[vchkpw] Re: smtp-auth problem
Hello Jeremy, On Friday, July 8, 2005 at 2:33:44 AM Jeremy wrote: > On Thursday 07 July 2005 02:31 am, Peter Palmreuther wrote: >> On Wednesday, July 6, 2005 at 3:36:39 PM patrick wrote: >> >>Please post the output of >> >> >> >>/var/qmail/bin/qmail-showctl >> > >> > rcpthosts: (Default.) SMTP clients may send messages to any recipient. >> >> *THIS* is your problem: you don't have any domain in 'rcpthosts' and >> therefore your qmail-smtpd feels responsible for *all* domains => your >> installation is an open relay. > while this certainly is the problem, it's not as you describe. > if rcpthosts exists, but is empty, clients must have RELAYCLIENT to send > messages. My fault. I should have writte "as you don't have the file rcpthosts" instead of "don't have any domain in". But the point was qmail-showctl saying "clients may send messages to any recipient" and to "make something" to change this ;-) -- Best regards Peter Palmreuther Ansi-Artists do it creatively...
Re: [vchkpw] Re: smtp-auth problem
On Thursday 07 July 2005 02:31 am, Peter Palmreuther wrote: > Hello List, > > On Wednesday, July 6, 2005 at 3:36:39 PM patrick wrote: > >>Please post the output of > >> > >>/var/qmail/bin/qmail-showctl > > > > rcpthosts: (Default.) SMTP clients may send messages to any recipient. > > *THIS* is your problem: you don't have any domain in 'rcpthosts' and > therefore your qmail-smtpd feels responsible for *all* domains => your > installation is an open relay. while this certainly is the problem, it's not as you describe. if rcpthosts exists, but is empty, clients must have RELAYCLIENT to send messages. If rcpthosts doesn't exist, then you are an open relay. -Jeremy -- Jeremy Kitchen + kitchen @ #qmail #gentoo on EFnet IRC kitchen scriptkitchen com pgp2GI9vFPIwi.pgp Description: PGP signature
AW: [vchkpw] Re: smtp-auth problem
> >Hello List, > >On Wednesday, July 6, 2005 at 3:36:39 PM patrick wrote: > >>>Please post the output of >>> >>>/var/qmail/bin/qmail-showctl > >> rcpthosts: (Default.) SMTP clients may send messages to any recipient. > >*THIS* is your problem: you don't have any domain in 'rcpthosts' and >therefore your qmail-smtpd feels responsible for *all* domains => your >installation is an open relay. Yepp...! That's what I figured out yesterday night... All the time I thought, for any reason, that smtp-auth controls every incoming mail and blocks every mail without a vpopmail account, while rcpthosts must be open... but it actually let's vpopmail-users send mail to remote clients, while the sending possibility is actually blocked by the rcpthosts-file... I feel quite ashame for having the solution so obviously in front of me without seeing it... But thanx to all of you... Now everything works fine! (Receiving email did't work because I had the domains in my locals-file) Regards Patrick Gehm > >Put > >,- >| linux.koneg.de >| koneg.de >| gs-altneudorf.de >`- > >into 'rcpthosts', this will make your installation accept only mail to >one of these domains, unless RELAYCLIENT is set (which is done if you >SMTP-AUTH). Additionally follow Jeremys advice to delete these domains >from 'locals' and insert them formatted correctly into >'virtualdomains' to make vpopmail handle them again. >-- >Best regards >Peter Palmreuther > >Your true value depends entirely on what you are compared with. >
[vchkpw] Re: smtp-auth problem
Hello List, On Wednesday, July 6, 2005 at 3:36:39 PM patrick wrote: >>Please post the output of >> >>/var/qmail/bin/qmail-showctl > rcpthosts: (Default.) SMTP clients may send messages to any recipient. *THIS* is your problem: you don't have any domain in 'rcpthosts' and therefore your qmail-smtpd feels responsible for *all* domains => your installation is an open relay. Put ,- | linux.koneg.de | koneg.de | gs-altneudorf.de `- into 'rcpthosts', this will make your installation accept only mail to one of these domains, unless RELAYCLIENT is set (which is done if you SMTP-AUTH). Additionally follow Jeremys advice to delete these domains from 'locals' and insert them formatted correctly into 'virtualdomains' to make vpopmail handle them again. -- Best regards Peter Palmreuther Your true value depends entirely on what you are compared with.
