Re: [vchkpw] disable_external_relay [PATCH]
Dear Tonino, Thanks a lot for the info. In my case the password is stored in MySQL. A further hunt provided me the following: The following options are bit flags in the gid int field (pw_gid) with the int values stored. -u ( set no dialup flag ) -- 64 -d ( set no password changing flag ) -- 1 -p ( set no pop access flag ) -- 2 -s ( set no smtp access flag ) -- 2048 -w ( set no web mail access flag ) -- 4 -i ( set no imap access flag ) -- 8 -b ( set bounce mail flag )-- 16 -r ( set no external relay flag ) -- 32 -a ( grant qmailadmin administrator privileges)-- 4096 -0 ( set V_USER0 flag )-- 128 -1 ( set V_USER1 flag )-- 256 -2 ( set V_USER2 flag )-- 512 -3 ( set V_USER3 flag )-- 1024 For Multiple settings the flags' values are added. Devendra Singh At 05/12/03 14:38 (), tonix (Antonio Nati) wrote: vmoduser store this flag within the user record (either in .cdb or MysQl or LDAP, depending on your configuration). It's in the gid field. Tonino At 05/12/2003 05/12/2003 +0530, Devendra Singh wrote: Dear Tonino, Earlier when I had put the disable_smtp into .qmailadmin-limits, it still allowed to relay the users. When I did use the vmoduser to set the disable_smtp flag, it worked. But, where did the vmoduser store this flag info. I could not locate it. May some expert out there listening, may guide us. Devendra Singh At 05/12/03 13:48 (), tonix (Antonio Nati) wrote: Devendra, I'm still with an old version, and my domain limits are in .qmailadmin-limits, within the domain directory. I don't know if this is still valid for new version. Give a look at your Changelog and README files (andpost the result). Ciao, Tonino At 05/12/2003 05/12/2003 +0530, Devendra Singh wrote: Dear Tonino / Tom, In between the whole expert discussion the user level curious question BTW, where is this user's limits info stored in case of non-mysql limits? got lost. Please, let us know. Devendra Singh At 04/12/03 14:32 (), tonix (Antonio Nati) wrote: Tom, thanks for your clear explanation. However, don't you think that kind of things should be discussed in the general list instead of development list? I feel that development list should deal with implementation, how to develop, how to improve code, while functionalities should be discussed with end-users (or production users), that are interested in functionalities, and don't care about implementation. I'm really amazed when I discover a changed feature and see that it's been done by developers without talking with end-users. Ciao, Tonino At 03/12/2003 03/12/2003 -0700, you wrote: On Wednesday, December 3, 2003, at 10:05 AM, tonix (Antonio Nati) wrote: Tom, sorry if I may be out of logic, just a fast look at the patch. Here's how it works. pw_gid is the user's limits. if the user has V_OVERRIDE set, that's all they get. otherwise, the domain limits are IN ADDITION to the user's limits. For example: If domain limit says no IMAP and user limit says no SMTP; user doesn't have access to IMAP or SMTP. Change domain limit from no IMAP to no POP. Now user limit becomes no POP or SMTP. We discussed this on the development list. Perhaps we need to explain it better in the documentation. Is it correct to keep using user flags if override is off? Yes. +if ((! (pw-pw_gid V_OVERRIDE)) if user not overriding domain limits + (vget_limits (domain, limits) == 0)) { +pw-pw_flags = pw-pw_gid | vlimits_get_flag_mask (limits); using mixed limits from user and domain. Correct. Would it be more direct to use only domain limits in such a case? No. If you do it that way, you can't impose additional limits on a single user in the domain (or, for example, add qmailadmin admin access). +} else pw-pw_flags = pw-pw_gid; else use user limits. Correct. If V_OVERRIDE is set, or the limit lookup fails, it just uses the user limits. At 03/12/2003 03/12/2003 -0700, you wrote: Here's the patch to fix the domain limits problem. It's in CVS now, and will be in the next release (which I'll make by the end of the week). Hopefully the email gateways won't totally screw the file up... [snip] Thanks for including an entire copy of the patch in your response. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.528 / Virus Database: 324 - Release Date: 16/10/03 [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.548 / Virus Database: 341 - Release Date: 05/12/03 --- Outgoing mail is certified
Re: [vchkpw] disable_external_relay [PATCH]
Devendra, I'm still with an old version, and my domain limits are in .qmailadmin-limits, within the domain directory. I don't know if this is still valid for new version. Give a look at your Changelog and README files (andpost the result). Ciao, Tonino At 05/12/2003 05/12/2003 +0530, Devendra Singh wrote: Dear Tonino / Tom, In between the whole expert discussion the user level curious question BTW, where is this user's limits info stored in case of non-mysql limits? got lost. Please, let us know. Devendra Singh At 04/12/03 14:32 (), tonix (Antonio Nati) wrote: Tom, thanks for your clear explanation. However, don't you think that kind of things should be discussed in the general list instead of development list? I feel that development list should deal with implementation, how to develop, how