(balrog) groups=502(vchkpw),508(balrog)
[bal...@mail ~]$ cat /home/vpopmail/etc/vpopmail.mysql
localhost|0|vpopmail||vpopmail


Attempt to send mail results in  this error in qmail-send log:
deferral: vmysql:_can't_read_settings_from_/home/vpopmail/etc/vpopmail.mysql/vdelivermail:_deferred,_database_down/

When vpopmail.mysql is made 644, then messages are delivered nicely.

Further testing revealed that although user "balrog" is a member of vchkpw group and can access vpopmail.mysql (see above), this file is not available to him while vdelivermail is running:
15730 open("/home/vpopmail/etc/vpopmail.mysql", O_RDONLY) = -1 EACCES (Permission denied)

If I change group of vpopmail.mysql to balrog, then mail gets delivered in this domain.
Could it be that vdelivermail ignores groups? Is it possible at all?


Friday, December 4, 2009, 4:49:30 PM, you wrote:




>


Jukka,

To clarify, the user was part of 'vhckpw' group before I tried reverting to mode 640.
So still having the issue. At the moment it's working with mode 644.

Mike.


> Date: Fri, 4 Dec 2009 15:45:30 +0200
> From: jukka.kurk...@tjc.fi
> To: vchkpw@inter7.com
> Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u
> 
> Thats kind of odd.. did you make sure the user (mike4 i guess) is in 
> that group?
> 
> ++jukka
> 
> Michael Mussulis wrote:




Add other email accounts to Hotmail in 3 easy steps. Find out how.  








-- 
Best regards,
 Pavel                            mailto:bal...@msmu.ru


!DSPAM:4b192a3232712125865721!

Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u

2009-12-04 Thread Pavel V. Yanchenko 
Update.

If vdelivermail is made 102711 (set group id on exec) then mail is
delivered.

Try it, Michael.

-- 
Best regards,
 Pavelmailto:bal...@msmu.ru


!DSPAM:4b192b2832711661460450!

Re: [vchkpw] vdeliver perimission denied for vadddomain -u

2009-12-04 Thread Matt Brookings 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Pavel V. Yanchenko wrote:
> Could it be that vdelivermail ignores groups? Is it possible at all?

The groups file is not read by uid selection or execution system calls.
- --
/*
Matt BrookingsGnuPG Key FAE0672C
Software developer Systems technician
Inter7 Internet Technologies, Inc. (815)776-9465
*/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAksZLt0ACgkQIwet2/rgZyyUBACcCRonIobcnTDT02rhYIr43oqA
/94Ani3PjvK4TTtEB0fmsiHhCi9mbU8E
=sHP6
-END PGP SIGNATURE-

RE: Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u

2009-12-04 Thread Michael Mussulis 

Pavel,
Didn't work, I got this:
@40004b1996a62056cd0c status: local 0/10 remote 
0/1...@40004b19970325ce2f3c starting delivery 92: msg 206456 to local 
test10.com-postmas...@test10.com@40004b19970325ce42c4 status: local 1/10 
remote 0/1...@40004b1997071b92096c delivery 92: deferral: 
vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/Error_-_no_authentication_database_connection._Initial_open./vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/Error_-_no_authentication_database_connection._Initial_open./grep:_/.qmail-default:_No_such_file_or_directory/grep:_/.qmail-default:_No_such_file_or_directory/awk:_cmd._line:1:_fatal:_cannot_open_file_`/.qmail-default'_for_reading_(No_such_file_or_directory)/maildrop:_non-filtered_mail_delivery//usr/local/hcp/bin/maildrop:_Unable_to_open_mailbox./@40004b1997071be015e4
 status: local 0/10 remote 0/120
Works only in mode 644.
Mike.
> Date: Fri, 4 Dec 2009 18:30:05 +0300
> From: bal...@msmu.ru
> To: vchkpw@inter7.com
> Subject: Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u
> 
> Update.
> 
> If vdelivermail is made 102711 (set group id on exec) then mail is
> delivered.
> 
> Try it, Michael.
> 
> -- 
> Best regards,
>  Pavelmailto:bal...@msmu.ru
> 
> 
> 
> 
  
_
Use Hotmail to send and receive mail from your different email accounts
http://clk.atdmt.com/UKM/go/186394592/direct/01/

!DSPAM:4b1997b632711610977555!

