Re: [vchkpw] CentOS 5 64 bit vchkpw segfault - vpopmail 5.4.9 - softlimit related
Paul Oehler wrote: Hi, We're seeing vchkpw segfault seemingly at random during pop3 authentication, but only on CentOS 5 x86_64. The result is pop3 authentication failing randomly. CentOS 5 32 bit and CentOS 4 64 and 32 bit do not exhibit this behavior, with the same vpopmail code base (5.4.9). This is admittidly not the newest vpopmail version - does this problem sound familiar to anyone and do you recall it being fixed in one of the newer versions? It appears to be related to the softlimit command that is used in the invocation of pop3. Attempting to raise the softlimit -m parameter to very high values (as high as 51200) does not prevent the segfault, however, removing the softlimit line entirely does prevent the segfaults. Also, copying the vchkpw binary compiled on a 32 bit CentOS 5 OS to the 64 bit install also fixes the problem. I realize 5.4.9 is pretty old, but we don't require many of the new features in the newer vpopmail releases, and would prefer to not have to recompile qmail-smtpd if we can get away with it (where we're using chkuser). In the ChangeLog for 5.4.10 I see this: Stephan Tesch - md5.h: fix related to segfaults in vchkpw on Sparc64. [1144851] What's the likelyhood that is related? You might want to try recompiling everything with out any compiler optimization flags like -O or -O2. We've seen some 64 bit systems have problems if -OX is enabled. With the -O options removed and everything recompiled the problems went away. Hope that helps, Ken Jones
Re: [vchkpw] tcp.smtp.cdb not updating after pop3 login
ahlist wrote: Hi, I have a vpopmail 5.4.25 install. When a user logs in with pop3, /home/vpopmail/etc/open-smtp is updated but /home/vpopmail/etc/tcp.smtp.cdb is not I have many identical vpopmail installs which work correctly. Here is what is different on this one: redhat enterprise 5 (most are on enterprise 3) vpopmail 5.4.25 (others are all vpopmail 5.2) I configure with: ./configure --enable-ip-alias-domains=y --enable-roaming-users=y --enable-passwd=y tcprules exists at : /usr/local/bin/tcprules -rwxr-xr-x 1 root root 16608 Mar 12 23:33 /usr/local/bin/tcprules /etc/tcp.smtp -rw-r--r-- 1 root root 30 Mar 12 23:33 /etc/tcp.smtp also exists. I'm a bit stuck on this one. Not sure why it is not updating. Can someone tell me the procedure to test from STDIN? Perhaps I could get it to display an error indicating why it is not updating the cdb file. Check the vpopmail config.h file for the location of the tcp.smtp file. The vpopmail config program checks several directories to locate the tcp.smtp file. If /etc/tcp.smtp exists I think the configure script will find that one first. The config.h file has the details of which tcp.smtp file is used. -- Ken Jones
Re: [vchkpw] Announcing ToasterAdmin, Net_Vpopmaild, Auth container
Bill Shupp wrote: All, I'd like to announce ToasterAdmin, a new vpopmail administration tool which utilizes vpopmaild, allowing for remote administration of a vpopmail system (over tcp sockets). It is intended as an alternative to running QmailAdmin and VqAdmin separately, and will eventually be fully comprehensive. Here are some of the highlights: Design * Written in OOP PHP 5 using an MVC Framework for easy code maintenance * Uses the Smarty template engine for clear separation of logic from display * Uses several packages from PEAR to minimize local code requirements Current Features * Add/Remove Domains, Users, Forwards, and Auto-Responders * Modify Default Domain Limits * Search for Domains * Modify user mail routing and vacation messages * Add Alias Domains * Manage IP Maps * Internationalization support via gettext (translators needed!) Planned Features * Modify User Limits * Modify System Default Limits (vlimits.default) * EZMLM Support (must be supported by vpopmaild first) * simcontrol support URL: http://trac.merchbox.com/trac/toasteradmin ToasterAdmin is discussed on the [EMAIL PROTECTED] list. Please forward any questions there (I'm not an ongoing member of vchkpw@inter7.com). While working on ToasterAdmin, I decided to put all of the base vpopmaild code in the PEAR package Net_Vpopmaild (based on work from Rick Widmer). Net_Vpopmaild's URL is http://pear.php.net/Net_Vpopmaild. Lastly, I added a Net_Vpopmaild auth container to PEAR's Auth framework (NetVPOPMaild). So if you need any PHP app to to authenticate off of your vpopmail user base running vpopmaild, you accomplish this very easily through PEAR Auth. URL: http://pear.php.net/Auth Nice work Bill! Looks really good. Thanks for the announcement. -- Ken Jones
Re: [vchkpw] not auto-learning passwords
D. Hilbig wrote: I configured vpopmail v5.4.25 with the --enable-learn-passwords option. I created a user without a password: ./vadduser -n [EMAIL PROTECTED] I then logged into Courier-IMAP's pop3d-ssl with: USER [EMAIL PROTECTED] PASS anything and it let me login. I then did it again but with a different password and I was able to login again. I looked in the mysql table vpopmail.vpopmail to see that the password field wasn't updated. What's going on here? Where is the failure? Hopefully not a short between the floor and the keyboard. ;) vpopmail v5.4.25 on CentOS Linux v5.1 (x86 32-bit). My configuration options: ./configure --enable-learn-passwords \ --enable-onchange-script \ --enable-spamassassin \ --enable-spamc-prog=/usr/bin/spamc \ --enable-auth-module=mysql \ --enable-sql-logging \ --enable-mysql-limits \ --enable-valias Try logging in with pop3 and see if the password gets learned. note that you should recompile courier-imap if you change vpopmail's configure options. courier statically links the vpopmail library. -- Ken Jones
Re: [vchkpw] Set properly dir hashing for one big domain
Alessio Cecchi wrote: Il Thursday 06 March 2008 01:06:07 Ken Jones ha scritto: Alessio Cecchi wrote: Hello, I have a dedicated server to registration e-mail free only. Every day there are about 250 new users. I believe that the default setting for hashing vpopmail directory is not optimal for this kind of service (make a new dir every 50 new accounts). What do you think? Can i improve it? Check your .h files of the vpopmail source. I have: #define MAX_USERS_PER_LEVEL 100 Meaning 100 users per directory. The optimal number of subdirectories was discussed on the vpopmail list back in 1998 or 1998. I don't remember who did the research but they found a maximum of 150 to 200 directories provided the most efficient processing. The bigdir code tries to maintain this level by creating at most 100 user accounts per directory plus the subdirectory structure using 0-9,a-z,A-Z (10 + 26 + 26 = 62). So in any directory there would be a maximum of 162 directories, fits within the recommened 150 to 200 limit. With three levels deep of sub directories vpopmail would support some where around 20 million accounts, which seemed reasonable. That was the basic behind the bigdir code. It would probably be worth while to re-investigate the 150-200 directory limit with today's current file system software. Hope that helps, Ken Jones Ken thanks for your response, i will increase it to 100. Can i edit it and rebuild vpopmail with new setting without problems on the current installation? Hi Alessio, Making that change should work fine with out any problems. Be sure to do a make clean before recompiling just in case the Makefile does not have all the dependencies set up. After recompiling I would run some tests with a test domain adding more than 300 accounts to verify if it is acting the way you want. If the tests work it should be fine to put into production. The directory hashing code should not care if MAX_USERS_PER_LEVEL is changed since it is only checked when creating a new account. grep MAX_USERS bigdir.c for details. By the way, is your source code set to 100 or 50 for MAX_USERS_PER_LEVEL. I'm interested to know if there are differences in any publicly released versions. Thanks, Ken
Re: [vchkpw] Set properly dir hashing for one big domain
Alessio Cecchi wrote: Hello, I have a dedicated server to registration e-mail free only. Every day there are about 250 new users. I believe that the default setting for hashing vpopmail directory is not optimal for this kind of service (make a new dir every 50 new accounts). What do you think? Can i improve it? Check your .h files of the vpopmail source. I have: #define MAX_USERS_PER_LEVEL 100 Meaning 100 users per directory. The optimal number of subdirectories was discussed on the vpopmail list back in 1998 or 1998. I don't remember who did the research but they found a maximum of 150 to 200 directories provided the most efficient processing. The bigdir code tries to maintain this level by creating at most 100 user accounts per directory plus the subdirectory structure using 0-9,a-z,A-Z (10 + 26 + 26 = 62). So in any directory there would be a maximum of 162 directories, fits within the recommened 150 to 200 limit. With three levels deep of sub directories vpopmail would support some where around 20 million accounts, which seemed reasonable. That was the basic behind the bigdir code. It would probably be worth while to re-investigate the 150-200 directory limit with today's current file system software. Hope that helps, Ken Jones
Re: [vchkpw] Problems with defaultdomain when authenticating from courier-imap
Quey wrote: Joshua Megerman wrote: If you reconfigured vpopmail and rebuilt it, but didn't rebuild courier-imap/authdaemon, you're still using the old vpopmail library. If you're using qmail's pop3 daemon, it uses vchkpw directly, which is why it works. Remember to ALWAYS rebuild EVERYTHING that links against vpopmail (including qmail, if you're using CHKUS(E)R) anytime you rebuild vpopmail... Josh Or dump courier altogether and use Dovecot, performance under heavy use leaves courier for dead. Does dovecot work for all the vpopmail back ends or just with the mysql backend? Thanks, Ken Jones
Re: [vchkpw] Mysql table
Rick Widmer wrote: mlist wrote: John Simpson wrote: and since mysql has a limit of 64 bytes for a table name, you have a... maybe not a bug, but a design flaw. the name a(63 times).com IS a valid domain name, but a(63 times)_com is NOT a valid table name. Definitely a design flaw, even before the domain name length increase. I believe Ken once told me it was a mistake, but he never removed it because people were using it. I think the name length issue is a good reason to depreciate the feature. I'm looking to reduce the number of options to ./configure, and this looks like a good candidate. perhaps you shouldn't store each domain's data in a separate table? i've never understood the reason for creating separate tables for each domain anyway- but since i don't normally use a SQL back-end for mailbox information, it's not something i really worry about. Well then . . . that explains it. Thanks Rick, Joshua, and John. I'm no full-time DBA wouldn't it take less time to query through a specific table looking for data than it would to query one massive table? Any one else have any thoughts? I'm curious to know which would perform better. If I remember right, speed was the reason for separate tables, but testing showed it was not faster. I think the single table works better because all your mail users are accessing the same table, and its indexes so they stay loaded all the time. If you use separate tables it is always thrashing the cache as different files need to be accessed. I vote we depreciate the feature if we can provide a script to help people migrate from the multi table method to the single table method. The feature was only intended for sites with one or two domains and large numbers of users. In that case the database would not thrash since there would only be a few tables involved. And the database could save space by not storing the pw_domain field. As a DBA on large databases I could not resist optimizing this redundant data. The space saved on 100,000 users would be 6.4Mbytes for pw_domain of 64 chars or 12.4Mbytes for pw_domain of 128 chars. With the amount of RAM and disk space of modern servers the space saved does not seem significant now. Considering the confusion this feature generates and the relatively small amount of space it saves I say it's worth depreciating the feature. It should be relatively straight forward to create a migration script to move a site with many tables to the single table design. Ken Jones
[vchkpw] [OT] spamhaus down?
Has anyone else noticed spamhaus is down? None of their rbl host names are resolving. I've tried: zen.spamhaus.org sbl.spamhaus.org xbl.spamhaus.org sbl-xbl.spamhaus.org pbl.spamhaus.org We noticed a delay in accepting email and tracked it down to rblsmtpd checks on any of those lists. Ken Jones
Re: [vchkpw] [OT] spamhaus down?