to improve code, while functionalities should be discussed with end-users (or production users), that are interested in functionalities, and don't care about implementation. I'm really amazed when I discover a changed feature and see that it's been done by developers without talking with end-users. Ciao, Tonino At 03/12/2003 03/12/2003 -0700, you wrote: On Wednesday, December 3, 2003, at 10:05 AM, tonix (Antonio Nati) wrote: Tom, sorry if I may be out of logic, just a fast look at the patch. Here's how it works. pw_gid is the user's limits. if the user has V_OVERRIDE set, that's all they get. otherwise, the domain limits are IN ADDITION to the user's limits. For example: If domain limit says no IMAP and user limit says no SMTP; user doesn't have access to IMAP or SMTP. Change domain limit from no IMAP to no POP. Now user limit becomes no POP or SMTP. We discussed this on the development list. Perhaps we need to explain it better in the documentation. Is it correct to keep using user flags if override is off? Yes. +if ((! (pw-pw_gid V_OVERRIDE)) if user not overriding domain limits + (vget_limits (domain, limits) == 0)) { +pw-pw_flags = pw-pw_gid | vlimits_get_flag_mask (limits); using mixed limits from user and domain. Correct. Would it be more direct to use only domain limits in such a case? No. If you do it that way, you can't impose additional limits on a single user in the domain (or, for example, add qmailadmin admin access). +} else pw-pw_flags = pw-pw_gid; else use user limits. Correct. If V_OVERRIDE is set, or the limit lookup fails, it just uses the user limits. At 03/12/2003 03/12/2003 -0700, you wrote: Here's the patch to fix the domain limits problem. It's in CVS now, and will be in the next release (which I'll make by the end of the week). Hopefully the email gateways won't totally screw the file up... [snip] Thanks for including an entire copy of the patch in your response. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.528 / Virus Database: 324 - Release Date: 16/10/03 [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [vchkpw] disable_external_relay [PATCH]
Dear Tonino, Earlier when I had put the disable_smtp into .qmailadmin-limits, it still allowed to relay the users. When I did use the vmoduser to set the disable_smtp flag, it worked. But, where did the vmoduser store this flag info. I could not locate it. May some expert out there listening, may guide us. Devendra Singh At 05/12/03 13:48 (), tonix (Antonio Nati) wrote: Devendra, I'm still with an old version, and my domain limits are in .qmailadmin-limits, within the domain directory. I don't know if this is still valid for new version. Give a look at your Changelog and README files (andpost the result). Ciao, Tonino At 05/12/2003 05/12/2003 +0530, Devendra Singh wrote: Dear Tonino / Tom, In between the whole expert discussion the user level curious question BTW, where is this user's limits info stored in case of non-mysql limits? got lost. Please, let us know. Devendra Singh At 04/12/03 14:32 (), tonix (Antonio Nati) wrote: Tom, thanks for your clear explanation. However, don't you think that kind of things should be discussed in the general list instead of development list? I feel that development list should deal with implementation, how to develop, how to improve code, while functionalities should be discussed with end-users (or production users), that are interested in functionalities, and don't care about implementation. I'm really amazed when I discover a changed feature and see that it's been done by developers without talking with end-users. Ciao, Tonino At 03/12/2003 03/12/2003 -0700, you wrote: On Wednesday, December 3, 2003, at 10:05 AM, tonix (Antonio Nati) wrote: Tom, sorry if I may be out of logic, just a fast look at the patch. Here's how it works. pw_gid is the user's limits. if the user has V_OVERRIDE set, that's all they get. otherwise, the domain limits are IN ADDITION to the user's limits. For example: If domain limit says no IMAP and user limit says no SMTP; user doesn't have access to IMAP or SMTP. Change domain limit from no IMAP to no POP. Now user limit becomes no POP or SMTP. We discussed this on the development list. Perhaps we need to explain it better in the documentation. Is it correct to keep using user flags if override is off? Yes. +if ((! (pw-pw_gid V_OVERRIDE)) if user not overriding domain limits + (vget_limits (domain, limits) == 0)) { +pw-pw_flags = pw-pw_gid | vlimits_get_flag_mask (limits); using mixed limits from user and domain. Correct. Would it be more direct to use only domain limits in such a case? No. If you do it that way, you can't impose additional limits on a single user in the domain (or, for example, add qmailadmin admin access). +} else pw-pw_flags = pw-pw_gid; else use user limits. Correct. If V_OVERRIDE is set, or the limit lookup fails, it just uses the user limits. At 03/12/2003 03/12/2003 -0700, you wrote: Here's the patch to fix the domain limits problem. It's in CVS now, and will be in the next release (which I'll make by the end of the week). Hopefully the email gateways won't totally screw the file up... [snip] Thanks for including an entire copy of the patch in your response. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.528 / Virus Database: 324 - Release Date: 16/10/03
