Re: [vchkpw] Courier support
Where's the best documentation to migrate off of Courier? I presume Dovecot is the favored IMAP now for Vpopmail? Any known issues in making this switch? Matt Brookings wrote: My question is this: Courier-IMAP has dropped us, should we drop Courier-IMAP? Most definitely Yes! !DSPAM:49ba554232689351814391!
[vchkpw] chkuser 2.0b - somes false positives
A system that's been running with 9000 users is now experiencing intermittent false positives when checking for invalid recipients. It's allowing invalid recipients sometimes. I cannot find a pattern. Any guess on areas that might be culprits? Does chkuser have a default permit behavior if it cannot reach IMAP or Sql? Not sure if there's a resource issue on the machine yet. Mysql backend, linux, courier imap, vpopmail 5.4.17, chkuser 2.08b Thanks. !DSPAM:497e28c432685692751208!
[vchkpw] How to route local delivery through a separate SMTP spam scanner
A customer has challenged whether this can be done... Anti-SPAM appliances A, B, and C are available on an internal LAN via DNS round-robin through SMTP at appliance.example.com VPOPMAIL server D is on the same LAN. Customer has had a few local accounts that had their password guessed and spammers sent spam through webmail. S We're considering doing something inline to the delivery process that would 1) accept the authenticated user's email for remote/local delivery, 2) force that delivery off of box D to A-C over SMTP in ALL cases (not just remote), 3) Scan on A-C, 4) return the inbound (local) mail back to D for further delivery to the locals. I realize this is pretty insane, but the customer isn't excited about adding a local spam daemon to D and would like to leverage the investment in the appliances A-C to control for local delivery abuses. The appliances are doing a nice job on SMTP scanning, but the vendor says that their appliance does not have a port listener (like a spamd daemon) that could answer a stream request - thus only SMTP will do. Ideas? THANKS! Dave. !DSPAM:48223e3e120508248733278!
RE: [vchkpw] How to route local delivery through a separate SMTP spam scanner
/me thumps head Very cool! Thanks for the idea on options! It can be done quite easily. Two options: Preferred: Configure webmail to send messages directly to the appliances. Alternatively: Install a dumb SMTP mailer on D that listens on a port other than 25. Configure that dumb-mailer to forward all mail to the appliances. Configure webmail to send messages to the dumb mailer's listening port. webmail -SMTP- D dumb-mailer listening on tcp:125(example) -SMTP- appliances via static SMTP route -SMTP- back to D tcp:25 via static SMTP route for local deliveries -Original Message- From: ISP Lists [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 07, 2008 4:41 PM To: vchkpw@inter7.com Subject: [vchkpw] How to route local delivery through a separate SMTP spam scanner A customer has challenged whether this can be done... Anti-SPAM appliances A, B, and C are available on an internal LAN via DNS round-robin through SMTP at appliance.example.com VPOPMAIL server D is on the same LAN. Customer has had a few local accounts that had their password guessed and spammers sent spam through webmail. S We're considering doing something inline to the delivery process that would 1) accept the authenticated user's email for remote/local delivery, 2) force that delivery off of box D to A-C over SMTP in ALL cases (not just remote), 3) Scan on A-C, 4) return the inbound (local) mail back to D for further delivery to the locals. I realize this is pretty insane, but the customer isn't excited about adding a local spam daemon to D and would like to leverage the investment in the appliances A-C to control for local delivery abuses. The appliances are doing a nice job on SMTP scanning, but the vendor says that their appliance does not have a port listener (like a spamd daemon) that could answer a stream request - thus only SMTP will do. Ideas? THANKS! Dave. !DSPAM:48225a58120502068847775!
Re: [vchkpw] Distribute Qmail + Vpopmail bundle
Joshua Megerman wrote: On Saturday 23 February 2008 01:55:14 pm Nick Bright wrote: While the qmail sources are available, it is not GPL. It's my understanding that the way qmail is licensed specifically forbids repackaging. Um, no. As the original poster stated qmail is now in the public domain, which means there is not only no restrictions to its distribution, there's not even any license anymore. Well, that is excellent. I was not aware that it had been placed into the public domain. Perhaps now someone could get a project together with some traction to integrate all of the best patches into qmail and make a technologically recent package that doesn't have to have 15 patches applied to get anything resembling a recent feature set. Are you aware of the netqmail project or Bill Shupp's qmail toaster project? Easily googled if you weren't. I for one would love to see inter7 take the lead on such a project, as they have a proven track record and as far as I can tell, know qmail quite well. And please try not to top-post :) I'll never understand why people don't like top posting. I find it easier to read, but lets not get OT on this; I'm sure it's been argued about before. Josh !DSPAM:47c4001f31054114656!
Re: [vchkpw] OT: Which RBLsmtpd lookups are you using?
