Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?
You've got an old SMTP AUTH patch that sends the MD5 challenge and response in the wrong order. Use the patch from the contrib directory of vpopmail, and then remove the $LOCAL from your run file, as the newer SMTP AUTH patch does not use it. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com Tom, thanks. I didn't realize there had been a change in patches that did this... Wilco.
[vchkpw] smtp auth - md5 learn pass
Dear all, does anybody know is there any faq or instruction set to make upgrade from normal pop-before-smtp to SMTP AUTH with MD5 ? I have problems with MD5 (plain auth works ok) and donna know whats wrong because I configured that with instructions written to sbdy who had problems with that, read at this forum. I've made the following scenario: 1. I've reconfigured vpopmail and added --enable-learn-passwords=y and --enable-clear-passwd=y 2. I've add the following line into vpopmail table in mysql db: ALTER TABLE `vpopmail` ADD `pw_clear_passwd` CHAR( 16 ) AFTER `pw_shell` ; 3. I try to send mail with SMTP AUTH MD5 and it gives me AUTH FAILED 4. I try to send the same mail with SMTP AUTH PLAIN and it works 5. I try to put my password in pw_clear_passwd field in and after that md5 auth works perfectly. I know that I have to have pw_clear_passwd to make md5 hash from that and to compare with that written during smtp conversation. However I thought that learn-passwords switch will do that for me. I read that I should try clear pw_passwd and try to send an email then, but it doesn't work and I get the following error: oops, unable to write pipe and I can't auth (#4.3.0) I know that I'm doing sth wrong, but I donna know what. -- regards, Sylwester Biernacki [EMAIL PROTECTED]
Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?
You've got an old SMTP AUTH patch that sends the MD5 challenge and response in the wrong order. Use the patch from the contrib directory of vpopmail, and then remove the $LOCAL from your run file, as the newer SMTP AUTH patch does not use it. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com Tom, thanks. I didn't realize there had been a change in patches that did this... Wilco. Follow-up Built as netqmail-1.05, patched SMTP-AUTH from vpopmail contrib, then manually added Tonix' chkuser 2.0 Everything is VERY happy now. Thanks for the help! Dave.
Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?
On Jun 17, 2005, at 11:21 AM, ISP Lists wrote: Built as netqmail-1.05, patched SMTP-AUTH from vpopmail contrib, then manually added Tonix' chkuser 2.0 Everything is VERY happy now. Did you remember to remove $LOCAL from your qmail-smtpd/run file? If not, you can now auth with any username/password. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?
On Jun 17, 2005, at 11:21 AM, ISP Lists wrote: Built as netqmail-1.05, patched SMTP-AUTH from vpopmail contrib, then manually added Tonix' chkuser 2.0 Everything is VERY happy now. Did you remember to remove $LOCAL from your qmail-smtpd/run file? If not, you can now auth with any username/password. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com Yes, I did and I tried using nonsense/invalid combos to ensure that I wasn't AUTH'ing the world. Appreciate your concern! Thanks again!
Re: [vchkpw] smtp auth - md5 learn pass
On Friday 17 June 2005 17:42, Sylwester S. Biernacki wrote: 1. I've reconfigured vpopmail and added --enable-learn-passwords=y and --enable-clear-passwd=y What is --enable-learn-passwords? If it does what I'm guessing it does by name and starts recording missing cleartext entries in vpasswd files, that would be very useful to us!! Cheers, -- Casey Allen Shobe | http://casey.shobe.info [EMAIL PROTECTED] | cell 425-443-4653 AIM Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
Re[2]: [vchkpw] smtp auth - md5 learn pass
On Friday, June 17, 2005, 10:06:46 PM, Casey wrote: On Friday 17 June 2005 17:42, Sylwester S. Biernacki wrote: 1. I've reconfigured vpopmail and added --enable-learn-passwords=y and --enable-clear-passwd=y What is --enable-learn-passwords? If it does what I'm guessing it does by name and starts recording missing cleartext entries in vpasswd files, that would be very useful to us!! AFAIR it does exactly what you said. -- regards, Sylwester Biernacki [EMAIL PROTECTED]
[vchkpw] SMTP Auth problem for non vpopmail users
Hi, I have IMAP authentication working for vpopmail and standard linux users, but I have a problem with SMTP authentication. I need SMTP authentication to work for standard linux users (I'm not worried about vpop users at all for SMTP-AUTH). I have built my box using the instructions on Shupp.org (Bill Schupp). I understand that Bill's toaster incorporates a Qmail AUTH patch but when I try to login it doesn't work: Escape character is '^]'. 220 blue.x-rm.com ESMTP ehlo localhost 250-blue.x-rm.com 250-STARTTLS 250-PIPELINING 250-8BITMIME 250-SIZE 0 250 AUTH LOGIN PLAIN CRAM-MD5 auth login 334 VXNlcm5hbWU6 bmljaw== 334 UGFzc3dvcmQ6 base64 encoded password 535 authentication failed (#5.7.1) I also have this line in /var/log/maillog May 16 20:56:23 blue vpopmail[22654]: vchkpw-smtp: vpopmail user not found nick@:127.0.0.1 ..which implies that perhaps it's only looking for vpopmail users rather than /etc/passwd users. I would like it to work for /etc/passwd users only, or both vpopmail AND /etc/passwd users - whichever is easier. Can someone please give me some pointers on how I can fix this problem so that normal shell account users can authenticate. Thanks, Nick...