I'm sorry. I didn't mean a dns lookup on the hostnames. I meant using rblsmtpd to do the query against their database. It might be related to a network issue since queries seem to be working fine on other email servers I checked. Paul Norland wrote: I too cannot resolve their names. Ken Jones wrote: Has anyone else noticed spamhaus is down? None of their rbl host names are resolving. I've tried: zen.spamhaus.org sbl.spamhaus.org xbl.spamhaus.org sbl-xbl.spamhaus.org pbl.spamhaus.org We noticed a delay in accepting email and tracked it down to rblsmtpd checks on any of those lists. Ken Jones
Re: [vchkpw] Using vdelivermail
Jeremiah Gowdy wrote: I am using qmail with vpopmail, having qmail compiled with QUEUE_EXTRA to log all of the received emails on my domain to a particular address. I want to forward copies of these emails to managers for quality monitoring. I can't use standard qmail forward syntax ( mailto:[EMAIL PROTECTED] [EMAIL PROTECTED]) because if I do, QUEUE_EXTRA will loop the forwarded email back to the log address again, causing a massive email loop. So instead, I'm trying to use vdelivermail to push the email directly into the managers' inboxes to avoid going back through the queue. So I have: /usr/local/vpopmail/domains/blah.com/log/.qmail: |/usr/local/vpopmail/bin/vdelivermail '' /usr/local/vpopmail/domains/blah.com/managerguy |/usr/local/vpopmail/bin/vdelivermail '' /usr/local/vpopmail/domains/blah.com/othermanager That's it. I just want to pipe copies to those users. Neither user gets the message. There are no messages in my qmail logs from vdelivermail. I'm wondering if my syntax is wrong or how I can figure out what vpopmail is doing and why it doesn't forward the email. Any hints / information greatly appreciated. Try using this syntax [EMAIL PROTECTED] |/usr/local/vpopmail/bin/vdelivermail '' [EMAIL PROTECTED] .qmail supports a standard forwarding Ken Jones
Re: [vchkpw] Using vdelivermail
If you know the path to the maildir you can use that instead like: /home/vpopmail/domains/somedomain/someuser/Maildir/ then the vdelivermail line That will keep it out of the queue since qmail-local will just drop it into the Maildir/new directory. Ken Jeremiah Gowdy wrote: Yeah, I was trying to describe that unfortunately I can't use qmail's standard forwarding system with QUEUE_EXTRA, because the forwarded message passes through the queue, and is then duplicated again back to the log account. This creates an infinite loop of emails that crushes the server pretty quickly. I need a way to deliver the email to the box in question without going back through qmail-queue. I was hoping to use vdelivermail to provide that path. -Original Message- From: Ken Jones [mailto:[EMAIL PROTECTED] Sent: Friday, July 13, 2007 10:57 AM To: vchkpw@inter7.com Subject: Re: [vchkpw] Using vdelivermail Jeremiah Gowdy wrote: I am using qmail with vpopmail, having qmail compiled with QUEUE_EXTRA to log all of the received emails on my domain to a particular address. I want to forward copies of these emails to managers for quality monitoring. I can't use standard qmail forward syntax ( mailto:[EMAIL PROTECTED] [EMAIL PROTECTED]) because if I do, QUEUE_EXTRA will loop the forwarded email back to the log address again, causing a massive email loop. So instead, I'm trying to use vdelivermail to push the email directly into the managers' inboxes to avoid going back through the queue. So I have: /usr/local/vpopmail/domains/blah.com/log/.qmail: |/usr/local/vpopmail/bin/vdelivermail '' /usr/local/vpopmail/domains/blah.com/managerguy |/usr/local/vpopmail/bin/vdelivermail '' /usr/local/vpopmail/domains/blah.com/othermanager That's it. I just want to pipe copies to those users. Neither user gets the message. There are no messages in my qmail logs from vdelivermail. I'm wondering if my syntax is wrong or how I can figure out what vpopmail is doing and why it doesn't forward the email. Any hints / information greatly appreciated. Try using this syntax [EMAIL PROTECTED] |/usr/local/vpopmail/bin/vdelivermail '' [EMAIL PROTECTED] .qmail supports a standard forwarding Ken Jones
Re: [vchkpw] Grey Listing / RBL Update
Nick Bright wrote: I read in the Inter7 Spring 07 newsletter about Windows Grey Listing and a tasty RBL update. I'm not sure if this is the right place to post about it, but I would like to try these technologies on my mail server, but I wasn't able to find any downloads for the packages on the Inter7 website. Any idea when they will be available? http://www.inter7.com/?page=news is the page I found these references on. Hi Nick, We have not had time to package up the patches to qmail and simscan. Basically we moved the simscan p0f code into qmail-smtpd during the data command and check windows connections for non authenticated smtp connections. Then greylist windows with a 58 second wait time. Also we wrote a mysql or file based greylisting scheme to keep track of the windows ips/rcpt/from information. Hopefully we can get all this code out the door soon as patches to qmail and a new release of simscan. Hope that helps Ken Jones inter7
Re: [vchkpw] Building vqAdmin for OS X (darwin)
Charlie Garrison wrote: Good afternoon, On 15/3/07 at 7:18 PM -0600, Rick Widmer [EMAIL PROTECTED] wrote: Charlie Garrison wrote: Should it be possible to build vqAdmin on OS X? I can't get past the ./configure step; I get errors like the following: wild guess Sometimes a wild guess can be exactly what is needed. :-) Maybe you should try... make distclean Failed with no target, but not surprising since I don't have a Makefile yet. automake aclocal autoconf Those all ran without errors and created/updated these files: -rwxr-xr-x1 charlie admin 181401 Mar 16 15:09 configure* drwxr-xr-x5 charlie admin 170 Mar 16 15:09 autom4te.cache/ -rw-r--r--1 charlie admin 30855 Mar 16 15:08 aclocal.m4 -rw-r--r--1 charlie admin 17859 Mar 16 15:08 Makefile.in then try to configure again. I'm still getting the same errors; I tried './configure' as well as specifying some different build types. At worst you will want to wipe the working directory and untar the files again if it doesn't work. Re-creating the configure script with the autoconf tools on your machine might make a difference. I don't have access to OS-X, and don't run vqadmin but no one else has posted any suggestions yet, so I thought I would try. I started with a fresh working directory before trying your suggestions. Your advice sounded promising, but no progress so far. I've been compiling stuff for many years and know how to troubleshoot common stuff like missing libs, but I'm out of my depth here. I'm open to any other suggestions. It might be the config.guess and config.sub files. If vpopmail configures you can copy those files from the vpopmail source into the vqadmin source. We had the same issue with 64bit machines. We have a new release of vqadmin for next week that has those files updated plus a Post message feature. -- Ken Jones
Re: [vchkpw] problem with vpopbull
eng.waleed wrote: Hi when I was sending mail to my domain using vpopbull the connection to server lost and my session stopped and the email send to some account and does not for other how can I resend it only to the accounts which does not receive it? If you can generate a list of email addresses it was sent to then you can use the -e excludefile option. -e exclude_email_addr_file (list of addresses to exclude) vpopbull will skip all the email addresses in the exclude list. -- Ken Jones
Re: [vchkpw] vpopmail authenticate to oracle internet directory (OID)
sazaney wrote: Dear Friends, Recently i had been directed from my boss to authenticate email users to Oracle Internet Directory (OID). I know that vpopmail support ldap authentication (based on openldap) but how can i achieve that using Oracle Internet Directory? Any suggestion? Read about the functions of OID that you will need for vpopmail, such as: add entry, delete entry, modify entry, read entry. Then look at the current vpopmail authentication modules and pick one that looks close to OID. Modify it to use the OID functions and start testing. If OID is based on ldap you might be able to tweak the vpopmail ldap module to use the OID schema. -- Ken Jones
Re: [vchkpw] Squirrelmail plugins using vpopmaild
Kevin O'Rourke wrote: Hi, I saw some old discussions in the archives about some beta plugins for Squirrelmail that would allow password changes via vpopmaild. Does anyone know any more about these plugins? At the moment I'm looking at rewriting the existing vpopmail plugin (that needs the webserver to run as the vpopmail user, so it can fiddle with files) to use vpopmaild instead. Kevin I wrote a vpopmaild plugin to change passwords. Email me off list if you'd like a copy. -- Ken Jones inter7
Re: [vchkpw] That domain isn't in my list of allowed rcpthosts
MT wrote: The mail server resides at a 172.16.0 net and the client machines at a 192.168.2.0 net. If I have understood the documentation correctly, vpopmail must be configured with --enable-roaming-users if the client machines are on a different net. Correct? No. If you have clients at static IP's like 192.168.2.0 network then use the RELAYCLIENT entry like below. The entry in /home/vpopmail/etc/tcp.smtp is 172.16.0.:allow,RELAYCLIENT= and I have done qmailctl cdb qmailctl stop /var/vpopmail/bin/clearopensmtp qmailctl start Maybe I'm missing something too but shouldn't the contents of the tcp.smtp file say: 192.168.2.:allow,RELAYCLIENT= since the connections are coming FROM the 192 network? This is what you want, the client IP addresses. snip -- Ken Jones
Re: [vchkpw] How can I personalize some users in a domain ?
Bulent wrote: Hello I use vpopmail5.4. I want to personalize some emailaddresses in a domain. Let me explain that case. I have a domain. 5 email addresses of this domain will not able to send and receive any mail from anywhere except that domain. Other email address of this domain can send to everywhere and receive email from everywhere. How can I do this ? Thanks You might want to look at EMPF Email Message Policy Framework http://www.inter7.com/?page=empf It was designed to support what you are trying to do. -- Ken Jones
Re: [vchkpw] Re: Segfaulting in vadddomain
Manuzhai wrote: Manuzhai wrote: Any ideas on what I can do to fix this? (Always nice, a little self-quoting...) Okay, so I figured out what the problem is, I think. Lots of nice little fprintf(stderr, ...)'s later, I've come to the conclusion that Matt Brookings was right on the money stating that your assign file has some sort of syntax error in it. Indeed it does. I posted my assign file in a later message: enrai users # cat assign +localhost-:localhost:89:89:/var/vpopmail/domains/localhost:-:: +arlman.com-:arlman.com:89:89:/var/vpopmail/domains/arlman.com:-:: +leden.hebe.nl-:leden.hebe.nl:89:89:/var/vpopmail/domains/leden.hebe.nl:-:: +manuzhai.nl-:manuzhai.nl:89:89:/var/vpopmail/domains/manuzhai.nl:-:: +xavamedia.nl-:xavamedia.nl:89:89:/var/vpopmail/domains/xavamedia.nl:-:: . What trips up vpopmail: the localhost line. I'm not sure whether this *should* be valid or not, but the extract_domain() function in vpopmail.c sure doesn't like it. Here's what it looks like with the fprintf statements that are already in the code doing their work: enrai vpopmail-5.4.16 # vadddomain ochtman.nl test extract_domain - line: +ochtman.nl-:ochtman.nl:89:89:/var/vpopmail/domains/ochtman.nl:-:: extract_domain - result: ochtman.nl extract_domain - i: 0 part: ochtman extract_domain - i: 1 part: nl extract_domain - modified i: 0 part: ochtman extract_domain - modified i: 1 part: nl extract_domain - final result: ochtman.nl BEFORE READING AFTER TRIMMING BEFORE EXTRACTION extract_domain - line: +localhost-:localhost:89:89:/var/vpopmail/domains/localhost:-:: extract_domain - result: localhost extract_domain - i: 0 part: localhost Segmentation fault enrai vpopmail-5.4.16 # (The three uppercase ones are from me.) So. I'm not sure how I got it in there; vdeldomain seems to think localhost is an invalid domain, so I'm guessing vadddomain would do so too. I may have used one of the qmail tools to add it. Now, would it be safe for me to just remove the offending line from the assign file, or is there some other, better way to get it out? And, if anyone would be so kind as to offer me some advice on this somewhat off-topic question, that would be appreciated: how *do* I make sure any email to [EMAIL PROTECTED] (especially for [EMAIL PROTECTED]) gets forwarded to some other (remote) email address? In any case, thanks for any help, and for the (otherwise ;) great software. It might be the sorting code is looking for domains with dots in them and the single hostname with no dot confuses the sort. Ken Jones
Re: [vchkpw] cannt relay
Cristi Tauber wrote: hello there, i installed qmail + vpopmail + mysql on debian . i configured vpopmail to allow roaming users (pop before smtp). if i get messages my ip goes to relay table in vpopmail mysql database , but i cannot relay. i mean : the ip is written in the table but when i send mail it says : relaying denied any clues ? Verify that your tcp.smtp.cdb file is updated when the ip gets inserted into the mysql table. Verify that your smtp server is using that tcp.smtp.cdb. It might be use a different one in a different directory. It you can, it is better to use SMTP authentication. Ken Jones
Re: [vchkpw] cannt relay
Cristi Tauber wrote: Ken Jones wrote: Cristi Tauber wrote: hello there, i installed qmail + vpopmail + mysql on debian . i configured vpopmail to allow roaming users (pop before smtp). if i get messages my ip goes to relay table in vpopmail mysql database , but i cannot relay. i mean : the ip is written in the table but when i send mail it says : relaying denied any clues ? Verify that your tcp.smtp.cdb file is updated when the ip gets inserted into the mysql table. Verify that your smtp server is using that tcp.smtp.cdb. It might be use a different one in a different directory. It you can, it is better to use SMTP authentication. Ken Jones stupid me ... after hours of knocking my head against the table, I figured out. in debian mysql listen only on 127.0.0.1 which in /etc/hosts is localhost.localdomain instead of just localhost and this is why vpopmail user can't login . i use tcp.smtp for static IPs . ken : what else is there for road warriors ? (besides smtp-auth which is not the case here) thanks cristi I would suggest running an SSL smtp server on the smtps port 465. You can use sslserver instead of tcpserver. Many places, like hotels, block outbound port 25 (smtp) but they do not block outbound port 465 (smtps) s as in SSL encrypted. You can also run a pop3s server (pop3 with SSL) on port 995. Ken
Re: [vchkpw] More logs in POP