Adi Pircalabu wrote: On Fri, 01 Feb 2008 07:33:53 +1000 Quey wrote: dnsbl.sorbs.net bl.spamcop.net Don't use these to reject connections at SMTP level, they give many false-positives. Eventually use them only after queueing, and only to increase the spam score. zen.spamhaus.org and list.dsbl.org, au contraire, are much better choices for rblsmtpd. My 0,02RON each to our own, I dont consider they give many false positives at all, not in this part of the world, but of course it may be different for where you are, however even with the acceptable FP's they *may* give, the massive reduction in spam makes it completely worth it. The more they hit there, the less work MailScanner has to do, it can use system resources just to scan for viruses and phishing and of course whatever spam it detects that get past the RBL's :-) A good thing to do as well which also dramatically reduces spam, is enforce DNS forward and reverse, if someone can't be bothered making sure their mail server is RFC compliant, then I am under no obligation to allow my servers to accept connections from them. My thanks to everyone who contributed! I'm on zen.spamhaus.org now! Noticed at least some increase in stopped connections at smtpd! A good thing, in my review. I'll research FPs for downside. Thanks! !DSPAM:47a381a0310549759113929!
[vchkpw] OT: Which RBLsmtpd lookups are you using?
Which RBLsmtpd references are you using in your smtpd listeners and why? (example sbl-xbl.spamhaus.org in /var/qmail/supervise/qmail-smtp/run) !DSPAM:47a1f0e1310547134712337!
[vchkpw] OT: Webmail trends for vpopmail/qmail/IMAP
Off-topic, perhaps respond off-list? What are the hot applications in F/OSS webmail that start to move towards AJAX clients (yahoo! mail beta, gmail) that might function well on a vpopmail/qmail/IMAP infrastructure? I looked at Sourceforge and didn't see much that would leap past squirrelmail. !DSPAM:477d4215310543745219514!
Re: [vchkpw] OT: Webmail trends for vpopmail/qmail/IMAP
ISP Lists wrote: Off-topic, perhaps respond off-list? What are the hot applications in F/OSS webmail that start to move towards AJAX clients (yahoo! mail beta, gmail) that might function well on a vpopmail/qmail/IMAP infrastructure? I looked at Sourceforge and didn't see much that would leap past squirrelmail. We use RoundCube in addition to Squirell. http://roundcube.net/ Regards, Rick Thanks Rick, good stuff! Any other ideas are most appreciated. !DSPAM:477d4fd9310541599016348!
Re: [vchkpw] courier maildirfolder files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ISP Lists wrote: Therefore, to fix a partially failed rsync during a migration, I should use the following rules: /Maildir/.Sent|.Drafts|.Trash/maildirfolder is NOT correct usage /Maildir/.MyFolder/maildirfolder is NOT correct usage /Maildir/.MyFolder.MySubFolder/maildirfolder IS correct usage. I'm not sure what you're saying here about incorrect usage. maildirfolder files must exist under any folder directory you wish Courier-IMAP to honor. Is the presence of 'maildirfolder' in subfolders actually MANDATORY for IMAP to function properly? Not for IMAP, for Courier-IMAP. I'm sure you knew that, but I figured I'd be a little more technical on this point for anyone else who may not have caught that. - -- /* Matt Brookings [EMAIL PROTECTED] GnuPG Key ABA26FE7 Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFHTzBeYaj0Mauib+cRAhsDAJ0TYcF6vqbndnV5Pe+nIsIC1CthCgCgmkrN xE/PM6o3fJZTkthW6gFHtr4= =E+3Q -END PGP SIGNATURE- Matt, thanks for your post, the answer surprises me. Is there a resource you can recommend? I hadn't anticipated that 'maildirfolder' is a requirement for all folders; by inspection, my existing vpopmail/courier kit seems to run fine with very few 'maildirfolder' files that don't seem to conform to any particular methodology/rule. Thus the basis for my confusion. Again, I really appreciate the help! Dave. !DSPAM:474f442732002376413044!