RE: [vchkpw] vdeliver perimission denied for vadddomain -u

2009-12-04 Thread Michael Mussulis 

Hmm... so basically so far from everything that's been said, it looks like the 
uid/gid values are being used for domain creation purposes, but not stored in 
the sql backend, which brings me to the issue of dovecot authentication via 
IMAP.
As mentioned before, I did a bog standard vpopmail build/install, followed by a 
bog standard dovecot build/install. If I add a domain, that is owned by 
vpopmail/vchkpw - dovecot imap authentication from squirremail works just fine.
However, if for a domain owned by a 'mike4', dovecot authentication fails with:
auth(default): Info: client in: AUTH1   PLAIN   service=imapsecured 
lip=127.0.0.1   rip=127.0.0.1   lport=143   rport=56559 
resp=AHBvc3RtYXN0ZXJAdGVzdDEwLmNvbQAxMjM=auth(default): Info: 
vpopmail(postmas...@test10.com,127.0.0.1): lookup user=postmaster 
domain=test10.comauth(default): Info: 
vpopmail(postmas...@test10.com,127.0.0.1): unknown userauth(default): Info: new 
auth connection: pid=18526auth(default): Info: client out: FAIL   1   
user=postmas...@test10.comimap-login: Info: Aborted login (auth failed, 1 
attempts): user=, method=PLAIN, rip=127.0.0.1, 
lip=127.0.0.1, secured
My dovecot.conf auth section is:
 Authentication processes##
auth default {   mechanisms = plain
   ### works for vpopmail/vchkpw domains   #passdb vpopmail {   #args =   #}
   #userdb vpopmail {   #}   ###
   ### works for -u domains   passdb sql {  args = 
/usr/local/hcp/etc/dovecot-sql.conf   }

   userdb sql {   args = /usr/local/hcp/etc/dovecot-sql.conf}
   user = vpopmail   count = 1   ssl_require_client_cert = no}
and dovecot-sql.conf:
driver = mysqlconnect = host=localhost port=3306 user=admin password= 
dbname=hcpdefault_pass_scheme = CRYPTpassword_query = SELECT CONCAT(pw_name, 
'@', pw_domain) AS user, pw_passwd AS password FROM vpopmail WHERE pw_name = 
'%n' AND pw_domain = '%d'user_query = SELECT pw_dir as home, pw_uid AS uid, 
pw_gid AS gid FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d'
Also, the pw_uid/pw_gid in vpopmail table MUST have the correct uid/gid values 
for the domain if created with -u, other dovecot will fail with:
dovecot: Error: User postmas...@test10.com not allowed to log in using UNIX UID 
0 (root logins are never allowed)
Am I doing something wrong? Am I to understand that for any domain I create 
with -u, I then have to update vpopmail table with the real uid/gid values?
Thanks,Michael.(PS: I know part of the question is about dovecot, but it's 
closely tied to vpopmail authentication).
> Date: Fri, 4 Dec 2009 09:46:37 -0600
> From: m...@inter7.com
> To: vchkpw@inter7.com
> Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Pavel V. Yanchenko wrote:
> > Could it be that vdelivermail ignores groups? Is it possible at all?
> 
> The groups file is not read by uid selection or execution system calls.
> - --
> /*
> Matt BrookingsGnuPG Key FAE0672C
> Software developer Systems technician
> Inter7 Internet Technologies, Inc. (815)776-9465
> */
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iEYEARECAAYFAksZLt0ACgkQIwet2/rgZyyUBACcCRonIobcnTDT02rhYIr43oqA
> /94Ani3PjvK4TTtEB0fmsiHhCi9mbU8E
> =sHP6
> -END PGP SIGNATURE-
  
_
Use Hotmail to send and receive mail from your different email accounts
http://clk.atdmt.com/UKM/go/186394592/direct/01/

!DSPAM:4b199dfa32711374655388!

Re: [vchkpw] vdeliver perimission denied for vadddomain -u

2009-12-04 Thread Jukka Kurkela 
you could hard code vpopmail's uid and vchkpw gid in that user_query.. 
not quite sure if that will do what you're looking for though.


++jukka

Michael Mussulis wrote:
Hmm... so basically so far from everything that's been said, it looks 
like the uid/gid values are being used for domain creation purposes, but 
not stored in the sql backend, which brings me to the issue of dovecot 
authentication via IMAP.


As mentioned before, I did a bog standard vpopmail build/install, 
followed by a bog standard dovecot build/install. If I add a domain, 
that is owned by vpopmail/vchkpw - dovecot imap authentication from 
squirremail works just fine.