RE: [vchkpw] Re: smtp-auth problem
> On Wednesday 06 July 2005 03:22 pm, Nick Harring wrote: > > > If it's a local domain (users in /etc/passwd), it should appear in > > > /var/qmail/control/locals. > > > > > > If it's a vpopmail domain, it should appear in > > > /var/qmail/control/virtualdomains. > > > For whatever reason vadddomain puts it in locals, rcpthosts and > > virtualdomains. > > negative. > > vadddomain puts the domain in rcpthosts, virtualdomains, and sets up a > pseudo-user in users/assign. > > -Jeremy > Oops, I misread the strace output. When I went back to the source it in fact removes the domain from locals if it exists. My bad! Nick
Re: AW: [vchkpw] Re: smtp-auth problem
On Wednesday 06 July 2005 08:36 am, [EMAIL PROTECTED] wrote: > >Please post the output of > > > >/var/qmail/bin/qmail-showctl > > Still haven't found a solution... > Here's the output of /var/qmail/bin/qmail-showctl: > > > locals: > Messages for linux.koneg.de are delivered locally. > Messages for koneg.de are delivered locally. > Messages for gs-altneudorf.de are delivered locally. > virtualdomains: (Default.) No virtual domains. there are no virtualdomains, therefore, none of these domains are being handled by vpopmail. if they are supposed to be handled by vpopmail, then remove the domains from the locals file, put them in the virtualdomains file like so: example.com:example.com example.org:example.org example.net:example.net and send qmail-send a HUP signal. If they are not to be handled by vpopmail, please re-post your question, along with qmail-showctl output, to the qmail mailing list. -Jeremy -- Jeremy Kitchen + kitchen @ #qmail #gentoo on EFnet IRC kitchen scriptkitchen com pgpGQYCYjOVfX.pgp Description: PGP signature
Re: [vchkpw] Re: smtp-auth problem
On Wednesday 06 July 2005 03:22 pm, Nick Harring wrote: > > If it's a local domain (users in /etc/passwd), it should appear in > > /var/qmail/control/locals. > > > > If it's a vpopmail domain, it should appear in > > /var/qmail/control/virtualdomains. > For whatever reason vadddomain puts it in locals, rcpthosts and > virtualdomains. negative. vadddomain puts the domain in rcpthosts, virtualdomains, and sets up a pseudo-user in users/assign. -Jeremy -- Jeremy Kitchen + kitchen @ #qmail #gentoo on EFnet IRC kitchen scriptkitchen com pgptRyQUETcjq.pgp Description: PGP signature
AW: RE: [vchkpw] Re: smtp-auth problem
I rechecked virtualdomains locals and rcpthosts... every domain ist there... but still the same error-message... any settings in vpopmail I need to take care of? Any settings in /etc/passwd that could be wrong? Defaultdelivery should be ./Maildir/ right? Anything in the run script for qmail-send maybe? This is becoming more and more an eternal battle between me and qmail... Thanx for your help so far! Regards Patrick > >> On Jul 6, 2005, at 10:37 AM, Nick Harring wrote: >> >> Hi. This is the qmail-send program at 213.239.219.168. >> >> I'm afraid I wasn't able to deliver your message to the following >> >> addresses. >> >> This is a permanent error; I've given up. Sorry it didn't work out. >> >> >> >> : >> >> Sorry. Although I'm listed as a best-preference MX or A for that >host, >> >> it isn't in my control/locals file, so I don't treat it as local. >> >> >> >> If it's a local domain (users in /etc/passwd), it should appear in >> /var/qmail/control/locals. >> >> If it's a vpopmail domain, it should appear in >> /var/qmail/control/virtualdomains. >> >> -- >> Tom Collins - [EMAIL PROTECTED] >> QmailAdmin: href="http://qmailadmin.sf.net/";>http://qmailadmin.sf.net/ Vpopmail: >http://vpopmail.sf.net/";>http://vpopmail.sf.net/ >> You don't need a laptop to troubleshoot high-speed Internet: >> sniffter.com >For whatever reason vadddomain puts it in locals, rcpthosts and >virtualdomains. > >Nick
RE: [vchkpw] Re: smtp-auth problem