Re: [vchkpw] Problem compiling courier-auth 0.59.3+
Some very smart person - I'm REALLY sorry I cannot easily find the link to give proper credit - posted this patch out there a few weeks ago. I don't think it's become mainstream yet, but I literally just went through the same problem with authlib 0.59.3 and vpopmail 5.4.17. Yes, the patch works; no I don't know why. the patch I used came from discussion here: http://www.mail-archive.com/vchkpw@inter7.com/msg24923.html I tried to google for the filename of the patch below but I think it's a filename I made up... I was in a rush to get something built, so my notes are incomplete. Bad dog, I know. Meanwhile, here's the patch code === --- courier-authlib-0.59.3/authvchkpw.c 2007-04-22 20:53:30.0 +0200 +++ courier-authlib-0.59.3b/authvchkpw.c2007-04-25 17:53:58.908980669 +0200 @@ -55,16 +55,19 @@ return (*i-callback_func)(a, i-callback_arg); } #if HAVE_HMACLIB #includelibhmac/hmac.h #includecramlib.h +static int auth_vchkpw_login(const char *service, char *authdata, +int (*callback_func)(struct authinfo *, void *), void *callback_arg); + static int auth_vchkpw_cram(const char *service, const char *authtype, char *authdata, int (*callback_func)(struct authinfo *, void *), void *callback_arg) { struct cram_callback_info cci; === And how I build the authlib for my system cd /usr/src/qmail wget http://superb-west.dl.sourceforge.net/sourceforge/courier/courier-authlib-0.59.3.tar.bz2 bunzip2 courier-authlib-0.59.3.tar.bz2 tar xf courier-authlib-0.59.3.tar chown -R root.root courier-authlib-0.59.3 cd courier-authlib-0.59.3 wget http://www.dermanagement.com/qmail/courier-0.59.3-authvchkpw.patch patch courier-0.59.3-authvchkpw.patch ./configure \ --prefix=/usr/local/courier-authlib \ --without-authpam \ --without-authldap \ --without-authpwd \ --without-authmysql \ --without-authpgsql \ --without-authshadow \ --without-authuserdb \ --without-authcustom \ --without-authcram \ --without-authpipe \ --with-authdaemon \ --with-redhat \ --with-authvchkpw Good luck. Dave. I can compile courier-authlib version 0.59.2 or lower just fine with vpopmail 5.4.17 but I cannot get newer versions to compile. I tried asking on the courier-imap list but they say not our problem. Here's the errors: -- authvchkpw.c: In function 'auth_vchkpw_login': authvchkpw.c:40: warning: empty declaration authvchkpw.c:43: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token In file included from authvchkpw.c:63: libhmac/hmac.h:15: error: storage class specified for parameter 'hmac_h_rcsid' libhmac/hmac.h:15: error: parameter 'hmac_h_rcsid' is initialized libhmac/hmac.h:50: warning: empty declaration libhmac/hmac.h:54: error: storage class specified for parameter 'hmac_md5' libhmac/hmac.h:54: error: storage class specified for parameter 'hmac_sha1' libhmac/hmac.h:54: error: storage class specified for parameter 'hmac_sha256' libhmac/hmac.h:61: error: storage class specified for parameter 'hmac_list' In file included from authvchkpw.c:64: cramlib.h:17: warning: empty declaration cramlib.h:19: error: storage class specified for parameter 'auth_cram_callback' cramlib.h:26: warning: empty declaration authvchkpw.c:71: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token authvchkpw.c:87: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token authvchkpw.c:106: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token authvchkpw.c:170: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token authvchkpw.c:177: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token authvchkpw.c:227: error: parameter 'authvchkpw_info' is initialized authvchkpw.c:229: error: 'auth_vchkpw' undeclared (first use in this function) authvchkpw.c:229: error: (Each undeclared identifier is reported only once authvchkpw.c:229: error: for each function it appears in.) authvchkpw.c:231: error: 'authvchkpwclose' undeclared (first use in this function) authvchkpw.c:232: error: 'auth_vchkpw_changepass' undeclared (first use in this function) authvchkpw.c:238: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token authvchkpw.c:240: error: old-style parameter declarations in prototyped function definition authvchkpw.c:240: error: expected '{' at end of input make[2]: *** [authvchkpw.lo] Error 1 make[2]: Leaving directory `/netsrc/courier-authlib-0.59.3.20070721' -- This is NOT just for the pre-release, before anyone asks. I tried it because they mentioned some authvchkpw fixes. -- -- Cheers, Steve
Re: [vchkpw] Problem compiling courier-auth 0.59.3+
Crud, NO that is not the correct link for what I thought was the patch source. OK, I found it! It's in French, that's why it's kinda hard to find. You can run this page through Babelfish and get something readable, but the patch originated from this page http://christian.caleca.free.fr/qmail/courier-imap.htm Credit due. D. Some very smart person - I'm REALLY sorry I cannot easily find the link to give proper credit - posted this patch out there a few weeks ago. I don't think it's become mainstream yet, but I literally just went through the same problem with authlib 0.59.3 and vpopmail 5.4.17. Yes, the patch works; no I don't know why. the patch I used came from discussion here: http://www.mail-archive.com/vchkpw@inter7.com/msg24923.html I tried to google for the filename of the patch below but I think it's a filename I made up... I was in a rush to get something built, so my notes are