However, if for a domain owned by a 'mike4', dovecot authentication 
fails with:


auth(default): Info: client in: AUTH1   PLAIN   service=imap   
 secured lip=127.0.0.1   rip=127.0.0.1   lport=143   rport=56559 
resp=AHBvc3RtYXN0ZXJAdGVzdDEwLmNvbQAxMjM=
auth(default): Info: vpopmail(postmas...@test10.com,127.0.0.1): lookup 
user=postmaster domain=test10.com

auth(default): Info: vpopmail(postmas...@test10.com,127.0.0.1): unknown user
auth(default): Info: new auth connection: pid=18526
auth(default): Info: client out: FAIL   1   user=postmas...@test10.com
imap-login: Info: Aborted login (auth failed, 1 attempts): 
user=, method=PLAIN, rip=127.0.0.1, 
lip=127.0.0.1, secured


My dovecot.conf auth section is:

##
## Authentication processes
##

auth default {
   mechanisms = plain

   ### works for vpopmail/vchkpw domains
   #passdb vpopmail {
   #args =
   #}

   #userdb vpopmail {
   #}
   ###

   ### works for -u domains
   passdb sql {
  args = /usr/local/hcp/etc/dovecot-sql.conf
   }


   userdb sql {
   args = /usr/local/hcp/etc/dovecot-sql.conf
}

   user = vpopmail
   count = 1
   ssl_require_client_cert = no
}

and dovecot-sql.conf:

driver = mysql
connect = host=localhost port=3306 user=admin password= dbname=hcp
default_pass_scheme = CRYPT
password_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user, 
pw_passwd AS password FROM vpopmail WHERE pw_name = '%n' AND pw_domain = 
'%d'
user_query = SELECT pw_dir as home, pw_uid AS uid, pw_gid AS gid FROM 
vpopmail WHERE pw_name = '%n' AND pw_domain = '%d'


Also, the pw_uid/pw_gid in vpopmail table MUST have the correct uid/gid 
values for the domain if created with -u, other dovecot will fail with:


dovecot: Error: User postmas...@test10.com not allowed to log in using 
UNIX UID 0 (root logins are never allowed)


Am I doing something wrong? Am I to understand that for any domain I 
create with -u, I then have to update vpopmail table with the real 
uid/gid values?


Thanks,
Michael.
(PS: I know part of the question is about dovecot, but it's closely tied 
to vpopmail authentication).


 > Date: Fri, 4 Dec 2009 09:46:37 -0600
 > From: m...@inter7.com
 > To: vchkpw@inter7.com
 > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u
 >
 > -BEGIN PGP SIGNED MESSAGE-
 > Hash: SHA1
 >
 > Pavel V. Yanchenko wrote:
 > > Could it be that vdelivermail ignores groups? Is it possible at all?
 >
 > The groups file is not read by uid selection or execution system calls.
 > - --
 > /*
 > Matt Brookings  GnuPG Key FAE0672C
 > Software developer Systems technician
 > Inter7 Internet Technologies, Inc. (815)776-9465
 > */
 > -BEGIN PGP SIGNATURE-
 > Version: GnuPG v1.4.9 (GNU/Linux)
 > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 >
 > iEYEARECAAYFAksZLt0ACgkQIwet2/rgZyyUBACcCRonIobcnTDT02rhYIr43oqA
 > /94Ani3PjvK4TTtEB0fmsiHhCi9mbU8E
 > =sHP6
 > -END PGP SIGNATURE-


Use Hotmail to send and receive mail from your different email accounts. 
Find out how.  




!DSPAM:4b19a6ae32711147615442!

[vchkpw] vusage updates in 5.5.0-matt-vusage branch

2009-12-04 Thread Matt Brookings 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

In the Subversion repository, under the branches directory, you will find a 
branch called '5.5.0-matt-vusage'.
This branch contains quite a few changes to the vusage daemon.  Most notably it 
saves a complete copy of it's
cache to disk at shutdown, and reads this cache at startup for instant startup 
where it left off.

As far as I can tell everything looks good.  I was hoping a few people wouldn't 
mind bashing their keys on this
to see if they find any problems.

If you do decide to test this code out, do not 'make install'.  After building, 
in the '5.5.0-matt-vusage/vusaged'
directory, as root run: ./vusaged etc/vusaged.conf.  You may want to edit 
etc/vusaged.conf before doing this :)
Notice the 'Storage::Filename' configuration at the bottom.  This is the file 
it will read and write.  If you
delete the cache file it will start up as normal.