Re: [vchkpw] disable_external_relay [PATCH]
vmoduser store this flag within the user record (either in .cdb or MysQl or LDAP, depending on your configuration). It's in the gid field. Tonino At 05/12/2003 05/12/2003 +0530, Devendra Singh wrote: Dear Tonino, Earlier when I had put the disable_smtp into .qmailadmin-limits, it still allowed to relay the users. When I did use the vmoduser to set the disable_smtp flag, it worked. But, where did the vmoduser store this flag info. I could not locate it. May some expert out there listening, may guide us. Devendra Singh At 05/12/03 13:48 (), tonix (Antonio Nati) wrote: Devendra, I'm still with an old version, and my domain limits are in .qmailadmin-limits, within the domain directory. I don't know if this is still valid for new version. Give a look at your Changelog and README files (andpost the result). Ciao, Tonino At 05/12/2003 05/12/2003 +0530, Devendra Singh wrote: Dear Tonino / Tom, In between the whole expert discussion the user level curious question BTW, where is this user's limits info stored in case of non-mysql limits? got lost. Please, let us know. Devendra Singh At 04/12/03 14:32 (), tonix (Antonio Nati) wrote: Tom, thanks for your clear explanation. However, don't you think that kind of things should be discussed in the general list instead of development list? I feel that development list should deal with implementation, how to develop, how to improve code, while functionalities should be discussed with end-users (or production users), that are interested in functionalities, and don't care about implementation. I'm really amazed when I discover a changed feature and see that it's been done by developers without talking with end-users. Ciao, Tonino At 03/12/2003 03/12/2003 -0700, you wrote: On Wednesday, December 3, 2003, at 10:05 AM, tonix (Antonio Nati) wrote: Tom, sorry if I may be out of logic, just a fast look at the patch. Here's how it works. pw_gid is the user's limits. if the user has V_OVERRIDE set, that's all they get. otherwise, the domain limits are IN ADDITION to the user's limits. For example: If domain limit says no IMAP and user limit says no SMTP; user doesn't have access to IMAP or SMTP. Change domain limit from no IMAP to no POP. Now user limit becomes no POP or SMTP. We discussed this on the development list. Perhaps we need to explain it better in the documentation. Is it correct to keep using user flags if override is off? Yes. +if ((! (pw-pw_gid V_OVERRIDE)) if user not overriding domain limits + (vget_limits (domain, limits) == 0)) { +pw-pw_flags = pw-pw_gid | vlimits_get_flag_mask (limits); using mixed limits from user and domain. Correct. Would it be more direct to use only domain limits in such a case? No. If you do it that way, you can't impose additional limits on a single user in the domain (or, for example, add qmailadmin admin access). +} else pw-pw_flags = pw-pw_gid; else use user limits. Correct. If V_OVERRIDE is set, or the limit lookup fails, it just uses the user limits. At 03/12/2003 03/12/2003 -0700, you wrote: Here's the patch to fix the domain limits problem. It's in CVS now, and will be in the next release (which I'll make by the end of the week). Hopefully the email gateways won't totally screw the file up... [snip] Thanks for including an entire copy of the patch in your response. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.528 / Virus Database: 324 - Release Date: 16/10/03 [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [vchkpw] disable_external_relay [PATCH]
Tom, thanks for your clear explanation. However, don't you think that kind of things should be discussed in the general list instead of development list? I feel that development list should deal with implementation, how to develop, how to improve code, while functionalities should be discussed with end-users (or production users), that are interested in functionalities, and don't care about implementation. I'm really amazed when I discover a changed feature and see that it's been done by developers without talking with end-users. Ciao, Tonino At 03/12/2003 03/12/2003 -0700, you wrote: On Wednesday, December 3, 2003, at 10:05 AM, tonix (Antonio Nati) wrote: Tom, sorry if I may be out of logic, just a fast look at the patch. Here's how it works. pw_gid is the user's limits. if the user has V_OVERRIDE set, that's all they get. otherwise, the domain limits are IN ADDITION to the user's limits. For example: If domain limit says no IMAP and user limit says no SMTP; user doesn't have access to IMAP or SMTP. Change domain limit from no IMAP to no POP. Now user limit becomes no POP or SMTP. We discussed this on the development list. Perhaps we need to explain it better in the documentation. Is it correct to keep using user flags if override is off? Yes. +if ((! (pw-pw_gid V_OVERRIDE)) if user not overriding domain limits + (vget_limits (domain, limits) == 0)) { +pw-pw_flags = pw-pw_gid | vlimits_get_flag_mask (limits); using mixed limits from user and domain. Correct. Would it be more direct to use only domain limits in such a case? No. If you do it that way, you can't impose additional limits on a single user in the domain (or, for example, add qmailadmin admin access). +} else pw-pw_flags = pw-pw_gid; else use user limits. Correct. If V_OVERRIDE is set, or the limit lookup fails, it just uses the user limits. At 03/12/2003 03/12/2003 -0700, you wrote: Here's the patch to fix the domain limits problem. It's in CVS now, and will be in the next release (which I'll make by the end of the week). Hopefully the email gateways won't totally screw the file up... [snip] Thanks for including an entire copy of the patch in your response. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/ [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [vchkpw] disable_external_relay [PATCH]