incomplete. Bad dog, I know. Meanwhile, here's the patch code === --- courier-authlib-0.59.3/authvchkpw.c 2007-04-22 20:53:30.0 +0200 +++ courier-authlib-0.59.3b/authvchkpw.c2007-04-25 17:53:58.908980669 +0200 @@ -55,16 +55,19 @@ return (*i-callback_func)(a, i-callback_arg); } #if HAVE_HMACLIB #includelibhmac/hmac.h #includecramlib.h +static int auth_vchkpw_login(const char *service, char *authdata, +int (*callback_func)(struct authinfo *, void *), void *callback_arg); + static int auth_vchkpw_cram(const char *service, const char *authtype, char *authdata, int (*callback_func)(struct authinfo *, void *), void *callback_arg) { struct cram_callback_info cci; === And how I build the authlib for my system cd /usr/src/qmail wget http://superb-west.dl.sourceforge.net/sourceforge/courier/courier-authlib-0.59.3.tar.bz2 bunzip2 courier-authlib-0.59.3.tar.bz2 tar xf courier-authlib-0.59.3.tar chown -R root.root courier-authlib-0.59.3 cd courier-authlib-0.59.3 wget http://www.dermanagement.com/qmail/courier-0.59.3-authvchkpw.patch patch courier-0.59.3-authvchkpw.patch ./configure \ --prefix=/usr/local/courier-authlib \ --without-authpam \ --without-authldap \ --without-authpwd \ --without-authmysql \ --without-authpgsql \ --without-authshadow \ --without-authuserdb \ --without-authcustom \ --without-authcram \ --without-authpipe \ --with-authdaemon \ --with-redhat \ --with-authvchkpw Good luck. Dave. I can compile courier-authlib version 0.59.2 or lower just fine with vpopmail 5.4.17 but I cannot get newer versions to compile. I tried asking on the courier-imap list but they say not our problem. Here's the errors: -- authvchkpw.c: In function 'auth_vchkpw_login': authvchkpw.c:40: warning: empty declaration authvchkpw.c:43: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token In file included from authvchkpw.c:63: libhmac/hmac.h:15: error: storage class specified for parameter 'hmac_h_rcsid' libhmac/hmac.h:15: error: parameter 'hmac_h_rcsid' is initialized libhmac/hmac.h:50: warning: empty declaration libhmac/hmac.h:54: error: storage class specified for parameter 'hmac_md5' libhmac/hmac.h:54: error: storage class specified for parameter 'hmac_sha1' libhmac/hmac.h:54: error: storage class specified for parameter 'hmac_sha256' libhmac/hmac.h:61: error: storage class specified for parameter 'hmac_list' In file included from authvchkpw.c:64: cramlib.h:17: warning: empty declaration cramlib.h:19: error: storage class specified for parameter 'auth_cram_callback' cramlib.h:26: warning: empty declaration authvchkpw.c:71: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token authvchkpw.c:87: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token authvchkpw.c:106: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token authvchkpw.c:170: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token authvchkpw.c:177: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token authvchkpw.c:227: error: parameter 'authvchkpw_info' is initialized authvchkpw.c:229: error: 'auth_vchkpw' undeclared (first use in this function) authvchkpw.c:229: error: (Each undeclared identifier is reported only once authvchkpw.c:229: error: for each function it appears in.) authvchkpw.c:231: error: 'authvchkpwclose' undeclared (first use in this function) authvchkpw.c:232: error: 'auth_vchkpw_changepass' undeclared (first use in this function) authvchkpw.c:238: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token authvchkpw.c:240: error: old-style parameter declarations in prototyped function definition authvchkpw.c:240: error: expected '{' at end of input
[vchkpw] Alternate routing for failed send
I had a case where a single destination SMTP MX server was denying my send request from what appeared to be an IP range-based RBL blacklist. Nobody elses MXs levered that blacklist, so I only had the one problem delivery. I was able to mockup a gateway on another server of mine in another IP block and I temporarily used 'smtproutes' to clear my queue for that issue. Q: What solutions are being used in the wild to deal with this kind of case? I could see an 'smtproutes' file that uses a :farm.of.hostnames.tld in order to send your outbound email through a farm of servers in diverse netblocks, but that implies a bit more scale than I can offer/afford. I don't believe there's any available logic that says something like after a message is SMTP-connect-refused XX times, please try alternate send path via 'othersmtproutes' That's probably more overhead than value, but it occurred to me... Feedback is most welcome. (Please let me know if this is more appropriate for the qmail list than vpopmail.) Dave
[vchkpw] Anti-spam solution - favs?
I've got vpopmail/netqmail built using typical clamav and spamassassin (clamd, spamd). I've got XBL filtering and CHKUSER enabled on smtp. I'm actively training my Bayes filters. I do not use verified sender or SPF. Spamassassin's local.cf look like this: required_score 6 rewrite_header Subject [SPAM] report_safe 0 use_pyzor 0 use_razor2 1 use_dcc 0 dcc_home /var/dcc skip_rbl_checks 0 rbl_timeout 3 score RCVD_IN_BL_SPAMCOP_NET 2 use_bayes 1 bayes_auto_learn 1 bayes_path /home/spamd/.spamassassin/bayes I STILL find a good bit of spam is getting through. (pharma, mortgages, stock hype, etc) I wonder whether there are other/better anti-spam tools I should use to cull the spam more effectively. Suggestions most welcome.
