[vchkpw] vmoduser set quota is fail
I not find vmoduser maillist ,so send mail to this My question is set user quota is fail! OS is FreeBSD ns.egotop.com 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009 r...@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 Auth mod is Mysql Server version: 5.0.88-log Source distribution [r...@ns /data/vpopmail/bin]# cat /data/vpopmail/etc/vpopmail.mysql localhost|0|mail|123456|vpopmail vpopmail version [r...@ns /data/vpopmail/bin]# ./vadduser -v version: 5.4.29 vadduser: usage: [options] email_address [passwd] options: -v (print the version) -q quota_in_bytes (sets the users quota, use NOQUOTA for unlimited) -c comment (sets the gecos comment field) -e standard_encrypted_password -n no_password -r[len] (generate a len (default 8) char random password) [r...@ns /data/vpopmail/bin]# ./vadduser t...@egotop.com 123456 [r...@ns /data/vpopmail/bin]# echo $? 0 [r...@ns /data/vpopmail/bin]# /data/app/mysql/bin/mysql -uroot -p Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 50 Server version: 5.0.88-log Source distribution Reading history-file /root/.mysql_history Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> select pw_name,pw_domain,pw_gecos,pw_dir,pw_shell,pw_clear_passwd from vpopmail where pw_name='t2'; +-++--++--+-+ | pw_name | pw_domain | pw_gecos | pw_dir | pw_shell | pw_clear_passwd | +-++--++--+-+ | t2 | egotop.com | t2 | /data/vpopmail/domains/egotop.com/0/t2 | NOQUOTA | 123456 | +-++--++--+-+ 1 row in set (0.00 sec) mysql> quit Writing history-file /root/.mysql_history Bye [r...@ns /data/vpopmail/bin]# ./vuserinfo t...@egotop.com name: t2 passwd: $1$3QbypzV/$4dgi/S3wDdOoCm/UMKEGH1 clear passwd: 123456 comment/gecos: t2 uid:0 gid:0 flags: 0 gecos: t2 limits: No user limits set. dir: /data/vpopmail/domains/egotop.com/0/t2 quota: NOQUOTA usage: NOQUOTA account created: Sat Dec 12 10:09:39 2009 last auth: Never logged in ## add user ok [r...@ns /data/vpopmail/bin]# ./vmoduser -v version: 5.4.29 vmoduser: usage: [options] email_addr or domain (for each user in domain) options: -v ( display the vpopmail version number ) -n ( don't rebuild the vpasswd.cdb file ) -q quota ( set quota ) -c comment (set the comment/gecos field ) -e encrypted_passwd (set the password field ) -C clear_text_passwd (set the password field ) the following options are bit flags in the gid int field -x ( clear all flags ) -d ( don't allow user to change password ) -p ( disable POP access ) -s ( disable SMTP AUTH access ) -w ( disable webmail [IMAP from localhost*] access ) ( * full list of webmail server IPs in vchkpw.c ) -i ( disable non-webmail IMAP access ) -b ( bounce all mail ) -o ( user is not subject to domain limits ) -r ( disable roaming user/pop-before-smtp ) -a ( grant qmailadmin administrator privileges ) -S ( grant system administrator privileges - access all domains ) -E ( grant expert privileges - edit .qmail files ) -f ( disable spamassassin) -F ( delete spam) -m ( disable maildrop) [The following flags aren't used directly by vpopmail but are] [included for other programs that share the user database.] -u ( set no dialup flag ) -0 ( set V_USER0 flag ) -1 ( set V_USER1 flag ) -2 ( set V_USER2 flag ) -3 ( set V_USER3 flag ) [r...@ns /data/vpopmail/bin]# ./vmoduser -q 1000 t...@egotop.com client_connect: warning: config_begin failed Segmentation fault: 11 (core dumped) [r...@ns /data/vpopmail/bin]# echo $? 139 ## set user quota is failed, this is why ? ## /var/log/messages Dec 12 10:23:27 ns kernel: pid 1037 (vmoduser), uid 0: exited on signal 11 (core dumped) [r...@ns /data/vpopmail/bin]# ./vuserinfo t...@egotop.com name: t2 passwd: $1$3QbypzV/$4dgi/S3wDdOoCm/UMKEGH1 clear passwd: 123456 comment/gecos: t2 uid:0 gid:0 flags: 0 gecos: t2 limits: No user limits set. dir: /data/vpopmail/domains/egotop.com/0/t2 quota: NOQUOTA usage: NOQUOTA account created: Sat Dec 12 10:09:39 2009 last auth: Never logged in vpopmail config ./configure \ --prefix=/data/vpopmail \ --exec-prefix=/data/vpopmail \ --enable-roaming-users=y \ --enable-auth-module=mysql \ --enable-file-sync \ --enable-incdir=/usr/local/include \ --enable-libdir=/usr/local/lib \ --enable-ucspi-dir=../ucspi-tcp-
