[vchkpw] Mailer-Daemon Message Sizes
I am sure Is there a way to chop the size of Postmaster and Mailer-Daemon messages? When a user gets an over quota bounce or any other bounce for that matter and there is an attachment the bounce is HUGE. Limiting it to the first 1024 or 2048 characters would be IDEAL. Thanks for the help. Wil Hatfield
RE: [vchkpw] Control/Me?
Thank you Tom and James. My suspicion was that it was coming from control/me OR something in the supervise scripts. However grep didn't find it for some darn reason. After actually openning the qmail-smtpd/run script I did find it there. Thanks again, Wil -Original Message- From: James Raftery [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 2:00 AM To: [EMAIL PROTECTED] Subject: Re: [vchkpw] Control/Me? On Mon, Mar 31, 2003 at 10:32:14PM -0800, Wil Hatfield wrote: Received: from unknown (HELO ns1.a-zhost.com) (216.120.76.2) by h6.a-zhost.com with SMTP; 31 Mar 2003 21:03:59 -0800 Where does the h6.a-zhost.com value come from shown above. I thought it came from control/me which I have checked and double checked. This email did not go through h6.a-zhost.com at all. That's from tcpserver. Check the value of the -l flag to tcpserver, if present. Otherwise tcpserver will look up the system's name in DNS. Check your reverses. ATB, james
[vchkpw] RBL Problems
Can anybody see anything wrong with the following? The funny thing is is thatthe RBLworks on one machine but not another. And we are using them exactly the same with of course the exception of the hostname. QMAILDUID=`id -u qmaild`NOFILESGID=`id -g qmaild` exec /usr/local/bin/softlimit -m 200 \/usr/local/bin/tcpserver \ -H -l thismachineshostname.com \ -v -x /sites/home/vpopmail/etc/tcp.smtp.cdb \ -c 100 -R -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \/usr/local/bin/rblsmtpd -b -C \ -r 'relays.ordb.org:Some message goes here' \/var/qmail/bin/qmail-smtpd 21 Also what do I have to add here to get the reverse name lookup processing to work? Wil
RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!
Matt,
I don't know alot about the syntax used in tcp.smtp. I am a copy/paste kinda
guy. So do I just drop this in as is? What is confusing me is line 3 below
looks like a comment but maybe it is supposed to. Also is line 3 supposed to
have a closing quotation mark?
{The obvious localhost, etc.}
=:allow
:allow,RBLSMTPD=Blocked - Reverse DNS queries for your IP fail. You cannot
send me mail.
#:allow,RBLSMTPD=-Blocked - Reverse DNS queries for your IP fail. You
cannot send me mail.
I noticed your comment on If you want to be a little more aggressive in
your docs. Yes I wan't to be very agressive. I want it to drop the attempt
to connect on the floor with a permanent error. Would the above do this?
Thanks for all your help,
Wil Hatfield
-Original Message-
From: Matt Simerson [mailto:[EMAIL PROTECTED]
Sent: Saturday, March 29, 2003 7:13 PM
To: Wil Hatfield - HVHM Customer Care
Cc: [EMAIL PROTECTED]
Subject: Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
See the brand new FAQ entry. :)
http://matt.simerson.net/computing/mail/toaster/faq.shtml
Matt
On Saturday, March 29, 2003, at 06:18 PM, Wil Hatfield - HVHM Customer
Care wrote:
Can we get some instructions for how to lock out the servers that
don't have
a reverse name lookup. About 60% of our spam coming in meets this
criteria
and it sure would be nice to get rid of it.
Wil Hatfield
RE: [vchkpw] Re: auth smtp
Kenneth Ling,
TURN OFF YOUR READ RECEIPT ON EVERY MESSAGE FEATURE!! IT IS LAME AND
ANNOYING !!!
{then again so are caps}
-Original Message-
From: Kenneth Ling [mailto:[EMAIL PROTECTED]
Sent: Monday, March 31, 2003 8:35 AM
To: [EMAIL PROTECTED]
Subject: Re: [vchkpw] Re: auth smtp
RE: [vchkpw] Re: Inter7 mail server doesn't have reverse DNS!
Yes, it is a comment, yes it should have a closing quotation mark.
No, you haven't read the documentation of tcprules, have you?
Well Nope tcpserver is typically so easy I haven't gone back to read the
documentation. Guess it is about time I do since things are getting a bit
tricky now.
No, the above wouldn't. Please read this sentence again, and this time
completely:
If you want to be a little more aggressive about it, use the 5th line
instead of the fourth. (in your example third instead of second).