> On Jul 6, 2005, at 10:37 AM, Nick Harring wrote: > >> Hi. This is the qmail-send program at 213.239.219.168. > >> I'm afraid I wasn't able to deliver your message to the following > >> addresses. > >> This is a permanent error; I've given up. Sorry it didn't work out. > >> > >> : > >> Sorry. Although I'm listed as a best-preference MX or A for that host, > >> it isn't in my control/locals file, so I don't treat it as local. > >> > > If it's a local domain (users in /etc/passwd), it should appear in > /var/qmail/control/locals. > > If it's a vpopmail domain, it should appear in > /var/qmail/control/virtualdomains. > > -- > Tom Collins - [EMAIL PROTECTED] > QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ > You don't need a laptop to troubleshoot high-speed Internet: > sniffter.com For whatever reason vadddomain puts it in locals, rcpthosts and virtualdomains. Nick
Re: [vchkpw] Re: smtp-auth problem
On Jul 6, 2005, at 10:37 AM, Nick Harring wrote: Hi. This is the qmail-send program at 213.239.219.168. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. : Sorry. Although I'm listed as a best-preference MX or A for that host, it isn't in my control/locals file, so I don't treat it as local. If it's a local domain (users in /etc/passwd), it should appear in /var/qmail/control/locals. If it's a vpopmail domain, it should appear in /var/qmail/control/virtualdomains. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
AW: RE: Re: [vchkpw] Re: smtp-auth problem
>Reinstalling qmail and moving stuff around like you did may have caused >locals to not contain what you think it contains. > >Hope that helps, hm... no... one more hint please? I allready did this, i guess... and it worked. I also installed a new user over Visas... can't send mails to that either... >Nick Harring >System Administrator >Parus Interactive
RE: Re: [vchkpw] Re: smtp-auth problem
> Hi List, > Fixed the problem with smtp-auth... > Really a big Thanx to everyone trying to help. > Right now after several reinstallations another problem came up... > I can't send emails to my server pop-accounts... Of course I copied the > /var/qmail/users folder to my current running qmail-version, but when > sending mails to an Adress I get this Error-Message back: > > >> > Hi. This is the qmail-send program at 213.239.219.168. > I'm afraid I wasn't able to deliver your message to the following > addresses. > This is a permanent error; I've given up. Sorry it didn't work out. > > : > Sorry. Although I'm listed as a best-preference MX or A for that host, > it isn't in my control/locals file, so I don't treat it as local. (#5.4.6) Have you verified the content of /var/qmail/control/locals? This message is pretty clear about that being the cause. > Hm... seems to be pretty strange because I had everything running > before... also after I reinstalled qmail once. qmailctl stat shows no > problems... no supervise errors... Anyone knows a solutions for that? > Regards > Patrick Reinstalling qmail and moving stuff around like you did may have caused locals to not contain what you think it contains. Hope that helps, Nick Harring System Administrator Parus Interactive
AW: Re: [vchkpw] Re: smtp-auth problem
Hi List, Fixed the problem with smtp-auth... Really a big Thanx to everyone trying to help. Right now after several reinstallations another problem came up... I can't send emails to my server pop-accounts... Of course I copied the /var/qmail/users folder to my current running qmail-version, but when sending mails to an Adress I get this Error-Message back: >> Hi. This is the qmail-send program at 213.239.219.168. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. : Sorry. Although I'm listed as a best-preference MX or A for that host, it isn't in my control/locals file, so I don't treat it as local. (#5.4.6) --- Below this line is a copy of the message. Return-Path: Received: (qmail 4278 invoked by uid 6); 6 Jul 2005 17:02:40 - Received: from moutng.kundenserver.de (212.227.126.173) by 213.239.219.168 with SMTP; 6 Jul 2005 17:02:40 - Received: from [212.227.126.200] (helo=mrvnet.