RE: [vchkpw] DSPAM configuration & usage? (vpopmail + simscan + maildrop + clamav)
Tren,Thanks. I already went ahead and started to train the vpopmail user. From what I can see I definitely needed an alias, which I created and began forwarding spam messages to it for classification. I've checked the logs and forwarded messages are being classified as spam, but now I have to see if new messages get classified as spam based on the training, tagged accordingly and possibly moved to the Junk folder or dropped altogether by simscan or maildrop.Cheers,Michael Date: Thu, 12 Aug 2010 11:06:31 -0700 From: t...@eotnetworks.com To: vchkpw@inter7.com Subject: Re: [vchkpw] DSPAM configuration & usage? (vpopmail + simscan + maildrop + clamav) You'll have to forgive me, it's been a while since I've used dspam, and never with simscan, but I'm pretty sure the vpopmail user is the user you'd need to train. As to how best to train, I cannot answer this for you. You might want to subscribe to the dspam mailing list since your questions are dspam specific. Corpus training requires you have a large sample of both spam and ham messages. Webui is for the messages that have come in since you turned dspam live. Hope that helps a bit, Tren From: Michael Mussulis [mailto:mike_at...@hotmail.com] Sent: Thursday, August 12, 2010 04:12 AM To: vpopmail Subject: FW: [vchkpw] DSPAM configuration & usage? (vpopmail + simscan + maildrop + clamav) Hi Tren, Thanks for the quick reply. No I have not done any spam training whatsoever; I only caught on to this fact recently upon re-reading the documentation. Up until now I kept thinking my configuration was wrong somehow, or lacking a certain option. Ok, so now we've established it needs training, how do I go about it? What's the best/proper method of accomplishing this, without too much user intervention?I suppose one confusing issue is the fact that dspam is called with --user vpopmail, so if I am not wrong, training info exists only for vpopmail user. Does that mean the WebUI will only know about this user or none of the other [virtual] users? Thanks,Michael. Date: Thu, 12 Aug 2010 03:26:16 -0700 From: t...@eotnetworks.com To: vchkpw@inter7.com Subject: Re: [vchkpw] DSPAM configuration & usage? (vpopmail + simscan + maildrop + clamav) Have you done any dspam training? Dspam on its own knows nothing of spam. What makes it so powerful is how it learns based on what you teach it. Either via corpus training or training via the web interface. The dspam documentation goes over that in quite a bit of detail. It looks like otherwise your installation is correct and your issue looks to be training related. HTH, Tren !DSPAM:4c65122d32711196165608!
FW: [vchkpw] DSPAM configuration & usage? (vpopmail + simscan + maildrop + clamav)
Hi Tren, Thanks for the quick reply. No I have not done any spam training whatsoever; I only caught on to this fact recently upon re-reading the documentation. Up until now I kept thinking my configuration was wrong somehow, or lacking a certain option. Ok, so now we've established it needs training, how do I go about it? What's the best/proper method of accomplishing this, without too much user intervention?I suppose one confusing issue is the fact that dspam is called with --user vpopmail, so if I am not wrong, training info exists only for vpopmail user. Does that mean the WebUI will only know about this user or none of the other [virtual] users? Thanks,Michael. Date: Thu, 12 Aug 2010 03:26:16 -0700 From: t...@eotnetworks.com To: vchkpw@inter7.com Subject: Re: [vchkpw] DSPAM configuration & usage? (vpopmail + simscan + maildrop + clamav) Have you done any dspam training? Dspam on its own knows nothing of spam. What makes it so powerful is how it learns based on what you teach it. Either via corpus training or training via the web interface. The dspam documentation goes over that in quite a bit of detail. It looks like otherwise your installation is correct and your issue looks to be training related. HTH, Tren !DSPAM:4c63d72732712376558294!
[vchkpw] DSPAM configuration & usage? (vpopmail + simscan + maildrop + clamav)
Hi All, First of, apologies if this is a silly question, but I am VERY VERY confused with regards to DSPAM configuration/usage.I am mostly used to SpamAssassin, and have configured it many times before, with the result of it working more or less straight out of the box. However, SA is no longer a viable option due to its poor performance so I switched to DSPAM. I have compiled, installed and configured DSPAM on my server, and can say it is executed - but spam is still coming in and it looks like DSPAM is not blocking any spam at all.I am absolutely convinced I have missed something in the configuration, somewhere, most likely (in my humble opinion) due to its very poor documentation. I have not found an adequate guide, listing clearly all the steps required to get it to work, i.e. to classify and block spam. Can anyone help please? I have included a log excerpt showing simscan/dspam functionality.I have read the documentation, but I am still none the wiser as to the CORRECT/PROPER method of integrating DSPAM with vpopmail + maildrop. Additional questions:1. Does DSPAM identify spam at all upon first time installation?2. Does DSPAM need aliases to classify spam? Please help. Thanks,Michael. @40004c63c01229c083c4 qmail-smtpd[12137]: Received-SPF: none (mail.stellarent.com: domain at doctormount.com does not designate permitted sender hosts)@40004c63c01229c127d4 qmail-smtpd[12137]: MAIL FROM:@40004c63c01229c18594 qmail-smtpd[12137]: RCPT TO:@40004c63c01229cd7c14 simscan: cdb looking u...@40004c63c01229cd83e4 simscan: cdb for found clam=yes,spam=...@40004c63c01229cd87cc simscan: pelookup clam = y...@40004c63c01229cd87cc simscan: pelookup spam = y...@40004c63c01229cd8bb4 simscan: starting: work dir: /usr/local/var/qmail/simscan/1281605640.701223.12...@40004c63c01e29a5df74 simscan: pelookup: called with sympathize...@doctormount.com@40004c63c01e29a5eb2c simscan: pelookup: domain is doctormount@40004c63c01e29a5ef14 simscan: cdb looking up doctormount@40004c63c01e29a5ef14 simscan: pelookup: local part is sympathize...@40004c63c01e29a5f2fc simscan: lpart: local part is *...@40004c63c01e29a5f6e4 simscan: cdb looking up sympathize...@doctormount.com@40004c63c01e29a5facc simscan: pelookup: called with lo...@stellarent.com@40004c63c01e29a63d34 simscan: pelookup: domain is stellarent@40004c63c01e29a6411c simscan: cdb looking up stellarent@40004c63c01e29a64504 simscan: pelookup: local part is lo...@40004c63c01e29a648ec simscan: lpart: local part is *...@40004c63c01e29a64cd4 simscan: cdb looking up lo...@stellarent.com@40004c63c01e29a650bc simscan: calling ds...@40004c63c01e29a650bc simscan: calling /usr/local/bin/dspam dspamc --stdout --client --feature=noise --deliver=innocent,spam --debug --user vpopm...@40004c63c01e2a6c2d14 simscan:[12137]:CLEAN (0./0.9899):12.0106s:Your style will be modish and unique with our accessories. You will be more successful with our branded accessories.:61.19.66.127:sympathize...@doctormount.com:lo...@stellarent.com@40004c63c01e2a6c8304 simscan: DSPAM reported message as NOT being s...@40004c63c01e2a7e22bc simscan: calling clamds...@40004c63c01e2b0b8224 simscan: clamdscan: /usr/local/var/qmail/simscan/1281605640.701223.12138: o...@40004c63c01e2b137164 simscan: clamdscan:@40004c63c01e2b13d30c simscan: clamdscan: --- SCAN SUMMARY ...@40004c63c01e2b1891e4 simscan: clamdscan: Infected files: 0...@40004c63c01e2b1afefc simscan: clamdscan: Time: 0.008 sec (0 m 0 s)@40004c63c01e2b1ea87c simscan: cdb looking up version cla...@40004c63c01e2b1f5c2c simscan: runned_scanners is clamav: 0.95.2/m:51/d:10...@40004c63c01e2b1fa27c simscan: found 0.95.2/m:51/d:10...@40004c63c01e2b1ff09c simscan: normal clamdscan return code: 0...@40004c63c01e2b20756c simscan: done, execing qmail-qu...@40004c63c01e32f1291c simscan: qmail-queue exited 0 !DSPAM:4c63cb2f32711864150310!
RE: [vchkpw] disable postmaster account?
Indeed you are right, and I am too tired... :(I completely missed the point, now I realize I can use vdeluser to remove the poastmaster account, which takes care of everything nicely. Thanks and apologies again.Michael. > Date: Tue, 19 Jan 2010 17:01:40 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] disable postmaster account? > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Mussulis wrote: > > Matt, > > > > Sorry for being a pain, but although I've removed the postmaster account > > from the vpopmail table, I'm still left with the postmaster Maildir > > account - can this be removed as well? > > Again, you should be using the binaries. Don't bother trying to do things > manually. > - -- > /* > Matt BrookingsGnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAktWOdQACgkQIwet2/rgZyyeVACdHTSoAvErXWt7dwjStQI/0Yo2 > 6hQAnizQgKcF4r9D56/wxE/k35B8XXM4 > =nJmL > -END PGP SIGNATURE- _ We want to hear all your funny, exciting and crazy Hotmail stories. Tell us now http://clk.atdmt.com/UKM/go/195013117/direct/01/ !DSPAM:4b563ac232711828492933!
RE: [vchkpw] disable postmaster account?
Matt, Sorry for being a pain, but although I've removed the postmaster account from the vpopmail table, I'm still left with the postmaster Maildir account - can this be removed as well? Cheers,Michael. > Date: Tue, 19 Jan 2010 16:46:54 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] disable postmaster account? > > -BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Michael Mussulis wrote: > > Ok, great. > > > > So I've added the domain, deleted the postmaster account, but now > > "dir_control" shows 1 users for the newly added domain. If I reset this > > to 0, would it impact anything? > > You probably shouldn't worry about files vpopmail drops. Use the binaries > and worry less about what vpopmail is storing. > - -- > /* > Matt BrookingsGnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAktWNl4ACgkQIwet2/rgZyyZsgCdFo7UhbVt9VEgqeHFefcakwEc > PYkAn3btbU90vXzInRgh1nSE4Mr/E703 > =4rKS > -END PGP SIGNATURE- _ Do you have a story that started on Hotmail? Tell us now http://clk.atdmt.com/UKM/go/195013117/direct/01/ !DSPAM:4b56386132712005514218!
RE: [vchkpw] disable postmaster account?