Franck wrote: Hi, I must have logs with more detailed on the POP3. In /var/log/qmail/pop3/current, i must have ALL infos like datetime, login, password, IP, etc ... which files can i edit to put this infos please ? Is vchkpw or qmail-pop3d source file ??? My config is : netqmail 1.05 + vpopmail 5.4.16 The supervise script is /var/qmail/supervise/pop3/run : PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/sbin:/usr/sbin:/sbin export PATH HOTE=mydomain.com exec /usr/local/bin/tcpserver -H -R -v -l 0 0 110 /var/qmail/bin/qmail-popup $HOTE \ /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d \ Maildir 21 Franck Take a look at the logging configuration options for vpopmail. --enable-logging=OPT Log to syslog: n=nothing, e=errors only (default), y=all attempts, p=errors with passwords, v=verbose (all attempts, with passwords). You might want the --enable-logging=v option. vchkpw will send the logging information to syslog. On redhat based systems syslog will write the information to the /var/log/maillog file. Ken Jones
Re: [vchkpw] vpopmail and access to Maildir for users
Dmitriy MiksIr wrote: Hi! Is anyone implement vpopmail with separate uid (per-user uid) for place users maildir to his own home directory? Yes. It is built into vpopmail. For example, vadddomain -ujoe joedomain.com -u user (sets the uid/gid based on a user in /etc/passwd) As bonus for this scheme - user will have access to his mail (for read/delete via shell) What troubles and security holes can make this schema? Allowing shell access will expose your machine to possible local root exploits. I only give system administrators shell access. Ken Jones
[vchkpw] rcpt check user problems with sender - resolution
Hi, Tonino was able to do a fast analysis of the problem. Server: Qmail with Tonino's check user patch. Problem: When an email sender identifying itself as SMTPSVC(6.0.3790.1830) sends an email to multiple rcpt's, where some of the rcpt are valid and some are invalid, not all the emails to valid rcpts are delivered and the sender reports an incorrect list of valid/invalid rcpts. Resolution: Problem due to Outlook not fully supporting SMTP protocol. Details: Sender is probably using ISA server (Microsoft integrated firewall) that declares itself to be SMTPSVC(6.0.3790.1830) and Outlook as the email client. The SMTPSVC acts as a proxy, passing the SMTP session results back to the email client. Sender is probably using Microsoft Outlook. Outlook is known to stop processing the mail to: rcpts when it receives a invalid user response. After that failure response Outlook will fail and not continue to send the remaining rcpt's. Hope that clears things up, Ken Jones
Re: [vchkpw] rcpt check user problems with sender - resolution
Rick Macdougall wrote: Ken Jones wrote: Hi, Tonino was able to do a fast analysis of the problem. Server: Qmail with Tonino's check user patch. Problem: When an email sender identifying itself as SMTPSVC(6.0.3790.1830) sends an email to multiple rcpt's, where some of the rcpt are valid and some are invalid, not all the emails to valid rcpts are delivered and the sender reports an incorrect list of valid/invalid rcpts. Resolution: Problem due to Outlook not fully supporting SMTP protocol. So there was no real resolution ? Did you have them stop using the ISA firewall ? Regards, Rick I disabled check user for their static IP. Ken
Re: [vchkpw] rcpt check user problems with sender - resolution
tonix (Antonio Nati) wrote: At 21.44 31/05/2006, you wrote: Rick Macdougall wrote: Ken Jones wrote: Hi, Tonino was able to do a fast analysis of the problem. Server: Qmail with Tonino's check user patch. Problem: When an email sender identifying itself as SMTPSVC(6.0.3790.1830) sends an email to multiple rcpt's, where some of the rcpt are valid and some are invalid, not all the emails to valid rcpts are delivered and the sender reports an incorrect list of valid/invalid rcpts. Resolution: Problem due to Outlook not fully supporting SMTP protocol. So there was no real resolution ? Did you have them stop using the ISA firewall ? Regards, Rick I disabled check user for their static IP. Are they using your server as a relay, or are they just sending to everyone from Outlook? I feel chkuser should be disabled when used as relay from Outlook or Eudora. They are just sending using Outlook. Not as a relay. They are an external company sending to local users. We do not have any reported problems from any relay users. Ken
Re: [vchkpw] rcpt check patch - rejected rcpt
Ken Jones wrote: Tom Collins wrote: On May 23, 2006, at 7:02 AM, Ken Jones wrote: If any one of the recipients are rejected then the sender says they get a bounce message with valid and invalid recipients listed with the regular qmail failure status of the form: It sounds like a problem with the sender's SMTP server not being able to handle a message where only some of the recipients exist. Have the original sender do a test where they email a real gmail account, and a completely made up one. Does the same thing happen? I'll give it a shot. If they're running an Exchange Server, they should see if there are any patches or updates they can install. Sounds like a good idea. Found the smtp sender info: Microsoft SMTPSVC(6.0.3790.1830) Does anyone have access to a Microsoft SMTPSVC(6.0.3790.1830) server? We'd like to test the idea that Tom had about sending emails to gmail but we don't have one of those Microsoft boxes. If anyone has one and would like to help run a test, please email me off list so we can run a few tests. Thanks, Ken Jones
Re: [vchkpw] rcpt check patch - rejected rcpt
tonix (Antonio Nati) wrote: At 22.53 22/05/2006, you wrote: Has anyone else run into this? A microsoft smtp service is sending an email with a list of rcpt's. Some of the rcpt's are invalid. The microsoft keeps reporting rejection of almost all the email addresses including valid ones. We are using fixcrio on the smtp server, so it's not a bare line feed problem. Using chkuser v.2.0.8. Everything works fine when a qmail server sends the same list of emails. All the good rcpts get the email and all the invalid rcpts are rejected. Any ideas? I am looking into disabling the chk user for the senders static IP address but wonder if there is possibly something in the qmail/chkuser code that needs looking into. What do chkuser logs say about these rejected rcpt? For the rejected addresses seeing: CHKUSER rejected not existing recipient For the accepted addresses CHKUSER accepted found existing recipient We ran some other tests. If all the recipients are accepted the email comes through to all the users. If any one of the recipients are rejected then the sender says they get a bounce message with valid and invalid recipients listed with the regular qmail failure status of the form: There was a SMTP communication problem with the recipient's email server. Please contact your system administrator. HOST_SENDER #5.5.0 smtp;511 sorry, no mailbox here by that name (#5.1.1 - chkuser) Thier email system returns a bounce message containing those types of status for valid and invalid accounts. And the chkuser log shows the correct information, reporting invalid for invalid accounts and valid for existing accounts. I'm going to run a test when I telnet to port 25 and walk through the conversation by hand. Then check the logs and received emails. Ken
Re: [vchkpw] rcpt check patch - rejected rcpt
Tom Collins wrote: On May 23, 2006, at 7:02 AM, Ken Jones wrote: If any one of the recipients are rejected then the sender says they get a bounce message with valid and invalid recipients listed with the regular qmail failure status of the form: It sounds like a problem with the sender's SMTP server not being able to handle a message where only some of the recipients exist. Have the original sender do a test where they email a real gmail account, and a completely made up one. Does the same thing happen? I'll give it a shot. If they're running an Exchange Server, they should see if there are any patches or updates they can install. Sounds like a good idea. Found the smtp sender info: Microsoft SMTPSVC(6.0.3790.1830) Ken
Re: [vchkpw] rcpt check patch - rejected rcpt
tonix (Antonio Nati) wrote: At 22.53 22/05/2006, you wrote: Has anyone else run into this? A microsoft smtp service is sending an email with a list of rcpt's. Some of the rcpt's are invalid. The microsoft keeps reporting rejection of almost all the email addresses including valid ones. We are using fixcrio on the smtp server, so it's not a bare line feed problem. Using chkuser v.2.0.8. Everything works fine when a qmail server sends the same list of emails. All the good rcpts get the email and all the invalid rcpts are rejected. Any ideas? I am looking into disabling the chk user for the senders static IP address but wonder if there is possibly something in the qmail/chkuser code that needs looking into. What do chkuser logs say about these rejected rcpt? Tonino Is there any settings that will let me disable chkuser based on an enviroment variable. So it is on by default but I can turn it off in tcp.smtp like: A.B.C.D:allow,DISABLE_CHKUSER= Ken
[vchkpw] rcpt check patch - rejected rcpt
Has anyone else run into this? A microsoft smtp service is sending an email with a list of rcpt's. Some of the rcpt's are invalid. The microsoft keeps reporting rejection of almost all the email addresses including valid ones. We are using fixcrio on the smtp server, so it's not a bare line feed problem. Using chkuser v.2.0.8. Everything works fine when a qmail server sends the same list of emails. All the good rcpts get the email and all the invalid rcpts are rejected. Any ideas? I am looking into disabling the chk user for the senders static IP address but wonder if there is possibly something in the qmail/chkuser code that needs looking into. Ken Jones
Re: [vchkpw] vqadmin
Kim Christensen wrote: * Andrew Simon [EMAIL PROTECTED] [2006-05-14 14:16:38 -0400]: Hopefully this is the right list for this question. Just built a new server. When use vqadmin And try to list domains I get I get cannot open assign file'. When I try to create a directory I get Unable to chdir to vpopmail/domains/domain directory I have reinstalled and made sure permission are correct. Any help would be appreciated. Hello Andrew! First of all, please set your e-mail client so that it uses linebreaks properly - or at least make some of them yourself :-) Now to answer your question, what are the permissions on vqadmin.cgi? That file needs to be setuid root in order to function properly, that's why you are getting those errors. Regards Also, if your linux distribution has selinux, make sure it is not enforcing on the vqadmin.cgi. Ken Jones
Re: [vchkpw] dublicate messages
saimir hafizi wrote: Hi there, I am having lately dublicate messages from the same sender in qmail. Does anyone know anything about this problem. Your answer will be appreciated Check your smtp and qmail log files. They may be sending multiple copies Ken Jones
Re: [vchkpw] [vpopmail] handle 'postmaster' as non existing user (reject mails)
Lars Uhlmann wrote: We only need this mailbox for »qmailadmin« to log in. Is it possible to treat this account as non existing? I've tried a domain-global '.qmail-postmaster' (... bounce-no-mailbox) and a '.qmail' (same content) inside the folder 'postmaster' but nothing worked. regards Lars Create a .qmail-postmaster file with the same permissions and ownership and in the same directory as the .qmail-default file. Then put a single # character in the file. qmail-local treats a single # charater as delete the email. It is probably the most efficent way, since vdelivermail does not need to be envoked. I've been thinking of setting up all new domains with this way. Nobody really reads postmaster email. Ken Jones
Re: [vchkpw] vpopmail + activedir
Tom Collins wrote: On Apr 26, 2006, at 7:48 AM, Ken Jones wrote: That module is no longer valid. It was built as a client/server with the server running on the windows machine. Unfortunately the windows code was lost. What remains in the active directory vpopmail module is the client part. It sends and receives TCP/IP packets to the non existant server to perform all the various vpopmail functions. Should we pull it from the releases then? There will still be copies in the CVS attic if someone wants to try picking it up and running with it. That's probably a good idea. Keep things clean. Ken
Re: [vchkpw] peculiar qmailadmin problem
Paul Theodoropoulos wrote: not sure what to think of this. vqadmin 2.3.5/vpopmail 5.4.10/qmailadmin-1.2.7 i have a domain, been around on the server for a long time. postmaster is the administrator. that's confirmed both by vuserinfo on the shell, and in vqadmin it shows the normal 'yes' for domain adminstrator. the problem is, in qmailadmin the 'regular user' interface is always presented - none of the administrator options available. other domains/domain administrators are fine. i'm baffled. i've turned off then back on admin privileges, no effect. i added admin privs for another user within the same domain, and that won't work either - but it works fine on other domains. has anyone ever run into this? i gotta get admin privs back for the customer. Paul Theodoropoulos Perhaps deleting and adding the account will help. By default, the postmaster account should have admin privileges. So you wouldn't need to set that privilege. Ken Jones
Re: [vchkpw] peculiar qmailadmin problem
Paul Theodoropoulos wrote: At 05:52 AM 4/21/2006, Ken Jones wrote: Paul Theodoropoulos wrote: not sure what to think of this. vqadmin 2.3.5/vpopmail 5.4.10/qmailadmin-1.2.7 i have a domain, been around on the server for a long time. postmaster is the administrator. that's confirmed both by vuserinfo on the shell, and in vqadmin it shows the normal 'yes' for domain adminstrator. the problem is, in qmailadmin the 'regular user' interface is always presented - none of the administrator options available. other domains/domain administrators are fine. i'm baffled. i've turned off then back on admin privileges, no effect. i added admin privs for another user within the same domain, and that won't work either - but it works fine on other domains. has anyone ever run into this? i gotta get admin privs back for the customer. Paul Theodoropoulos Perhaps deleting and adding the account will help. By default, the postmaster account should have admin privileges. So you wouldn't need to set that privilege. thanks Ken. i tried that yesterday as well - forgot to mention it. no success. i'm wondering if it might be some sort of db corruption in mysql. but i can't seem to figure out what table/field holds that value (i'm definitely no whiz at dbs). You can use mysqlcheck to repair all the tables in the vpopmail database mysqlcheck -uroot -ppassword -r vpopmail Ken
Re: [vchkpw] vadddomain -u issues
kengheng wrote: When I add a domain using vadddomain -u domain, I have to change the permission of /var/qmail/vpopmail/etc/vpopmail.mysql to o+r ? Thanks. Yes. By default, and for security reasons, the ~vpopmail/etc/vpopmail.mysql file is only readable by the vpopmail user. If you add any domain under a different user, that user will need access to that file. You could either grant access to all users, or you could make sure the vchkpw group has access and include the new user in the vchkpw group. -- Ken Jones inter7
Re: [vchkpw] qmailtap.