Dear Tonino / Tom, In between the whole expert discussion the user level curious question BTW, where is this user's limits info stored in case of non-mysql limits? got lost. Please, let us know. Devendra Singh At 04/12/03 14:32 (), tonix (Antonio Nati) wrote: Tom, thanks for your clear explanation. However, don't you think that kind of things should be discussed in the general list instead of development list? I feel that development list should deal with implementation, how to develop, how to improve code, while functionalities should be discussed with end-users (or production users), that are interested in functionalities, and don't care about implementation. I'm really amazed when I discover a changed feature and see that it's been done by developers without talking with end-users. Ciao, Tonino At 03/12/2003 03/12/2003 -0700, you wrote: On Wednesday, December 3, 2003, at 10:05 AM, tonix (Antonio Nati) wrote: Tom, sorry if I may be out of logic, just a fast look at the patch. Here's how it works. pw_gid is the user's limits. if the user has V_OVERRIDE set, that's all they get. otherwise, the domain limits are IN ADDITION to the user's limits. For example: If domain limit says no IMAP and user limit says no SMTP; user doesn't have access to IMAP or SMTP. Change domain limit from no IMAP to no POP. Now user limit becomes no POP or SMTP. We discussed this on the development list. Perhaps we need to explain it better in the documentation. Is it correct to keep using user flags if override is off? Yes. +if ((! (pw-pw_gid V_OVERRIDE)) if user not overriding domain limits + (vget_limits (domain, limits) == 0)) { +pw-pw_flags = pw-pw_gid | vlimits_get_flag_mask (limits); using mixed limits from user and domain. Correct. Would it be more direct to use only domain limits in such a case? No. If you do it that way, you can't impose additional limits on a single user in the domain (or, for example, add qmailadmin admin access). +} else pw-pw_flags = pw-pw_gid; else use user limits. Correct. If V_OVERRIDE is set, or the limit lookup fails, it just uses the user limits. At 03/12/2003 03/12/2003 -0700, you wrote: Here's the patch to fix the domain limits problem. It's in CVS now, and will be in the next release (which I'll make by the end of the week). Hopefully the email gateways won't totally screw the file up... [snip] Thanks for including an entire copy of the patch in your response. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.528 / Virus Database: 324 - Release Date: 16/10/03
Re: [vchkpw] disable_external_relay
Dear Tom, I am using SMTP AUTH. Devendra Singh At 02/12/03 20:50 (), Tom Collins wrote: On Tuesday, December 2, 2003, at 07:12 AM, Devendra Singh wrote: Use disable_smtp in the .qmailadmin-limits file to disable SMTP access for the domain. The current version of vpopmail (5.3.30) supports this flag. I upgraded to vpopmail-5.3.30, qmailadmin-1.0.29. Recompiled Courier-Imap-1.7.3. But, I am still not able to disable the SMTP. What might be wrong? Are you using SMTP AUTH or roaming users (aka POP before SMTP)? -- Tom Collins - [EMAIL PROTECTED] --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.528 / Virus Database: 324 - Release Date: 16/10/03
Re: [vchkpw] disable_external_relay
Dear Tonino, 1. I have put the .qmailadmin-limits into the /home/vpopmail/domains/0/del4.intermesh.net with following rights: -rw---1 vpopmail vchkpw126 Dec 2 18:59 .qmailadmin-limits and contains: maxpopaccounts: 10 maxaliases: 0 maxforwards: 10 maxautoresponders: 0 maxmailinglists: 0 default_quota: 41943040 disable_smtp 2. It's not a Open Relay Server. Checked with http://members.iinet.net.au/~remmie/relay/ and with http://spamlart.homeunix.org/ (Server referenced above is a test Server) Devendra Singh At 02/12/03 20:35 (), tonix (Antonio Nati) wrote: Devendra, 1) did you set this flag up? 2) Are you sure you are not an open relay? Tonino At 02/12/2003 02/12/2003 +0530, you wrote: At 24/11/03 21:46 (), Tom Collins wrote: On Monday, November 24, 2003, at 03:37 AM, tonix (Antonio Nati) wrote: No,it works only for pop-before-SMTP. I suggested to use it also for SMTP relay, but it wqas preferred to add a dedicated bit for SMTP relaying. Use disable_smtp in the .qmailadmin-limits file to disable SMTP access for the domain. The current version of vpopmail (5.3.30) supports this flag. I upgraded to vpopmail-5.3.30, qmailadmin-1.0.29. Recompiled Courier-Imap-1.7.3. But, I am still not able to disable the SMTP. What might be wrong? Devendra Singh --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.528 / Virus Database: 324 - Release Date: 16/10/03