Ok, thanks Matt. > Date: Tue, 19 Jan 2010 16:46:54 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] disable postmaster account? > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Mussulis wrote: > > Ok, great. > > > > So I've added the domain, deleted the postmaster account, but now > > "dir_control" shows 1 users for the newly added domain. If I reset this > > to 0, would it impact anything? > > You probably shouldn't worry about files vpopmail drops. Use the binaries > and worry less about what vpopmail is storing. > - -- > /* > Matt BrookingsGnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAktWNl4ACgkQIwet2/rgZyyZsgCdFo7UhbVt9VEgqeHFefcakwEc > PYkAn3btbU90vXzInRgh1nSE4Mr/E703 > =4rKS > -END PGP SIGNATURE- _ Got a cool Hotmail story? Tell us now http://clk.atdmt.com/UKM/go/195013117/direct/01/ !DSPAM:4b5636c832711944417715!
RE: [vchkpw] disable postmaster account?
Ok, great. So I've added the domain, deleted the postmaster account, but now "dir_control" shows 1 users for the newly added domain. If I reset this to 0, would it impact anything? Cheers,Michael. > Date: Tue, 19 Jan 2010 15:39:11 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] disable postmaster account? > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Mussulis wrote: > > Hi Matt, > > > > So am I to understand it is created by vadddomain just to satisfy the > > RFC, and deleting it will not break vpopmail/qmail in any way? > > Generally, the answer to your question is: Correct. > - -- > /* > Matt BrookingsGnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAktWJn8ACgkQIwet2/rgZywd0ACfe+GPlJkH7pwPxWNiE0QLsAX3 > KMIAn0q0AmTKTjOjdpK3nSS+KiHPpZwf > =mF+2 > -END PGP SIGNATURE- _ Send us your Hotmail stories and be featured in our newsletter http://clk.atdmt.com/UKM/go/195013117/direct/01/ !DSPAM:4b56360232711122161212!
RE: [vchkpw] disable postmaster account?
Hi Matt, So am I to understand it is created by vadddomain just to satisfy the RFC, and deleting it will not break vpopmail/qmail in any way? Thanks,Michael. > Date: Tue, 19 Jan 2010 15:31:47 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] disable postmaster account? > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Mussulis wrote: > > Hi again, > > > > For every mail domain created, a postmaster account is created by > > default. Is this neccessary? > > Is it possible to add a domain through vadddomain without a default > > postmaster account? > > RFCs state there must be a postmaster user. It is not required by vpopmail > however. > You are free to delete it. > - -- > /* > Matt BrookingsGnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAktWJMMACgkQIwet2/rgZyxKBACfddIA0+CWacVz1qtdvY0xOaIV > bJ0An3UaAnp6ltM4BGzOafuMLJO0HKIr > =f8eY > -END PGP SIGNATURE- _ Do you have a story that started on Hotmail? Tell us now http://clk.atdmt.com/UKM/go/195013117/direct/01/ !DSPAM:4b5625cb32716959711139!
[vchkpw] disable postmaster account?
Hi again, For every mail domain created, a postmaster account is created by default. Is this neccessary?Is it possible to add a domain through vadddomain without a default postmaster account? Many thanks,Michael. _ Got a cool Hotmail story? Tell us now http://clk.atdmt.com/UKM/go/195013117/direct/01/ !DSPAM:4b5623b932712870556117!
RE: [vchkpw] deleting domains and dir_control
Hi Matt, Thanks for the quick reply. > Yes, it was meant to work this way. If you're running a newer version of> > vpopmail, this entry will be re-used by a new domain. Do you mean in the newer versions of vpopmail, newly added domains reuse the same entry? Also, is there any documentation anywhere about "dir_control" works? From what I understand it's to do with hashing, am I right? But what exactly? For example I would like to understand how "dom_507" relates to test65.com.. Also is there anyway to manage "dir_control", if say the table grows too large, like a purging command? Should this be a concern? Cheers,Michael. _ Got a cool Hotmail story? Tell us now http://clk.atdmt.com/UKM/go/195013117/direct/01/ !DSPAM:4b55c9e332711894015171!
[vchkpw] deleting domains and dir_control
Hi Guys, I have a simple question. I created a domain test65.com and my dir_control table looks like this: test65.com103000616161024000 dom_507103000616161024000 I then deleted the domain which was removed from dir_control, but the "dom_507" record was not.Is this the way it's supposed to work? If so, what is the reason for leaving the above record in the table, although the domain was deleted? Excuse my ignorance, but I have no idea what the "dir_control" table is for and how it works. If someone could shed some light on this I would be most grateful. Many thanks,Michael. _ Send us your Hotmail stories and be featured in our newsletter http://clk.atdmt.com/UKM/go/195013117/direct/01/ !DSPAM:4b55c61632711050519321!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Matt, Got it. Permissions for invoking sslserver are fine, no need to change anything. I traced the problem to vauth_getpw(), where vpopmail's user is compared to the domain uid/gid. Thus vadddomain -u mike4 creates the entire domain skeleton with uid/gid 516 (mike4), and vauth_getpw returns 507 for vpopmail - so it fails. The solution is vadddomain -g 516 which creates the domain skeleton with vpopmail:mike4 owner and group. This ensures vpopmail can authenticate whilst maintaining group rights for file system quotas via group quotas. Dovecot imap/imaps/pop3s still authenticate but ONLY if I specify a custom sql query in it's configuration AND update the vpopmail mysql table uid/gid with the corresponding values i.e. 507/516. Although this method works, I still feel there's something funky going with dovecot+vpopmail authentication. Having to manually update the vpopmail table with uid/gid after domain creation isn't very elegant, can something be done about this? Is it not possible to modify vpopmail to store the uid/gid instead of the constant values of 0/0? Thanks,Michael. > Date: Mon, 21 Dec 2009 08:47:30 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Michael Mussulis wrote: > > I am back, and I want to thank you ALL for all your help and assistance, > > you've all been very kind, patient and helpful. Sorry I've dropped off > > the map these last couple of weeks, but I underwent an operation to > > remove a cyst on my right kidney. > > Glad to hear your kidney is now cyst free :) > > > /var/log/maillog > > Dec 21 14:37:37 localhost vpopmail[23557]: vchkpw-smtps: vpopmail user > > not found postmas...@test10.com:192.168.0.12 > > > > Does anyone have any idea why this happening under sslserver? > > It would appear that vchkpw may not have permissions to look up the user. > Make sure > it's not being run as an underprivileged user. The sslserver arguments > related to > running the qmail-smtp process should be identical to tcpserver. > - -- > /* > Matt BrookingsGnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksvioEACgkQIwet2/rgZywa0QCfYJXQTN90UIWc4AIPCaqzARL2 > 4bgAn084HDcLwqgDWUJBLX6ABHEL1I9V > =Eud4 > -END PGP SIGNATURE- _ Got more than one Hotmail account? Save time by linking them together http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b30ae6132718292337833!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Thanks Matt, I am curious to see if the op will make a difference to the discomfort I was experiencing just under my last right rib :) Re. sslserver, my tcpserver and sslserver run files are identical (bar the SSL on/off options), thus they are both being called as follows: command-line: exec sslserver -e -vR -l localhost -c 30 -u 501 -g 500 -x /usr/local/hcp/etc/tcp.smtpssl.cdb 0.0.0.0 465qmail-smtpd localhost /usr/local/hcp/vpopmail/bin/vchkpw /bin/true 2>&1 and command-line: exec tcpserver -vR -l localhost -c 30 -u 501 -g 500 -x /usr/local/hcp/etc/tcp.smtp.cdb 0.0.0.0 25qmail-smtpd localhost /usr/local/hcp/vpopmail/bin/vchkpw /bin/true 2>&1 both use user 'qmaild' (-u 501 -g 500). The only difference between the two is -e and the cdb file, as you can you see. Any other ideas? Mike. > Date: Mon, 21 Dec 2009 08:47:30 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Mussulis wrote: > > I am back, and I want to thank you ALL for all your help and assistance, > > you've all been very kind, patient and helpful. Sorry I've dropped off > > the map these last couple of weeks, but I underwent an operation to > > remove a cyst on my right kidney. > > Glad to hear your kidney is now cyst free :) > > > /var/log/maillog > > Dec 21 14:37:37 localhost vpopmail[23557]: vchkpw-smtps: vpopmail user > > not found postmas...@test10.com:192.168.0.12 > > > > Does anyone have any idea why this happening under sslserver? > > It would appear that vchkpw may not have permissions to look up the user. > Make sure > it's not being run as an underprivileged user. The sslserver arguments > related to > running the qmail-smtp process should be identical to tcpserver. > - -- > /* > Matt BrookingsGnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksvioEACgkQIwet2/rgZywa0QCfYJXQTN90UIWc4AIPCaqzARL2 > 4bgAn084HDcLwqgDWUJBLX6ABHEL1I9V > =Eud4 > -END PGP SIGNATURE- _ Add your Gmail and Yahoo! Mail email accounts into Hotmail - it's easy http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b2f91b032711219875927!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Hi Guys, I am back, and I want to thank you ALL for all your help and assistance, you've all been very kind, patient and helpful. Sorry I've dropped off the map these last couple of weeks, but I underwent an operation to remove a cyst on my right kidney. Anyways, back to the issue at hand, I must confess I am a bit of an idiot. These last couple of days I've been busy packaging up the entire installation I've created as an rpm file. Having created an rpm, I installed it in a brand new FC12 box and to my horror, qmail would not start up, more specifically qmail-smtp. Checking the output of readproctitle and qmail-smtp/current log file, I saw a strange error: tcpserver could not bind to port 25, it was already in use - which needless to say stumped me completely. I couldn't understand what was taking up port 25, for the brand new box had a really minimal install of fedora, and I manually removed sendmail first thing. So, after a few days of blundering around like a fool, I discovered the culprit: EXIM. I couldn't believe it! I couldn't understand why or how exim got into my system, for I specifically didn't install it or any other smtp servers. Finally, I found out how it got it, via squirrelmail rpm. For some reason, suirrelmail rpm depends on exim (why I have no idea), which means that using yum to install squirrelmail automatically install exim as well. Which really begs the question - why on earth does squirrelmail depend on exim? Surely it should distribute without any dependency and let the user configure it with whatever backend they prefer, right? Please correct me if I am wrong. Ok, so I removed exim. This fixed tcpserver starting up, but then it complained that it couldn't find validrcptto.cdb. Again I was stumped. So after much digging around, I realized what was going on. The qmail-smtp run file (from jms), was actually kicking in causing tcpserver and qmail-smtp unexpected behavior. After altering the run file accordingly everything worked just fine. So I went back to the original FC12 box, and discovered something even stranger - exim was installed and running AS WELL as tcpserver both binding on port 25. I reckon one was binding on localhost and the other on a specific ip address, causing both to start (without errors). In any case, as a result of the above, I was able to fix qmail-smtp to use simscan + clamav/dspam. Needless to say, I had fun with those two as well. Mostly because both programs have changed, and the simscan distro hasn't been modified accordingly (and/or perhaps some changes are specific to Fedora). I had to manually alter the code in simscan to modify the dspam arguments, as --feature=chained is no longer supported and compiling with --with-dspam-args has no effect. So, finally I decided to go the jms route and install multiple smtp services for security reasons. 