Re: [vchkpw] SMTP Auth problem for non vpopmail users
Ken Jones wrote: On Monday 16 May 2005 3:52 pm, Nick Gilbert wrote: Hi, I have IMAP authentication working for vpopmail and standard linux users, but I have a problem with SMTP authentication. I need SMTP authentication to work for standard linux users (I'm not worried about vpop users at all for SMTP-AUTH). I have built my box using the instructions on Shupp.org (Bill Schupp). I understand that Bill's toaster incorporates a Qmail AUTH patch but when I try to login it doesn't work: Escape character is '^]'. 220 blue.x-rm.com ESMTP ehlo localhost 250-blue.x-rm.com 250-STARTTLS 250-PIPELINING 250-8BITMIME 250-SIZE 0 250 AUTH LOGIN PLAIN CRAM-MD5 auth login 334 VXNlcm5hbWU6 bmljaw== 334 UGFzc3dvcmQ6 base64 encoded password 535 authentication failed (#5.7.1) I also have this line in /var/log/maillog May 16 20:56:23 blue vpopmail[22654]: vchkpw-smtp: vpopmail user not found nick@:127.0.0.1 ..which implies that perhaps it's only looking for vpopmail users rather than /etc/passwd users. I would like it to work for /etc/passwd users only, or both vpopmail AND /etc/passwd users - whichever is easier. Can someone please give me some pointers on how I can fix this problem so that normal shell account users can authenticate. I think smtp auth requires a clear text password for CRAM-MD5 authentication to work. If so, /etc/passwd users won't be able to use smtp authentication. Wasn't the other problem that qmail-smtpd needed to be run as root? Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] SMTP Auth problem for non vpopmail users
On Monday 16 May 2005 4:10 pm, Rainer Duffner wrote: Ken Jones wrote: On Monday 16 May 2005 3:52 pm, Nick Gilbert wrote: Hi, I have IMAP authentication working for vpopmail and standard linux users, but I have a problem with SMTP authentication. I need SMTP authentication to work for standard linux users (I'm not worried about vpop users at all for SMTP-AUTH). I have built my box using the instructions on Shupp.org (Bill Schupp). I understand that Bill's toaster incorporates a Qmail AUTH patch but when I try to login it doesn't work: Escape character is '^]'. 220 blue.x-rm.com ESMTP ehlo localhost 250-blue.x-rm.com 250-STARTTLS 250-PIPELINING 250-8BITMIME 250-SIZE 0 250 AUTH LOGIN PLAIN CRAM-MD5 auth login 334 VXNlcm5hbWU6 bmljaw== 334 UGFzc3dvcmQ6 base64 encoded password 535 authentication failed (#5.7.1) I also have this line in /var/log/maillog May 16 20:56:23 blue vpopmail[22654]: vchkpw-smtp: vpopmail user not found nick@:127.0.0.1 ..which implies that perhaps it's only looking for vpopmail users rather than /etc/passwd users. I would like it to work for /etc/passwd users only, or both vpopmail AND /etc/passwd users - whichever is easier. Can someone please give me some pointers on how I can fix this problem so that normal shell account users can authenticate. I think smtp auth requires a clear text password for CRAM-MD5 authentication to work. If so, /etc/passwd users won't be able to use smtp authentication. Wasn't the other problem that qmail-smtpd needed to be run as root? Possibly. It would need permission to access the passwd information.