N0K wrote: Hello. Im using qmail-tap for backup mails, but i dont want backup from/to root user, how can i exclude this accound from qmail-tap? This is my /var/qmail/control/taps [EMAIL PROTECTED]:[EMAIL PROTECTED] I have test: [EMAIL PROTECTED] without any results. Any idea? Thanks. N0K. There is nothing currently in the code to exclude accounts. But it sounds technically feasible. Ken Jones inter7
Re: [vchkpw] Domain Quota Features
Rainer Duffner wrote: Ken Jones wrote: kengheng wrote: Hi, when will the domain quota feature back to vpopmail? Thanks. Probably never. It is too resource intensive. I recommend using operating system user quotas. Place each domain under a different user and let the file system handle the quota. I assume you have to either a) run qmail-smtpd as user root (because if ~vpopmail/domain/user.domain is own by user, vdelivermail as user vpopmail won't be able to deliver anymore) Yes b) place the domain unter user vpopmail but with different groups, using OS-group-quotas (does that work?) I don't think so. Last time I tested, user or group quotas only work under the users home directory. So place the domain under the users home directory. You can use the -u username option to vadddomain to set up the domain under that users home directory. Ken
Re: [vchkpw] Domain Quota Features
kengheng wrote: Hi, when will the domain quota feature back to vpopmail? Thanks. Probably never. It is too resource intensive. I recommend using operating system user quotas. Place each domain under a different user and let the file system handle the quota. This is also helpful if you host the web site and email. Then you can impose an overall disk space quota per account. Ken Jones
Re: [vchkpw] Vpopmaild issue
Joshua Megerman wrote: Using the Patch that Bill Shupp used to integrate vpopmaild into 5.4.13, I was able to develop a PHP-based interface for editing .qmail and other files in vpopmail users' home dirs for controlling various delivery processing options. It's not working now, and I've figured out why not. The original version of vpopmaild that I was using only uses \n for CRLF, while the new one in 5.4.15 uses \r\n. While not an issue for raw telnet, it fails for PHP since PHP_NORMAL_READ stops reading at '\r' OR '\n'. I may be able to resolve it by simply calling an additional read, but I'm wondering why crlf was chosen as the delimiter rather than just lf. Thanks for the info, Josh To match the standards for protocols like pop3 and smtp. Ken Jones
Re: [vchkpw] Vpopmail 5.4.15 released (finally)
Bob Hutchinson wrote: On Friday 24 Feb 2006 07:49, Tom Collins wrote: http://vpopmail.sf.net/ 5.4.15 - released 24-Feb-06 Release Notes: This release fixes a few loose ends in the 5.4.14 release. Here are the Release Notes from 5.4.14: This release brings in the vpopmail daemon (vpopmaild) from the 5.5 development series, and fixes a few bugs from 5.4.13. Does this version support domainquotas? There is no mention of --enable-domainquotas in ./configure --help snip Probably the most efficent way to support domain quotas is to set up operating system user quotas and place each domain under a different user. Ken Jones
Re: [vchkpw] vdominfo is giving incorrect info
Mark DeGroot wrote: -Original Message- From: Mark DeGroot [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 15, 2006 1:58 PM To: vchkpw@inter7.com Subject: RE: [vchkpw] vdominfo is giving incorrect info -Original Message- From: Tom Collins [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 15, 2006 1:25 AM To: vchkpw@inter7.com Subject: Re: [vchkpw] vdominfo is giving incorrect info On Feb 13, 2006, at 9:59 AM, Mark DeGroot wrote: The directory structure looks ok. Permissions look ok - at least they are the same as the other domains and as far as I can tell all the email accounts are working properly. cat vpasswd.cdb |cdbdump |wc -l gives me 43 addresses. Everything there looks ok. Any ideas what I should do to try and find out why vdominfo is giving me inaccurate info on this domain? It's probably a problem with the .dir-control file for that domain. Edit that file, and change the 2147483645 number to 43. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com Thanks I'll try that report back. Mark Sure enough you were right: [EMAIL PROTECTED] cat .dir-control 2147483644 0 3 0 0 0 61 61 61 0 2 2 0 0 0 OT, but what does this file do and how is it created typically? I couldn't find much about it on google / google groups. Also notice that I removed some email accounts and the # 2147483645 decreased in size. Thanks, Mark This file keep track of which directory the next email account should be placed. It's the best I could come up with to manage that information. Ken Jones
Re: [vchkpw] qmail-scanner + clamav + spamassassin
GoodnGo.de (R) Zentrale wrote: Hello Russel, hello all, a question beside. Where can I find a HowTO for installing qmail-scanner + clamav + spamassassin Regards in advantage, Oliver Etzel www.domainfex.com You might want to try simscan as a lightweight qmail-scanner replacement. Documentation at http://qmailwiki.org/Simscan Ken Jones
Re: [vchkpw] about open-smtp.tmp
zhaoyongjie wrote: Hi all,I am using vpopmail 5.3.20,I want to know why there are so many open-smtp.tmp files [EMAIL PROTECTED] etc]# pwd /home/vpopmail/etc [EMAIL PROTECTED] etc]# ls aa open-smtp.tmp.15154 open-smtp.tmp.19904 open-smtp.tmp.23778 open-smtp.tmp.27974 open-smtp.tmp.3805 inc_deps open-smtp.tmp.15176 open-smtp.tmp.19953 open-smtp.tmp.23782 open-smtp.tmp.28057 open-smtp.tmp.381 lib_deps open-smtp.tmp.15185 open-smtp.tmp.19956 open-smtp.tmp.23785 open-smtp.tmp.28104 open-smtp.tmp.4035 open-smtpopen-smtp.tmp.15188 open-smtp.tmp.19968 open-smtp.tmp.23807 open-smtp.tmp.28107 open-smtp.tmp.4060 open-smtp.lock open-smtp.tmp.15226 open-smtp.tmp.1997 open-smtp.tmp.23810 open-smtp.tmp.28128 open-smtp.tmp.4123 open-smtp.tmp.10020 open-smtp.tmp.15251 open-smtp.tmp.19971 open-smtp.tmp.23813 open-smtp.tmp.28131 open-smtp.tmp.4126 open-smtp.tmp.10023 open-smtp.tmp.15284 open-smtp.tmp.19976 open-smtp.tmp.23815 open-smtp.tmp.28135 open-smtp.tmp.4292 open-smtp.tmp.10043 open-smtp.tmp.1529 open-smtp.tmp.19982 open-smtp.tmp.23816 open-smtp.tmp.28138 open-smtp.tmp.4315 open-smtp.tmp.10046 open-smtp.tmp.15294 open-smtp.tmp.19986 open-smtp.tmp.23829 open-smtp.tmp.28140 open-smtp.tmp.4354 . [EMAIL PROTECTED] etc]# ls open-smtp.tmp.* |wc -l 868 That problem was fixed in later versions. I don't remember exactly what we changed. Ken Jones
Re: [vchkpw] Re: ezmlm warning
DAve wrote: I recieved this message this morning, seems odd. My email is not hosted at navpoint. Can anyone shed some light on this? I might have tracked it down. Looks like a mix of things. Including a old secondary MX record, email policy denying email relayed from secondary mx to primary mx. And some old smtproute files. Our secondary mx server is hosted at navpoint.com. I just changed the DNS so it could take 24 hours to finish propagating. -- Ken Jones
Re: [vchkpw] no user accounts
saimir wrote: Hi there, Could anyone help with this problem. I am getting emails from email accounts that do not exist @ my company domain. thanks in advance. It could be a Joe Job http://en.wikipedia.org/wiki/Joe_job You might want to look at eMPF. It has ways of blocking those types of email from reaching your inbox. Ken Jones
Re: [vchkpw] Re: domain/.qmail-user vs user/.qmail [was: Per user .qmail patch]
DAve wrote: Jeremy Kister wrote: On 12/16/2005 6:43 PM, Rick Macdougall wrote: What's the advantage of this over .qmail-user-list in the main domain directory ? With this change deleting a user removes all the users .qmail (.vpopmail?) files. Currently I have my management system delete the user, but that does not clean up any dot files they have, as they are in the domain directory. Which spawns an equally interesting question -- why have user/.qmail at all? I cant think of any scenarios where user/.qmail is needed.. user/.qmail hurts performance, as qmail-local has to call vdelivermail instead of just dealing with the mail itself. Currently if I need to create a .qmail file in the domain directory I am still calling vdelivermail (if I want to use things like valias, which I do). For a copy I currently add a vdelivermail line and a address line to a .qmail-user file. #cat pixelhammer.com/.qmail-dave |/home/vpopmail/bin/vdelivermail '' bounce-no-mailbox [EMAIL PROTECTED] Is that wrong? Probably. Depends on what you need to do. qmail-local can handle forwarding to local or remote users as well as writing into Maildir's or exec'ing programs. vdelivermail was written for the .qmail-default file. The idea being, once qmail-local exhausts the .qmail files then the email is for a vpopmail account. i think you're right -- neither user/.qmail, user/.qmail-ext nor user/.vpopmail are needed. I disagree ;^) Me too. Ken Jones
Re: [vchkpw] Per user .qmail patch
That sounds like a pretty good patch to me. So it completes the vpopmail .qmail file processing functionality to match what qmail-local supports including . to : character handling? Ken Jones Drew Wells wrote: It extends the normal use of .qmail file to .qmail, .qmail-default, .qmail-extension and .qmail-extension-default based on the remaining extension on the incoming E-Mail address in the order as specified in the qmail source code. On Fri, 16 Dec 2005, DAve wrote: Drew Wells wrote: I have patched VpopMail 5.4.13 so that each user in a domain can have there E-Mail handled by there own set of .qmail files (in /var/vpopmail/domains/{domain}/{user}), this is a patch to 'int check_forward_deliver(char *dir)' in vdelivermail.c. This means for us when we delete an E-Mail address all the special delivery rules are also deleted (for that user). Is this patch of any interest to anyone or is this meant to be done another way ? Regards Call me crazy but I have used .qmail files in the users directory for two years with vpopmail, up to 5.4.10. How does your patch differ from vpopmails normal behavior? DAve
Re: [vchkpw] high cpu with qmail-smtpd-chk or vchkpw
If you have the qmail TLS patch installed then make sure you put in a cron job to build a temporary key and put it in place. Otherwise, each smtp connection causes an SSL key/pair to be generated which can use all of the CPU. Ken Jones Jon wrote: I'm getting 3-8 processes that hog all of the server's CPU. Any ideas? The server was installed using to qmail-toaster SRPMSs PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 15810 vpopmail 25 0 5804 1412 1176 R 99.2 0.1 0:53.75 qmail-smtpd-chk 15933 vpopmail 25 0 6420 1412 1176 R 50.8 0.1 0:36.64 qmail-smtpd-chk 15260 vpopmail 25 0 5008 1412 1176 R 49.6 0.1 1:46.28 qmail-smtpd-chk 16250 root 16 0 2780 964 748 R 0.4 0.0 0:00.01 top - 18984 ?R 0:51 /var/qmail/bin/qmail-smtpd-chkuser /home/vpopmail/bin/vchkpw /bin/true 19024 ?R 0:46 /var/qmail/bin/qmail-smtpd-chkuser /home/vpopmail/bin/vchkpw /bin/true 19045 ?R 0:48 /var/qmail/bin/qmail-smtpd-chkuser /home/vpopmail/bin/vchkpw /bin/true 19151 ?R 0:36 /var/qmail/bin/qmail-smtpd-chkuser /home/vpopmail/bin/vchkpw /bin/true 19366 ?R 0:16 /var/qmail/bin/qmail-smtpd-chkuser /home/vpopmail/bin/vchkpw /bin/true 19374 ?R 0:14 /var/qmail/bin/qmail-smtpd-chkuser /home/vpopmail/bin/vchkpw /bin/true 19452 ?R 0:12 /var/qmail/bin/qmail-smtpd-chkuser /home/vpopmail/bin/vchkpw /bin/true 19494 ?R 0:08 /var/qmail/bin/qmail-smtpd-chkuser /home/vpopmail/bin/vchkpw /bin/true