1) smtp + tls port 25, 2) smtp + ssl port 465 (using sslserver). Sending an email via port 25 works just fine: authentication, simscan, clamav, dspam. But sending an email via port 465 results with this error: /var/log/qmail/qmail-smtpdssl/curr...@40004b2f6c161b555e2c qmail-smtpd[23550]: AUTH failed [192.168.0.12] postmas...@test10.com /var/log/maillogDec 21 14:37:37 localhost vpopmail[23557]: vchkpw-smtps: vpopmail user not found postmas...@test10.com:192.168.0.12 Does anyone have any idea why this happening under sslserver? Many thanks,Michael.PS: Apologies for the lengthy blurb, but I thought I would share with everyone my discoveries. > Date: Sat, 5 Dec 2009 02:37:13 +0200 > From: jukka.kurk...@tjc.fi > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > dovecot, to get around the uid 0 error. > > Michael Mussulis wrote: > > sorry modify exactly which user_query? vopmail or dovecot? > > > > > > that one: > > > > user_query = SELECT pw_dir as home, pw_uid AS uid, pw_gid AS gid FROM > > > > vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' > > > and a side note: > > > > Also, the pw_uid/pw_gid in vpopmail table MUST have the correct > > uid/gid > > > > values for the domain if created with -u, other dovecot will fail with: > > that is not quite true, since its dovecot that fails, not vpopmail. so > vpopmail's table does not need to have correct uid/gid, it works fine > without them. > > ++jukka > > > _ Have more than one Hotmail account? Link them together to easily access both http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b2f748132711597814111!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
mmm, I think I tried that at one point but can't be certain, too many tests... :)I will give it a go, but I don't think it will work, I think it will want the domain owner uid/gid not vpopmail/vchkpw...I will let you know the results shortly... mike. > Date: Sat, 5 Dec 2009 02:37:13 +0200 > From: jukka.kurk...@tjc.fi > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > dovecot, to get around the uid 0 error. > > Michael Mussulis wrote: > > sorry modify exactly which user_query? vopmail or dovecot? > > > > > > that one: > > > > user_query = SELECT pw_dir as home, pw_uid AS uid, pw_gid AS gid FROM > > > > vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' > > > and a side note: > > > > Also, the pw_uid/pw_gid in vpopmail table MUST have the correct > > uid/gid > > > > values for the domain if created with -u, other dovecot will fail with: > > that is not quite true, since its dovecot that fails, not vpopmail. so > vpopmail's table does not need to have correct uid/gid, it works fine > without them. > > ++jukka > > > _ View your other email accounts from your Hotmail inbox. Add them now. http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b19ac5532716013015893!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
or did u mean the sql query used in dovecot-sql.conf? > Date: Sat, 5 Dec 2009 02:18:13 +0200 > From: jukka.kurk...@tjc.fi > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > you could hard code vpopmail's uid and vchkpw gid in that user_query.. > not quite sure if that will do what you're looking for though. > > ++jukka > _ Got more than one Hotmail account? Save time by linking them together http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b19a94b32711341118240!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
sorry modify exactly which user_query? vopmail or dovecot?
mike
> Date: Sat, 5 Dec 2009 02:18:13 +0200
> From: jukka.kurk...@tjc.fi
> To: vchkpw@inter7.com
> Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u
>
> you could hard code vpopmail's uid and vchkpw gid in that user_query..
> not quite sure if that will do what you're looking for though.
>
> ++jukka
>
> Michael Mussulis wrote:
> > Hmm... so basically so far from everything that's been said, it looks
> > like the uid/gid values are being used for domain creation purposes, but
> > not stored in the sql backend, which brings me to the issue of dovecot
> > authentication via IMAP.
> >
> > As mentioned before, I did a bog standard vpopmail build/install,
> > followed by a bog standard dovecot build/install. If I add a domain,
> > that is owned by vpopmail/vchkpw - dovecot imap authentication from
> > squirremail works just fine.
> >
> > However, if for a domain owned by a 'mike4', dovecot authentication
> > fails with:
> >
> > auth(default): Info: client in: AUTH1 PLAIN service=imap
> > secured lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=56559
> > resp=AHBvc3RtYXN0ZXJAdGVzdDEwLmNvbQAxMjM=
> > auth(default): Info: vpopmail(postmas...@test10.com,127.0.0.1): lookup
> > user=postmaster domain=test10.com
> > auth(default): Info: vpopmail(postmas...@test10.com,127.0.0.1): unknown user
> > auth(default): Info: new auth connection: pid=18526
> > auth(default): Info: client out: FAIL 1 user=postmas...@test10.com
> > imap-login: Info: Aborted login (auth failed, 1 attempts):
> > user=, method=PLAIN, rip=127.0.0.1,
> > lip=127.0.0.1, secured
> >
> > My dovecot.conf auth section is:
> >
> > ##
> > ## Authentication processes
> > ##
> >
> > auth default {
> >mechanisms = plain
> >
> >### works for vpopmail/vchkpw domains
> >#passdb vpopmail {
> >#args =
> >#}
> >
> >#userdb vpopmail {
> >#}
> >###
> >
> >### works for -u domains
> >passdb sql {
> > args = /usr/local/hcp/etc/dovecot-sql.conf
> >}
> >
> >
> >userdb sql {
> >args = /usr/local/hcp/etc/dovecot-sql.conf
> > }
> >
> >user = vpopmail
> >count = 1
> >ssl_require_client_cert = no
> > }
> >
> > and dovecot-sql.conf:
> >
> > driver = mysql
> > connect = host=localhost port=3306 user=admin password= dbname=hcp
> > default_pass_scheme = CRYPT
> > password_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user,
> > pw_passwd AS password FROM vpopmail WHERE pw_name = '%n' AND pw_domain =
> > '%d'
> > user_query = SELECT pw_dir as home, pw_uid AS uid, pw_gid AS gid FROM
> > vpopmail WHERE pw_name = '%n' AND pw_domain = '%d'
> >
> > Also, the pw_uid/pw_gid in vpopmail table MUST have the correct uid/gid
> > values for the domain if created with -u, other dovecot will fail with:
> >
> > dovecot: Error: User postmas...@test10.com not allowed to log in using
> > UNIX UID 0 (root logins are never allowed)
> >
> > Am I doing something wrong? Am I to understand that for any domain I
> > create with -u, I then have to update vpopmail table with the real
> > uid/gid values?
> >
> > Thanks,
> > Michael.
> > (PS: I know part of the question is about dovecot, but it's closely tied
> > to vpopmail authentication).
> >
> > > Date: Fri, 4 Dec 2009 09:46:37 -0600
> > > From: m...@inter7.com
> > > To: vchkpw@inter7.com
> > > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u
> > >
> > > -BEGIN PGP SIGNED MESSAGE-
> > > Hash: SHA1
> > >
> > > Pavel V. Yanchenko wrote:
> > > > Could it be that vdelivermail ignores groups? Is it possible at all?
> > >
> > > The groups file is not read by uid selection or execution system calls.
> > > - --
> > > /*
> > > Matt Brookings GnuPG Key FAE0672C
> > > Software developer Systems technician
> > > Inter7 Internet Technologies, Inc. (815)776-9465
> > > */
> > > -BEGIN PGP SIGNATURE-
> > > Version: GnuPG v1.4.9 (GNU/Linux)
> > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> > >
> > > iEYEARECAAYFAksZLt0ACgkQIwet2/rgZyyUBACcCRonIobcnTDT02rhYIr43oqA
> > > /94Ani3PjvK4TTtEB0fmsiHhCi9mbU8E
> > > =sHP6
> > > -END PGP SIGNATURE-
> >
> >
> > Use Hotmail to send and receive mail from your different email accounts.
> > Find out how. <http://clk.atdmt.com/UKM/go/186394592/direct/01/>
> >
>
>
>
>
_
Use Hotmail to send and receive mail from your different email accounts
http://clk.atdmt.com/UKM/go/186394592/direct/01/
!DSPAM:4b19a8fb32717360018702!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Hmm... so basically so far from everything that's been said, it looks like the
uid/gid values are being used for domain creation purposes, but not stored in
the sql backend, which brings me to the issue of dovecot authentication via
IMAP.
As mentioned before, I did a bog standard vpopmail build/install, followed by a
bog standard dovecot build/install. If I add a domain, that is owned by
vpopmail/vchkpw - dovecot imap authentication from squirremail works just fine.
However, if for a domain owned by a 'mike4', dovecot authentication fails with:
auth(default): Info: client in: AUTH1 PLAIN service=imapsecured
lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=56559
resp=AHBvc3RtYXN0ZXJAdGVzdDEwLmNvbQAxMjM=auth(default): Info:
vpopmail(postmas...@test10.com,127.0.0.1): lookup user=postmaster
domain=test10.comauth(default): Info:
vpopmail(postmas...@test10.com,127.0.0.1): unknown userauth(default): Info: new
auth connection: pid=18526auth(default): Info: client out: FAIL 1
user=postmas...@test10.comimap-login: Info: Aborted login (auth failed, 1
attempts): user=, method=PLAIN, rip=127.0.0.1,
lip=127.0.0.1, secured
My dovecot.conf auth section is:
Authentication processes##
auth default { mechanisms = plain
### works for vpopmail/vchkpw domains #passdb vpopmail { #args = #}
#userdb vpopmail { #} ###
### works for -u domains passdb sql { args =
/usr/local/hcp/etc/dovecot-sql.conf }
userdb sql { args = /usr/local/hcp/etc/dovecot-sql.conf}
user = vpopmail count = 1 ssl_require_client_cert = no}
and dovecot-sql.conf:
driver = mysqlconnect = host=localhost port=3306 user=admin password=
dbname=hcpdefault_pass_scheme = CRYPTpassword_query = SELECT CONCAT(pw_name,
'@', pw_domain) AS user, pw_passwd AS password FROM vpopmail WHERE pw_name =
'%n' AND pw_domain = '%d'user_query = SELECT pw_dir as home, pw_uid AS uid,
pw_gid AS gid FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d'
Also, the pw_uid/pw_gid in vpopmail table MUST have the correct uid/gid values
for the domain if created with -u, other dovecot will fail with:
dovecot: Error: User postmas...@test10.com not allowed to log in using UNIX UID
0 (root logins are never allowed)
Am I doing something wrong? Am I to understand that for any domain I create
with -u, I then have to update vpopmail table with the real uid/gid values?
