Re: [vchkpw] rcpt check patch - rejected rcpt
On 5/30/06, DAve [EMAIL PROTECTED] wrote: DAve wrote: Ken Jones wrote: tonix (Antonio Nati) wrote: At 22.53 22/05/2006, you wrote: Has anyone else run into this? A microsoft smtp service is sending an email with a list of rcpt's. Some of the rcpt's are invalid. The microsoft keeps reporting rejection of almost all the email addresses including valid ones. We are using fixcrio on the smtp server, so it's not a bare line feed problem. Using chkuser v.2.0.8. Everything works fine when a qmail server sends the same list of emails. All the good rcpts get the email and all the invalid rcpts are rejected. Any ideas? I am looking into disabling the chk user for the senders static IP address but wonder if there is possibly something in the qmail/chkuser code that needs looking into. What do chkuser logs say about these rejected rcpt? For the rejected addresses seeing: CHKUSER rejected not existing recipient For the accepted addresses CHKUSER accepted found existing recipient We ran some other tests. If all the recipients are accepted the email comes through to all the users. If any one of the recipients are rejected then the sender says they get a bounce message with valid and invalid recipients listed with the regular qmail failure status of the form: There was a SMTP communication problem with the recipient's email server.Please contact your system administrator. HOST_SENDER #5.5.0 smtp;511 sorry, no mailbox here by that name (#5.1.1 - chkuser) Thier email system returns a bounce message containing those types of status for valid and invalid accounts. And the chkuser log shows the correct information, reporting invalid for invalid accounts and valid for existing accounts. I'm going to run a test when I telnet to port 25 and walk through the conversation by hand. Then check the logs and received emails. Ken I have been looking into the same issue since last week. I am waiting to confirm the client is using an exchange server at their location. The issue I am seeing is that the client has a distribution list with 22 recipients in it. Once ten recipients fail, the message is bounced as per my chkuser setup. #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`head -1 /var/qmail/control/concurrencyincoming` # CHKUSER values CHKUSER_MBXQUOTA=90 export CHKUSER_MBXQUOTA CHKUSER_RCPTLIMIT=150 export CHKUSER_RCPTLIMIT CHKUSER_WRONGRCPTLIMIT=10 export CHKUSER_WRONGRCPTLIMIT if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD ]; then echo QMAILDUID, NOFILESGID, or MAXSMTPD is unset in echo $0 exit 1 fi exec /usr/local/bin/softlimit -m 200 \ /usr/local/bin/tcpserver -v -P -R -h -l ecluster4.tls.net -x /var/qmail/control/tcp.smtp. cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 10.0.241.134 25 \ /usr/local/bin/fixcrio /var/qmail/bin/qmail-smtpd 21 Addresses that are valid are rejected until the rejection count goes over the intrusion threshold, even though the user exists and still receives mail otherwise. snip 26-196-65.tls.net:65.196.226.41 rcpt [EMAIL PROTECTED] : not existing recipient 2006-05-10 17:30:32.579064500 CHKUSER rejected rcpt: from [EMAIL PROTECTED]:: remote JHexamerGardner:wls-41-2 26-196-65.tls.net:65.196.226.41 rcpt [EMAIL PROTECTED] : not existing recipient 2006-05-10 17:30:36.283696500 CHKUSER intrusion threshold: from [EMAIL PROTECTED]:: remote JHexamerGardner:wl s-41-226-196-65.tls.net:65.196.226.41 rcpt [EMAIL PROTECTED] : max number of allowed invalid rcpt 2006-05-10 17:30:36.543197500 CHKUSER rejected intrusion: from [EMAIL PROTECTED]:: remote JHexamerGardner:wls bash-2.05b# ./vuserinfo [EMAIL PROTECTED] name: lisah passwd: x clear passwd: x comment/gecos: lisah uid:0 gid:0 flags:0 gecos: lisah limits: No user limits set. dir: /home/vpopmail/domains/1/x.com/lisah quota: NOQUOTA usage: NOQUOTA last auth: Mon Mar 27 15:22:13 2006 last auth ip: 10.0.241.134 I see no issues with the MySQL backend, but I am updating the MySQL install tonight so I can use query caching. Not sure if that will make a difference or not but I wanted the advantage of caching to reduce load on my SQL server. I am seeing this with one client only, and the issue is intermittent at that. Using chkuser-2.0.8b-release. Anything else I can offer? DAveThere is no Exchange server involved.Looking closer I see that the user was in her office, so I am not surewhy she even hit chkuser! She should have been on smpt-auth from her IP and I don't use chkuser for smpt-auth clients.The message has failed twice in two weeks and worked three times. Lastattempt worked perfectly.Still looking.DAve--This message was checked by forty monkeys and found to not contain any SPAM whatsoever.Your monkeys may varyHas anyone else had any luck with this issue? I'm seeing the same scenario using chkuser v.2.0.8 with delivery to a group of recipients from MS Exchange server. One bad address in a group of recipients results in the exchange server reporting failure for all recipients.