[vchkpw] RE: WELCOME to vchkpw@inter7.com
I not find vmoduser maillist ,so send mail to this My question is set user quota is fail! OS is FreeBSD ns.egotop.com 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009 r...@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 Auth mod is Mysql Server version: 5.0.88-log Source distribution [r...@ns /data/vpopmail/bin]# cat /data/vpopmail/etc/vpopmail.mysql localhost|0|mail|123456|vpopmail vpopmail version [r...@ns /data/vpopmail/bin]# ./vadduser -v version: 5.4.29 vadduser: usage: [options] email_address [passwd] options: -v (print the version) -q quota_in_bytes (sets the users quota, use NOQUOTA for unlimited) -c comment (sets the gecos comment field) -e standard_encrypted_password -n no_password -r[len] (generate a len (default 8) char random password) [r...@ns /data/vpopmail/bin]# ./vadduser t...@egotop.com 123456 [r...@ns /data/vpopmail/bin]# echo $? 0 [r...@ns /data/vpopmail/bin]# /data/app/mysql/bin/mysql -uroot -p Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 50 Server version: 5.0.88-log Source distribution Reading history-file /root/.mysql_history Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> select pw_name,pw_domain,pw_gecos,pw_dir,pw_shell,pw_clear_passwd from vpopmail where pw_name='t2'; +-++--++--+-+ | pw_name | pw_domain | pw_gecos | pw_dir | pw_shell | pw_clear_passwd | +-++--++--+-+ | t2 | egotop.com | t2 | /data/vpopmail/domains/egotop.com/0/t2 | NOQUOTA | 123456 | +-++--++--+-+ 1 row in set (0.00 sec) mysql> quit Writing history-file /root/.mysql_history Bye [r...@ns /data/vpopmail/bin]# ./vuserinfo t...@egotop.com name: t2 passwd: $1$3QbypzV/$4dgi/S3wDdOoCm/UMKEGH1 clear passwd: 123456 comment/gecos: t2 uid:0 gid:0 flags: 0 gecos: t2 limits: No user limits set. dir: /data/vpopmail/domains/egotop.com/0/t2 quota: NOQUOTA usage: NOQUOTA account created: Sat Dec 12 10:09:39 2009 last auth: Never logged in ## add user ok [r...@ns /data/vpopmail/bin]# ./vmoduser -v version: 5.4.29 vmoduser: usage: [options] email_addr or domain (for each user in domain) options: -v ( display the vpopmail version number ) -n ( don't rebuild the vpasswd.cdb file ) -q quota ( set quota ) -c comment (set the comment/gecos field ) -e encrypted_passwd (set the password field ) -C clear_text_passwd (set the password field ) the following options are bit flags in the gid int field -x ( clear all flags ) -d ( don't allow user to change password ) -p ( disable POP access ) -s ( disable SMTP AUTH access ) -w ( disable webmail [IMAP from localhost*] access ) ( * full list of webmail server IPs in vchkpw.c ) -i ( disable non-webmail IMAP access ) -b ( bounce all mail ) -o ( user is not subject to domain limits ) -r ( disable roaming user/pop-before-smtp ) -a ( grant qmailadmin administrator privileges ) -S ( grant system administrator privileges - access all domains ) -E ( grant expert privileges - edit .qmail files ) -f ( disable spamassassin) -F ( delete spam) -m ( disable maildrop) [The following flags aren't used directly by vpopmail but are] [included for other programs that share the user database.] -u ( set no dialup flag ) -0 ( set V_USER0 flag ) -1 ( set V_USER1 flag ) -2 ( set V_USER2 flag ) -3 ( set V_USER3 flag ) [r...@ns /data/vpopmail/bin]# ./vmoduser -q 1000 t...@egotop.com client_connect: warning: config_begin failed Segmentation fault: 11 (core dumped) [r...@ns /data/vpopmail/bin]# echo $? 139 ## set user quota is failed, this is why ? ## /var/log/messages Dec 12 10:23:27 ns kernel: pid 1037 (vmoduser), uid 0: exited on signal 11 (core dumped) [r...@ns /data/vpopmail/bin]# ./vuserinfo t...@egotop.com name: t2 passwd: $1$3QbypzV/$4dgi/S3wDdOoCm/UMKEGH1 clear passwd: 123456 comment/gecos: t2 uid:0 gid:0 flags: 0 gecos: t2 limits: No user limits set. dir: /data/vpopmail/domains/egotop.com/0/t2 quota: NOQUOTA usage: NOQUOTA account created: Sat Dec 12 10:09:39 2009 last auth: Never logged in vpopmail config ./configure \ --prefix=/data/vpopmail \ --exec-prefix=/data/vpopmail \ --enable-roaming-users=y \ --enable-auth-module=mysql \ --enable-file-sync \ --enable-incdir=/usr/local/include \ --enable-libdir=/usr/local/lib \ --enable-ucspi-dir=../ucspi-tcp-