Re: [vchkpw] Courier IMAP and IMAP account settings in VPOPMAIL
Matthew Moore wrote: Hi, Recently I upgraded Courier IMAP to version 4.0.6 and authlib 0.57. Some users have a restriction on their IMAP settings set through Vpopmail that stops them checking their email via IMAP. Normally an account is setup in Vpopmail and the whole domain has IMAP switched off and then enabled for certain users under that domain. This all worked well up until the upgrade and now it would seem that Courier is ignoring the users settings and just using the domain settings. For example this user is allowed to check via IMAP and the domain wide settings don't have permission to check via IMAP - * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION] Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc. See COPYING for distribution information. use use NO Error in IMAP command received by server. a001 login [EMAIL PROTECTED] a001 OK LOGIN Ok. * BYE IMAP access disabled for this account. Connection closed by foreign host. Any ideas why it now ignores individual account settings? The version of Vpopmail is 5.5.1. It might be the courier-imap vchkpw authentication files. The code for checking if a user can access imap might not be there or might not be working right. Ken Jones
Re: [vchkpw] vpopmail via NFS
/var/qmail/queue must be mounted locally. Nitass Sutaveephamochanon wrote: Hello, Thanks for advice. I will use it. I have one more question. Have anyone used vpopmail via SMB protocol? I mean the vpopmail is mounted from windows to linux box. I have tried but it did not work. The qmail-send log message has shown as delivery 16: failure: link_REALLY_failed. Thanks, Nitass - Original Message - From: shadowplay.net [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Tuesday, November 15, 2005 11:52 PM Subject: RE: [vchkpw] vpopmail via NFS try using ntp kenneth gf brown ceo shadowplay.net -Original Message- From: Rick Macdougall [mailto:[EMAIL PROTECTED] Sent: November 15, 2005 08:24 To: vchkpw@inter7.com Subject: Re: [vchkpw] vpopmail via NFS Nitass Sutaveephamochanon wrote: Hello Rick, I got it. Thank you very much. :-) If you do not mind, could you please advice me how the time is involved to this issue? Hi, A new message comes in. The message gets stored on the NFS server. The time on the pop server is 10 minutes behind the time on the NFS server, the pop server doesn't see the new message until 10 minutes is passed because the time stamp on the new message is 10 minutes in the future. Regards, Rick __ NOD32 1.1170 (20050715) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com
Re: [vchkpw] ping..
Darrel O'Pry wrote: any updates on the availability of vpopmail with a SA aware vdelivermail? I still haven't found the code for it although its mentioned both in the wiki and vuserinfo.c... Hey, Sorry about the delay in answering. I was waiting until we got our site migrated to our new colocation provider. http://www.inter7.com/vpopmail/vpopmail-5.5.1.tar.gz Or from the vhostadmin page: http://www.inter7.com/vhostadmin/vpopmail-5.5.3.tar.gz The difference between the two is the 5.5.3 has development vpopmaild code. The plan is to integrate the spamassassin code into the production version. Anyone want to work on that? Ken Jones
Re: [vchkpw] vpopmaild and php
Cristiano Deana wrote: Hi, is 'vpopmaild' project still open? I have seen from cvs vpopmaild.c file hasn't been modified since dec 2004, why? And php = vpopmaild? Yep. It's still active. Last week I started a vpopmaild documentation page. http://www.qmailwiki.org/Vpopmaild/ Ken Jones
Re: [vchkpw] ramdisk with ext2 or tmpfs, vpopmail mysql - heap table : performance - too big disk load
Szeki - Inc wrote: Hi, It is a good idea to use heap tables for vpopmail query-s ? MyISAM tables for UPDATES, and HEAP for selects (they will be created from MyISAM)? I wanna to minimalize the disk subsystem impact. System is always waiting for disks(big load, can even reach 20-25). What is the ideal maximum concurrent conncetion limit with mysql ? I want to put the temp directories (spamassasin, clamd, other scanners) to ramdisk. What to use: 1. ramdisk, fixed size (set with kernel parameter), with ext2, looks like a real disk, with real filesystem 2. tmpfs, with maximized ramsize, eating always as many ram what is needed. cons ? What is the price for this freedom ? (can I use tmpfs on a debian server for the main /tmp ?) I can spend 512 or even 1024 Mb ram for ramdrives, or tmpfs. I need every idea, or solution, how can I reduce the disk usage on the system. I want to keep only what is necessery. I will turn of mail logging via syslog (deamontools is doing a great job logging mails, why waste the needed disk i/o power for syslog), other things ? What if I put qmails queue to ramdisk (or tmpfs ramdisk) ? (memory cards ? are good enough ?) I would try putting /var/qmail/queue on the ramdisk since you have the RAM already. I would also comment out the fsync() calls in the qmail source code. Ken Jones
Re: [vchkpw] qmailtap making duplicate copies and looping
[EMAIL PROTECTED] wrote: Something very strange : when a user (being tapped) sends a mail to a forward (defined via qmailadmin) the mailbox where the tap points receives two copies of the mail. The destination mailbox where the forward points, is NOT being tapped and receives only one copy. I can´t understand why this is happening. Also, if I via qmailadmin forward the mailbox receiving the taps to another mailbox, this one NOT being tapped, leaving a local copy (I didn't try not leaving a copy yet), the server enters an endless loop with these two last mailboxes being filled with the mail thousands of times. Did anyone see this problem before ? The tap is applied to each email going through the queue. Normally forwards cause the email to go back through the queue. That is probably why you are getting a second copy. You can create a mail loop. I suggest your tap address not be forwarded. Ken Jones
Re: [vchkpw] vpopmail and mysql problem
Wes Hegge wrote: Hello everyone, Hopefully someone can help me with this problem I am having. I spent all day yesterday looking for an answer. I found some that were close but still no luck. Here is the error I am getting: vmysql: error creating table 'dir_control': MySQL server has gone away vmysql: sql error[b]: MySQL server has gone away vmysql: error creating table 'signalblast_com': MySQL server has gone away Error. Failed while attempting to add domain to auth backend vmysql: error creating table 'dir_control': MySQL server has gone away vmysql: error creating table 'dir_control': MySQL server has gone away vmysql: sql error[b]: MySQL server has gone away vmysql: error creating table 'dir_control': MySQL server has gone away vmysql: sql error[e]: MySQL server has gone away Warning: Failed to delete dir_control for signalblast.com Error: no auth connection I am installing this on a Debian Sarge install: Linux version 2.4.27-2-386 ([EMAIL PROTECTED]) (gcc version 3.3.5 (Debian 1:3.3.5-12)) #1 Mon May 16 16:47:51 JST 2005 I have installed mysql-standard-4.1.14-pc-linux-gnu-i686 and then made a symbolic link for mysql pointing to the above directory. Qmail, daemontools, and tcuspi is installed. Here is my vpopmail.mysql: localhost|0|vpopmailuser|vpoppasswd|vpopmail I can connect and make a test table using the above user and password. I cannot figure out what the problem is. Any help would be greatly appreciated. make sure the vpopmailuser has permission to create tables in the vpopmail database. Ken Jones
Re: [vchkpw] intermittent smtp auth errors
Clayton Weise wrote: I've got an odd error that is coming up and I can't quite put my finger on it. I have 3 mail servers running qmail/vpopmail (5.4.10) and MySQL 3.23.58. I also have mysql replication running and vpopmail is configured in accordance with that (reads on localhost, writes on the db server). We've been receiving complaints from customers about intermittent smtp errors and when I tail the maillog I'm seeing errors like this: Sep 22 08:58:37 qmail1 vpopmail[64930]: vchkpw-smtp: vpopmail user not found [EMAIL PROTECTED]:1.2.3.4 Sep 22 08:58:39 qmail1 vpopmail[64995]: vchkpw-smtp: vpopmail user not found [EMAIL PROTECTED]:1.2.3.4 Sep 22 08:58:40 qmail1 vpopmail[65022]: vchkpw-smtp: vpopmail user not found [EMAIL PROTECTED]:1.2.3.4 In the interest of our users' privacy I have replaced the various email ip addresses with the [EMAIL PROTECTED] and 1.2.3.4. What's strange is that it's not happening with any other authentication method (pop3, imap, etc), only smtp. It fails out saying user not found and yet a 'vuserinfo' on that user reveals they actually do exist. I have qmail patched with the smtp auth patch from: http://members.elysium.pl/brush/qmail-smtpd-auth/ I'm happy to provide any other information that might be helpful in figuring this out. Any suggestions are, of course, welcomed. You might be running out of mysql connections. Check your my.cnf file for max_connections variable. The default value is 100 connections. You'll need the max_connections to cover your max smtp, imap, pop3 local concurrency and any other services that connect to the mysql database. Hope that helps, Ken Jones
Re: [vchkpw] Help! /var/qmail removed
John Simpson wrote: snip i've run into the same thing with qmailadmin and vqadmin, and even went so far as to write a patch for vqadmin (which has been ignored by inter7 for two years- maybe mentioning it again here will make somebody look at it? visit http://qmail.jms1.net/ and search for vqadmin to see the patch.) Thanks for the link John. I'm going to attempt, again, to collect updates to vqadmin and release a new version. Ken Jones
Re: [vchkpw] Rsync concerns
Andrew Hodgson wrote: Hi, I have two Vpopmail servers - one which is a backup of the other at a remote site. I am currently using Rsync to mirror /home/vpopmail/domains/virtualdomain, however, while this works without errors during the night, during the day we get errors in the Cronlog because the users are collecting mail via POP. I am not too bothered about this, but wonder what other people are doing for simple backups like these?? I run the Rsync each hour. I use rsync too. I just ignore those errors about email files not existing. You could try adding the -q (quiet) option to stop those messages. Ken Jones
Re: [vchkpw] chkuser vpopmail and catch alls