Let me know if you do muck around with it.
Thanks!
- --
/*
Matt BrookingsGnuPG Key FAE0672C
Software developer Systems technician
Inter7 Internet Technologies, Inc. (815)776-9465
*/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAksZp9IACgkQIwet2/rgZyz6cwCfWYb4p3+zUt5u8uF/RUaCtJO/
+3IAn2zfm3co/ZaBxIFayuUWzPPGD01o
=AMX7
-END PGP SIGNATURE-

RE: [vchkpw] vdeliver perimission denied for vadddomain -u

2009-12-04 Thread Michael Mussulis 

sorry modify exactly which user_query? vopmail or dovecot?
mike

> Date: Sat, 5 Dec 2009 02:18:13 +0200
> From: jukka.kurk...@tjc.fi
> To: vchkpw@inter7.com
> Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u
> 
> you could hard code vpopmail's uid and vchkpw gid in that user_query.. 
> not quite sure if that will do what you're looking for though.
> 
> ++jukka
> 
> Michael Mussulis wrote:
> > Hmm... so basically so far from everything that's been said, it looks 
> > like the uid/gid values are being used for domain creation purposes, but 
> > not stored in the sql backend, which brings me to the issue of dovecot 
> > authentication via IMAP.
> > 
> > As mentioned before, I did a bog standard vpopmail build/install, 
> > followed by a bog standard dovecot build/install. If I add a domain, 
> > that is owned by vpopmail/vchkpw - dovecot imap authentication from 
> > squirremail works just fine.
> > 
> > However, if for a domain owned by a 'mike4', dovecot authentication 
> > fails with:
> > 
> > auth(default): Info: client in: AUTH1   PLAIN   service=imap   
> >  secured lip=127.0.0.1   rip=127.0.0.1   lport=143   rport=56559 
> > resp=AHBvc3RtYXN0ZXJAdGVzdDEwLmNvbQAxMjM=
> > auth(default): Info: vpopmail(postmas...@test10.com,127.0.0.1): lookup 
> > user=postmaster domain=test10.com
> > auth(default): Info: vpopmail(postmas...@test10.com,127.0.0.1): unknown user
> > auth(default): Info: new auth connection: pid=18526
> > auth(default): Info: client out: FAIL   1   user=postmas...@test10.com
> > imap-login: Info: Aborted login (auth failed, 1 attempts): 
> > user=, method=PLAIN, rip=127.0.0.1, 
> > lip=127.0.0.1, secured
> > 
> > My dovecot.conf auth section is:
> > 
> > ##
> > ## Authentication processes
> > ##
> > 
> > auth default {
> >mechanisms = plain
> > 
> >### works for vpopmail/vchkpw domains
> >#passdb vpopmail {
> >#args =
> >#}
> > 
> >#userdb vpopmail {
> >#}
> >###
> > 
> >### works for -u domains
> >passdb sql {
> >   args = /usr/local/hcp/etc/dovecot-sql.conf
> >}
> > 
> > 
> >userdb sql {
> >args = /usr/local/hcp/etc/dovecot-sql.conf
> > }
> > 
> >user = vpopmail
> >count = 1
> >ssl_require_client_cert = no
> > }
> > 
> > and dovecot-sql.conf:
> > 
> > driver = mysql
> > connect = host=localhost port=3306 user=admin password= dbname=hcp
> > default_pass_scheme = CRYPT
> > password_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user, 
> > pw_passwd AS password FROM vpopmail WHERE pw_name = '%n' AND pw_domain = 
> > '%d'
> > user_query = SELECT pw_dir as home, pw_uid AS uid, pw_gid AS gid FROM 
> > vpopmail WHERE pw_name = '%n' AND pw_domain = '%d'
> > 
> > Also, the pw_uid/pw_gid in vpopmail table MUST have the correct uid/gid 
> > values for the domain if created with -u, other dovecot will fail with:
> > 
> > dovecot: Error: User postmas...@test10.com not allowed to log in using 
> > UNIX UID 0 (root logins are never allowed)
> > 
> > Am I doing something wrong? Am I to understand that for any domain I 
> > create with -u, I then have to update vpopmail table with the real 
> > uid/gid values?
> > 
> > Thanks,
> > Michael.
> > (PS: I know part of the question is about dovecot, but it's closely tied 
> > to vpopmail authentication).
> > 
> >  > Date: Fri, 4 Dec 2009 09:46:37 -0600
> >  > From: m...@inter7.com
> >  > To: vchkpw@inter7.com
> >  > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u
> >  >
> >  > -BEGIN PGP SIGNED MESSAGE-
> >  > Hash: SHA1
> >  >
> >  > Pavel V. Yanchenko wrote:
> >  > > Could it be that vdelivermail ignores groups? Is it possible at all?
> >  >
> >  > The groups file is not read by uid selection or execution system calls.
> >  > - --
> >  > /*
> >  > Matt Brookings  GnuPG Key FAE0672C
> >  > Software developer Systems technician
> >  > Inter7 Internet Technologies, Inc. (815)776-9465
> >  > */
> >  > -BEGIN PGP SIGNATURE-
> >  > Version: GnuPG v1.4.9 (GNU/Linux)
> >  > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >  >
> >  > iEYEARECAAYFAksZLt0ACgkQIwet2/rgZyyUBACcCRonIobcnTDT02rhYIr43oqA
> >  > /94Ani3PjvK4TTtEB0fmsiHhCi9mbU8E
> >  > =sHP6
> >  > -END PGP SIGNATURE-
> > 
> > 
> > Use Hotmail to send and receive mail from your different email accounts. 
> > Find out how.  
> > 
> 
> 
> 
> 
  