Thanks,Michael.(PS: I know part of the question is about dovecot, but it's
closely tied to vpopmail authentication).
> Date: Fri, 4 Dec 2009 09:46:37 -0600
> From: m...@inter7.com
> To: vchkpw@inter7.com
> Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Pavel V. Yanchenko wrote:
> > Could it be that vdelivermail ignores groups? Is it possible at all?
>
> The groups file is not read by uid selection or execution system calls.
> - --
> /*
> Matt BrookingsGnuPG Key FAE0672C
> Software developer Systems technician
> Inter7 Internet Technologies, Inc. (815)776-9465
> */
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAksZLt0ACgkQIwet2/rgZyyUBACcCRonIobcnTDT02rhYIr43oqA
> /94Ani3PjvK4TTtEB0fmsiHhCi9mbU8E
> =sHP6
> -END PGP SIGNATURE-
_
Use Hotmail to send and receive mail from your different email accounts
http://clk.atdmt.com/UKM/go/186394592/direct/01/
!DSPAM:4b199dfa32711374655388!
RE: Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u
Pavel, Didn't work, I got this: @40004b1996a62056cd0c status: local 0/10 remote 0/1...@40004b19970325ce2f3c starting delivery 92: msg 206456 to local test10.com-postmas...@test10.com@40004b19970325ce42c4 status: local 1/10 remote 0/1...@40004b1997071b92096c delivery 92: deferral: vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/Error_-_no_authentication_database_connection._Initial_open./vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/Error_-_no_authentication_database_connection._Initial_open./grep:_/.qmail-default:_No_such_file_or_directory/grep:_/.qmail-default:_No_such_file_or_directory/awk:_cmd._line:1:_fatal:_cannot_open_file_`/.qmail-default'_for_reading_(No_such_file_or_directory)/maildrop:_non-filtered_mail_delivery//usr/local/hcp/bin/maildrop:_Unable_to_open_mailbox./@40004b1997071be015e4 status: local 0/10 remote 0/120 Works only in mode 644. Mike. > Date: Fri, 4 Dec 2009 18:30:05 +0300 > From: bal...@msmu.ru > To: vchkpw@inter7.com > Subject: Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u > > Update. > > If vdelivermail is made 102711 (set group id on exec) then mail is > delivered. > > Try it, Michael. > > -- > Best regards, > Pavelmailto:bal...@msmu.ru > > > > _ Use Hotmail to send and receive mail from your different email accounts http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b1997b632711610977555!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Jukka, To clarify, the user was part of 'vhckpw' group before I tried reverting to mode 640.So still having the issue. At the moment it's working with mode 644. Mike. > Date: Fri, 4 Dec 2009 15:45:30 +0200 > From: jukka.kurk...@tjc.fi > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > Thats kind of odd.. did you make sure the user (mike4 i guess) is in > that group? > > ++jukka > > Michael Mussulis wrote: _ Have more than one Hotmail account? Link them together to easily access both http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b19136b32711767011716!
RE: Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u
Hi Pavel, It already is, see output of id: [r...@vmfc12 ~]# id mike4uid=516(mike4) gid=516(mike4) groups=516(mike4),502(vchkpw) Mike. Date: Fri, 4 Dec 2009 16:36:46 +0300 From: bal...@msmu.ru To: vchkpw@inter7.com Subject: Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u Hello Michael, I'm not sure how it will affect security, but perhaps you could make mike4 and other users who need access to vpopmail.mysql members of vchkpw group? In linux it should be "usermod -a -G vchkpw mike4" And you can use "groups mike4" command to see in which groups mike4 is. _ Use Hotmail to send and receive mail from your different email accounts http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b1912f132712110113787!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Yup... see output of id: [r...@vmfc12 ~]# id mike4uid=516(mike4) gid=516(mike4) groups=516(mike4),502(vchkpw) Mike. > Date: Fri, 4 Dec 2009 15:45:30 +0200 > From: jukka.kurk...@tjc.fi > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > Thats kind of odd.. did you make sure the user (mike4 i guess) is in > that group? > > ++jukka > > Michael Mussulis wrote: > > Jukka, > > > > Good point, but vpopmail.mysql is already group vchkpw and mode 640 > > doesn't work. I tried and it gives: > > > > @40004b19000104a3957c delivery 37: deferral: > > vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/vdelivermail:_deferred,_database_down/ > > > > Any other ideas? > > > > Thanks, > > Michael. > > > > > Date: Fri, 4 Dec 2009 10:09:44 +0200 > > > From: jukka.kurk...@tjc.fi > > > To: vchkpw@inter7.com > > > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > > > > > rather change the group of vpopmail.mysql to vchkpw and let it be in > > > mode 640.. it contains the password for the database, and if anyone who > > > don't need to know it has shell access, its a security risk. > > > > > > ++jukka > > > > > > > > > > > Have more than one Hotmail account? Link them together to easily access > > both. < http://clk.atdmt.com/UKM/go/186394591/direct/01/> > > > > > > _ Add your Gmail and Yahoo! Mail email accounts into Hotmail - it's easy http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b1912c732711108910712!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Jukka, Good point, but vpopmail.mysql is already group vchkpw and mode 640 doesn't work. I tried and it gives: @40004b19000104a3957c delivery 37: deferral: vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/vdelivermail:_deferred,_database_down/ Any other ideas? Thanks,Michael. > Date: Fri, 4 Dec 2009 10:09:44 +0200 > From: jukka.kurk...@tjc.fi > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > rather change the group of vpopmail.mysql to vchkpw and let it be in > mode 640.. it contains the password for the database, and if anyone who > don't need to know it has shell access, its a security risk. > > ++jukka > _ Add your Gmail and Yahoo! Mail email accounts into Hotmail - it's easy http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b1904ff32711926221187!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Matt, Just to reply, config.h look ok to me: [r...@vmfc12 vpopmail-5.4.29]# cat config.h | grep -P "usr|bin|vpop"#define LOG_NAME "vpopmail"#define MAILDROP_PROG "/usr/local/hcp/bin/maildrop"#define OPEN_SMTP_CUR_FILE "/usr/local/hcp/vpopmail/etc/open-smtp"#define OPEN_SMTP_LOK_FILE "/usr/local/hcp/vpopmail/etc/open-smtp.lock"#define OPEN_SMTP_TMP_FILE "/usr/local/hcp/vpopmail/etc/open-smtp.tmp"#define PACKAGE "vpopmail"#define PACKAGE_NAME "vpopmail"#define PACKAGE_STRING "vpopmail 5.4.29"#define PACKAGE_TARNAME "vpopmail"#define QMAILDIR "/usr/local/hcp/var/qmail"#define QMAILINJECT "/usr/local/hcp/var/qmail/bin/qmail-inject"#define QMAILNEWMRH "/usr/local/hcp/var/qmail/bin/qmail-newmrh"#define QMAILNEWU "/usr/local/hcp/var/qmail/bin/qmail-newu"#define SPAMC_PROG "/usr/bin/spamc"#define TCPRULES_PROG "/usr/local/bin/tcprules"#define TCP_FILE "/usr/local/hcp/vpopmail/etc/tcp.smtp"#define VLIMITS_DEFAULT_FILE "/usr/local/hcp/vpopmail/etc/vlimits.default"#define VPOPMAILDIR "/usr/local/hcp/vpopmail"#define VPOPUSER "vpopmail" Any other paths I may have missed? Thanks,Michael. > Date: Thu, 3 Dec 2009 17:14:34 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Mussulis wrote: > > Matt, > > > > Just to make sure we're on the page, I've done a brand new build using > > version 5.4.29 you recently released, without maildrop as shown below.. > > Installed, restarted qmail, still getting permission denied. > > Check config.h to check the directory locations. Also, su to the mike user > and see if he can execute the command in test.com/.qmail-default. > - -- > /* > Matt BrookingsGnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksYRloACgkQIwet2/rgZyxQMACfZJWL6yVy2aQniBNzdoWgCxVL > DtIAni37zsGrKDSDEpXK+WE/Q/dlg6sT > =FvBC > -END PGP SIGNATURE- _ Have more than one Hotmail account? Link them together to easily access both http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b1850d332713077757407!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Tom/Matt, I recompiled with spamassassin and maildrop, reinstalled, and vpopmail.mysql went back to mode 640, which caused this error: @40004b184f6a0be9e37c new msg 207...@40004b184f6a0be9ef34 info msg 207176: bytes 496 from qp 15404 uid 0...@40004b184f6a0be9f704 starting delivery 1: msg 207176 to local test10.com-postmas...@test10.com@40004b184f6a0bea02bc status: local 1/10 remote 0/1...@40004b184f6a0cce9274 delivery 1: deferral: vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/vdelivermail:_deferred,_database_down/ As soon as I changed to mode 644, it worked instantly. @40004b184fe21a1183ec starting delivery 7: msg 206333 to local test10.com-postmas...@test10.com@40004b184fe21a119774 status: local 1/10 remote 0/1...@40004b184fe70d156744 delivery 7: success: LibClamAV_Error:_cl_cvdhead:_Can't_open_file_/var/lib/clamav/daily.cvd/maildrop:_non-filtered_mail_delivery/did_0+0+1/@40004b184fe70da581e4 status: local 0/10 remote 0/1...@40004b184fe70da58d9c end msg 206333 Tom, you're my hero! :) Now to get rid of that annoying clamav error... Mike. > From: t...@tomlogic.com > Date: Thu, 3 Dec 2009 15:25:05 -0800 > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > Sorry to just jump in at a random point in the conversation, but here are > some thoughts. > > If you su to the mike4 user, can you run ~vpopmail/bin/vdelivermail (i.e., do > you have execute access on the file)? It needs to be able to do that. Can > you cd into the directory with email for that domain? Maybe a higher-level > directory prevents you from changing into it (you'll likely have to cd > directly to it). > > I think that vdelivermail is self-contained, so you probably don't need to > have access to other binaries. Qmail-local runs with the uid/gid in the > users/assign file. > > -Tom > > _ View your other email accounts from your Hotmail inbox. Add them now. http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b18501332718274911049!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Tom, I reckon you might be on to something. I did su to mike4, and couldn't even list the ~vpopmail/bin directory, let alone execute vdelivermail - in fact I got "Permission denied"! And I fixed it! I changed permissions as follows: ~vpopmail/ - to mode 2755~vpopmail/etc/ - to mode 40755~vpopmail/etc/vpopmail.mysql - to mode 644 It started working straight away! Can you guys validate my changes? I want to make sure I have not opened a security hole. Many thanks,Michael. > From: t...@tomlogic.com > Date: Thu, 3 Dec 2009 15:25:05 -0800 > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > Sorry to just jump in at a random point in the conversation, but here are > some thoughts. > > If you su to the mike4 user, can you run ~vpopmail/bin/vdelivermail (i.e., do > you have execute access on the file)? It needs to be able to do that. Can > you cd into the directory with email for that domain? Maybe a higher-level > directory prevents you from changing into it (you'll likely have to cd > directly to it). > > I think that vdelivermail is self-contained, so you probably don't need to > have access to other binaries. Qmail-local runs with the uid/gid in the > users/assign file. > > -Tom > > _ Use Hotmail to send and receive mail from your different email accounts http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b184e8132712986024433!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