Re: [vchkpw] CRAM-MD5 SMTP AUTH fails (was: once again ;-))
On May 13, 2005, at 3:53 AM, Sylwester S. Biernacki wrote: Again I have the same problem: auth plain works and auth cram-md5 doesn't. Any idea what can be a cause of that ? If you're using Bill's toaster with vpopmail 5.4.11, then the SMTP AUTH patch to qmail-smptd will pass the challenge/response parameters properly to vchkpw, so that's not the problem (and you don't need to apply the smtp auth patch in the vpopmail contrib directory). Did you disable cleartext passwords in vpopmail? If the user database doesn't have the password in cleartext, CRAM-MD5 won't work. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] authentication problem for qmail-smtp-auth
Increased the softlimit to 4000. No luck. How can I test vchkpw to see if it is ok, or the problem resides elsewhere? (maybe qmail-smtpd is not feeding vchkpw the username/password correctly, and thus, authentication failes) On a second thought, the message is: vpopmail[]: vchkpw-smtp: vpopmail user not found [EMAIL PROTECTED]:ip. Maybe, the ":ip" ending is not stripped from the username (email address), and it is trying to authenticate the whole [EMAIL PROTECTED]:ipwhich of course could cause this ***beep***-up. But, as I mentioned before, Pop3 and IMAP authentication work flawlessly (courier-imap package) - Original Message - From: "Tom Collins" [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Saturday, April 02, 2005 7:34 PM Subject: Re: [vchkpw] authentication problem for qmail-smtp-auth On Apr 2, 2005, at 7:00 AM, Bogdan Motoc - CRC wrote: As you can see, OE6 tried AUTH LOGIN, which didn't work, then closed connection. Eudora tried first AUTH CRAM-MD5. After it failed, it tried to send the message without authentication, which of course failed. Still, MySQL logs show no attempts to read the username/password from the database. Instead the same error message I mentioned before, is entered in maillog and sql database. Try increasing the softlimit for qmail-smtpd and the pop server. It may be running out of memory trying to run vchkpw. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] authentication problem for qmail-smtp-auth
On Apr 5, 2005, at 10:49 AM, Bogdan Motoc - CRC wrote: How can I test vchkpw to see if it is ok, or the problem resides elsewhere? Take a look at checkpassword_debug in the contrib directory of vpopmail. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] authentication problem for qmail-smtp-auth
Test again - Original Message - From: Tom Collins [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Saturday, April 02, 2005 12:34 PM Subject: Re: [vchkpw] authentication problem for qmail-smtp-auth On Apr 2, 2005, at 7:00 AM, Bogdan Motoc - CRC wrote: As you can see, OE6 tried AUTH LOGIN, which didn't work, then closed connection. Eudora tried first AUTH CRAM-MD5. After it failed, it tried to send the message without authentication, which of course failed. Still, MySQL logs show no attempts to read the username/password from the database. Instead the same error message I mentioned before, is entered in maillog and sql database. Try increasing the softlimit for qmail-smtpd and the pop server. It may be running out of memory trying to run vchkpw. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.9.1 - Release Date: 4/1/2005
Re: [vchkpw] authentication problem for qmail-smtp-auth
And here is the log recordio produced: First trying to send with Outlook Express 6: == 4000424e9e0d2550f4a4 8497 220 serv-domain.tld ESMTP 4000424e9e0d2621584c 8497 EHLO client-machine 4000424e9e0d2622812c 8497 250-serv-domain.tld 4000424e9e0d2622989c 8497 250-PIPELINING 4000424e9e0d26229c84 8497 250-8BITMIME 4000424e9e0d2622a06c 8497 250-SIZE 0 4000424e9e0d2622a454 8497 250 AUTH LOGIN PLAIN CRAM-MD5 4000424e9e0d2749e25c 8497 AUTH LOGIN 4000424e9e0d274ae814 8497 334 VXNlcm5hbWU6 4000424e9e0d285ed4cc 8497 dGVzdEBjaGVtdGVjby5ybw== 4000424e9e0d2860057c 8497 334 UGFzc3dvcmQ6 4000424e9e0d2972b9b4 8497 NDU2 4000424e9e1229d33cbc 8497 535 authentication failed (#5.7.1) @4000424e9e122aea2714 8497 [EOF] @4000424e9e122aecbf24 8497 [EOF] = Then I used Eudora 6.2: = 4000424ea2a73254068c 8621 220 serv-domain.tld ESMTP 4000424ea2a7335ab88c 8621 EHLO client-machine 4000424ea2a7335bbe44 8621 250-serv-domain.tld 4000424ea2a7335bfcc4 8621 250-PIPELINING 4000424ea2a7335c2f8c 