Re: [vchkpw] Re: vpopmail + Dovecot + CRAM-MD5 problem
At 16:29 11-12-2009, Eric Shubert wrote: Shane Chrisp wrote: Ro Achterberg wrote: You will need to enable plain text passwords in the database to be able to use cram-md5. In dovecot-sql.conf, I tried setting default_pass_scheme to both PLAIN and PLAIN-MD5, but none of which seemed to work. I'm probably missing the point. Did you perhaps mean to have vpopmail store the user passwords in plain text? I'm just checking, because to me it seems to lower security and it seems to defeat the purpose of working with hashed passwords. Could you please confirm this? Yes, thats what I meant by my comment. You need the plain text passwords in the vpopmail database. Having plain text passwords in the database doesn't necessarily lower the security as your database can be on a host which is not accessable to anything by the authenticating machine. Shane cram-md5 is a bit outdated. It has two weaknesses, the first of which you've identified, which is that passwords need to be stored in plain text. This is unsuitable for some environments. The second weakness is md5 itself, which is vulnerable in a few different ways (see http://en.wikipedia.org/wiki/MD5). I believe that currently the best approach to secure connections is to use TLS/SSL along with either plain or login authentication methods. In dovecot.conf: # Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the # connection is considered secure and plaintext authentication is allowed. #disable_plaintext_auth = no disable_plaintext_auth = yes You'll also need to configure TLS/SSL. -- -Eric 'shubes' Hi Eric, Thanks for your reply. I totally agree with you on the weaknesses of (CRAM-)MD5. I'll be offering both CRAM-MD5 and TLS/SSL secured connections, as per your suggestion. Bye, Ro !DSPAM:4b22673b32717305016790!
Re: [vchkpw] vpopmail + Dovecot + CRAM-MD5 problem
>> Did you perhaps mean to have vpopmail store the user passwords in >> plain text? I'm just checking, because to me it seems to lower >> security and it seems to defeat the purpose of working with hashed >> passwords. Could you please confirm this? > > Yes, thats what I meant by my comment. You need the plain text passwords > in the vpopmail database. Having plain text passwords in the database > doesn't necessarily lower the security as your database can be on a host > which is not accessable to anything by the authenticating machine. > Just to elaborate on the point, CRAM-MD5 authentication REQUIRES that the passwords be stored as plaintext, as that's the only way to verify the MD5 hash provided by the client. Server send the seed string, client concatenates the seed and password (and maybe username, don't remember), and sends the MD5 hash of that. Server then concats the seed it sent with the known plaintext password and compares the MD5 hash it comes up with to that which the client sends. It's a tradeoff - keeping plaintext passwords on a (hopefully) secure server vs allowing the client to send the password in plaintext over the network (though possibly over an encrypted channel). I like it, but YMMV. Josh Joshua Megerman SJGames MIB #5273 - OGRE AI Testing Division You can't win; You can't break even; You can't even quit the game. - Layman's translation of the Laws of Thermodynamics vpopm...@honorablemenschen.com !DSPAM:4b22669432713716511896!