Re: [vchkpw] disable_external_relay
Devendra, you must set/modify that flag for users already existing. If you run vuserinfo [EMAIL PROTECTED], you'll see if flag is active. If not, enable it (with vmoduser). Ciao, Tonino At 03/12/2003 03/12/2003 +0530, Devendra Singh wrote: Dear Tonino, 1. I have put the .qmailadmin-limits into the /home/vpopmail/domains/0/del4.intermesh.net with following rights: -rw---1 vpopmail vchkpw126 Dec 2 18:59 .qmailadmin-limits and contains: maxpopaccounts: 10 maxaliases: 0 maxforwards: 10 maxautoresponders: 0 maxmailinglists: 0 default_quota: 41943040 disable_smtp 2. It's not a Open Relay Server. Checked with http://members.iinet.net.au/~remmie/relay/ and with http://spamlart.homeunix.org/ (Server referenced above is a test Server) Devendra Singh At 02/12/03 20:35 (), tonix (Antonio Nati) wrote: Devendra, 1) did you set this flag up? 2) Are you sure you are not an open relay? Tonino At 02/12/2003 02/12/2003 +0530, you wrote: At 24/11/03 21:46 (), Tom Collins wrote: On Monday, November 24, 2003, at 03:37 AM, tonix (Antonio Nati) wrote: No,it works only for pop-before-SMTP. I suggested to use it also for SMTP relay, but it wqas preferred to add a dedicated bit for SMTP relaying. Use disable_smtp in the .qmailadmin-limits file to disable SMTP access for the domain. The current version of vpopmail (5.3.30) supports this flag. I upgraded to vpopmail-5.3.30, qmailadmin-1.0.29. Recompiled Courier-Imap-1.7.3. But, I am still not able to disable the SMTP. What might be wrong? Devendra Singh --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.528 / Virus Database: 324 - Release Date: 16/10/03 [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [vchkpw] disable_external_relay
Dear Tonino, Thanks. It worked. I am delighted. BTW, where is this info stored in case of non-mysql limits? Devendra Singh At 03/12/03 15:04 (), tonix (Antonio Nati) wrote: Devendra, you must set/modify that flag for users already existing. If you run vuserinfo [EMAIL PROTECTED], you'll see if flag is active. If not, enable it (with vmoduser). Ciao, Tonino At 03/12/2003 03/12/2003 +0530, Devendra Singh wrote: Dear Tonino, 1. I have put the .qmailadmin-limits into the /home/vpopmail/domains/0/del4.intermesh.net with following rights: -rw---1 vpopmail vchkpw126 Dec 2 18:59 .qmailadmin-limits and contains: maxpopaccounts: 10 maxaliases: 0 maxforwards: 10 maxautoresponders: 0 maxmailinglists: 0 default_quota: 41943040 disable_smtp 2. It's not a Open Relay Server. Checked with http://members.iinet.net.au/~remmie/relay/ and with http://spamlart.homeunix.org/ (Server referenced above is a test Server) Devendra Singh At 02/12/03 20:35 (), tonix (Antonio Nati) wrote: Devendra, 1) did you set this flag up? 2) Are you sure you are not an open relay? Tonino At 02/12/2003 02/12/2003 +0530, you wrote: At 24/11/03 21:46 (), Tom Collins wrote: On Monday, November 24, 2003, at 03:37 AM, tonix (Antonio Nati) wrote: No,it works only for pop-before-SMTP. I suggested to use it also for SMTP relay, but it wqas preferred to add a dedicated bit for SMTP relaying. Use disable_smtp in the .qmailadmin-limits file to disable SMTP access for the domain. The current version of vpopmail (5.3.30) supports this flag. I upgraded to vpopmail-5.3.30, qmailadmin-1.0.29. Recompiled Courier-Imap-1.7.3. But, I am still not able to disable the SMTP. What might be wrong? Devendra Singh --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.528 / Virus Database: 324 - Release Date: 16/10/03
Re: [vchkpw] disable_external_relay
On Wednesday, December 3, 2003, at 02:34 AM, tonix (Antonio Nati) wrote: you must set/modify that flag for users already existing. If you run vuserinfo [EMAIL PROTECTED], you'll see if flag is active. If not, enable it (with vmoduser). That's not accurate -- the whole point of domain-wide settings is so you don't have to set it for individual users. I took a look at the code and, at least for cdb, domain limits weren't getting loaded. I should have a patch later today. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] disable_external_relay
No, domain limits apply to all users (that don't have V_OVERRIDE set). They are not default limits for new users. On Wednesday, December 3, 2003, at 09:27 AM, tonix (Antonio Nati) wrote: Tom, we were speaking of already existing users (in this case). Domain limits should work for new users. Tonino At 03/12/2003 03/12/2003 -0700, you wrote: On Wednesday, December 3, 2003, at 02:34 AM, tonix (Antonio Nati) wrote: you must set/modify that flag for users already existing. If you run vuserinfo [EMAIL PROTECTED], you'll see if flag is active. If not, enable it (with vmoduser). That's not accurate -- the whole point of domain-wide settings is so you don't have to set it for individual users. I took a look at the code and, at least for cdb, domain limits weren't getting loaded. I should have a patch later today. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/ [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED] -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] disable_external_relay [PATCH]