8621 250-8BITMIME 4000424ea2a7335c663c 8621 250-SIZE 0 4000424ea2a7335c9cec 8621 250 AUTH LOGIN PLAIN CRAM-MD5 4000424ea2a73468b1d4 8621 AUTH CRAM-MD5 4000424ea2a73469e284 8621 334 PDg2MjEuMTExMjQ0OTY5M0BjaGVtdGVjby5ybz4= 4000424ea2a7356f63d4 8621 dGVzdEBjaGVtdGVjby5ybyBmMDY4Y2FiZmNmZTBlYTYzYjViZWY5NmU3NTI5OWMwMw== 4000424ea2ac35db9edc 8621 535 authentication failed (#5.7.1) 4000424ea2ac36e7ea74 8621 RSET 4000424ea2ac36e8e474 8621 250 flushed 4000424ea2ac37ea23ec 8621 MAIL FROM:[EMAIL PROTECTED] 4000424ea2ac37eb4ccc 8621 250 ok 4000424ea2ac38f26c2c 8621 RCPT TO:[EMAIL PROTECTED] 4000424ea2ac38f3ac7c 8621 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) 4000424ea2ac3a802494 8621 QUIT 4000424ea2ac3a83f13c 8621 221 serv-domain.tld @4000424ea2ac3a83f90c 8621 [EOF] = As you can see, OE6 tried AUTH LOGIN, which didn't work, then closed connection. Eudora tried first AUTH CRAM-MD5. After it failed, it tried to send the message without authentication, which of course failed. Still, MySQL logs show no attempts to read the username/password from the database. Instead the same error message I mentioned before, is entered in maillog and sql database. Clear passwords is enabled in vpopmail. - Original Message - From: Bogdan Motoc - CRC [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Friday, April 01, 2005 1:38 AM Subject: Re: [vchkpw] authentication problem for qmail-smtp-auth - Original Message - From: Tom Collins [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Wednesday, March 30, 2005 9:59 PM Subject: Re: [vchkpw] authentication problem for qmail-smtp-auth On Mar 30, 2005, at 10:33 AM, Bogdan Motoc - CRC wrote: So, what am I doing wrong? What have I missed? What else can I do to throw some light on this matter? I apreciate any help you can give me. One possibility: If you don't have clear passwords enabled, and the user tries to use CRAM-MD5 for SMTP AUTH, their authentication will fail. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com Hmm... what auth method it is actually using is a good question. I'll try and log the smtp conversation (only recordio comes in mind at this point), and see exactly what's going on. Thank you for this ideea, and all the help.
Re: [vchkpw] authentication problem for qmail-smtp-auth
On Apr 2, 2005, at 7:00 AM, Bogdan Motoc - CRC wrote: As you can see, OE6 tried AUTH LOGIN, which didn't work, then closed connection. Eudora tried first AUTH CRAM-MD5. After it failed, it tried to send the message without authentication, which of course failed. Still, MySQL logs show no attempts to read the username/password from the database. Instead the same error message I mentioned before, is entered in maillog and sql database. Try increasing the softlimit for qmail-smtpd and the pop server. It may be running out of memory trying to run vchkpw. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] authentication problem for qmail-smtp-auth
- Original Message - From: Erwin Hoffmann [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Wednesday, March 30, 2005 10:09 PM Subject: Re: [vchkpw] authentication problem for qmail-smtp-auth Why do you use /home/vpopmail/bin/vchkpw $LOCAL /bin/true 21 ? Is $LOCAL required by vchkpw ? I have removed the $LOCAL string, killed the tcpserver process, verified that it was restarted without the $LOCAL argument, and nothing happened. (nothing good, anyway) I still see the message: vpopmail[]: vchkpw-smtp: vpopmail user not found [EMAIL PROTECTED]:ip
Re: [vchkpw] authentication problem for qmail-smtp-auth
- Original Message - From: Tom Collins [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Wednesday, March 30, 2005 9:59 PM Subject: Re: [vchkpw] authentication problem for qmail-smtp-auth On Mar 30, 2005, at 10:33 AM, Bogdan Motoc - CRC wrote: So, what am I doing wrong? What have I missed? What else can I do to throw some light on this matter? I apreciate any help you can give me. One possibility: If you don't have clear passwords enabled, and the user tries to use CRAM-MD5 for SMTP AUTH, their authentication will fail. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com Hmm... what auth method it is actually using is a good question. I'll try and log the smtp conversation (only recordio comes in mind at this point), and see exactly what's going on. Thank you for this ideea, and all the help.