[vchkpw] Re: vpopmail + Dovecot + CRAM-MD5 problem
Shane Chrisp wrote: Ro Achterberg wrote: You will need to enable plain text passwords in the database to be able to use cram-md5. In dovecot-sql.conf, I tried setting default_pass_scheme to both PLAIN and PLAIN-MD5, but none of which seemed to work. I'm probably missing the point. Did you perhaps mean to have vpopmail store the user passwords in plain text? I'm just checking, because to me it seems to lower security and it seems to defeat the purpose of working with hashed passwords. Could you please confirm this? Yes, thats what I meant by my comment. You need the plain text passwords in the vpopmail database. Having plain text passwords in the database doesn't necessarily lower the security as your database can be on a host which is not accessable to anything by the authenticating machine. Shane cram-md5 is a bit outdated. It has two weaknesses, the first of which you've identified, which is that passwords need to be stored in plain text. This is unsuitable for some environments. The second weakness is md5 itself, which is vulnerable in a few different ways (see http://en.wikipedia.org/wiki/MD5). I believe that currently the best approach to secure connections is to use TLS/SSL along with either plain or login authentication methods. In dovecot.conf: # Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the # connection is considered secure and plaintext authentication is allowed. #disable_plaintext_auth = no disable_plaintext_auth = yes You'll also need to configure TLS/SSL. -- -Eric 'shubes' !DSPAM:4b22658132711495920358!
Re: [vchkpw] vpopmail + Dovecot + CRAM-MD5 problem
At 16:07 11-12-2009, Shane Chrisp wrote: Ro Achterberg wrote: You will need to enable plain text passwords in the database to be able to use cram-md5. In dovecot-sql.conf, I tried setting default_pass_scheme to both PLAIN and PLAIN-MD5, but none of which seemed to work. I'm probably missing the point. Did you perhaps mean to have vpopmail store the user passwords in plain text? I'm just checking, because to me it seems to lower security and it seems to defeat the purpose of working with hashed passwords. Could you please confirm this? Yes, thats what I meant by my comment. You need the plain text passwords in the vpopmail database. Having plain text passwords in the database doesn't necessarily lower the security as your database can be on a host which is not accessable to anything by the authenticating machine. Shane Thanks, I'll be trying that now. I agree with you on the security impact if you in fact had the luxury of building a setup like that. Unfortuntaly though, my colo box provides for a lot more than just an e-mail authentication backend. I do however have it tightly locked down in a rather complex chrooted setup on top of a grsec hardened kernel, so I won't be worrying about it too much. Thanks for your help! Bye, Ro !DSPAM:4b2262ce32718688460864!
Re: [vchkpw] vpopmail + Dovecot + CRAM-MD5 problem
Ro Achterberg wrote: You will need to enable plain text passwords in the database to be able to use cram-md5. In dovecot-sql.conf, I tried setting default_pass_scheme to both PLAIN and PLAIN-MD5, but none of which seemed to work. I'm probably missing the point. Did you perhaps mean to have vpopmail store the user passwords in plain text? I'm just checking, because to me it seems to lower security and it seems to defeat the purpose of working with hashed passwords. Could you please confirm this? Yes, thats what I meant by my comment. You need the plain text passwords in the vpopmail database. Having plain text passwords in the database doesn't necessarily lower the security as your database can be on a host which is not accessable to anything by the authenticating machine. Shane !DSPAM:4b22602a32711774717678!