Here's the patch to fix the domain limits problem. It's in CVS now, and will be in the next release (which I'll make by the end of the week). Hopefully the email gateways won't totally screw the file up... Update of /cvsroot/vpopmail/vpopmail In directory sc8-pr-cvs1:/tmp/cvs-serv1963 Modified Files: vlimits.h vlimits.c vcdb.c vactivedir.c vldap.c vmysql.c vpgsql.c vsybase.c Log Message: fix and move pw_flags setting code to vlimits.c Index: vlimits.h === RCS file: /cvsroot/vpopmail/vpopmail/vlimits.h,v retrieving revision 1.5 retrieving revision 1.6 diff -u -d -r1.5 -r1.6 --- vlimits.h 21 Oct 2003 21:24:37 - 1.5 +++ vlimits.h 3 Dec 2003 16:41:14 - 1.6 @@ -57,4 +57,5 @@ int vlimits_read_limits_file(const char * dir, struct vlimits * limits); int vlimits_write_limits_file(const char * dir, const struct vlimits * limits); int vlimits_get_flag_mask(struct vlimits *limits); +void vlimits_setflags (struct vqpasswd *pw, char *domain); #endif Index: vlimits.c === RCS file: /cvsroot/vpopmail/vpopmail/vlimits.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -d -r1.8 -r1.9 --- vlimits.c 23 Nov 2003 19:27:39 - 1.8 +++ vlimits.c 3 Dec 2003 16:41:14 - 1.9 @@ -365,4 +365,13 @@ return unlink(dir); } +void vlimits_setflags (struct vqpasswd *pw, char *domain) +{ +struct vlimits limits; + +if ((! (pw-pw_gid V_OVERRIDE)) + (vget_limits (domain, limits) == 0)) { +pw-pw_flags = pw-pw_gid | vlimits_get_flag_mask (limits); +} else pw-pw_flags = pw-pw_gid; +} #endif Index: vcdb.c === RCS file: /cvsroot/vpopmail/vpopmail/vcdb.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -d -r1.10 -r1.11 --- vcdb.c 15 Nov 2003 06:55:43 - 1.10 +++ vcdb.c 3 Dec 2003 16:41:14 - 1.11 @@ -231,7 +231,6 @@ #ifdef FILE_LOCKING FILE *lock_fs; #endif - struct vlimits limits; verrori = 0; lowerit(user); @@ -311,10 +310,7 @@ if (!*uid) { pwent.pw_uid = 0; } else { pwent.pw_uid = atoi(uid); } if (!*gid) { pwent.pw_gid = 0; } else { pwent.pw_gid = atoi(gid); } -if ((! pwent.pw_gid V_OVERRIDE) - (vget_limits (in_domain, limits) == 0)) { -pwent.pw_flags = pwent.pw_gid | vlimits_get_flag_mask (limits); -} else pwent.pw_flags = pwent.pw_gid; +vlimits_setflags (pwent, in_domain); #ifdef DEBUG fprintf (stderr,vgetpw: db: results: pw_name = %s\n,pwent.pw_name); Index: vactivedir.c === RCS file: /cvsroot/vpopmail/vpopmail/vactivedir.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -d -r1.8 -r1.9 --- vactivedir.c15 Nov 2003 06:55:43 - 1.8 +++ vactivedir.c3 Dec 2003 16:41:14 - 1.9 @@ -160,7 +160,6 @@ static struct vqpasswd vpw; static struct actdirvp adir; int sock; - struct vlimits limits; if ( (sock=ad_open_conn())==-1){ printf(could not connect\n); @@ -189,10 +188,7 @@ ad_fill_vpw(vpw,adir); - if ((! vpw.pw_gid V_OVERRIDE) - (vget_limits (domain, limits) == 0)) { - vpw.pw_flags = vpw.pw_gid | vlimits_get_flag_mask (limits); - } else vpw.pw_flags = vpw.pw_gid; + vlimits_setflags (vpw, domain); return(vpw); } Index: vldap.c === RCS file: /cvsroot/vpopmail/vpopmail/vldap.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -d -r1.10 -r1.11 --- vldap.c 15 Nov 2003 06:55:44 - 1.10 +++ vldap.c 3 Dec 2003 16:41:14 - 1.11 @@ -70,7 +70,6 @@ uid_t myuid; uid_t uid; gid_t gid; - struct vlimits limits; verrori = 0; lowerit(user); @@ -287,10 +286,7 @@ } #endif - if ((! vpw-pw_gid V_OVERRIDE) - (vget_limits (domain, limits) == 0)) { - vpw-pw_flags = vpw-pw_gid | vlimits_get_flag_mask (limits); - } else vpw-pw_flags = vpw-pw_gid; + vlimits_setflags (vpw, domain); return vpw; Index: vmysql.c === RCS file: /cvsroot/vpopmail/vpopmail/vmysql.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -d -r1.10 -r1.11 --- vmysql.c15 Nov 2003 06:55:44 - 1.10 +++ vmysql.c3 Dec 2003 16:41:14 - 1.11 @@ -417,7 +417,6 @@ uid_t myuid; uid_t uid; gid_t gid; - struct vlimits limits; vget_assign(domain,NULL,0,uid,gid); @@ -496,10 +495,7 @@ } mysql_free_result(res_read); -if ((! vpw.pw_gid V_OVERRIDE) - (vget_limits (in_domain, limits) == 0)) { -vpw.pw_flags = vpw.pw_gid | vlimits_get_flag_mask (limits); -} else vpw.pw_flags = vpw.pw_gid; +vlimits_setflags (vpw, in_domain); return(vpw); } Index: vpgsql.c === RCS file:
Re: [vchkpw] disable_external_relay [PATCH]
Tom, sorry if I may be out of logic, just a fast look at the patch. Is it correct to keep using user flags if override is off? +if ((! (pw-pw_gid V_OVERRIDE)) if user not overriding domain limits + (vget_limits (domain, limits) == 0)) { +pw-pw_flags = pw-pw_gid | vlimits_get_flag_mask (limits); using mixed limits from user and domain. Would it be more direct to use only domain limits in such a case? +} else pw-pw_flags = pw-pw_gid; else use user limits. Ciao, Tonino At 03/12/2003 03/12/2003 -0700, you wrote: Here's the patch to fix the domain limits problem. It's in CVS now, and will be in the next release (which I'll make by the end of the week). Hopefully the email gateways won't totally screw the file up... Update of /cvsroot/vpopmail/vpopmail In directory sc8-pr-cvs1:/tmp/cvs-serv1963 Modified Files: vlimits.h vlimits.c vcdb.c vactivedir.c vldap.c vmysql.c vpgsql.c vsybase.c Log Message: fix and move pw_flags setting code to vlimits.c Index: vlimits.h === RCS file: /cvsroot/vpopmail/vpopmail/vlimits.h,v retrieving revision 1.5 retrieving revision 1.6 diff -u -d -r1.5 -r1.6 --- vlimits.h 21 Oct 2003 21:24:37 - 1.5 +++ vlimits.h 3 Dec 2003 16:41:14 - 1.6 @@ -57,4 +57,5 @@ int vlimits_read_limits_file(const char * dir, struct vlimits * limits); int vlimits_write_limits_file(const char * dir, const struct vlimits * limits); int vlimits_get_flag_mask(struct vlimits *limits); +void vlimits_setflags (struct vqpasswd *pw, char *domain); #endif Index: vlimits.c === RCS file: /cvsroot/vpopmail/vpopmail/vlimits.