[vchkpw] authentication problem for qmail-smtp-auth
I know this issue has been covered by previous threads, but my problem is slightly different and more documented. So don't shoot me for asking this in the vpopmail mailinglist, because it may very well be a vpopmail problem, rather than a smtp-auth one. I have been using qmail+vpopmail for severel years, and I've managed to solve all the various issues that surfaced iin this period. Until now... I had to make a new mail server, so I started from scratch: -installed OS (I use Slackware-current, which came with kernel-2.6.10, gcc-3.3.5, Apache-1.3.33, MySQL-4.0.23a) -installed netqmail-1.05 as described at http://www.lifewithqmail.org/ -installed vpopmail-5.4.9 (using MySQL to store accounts and logs) -installed courier-imap-4.0.2 and courier-authlib-0.55 -installed sqwebmail-5.0.1 -installed smtp-authentication-0.63 from http://www.fehcom.de/qmail/smtpauth.html Result: everything works fine, except the smtp authentication. Users cannot send emails, and I get this message in maillog: vpopmail[]: vchkpw-smtp: vpopmail user not found [EMAIL PROTECTED]:ip Since I am using courier-imap-4.x.x, the roaming users feature is unavailable, and for clients connecting from unknown ip-s, I am left with no other alternative but to use smtp authentication. So far, my conclusion was that vchkpw is not actually verifying username/password, for a reason that eludes me. I have reached this conclusion by logging all queries to mysql and this log only shows the pop3/imap authentications. No smtp-auth authentication attempts or error messages regarding such attempts. I have compiled vpopmail to log also in MySQL, and this way I can see the same error that I get in maillog. Here's how the MySQL log looks like: /usr/libexec/mysqld, Version: 4.0.23a-log, started with: Tcp port: 3306 Unix socket: /var/run/mysql/mysql.sock Time Id CommandArgument 050330 18:57:43 1 Connect [EMAIL PROTECTED] on 1 Init DB vpopmail 1 Query INSERT INTO vlog set user='user', passwd='1dddf10d806134be304b47aadecf0929', domain='domain.tld', logon='[EMAIL PROTECTED]', remoteip='xx.xx.xx.xx', message='vchkpw-smtp: vpopmail user not found [EMAIL PROTECTED]:xx.xx.xx.xx', error=1, timestamp=1112198263 1 Quit 050330 19:06:46 2 Connect [EMAIL PROTECTED] on vpopmail 2 Query select pw_name, pw_passwd, pw_uid, pw_gid, pw_gecos, pw_dir, pw_shell , pw_clear_passwd from vpopmail where pw_name = user and pw_domain = domain.tld 2 Query replace into lastauth set user='user', domain='domain.tld', remote_ip='imap', timestamp=1112198806 050330 19:08:16 3 Connect [EMAIL PROTECTED] on vpopmail 3 Query select pw_name, pw_passwd, pw_uid, pw_gid, pw_gecos, pw_dir, pw_shell , pw_clear_passwd from vpopmail where pw_name = user and pw_domain = domain.tld 3 Query replace into lastauth set user='user', domain='domain.tld', remote_ip='pop3', timestamp=1112198896 (of course, all usernames, domains, and ip-s have been replaced in this log excerpt) This log shows: 1. the error loogged into MySQL database by vchkpw, but no attempt to actually validate that username. This tells me that vchkpw IS able to access the mysql database. 2. the validation of a user/password by the imap server 3. the validation of a user/password by the pop server I have also googled a little bit about this error, and found that other people have encountered a similar error, but have not reached a definitive answer to the problem. Some have suggested that it might be a user/rights conflict. I have made /home/vpopmail/bin/vchkpw owned by root, but nothing changed. Here's my /service/qmail-smtpd/run file: #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD -o -z $LOCAL ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo No /var/qmail/control/rcpthosts! echo Refusing to start SMTP listener because it'll create an open relay exit 1 fi exec /usr/local/bin/softlimit -m 400 \ /usr/local/bin/tcpserver -v -R -H -l $LOCAL -x /etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd -r relays.ordb.org \ /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw $LOCAL /bin/true 21 So, what am I doing wrong? What have I missed? What else can I do to throw some light on this matter? I apreciate any help you can give me.