Jimmy wrote: Hello, I have several servers installed with vpopmail, chkuser and the shupp.org toaster patches. Until now I have never had to setup a catch all account for a customer. I have today had to setup a catch all and i am unable to send emails to that domain. I am authenticating from a MySQL databaes and the .qmail files are all ok. Is there a way to make it so that all email accounts are ok in the valias table of the MySQL or in the vpopmail table? I am interested to know how to overcome this issue. What does your .qmail-default file look like after you setup the catchall? It should look something like (all on one line) | /home/vpopmail/bin/vdelivermail '' /home/vpopmail/domains/example.com/user Ken Jones
Re: [vchkpw] debian x86-64 issue with vpopmail and courier-imap
Get the latest stable version of vpopmail. The problem is in the cram md5 code. The latest stable version worked for me on a 64 bit machine. Be sure to redo the vpopmail and courier installations from the begining. Ken Jones colin williams wrote: I was told that its an issue with vpopmail. It does look like it has something to do with a vpopmail library. I compiled vpopmail from source and am trying to follow this install. http://www.shupp.org/toaster/ On Thu, Sep 08, 2005 at 06:32:11PM -0700, colin williams enlightened us: Im getting this message when I try to compile IMAP First i didnt have gmake but i just created a link to make. Here's the real trouble Linking libauthvchkpw.la http://libauthvchkpw.la/ http://libauthvchkpw.la/ /usr/bin/ld: /home/vpopmail/lib/libvpopmail.a(vpopmail.o): relocation R_X86_64_3 2 can not be used when making a shared object; recompile with -fPIC /home/vpopmail/lib/libvpopmail.a: could not read symbols: Bad value collect2: ld returned 1 exit status gmake[3]: *** [libauthvchkpw.la http://libauthvchkpw.la/ http://libauthvchkpw.la/] Error 1 gmake[3]: Leaving directory `/var/src/courier-authlib-0.56' gmake[2]: *** [install-recursive] Error 1 gmake[2]: Leaving directory `/var/src/courier-authlib-0.56' gmake[1]: *** [install] Error 2 gmake[1]: Leaving directory `/var/src/courier-authlib-0.56' gmake: *** [install-strip] Error 2 test -f /usr/local/etc/authlib/authdaemonrc.dist /usr/bin/perl ././sysconftoo l /usr/local/etc/authlib/authdaemonrc.dist || true test -f /usr/local/etc/authlib/authmysqlrc.dist /usr/bin/perl ././sysconftool /usr/local/etc/authlib/authmysqlrc.dist || true test -f /usr/local/etc/authlib/authpgsqlrc.dist /usr/bin/perl ././sysconftool /usr/local/etc/authlib/authpgsqlrc.dist || true test -f .dist /usr/bin/perl ././sysconftool .dist || true You need to compile vpopmail with the -fPIC flag. You'll probably want to direct further questions about that to either a debian list if it's a .deb or the vpopmail list if you compiled from source. Matt
Re: [vchkpw] High cpu usage
Miguel wrote: Hi, im struck with a strange problem, i have a concurencylocal of 120, vdeliver eats a lot of cpu when all the slot are taken (120/120), this is a tipical usage: top - 11:35:14 up 1:00, 1 user, load average: 124.26, 93.93, 49.86 Tasks: 612 total, 46 running, 566 sleeping, 0 stopped, 0 zombie Cpu(s): 16.0% us, 83.3% sy, 0.0% ni, 0.3% id, 0.2% wa, 0.0% hi, 0.2% si Mem: 2075016k total, 1421640k used, 653376k free, 322820k buffers Swap: 4192924k total,0k used, 4192924k free, 213040k cached PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 3882 vpopmail 19 0 4136 1004 732 R 13.1 0.0 0:01.69 vdelivermail 4157 vpopmail 19 0 4616 1004 732 R 10.8 0.0 0:01.52 vdelivermail 4866 vpopmail 18 0 3768 1004 732 D 9.5 0.0 0:00.29 vdelivermail 4777 vpopmail 18 0 4240 1004 732 D 9.2 0.0 0:00.28 vdelivermail 4800 vpopmail 18 0 3968 1020 740 D 9.2 0.0 0:00.28 vdelivermail 4829 vpopmail 18 0 3748 1020 740 D 9.2 0.0 0:00.28 vdelivermail 4847 vpopmail 18 0 3372 1016 740 D 9.2 0.0 0:00.28 vdelivermail 4861 vpopmail 18 0 5088 1004 732 D 9.2 0.0 0:00.28 vdelivermail 4874 vpopmail 18 0 4588 1004 732 D 9.2 0.0 0:00.28 vdelivermail 4876 vpopmail 18 0 4776 1004 732 D 9.2 0.0 0:00.28 vdelivermail 4877 vpopmail 18 0 4752 1004 732 D 9.2 0.0 0:00.28 vdelivermail 5022 vpopmail 18 0 3404 1020 740 D 9.2 0.0 0:00.28 vdelivermail 5043 vpopmail 18 0 4004 1004 732 D 9.2 0.0 0:00.28 vdelivermail 4746 vpopmail 18 0 3392 1004 732 D 8.9 0.0 0:00.27 vdelivermail 4797 vpopmail 18 0 3892 1016 740 D 8.9 0.0 0:00.27 vdelivermail 4819 vpopmail 18 0 4912 1004 732 D 8.9 0.0 0:00.27 vdelivermail 4839 vpopmail 18 0 3992 1004 732 D 8.9 0.0 0:00.27 vdelivermail 3657 vpopmail 18 0 4636 1020 740 D 8.2 0.0 0:01.74 vdelivermail 5042 vpopmail 18 0 3960 1004 732 R 7.9 0.0 0:00.24 vdelivermail 3609 vpopmail 18 0 4180 1020 740 D 6.9 0.0 0:01.81 vdelivermail 3364 vpopmail 18 0 3760 1004 732 D 6.6 0.0 0:01.80 vdelivermail 3487 vpopmail 24 0 3808 1004 732 R 6.6 0.0 0:01.71 vdelivermail 3665 vpopmail 18 0 3652 1020 740 D 6.6 0.0 0:01.79 vdelivermail 3715 vpopmail 18 0 4580 1020 740 R 6.6 0.0 0:01.70 vdelivermail 4490 vpopmail 19 0 4688 1004 732 R 6.6 0.0 0:01.01 vdelivermail 5064 vpopmail 18 0 4120 1004 732 R 6.6 0.0 0:00.20 vdelivermail 3314 vpopmail 18 0 4888 1004 732 D 6.2 0.0 0:01.79 vdelivermail 3681 vpopmail 18 0 4228 1020 740 D 6.2 0.0 0:01.77 vdelivermail 4609 vpopmail 18 0 4632 1020 740 D 6.2 0.0 0:00.79 vdelivermail 4681 vpopmail 18 0 3408 1004 732 D 6.2 0.0 0:00.81 vdelivermail 4762 vpopmail 18 0 4432 1004 732 D 6.2 0.0 0:00.28 vdelivermail 4784 vpopmail 17 0 4764 1020 740 D 6.2 0.0 0:00.28 vdelivermail 5066 vpopmail 18 0 4576 1004 732 R 6.2 0.0 0:00.19 vdelivermail 4531 vpopmail 18 0 3784 1004 732 D 5.9 0.0 0:01.08 vdelivermail 4627 vpopmail 18 0 4796 1016 740 D 5.9 0.0 0:01.08 vdelivermail 3809 vpopmail 18 0 3964 1020 740 R 5.6 0.0 0:01.77 vdelivermail 3934 vpopmail 18 0 3232 1004 732 R 4.9 0.0 0:01.74 vdelivermail 4372 vpopmail 18 0 3652 1016 740 D 4.9 0.0 0:00.80 vdelivermail 3915 vpopmail 18 0 3244 1020 740 D 4.3 0.0 0:01.72 vdelivermail 3490 vpopmail 18 0 3124 1020 740 R 3.9 0.0 0:01.63 vdelivermail 3539 vpopmail 18 0 3400 1072 800 D 3.9 0.1 0:01.71 vdelivermail 3883 vpopmail 18 0 3412 1020 740 D 3.9 0.0 0:01.20 vdelivermail 4091 vpopmail 18 0 4408 1004 732 D 3.9 0.0 0:01.62 vdelivermail Deliver time is very slow (many minutes) I have CentOs 4, vpopmail 5.4.9, mysql 4.1.7 What would i check? It might be trying to deliver to a Maildir that has a huge amount of mail in it. I would check your qmail logs to see if one account is being delivered to, over and over. Then check that Maildir and remove the email. Also check the .qmail-default file and set the default delivery to be either bounce-no-mailbox or delete. Ken Jones
Re: [vchkpw] vpopmail/ezmlm problems
James Longstreet wrote: On Mon, 29 Aug 2005, Bob Hutchinson wrote: make sure you used vpopmail/bin/vadddomain to create the virtual domain, then use vadduser to create the popbox for listname. Then check in vpopmail/domains/domain.com/listname/. Look for Maildir which should contain new, tmp and cur. Check that everything under vpopmail belongs to user 'vpopmail', then test again. You might find qmailadmin a handy package too. Just to make sure (as I've reinstalled vpopmail several times), I ran: # /var/vpopmail/bin/vadddomain -d /var/vpopmail/domains/domain.com \ domain.com postpass Error: domain already exists I created the list with qmailadmin, so that should have added the popbox, right? You should just do this: /var/vpopmail/bin/vadddomain domain.com postpass Let vpopmail figure out where to put the domain directory. If you want to initialize directory hashing just delete the /var/vpopmail/domains/.dir-control file. Ken
Re: [vchkpw] [Offtopic] How you handle old mails
Tanmaya Anand wrote: Hi All, I would like to know everyone feedback on how you handle old mails say 2 months old. Also, how one implements deleting mails, say older than 2 months, from user's mailbox. Thanks and Regards Tanmay Here is another way to use find find /home/vpopmail/domains -mtime +60 -name *,S=* -exec rm {} \; where 60 (days) = 2 months Ken Jones
Re: [vchkpw] vpopmail/ezmlm problems
James Longstreet wrote: Hello, I'm having a problem with my qmail/vpopmail/ezmlm setup. I'm new to qmail and vpopmail, so it's hard for me to determine what the problem is. None of the lists I create (either through ezmlm-make or qmailadmin) work. When trying to send a message to the list, I just get a Sorry, no mailbox here by that name. (#5.1.1) bounce. qmail's users/assign file has lines for every normal user on the system, and then the line: +domain.com-:domain.com:89:89:/var/vpopmail/domains/domain.com:-:: From my understanding, this should be telling qmail to deliver to / var/vpopmail/domains/domain.com/.qmail-listname for mail sent to [EMAIL PROTECTED], but apparently it's not. Can someone help me understand what's going on, and how to fix it? You might want to remove the lines for your system users. Then make sure there is a .qmail-listname file in your domain.com directory. Then send it an email and watch your qmail log file to see the status of the delivery. Ken Jones
Re: [vchkpw] Persistent Mysql Connections for auth?
David Erickson wrote: Is there any way to get vpopmail to either use a connection pool or persistent connections to mysql for authorization? Only if there is a way to get separate invocations of a process to use a connection pool. Each email delivery or authentication uses a new process. Ken Jones
Re: [vchkpw] Password format?
David Erickson wrote: Hi we are using vpopmail 5.4.6 with mysql for virtual domains. I was trying to look at the source for how the passwords are crypted, I'm new to this but it looked like they are encrypted (with salt) md5 hashes? I was wondering if there is anyway to convert them to a normal md5 digest for use in other programs? It uses the standard unix crypt() function call. Most systems now days use MD5 so the password should start with a $1$ Ken Jones
Re: [vchkpw] Password format?
David Erickson wrote: So since it uses crypt, which isn't md5, there is no way for me to convert it to an md5. I guess the best thing to do then is just to store the pw's as plain text, then convert them to whatever I need to, to operate with my other systems? Or is there a patch to have vpopmail store them as md5's? Right, crypt uses DES. I had that confused with MD5. For the smtp auth, that requires MD5, we store the clear text password. I'm not aware of anyone who's written code to use MD5 encrypted passwords. Ken -David -Original Message- From: Ken Jones [mailto:[EMAIL PROTECTED] Sent: Thursday, August 18, 2005 2:56 PM To: vchkpw@inter7.com Subject: Re: [vchkpw] Password format? David Erickson wrote: Hi we are using vpopmail 5.4.6 with mysql for virtual domains. I was trying to look at the source for how the passwords are crypted, I'm new to this but it looked like they are encrypted (with salt) md5 hashes? I was wondering if there is anyway to convert them to a normal md5 digest for use in other programs? It uses the standard unix crypt() function call. Most systems now days use MD5 so the password should start with a $1$ Ken Jones -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.12/77 - Release Date: 8/18/2005
Re: [vchkpw] Why not Inter7 tools for Qmail-Ldap?