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1DqDLC-0006tm-00 for [EMAIL PROTECTED]; Wed, 06 Jul 2005 19:05:42 +0200 Received: from [172.23.4.158] (helo=pustefix158.kundenserver.de) by mrvnet.kundenserver.de with esmtp (Exim 3.35 #1) id 1DqDLC-00055V-00 for [EMAIL PROTECTED]; Wed, 06 Jul 2005 19:05:42 +0200 Message-Id: From: [EMAIL PROTECTED] To: Subject: testmail extern Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Priority: 3 X-Binford: 6100 (more power) X-Mailer: Webmail X-Originating-From: 6506715 X-Routing: DE X-Message-Id: X-Received: from pustefix158.kundenserver.de by 84.172.62.224 with HTTP id 6506715 for [EMAIL PROTECTED]; Wed, 6 Jul 2005 19:05:42 CEST Date: Wed, 06 Jul 2005 19:05:42 +0200 X-Provags-ID: kundenserver.de [EMAIL PROTECTED] ident:@172.23.4.158 Hm... seems to be pretty strange because I had everything running before... also after I reinstalled qmail once. qmailctl stat shows no problems... no supervise errors... Anyone knows a solutions for that? Regards Patrick
AW: [vchkpw] Re: smtp-auth problem
>Please post the output of > >/var/qmail/bin/qmail-showctl Still haven't found a solution... Here's the output of /var/qmail/bin/qmail-showctl: qmail home directory: /var/qmail. user-ext delimiter: -. paternalism (in decimal): 2. silent concurrency limit: 120. subdirectory split: 23. user ids: 60003, 60004, 60005, 0, 60006, 60007, 60008, 60009. group ids: 60003, 60004. badmailfrom: (Default.) Any MAIL FROM is allowed. bouncefrom: (Default.) Bounce user name is MAILER-DAEMON. bouncehost: (Default.) Bounce host name is linux.koneg.de. concurrencylocal: (Default.) Local concurrency is 10. concurrencyremote: (Default.) Remote concurrency is 20. databytes: (Default.) SMTP DATA limit is 0 bytes. defaultdomain: Default domain name is koneg.de. defaulthost: (Default.) Default host name is linux.koneg.de. doublebouncehost: (Default.) 2B recipient host: linux.koneg.de. doublebounceto: (Default.) 2B recipient user: postmaster. envnoathost: (Default.) Presumed domain name is linux.koneg.de. helohost: (Default.) SMTP client HELO host name is linux.koneg.de. idhost: (Default.) Message-ID host name is linux.koneg.de. localiphost: (Default.) Local IP address becomes linux.koneg.de. locals: Messages for linux.koneg.de are delivered locally. Messages for koneg.de are delivered locally. Messages for gs-altneudorf.de are delivered locally. me: My name is linux.koneg.de. percenthack: (Default.) The percent hack is not allowed. plusdomain: Plus domain name is koneg.de. qmqpservers: (Default.) No QMQP servers. queuelifetime: (Default.) Message lifetime in the queue is 604800 seconds. rcpthosts: (Default.) SMTP clients may send messages to any recipient. morercpthosts: (Default.) No rcpthosts; morercpthosts is irrelevant. morercpthosts.cdb: (Default.) No effect. smtpgreeting: (Default.) SMTP greeting: 220 linux.koneg.de. smtproutes: (Default.) No artificial SMTP routes. timeoutconnect: (Default.) SMTP client connection timeout is 60 seconds. timeoutremote: (Default.) SMTP client data timeout is 1200 seconds. timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds. virtualdomains: (Default.) No virtual domains. concurrencyincoming: I have no idea what this file does. defaultdelivery: I have no idea what this file does. >-- >Best regards >Peter Palmreuther > >A boy gets to be a man when a man is needed. >
[vchkpw] Re: smtp-auth problem
On Tuesday, July 5, 2005 at 10:35:30 AM patrick wrote: >>From which source exactly? What's the complete download URL you used >>to get this patch? >> > http://members.elysium.pl/brush/qmail-smtpd-auth/dist/qmail-smtpd-auth-0.31.tar.gz OK, than parameters should be OK. > Well, I did not compile vpopmail by myself. It was pre-installed > on my root-server (Suse Linux 9.2). Any way to find out and maybe > change now? Change? No. Not without recompiling. But as you said your clients IP ain't listed it can't be the reason for you being allowed to relay without authenticating. > Besides that I know that other hosts can send over my server 'cause > I can see spammails in my queue from time to time, last week I had > about 33000 of them in my queue... That was exactly the point of > time when I started to check that smtp-authentification... Well, that looks in fact like an open relay. Please post the output of /var/qmail/bin/qmail-showctl -- Best regards Peter Palmreuther A boy gets to be a man when a man is needed.