[vchkpw] announce: bantcp for CHKUSER patch
I wanted to announce a little script project I'm starting called 'bantcp'. I got frustrated by a dictionary attack on one of my domains. Tonix' CHKUSER patch did it's job in repelling the offending IPs (who were not already RBLd) but I wanted more. I wanted a (semi-)automated way to extract the attacking IPs from my qmail logs and insert them into my tcp.smtp file using selection criteria based upon how many attacks had been made from an IP during a specific window of time. I felt this was a way to prevent further abuse from these IPs. bantcp is version 0.01 It's a cobbling of bash and perl to provide the output suitable for pasting into your tcp.smtp file. It's not terribly elegant yet, but I'm hoping for some suggestions. Flames are welcome too, though please be kind. I'm not a coder. I'm also guessing that a 'sed/awk' guru could tighten bantcp up a lot - maybe kill off the perl jumps altogether. http://www.bantcp.com/ Thanks, Dave.
[vchkpw] CHKUSER 2.0.8b - banning IPs into tcp.smtp
CHKUSER 2.0.8b on qmail 1.03 and vpopmail 5.4.10. I LOVE that CHKUSER can single out the unknown recipients and block the offending SMTP session - big traffic control helper! However, I've got one domain that's really being hit hard by dictionary attacks. Some attack traffic is a few hits from many IPs, other traffic is many hits from few IPs. What I'd like to do is get something that's like an IDS that reads log output for CHKUSER rejections - currently only outputting to /var/log/qmail/smtp/current and have that information parsed for the specific domain and have the offending sender IP stuffed into a database (probably with a timestamp). Then I would build some scripted logic to query the database to figure out if I've been hit N number of times from an IP in a certain window of time; thus the trigger to update tcp.smtp with the offender. I think I might go ahead and just compile the tcp.smtp at each pass, that way I can keep tcp.smtp as compact as possible. Those who've stopped being naughty are taken off the blocklist eventually. Almost an RBL mentality I guess. (and yes, I AM running with the Spamhaus RBL also). I gotta believe some smart person already built this, but I don't know if it's called something specific. Big challenge for me is how to keep an eye on a logfile for any particular time (particularly given DJB's arcane date values in the above log file) and not end up reprocessing data I've already seen. Help appreciated and thanks! Dave.
[vchkpw] How expensive is reloading the tcp.smtp.cdb?
Related to my earlier post, how expensive is it - resource-wise - to reload a tcp.smtp file of 100-1000 lines? If I have processing that is updating tcp.smtp every 5-10 minutes and I choose to reload the cdb from that tcp.smtp, is that a bad idea? The qmailctl cdb command runs very fast for me now, but I don't have any idea what impact it has on any smtpd instances having to restart or re-read. Anyone know?
[vchkpw] Spotty behavior authenticating: MySQL server has gone away
Something peculiar happened to mysql during a reboot and now vpopmail authdaemond is having trouble completing authentications /var/log/maillog says: Aug 24 08:36:15 hostname authdaemond: vmysql: sql error[3]: MySQL server has gone away This problem is spotty though. I have several successful authentications before this error occurs. I then have to restart mysqld before I can get any other authentications to succeed. I am still able to use the mysql client to connect to the server for an interactive session. What seems strange to me is that there are only two mysql daemons running: root 23923 0.0 0.1 5060 1108 pts/0S09:13 0:00 /bin/sh /usr/bin/safe_mysqld --defaults-file=/etc/my.cnf --pid-file=/var/run/mysqld/mysqld.pid mysql23956 0.0 0.5 38620 5656 pts/0Sl 09:13 0:00 /usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedir=/var/lib --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking Every other instance of mysql 3.23.x I've ever run has about 10 child threads running, so this seems strange to see only one child thread. I have not updated any packages on this box recently. None at all, I swear. Suggestions to investigate? Googling on the MySQL server has gone away is a wild goose chase.
Re: [vchkpw] Spotty behavior authenticating: MySQL server has gone away
Something peculiar happened to mysql during a reboot and now vpopmail authdaemond is having trouble completing authentications /var/log/maillog says: Aug 24 08:36:15 hostname authdaemond: vmysql: sql error[3]: MySQL server has gone away This problem is spotty though. I have several successful authentications before this error occurs. I then have to restart mysqld before I can get any other authentications to succeed. I am still able to use the mysql client to connect to the server for an interactive session. What seems strange to me is that there are only two mysql daemons running: root 23923 0.0 0.1 5060 1108 pts/0S09:13 0:00 /bin/sh /usr/bin/safe_mysqld --defaults-file=/etc/my.cnf --pid-file=/var/run/mysqld/mysqld.pid mysql23956 0.0 0.5 38620 5656 pts/0Sl 09:13 0:00 /usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedir=/var/lib --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking Every other instance of mysql 3.23.x I've ever run has about 10 child threads running, so this seems strange to see only one child thread. I have not updated any packages on this box recently. None at all, I swear. Suggestions to investigate? Googling on the MySQL server has gone away is a wild goose chase. Hrm, rebooting the box seems to have helped. Still same number of mysql daemons, but they're answering now... Damned strange. dmesg on reboot didn't show any ext3 errors being fixed - I was wondering if this was a disk thing. Thoughts still welcome and appreciated on this.