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -d -r1.8 -r1.9 --- vlimits.c 23 Nov 2003 19:27:39 - 1.8 +++ vlimits.c 3 Dec 2003 16:41:14 - 1.9 @@ -365,4 +365,13 @@ return unlink(dir); } +void vlimits_setflags (struct vqpasswd *pw, char *domain) +{ +struct vlimits limits; + +if ((! (pw-pw_gid V_OVERRIDE)) + (vget_limits (domain, limits) == 0)) { +pw-pw_flags = pw-pw_gid | vlimits_get_flag_mask (limits); +} else pw-pw_flags = pw-pw_gid; +} #endif Index: vcdb.c === RCS file: /cvsroot/vpopmail/vpopmail/vcdb.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -d -r1.10 -r1.11 --- vcdb.c 15 Nov 2003 06:55:43 - 1.10 +++ vcdb.c 3 Dec 2003 16:41:14 - 1.11 @@ -231,7 +231,6 @@ #ifdef FILE_LOCKING FILE *lock_fs; #endif - struct vlimits limits; verrori = 0; lowerit(user); @@ -311,10 +310,7 @@ if (!*uid) { pwent.pw_uid = 0; } else { pwent.pw_uid = atoi(uid); } if (!*gid) { pwent.pw_gid = 0; } else { pwent.pw_gid = atoi(gid); } -if ((! pwent.pw_gid V_OVERRIDE) - (vget_limits (in_domain, limits) == 0)) { -pwent.pw_flags = pwent.pw_gid | vlimits_get_flag_mask (limits); -} else pwent.pw_flags = pwent.pw_gid; +vlimits_setflags (pwent, in_domain); #ifdef DEBUG fprintf (stderr,vgetpw: db: results: pw_name = %s\n,pwent.pw_name); Index: vactivedir.c === RCS file: /cvsroot/vpopmail/vpopmail/vactivedir.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -d -r1.8 -r1.9 --- vactivedir.c15 Nov 2003 06:55:43 - 1.8 +++ vactivedir.c3 Dec 2003 16:41:14 - 1.9 @@ -160,7 +160,6 @@ static struct vqpasswd vpw; static struct actdirvp adir; int sock; - struct vlimits limits; if ( (sock=ad_open_conn())==-1){ printf(could not connect\n); @@ -189,10 +188,7 @@ ad_fill_vpw(vpw,adir); - if ((! vpw.pw_gid V_OVERRIDE) - (vget_limits (domain, limits) == 0)) { - vpw.pw_flags = vpw.pw_gid | vlimits_get_flag_mask (limits); - } else vpw.pw_flags = vpw.pw_gid; + vlimits_setflags (vpw, domain); return(vpw); } Index: vldap.c === RCS file: /cvsroot/vpopmail/vpopmail/vldap.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -d -r1.10 -r1.11 --- vldap.c 15 Nov 2003 06:55:44 - 1.10 +++ vldap.c 3 Dec 2003 16:41:14 - 1.11 @@ -70,7 +70,6 @@ uid_t myuid; uid_t uid; gid_t gid; - struct vlimits limits; verrori = 0; lowerit(user); @@ -287,10 +286,7 @@ } #endif - if ((! vpw-pw_gid V_OVERRIDE) - (vget_limits (domain, limits) == 0)) { - vpw-pw_flags = vpw-pw_gid | vlimits_get_flag_mask (limits); - } else vpw-pw_flags = vpw-pw_gid; + vlimits_setflags (vpw, domain); return vpw; Index: vmysql.c === RCS file: /cvsroot/vpopmail/vpopmail/vmysql.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -d -r1.10 -r1.11 --- vmysql.c15 Nov 2003 06:55:44 - 1.10 +++ vmysql.c3 Dec 2003 16:41:14
Re: [vchkpw] disable_external_relay
At 24/11/03 21:46 (), Tom Collins wrote: On Monday, November 24, 2003, at 03:37 AM, tonix (Antonio Nati) wrote: No,it works only for pop-before-SMTP. I suggested to use it also for SMTP relay, but it wqas preferred to add a dedicated bit for SMTP relaying. Use disable_smtp in the .qmailadmin-limits file to disable SMTP access for the domain. The current version of vpopmail (5.3.30) supports this flag. I upgraded to vpopmail-5.3.30, qmailadmin-1.0.29. Recompiled Courier-Imap-1.7.3. But, I am still not able to disable the SMTP. What might be wrong? Devendra Singh --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.528 / Virus Database: 324 - Release Date: 16/10/03
Re: [vchkpw] disable_external_relay
On Tuesday, December 2, 2003, at 07:12 AM, Devendra Singh wrote: Use disable_smtp in the .qmailadmin-limits file to disable SMTP access for the domain. The current version of vpopmail (5.3.30) supports this flag. I upgraded to vpopmail-5.3.30, qmailadmin-1.0.29. Recompiled Courier-Imap-1.7.3. But, I am still not able to disable the SMTP. What might be wrong? Are you using SMTP AUTH or roaming users (aka POP before SMTP)? -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] disable_external_relay
Devendra, 1) did you set this flag up? 2) Are you sure you are not an open relay? Tonino At 02/12/2003 02/12/2003 +0530, you wrote: At 24/11/03 21:46 (), Tom Collins wrote: On Monday, November 24, 2003, at 03:37 AM, tonix (Antonio Nati) wrote: No,it works only for pop-before-SMTP. I suggested to use it also for SMTP relay, but it wqas preferred to add a dedicated bit for SMTP relaying. Use disable_smtp in the .qmailadmin-limits file to disable SMTP access for the domain. The current version of vpopmail (5.3.30) supports this flag. I upgraded to vpopmail-5.3.30, qmailadmin-1.0.29. Recompiled Courier-Imap-1.7.3. But, I am still not able to disable the SMTP. What might be wrong? Devendra Singh --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.528 / Virus Database: 324 - Release Date: 16/10/03 [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [vchkpw] disable_external_relay