Bruno Negrao wrote: We wrote an LDAP authentication module for vpopmail quite some time ago. It exists in vpopmail to this day. qmail-ldap is not qmail, and it is not vpopmail. It's a completely seperate package built directly with LDAP support. ~Matt Brookings [EMAIL PROTECTED] GnuPG Key B7B54216 Hi Matt, I know exactly what Qmail-ldap is. I'm working hard on it's documentation in www.qmail-ldap.org (see my contributions in http://www.qmail-ldap.org/index.php?title=Special:Contributionstarget=Bnegrao if you're curious) So I'll repeat my question - Why isn't Qmail-ldap interesting for Inter7? It's not qmail, that's why you should take it. When people move from qmail to qmail-ldap they have to abandon inter7 tools. And this happens forcibly - we didn't want to loose the comfort of Inter7 tools but we have to do this because **qmail-ldap does a lot of things that [qmail + inter7] cannot do**. Again, why not qmail-ldap? Hi Bruno, I finally got some time to reply. It's pretty simple. It comes down to how to pay the bills. We have limited resources so we have to limit our focus. In the last 8 years I think only three people have asked us about working with qmail-ldap. If you would like to help cover our costs to write the code we would be happy to work on it. Ken Jones
Re: [vchkpw] Why does Inter7 opt Qmail?
On Tuesday 05 July 2005 1:05 pm, Bruno Negrão wrote: does your boss have a rationale for his doubts, or are they based upon a 'gut' feeling? usually doubts arise based upon shortcomings. what shortcoming does your boss see in qmail (note, small 'q' - it is not Qmail). OK. He wants to know if there is a tendency on the market for some other mailserver. He asks me what mailservers the biggest linux/Unix distributors are using on their products. For example, what's the mailserver shipped with RedHat, Solaris, Mandrake, Debian, etc? I really don't know. I believe all of them are shipped only with Sendmail, but I'm not sure on this actually. I'm not sure if it's been mentioned yet but RedHat wanted to use Qmail to replace sendmail in their distributions. But they wanted to change the directory structure and Dan Bernstein objected. So no qmail in RedHat. We like qmail for many reasons, mostly because it is efficent and it never breaks. Personally I like it because it is designed well. Once you understand Dan's coding style, it is easy to modify to add new features. Ken Jones
Re: [vchkpw] qmail-tap patch + spamcontrol
On Thursday 30 June 2005 2:24 pm, Erwin Hoffmann wrote: Hi, At 15:56 30.06.2005 +0800, Ronald Chan wrote: Hi everyone, has anyone from you guys know is there a modified qmail-tap patch that can be integrate with spamcontrol found in www.fehcom.de/qmail/spamcontrol.htm i really want to integrate it since spamcontrol patch is a rock solid code for me, My current setup is OpenBSD 3.7 with Qmail-1.0.3 + spamcontrol patch + vpopmail + qmail-scanner. Please tell me more about the qmail-tab patch. What is it ? Where to find http://www.inter7.com/?page=qmailtap It gives you greater control than stock qmail in archiving email messages. Ken Jones
Re: [vchkpw] SOLVED: Re: [vchkpw] Re: Request for new feature: Internal-only accounts
On Wednesday 29 June 2005 10:05 am, Bruno Negrão wrote: Inter7 launched eMPF. Was eMPF inspired by this thread? Partly from this thread. And partly from Sarbanes-Oxley requirements. Ken Jones
[vchkpw] New project: tcpblocker 1.0
New project: tcpblocker 1.0 Tcpblocker is for sites that want to limit the number of times an IP address can connect to a tcpserver controlled service such as smtp. Each time tcpblock runs, it counts how many connections were made per client IP. If an IP exceeds the configurable, maximum number of connections within the configurable time period, tcpblock outputs a standard deny line that can be used to build a tcp.smtp style file. Combined with a cron job and a run script, tcpblocker can be configured to fit into just about any qmail or tcpserver installation. Project page: http://www.inter7.com/?page=tcpblocker Ken Jones inter7.com
Re: [vchkpw] vpopmail-5.4.10 with rpm version of Mysql.
On Tuesday 14 June 2005 3:20 am, Samir Noshy wrote: Hi Everybody, How Can I configure and make vpopmail-5.4.10 with an Build rpm version of Mysql ?? when trying to do that , it gives me an errors , that it cannot find the incdir and the libdir of my mysql installation. Make sure you install the mysql devel rpm Ken Jones
[vchkpw] qmail tap patch (version 2) released
Annoucment: qmail tap patch version 2 released New feature: Each line in the new control/taps file specifies which email addresses to tap (in regex notation) and the email address to send the copy to. The prior version only allowed sending all copies to one email address. If you have any problems with applying this patch please let us know. This code was written to help satisfy regulartory requirements of US financial institutions who need to keep archives of emails. The patch also satisfies requirements for German E-Mail Service Providers. Example taps file lines: [EMAIL PROTECTED]:[EMAIL PROTECTED] will tap all email going to or from domain.com and send a copy to [EMAIL PROTECTED] [EMAIL PROTECTED]:[EMAIL PROTECTED] will tap all email going to or from [EMAIL PROTECTED] and send a copy to [EMAIL PROTECTED] Project page: http://www.inter7.com/?page=qmailtap Inter7 Development Team http://www.inter7.com/
Re: [vchkpw] qmail-pop3d + vchkpw
On Friday 27 May 2005 2:30 pm, Sylwester S. Biernacki wrote: Hello, I have the following scenario: 2 machines with qmail/vpopmail/amavisd/clamd/spamassassin connected via NFS to another machine with storage. I'm sending an email to one of mta's and see in logs that this message comes to one of them and I can read it locally from Maildir without a problem. However, 5 seconds later I try to connect to qmail-pop3d and gather emails: +OK [EMAIL PROTECTED] user [EMAIL PROTECTED] +OK pass xxx +OK stat +OK 0 0 quit +OK Little strange, huh ? After about 3-4 minutes I try again: +OK [EMAIL PROTECTED] user [EMAIL PROTECTED] +OK pass x +OK stat +OK 1 2375 quit +OK It doesn't seem to be NFS or nfs-lock connected problem because I can get to this mailbox through mutt or directly to files in Maildir. It's rather qmail-pop3d or vchkpw - anybody got similar problems? Make sure you sync the time on all the machines and keep them in sync. Ken Jones
Re: [vchkpw] vpopmail authentications failing randomly
On Tuesday 24 May 2005 9:25 pm, Matt Simerson wrote: Problem: vpopmail authentications failing randomly snip If you haven't yet, you might want to increase the maximum number of mysql connections allowed in the /etc/my.cnf file like: max_connections=500 The max connections should be high enough to cover the max smtp, pop, imap, local concurrency and web mail. Ken Jones
Re: [vchkpw] Disable Over quota bounce
On Tuesday 24 May 2005 8:11 am, Rod Taylor wrote: Is there a way to disable the over quota bounce for messages which are not delivered? I would like the quota to be enforced, but if the account is over quota the message to be silently dropped instead of bounced. Thanks. Hi Rod, There isn't any code in now to disable it. But it just needs a different vexit() return code. Proably take about 15 to 30 minutes to get setup and tested. Ken Jones inter7.com 815.766.9465
Re: [vchkpw] intermittent vchkpw password fails
On Thursday 19 May 2005 7:12 pm, Oscar Retana wrote: Nop, I'm using standard vpasswd.cdb files for authentication. One question: which is the maximum amount of users I should handle using vpasswd.cdb files? A few years ago when I tested this on a slow machine I found that above 5,000 uses the compile of the cdb started taking more than 5 seconds. Look up times are aways fast. -- Ken
Re: [vchkpw] intermittent vchkpw password fails
On Thursday 19 May 2005 3:19 pm, Oscar Retana wrote: Hello list. I have a question, specially for Tom, since you already know about the problem a bit (aug 2003). Long ago someone posted this: I noticed something weird, call it a bug of spooky feature =) its on you Now the thing is that I can send email although vchkpw says that the password fails, but yet when I enter the password wrong I am not able to send email, and again it works when I enter right password. Always the same error =) I had loglevel=e in configure options, now when I changed it to y the error disappeared and vchkpw works nicely. Tom asked about the vpopmail version, And to summarize, the bug is that password fail is logged, even when successful? And this only happens with loglevel=e, and not loglevel=y. Correct? All this is happening to me now, with vpopmail version 5.4.9. I didn't specified any special configuration for loglevel, so it's using the default value. Did you found the root of this problem? I'm having weird problems, for some users the smtp transactions take too long, and the first thing I saw was this log message. Maybe is not related, but I need to check this too. If you are using a mysql backend, be sure the max_connections is enough to handle smtp, pop, imap and local concurrency total maxium connections. Ken Jones
Re: [vchkpw] SMTP Auth problem for non vpopmail users
On Monday 16 May 2005 4:10 pm, Rainer Duffner wrote: Ken Jones wrote: On Monday 16 May 2005 3:52 pm, Nick Gilbert wrote: Hi, I have IMAP authentication working for vpopmail and standard linux users, but I have a problem with SMTP authentication. I need SMTP authentication to work for standard linux users (I'm not worried about vpop users at all for SMTP-AUTH). I have built my box using the instructions on Shupp.org (Bill Schupp). I understand that Bill's toaster incorporates a Qmail AUTH patch but when I try to login it doesn't work: Escape character is '^]'. 220 blue.x-rm.com ESMTP ehlo localhost 250-blue.x-rm.com 250-STARTTLS 250-PIPELINING 250-8BITMIME 250-SIZE 0 250 AUTH LOGIN PLAIN CRAM-MD5 auth login 334 VXNlcm5hbWU6 bmljaw== 334 UGFzc3dvcmQ6 base64 encoded password 535 authentication failed (#5.7.1) I also have this line in /var/log/maillog May 16 20:56:23 blue vpopmail[22654]: vchkpw-smtp: vpopmail user not found nick@:127.0.0.1 ..which implies that perhaps it's only looking for vpopmail users rather than /etc/passwd users. I would like it to work for /etc/passwd users only, or both vpopmail AND /etc/passwd users - whichever is easier. Can someone please give me some pointers on how I can fix this problem so that normal shell account users can authenticate. I think smtp auth requires a clear text password for CRAM-MD5 authentication to work. If so, /etc/passwd users won't be able to use smtp authentication. Wasn't the other problem that qmail-smtpd needed to be run as root? Possibly. It would need permission to access the passwd information.