[vchkpw] SMTP-AUTH works POP3 not SMTPd?
sys: Fedora core3, manually compiled vpopmail 3.4.10, RPM Mysql 3.23.59?, compiled courier imap 4.0.2, compiled qmail-1.03, patched qmail-ej-cocktail-14.tar.gz, manually patched Tonix' chkuser 2.0. I have installed vpopmail with roaming/SMTP-AUTH before, again using Michael Bowe's webmail guide. SMTP-AUTH is failing authentication and I cannot tell why. I had created the qmail install with Tonix' chkuser patch and saved that qmail-smtpd binary. Substituting between the original and the Tonix patched qmail-smtpd binaries does not seem to change the behavior. compiled vpopmail as: ./configure \ --enable-roaming-users \ --enable-logging=p \ --disable-passwd \ --enable-clear-passwd \ --disable-domain-quotas \ --enable-auth-module=mysql \ --disable-many-domains \ --enable-auth-logging \ --enable-sql-logging \ --enable-valias \ --disable-mysql-limits /home/vpopmail/etc: qmail]# ls -l ~vpopmail/etc/ total 16 -rw-r--r-- 1 root root 25 Jun 8 19:47 inc_deps -rw-r--r-- 1 root root 81 Jun 8 19:47 lib_deps -rw-r--r-- 1 vpopmail vchkpw 1107 Jun 8 19:47 vlimits.default -rw-r- 1 vpopmail vchkpw 43 Jun 8 19:43 vpopmail.mysql /var/qmail/supervise/qmail-smtpd/run: #!/bin/sh QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl export QMAILQUEUE VPOPMAILUID=`id -u vpopmail` VPOPMAILGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD -o -z $LOCAL ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi exec /usr/local/bin/softlimit -m 1700 \ /usr/local/bin/tcpserver \ -H -l [[[my.host.name]]] \ -v -x /etc/tcp.smtp.cdb \ -c 30 -R -u $VPOPMAILUID -g $VPOPMAILGID 0 smtp \ /usr/local/bin/rblsmtpd -b -C \ -r 'sbl-xbl.spamhaus.org:Your message was rejected ' \ /var/qmail/bin/qmail-smtpd $LOCAL /home/vpopmail/bin/vchkpw \ /usr/bin/true 21 mysql's vpopmail database table vlog contains: | id | user | passwd | domain| logon | remoteip | message | timestamp | error | ++---+--+---+-+--+-++---+ | 1 | daver | [EMAIL PROTECTED] | example.net | [EMAIL PROTECTED] | MYIP | vchkpw-25: password fail (pass: '[EMAIL PROTECTED]') [EMAIL PROTECTED]:MYIP | 1119024854 | 3 | | 2 | daver | [EMAIL PROTECTED] | example.net | [EMAIL PROTECTED] | MYIP | vchkpw-25: password fail (pass: '[EMAIL PROTECTED]') [EMAIL PROTECTED]:MYIP | 1119025751 | 3 | THIS IMPLIES that some element of the hostname and a timestamp(?) are being forwarded instead of the submitted password?? I'm at a loss here, help appreciated! BTW, all incoming SMTP delivery works to all accounts. All POP3 pickup and authentication works too. Just SMTP-AUTH to send is broken.
Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?
You've got an old SMTP AUTH patch that sends the MD5 challenge and response in the wrong order. Use the patch from the contrib directory of vpopmail, and then remove the $LOCAL from your run file, as the newer SMTP AUTH patch does not use it. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com Tom, thanks. I didn't realize there had been a change in patches that did this... Wilco.
Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?
You've got an old SMTP AUTH patch that sends the MD5 challenge and response in the wrong order. Use the patch from the contrib directory of vpopmail, and then remove the $LOCAL from your run file, as the newer SMTP AUTH patch does not use it. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com Tom, thanks. I didn't realize there had been a change in patches that did this... Wilco. Follow-up Built as netqmail-1.05, patched SMTP-AUTH from vpopmail contrib, then manually added Tonix' chkuser 2.0 Everything is VERY happy now. Thanks for the help! Dave.
Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?
On Jun 17, 2005, at 11:21 AM, ISP Lists wrote: Built as netqmail-1.05, patched SMTP-AUTH from vpopmail contrib, then manually added Tonix' chkuser 2.0 Everything is VERY happy now. Did you remember to remove $LOCAL from your qmail-smtpd/run file? If not, you can now auth with any username/password. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com Yes, I did and I tried using nonsense/invalid combos to ensure that I wasn't AUTH'ing the world. Appreciate your concern! Thanks again!