Re: [vchkpw] Re: smtp-auth problem
Patrick, if your reference is lifewithqmail like me just set your /service/qmail-smtpd/run similar to this sorry for my bad english since i'm not a native english speaker. #!/bin/bash export LOCALMFCHECK="" export MFDNSCHECK="" export HELOCHECK="" export QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" #QMAILDUID=`id -u qmaild` #NOFILESGID=`id -g qmaild` QMAILDUID=89 NOFILESGID=89 MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; the n echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo "No /var/qmail/control/rcpthosts!" echo "Refusing to start SMTP listener because it'll create an open relay" exit 1 fi exec /usr/local/bin/softlimit -m 6600 \ /usr/local/bin/tcpserver -H -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp rblsmtpd -r relays.ordb.org -r dnsbl. sorbs.net -r bl.spamcop.net \ /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /usr/bin/ true 2>&1 - Original Message - From: "Erwin Hoffmann" <[EMAIL PROTECTED]> To: Cc: <[EMAIL PROTECTED]> Sent: Wednesday, July 06, 2005 3:34 AM Subject: Re: [vchkpw] Re: smtp-auth problem > Hi Patrick, > > pls. read: > > http://www.fehcom.de/qmail/smtpauth.html > > regards. > --eh. > > At 19:18 05.07.2005 +0200, you wrote: > >Hello List again, > >How do I need to chmod /home/vpopmail/bin/vchkpw to use it the right way > with qmail smtp-auth-patched? Any other vpopmail-things i need to take care > of in this case? Is there way to tell smtp to control every incoming mail > with the vchkpw? How does tcp.smtp.cdb needs to look like and how do I do it? > >I'm getting more and more desperate on this thing... > >Hoping for help > >nice regards > >Patrick Gehm > > > > > > > > > >> > >>> > >>>Hello List, > >>> > >>>On Tuesday, July 5, 2005 at 8:50:01 AM patrick wrote: > >>> > >>>>>> I'm using qmail and vpopmail and just patched up with smtp-auth, > >>>>>Which SMTP-AUTH-patch? > >>>> I'm using Version 0.31 > >>> > >>>From which source exactly? What's the complete download URL you used > >>>to get this patch? > >>> > >> >>href="http://members.elysium.pl/brush/qmail-smtpd-auth/dist/qmail-smtpd-au > th-0. > >>31.tar.gz">http://members.elysium.pl/brush/qmail-smtpd-auth/dist/qmail-smt > pd-au > >>th-0.31.tar.gz > >> > >>>> exec /usr/local/bin/softlimit -m 400 \ > >>>> /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c > >>>"$MAXSMTPD" \ > >>>> -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd \ > >>>> koneg.de /home/vpopmail/bin/vchkpw /bin/true 2>&1 > >>> > >>>Look fine. > >>> > >>>>>Might you have still compiled "roaming users" relay control into your > >>>>>vpopmail? > >>> > >>>> How can I check that? > >>> > >>>You should know which parameters your used to compile vpopmail. You > >>>should have seen a summary of used parameters when you > >>>'./configure'-ed vpopmail. > >>> > >> > >>Well, I did not compile vpopmail by myself. It was pre-installed on my > >>root-server (Suse Linux 9.2). Any way to find out and maybe change now? > >> > >>>>> Might your Outlook Express have POP3-authenticated while you > >>>>>were testing SMTP-AUTH and your IP therefore still be allowed to > >>>>>relay? > >>> > >>>> I don't think so... I restartet Outlook Express with wrong > >>>> Password-Settings for POP3, an tried to send mail without getting > >>>> the pop-box before... it still works without auth. > >>> > >>>What's the output of > >>> > >>>strings /etc/tcp.smtp.cdb > >>> > >>nothing > >> > >>>??? Is your clients IP enumerated there? > >>> > >> > >>no.. and I don't know why it should be... My client doesn't have a fixed > &
Re: [vchkpw] Re: smtp-auth problem
Hi Patrick, pls. read: http://www.fehcom.de/qmail/smtpauth.html regards. --eh. At 19:18 05.07.2005 +0200, you wrote: >Hello List again, >How do I need to chmod /home/vpopmail/bin/vchkpw to use it the right way with qmail smtp-auth-patched? Any other vpopmail-things i need to take care of in this case? Is there way to tell smtp to control every incoming mail with the vchkpw? How does tcp.smtp.cdb needs to look like and how do I do it? >I'm getting more and more desperate on this thing... >Hoping for help >nice regards >Patrick Gehm > > > > >> >>> >>>Hello List, >>> >>>On Tuesday, July 5, 2005 at 8:50:01 AM patrick wrote: >>> >> I'm using qmail and vpopmail and just patched up with smtp-auth, >Which SMTP-AUTH-patch? I'm using Version 0.31 >>> >>>From which source exactly? What's the complete download URL you used >>>to get this patch? >>> >>>href="http://members.elysium.pl/brush/qmail-smtpd-auth/dist/qmail-smtpd-au th-0. >>31.tar.gz">http://members.elysium.pl/brush/qmail-smtpd-auth/dist/qmail-smt pd-au >>th-0.31.tar.gz >> exec /usr/local/bin/softlimit -m 400 \ /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c >>>"$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd \ koneg.de /home/vpopmail/bin/vchkpw /bin/true 2>&1 >>> >>>Look fine. >>> >Might you have still compiled "roaming users" relay control into your >vpopmail? >>> How can I check that? >>> >>>You should know which parameters your used to compile vpopmail. You >>>should have seen a summary of used parameters when you >>>'./configure'-ed vpopmail. >>> >> >>Well, I did not compile vpopmail by myself. It was pre-installed on my >>root-server (Suse Linux 9.2). Any way to find out and maybe change now? >> > Might your Outlook Express have POP3-authenticated while you >were testing SMTP-AUTH and your IP therefore still be allowed to >relay? >>> I don't think so... I restartet Outlook Express with wrong Password-Settings for POP3, an tried to send mail without getting the pop-box before... it still works without auth. >>> >>>What's the output of >>> >>>strings /etc/tcp.smtp.cdb >>> >>nothing >> >>>??? Is your clients IP enumerated there? >>> >> >>no.. and I don't know why it should be... My client doesn't have a fixed >>external IP either. Besides that I know that other hosts can send over my >>server 'cause I can see spammails in my queue from time to time, last week I >>had about 33000 of them in my queue... That was exactly the point of time when >>I started to check that smtp-authentification... >> I read in several manuals that they use cmd5checkpw or the checkpassword-tool with smtp-auth. But as far as I understood vchkpw should do the job... >>> >>>Correct. *You* use 'vchkpw' as password checking tool, because you >>>want to check against vpopmail handled user pool. Forget about the >>>other tools, unless you want to authenticate against a different data >>>base than vpopmails. >>Right, but isn't there also a way to use one of these tools, because I also >>got a vpopmail-user in my System? But actually I would be more happy to use >>just vchkpw... >> >>Regards >>Patrick Gehm >> >>>-- >>>Best regards >>>Peter Palmreuther >>> >>>Blessed are they that run around in circles, for they shall be known >>>as wheels. >>> > > > Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/ Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24
[vchkpw] Re: smtp-auth problem
Hello List again, How do I need to chmod /home/vpopmail/bin/vchkpw to use it the right way with qmail smtp-auth-patched? Any other vpopmail-things i need to take care of in this case? Is there way to tell smtp to control every incoming mail with the vchkpw? How does tcp.smtp.cdb needs to look like and how do I do it? I'm getting more and more desperate on this thing... Hoping for help nice regards Patrick Gehm > >> >>Hello List, >> >>On Tuesday, July 5, 2005 at 8:50:01 AM patrick wrote: >> > I'm using qmail and vpopmail and just patched up with smtp-auth, Which SMTP-AUTH-patch? >>> I'm using Version 0.31 >> >>From which source exactly? What's the complete download URL you used >>to get this patch? >> >href="http://members.elysium.pl/brush/qmail-smtpd-auth/dist/qmail-smtpd-auth-0. >31.tar.gz">http://members.elysium.pl/brush/qmail-smtpd-auth/dist/qmail-smtpd-au >th-0.31.tar.gz > >>> exec /usr/local/bin/softlimit -m 400 \ >>> /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c >>"$MAXSMTPD" \ >>> -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd \ >>> koneg.de /home/vpopmail/bin/vchkpw /bin/true 2>&1 >> >>Look fine. >> Might you have still compiled "roaming users" relay control into your vpopmail? >> >>> How can I check that? >> >>You should know which parameters your used to compile vpopmail. You >>should have seen a summary of used parameters when you >>'./configure'-ed vpopmail. >> > >Well, I did not compile vpopmail by myself. It was pre-installed on my >root-server (Suse Linux 9.2). Any way to find out and maybe change now? > Might your Outlook Express have POP3-authenticated while you were testing SMTP-AUTH and your IP therefore still be allowed to relay? >> >>> I don't think so... I