spamassassin was already disabled in vlimits.default, but I recompiled again without it.Same problem. Mike. Date: Thu, 3 Dec 2009 15:16:45 -0800 From: t...@eotnetworks.com To: vchkpw@inter7.com Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u Try disabling spamassassin support as well. t _ Add your Gmail and Yahoo! Mail email accounts into Hotmail - it's easy http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b18482a32711903420225!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Matt, Just to make sure we're on the page, I've done a brand new build using version 5.4.29 you recently released, without maildrop as shown below. Installed, restarted qmail, still getting permission denied. Mike. configure: creating ./config.statusconfig.status: creating Makefileconfig.status: creating config.hconfig.status: executing depfiles commands vpopmail 5.4.29Current settings--- vpopmail directory = /usr/local/hcp/vpopmail domains directory = /usr/local/hcp/vpopmail/domains uid = 507 gid = 502 roaming users = ON --enable-roaming-userstcpserver file = /usr/local/hcp/vpopmail/etc/tcp.smtpopen_smtp file = /usr/local/hcp/vpopmail/etc/open-smtprebuild tcpserver file = ON --enable-rebuild-tcpserver-file (default) password learning = OFF --disable-learn-passwords (default) md5 passwords = ON --enable-md5-passwords (default) file locking = ON --enable-file-locking (default)vdelivermail fsync = OFF --disable-file-sync (default) make seekable = ON --enable-make-seekable (default) clear passwd = OFF --disable-clear-passwd user dir hashing = ON --enable-users-big-dir (default)address extensions = ON --enable-qmail-ext ip alias = ON --enable-ip-alias-domains onchange script = OFF --disable-onchange-script (default) domain quotas = ON --enable-domainquotas *** Domain quotas should only be enabled *** *** when using the vpopmail usage daemon *** auth module = mysql --enable-auth-module=mysql mysql replication = OFF --disable-mysql-replication (default) sql logging = OFF --disable-sql-logging (default) mysql limits = ON --enable-mysql-limits SQL valias table = ON --enable-valias auth inc = -I/usr/include/mysql auth lib = -Xlinker -R -Xlinker /usr/lib/mysql -L/usr/lib/mysql -lmysqlclient -lz -lm system passwords = ON --enable-passwdpop syslog = log success and errors including passwords --enable-logging=v auth logging = ON --enable-auth-logging (default)all domains in one SQL table = --enable-many-domains (default) spamassassin = ON --enable-spamassassin maildrop = OFF --disable-maildrop (default) > Date: Thu, 3 Dec 2009 17:05:43 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Tren Blackburn wrote: > > Excuse my interjection but could the issue be with maildrop being called > > during the delivery process? What do your maildroprc file have in it? > > Does maildrop have permission to delivery to that directory? > > Ah. Also, does vdelivermail have permission to run maildrop, and if so, when > it's running as your domain's user, can it read the maildroprc file? > - -- > /* > Matt BrookingsGnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksYREcACgkQIwet2/rgZyzBrACdEzrgSHO9RhfnB2HEq/yoX5UP > OK4An38fXfPDDaIxnG3BsqfX/naiVR0R > =Zd65 > -END PGP SIGNATURE- _ Use Hotmail to send and receive mail from your different email accounts http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b18461732717061118818!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Tren, No need to apologize, and I thought of the exact same thing, so I did two tests: 1. disable maildrop in ./etc/vlimits.default2. recompiled vpopmail without maildrop Still got the same error. I even went as far as renaming the maildroprc file, but still no go. Thanks,Michael. -- Excuse my interjection but could the issue be with maildrop being called during the delivery process? What do your maildroprc file have in it? Does maildrop have permission to delivery to that directory? _ Have more than one Hotmail account? Link them together to easily access both http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b1844d932719032374427!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Matt, Is there any way to manually debug vdelivermail? Cheers,Michael. > Date: Thu, 3 Dec 2009 16:45:56 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Mussulis wrote: > > Furthermore, having followed the instructions to the letter, I would > > expect it to simply work - unless there's something silly I've missed > > (or perhaps undocumented). If other people have -u to work perhaps they > > can shed some light on whether they had to take special steps to make it > > work. > > I would also expect it to work. I have no reports of failure of this feature > anywhere, and my local tests show that it's working with all of the recent > versions > available. Are you running a version prior to 5.4.15? > > Unfortunately I do not have any further ideas what it might be. > - -- > /* > Matt BrookingsGnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksYP6QACgkQIwet2/rgZywAzACggMCNxpFs6TNF3OzhdMV2jW+W > L/cAn01NxHdZAME10vEGNrtSx4PMVXse > =d4qJ > -END PGP SIGNATURE- _ View your other email accounts from your Hotmail inbox. Add them now. http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b18425c32715135881307!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Matt, I am running version 5.4.28 downloaded from sourceforge and compiled with: #!/bin/sh ./configure \--prefix=/usr/local/hcp \ --enable-qmaildir=/usr/local/hcp/var/qmail \ --enable-qmail-newu=/usr/local/hcp/var/qmail/bin/qmail-newu \ --enable-qmail-inject=/usr/local/hcp/var/qmail/bin/qmail-inject \ --enable-qmail-newmrh=/usr/local/hcp/var/qmail/bin/qmail-newmrh \ --enable-tcpserver-fle=/usr/local/hcp/etc/tcp.smtp \--enable-logging=v \ --enable-auth-module=mysql \--disable-clear-passwd \--enable-qmail-ext \--enable-ip-alias-domains \--enable-auth-logging \--enable-valias \--enable-mysql-limits \--enable-domainquotas=y \ --enable-roaming-users \--enable-relay-clear-minutes=180 \ --enable-many-domains \--enable-spamassassin=y \--enable-passwd \ --enable-maildrop=y \--enable-maildrop-prog=/usr/local/hcp/bin/maildrop Thanks,Michael. > Date: Thu, 3 Dec 2009 16:45:56 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Mussulis wrote: > > Furthermore, having followed the instructions to the letter, I would > > expect it to simply work - unless there's something silly I've missed > > (or perhaps undocumented). If other people have -u to work perhaps they > > can shed some light on whether they had to take special steps to make it > > work. > > I would also expect it to work. I have no reports of failure of this feature > anywhere, and my local tests show that it's working with all of the recent > versions > available. Are you running a version prior to 5.4.15? > > Unfortunately I do not have any further ideas what it might be. > - -- > /* > Matt BrookingsGnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksYP6QACgkQIwet2/rgZywAzACggMCNxpFs6TNF3OzhdMV2jW+W > L/cAn01NxHdZAME10vEGNrtSx4PMVXse > =d4qJ > -END PGP SIGNATURE- _ Use Hotmail to send and receive mail from your different email accounts http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b18406732711544510070!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Matt, First of, I have not made any changes whatsoever to the codebase. I merely had a peek at the code to study it's inner workings due to this problem - and that was just looking at at the vpopmail source code, nothing else. I followed the instructions very carefully, and as I've said before, it works perfectly fine if -u is not used. I've looked at the logs I could find, but the error 'Permission denied" is very cryptic - not giving me any clue as to where it's breaking down. To answer you questions: 1. SELinux is disabled - I took that measure early on.2. Excuse my ignorance, but I don't know what you mean by 'any security restrictions placed on setuid'. Personally I don't think so, but I am more than happy to check if tell me where.3. As far as I can tell the assign values are correct: +test10.com-:test10.com:516:516:/home/mike4/domains/test10.com:-::and to confirm: [r...