Re: [vchkpw] RBL setup
Hello, how to setup RBL cheking to my qmail-vpopmail instalation. How can I chack if my RBL check works. TNX Hello, Check the relevant section of this guide http://www.pipeline.com.au/staff/mbowe/isp/webmail-server.htm
Re: [vchkpw] OT: Migration of Lotus Notes to Vpopmail
Googling shall set ye free http://www.google.com/search?hl=enq=convert+lotus+notes+to+mboxbtnG=Google+Search Hi list. I need migrate accounts and mailbox from Lotus Notes 5.0.1 to Qmail+Vpopmail. The accounts creation isn't problem, but my main problem is migrate the mailbox to maildir. The mailbox for one user, in Lotus, is into a file .nsf (database Lotus). I need convert 1062 mailbox to Maildir. Somebody know how convert this? If isn't possible convert directly the file nsf, I'm think use imap migration tool http://migrationtool.sourceforge.net/ but I never use this tool Somebody has some experience using tools like to fetchmail, migrationtool, or others? Any suggestion is been thankful Bye friends Juan Enciso Condeña Área de Operaciones Qnet Soluciones Tecnológicas Av. Paseo de la República 4675 - Lima 34 Telf: (511) 241-4122 Anexo 2244 Fax: (511) 446-8135 www.qnet.com.pe
[vchkpw] Howto reject invalid recipients AFTER SMTPD receipt of msg?
I want to reject incoming email to invalid users AFTER accepting the email by SMTPd. Where can I insert a small bash script to check valid users against VPOPMAIL MYSQL DB before allowing SPAMD, CLAMAV, qmail-inject, etc. to run??? Vpopmail 5.4.5, Mysql 3.23.54. Also, I'm aware of Tonix's patch to prevent invalid users BEFORE SMTPD accepts mail. Am considering it, but want to understand options if I'm willing to take the bandwidth hit but not provide hints to dictionary attackers. Really hoping to put a small script inline to SMTP processing. THANKS! My current /var/qmail/supervise/qmail-smtpd/run file reads thusly. #!/bin/sh QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl export QMAILQUEUE VPOPMAILUID=`id -u vpopmail` VPOPMAILGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD -o -z $LOCAL ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi exec /usr/local/bin/softlimit -m 1500 \ /usr/local/bin/tcpserver \ -H -l server.example.com \ -v -x /etc/tcp.smtp.cdb \ -c 20 -R -u $VPOPMAILUID -g $VPOPMAILGID 0 smtp \ /usr/local/bin/rblsmtpd -b -C \ -r 'relays.ordb.org: denied' \ -r 'sbl-xbl.spamhaus.org: denied' \ /var/qmail/bin/qmail-smtpd $LOCAL \ /home/vpopmail/bin/vchkpw /usr/bin/true 21
[vchkpw] Re: Howto reject invalid recipients AFTER SMTPD receipt of msg?
On Jan 11, 2005, at 6:07 AM, ISP Lists wrote: I want to reject incoming email to invalid users AFTER accepting the email by SMTPd. Where can I insert a small bash script to check valid users against VPOPMAIL MYSQL DB before allowing SPAMD, CLAMAV, qmail-inject, etc. to run??? Vpopmail 5.4.5, Mysql 3.23.54. Also, I'm aware of Tonix's patch to prevent invalid users BEFORE SMTPD accepts mail. Am considering it, but want to understand options if I'm willing to take the bandwidth hit but not provide hints to dictionary attackers. Really hoping to put a small script inline to SMTP processing. THANKS! My current /var/qmail/supervise/qmail-smtpd/run file reads thusly. #!/bin/sh QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl export QMAILQUEUE You can incorporate it into qmail-scanner-queue.pl. If the qmail-queue program exits with the proper exit code, qmail-smtpd will reject the message. You can run vuserinfo and check the exit code to determine if an account is valid or not. You'll need to check the catchall setting (unless catchall is bounce/delete, all addresses are valid). You'll have to add some additional code though to check for mailing list, autoresponder and alias/forward accounts. We have bounced around the idea of writing a simple vpopmail program that checks to see if an account is valid or not (taking into consideration the catchall setting). Another option would be to modify Tonix's patch to do the checking after receiving the message. I have no idea how hard that would be though. On possible problem with this setup is that if I legitimately email two people at your company and one address is invalid, the entire message bounces and I don't know which address was wrong. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/ Tom, thanks for your well considered message. Your last point is probably the most troubling to any scenario that rejects by name. I haven't taken a serious look yet into the docs/code from Tonino to see its behavior in such a case. I, for one, would like to see some additional movement in vpopmail to expand control of smtpd - if not replace it as LinuxMagic have done. That's a bit far-reaching, so perhaps your thought of extending some service for checking valid IDs is useful. I, for one, do NOT run with a catchall, BTW
[vchkpw] fetchmail and maildrop to a vpopmail account
I'm struggling finding a howto on a particular issue: I have a webmail/pop3 account, no IMAP. I do not run that server and only have user privs on the email account. I want to do a ONE-TIME conversion to pull the 400+ messages from this account using fetchmail (or whatever you recommend) for delivery to my vpopmail user account. I run the destination server, it runs vpopmail/courier/mysql, and has a domain with the particular ./Maildir account that I want to deliver the mail into. I was going to use fetchmail - maildrop - ./Maildir I was doing okay pulling together information to accomplish this until I realized that I didn't have a local account for maildrop since the destination account is a virtual user in vpopmail (/home/vpopmail/domains/example.com/username/Maildir) Does anybody have some guidance on where I should go to cook up a solution? All help appreciated! Thanks, Dave.