Re: [vchkpw] courier-imap and vpopmail on x86_64
On Monday 09 May 2005 2:14 pm, David Brohall wrote: Hi I'm sorry to bother you but I'm desperate for help with installing courier-authlib on Fedora Core 4 x86_64 I run: # CFLAGS=-fPIC ./configure... without any problem but when I try to run make I got this error: Compiling preauthvchkpw.c preauthvchkpw.c: In function 'auth_vchkpw_pre': preauthvchkpw.c:67: warning: passing argument 1 of 'parse_email' discards qualifiers from pointer target type preauthvchkpw.c:141: warning: passing argument 3 of 'vset_lastauth' discards qualifiers from pointer target type Linking libauthvchkpw.la /usr/bin/ld: /home/vpopmail/lib/libvpopmail.a(vpopmail.o): relocation R_X86_64_32S against `a local symbol' can not be used when making a shared object; recompile with -fPIC /home/vpopmail/lib/libvpopmail.a: could not read symbols: Bad value collect2: ld returned 1 exit status It's no problem to compile courier-authlib without authvchkpw What shall I do to install courier-imap on my x86_64 system? I have been trying different settings for 30 hours now. Please I need some help. Try not using the -fPIC flag Ken Jones
Re: [vchkpw] Re: courier-imap and vpopmail on x86_64
On Monday 09 May 2005 4:02 pm, Martin Kos wrote: On 05/09/2005 09:22 PM, Ken Jones wrote: It's no problem to compile courier-authlib without authvchkpw What shall I do to install courier-imap on my x86_64 system? I have been trying different settings for 30 hours now. Please I need some help. Try not using the -fPIC flag i'm sure this won't work too! i've tried different options to get this beast to work but haven't had success and haven't got any help on this issue :-( you can check out my postings on different mailinglists. you can use the pre-authlib-versions of courier without problems I compiled vpopmail, qmail and courier-imap version 3.0.7 on an AMD 64 bit system last week with no problems at all. The only thing I had to tweak was when configuring qmailadmin, it needed an updated config.sub file. Ken Jones
Re: [vchkpw] dir_control
On Monday 02 May 2005 8:53 am, Jeff Koch wrote: We copied over the vpopmail setup from one server to another and now we find that domains are not being spread out properly in the directory tree - they are just piling up in one branch. Does anyone know how and what to reset in order that domains be spread evenly in the tree? Try copying over the .dir-control file from the /home/vpopmail/domains directory on the other server. Otherwise, remove that file if it exists and the spread out will start again from the begining. Ken Jones
Re: [vchkpw] how to user checkattach in qmail
On Thursday 28 April 2005 5:26 am, Manish Jain wrote: BlankHello All, Can anyone tell me how to use checkattach script in qmail for content filtering to stop some unwanted attachments. You can also use simscan. It supports blocking attachments. http://www.inter7.com/?page=simscan It works with the QMAILQUEUE patch. Ken Jones
Re: [vchkpw] SMTP Abuse
On Wednesday 13 April 2005 1:01 pm, you wrote: Hi, Today I start to get something like that in my qmail-smtpd log: snip And I know that the IP's used can change... I think that somebody with some user password for smtp is making this, but I can't determine from where or which account he is using. I have no logs for smpt-auth user success or failed... Please, somebody could give me some light to stop that? You probably are receiving a dictionary scan from infected PC's. Be sure to use rblsmtpd against one or more of the good rbl sites. Another thing you can do is scan for frequent IP's to bad users in the smtp log files and build new tcp.smtp deny lines. Ken Jones
Re: [vchkpw] chkuser: Let chkuser kill qmail-smtpd
On Tuesday 29 March 2005 10:53 am, Tobias Orlamuende wrote: Am Dienstag, 29. Mrz 2005 18:37 schrieb Jeremy Kitchen: On Tuesday 29 March 2005 10:31 am, Tobias Orlamuende wrote: After intensive logging I found out, that chkuser sends something like You are violating my security policy when CHKUSERRCPTLIMIT and / or CHKUSER_WRONGRCPTLIMIT is reached. That's fine so far, but the other side is still sending masses of rcpt to. This causes qmail-smtpd to stay open for a very long time until the sender finishes sending his spam. so? the resources consumed by a single copy of qmail-smtpd hanging around for some spammer to give up are minimal. IMHO not :-( qmail-smtpd is running for 40 minutes and counts up (until now) to 105 processes where the oldest one dates from one minute after startup of qmail-smtpd. Load of this Dueal-Opteron (240) is about 100. Timeoutsmtpd is set in control... Most of the started qmail-smtpd's are closed correctly, but some stay open which gives this amount... I am not 100% sure if this problem is caused by chkuser, but for me it looks like. The strange thing is, that most of these open sessions are using STARTTLS. Btw: Anybody made bad experiences with this patch ? http://www.arda.homeunix.net/store/qmail/starttls-2way-auth-20050307.patch I started with Bill Shupp's tls-auth-patch but the loead was even going much higher than now. Try running: /var/qmail/bin/update_tmprsadh Then add a nightly root crontab entry: 0 2 * * * /var/qmail/bin/update_tmprsadh 21 /dev/null Without this, qmail-smtpd will generate a unique key pair for each TLS session, which is *very* cpu intensive. Ken Jones snip
Re: [vchkpw] vpopmail + ldap
On Friday 18 March 2005 9:15 am, Tom Collins wrote: On Mar 18, 2005, at 7:06 AM, Mike Husmann wrote: The catch: My user database is in Active Directory, and I can't talk management out of letting it go yet. There's an Active Directory authentication module in the source code. I don't know who wrote it, how to use it, whether it ever worked, or if it has even kept up with changes we've made to the other modules. I wrote the active directory module. It talked to code running on a windows machine. We had it up and running but we dropped the project after there was no interest in it. We can probably delete it from the project. Ken Jones
[vchkpw] cvs devel version problems
I downloaded the current cvs (devel version) and I get a seg fault when adding a new domain. Looks like it dies in a new function extract_domain(). Does anyone know the status of the devel version? I'd like to get it cleaned up and working again. Ken Jones
Re: [vchkpw] cvs devel version problems
On Thursday 10 March 2005 3:45 pm, Rick Widmer wrote: Ken Jones wrote: I downloaded the current cvs (devel version) and I get a seg fault when adding a new domain. Looks like it dies in a new function extract_domain(). Does anyone know the status of the devel version? I'd like to get it cleaned up and working again. That sounds like my function. I'll try to get a look at it tonight. Do you have the ./configure options you used handy? It may make a difference... Hey Rick, That would be great if you could check it out. I'm wondering what the reason was behind redoing that code. Seems to work fine in the past. The configure options I used was just: ./configure then make ; make install-strip ; vadddomain test.com test Ken
Re: [vchkpw] Interesting gotcha with chkuser patch
On Tuesday 08 March 2005 9:11 am, Rick Macdougall wrote: Hi, It appears that qmail-popup does not reset the maildirsize file when deleting email (maybe I need a patch ?) so if we use the chkuser patch and check for over quota, if the user goes over quota new mail will never be delivered and the maildirsize file will never be updated even if the user has NO email in their box. Maybe the quota checking part of vpopmail should be re-written to re-calculate the quota if the maildirsize file has not been modified in the last 15 minutes (as the specification calls for). You need the Maildir++ patch for qmail-pop3d. Ken Jones
[vchkpw] vhostadmin development release
vhostadmin is a PHP control panel for site administrators looking for an easy way to manage their virtual hosting needs via a series of user-configurable plug-in modules. Because of this you have the ability to write and include your own plug-ins. Although still early in development, we felt it would be good to release the software to the community to look over and inspect. Included is some base API for authentication, communication with the vpopmail daemon, and some basic event binding inside the mail and vpopmail modules. The current development mail module can add a domain via the vpopmail daemon. Since the vpopmail daemon runs under tcpserver the PHP interface can run on a seperate machine, as well as solving the PHP permissions problem. The current development version may be downloaded at: http://www.inter7.com/?page=vhostadmin Or via CVS: export CVSROOT=:pserver:[EMAIL PROTECTED]:/home/cvs cvs login (login with empty password) cvs co vhostadmin We have established a mailing list for development and use of vhostadmin. To subscribe, send a blank e-mail message to [EMAIL PROTECTED] Ken Jones inter7.com
Re: [vchkpw] vhostadmin development release
On Tuesday 08 March 2005 1:57 pm, Dave Goodrich wrote: Ken Jones wrote: vhostadmin is a PHP control panel for site administrators looking for an easy way to manage their virtual hosting needs via a series of user-configurable plug-in modules. Because of this you have the ability to write and include your own plug-ins. Although still early in development, we felt it would be good to release the software to the community to look over and inspect. Included is some base API for authentication, communication with the vpopmail daemon, and some basic event binding inside the mail and vpopmail modules. The current development mail module can add a domain via the vpopmail daemon. Since the vpopmail daemon runs under tcpserver the PHP interface can run on a seperate machine, as well as solving the PHP permissions problem. The current development version may be downloaded at: http://www.inter7.com/?page=vhostadmin Or via CVS: export CVSROOT=:pserver:[EMAIL PROTECTED]:/home/cvs cvs login (login with empty password) cvs co vhostadmin We have established a mailing list for development and use of vhostadmin. To subscribe, send a blank e-mail message to [EMAIL PROTECTED] Someone not familiar with LAMP might follow the install doc and stop there, http://myserver.com/include/global.incopens the cookie jar. Where does one find the vpopmail daemon? I downloaded a fresh copy of 5.4.9 and the 5.5.0-devel and didn't see it. Checked in the contrib dir also. I checked the current cvs and the vpopmaild code is there, but it was not in the Makefile.am. I also get a segfault from vadddomain which I'm trying to track down. In the mean time I think we will post a link on the vhostadmin site with a version that compiles. Ken
Re: [vchkpw] vhostadmin development release
On Tuesday 08 March 2005 1:57 pm, Dave Goodrich wrote: Ken Jones wrote: snip Someone not familiar with LAMP might follow the install doc and stop there, http://myserver.com/include/global.incopens the cookie jar. Where does one find the vpopmail daemon? I downloaded a fresh copy of 5.4.9 and the 5.5.0-devel and didn't see it. Checked in the contrib dir also. Here is a link to a working vpopmaild tar ball untill we get the current devel release working. http://www.inter7.com/vhostadmin/vpopmail-5.5.3.tar.gz Ken
Re: [vchkpw] vhostadmin development release
On Tuesday 08 March 2005 2:44 pm, Dave Goodrich wrote: Ken Jones wrote: On Tuesday 08 March 2005 1:57 pm, Dave Goodrich wrote: Ken Jones wrote: snip Someone not familiar with LAMP might follow the install doc and stop there, http://myserver.com/include/global.incopens the cookie jar. Where does one find the vpopmail daemon? I downloaded a fresh copy of 5.4.9 and the 5.5.0-devel and didn't see it. Checked in the contrib dir also. Here is a link to a working vpopmaild tar ball untill we get the current devel release working. http://www.inter7.com/vhostadmin/vpopmail-5.5.3.tar.gz Excellent, thank you. Before I grab that (might be later this week before I can look at it), are there any ideas/concepts for using vpopmaild with a group of machines? I'm curious how this can add a domain. Are you able to HUP qmail on multiple machines once a domain is added? Well, once you connect to the vpopmail daemon on the machine, the add domain function calls the vpopmail library add domain function that does the HUP signal to qmail-send. Ken
[vchkpw] spamassassin development was spamassassin configuration
Charles J. Boening [EMAIL PROTECTED] said So let me see if I can summarize where this might be going. A lot has been talked about on this topic. Use the pw_uid/pw_gid to check and see if a user wants their mail filtered. I'd also suggest setting another bit for delivery. So we'd have a bit that says scan for spam That code is already in the development branch and well tested. and a bit that says deliver to domain default spam folder (.SPAM or whatever) or not. Sounds good. This would handle both the problem of if the user wants their mail scanned and the disposition of the scanned mail. Yep. The user's only options for tagged spam are to deliver to inbox so they can filter or deliver to a predetermined spam container that the domain administrator specifies. I agree. vdelivermail would pull the delivery location for spam from it's command line or from the domain limits file. I'd rather put it in the domain limits file. Either option would effect an entire domain and we already have the domain limits method. It's a good place to add new options. I also think spamc options should be stored in the same place. Currently the spamc options can be set on the configure line. We thought that would be a good place since the spamc options are site wide. I think all the user preference options are stored in each user_prefs directory. vdelivermail would call spamc. Personally, I don't think we should offer the ability to call Spamassassin directly. It's just not as efficient. I think when people talked about calling spamassassin they meant calling spamc to talk to spamassassin. At least, that's how the development code works now. Maybe the spamc functionality could be compiled right into vdelivermail so no forking is necessary. That would be slick! Depends on how much of a moving target spamc code is. If it just is a socket write/read type of thing then it might be a good idea. Anyone feel like reviewing spamc.c? Sound about right? Have I missed anything? Nice summary! New configure options? --enable-spamassassin enables both spamc and spamfolder processing this is already in the development branch --enable-spamdir = relative directory for spam folder to override the default spam directory location Ken Jones
Re: [vchkpw] Spamassin configuration
On Tuesday 01 March 2005 7:48 pm, Kurt Bigler wrote: on 2/28/05 5:02 PM, Kurt Bigler [EMAIL PROTECTED] wrote: on 2/28/05 7:06 AM, Ken Jones [EMAIL PROTECTED] wrote: We are almost ready to release a new php web interface that talks to the vpopmail daemon where we planned on adding support for this spamassassin stuff. You mention vpopmail daemon. The only vpopmail daemon I have running is vchkpw, used with qmail-pop3d. What I should have said was that my ps listing shows nothing that I recognize as a vpopmail daemon. I didn't think vdelivermail was a daemon, but that may be my ignorance of what a daemon is. So you could clarify vpopmail daemon? The development branch of vpopmail has a new program: vpopmaild It can be run as a daemon under tcpserver. It provides just about all the features in the vpopmail libraries. Programs can authenticate with it and ask it to execute vpopmail type commands. We are using it in vhostadmin to build a php based management interface. Since vpopmaild can be run under tcpserver (over ssl if you need), it lets management interfaces to run on any computer and access vpopmaild over the net. I have a development version of vhostadmin I need to package up for release. If any one wants a copy of it before we pretty it up, email me and I'll send you the tarball. And can someone confirm that SA with per-user preferences means that if I configure SA to interact with qmail-smtpd that this can result in SMTP rejections based on individual user prefs? Yes. That is already available with simscan. However email to multiple recipients can not support reading each of their users preferences. I think the default in simscan is to use the preferences of the first recipient. And is there some redundancy in thie smtpd-time access to vpopmail information between this and chkuser that might be a performance concern? Not that I am aware of. Cheers, Ken Jones