Quite easy: comment the second line out and remove the comment mark on
the third line. Rather easy, even for a copy/paste guy
Couldn't tell from your document whether it was a comment or not. The # sign
isn't globally used by all applications. For instance try using it with
Bind. Not a pretty sight. Maybe replacing use the 5th line instead of the
fourth with use the 5th line instead of the fourth by uncommenting it
would help give the viewer the impression that that # is actually a comment.
(which
shouldn't administer a mail system at all if he don't want to read
documentation, but assumes all configuration is ready to be copied).
An attempt at humor? :-)
But PLEASE ... read the comments that describe lines 1-4 on the web
site again and again, until you understood them. Line two might
prevent you from blocking this lists server ...
I guess you should block anything automatically, unless you finally
understood what you're doing. You might annoy you and innocent third
parties if you don't know what your finger actions results in ...
Yes I fully understand the ramifications. 209.218.8.2:allow will allow the
Inter7 lists to come through else they won't, =:allow opens the gate wide,
then :allow,RBLSMTPD=-Blocked - comment locks out anybody that doesn't
have a reverse dns entry with a permanent error.
We are not worried about servers without a reverse lookup. I saw the post
about breaking ones email server on purpose {ridiculous}. Actually the one
without the reverse name lookup would be the broken one in my opinion. Not
that Ken has a broken server I am sure he has a good reason just not sure
what that reason is. Perhaps he left it that way so we can test the reverse
name lookup modification, yah thats it!
Wil Hatfield
[vchkpw] Control/Me?
Can somebody help me with the following? - clip - Received: from unknown (HELO ns1.a-zhost.com) (216.120.76.2) by h6.a-zhost.com with SMTP; 31 Mar 2003 21:03:59 -0800 Received: (qmail 3895 invoked by alias); 31 Mar 2003 21:03:52 -0800 - clip - Where does the h6.a-zhost.com value come from shown above. I thought it came from control/me which I have checked and double checked. This email did not go through h6.a-zhost.com at all. Since h6 was my prototype I figure I must have copied something over. But I swear I used fresh tarballs and ./configured everything. Any thoughts anyone? Wil Hatfield
RE: [vchkpw] vpopmail enable-roaming with courier
How do you know it isn't working? I ask because I have VPopmail,Qmailadmin,Courier installed and the relay works find. Are you saying that my relay has to be wide open if I am able to send? Wil Hatfield -Original Message- From: David Hubbard [mailto:[EMAIL PROTECTED] Sent: Saturday, March 29, 2003 1:41 AM To: Ian Forsyth; [EMAIL PROTECTED] Subject: RE: [vchkpw] vpopmail enable-roaming with courier From: Ian Forsyth [mailto:[EMAIL PROTECTED] After connecting via pop, and listing mesages, the tcp.smtp related files are unaltered, when I try to send via smtp I get a host not in rcpthost.. The courier log shows succesfull login. I configure vpopmail with the default logging, I don't see anything related to vchkpw or vpopmail in the logs. You didn't miss anything Ian, the author of Courier has disabled the open_relay function in the latest versions due to some security problem in vpopmail. He has evidently supplied info about this to the vpopmail authors but no one has talked about what the problem is or what the timeframe is to a fix. David
RE: [vchkpw] vpopmail enable-roaming with courier
I still don't see any SMTP authentication problem. What am I missing. If I clear the tcp.smtp.cdb file the open relay locks down tight. I send via Courier-IMAP and it works fine. Try to send from a POP client. Still locked down tight but since it authenticated with POP adds the entry to tcp.smtp.cdb and opens it up for me for the next round thus POP before SMTP is functional. Courier-IMAP is using the local machine so should always be able to send given the user logged in effectively. Isn't this how it is supposed to work? So what is this about a security problem with Vchkpw and Courier? We are about to implement this on our production machines so if there is a hole I sure would like to know about it now. Thanks, Wil Hatfield
[vchkpw] IMAP dot folders
List, I know this could be a post for the Courier list but since it was brought up recently in here I figure I may as well go where I know someone has the answers. What dot folders such as .Trash and .Sent does Courier-IMAP use? Does it create these as they are needed or used? I ask this because I notice that there aren't any created automatically when creating a new email account. Your time is appreciated, Wil
RE: [vchkpw] IMAP dot folders