restartet Outlook Express with wrong >>> Password-Settings for POP3, an tried to send mail without getting >>> the pop-box before... it still works without auth. >> >>What's the output of >> >>strings /etc/tcp.smtp.cdb >> >nothing > >>??? Is your clients IP enumerated there? >> > >no.. and I don't know why it should be... My client doesn't have a fixed >external IP either. Besides that I know that other hosts can send over my >server 'cause I can see spammails in my queue from time to time, last week I >had about 33000 of them in my queue... That was exactly the point of time when >I started to check that smtp-authentification... > >>> I read in several manuals that they use cmd5checkpw or the >>> checkpassword-tool with smtp-auth. But as far as I understood vchkpw >>> should do the job... >> >>Correct. *You* use 'vchkpw' as password checking tool, because you >>want to check against vpopmail handled user pool. Forget about the >>other tools, unless you want to authenticate against a different data >>base than vpopmails. >Right, but isn't there also a way to use one of these tools, because I also >got a vpopmail-user in my System? But actually I would be more happy to use >just vchkpw... > >Regards >Patrick Gehm > >>-- >>Best regards >>Peter Palmreuther >> >>Blessed are they that run around in circles, for they shall be known >>as wheels. >>
AW: [vchkpw] Re: smtp-auth problem
> >Hello List, > >On Tuesday, July 5, 2005 at 8:50:01 AM patrick wrote: > I'm using qmail and vpopmail and just patched up with smtp-auth, >>>Which SMTP-AUTH-patch? >> I'm using Version 0.31 > >From which source exactly? What's the complete download URL you used >to get this patch? > http://members.elysium.pl/brush/qmail-smtpd-auth/dist/qmail-smtpd-auth-0.31.tar.gz >> exec /usr/local/bin/softlimit -m 400 \ >> /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c >"$MAXSMTPD" \ >> -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd \ >> koneg.de /home/vpopmail/bin/vchkpw /bin/true 2>&1 > >Look fine. > >>>Might you have still compiled "roaming users" relay control into your >>>vpopmail? > >> How can I check that? > >You should know which parameters your used to compile vpopmail. You >should have seen a summary of used parameters when you >'./configure'-ed vpopmail. > Well, I did not compile vpopmail by myself. It was pre-installed on my root-server (Suse Linux 9.2). Any way to find out and maybe change now? >>> Might your Outlook Express have POP3-authenticated while you >>>were testing SMTP-AUTH and your IP therefore still be allowed to >>>relay? > >> I don't think so... I restartet Outlook Express with wrong >> Password-Settings for POP3, an tried to send mail without getting >> the pop-box before... it still works without auth. > >What's the output of > >strings /etc/tcp.smtp.cdb > nothing >??? Is your clients IP enumerated there? > no.. and I don't know why it should be... My client doesn't have a fixed external IP either. Besides that I know that other hosts can send over my server 'cause I can see spammails in my queue from time to time, last week I had about 33000 of them in my queue... That was exactly the point of time when I started to check that smtp-authentification... >> I read in several manuals that they use cmd5checkpw or the >> checkpassword-tool with smtp-auth. But as far as I understood vchkpw >> should do the job... > >Correct. *You* use 'vchkpw' as password checking tool, because you >want to check against vpopmail handled user pool. Forget about the >other tools, unless you want to authenticate against a different data >base than vpopmails. Right, but isn't there also a way to use one of these tools, because I also got a vpopmail-user in my System? But actually I would be more happy to use just vchkpw... Regards Patrick Gehm >-- >Best regards >Peter Palmreuther > >Blessed are they that run around in circles, for they shall be known >as wheels. >
[vchkpw] Re: smtp-auth problem