Re: [vchkpw] authentication problem for qmail-smtp-auth
On Mar 30, 2005, at 10:33 AM, Bogdan Motoc - CRC wrote: So, what am I doing wrong? What have I missed? What else can I do to throw some light on this matter? I apreciate any help you can give me. One possibility: If you don't have clear passwords enabled, and the user tries to use CRAM-MD5 for SMTP AUTH, their authentication will fail. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] authentication problem for qmail-smtp-auth
Hi, At 21:33 30.03.2005 +0300, you wrote: I know this issue has been covered by previous threads, but my problem is slightly different and more documented. So don't shoot me for asking this in the vpopmail mailinglist, because it may very well be a vpopmail problem, rather than a smtp-auth one. I have been using qmail+vpopmail for severel years, and I've managed to solve all the various issues that surfaced iin this period. Until now... I had to make a new mail server, so I started from scratch: -installed OS (I use Slackware-current, which came with kernel-2.6.10, gcc-3.3.5, Apache-1.3.33, MySQL-4.0.23a) -installed netqmail-1.05 as described at http://www.lifewithqmail.org/ -installed vpopmail-5.4.9 (using MySQL to store accounts and logs) -installed courier-imap-4.0.2 and courier-authlib-0.55 -installed sqwebmail-5.0.1 -installed smtp-authentication-0.63 from http://www.fehcom.de/qmail/smtpauth.html Ok. Then you should know the theory behind SMTP-Auth. Result: everything works fine, except the smtp authentication. Users cannot send emails, and I get this message in maillog: vpopmail[]: vchkpw-smtp: vpopmail user not found [EMAIL PROTECTED]:ip Since I am using courier-imap-4.x.x, the roaming users feature is unavailable, and for clients connecting from unknown ip-s, I am left with no other alternative but to use smtp authentication. So far, my conclusion was that vchkpw is not actually verifying username/password, for a reason that eludes me. I have reached this conclusion by logging all queries to mysql and this log only shows the pop3/imap authentications. No smtp-auth authentication attempts or error messages regarding such attempts. I have compiled vpopmail to log also in MySQL, and this way I can see the same error that I get in maillog. Here's how the MySQL log looks like: /usr/libexec/mysqld, Version: 4.0.23a-log, started with: Tcp port: 3306 Unix socket: /var/run/mysql/mysql.sock Time Id CommandArgument 050330 18:57:43 1 Connect [EMAIL PROTECTED] on 1 Init DB vpopmail 1 Query INSERT INTO vlog set user='user', passwd='1dddf10d806134be304b47aadecf0929', domain='domain.tld', logon='[EMAIL PROTECTED]', remoteip='xx.xx.xx.xx', message='vchkpw-smtp: vpopmail user not found [EMAIL PROTECTED]:xx.xx.xx.xx', error=1, timestamp=1112198263 1 Quit 050330 19:06:46 2 Connect [EMAIL PROTECTED] on vpopmail 2 Query select pw_name, pw_passwd, pw_uid, pw_gid, pw_gecos, pw_dir, pw_shell , pw_clear_passwd from vpopmail where pw_name = user and pw_domain = domain.tld 2 Query replace into lastauth set user='user', domain='domain.tld', remote_ip='imap', timestamp=1112198806 050330 19:08:16 3 Connect [EMAIL PROTECTED] on vpopmail 3 Query select pw_name, pw_passwd, pw_uid, pw_gid, pw_gecos, pw_dir, pw_shell , pw_clear_passwd from vpopmail where pw_name = user and pw_domain = domain.tld 3 Query replace into lastauth set user='user', domain='domain.tld', remote_ip='pop3', timestamp=1112198896 (of course, all usernames, domains, and ip-s have been replaced in this log excerpt) This log shows: 1. the error loogged into MySQL database by vchkpw, but no attempt to actually validate that username. This tells me that vchkpw IS able to access the mysql database. 2. the validation of a user/password by the imap server 3. the validation of a user/password by the pop server I have also googled a little bit about this error, and found that other people have encountered a similar error, but have not reached a definitive answer to the problem. Some have suggested that it might be a user/rights conflict. I have made /home/vpopmail/bin/vchkpw owned by root, but nothing changed. Here's my /service/qmail-smtpd/run file: #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD -o -z $LOCAL ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo No /var/qmail/control/rcpthosts! echo Refusing to start SMTP listener because it'll create an open relay exit 1 fi exec /usr/local/bin/softlimit -m 400 \ /usr/local/bin/tcpserver -v -R -H -l $LOCAL -x /etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd -r relays.ordb.org \ /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw $LOCAL /bin/true 21 Why do you use /home/vpopmail/bin/vchkpw $LOCAL /bin/true 21 ? Is $LOCAL required by vchkpw ? regards. --eh. Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/ Wiener Weg 8, 50858 Cologne | T
Re: [vchkpw] authentication problem for qmail-smtp-auth