@vmfc12 install]# id mike4uid=516(mike4) gid=516(mike4) groups=516(mike4),502(vchkpw)4. As far as I can tell the cdb file is updated. I've checked the documentation pretty closely and there's no specific instructions for when using -u option, i.e. configuring special permissions, etc - so I believe I've followed the instructions to the letter. Checking the logs:- /var/log/maillog: no qmail error messages- /var/log/messages: no qmail error messages- ./qmail-send/current: the only log with the cryptic "Permission denied" message I admit I am no qmail expert, or linux guru, but I do think I am more than reasonably competent with installing linux, applications, etc. All I need is some pointers as to where to look, cause I've exhausted all I could think of. Furthermore, having followed the instructions to the letter, I would expect it to simply work - unless there's something silly I've missed (or perhaps undocumented). If other people have -u to work perhaps they can shed some light on whether they had to take special steps to make it work. Thanks,Michael. > Date: Thu, 3 Dec 2009 16:00:23 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Mussulis wrote: > > It looks like I am talking partly nonsense, apologies for that. I've had > > another stab at the code, and it looks like the sql insert command > > statement has gid hardcoded to '0', and uid is the 'apop' value - which > > from what I gather (correct me if I am wrong), only works in clear text > > mode. So since I've disabled clear text, I am assuming the value is > > truncated to '0'; which makes me wonder - is this by design? > > > > Also, if I am not wrong (and would appreciate confirmation), these > > values have no baring on vdelivermail - although I found they are > > critical for Dovecot IMAP authentication. > > Michael, part of the problem is that you're making modifications > to the source of your system without really understanding how it all works > together. This makes it very difficult for us to have any confidence in the > fact that you're running on the same code base we are. > > > Which brings me back to the question - what purpose do they serve in the > > first place? > > When the vqpasswd structure was defined, it was modeled after the > passwd-related > functions such that everyone would be familiar with it's syntax. > > Since then the pw_gid field has been updated to store user flags, and the > pw_uid > flag is *mostly* ignored and just passed around as it stands by the various > parts > of the API. Although the pw_uid portion remains unused for the most part, it > is still considered reserved, and should not be modified. > > > So I am back to square one. I still have no clue which permission is > > affecting the delivery of mail for user specified domain. Please > > someone, any ideas where else I could look? > > As I said, it's tough to determine why you're having this problem. There > could be any number of issues. Do you have any kind of security restrictions > placed on setuid? Do you have SELinux, or any of the other many low-level > system restrictions running? > > Are you running qmail-start under a restricted environment? > > Are the uid:gid values in /var/qmail/users/assign correct? Is the cdb > file updated? Run /var/qmail/bin/qmail-newu. > > Check system logs for errors, etc, etc. > > There are *so many* different things that could be wrong, if you can't figure > it > out, you may want to consider purchasing technical support. > - -- > /* > Matt BrookingsGnuPG Key FAE0672C
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
It looks like I am talking partly nonsense, apologies for that. I've had another stab at the code, and it looks like the sql insert command statement has gid hardcoded to '0', and uid is the 'apop' value - which from what I gather (correct me if I am wrong), only works in clear text mode. So since I've disabled clear text, I am assuming the value is truncated to '0'; which makes me wonder - is this by design? Also, if I am not wrong (and would appreciate confirmation), these values have no baring on vdelivermail - although I found they are critical for Dovecot IMAP authentication. Which brings me back to the question - what purpose do they serve in the first place? So I am back to square one. I still have no clue which permission is affecting the delivery of mail for user specified domain. Please someone, any ideas where else I could look? Thanks,Michael. From: mike_at...@hotmail.com To: vchkpw@inter7.com Date: Wed, 2 Dec 2009 11:12:50 + Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u By the way, as a sideline question - related to the same issue, why do the fields pw_uid and pw_gid always end up as '0' in the vpopmail table regardless? I did both vadddomain -u mike4 test10.com 123 and vadddomain -i [uid of mike4] -g [gid of mike4] test10.com 123 and the pw_uid/pw_gid are always '0' after the domain creation. Am I doing something wrong? Should those table fields not reflect the actual uid/gid of the user assigned to the domain? I looked through the source code, and at first glance it looks like that's what should happen - but in reality '0' is the value for both fields as show by the mysql query log: 19 Query insert into `vpopmail` ( pw_name, pw_domain, pw_passwd, pw_uid, pw_gid, pw_gecos, pw_dir, pw_shell ) values ( "postmaster", "test10.com", "$1$p1nVNe41$5StvPRrC/SX8DKPcV8ep60", 0, 0, "Postmaster", "/home/mike4/domains/test10.com/postmaster", "NOQUOTA" ) I thought that this might be the reason for the permission denied, so I changed the values manually to the mike4 uid/gid, but it didn't make a difference - other than fix the authentication problem through Squirrelmail + Dovecot + IMAP with custom SQL authdb in dovecot_sql.conf. Regards,Micahel. From: mike_at...@hotmail.com To: vchkpw@inter7.com Date: Wed, 2 Dec 2009 10:31:17 + Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u Tren, It's definitely a TYPO - apologies for that. The user is "mike4". Besides, I don't think it would work for non-existent user. Michael. > Date: Tue, 1 Dec 2009 08:22:06 -0800 > From: t...@eotnetworks.com > To: vchkpw@inter7.com > Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u > > In your example the thing that pops out is the user you add is "mike42" > however the user you're assigning the domain to is "mike4". Is this a > typo? Or deliberate? > > t. > > -Original Message- > From: Michael Mussulis [mailto:mike_at...@hotmail.com] > Sent: December-01-09 8:19 AM > To: vchkpw@inter7.com > Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u > > > Hi Matt, > > Thanks for your reply, which is what I suspected all along - I am more > than certain something is wrong on my end, but for the life of me I > can't figure it out yet. And yes, I agree, it MUST be permission > related. > > As for the versions:- Fedora 12 x86- qmail 1.03 with jms1 combined patch > 7.08- maildrop 2.2.0- ezmlm-idx 7.0.2- vpopmail 5.4.28- dovecot 1.2.8- > spamassassin 3.3.0 (fedora rpm)- clamav 0.95.2-5 (fedora rpm) > > Basically I would say I am using the most up-to-date versions of > everything.. > I believe I am doing the right thing, i.e.: > 1. adduser mike42. vadddomain -u mike4 test10.com 123 > vpopmail creates ./test10.com directory structure just fine in > /home/mike4, with mike4:mike4 ownership all the way down. However, > delivery fails which is baffling, since vadddomain assigns ownership and > permissions. I have not modified the owenership/permissions in any way. > What I don't understand is which part fails - qmail-local unable to > invoke vdelivermail? or vdelivermail accessing the userdir? or something > else (now that you mentioned qmail-users)? At one point I thought it > might be maildrop, so I re-compiled vpopmail without maildrop but this > didn't work either. > Would you have any directions as to how to enable this feature? And is > there any way to debug vdelivermail? If yes, what would be the proper > method? > And just to show vpopmail works: > @40004b153edf0
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
It looks like I am talking partly nonsense, apologies for that. I've had another stab at the code, and it looks like the sql insert command statement has gid hardcoded to '0', and uid is the 'apop' value - which from what I gather (correct me if I am wrong), only works in clear text mode. So since I've disabled clear text, I am assuming the value is truncated to '0'; which makes me wonder - is this by design? Also, if I am not wrong (and would appreciate confirmation), these values have no baring on vdelivermail - although I found they are critical for Dovecot IMAP authentication. Which brings me back to the question - what purpose do they serve in the first place? So I am back to square one. I still have no clue which permission is affecting the delivery of mail for user specified domain. Please someone, any ideas where else I could look? Thanks,Michael. From: mike_at...@hotmail.com To: vchkpw@inter7.com Date: Wed, 2 Dec 2009 11:12:50 + Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u By the way, as a sideline question - related to the same issue, why do the fields pw_uid and pw_gid always end up as '0' in the vpopmail table regardless? I did both vadddomain -u mike4 test10.com 123 and vadddomain -i [uid of mike4] -g [gid of mike4] test10.com 123 and the pw_uid/pw_gid are always '0' after the domain creation. Am I doing something wrong? Should those table fields not reflect the actual uid/gid of the user assigned to the domain? I looked through the source code, and at first glance it looks like that's what should happen - but in reality '0' is the value for both fields as show by the mysql query log: 19 Query insert into `vpopmail` ( pw_name, pw_domain, pw_passwd, pw_uid, pw_gid, pw_gecos, pw_dir, pw_shell ) values ( "postmaster", "test10.com", "$1$p1nVNe41$5StvPRrC/SX8DKPcV8ep60", 0, 0, "Postmaster", "/home/mike4/domains/test10.com/postmaster", "NOQUOTA" ) I thought that this might be the reason for the permission denied, so I changed the values manually to the mike4 uid/gid, but it didn't make a difference - other than fix the authentication problem through Squirrelmail + Dovecot + IMAP with custom SQL authdb in dovecot_sql.conf. Regards,Micahel. From: mike_at...@hotmail.com To: vchkpw@inter7.com Date: Wed, 2 Dec 2009 10:31:17 + Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u Tren, It's definitely a TYPO - apologies for that. The user is "mike4". Besides, I don't think it would work for non-existent user. Michael. > Date: Tue, 1 Dec 2009 08:22:06 -0800 > From: t...@eotnetworks.com > To: vchkpw@inter7.com > Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u > > In your example the thing that pops out is the user you add is "mike42" > however the user you're assigning the domain to is "mike4". Is this a > typo? Or deliberate? > > t. > > -Original Message- > From: Michael Mussulis [mailto:mike_at...@hotmail.com] > Sent: December-01-09 8:19 AM > To: vchkpw@inter7.com > Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u > > > Hi Matt, > > Thanks for your reply, which is what I suspected all along - I am more > than certain something is wrong on my end, but for the life of me I > can't figure it out yet. And yes, I agree, it MUST be permission > related. > > As for the versions:- Fedora 12 x86- qmail 1.03 with jms1 combined patch > 7.08- maildrop 2.2.0- ezmlm-idx 7.0.2- vpopmail 5.4.28- dovecot 1.2.8- > spamassassin 3.3.0 (fedora rpm)- clamav 0.95.2-5 (fedora rpm) > > Basically I would say I am using the most up-to-date versions of > everything.. > I believe I am doing the right thing, i.e.: > 1. adduser mike42. vadddomain -u mike4 test10.com 123 > vpopmail creates ./test10.com directory structure just fine in > /home/mike4, with mike4:mike4 ownership all the way down. However, > delivery fails which is baffling, since vadddomain assigns ownership and > permissions. I have not modified the owenership/permissions in any way. > What I don't understand is which part fails - qmail-local unable to > invoke vdelivermail? or vdelivermail accessing the userdir? or something > else (now that you mentioned qmail-users)? At one point I thought it > might be maildrop, so I re-compiled vpopmail without maildrop but this > didn't work either. > Would you have any directions as to how to enable this feature? And is > there any way to debug vdelivermail? If yes, what would be the proper > method? > And just to show vpopmail works: > @40004b153edf0