Hello List, On Tuesday, July 5, 2005 at 8:50:01 AM patrick wrote: >>> I'm using qmail and vpopmail and just patched up with smtp-auth, >>Which SMTP-AUTH-patch? > I'm using Version 0.31 From which source exactly? What's the complete download URL you used to get this patch? > exec /usr/local/bin/softlimit -m 400 \ > /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c > "$MAXSMTPD" \ > -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd \ > koneg.de /home/vpopmail/bin/vchkpw /bin/true 2>&1 Look fine. >>Might you have still compiled "roaming users" relay control into your >>vpopmail? > How can I check that? You should know which parameters your used to compile vpopmail. You should have seen a summary of used parameters when you './configure'-ed vpopmail. >> Might your Outlook Express have POP3-authenticated while you >>were testing SMTP-AUTH and your IP therefore still be allowed to >>relay? > I don't think so... I restartet Outlook Express with wrong > Password-Settings for POP3, an tried to send mail without getting > the pop-box before... it still works without auth. What's the output of strings /etc/tcp.smtp.cdb ??? Is your clients IP enumerated there? > I read in several manuals that they use cmd5checkpw or the > checkpassword-tool with smtp-auth. But as far as I understood vchkpw > should do the job... Correct. *You* use 'vchkpw' as password checking tool, because you want to check against vpopmail handled user pool. Forget about the other tools, unless you want to authenticate against a different data base than vpopmails. -- Best regards Peter Palmreuther Blessed are they that run around in circles, for they shall be known as wheels.
AW: [vchkpw] Re: smtp-auth problem
> >Hello List, > >On Monday, July 4, 2005 at 11:47:36 PM patrick wrote: > >> I'm using qmail and vpopmail and just patched up with smtp-auth, > >Which SMTP-AUTH-patch? I'm using Version 0.31 > >> I'm using "/home/vpopmail/bin/vchkpw" in my "~/qmail-smtpd/run"-script... > >Please post complete run script because parameter order matters. > My script: #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD oder LOCAL ist nicht gesetzt in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi exec /usr/local/bin/softlimit -m 400 \ /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd \ koneg.de /home/vpopmail/bin/vchkpw /bin/true 2>&1 >> While using Outlook Express to send emails over my server >> everything works like it should work when I select "Server uses >> authentification" (server denies to send mail with wrong password), >> but if I DON'T select "Server uses auth.." my server just sends >> everything via smtp... > >Might you have still compiled "roaming users" relay control into your >vpopmail? How can I check that? Might your Outlook Express have POP3-authenticated while you >were testing SMTP-AUTH and your IP therefore still be allowed to >relay? I don't think so... I restartet Outlook Express with wrong Password-Settings for POP3, an tried to send mail without getting the pop-box before... it still works without auth. > >> How comes checkpassword in that? > >What? > >> I haven't installed this cmd5check...something-tool... Do I need to? > >What 'cmd5check...something-tool'? >I can't remember any 'cmd5check...something-tool' regarding to >vpopmail. I read in several manuals that they use cmd5checkpw or the checkpassword-tool with smtp-auth. But as far as I understood vchkpw should do the job... but maybe not? Is there anyway to solve this problem in vpopmail? With hopefull regards Patrick Gehm >-- >Best regards >Peter Palmreuther > >I belong to no organized party - I am a democrat. >
[vchkpw] Re: smtp-auth problem
Hello List, On Monday, July 4, 2005 at 11:47:36 PM patrick wrote: > I'm using qmail and vpopmail and just patched up with smtp-auth, Which SMTP-AUTH-patch? > I'm using "/home/vpopmail/bin/vchkpw" in my "~/qmail-smtpd/run"-script... Please post complete run script because parameter order matters. > While using Outlook Express to send emails over my server > everything works like it should work when I select "Server uses > authentification" (server denies to send mail with wrong password), > but if I DON'T select "Server uses auth.." my server just sends > everything via smtp... Might you have still compiled "roaming users" relay control into your vpopmail? Might your Outlook Express have POP3-authenticated while you were testing SMTP-AUTH and your IP therefore still be allowed to relay? > How comes checkpassword in that? What? > I haven't installed this cmd5check...something-tool... Do I need to? What 'cmd5check...something-tool'? I can't remember any 'cmd5check...something-tool' regarding to vpopmail. -- Best regards Peter Palmreuther I belong to no organized party - I am a democrat.