On Wednesday 30 March 2005 01:09 pm, Erwin Hoffmann wrote: Here's my /service/qmail-smtpd/run file: #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` can the qmaild user read ~vpopmail/etc/vpopmail.mysql ? MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD -o -z $LOCAL ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo No /var/qmail/control/rcpthosts! echo Refusing to start SMTP listener because it'll create an open relay exit 1 fi exec /usr/local/bin/softlimit -m 400 \ /usr/local/bin/tcpserver -v -R -H -l $LOCAL -x /etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd -r relays.ordb.org \ /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw $LOCAL /bin/true 21 Why do you use /home/vpopmail/bin/vchkpw $LOCAL /bin/true 21 ? Is $LOCAL required by vchkpw ? Nope, but that wouldn't cause auth failures to show up in the logs, that would only cause the SMTP server to not be able to authenticate. The problem is almost certainly that the user you are running your smtp server as does not have permission to read the vpopmail.mysql file. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgphV7dcbZ8qz.pgp Description: PGP signature
Re: [vchkpw] about vchkpw + tls + smtp-auth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hemm ... no advices about that? :) Thanks for all Regards Andrea -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) iD8DBQFCQTcIMakHrsrHP9wRAqw1AKDfSCN8IMePQ4iJRHHPAABhCCOV8QCfYJQR 9asSe6FAb3jzNHSi38hl1qU= =8BN2 -END PGP SIGNATURE-
[vchkpw] about vchkpw + tls + smtp-auth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi folks, I know, we've discussed about that too much, but ... I don't know if it's solved :) I use freebsd 5.3, and I've tryed unlucky with the port 'qmail-smtp_auth+tls'. My ehlo is: 250-mail.nesys.it 250-AUTH LOGIN CRAM-MD5 PLAIN 250-AUTH=LOGIN CRAM-MD5 PLAIN 250-STARTTLS 250-PIPELINING 250 8BITMIME but the authentication through vchkpw doesn't work. If I try with two qmail-smtpd, ones with TLS and ones with SMTP-AUTH as follow: 250-mail.nesys.it 250-PIPELINING 250-8BITMIME 250-SIZE 0 250 AUTH LOGIN PLAIN CRAM-MD5 It works perfectly. Then, I think that 250-AUTH LOGIN CRAM-MD5 PLAIN 250-AUTH=LOGIN CRAM-MD5 PLAIN and 250 AUTH LOGIN PLAIN CRAM-MD5 aren't the same patch. Well, there's a patch that works correctly with vpopmail and with TLS and SMTP-AUTH togheter? Thanks for your support Regards Andrea -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) iD8DBQFCPADEMakHrsrHP9wRAm8JAJ9gFgGlntZkxawGTtsU+bAfCDcKhACfZLUp jdjKnLZGYIVuveRpHRyRVAU= =8xx0 -END PGP SIGNATURE-
[vchkpw] SMTP-AUTH and --enable-roaming-users
Hi there, scenario: netqmail 1.05 plus SMTP-AUTH Bill Shupp's patch vpopmail-5.4.8 compiled with just --enable-logging=v Many MAC's mua clients claims that they're unable to Send email smtp-authenticated; I've noticed that these email clients (Entourage mainly) makes APOP auth. Maybe SMTP-AUTH (MD5-CRAM o plain text) doesn't like encrypted password like APOP? The only provisory workaround seems to compile vpopmail with --enable-roaming-users but I'm concerned about this because it seems to enable two ways to open my qmail... Do I worry about this or it could be a right configuration? thanks in advance for your advice --Abel
[vchkpw] selective SMTP auth
Hello All Can anybody give a hint how to implement the subj? I have qmail/vpopmail/smtp-auth installed and running fine but I want only few users to be able to use SMTP. Any advises would be highly appriciated! Thanks! __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo
Re: [vchkpw] selective SMTP auth
On Feb 4, 2005, at 10:14 AM, Vassili Lazutin wrote: Can anybody give a hint how to implement the subj? I have qmail/vpopmail/smtp-auth installed and running fine but I want only few users to be able to use SMTP. Any advises would be highly appriciated! Use vmoduser to set the NO_SMTP flag for all users that shouldn't have SMTP AUTH access. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] smtp auth
Dave Goodrich wrote: Tom Collins wrote: On Jan 28, 2005, at 9:00 AM, Dave Goodrich wrote: snip Excellent, thank you. If I understand correctly I will also need to do nothing to my current tcp.smtp file? 3) How does this effect users who do not supply auth info? Does qmail-smtpd fall back to using the RELAYCLIENT value from tcp.smtp.cdb? Just as I feared, it is easy.. Uhh, kinda. Getting smtp-auth to work was easy but I fell into a hole when I did it. We found an instance where this breaks a lot of our clients. I was able to duplicate the issue using Netscape Mail 4.7 (yea it's old, but in rual Indiana not everyone has XP Pro or OSX). If a user has ever created a previous account in their mail program, the second account is created with smtp-auth checked and the username box empty. This caused a lot of people to suddenly not be able to send mail, and they all called tech support. I believe I will move our smtp-auth users to another port and just fire up another instance of qmail-smtpd, leaving the normal qmail-smtpd running on port 25. I don't see a standard port for smtp-auth, any thoughts? I've looked through FreeBSD /etc/services file which is pretty complete, and found no entry for smtp-auth. I'm leaning towards using port 9025. Thanks, DAve -- Dave Goodrich Systems Administrator http://www.tls.net Get rid of Unwanted Emails...get TLS Spam Blocker!