I don't know that is why I asked? If Squirrel Mail does use IMAP to create them does that mean that other webmail/IMAP systems would also create them since IMAP is doing the creating? Wil -Original Message- From: Ajai Khattri [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 26, 2003 12:15 PM To: [EMAIL PROTECTED] Subject: Re: [vchkpw] IMAP dot folders Wil Hatfield - HVHM Customer Care wrote: What dot folders such as .Trash and .Sent does Courier-IMAP use? Does it create these as they are needed or used? I ask this because I notice that there aren't any created automatically when creating a new email account. Doesn't SquirrelMail create these using IMAP? -- Aj. Systems Administrator / Developer
RE: [vchkpw] IMAP dot folders
There's the answer to my question! So IMAP is only doing the creating because of the scheme passed down from the IMAP client. And since I don't use Squirrel or SQWebmail it isn't creating the dot files everyone speaks of. Thank you! Wil Hatfield -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Charles Sprickman Sent: Wednesday, March 26, 2003 2:36 PM To: Ajai Khattri Cc: [EMAIL PROTECTED] Subject: Re: [vchkpw] IMAP dot folders On Wed, 26 Mar 2003, Ajai Khattri wrote: I found that the folder names corresponded exactly with the folder names in SquirrelMail. Since SquirrelMail uses IMAP, Im assuming it told courier-imap to make these folders. And the fun part starts when you throw multiple mail clients into the mix. Pine likes making sent-mail, sqwebmail I think makes something else, Mail.app has yet another scheme... It's a shame the IMAP spec doesn't include a standard naming scheme for standard mailboxes. C -- Aj. Systems Administrator / Developer
RE: [vchkpw] Courier-imap not setting open-relay in vpopmail/qmail
List, Is there a problem using the Qmail pop3d and not using the pop3 that comes with Courier IMAP? I seem to be having no problems with it but if there is some sort of problem I would like to know. The open relay seems to get updated just like it did back when I used just Qmail/Vpopmail with .cdb files. Your insight is appreciated. Wil -Original Message- From: David Hubbard [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2003 8:36 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [vchkpw] Courier-imap not setting open-relay in vpopmail/qmail Hello Courier users, just wondering if anyone could point me in the right direction for what to look at. I am building a new mail server with qmail/vpopmail and courier-imap/pop3. I set courier for authvchkpw auth type and it works successfully for imap and pop3 logins. vpopmail never sets the open-relay for the host doing the Courier login. It does set it correctly if I use qmail's pop3 server and vchkpw to authorize the connection. Is this a courier or vpopmail issue? I'm running the latest courier-imap devel version courier-imap-1.7.1.20030319 and vpopmail 5.3.19. Thanks, David
RE: [vchkpw] Re: Best Way To Import cdb to MySQL w/ Alterations
Peter, As I suspected vconvert doesn't lookup the location of vpasswd based on assign or any other file for that matter. It only seems to use the vpopmail home directory. Here is the strace segment that tells the story. 2140 read(3, \377\32\4Table \'vpopmail\' already exists, 34) = 34 2140 open(/sites/home/vpopmail/postoffice/hcx.net/vpasswd, O_RDONLY) = -1 ENOENT (No such file or directory) 2140 write(1, converting hcx.net domain conversion failed\n, 44) = 44 2140 exit(0) = ? Of course vpasswd isn't located at /sites/home/vpopmail/ on my new systems. It is under the users directory. If vconvert had a -u switch which we could use to designate the user and thus the users home directory I think vconvert would work great. However it doesn't. If there was a -u switch it could default to ~vpopmail thus keeping to typical configuration. Anybody up for a patch? Wil Hatfield -Original Message- From: Peter Palmreuther [mailto:[EMAIL PROTECTED] Sent: Monday, March 24, 2003 5:47 AM To: [EMAIL PROTECTED] Subject: Re: [vchkpw] Re: Best Way To Import cdb to MySQL w/ Alterations Hi Wil, On Fri, 21 Mar 2003 12:25:42 -0800 Wil Hatfield - HVHM Customer Care wrote: I know nothing of strace(). The conversion seems to want to find it at the old path of ~vpopmail/domains/someonesdomain.com/ and it gladly converts if it finds the information there. But of course all of the paths are wrong What I could see from vconvert.c source code it searches the location of vpasswd file in /var/qmail/users/assign. So I'd suggest you - either add the new domain via 'vadddomain' if you switched to a new server and the old directories aren't present - or correct the path in above mentioned file to fit the new location if you're working on the same server and only recompiled vpopmail. vconvert searches a.m. file for correct path, opens 'vpasswd' fiel in this found location and does a 'vdeldomain' followed by a 'vaddomain' and than parses the vpasswd file into 'vadduser' (of course called functions are named a littel bit different, as it uses the API calls directly, the the principle should be shown correctly). So you have to use vconvert of