Re: [vchkpw] rcpt check patch - rejected rcpt
On 8/14/06, Jason S [EMAIL PROTECTED] wrote: On 5/30/06, DAve [EMAIL PROTECTED] wrote: DAve wrote: Ken Jones wrote: tonix (Antonio Nati) wrote: At 22.53 22/05/2006, you wrote: Has anyone else run into this? A microsoft smtp service is sending an email with a list of rcpt's. Some of the rcpt's are invalid. The microsoft keeps reporting rejection of almost all the email addresses including valid ones. We are using fixcrio on the smtp server, so it's not a bare line feed problem. Using chkuser v.2.0.8. Everything works fine when a qmail server sends the same list of emails. All the good rcpts get the email and all the invalid rcpts are rejected. Any ideas? I am looking into disabling the chk user for the senders static IP address but wonder if there is possibly something in the qmail/chkuser code that needs looking into. What do chkuser logs say about these rejected rcpt? For the rejected addresses seeing: CHKUSER rejected not existing recipient For the accepted addresses CHKUSER accepted found existing recipient We ran some other tests. If all the recipients are accepted the email comes through to all the users. If any one of the recipients are rejected then the sender says they get a bounce message with valid and invalid recipients listed with the regular qmail failure status of the form: There was a SMTP communication problem with the recipient's email server.Please contact your system administrator. HOST_SENDER #5.5.0 smtp;511 sorry, no mailbox here by that name (#5.1.1 - chkuser) Thier email system returns a bounce message containing those types of status for valid and invalid accounts. And the chkuser log shows the correct information, reporting invalid for invalid accounts and valid for existing accounts. I'm going to run a test when I telnet to port 25 and walk through the conversation by hand. Then check the logs and received emails. Ken I have been looking into the same issue since last week. I am waiting to confirm the client is using an exchange server at their location. The issue I am seeing is that the client has a distribution list with 22 recipients in it. Once ten recipients fail, the message is bounced as per my chkuser setup. #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`head -1 /var/qmail/control/concurrencyincoming` # CHKUSER values CHKUSER_MBXQUOTA=90 export CHKUSER_MBXQUOTA CHKUSER_RCPTLIMIT=150 export CHKUSER_RCPTLIMIT CHKUSER_WRONGRCPTLIMIT=10 export CHKUSER_WRONGRCPTLIMIT if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD ]; then echo QMAILDUID, NOFILESGID, or MAXSMTPD is unset in echo $0 exit 1 fi exec /usr/local/bin/softlimit -m 200 \ /usr/local/bin/tcpserver -v -P -R -h -l ecluster4.tls.net -x /var/qmail/control/tcp.smtp. cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 10.0.241.134 25 \ /usr/local/bin/fixcrio /var/qmail/bin/qmail-smtpd 21 Addresses that are valid are rejected until the rejection count goes over the intrusion threshold, even though the user exists and still receives mail otherwise. snip 26-196-65.tls.net:65.196.226.41 rcpt [EMAIL PROTECTED] : not existing recipient 2006-05-10 17:30:32.579064500 CHKUSER rejected rcpt: from [EMAIL PROTECTED]:: remote JHexamerGardner:wls-41-2 26-196-65.tls.net:65 .196.226.41 rcpt [EMAIL PROTECTED] : not existing recipient 2006-05-10 17:30:36.283696500 CHKUSER intrusion threshold: from [EMAIL PROTECTED]:: remote JHexamerGardner:wl s-41-226-196-65.tls.net:65.196.226.41 rcpt [EMAIL PROTECTED] : max number of allowed invalid rcpt 2006-05-10 17:30:36.543197500 CHKUSER rejected intrusion: from [EMAIL PROTECTED]:: remote JHexamerGardner:wls bash-2.05b# ./vuserinfo [EMAIL PROTECTED] name: lisah passwd: x clear passwd: x comment/gecos: lisah uid:0 gid:0 flags:0 gecos: lisah limits: No user limits set. dir: /home/vpopmail/domains/1/x.com/lisah quota: NOQUOTA usage: NOQUOTA last auth: Mon Mar 27 15:22:13 2006 last auth ip: 10.0.241.134 I see no issues with the MySQL backend, but I am updating the MySQL install tonight so I can use query caching. Not sure if that will make a difference or not but I wanted the advantage of caching to reduce load on my SQL server. I am seeing this with one client only, and the issue is intermittent at that. Using chkuser-2.0.8b-release. Anything else I can offer? DAveThere is no Exchange server involved.Looking closer I see that the user was in her office, so I am not surewhy she even hit chkuser! She should have been on smpt-auth from her IP and I don't use chkuser for smpt-auth clients.The message has failed twice in two weeks and worked three times. Lastattempt worked perfectly.Still looking.DAve--This message was checked by forty monkeys and found to not contain any SPAM whatsoever.Your monkeys may varyHas anyone else had any luck with this issue? I'm seeing the same scenario using chkuser v.2.0.8 with delivery to a group of recipients from MS Exchange server. One bad address in a group of recipients results
Re: [vchkpw] Sporadic mail auth failures
On 8/21/05, David Erickson [EMAIL PROTECTED] wrote: Great suggestions but that doesn't seem to the be problem.. I restarted mysql earlier today, and continued to have problems afterward. And I just checked max_used_Conns and it is 7, and my actual limit is 100. Any other ideas? -David -Original Message- From: Roman Volf [mailto:[EMAIL PROTECTED] Sent: Sunday, August 21, 2005 10:44 AM To: [EMAIL PROTECTED] Subject: Re: [vchkpw] Sporadic mail auth failures Roman Volf wrote: Rick Macdougall wrote: Hi, It happens occasionally when you don't allow enough connections to your MySQL server. Try increasing the connections in the my.cnf (and look at increasing some of the buffers etc as well). Regards, Rick You can check this by doing: [EMAIL PROTECTED] ~]$ mysqladmin -u root -p extended-status|grep connections Enter password: | Max_used_connections | 25 | Then compare that number to the number specified in my.cnf. Or, to check the current setting for max_connections, do: [EMAIL PROTECTED] ~]$ mysqladmin -u root -p variables|grep connections Enter password: | max_connections | 100 -- Roman Volf Keystreams Internet Solutions [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.13/78 - Release Date: 8/19/2005 Maybe you can try turning on mysqld logging in my.cnf and see if anything strange pops up there? [mysqld] log=/path/to/your/logfile Don't do like me and forget to turn logging back off when you're done :) -- Jason [EMAIL PROTECTED]
[vchkpw] non-default domain cannot auth
I have about 20 domains set up on my pop server using mysql authentication. vpopmail user $HOME is /var/qmail/vpopmail I have a defaultdomain set in /var/qmail/vpopmail/etc/defaultdomain The defaultdomain accounts can auth just fine, with or without the domain appended to their username. However, the non-default domain users cannot auth. vpopmail version : 5.4.9 qmail: netqmail with Shupp's latest toaster patch. vpopmail config: ./configure \ --enable-valias \ --enable-mysql-replication \ --disable-auth-logging \ --enable-logging=v \ --enable-auth-module=mysql \ --enable-libdir=/usr/local/mysql/lib \ --enable-incdir=/usr/local/mysql/include \ --disable-clear-passwd \ --disable-roaming-users \ --disable-passwd \ --disable-domain-quotas \ --disable-many-domains qmail-pop3d run script: #!/bin/sh VPOPMAILUID=`id -u vpopmail` VPOPMAILGID=`id -g vpopmail` exec /usr/local/bin/tcpserver -lpop3.mydomain.com -R -H -v \ -u$VPOPMAILUID -g$VPOPMAILGID -c600 0 110 \ /var/qmail/bin/qmail-popup pop3.mydomain.com \ /var/qmail/vpopmail/bin/vchkpw \ /var/qmail/bin/qmail-pop3d Maildir 21 This is a new member of a pop3 cluster. The Maildirs are accessed over NFS. Just ran into this issue while upgrading to 5.3.9. Any ideas? Thanks, -- Jason [EMAIL PROTECTED]