Re: [vchkpw] fetchmail and maildrop to a vpopmail account
On Tue, 2004-09-28 at 10:06, ISP Lists wrote: I'm struggling finding a howto on a particular issue: I have a webmail/pop3 account, no IMAP. I do not run that server and only have user privs on the email account. I want to do a ONE-TIME conversion to pull the 400+ messages from this account using fetchmail (or whatever you recommend) for delivery to my vpopmail user account. I run the destination server, it runs vpopmail/courier/mysql, and has a domain with the particular ./Maildir account that I want to deliver the mail into. I was going to use fetchmail - maildrop - ./Maildir I was doing okay pulling together information to accomplish this until I realized that I didn't have a local account for maildrop since the destination account is a virtual user in vpopmail (/home/vpopmail/domains/example.com/username/Maildir) Does anybody have some guidance on where I should go to cook up a solution? All help appreciated! Thanks, Dave. You're fine just using Fetchmail - after that, IMHO, you're overcomplicating it with maildrop :) I do fetchmail like so: /usr/local/bin/fetchmail -s -f /home/root/fetchmail/fetchmail2.rc where fetcmail2.rc contains: poll mail.com.com proto POP3 user username pass password smtpname [EMAIL PROTECTED] fetchall Basically grab anything from the remote user's mailbox and redirect it via smtp to '[EMAIL PROTECTED]'. Then your SMTP setup takes care of the delivery as if all those emails came in to your localuser originally. Rick Shucks, that was too easy. Worked great! Thanks Rick!
[vchkpw] SMTP-AUTH fails, POP3 auth works. Mysql, Linux
I've built vpopmail 5.4.5 with mysql 3.23.57-ish on Debian potato. I've enabled roaming users and have included the SMTP-AUTH patch. Courier, vpopmail, qmail, and everything else compiled fine (I did not use Debian packages). POP3 works fine. Spam filtering works fine. Squirrelmail fine. Squirrelmail sends via 127.0.0.1 SMTP fine via /home/vpopmail/etc/tcp.smtp. SMTP-AUTH fails on password look ups and therefore roaming users cannot send email. ERROR LOG: Aug 7 06:58:21 puffer vpopmail[28939]: vchkpw-smtp: password fail [email protected]:[ip protected] vpopmail was compiled like this: ./configure --enable-roaming-users=y --enable-logging=y --enable-ip-alias-domains=y --enable-auth-module=mysql --enable-clear-passwd=n --enable-libdir=/usr/include/mysql/ --enable-tcpserver-path=/home/vpopmail/etc/ --enable-tcpserver-file=/home/vpopmail/etc/tcp.smtp --enable-qmail-ext --enable-logging=e --enable-tcprules-prog=/usr/local/bin/tcprules --enable-rebuild-tcpserver-file My qmail-smtp/run file reads: #!/bin/sh QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl export QMAILQUEUE VPOPMAILUID=`id -u vpopmail` VPOPMAILGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD -o -z $LOCAL ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi exec /usr/local/bin/softlimit -m 1500 \ /usr/local/bin/tcpserver \ -H -l [server hostname protected] \ -v -x /etc/tcp.smtp.cdb \ -c 20 -R -u $VPOPMAILUID -g $VPOPMAILGID 0 smtp \ /usr/local/bin/rblsmtpd -b -C \ -r 'relays.ordb.org:Your message was rejected. \ -r 'sbl-xbl.spamhaus.org:Your message was rejected \ /var/qmail/bin/qmail-smtpd $LOCAL /home/vpopmail/bin/vchkpw \ /usr/bin/true 21 /home/vpopmail/bin/vchkpw is owned by vpopmail.vchkpw /usr/local/courier-imap/etc/imapd bears the line AUTHMODULES=authdaemon How do I go further debug this? Thanks. D.
Re: [vchkpw] SMTP-AUTH fails, POP3 auth works. Mysql, Linux
I've built vpopmail 5.4.5 with mysql 3.23.57-ish on Debian potato. I've enabled roaming users and have included the SMTP-AUTH patch. Courier, vpopmail, qmail, and everything else compiled fine (I did not use Debian packages). POP3 works fine. Spam filtering works fine. Squirrelmail fine. Squirrelmail sends via 127.0.0.1 SMTP fine via /home/vpopmail/etc/tcp.smtp. SMTP-AUTH fails on password look ups and therefore roaming users cannot send email. [SNIP] OK, I've found that it was a client software error where CRAM-MD5 login is advertised first. Pegasus mail wouldn't keep trying to get to plain LOGIN, but The BAT! would fail back from CRAM-MD5 to plain LOGIN and roaming SMTP relay works fine. Sorry for the initial concern, but I'd like to remove CRAM-MD5 from the advertised capabilities to avoid this kind of confusion with users. Any help there?! Sorry, but thanks so far!