vpopmail compiled with MySQL support, for 'vadddomain' and 'vadduser' being able to add the users to database!!! For security reasons I'd make a backup of old vpopmail directories as well as of database before trying to convert, there are deleting action I don't know of all possible consequences!!! If conversation fails again I'd suggest you send the file produced by strace -o /tmp/vconvert.log -f -s 1024 ~vpopmail/bin/vconvert -c -m -d domain namely the file '/tmp/vconvert.log', as attachment for us being able to inspect what could have went wrong. After all this is done (successfully) you should call 'qmail-newu' to update the qmail-user-cdb file according to qmail-user-assign, which contains the new path(s). Make sure you keep a copy of original 'assign' file as well, in case something went wrong you should copy it back and call qmail-newu, so old paths are prevented. What vpopmail needs is a big picture like Dan has put together for qmail. I think that would be a very valuable resource. Have one that shows the schematic of qmail/vpopmail using .cdb and then one showing qmail/vpopmail using mysql. That would be most informative. ... and showing vpopmail using pgsql, cdb, etc ... simply all types of lookup ... quite big project, which is I assume the reason nobody has done this big picture before :-) -- Ciao, Pit
RE: [vchkpw] Re: Best Way To Import cdb to MySQL w/ Alterations
Peter, I know nothing of strace(). The conversion seems to want to find it at the old path of ~vpopmail/domains/someonesdomain.com/ and it gladly converts if it finds the information there. But of course all of the paths are wrong Since you obviously know the 'big picture' better than I do maybe you can tell me if this will work. What if I recreate the postmaster account, move the user directories (besides postmaster) and then import user records into the mysql.vpopmail.vpopmail table. Will that work? Is it missing anything? I figure the recreation of postmaster will create the necessary control and assign files and the copy and import into mysql will handle the individual users under the domain. What do you think? What vpopmail needs is a big picture like Dan has put together for qmail. I think that would be a very valuable resource. Have one that shows the schematic of qmail/vpopmail using .cdb and then one showing qmail/vpopmail using mysql. That would be most informative. Wil Hatfield -Original Message- From: Peter Palmreuther [mailto:[EMAIL PROTECTED] Sent: Thursday, March 20, 2003 11:42 PM To: Wil Hatfield - HVHM Customer Care in vpop Subject: [vchkpw] Re: Best Way To Import cdb to MySQL w/ Alterations Hello Wil, On Friday, March 21, 2003 at 1:15:12 AM you wrote (at least in part): converting someonesdomain.com domain conversion failed I've never actually done such a conversation, so my experiences are limited. But I'd 'strace()' the vconvert process to figure out where (and maybe why) it fails. Perhaps it's only a file it is missing / searching in a different directory?!?!? -- Best regards Peter Palmreuther Always do right. This will gratify some people and astonish the rest. -- Mark Twain --
RE: [vchkpw] Re: Best Way To Import cdb to MySQL w/ Alterations
Peter, cp -R /sites/home/vpopmail/domains/someonesdomain.com/* /sites/http/somonesdomain.com/postoffice/someonesdomain.com/ vconvert -c -m someonesdomain.com Only results in converting someonesdomain.com domain conversion failed Is there something I have to do before hand that I am not aware of? I can add new domains and they all go where they are supposed to go adding the correct information to /var/qmail/users /var/qmail/control and vpopmail.* but once I get to conversion nothing! And this is a machine with 1 virtual domain. I am already having nightmares about getting to the machine with 250 domains. Thanks for the help, Wil -Original Message- From: Peter Palmreuther [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 2:31 PM To: Wil Hatfield - HVHM Customer Care in vpop Subject: [vchkpw] Re: Best Way To Import cdb to MySQL w/ Alterations Hello Wil, On Wednesday, March 19, 2003 at 8:37:28 PM you wrote (at least in part): I am sure it has already been covered but I couldn't find exactly what I was looking for so here we go again. I need to import from the old cdb version that Vpopmail used to the new MySQL. New to us anyways. The tricky part is that the old user base was located at /sites/home/vpopmail/domains and the new location will be /sites/http/domainname.com/postoffice by using the -u switch. Could someone point me in the direction of a resource that may be modifiable in this fashion? It would be most appreciated. Try copying /sites/home/vpopmail/domains/domain.com/vpasswd* to /sites/http/domainname.com/postoffice/ and use the 'vconvert' tool provided with vpopmail. -- Best regards Peter Palmreuther A real patriot is the fellow who gets a parking ticket and rejoices that the system works.