At 24/11/03 21:46 (), Tom Collins wrote: On Monday, November 24, 2003, at 03:37 AM, tonix (Antonio Nati) wrote: No,it works only for pop-before-SMTP. I suggested to use it also for SMTP relay, but it wqas preferred to add a dedicated bit for SMTP relaying. Use disable_smtp in the .qmailadmin-limits file to disable SMTP access for the domain. The current version of vpopmail (5.3.30) supports this flag. Dear Tom, Thanks for the info. Do you suggest to upgrade to vpopmail v5.3.30 and qmailadmin v1.0.29. Would it change my existing mysql tables w/o any hickups? Any precautions while upgrading? Suppose I change any configure options while upgrading, would it create any problem? (Sorry, asking too much). Currently, I am using vpopmail v5.3.20 and qmailadmin v1.0.24. Spam tagging is being done by Spamassissin v2.55 and qmail-scanner v1.16. Vpopmail is configured as: ./configure \ --enable-roaming-users=n \ --enable-default-domain=xxx..xxx \ [EMAIL PROTECTED] \ --enable-logging=p \ --enable-defaultquota=20971520S \ --enable-ip-alias-domains=n \ --enable-passwd=n \ --enable-clear-passwd=y \ --enable-domain-quotas=n \ --enable-mysql=y \ --enable-incdir=/usr/include/mysql \ --enable-libdir=/usr/lib/mysql \ --enable-many-domains=y \ --enable-auth-logging=y \ --enable-mysql-logging=y \ --enable-valias=y \ --enable-mysql-limits=n QmailAdmin is configured as: ./configure \ --enable-htmldir=/home3/indiamart/public_html/ \ --enable-cgibindir=/usr/local/apache/cgi-bin/ \ --enable-imagedir=/home3/indiamart/public_html/qmailadmin_images \ --enable-imageurl=/qmailadmin_images \ --enable-maxusersperpage=12 \ --enable-maxaliasesperpage=12 \ --enable-modify-quota=n \ --enable-help=y \ --enable-modify-spam=y \ --enable-spam-command=|/var/qmail/bin/preline /usr/local/bin/maildrop /home/vpopmail/etc/mailfilter __ Devendra Singh IndiaMART InterMESH Limited (Global Gateway to Indian Market Place) B-1, Sector 8, Noida, UP - 201301, India Voice : +91-120-2543945, 2543946, 2543947 Fax: +91-120-2543943 http://www.indiamart.com http://www.indiangiftsportal.com http://www.indiantravelportal.com __ --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.528 / Virus Database: 324 - Release Date: 16/10/03
[vchkpw] disable_external_relay
Dear List Members, What does disable_external_relay do in the .qmailadmin-limits file? Can it be used to disable SMTP Relay even if I am using SMTP Authentication instead of POP-Before-SMTP? The install.txt says: *** quote *** You may disable these services: a) POP Access b) IMAP Access c) Roaming Users (External Relaying) d) Webmail Access e) Dialup Access f) Password Changing The syntax of the .qmailadmin-limits file for disabling the above services, respectively, is: disable_pop disable_imap disable_external_relay disable_webmail disable_dialup disable_password_changing *** unquote *** __ Devendra Singh IndiaMART InterMESH Limited (Global Gateway to Indian Market Place) B-1, Sector 8, Noida, UP - 201301, India Voice : +91-120-2543945, 2543946, 2543947 Fax: +91-120-2543943 http://www.indiamart.com http://www.indiangiftsportal.com http://www.indiantravelportal.com __ --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.528 / Virus Database: 324 - Release Date: 16/10/03
Re: [vchkpw] disable_external_relay
No,it works only for pop-before-SMTP. I suggested to use it also for SMTP relay, but it wqas preferred to add a dedicated bit for SMTP relaying. So, you may also disable SMTP relay, but I don't know if you find the disable_smtp line working in the last vpopmail versions. I made the patch for making it work, inside qmailadmin (at that time qmailadmin-limits was handled by qmailadmin), but it was never integrated in qmailadmin. Ciao, Tonino At 24/11/2003 24/11/2003 +0530, you wrote: Dear List Members, What does disable_external_relay do in the .qmailadmin-limits file? Can it be used to disable SMTP Relay even if I am using SMTP Authentication instead of POP-Before-SMTP? The install.txt says: *** quote *** You may disable these services: a) POP Access b) IMAP Access c) Roaming Users (External Relaying) d) Webmail Access e) Dialup Access f) Password Changing The syntax of the .qmailadmin-limits file for disabling the above services, respectively, is: disable_pop disable_imap disable_external_relay disable_webmail disable_dialup disable_password_changing *** unquote *** __ Devendra Singh IndiaMART InterMESH Limited (Global Gateway to Indian Market Place) B-1, Sector 8, Noida, UP - 201301, India Voice : +91-120-2543945, 2543946, 2543947 Fax: +91-120-2543943 http://www.indiamart.com http://www.indiangiftsportal.com http://www.indiantravelportal.com __ --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.528 / Virus Database: 324 - Release Date: 16/10/03 [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [vchkpw] disable_external_relay
On Monday, November 24, 2003, at 03:37 AM, tonix (Antonio Nati) wrote: No,it works only for pop-before-SMTP. I suggested to use it also for SMTP relay, but it wqas preferred to add a dedicated bit for SMTP relaying. Use disable_smtp in the .qmailadmin-limits file to disable SMTP access for the domain. The current version of vpopmail (5.3.30) supports this flag. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/