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
By the way, as a sideline question - related to the same issue, why do the fields pw_uid and pw_gid always end up as '0' in the vpopmail table regardless? I did both vadddomain -u mike4 test10.com 123 and vadddomain -i [uid of mike4] -g [gid of mike4] test10.com 123 and the pw_uid/pw_gid are always '0' after the domain creation. Am I doing something wrong? Should those table fields not reflect the actual uid/gid of the user assigned to the domain? I looked through the source code, and at first glance it looks like that's what should happen - but in reality '0' is the value for both fields as show by the mysql query log: 19 Query insert into `vpopmail` ( pw_name, pw_domain, pw_passwd, pw_uid, pw_gid, pw_gecos, pw_dir, pw_shell ) values ( "postmaster", "test10.com", "$1$p1nVNe41$5StvPRrC/SX8DKPcV8ep60", 0, 0, "Postmaster", "/home/mike4/domains/test10.com/postmaster", "NOQUOTA" ) I thought that this might be the reason for the permission denied, so I changed the values manually to the mike4 uid/gid, but it didn't make a difference - other than fix the authentication problem through Squirrelmail + Dovecot + IMAP with custom SQL authdb in dovecot_sql.conf. Regards,Micahel. From: mike_at...@hotmail.com To: vchkpw@inter7.com Date: Wed, 2 Dec 2009 10:31:17 + Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u Tren, It's definitely a TYPO - apologies for that. The user is "mike4". Besides, I don't think it would work for non-existent user. Michael. > Date: Tue, 1 Dec 2009 08:22:06 -0800 > From: t...@eotnetworks.com > To: vchkpw@inter7.com > Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u > > In your example the thing that pops out is the user you add is "mike42" > however the user you're assigning the domain to is "mike4". Is this a > typo? Or deliberate? > > t. > > -Original Message- > From: Michael Mussulis [mailto:mike_at...@hotmail.com] > Sent: December-01-09 8:19 AM > To: vchkpw@inter7.com > Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u > > > Hi Matt, > > Thanks for your reply, which is what I suspected all along - I am more > than certain something is wrong on my end, but for the life of me I > can't figure it out yet. And yes, I agree, it MUST be permission > related. > > As for the versions:- Fedora 12 x86- qmail 1.03 with jms1 combined patch > 7.08- maildrop 2.2.0- ezmlm-idx 7.0.2- vpopmail 5.4.28- dovecot 1.2.8- > spamassassin 3.3.0 (fedora rpm)- clamav 0.95.2-5 (fedora rpm) > > Basically I would say I am using the most up-to-date versions of > everything.. > I believe I am doing the right thing, i.e.: > 1. adduser mike42. vadddomain -u mike4 test10.com 123 > vpopmail creates ./test10.com directory structure just fine in > /home/mike4, with mike4:mike4 ownership all the way down. However, > delivery fails which is baffling, since vadddomain assigns ownership and > permissions. I have not modified the owenership/permissions in any way. > What I don't understand is which part fails - qmail-local unable to > invoke vdelivermail? or vdelivermail accessing the userdir? or something > else (now that you mentioned qmail-users)? At one point I thought it > might be maildrop, so I re-compiled vpopmail without maildrop but this > didn't work either. > Would you have any directions as to how to enable this feature? And is > there any way to debug vdelivermail? If yes, what would be the proper > method? > And just to show vpopmail works: > @40004b153edf0b291bec new msg 206...@40004b153edf0b292b8c info > msg 206712: bytes 492 from qp 3248 uid > 0...@40004b153edf0b29335c starting delivery 7: msg 206712 to local > test1.com-postmas...@test1.com@40004b153edf0b293b2c status: local > 1/10 remote 0/1...@40004b153eef2626edfc delivery 7: success: > LibClamAV_Error:_cl_cvdhead:_Can't_open_file_/var/lib/clamav/daily.cvd/m > aildrop:_non-filtered_mail_delivery/did_0+0+1/@40004b153eef26843cb4 > status: local 0/10 remote 0/1...@40004b153eef269386c4 end msg 206712 > from the same test script, but sending to test1.com which was created > simply as: > vadddomain test1.com 123 > the directory structure gets created in the vpopmail home (as specified > in ./configure), with vpopmail:vchkpw ownership. > > Thanks,Michael.PS: Ignore the libclamav error, although I would > appreciate if anyone knows how to get rid of it. > > > Date: Tue, 1 Dec 2009 09:41:29 -0600 > > From: m...@inter7.com
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Tren, It's definitely a TYPO - apologies for that. The user is "mike4". Besides, I don't think it would work for non-existent user. Michael. > Date: Tue, 1 Dec 2009 08:22:06 -0800 > From: t...@eotnetworks.com > To: vchkpw@inter7.com > Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u > > In your example the thing that pops out is the user you add is "mike42" > however the user you're assigning the domain to is "mike4". Is this a > typo? Or deliberate? > > t. > > -Original Message- > From: Michael Mussulis [mailto:mike_at...@hotmail.com] > Sent: December-01-09 8:19 AM > To: vchkpw@inter7.com > Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u > > > Hi Matt, > > Thanks for your reply, which is what I suspected all along - I am more > than certain something is wrong on my end, but for the life of me I > can't figure it out yet. And yes, I agree, it MUST be permission > related. > > As for the versions:- Fedora 12 x86- qmail 1.03 with jms1 combined patch > 7.08- maildrop 2.2.0- ezmlm-idx 7.0.2- vpopmail 5.4.28- dovecot 1.2.8- > spamassassin 3.3.0 (fedora rpm)- clamav 0.95.2-5 (fedora rpm) > > Basically I would say I am using the most up-to-date versions of > everything.. > I believe I am doing the right thing, i.e.: > 1. adduser mike42. vadddomain -u mike4 test10.com 123 > vpopmail creates ./test10.com directory structure just fine in > /home/mike4, with mike4:mike4 ownership all the way down. However, > delivery fails which is baffling, since vadddomain assigns ownership and > permissions. I have not modified the owenership/permissions in any way. > What I don't understand is which part fails - qmail-local unable to > invoke vdelivermail? or vdelivermail accessing the userdir? or something > else (now that you mentioned qmail-users)? At one point I thought it > might be maildrop, so I re-compiled vpopmail without maildrop but this > didn't work either. > Would you have any directions as to how to enable this feature? And is > there any way to debug vdelivermail? If yes, what would be the proper > method? > And just to show vpopmail works: > @40004b153edf0b291bec new msg 206...@40004b153edf0b292b8c info > msg 206712: bytes 492 from qp 3248 uid > 0...@40004b153edf0b29335c starting delivery 7: msg 206712 to local > test1.com-postmas...@test1.com@40004b153edf0b293b2c status: local > 1/10 remote 0/1...@40004b153eef2626edfc delivery 7: success: > LibClamAV_Error:_cl_cvdhead:_Can't_open_file_/var/lib/clamav/daily.cvd/m > aildrop:_non-filtered_mail_delivery/did_0+0+1/@40004b153eef26843cb4 > status: local 0/10 remote 0/1...@40004b153eef269386c4 end msg 206712 > from the same test script, but sending to test1.com which was created > simply as: > vadddomain test1.com 123 > the directory structure gets created in the vpopmail home (as specified > in ./configure), with vpopmail:vchkpw ownership. > > Thanks,Michael.PS: Ignore the libclamav error, although I would > appreciate if anyone knows how to get rid of it. > -------- > > Date: Tue, 1 Dec 2009 09:41:29 -0600 > > From: m...@inter7.com > > To: vchkpw@inter7.com > > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > Michael Mussulis wrote: > >> Guys, > >> > >> There's one thing I don't understand - why does vadddomain have the > -u and -i/-g options in the first place, if they don't seem to work > fully? > >> > >> Perhaps I am missing something for which I apologize, but I can't > imagine those options having been implemented to partially support non > vpopmail/vchkpw + userdir - unless of course this is either a bug or > those options haven't been fully tested (which I seriously doubt > considering the products age). > >> > >> Can anyone from Inter7 officially clarify this please? > > > > The feature continues to work as far as I know. If you would like to > post version > > information for all your software, including any patches to qmail, > please feel free. > > > > The uid:gid support is handled via qmail-users. Any permissions > problems you're having > > would probably be, well, permissions problems :) > > - -- > > /* > > Matt Brookings GnuPG Key FAE0672C > > Software developer Systems technician > > Inter7 Internet Technologies, Inc. (815)776-946