[vchkpw] Best Way To Import cdb to MySQL w/ Alterations
I am sure it has already been covered but I couldn't find exactly what I was looking for so here we go again. I need to import from the old cdb version that Vpopmail used to the new MySQL. New to us anyways. The tricky part is that the old user base was located at /sites/home/vpopmail/domains and the new location will be /sites/http/domainname.com/postoffice by using the -u switch. Could someone point me in the direction of a resource that may be modifiable in this fashion? It would be most appreciated. Wil
RE: [vchkpw] vpopmail and courier-imap - new thread I hope
Jason, Thanks for the feedback. I thought I was invisible for minute there. Whew! I never tried user%domain.com ... I always used [EMAIL PROTECTED] ... Maybe the @ works and the % doesn't? It's possible that when you use authvchkpw it properly handles the conversion from % to @ ... I believe @ is what's in the database... Might want to give that a whirl... :) Actually as I remember the docs from our earlier implementations of Qmail/Vpopmail/Vchkpw state that the % was the default for authentication but later it began checking for @ as a sort of fail safe type method. I have tested POP3 with both and they seem to authenticate either way. And IMAP gets the same error either way. Aha... I think I found your problem... Explicitly indicate --without-authmysql or else it will compile it in because the mysql libraries are present. It looks like you're using authdaemon as well... I'm told that authdaemon is buggy ... never encountered that, but... *shrug* I actually am now trying the following which does exclude the authmysql and the authdaemon. cd courier-imap-1.7.0.20030307 ./configure --prefix=/usr/local \ --exec-prefix=/usr/local \ --sysconfdir=/usr/local/etc/courier-imap \ --datadir=/usr/local/share/courier-imap \ --libexecdir=/usr/local/libexec/courier-imap \ --enable-workarounds-for-imap-client-bugs \ --disable-root-check --without-authpam \ --without-authldap --without-authpwd \ --without-authmysql --without-authpgsql \ --without-authshadow --without-authuserdb \ --without-authcustom --without-authcram \ --without-authdaemon \ --with-authvchkpw --with-ssl But this too gives me the same error. Maybe it is the way I am testing it. Does Microsoft Outlook support the IMAP protocol properly? Anybody out there use Outlook with IMAP specifically Courier-IMAP? I have Outlook setup basically the same as a POP3 account except of course the obvious difference that it is IMAP. I gave up on toaster setups... Gonna write my own with details as to why I chose each item ... :P Yes I plan to do the same. I put all of my shell scripts for install together one application at a time so that I can better break it out to program the master install script (or toaster as I understand it). My problem with the toaster scripts out there are the webmail clients used. I plan to use the Horde suite of tools with some modifications to security issues and interface. It will include ALOT more features than sqwebmail and alot better looking. Question on Toaster: Where did Toaster scripts get their name from and why Toaster? Why not Waffle Iron? Or better yet Margarita Blender! Wil Hatfield
[vchkpw] Local and Virtual Users
Ok a simple question. For Vpopmail configuration can I use the following together without difficulty. --enable-passwd=y --enable-mysql=y The desired outcome is to allow vpopmail to check both so we can use both local and virtual users. TIA
[vchkpw] vpopmail and courier-imap - new thread I hope
Jason, is in the default domain. The reason it was failing was because I was not using authvchkpwd... I was using authmysql... (and here I thought I was being all cool because I could get it running..) Could you elaborate on this segment a bit. I wasn't around for your initial post. Are you speaking of installing Vpopmail with authmysql? What was the configure parameter for that, --enable-mysql? Reason I ask is because I have installed Vpopmail with mysql and it seems to work ok. Everything goes in the table as desired. But when I get to Courier-IMAP I get authentication errors. And before you ask, no I am not trying to get it to work with username only. user%virtualdomain.com is how I am attempting authentication. Configure History: Vpopmail ./configure --enable-mysql=y --enable-roaming-users=y --enable-relay-clear-m inutes=120 --enable-logging=y --enable-defaultquota=1000 --enable-softqu ota=900 --enable-ip-alias-domains=y --enable-tcpserver-file=/sites/home/ vpopmail/etc/tcp.smtp Courier-IMAP ./configure --prefix=/usr/local --exec-prefix=/usr/local --without-authldap --without-authshadow --with-authvchkpw --without-authcram --sysconfdir=/usr/ local/etc/courier-imap --datadir=/usr/local/share/courier-imap --libexecdir= /usr/local/libexec/courier-imap --enable-workarounds-for-imap-client-bugs -- disable-root-check --without-authdaemon I copied the config files for courier-imap as shown in the toaster-setup.pl script. I didn't install with the toaster script, just looked to it for insight. http://matt.simerson.net/computing/mail/toaster/toaster_setup.pl If anybody sees any conflicts in the way the two apps were configured your help is most appreciated. I get the feeling there is something there I am not seeing but for the life of me can't tell what it is. TIA Wil