Re: [vchkpw] vpopmail + Dovecot + CRAM-MD5 problem
At 15:36 11-12-2009, Shane Chrisp wrote: Ro Achterberg wrote: Hi all, I'm currently fine-tuning my qmail + vpopmail + Dovecot + MySQL installation and I believe I've run into a problem. Dovecot is servicing both IMAP and POP3, using MySQL as the authentication middle-man. It seems however that vpopmail is storing its passwords as MD5-CRYPT in the MySQL tables, while I want Dovecot to use CRAM-MD5. This seems to be the most used authentication scheme by far, and I'd like to avoid using PLAIN or LOGIN authentications as they're not up to my security standards. When I try setting default_pass_scheme = CRAM-MD5 in dovecot-sql.conf, Dovecot's auth worker complains with the following line: Dec 11 12:31:52 onion dovecot: auth-worker(default): sql(r...@greyhat.nl,127.0.0.1): Password in passdb is not in expected scheme CRAM-MD5 Which makes sense, because the passwords are stored as MD5-CRYPT by vpopmail. I assume that my setup is not unique in its kind, which makes me wonder what I'm doing wrong here! Any insights on how to make this work using CRAM-MD5 passwords throughout the whole system would be greatly appreciated. Bye, Ro You will need to enable plain text passwords in the database to be able to use cram-md5. In dovecot-sql.conf, I tried setting default_pass_scheme to both PLAIN and PLAIN-MD5, but none of which seemed to work. I'm probably missing the point. Did you perhaps mean to have vpopmail store the user passwords in plain text? I'm just checking, because to me it seems to lower security and it seems to defeat the purpose of working with hashed passwords. Could you please confirm this? Bye, Ro !DSPAM:4b225df432711468934747!
Re: [vchkpw] vpopmail + Dovecot + CRAM-MD5 problem
Ro Achterberg wrote: Hi all, I'm currently fine-tuning my qmail + vpopmail + Dovecot + MySQL installation and I believe I've run into a problem. Dovecot is servicing both IMAP and POP3, using MySQL as the authentication middle-man. It seems however that vpopmail is storing its passwords as MD5-CRYPT in the MySQL tables, while I want Dovecot to use CRAM-MD5. This seems to be the most used authentication scheme by far, and I'd like to avoid using PLAIN or LOGIN authentications as they're not up to my security standards. When I try setting default_pass_scheme = CRAM-MD5 in dovecot-sql.conf, Dovecot's auth worker complains with the following line: Dec 11 12:31:52 onion dovecot: auth-worker(default): sql(r...@greyhat.nl,127.0.0.1): Password in passdb is not in expected scheme CRAM-MD5 Which makes sense, because the passwords are stored as MD5-CRYPT by vpopmail. I assume that my setup is not unique in its kind, which makes me wonder what I'm doing wrong here! Any insights on how to make this work using CRAM-MD5 passwords throughout the whole system would be greatly appreciated. Bye, Ro You will need to enable plain text passwords in the database to be able to use cram-md5. !DSPAM:4b2258e232711690019057!
[vchkpw] vpopmail + Dovecot + CRAM-MD5 problem
Hi all, I'm currently fine-tuning my qmail + vpopmail + Dovecot + MySQL installation and I believe I've run into a problem. Dovecot is servicing both IMAP and POP3, using MySQL as the authentication middle-man. It seems however that vpopmail is storing its passwords as MD5-CRYPT in the MySQL tables, while I want Dovecot to use CRAM-MD5. This seems to be the most used authentication scheme by far, and I'd like to avoid using PLAIN or LOGIN authentications as they're not up to my security standards. When I try setting default_pass_scheme = CRAM-MD5 in dovecot-sql.conf, Dovecot's auth worker complains with the following line: Dec 11 12:31:52 onion dovecot: auth-worker(default): sql(r...@greyhat.nl,127.0.0.1): Password in passdb is not in expected scheme CRAM-MD5 Which makes sense, because the passwords are stored as MD5-CRYPT by vpopmail. I assume that my setup is not unique in its kind, which makes me wonder what I'm doing wrong here! Any insights on how to make this work using CRAM-MD5 passwords throughout the whole system would be greatly appreciated. Bye, Ro !DSPAM:4b223afe32716543717066!