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Hi Matt, Thanks for your reply, which is what I suspected all along - I am more than certain something is wrong on my end, but for the life of me I can't figure it out yet. And yes, I agree, it MUST be permission related. As for the versions:- Fedora 12 x86- qmail 1.03 with jms1 combined patch 7.08- maildrop 2.2.0- ezmlm-idx 7.0.2- vpopmail 5.4.28- dovecot 1.2.8- spamassassin 3.3.0 (fedora rpm)- clamav 0.95.2-5 (fedora rpm) Basically I would say I am using the most up-to-date versions of everything.. I believe I am doing the right thing, i.e.: 1. adduser mike42. vadddomain -u mike4 test10.com 123 vpopmail creates ./test10.com directory structure just fine in /home/mike4, with mike4:mike4 ownership all the way down. However, delivery fails which is baffling, since vadddomain assigns ownership and permissions. I have not modified the owenership/permissions in any way. What I don't understand is which part fails - qmail-local unable to invoke vdelivermail? or vdelivermail accessing the userdir? or something else (now that you mentioned qmail-users)? At one point I thought it might be maildrop, so I re-compiled vpopmail without maildrop but this didn't work either. Would you have any directions as to how to enable this feature? And is there any way to debug vdelivermail? If yes, what would be the proper method? And just to show vpopmail works: @40004b153edf0b291bec new msg 206...@40004b153edf0b292b8c info msg 206712: bytes 492 from qp 3248 uid 0...@40004b153edf0b29335c starting delivery 7: msg 206712 to local test1.com-postmas...@test1.com@40004b153edf0b293b2c status: local 1/10 remote 0/1...@40004b153eef2626edfc delivery 7: success: LibClamAV_Error:_cl_cvdhead:_Can't_open_file_/var/lib/clamav/daily.cvd/maildrop:_non-filtered_mail_delivery/did_0+0+1/@40004b153eef26843cb4 status: local 0/10 remote 0/1...@40004b153eef269386c4 end msg 206712 from the same test script, but sending to test1.com which was created simply as: vadddomain test1.com 123 the directory structure gets created in the vpopmail home (as specified in ./configure), with vpopmail:vchkpw ownership. Thanks,Michael.PS: Ignore the libclamav error, although I would appreciate if anyone knows how to get rid of it. > Date: Tue, 1 Dec 2009 09:41:29 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Mussulis wrote: >> Guys, >> >> There's one thing I don't understand - why does vadddomain have the -u and >> -i/-g options in the first place, if they don't seem to work fully? >> >> Perhaps I am missing something for which I apologize, but I can't imagine >> those options having been implemented to partially support non >> vpopmail/vchkpw + userdir - unless of course this is either a bug or those >> options haven't been fully tested (which I seriously doubt considering the >> products age). >> >> Can anyone from Inter7 officially clarify this please? > > The feature continues to work as far as I know. If you would like to post > version > information for all your software, including any patches to qmail, please > feel free. > > The uid:gid support is handled via qmail-users. Any permissions problems > you're having > would probably be, well, permissions problems :) > - -- > /* > Matt Brookings GnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksVOSkACgkQIwet2/rgZyyAtwCfeV1HfgpsQQYm/KRKFc2Jg3zl > QEYAoI93rtWt5UrwKNXwSFTVpo6rZ+M4 > =UNdz > -END PGP SIGNATURE- _ Got more than one Hotmail account? Save time by linking them together http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b1541e432714544420887!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Guys, There's one thing I don't understand - why does vadddomain have the -u and -i/-g options in the first place, if they don't seem to work fully? Perhaps I am missing something for which I apologize, but I can't imagine those options having been implemented to partially support non vpopmail/vchkpw + userdir - unless of course this is either a bug or those options haven't been fully tested (which I seriously doubt considering the products age). Can anyone from Inter7 officially clarify this please? Thanks,Michael. > Date: Mon, 30 Nov 2009 13:27:00 -0500 > From: vpopm...@honorablemenschen.com > To: vchkpw@inter7.com > Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u > >> Of-course. Restarted several times just to make sure.I've even rebooted >> the machine (just in case). >> the process starts with uid/gid 0 (root): >> 1349 ? S 0:00 > /usr/local/bin/tcpserver -v -R -l localhost -x >> /usr/local/hcp/vpopmail/etc/tcp.smtp.cdb -c 30 -u 0 -g 0 0 smtp >> /usr/local/hcp/var/qmail/bin/qmail-smtpd localhost >> /usr/local/hcp/vpopmail/bin/vchkpw /usr/bin/true >> Still no go. >> Any other things to look at? >> Cheers,Michael. >> > qmail-smtpd doesn't run vdelivermail - qmail-local does (which is started > via qmail-lspawn, which is started by qmail-send). Running qmail-smtpd as > root won't fix this. > > Unfortunately, I believe you need to make vdelivermail run as root to make > this work, possibly via suid, but I can't be certain of that. > > Josh > > Joshua Megerman > SJGames MIB #5273 - OGRE AI Testing Division > You can't win; You can't break even; You can't even quit the game. > - Layman's translation of the Laws of Thermodynamics > vpopm...@honorablemenschen.com > > > > _ Have more than one Hotmail account? Link them together to easily access both http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b14f55d32711754414332!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Hi Joshua, Thanks for the reply. Can you please expand on making vdelivermail run as root via suid?Are you implying modifying qmail source code? Thanks,Michael. > Date: Mon, 30 Nov 2009 13:27:00 -0500 > From: vpopm...@honorablemenschen.com > To: vchkpw@inter7.com > Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u > >> Of-course. Restarted several times just to make sure.I've even rebooted >> the machine (just in case). >> the process starts with uid/gid 0 (root): >> 1349 ? S 0:00 > /usr/local/bin/tcpserver -v -R -l localhost -x >> /usr/local/hcp/vpopmail/etc/tcp.smtp.cdb -c 30 -u 0 -g 0 0 smtp >> /usr/local/hcp/var/qmail/bin/qmail-smtpd localhost >> /usr/local/hcp/vpopmail/bin/vchkpw /usr/bin/true >> Still no go. >> Any other things to look at? >> Cheers,Michael. >> > qmail-smtpd doesn't run vdelivermail - qmail-local does (which is started > via qmail-lspawn, which is started by qmail-send). Running qmail-smtpd as > root won't fix this. > > Unfortunately, I believe you need to make vdelivermail run as root to make > this work, possibly via suid, but I can't be certain of that. > > Josh > > Joshua Megerman > SJGames MIB #5273 - OGRE AI Testing Division > You can't win; You can't break even; You can't even quit the game. > - Layman's translation of the Laws of Thermodynamics > vpopm...@honorablemenschen.com > > > > _ Have more than one Hotmail account? Link them together to easily access both http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b141f7b32714906548328!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Of-course. Restarted several times just to make sure.I've even rebooted the machine (just in case). the process starts with uid/gid 0 (root): 1349 ? S 0:00 /usr/local/bin/tcpserver -v -R -l localhost -x /usr/local/hcp/vpopmail/etc/tcp.smtp.cdb -c 30 -u 0 -g 0 0 smtp /usr/local/hcp/var/qmail/bin/qmail-smtpd localhost /usr/local/hcp/vpopmail/bin/vchkpw /usr/bin/true Still no go. Any other things to look at? Cheers,Michael. > Date: Mon, 30 Nov 2009 11:37:28 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Mussulis wrote: >> Hi Matt, >> >> Many thanks for the quick reply. >> >> Unfortunately running qmail-smtpd as root has not solved the problem, >> still getting permission denied. >> Any other suggestions please? > > Did you restart the service under supervise? > - -- > /* > Matt BrookingsGnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksUAtgACgkQIwet2/rgZyysZwCeOemyrnwwJo7uzAvu1CDcZj5Y > sswAniXaeTqzsUmXXj2Ba8amf/tKd22/ > =IBi4 > -END PGP SIGNATURE- _ Use Hotmail to send and receive mail from your different email accounts http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b1404bb32711229516280!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Hi Matt, Many thanks for the quick reply. Unfortunately running qmail-smtpd as root has not solved the problem, still getting permission denied.Any other suggestions please? Many thanks,Michael. > Date: Mon, 30 Nov 2009 09:14:15 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Mussulis wrote: > > [r...@vmfc12 qmail-smtpd]# cat run > > #!/bin/sh > > QMAILDUID=`id -u vpopmail` > > NOFILESGID=`id -g vpopmail` > > Change to: > > QMAILUID=0 > NOFILESGID=0 > > The vpopmail user can't change UIDs. > - -- > /* > Matt BrookingsGnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAksT4UYACgkQIwet2/rgZyzKWQCffarQ3jjR1FA+PiHaj4+MjmSx > //gAniDsoS05F40atD+Uvom7dxMLgWYH > =UE1l > -END PGP SIGNATURE- _ Got more than one Hotmail account? Save time by linking them together http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b13e44932711990572742!
[vchkpw] vdeliver perimission denied for vadddomain -u
Hi, vpopmail works fine under normal circumstances, except for when I add a domain with a different user as in: vadddomain -u mike4 test10.com 123 I am doing this in order to enable os quotas for the entire domain. Testing sending a simple message fails with @40004b13d1b11ddaad64 status: local 1/10 remote 0/1...@40004b13d1b11dee394c delivery 7: deferral: /bin/sh:_/usr/local/hcp/vpopmail/bin/vdelivermail:_Permission_denied/@40004b13d1b11dee4504 status: local 0/10 remote 0/120 I read a previous message saying I had to add the user (mike4) to the vchkpw group, which I did, but I am still get the error. The The permissions for mike4 domains are: [r...@vmfc12 qmail-smtpd]# ls /home/mike4/domains/ -lhtotal 12Kdrwx-- 3 mike4 mike4 4.0K 2009-11-30 02:51 test10.comdrwx-- 3 mike4 mike4 4.0K 2009-11-30 14:31 test11.comdrwx-- 3 mike4 mike4 4.0K 2009-11-30 01:36 test9.com The permissions on vpopmail are: [r...@vmfc12 qmail-smtpd]# ls /usr/local/hcp/vpopmail/ -lhtotal 24Kdrwxr-xr-x 2 vpopmail vchkpw 4.0K 2009-11-30 02:50 bindrwxr-xr-x 4 vpopmail vchkpw 4.0K 2009-11-25 03:10 docdrwx-- 8 vpopmail vchkpw 4.0K 2009-11-30 14:48 domainsdrwxr-xr-x 2 vpopmail vchkpw 4.0K 2009-11-30 01:50 etcdrwxr-xr-x 2 vpopmail vchkpw 4.0K 2009-11-30 02:50 includedrwxr-xr-x 2 vpopmail vchkpw 4.0K 2009-11-30 02:50 lib [r...@vmfc12 qmail-smtpd]# ls /usr/local/hcp/vpopmail/etc -lhtotal 32K-rw-r--r-- 1 root root 34 2009-11-30 02:50 inc_deps-rw-r--r-- 1 root root126 2009-11-30 02:50 lib_deps-rw-r--r-- 1 root root 26 2009-11-28 02:23 tcp.smtp-rw-r--r-- 1 vpopmail vchkpw 2.2K 2009-11-30 01:50 tcp.smtp.cdb-rw-r--r-- 1 vpopmail vchkpw 1.2K 2009-11-28 00:29 vlimits.default-rw-r- 1 vpopmail vchkpw 34 2009-11-29 16:16 vpopmail.mysql-rw-r--r-- 1 vpopmail vchkpw 1.1K 2009-11-25 03:10 vusagec.conf-rw-r--r-- 1 root root 2.4K 2009-11-25 03:11 vusaged.conf The qmail-smtp run file is: [r...@vmfc12 qmail-smtpd]# cat run#!/bin/shQMAILDUID=`id -u vpopmail`NOFILESGID=`id -g vpopmail`MAXSMTPD=`cat /usr/local/hcp/var/qmail/control/concurrencyincoming`LOCAL=`head -1 /usr/local/hcp/var/qmail/control/me`if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; thenecho QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset inecho /usr/local/hcp/var/qmail/supervise/qmail-smtpd/runexit 1fiif [ ! -f /usr/local/hcp/var/qmail/control/rcpthosts ]; thenecho "No /usr/local/hcp/var/qmail/control/rcpthosts!"echo "Refusing to start SMTP listener because it'll create an open relay"exit 1fiexec /usr/local/bin/softlimit -m 3000 \/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /usr/local/hcp/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \/usr/local/hcp/var/qmail/bin/qmail-smtpd localhost \/usr/local/hcp/vpopmail/bin/vchkpw /usr/bin/true 2>&1 I am at wits end. What am I missing? Please help someone. Many thanks,Michael. _ Got more than one Hotmail account? Save time by linking them together http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b13d3c232711464012663!