_
Use Hotmail to send and receive mail from your different email accounts
http://clk.atdmt.com/UKM/go/186394592/direct/01/

!DSPAM:4b19a8fb32717360018702!

RE: [vchkpw] vdeliver perimission denied for vadddomain -u

2009-12-04 Thread Michael Mussulis 

or did u mean the sql query used in dovecot-sql.conf?
> Date: Sat, 5 Dec 2009 02:18:13 +0200
> From: jukka.kurk...@tjc.fi
> To: vchkpw@inter7.com
> Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u
> 
> you could hard code vpopmail's uid and vchkpw gid in that user_query.. 
> not quite sure if that will do what you're looking for though.
> 
> ++jukka
> 

  
_
Got more than one Hotmail account? Save time by linking them together
 http://clk.atdmt.com/UKM/go/186394591/direct/01/

!DSPAM:4b19a94b32711341118240!

Re: [vchkpw] vdeliver perimission denied for vadddomain -u

2009-12-04 Thread Jukka Kurkela 

dovecot, to get around the uid 0 error.

Michael Mussulis wrote:

sorry modify exactly which user_query? vopmail or dovecot?





that one:

 > > user_query = SELECT pw_dir as home, pw_uid AS uid, pw_gid AS gid FROM
 > > vpopmail WHERE pw_name = '%n' AND pw_domain = '%d'



and a side note:
 > > Also, the pw_uid/pw_gid in vpopmail table MUST have the correct 
uid/gid

 > > values for the domain if created with -u, other dovecot will fail with:


that is not quite true, since its dovecot that fails, not vpopmail. so 
vpopmail's table does not need to have correct uid/gid, it works fine 
without them.


++jukka

!DSPAM:4b19ab2132711897023641!

RE: [vchkpw] vdeliver perimission denied for vadddomain -u

2009-12-04 Thread Michael Mussulis 

mmm, I think I tried that at one point but can't be certain, too many tests... 
:)I will give it a go, but I don't think it will work, I think it will want the 
domain owner uid/gid not vpopmail/vchkpw...I will let you know the results 
shortly...
mike.
> Date: Sat, 5 Dec 2009 02:37:13 +0200
> From: jukka.kurk...@tjc.fi
> To: vchkpw@inter7.com
> Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u
> 
> dovecot, to get around the uid 0 error.
> 
> Michael Mussulis wrote:
> > sorry modify exactly which user_query? vopmail or dovecot?
> > 
> 
> 
> 
> that one:
> >  > > user_query = SELECT pw_dir as home, pw_uid AS uid, pw_gid AS gid FROM
> >  > > vpopmail WHERE pw_name = '%n' AND pw_domain = '%d'
> 
> 
> and a side note:
> >  > > Also, the pw_uid/pw_gid in vpopmail table MUST have the correct 
> > uid/gid
> >  > > values for the domain if created with -u, other dovecot will fail with:
> 
> that is not quite true, since its dovecot that fails, not vpopmail. so 
> vpopmail's table does not need to have correct uid/gid, it works fine 
> without them.
> 
> ++jukka
> 
> 
> 
  
_
View your other email accounts from your Hotmail inbox. Add them now.
http://clk.atdmt.com/UKM/go/186394592/direct/01/

!DSPAM:4b19ac5532716013015893!