Re: [vchkpw] Spamassin configuration
On Fri, 25 Feb 2005 16:47:36 -0500 (EST), Ron Dyck [EMAIL PROTECTED] wrote: I'm currently upgrading my mail server and am installing simscan. Simscan claims that there is an option to configure vpopmail with spamassassin option: --enable-spamassassin (http://www.qmailwiki.org/Simscan/Guide) The allows vpopmail user options so individual users can set their own perferences. I can't find this configure option anywhere, but would like to consider it. Does anyone have any information on this? Thanks, ron = Ron Dyck [EMAIL PROTECTED] webbtech.net = The document you reference tells you what you need to know as far as simscan is concerned. If you want more info about per-user config in spamassassin using sql, check here: http://wiki.apache.org/spamassassin/UsingSQL simscan has a list as well: http://news.gmane.org/gmane.mail.qmail.simscan Good luck -- Jason [EMAIL PROTECTED]
Re: [vchkpw] vpopmail + courier-imap + pop-before-smtp?
I have courier-imap working OK with vpopmail, no problems doing that beyond the usual bugs in the courier-imap build process. But I don't see any straightforward way to make it do pop-before-smtp. Courier uses its own authorization scheme. It calls the vpopmail lookup code, but doesn't have any interface to the relay stuff. I'm particularly interested in the MySQL version so I can handle multiple SMTP hosts. It's easy enough to stick an extra program into the courier-imap startup script, but it looks like I'll have to write the program myself. It's no big deal to write, but it's hard to believe that nobody's done it before. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of The Internet for Dummies, Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner More Wiener schnitzel, please, said Tom, revealingly. Checkout the vpopmail FAQ for using courier-imap with vpopmail's roaming users functionality. Jason
Re: [vchkpw] Importing my Passwords
Hi, I´m migrating from a Sendmail plataform to Qmail + Vpopmail, and I have an extensive list of users and domains hosted in my server. I don´t want to make all this users to change their passwords. There is a way to import my /etc/passwd list of users and my /etc/master.password list of encrypted passwords to vpopmail format (either cdb or mysql)? You could compile vpopmail with mysql and MD5 support and then run a script on your /etc/shadow file to dump all of the usernames and passwords to the vpopmail database. Or you could enable learned passwords in vpopmail and just dump your usernames with empty passwords to the vpopmail database so when each user pops in, their password is written to the database that way. I used a combination of the two. It was fairly seamless.
Re: [vchkpw] vconvert
Is this it: http://www.enderunix.org/vpwd2sql Hello, if such a tool does not exist, I would like to code it. Bye, Werner.
Re: [vchkpw] Re: How to change the password with SQL command?
It appears that passing RAND() with no arguments to the pw_passwd field breaks mysql replication. Hello Ken, On Friday, October 11, 2002 at 1:32:14 AM you wrote: You can use the MySQL crypt command. It calls the unix crypt() function, so it's compatiable with vpopmail (and /etc/shadow) One addition, to make it more md5-like: ENCRYPT(PASSWORD,CONCAT($1$,SUBSTRING(MD5(PASSWORD),ROUND(RAND()*1 0),5),0)) with 'PASSWORD' being the actual password should do the job. HTH Pit -- Best regards Peter Palmreuthermailto:lists;pitpalme.de