Re: [vchkpw] smtp auth
On Feb 4, 2005, at 3:17 PM, Dave Goodrich wrote: I don't see a standard port for smtp-auth, any thoughts? I've looked through FreeBSD /etc/services file which is pretty complete, and found no entry for smtp-auth. I'm leaning towards using port 9025. Use port 587, 'submission'. It's just like SMTP, but intended for clients sending email. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] smtp auth
Dave Goodrich wrote: I believe I will move our smtp-auth users to another port and just fire up another instance of qmail-smtpd, leaving the normal qmail-smtpd running on port 25. I don't see a standard port for smtp-auth, any thoughts? I've looked through FreeBSD /etc/services file which is pretty complete, and found no entry for smtp-auth. I'm leaning towards using port 9025. Hi, Port 587. While not a port specifically for smtp-auth it is reserved for End User mail submission to a server MTA. http://xml.resource.org/public/rfc/html/rfc2476.html Regards, Rick
Re: [vchkpw] smtp auth
Tom Collins wrote: On Jan 28, 2005, at 9:00 AM, Dave Goodrich wrote: 1) What is everyone else using? #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` DENYMAIL=DNSCHECK export DENYMAIL LOCAL=`/usr/bin/head -1 /var/qmail/control/me` /usr/bin/spamd -a -c -d -F0 -u qmailq exec /usr/local/bin/softlimit -m 600 \ /usr/local/bin/tcpserver -H -R -l $LOCAL \ -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /bin/true 21 2) Some examples/patches show that a hostname is required in the run file for auth http://www.enderunix.org/documents/eng/smtp-auth/; and some do not http://www.fehcom.de/qmail/smtpauth.html#IMPLEMENTATION;. I would think this is not possible using vpopmail, as a hardcoded host would cause vchkpw to fail the lookup. Correct? An older patch required it, but the current patch does not. The hardcoded host name was only used in generating the MD5 challenge, and could be any string of text. If you're using the patch from vpopmail's contrib directory, then you shouldn't have the hostname. Excellent, thank you. If I understand correctly I will also need to do nothing to my current tcp.smtp file? 3) How does this effect users who do not supply auth info? Does qmail-smtpd fall back to using the RELAYCLIENT value from tcp.smtp.cdb? Just as I feared, it is easy.. DAve -- Systems Administrator http://www.tls.net Get rid of Unwanted Emails...get TLS Spam Blocker!
[vchkpw] smtp auth
Good morning, I find mysqlf in need of smtp auth for my users. I've looked at several bits online about it and I have a few questions for the list. qmail-1.03 as per qmail Handbook qmail-maildir++.patch qmail-0.0.0.0.patch vpopmail-5.4.8 (MySQL auth) FreeBSD 5.2.1 cat /service/qmail-smtpd/run QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`head -1 /var/qmail/control/concurrencyincoming` if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD ]; then echo QMAILDUID, NOFILESGID, or MAXSMTPD is unset in echo $0 exit 1 fi exec /usr/local/bin/softlimit -m 200 \ /usr/local/bin/tcpserver -v -P -R -h -l 0 -x /var/qmail/control/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 10.0.241.136 25 rblsmtpd \ -r bl.spamcop.net \ -r relays.ordb.org \ -t 20 \ /usr/local/bin/fixcrio /var/qmail/bin/qmail-smtpd 21 1) What is everyone else using? 2) Some examples/patches show that a hostname is required in the run file for auth http://www.enderunix.org/documents/eng/smtp-auth/; and some do not http://www.fehcom.de/qmail/smtpauth.html#IMPLEMENTATION;. I would think this is not possible using vpopmail, as a hardcoded host would cause vchkpw to fail the lookup. Correct? 3) How does this effect users who do not supply auth info? Does qmail-smtpd fall back to using the RELAYCLIENT value from tcp.smtp.cdb? It seems easy enough to implement, too easy, scares me I am missing something. Thanks, DAve -- Systems Administrator http://www.tls.net Get rid of Unwanted Emails...get TLS Spam Blocker!
Re: [vchkpw] smtp auth
On Jan 28, 2005, at 9:00 AM, Dave Goodrich wrote: 1) What is everyone else using? #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` DENYMAIL=DNSCHECK export DENYMAIL LOCAL=`/usr/bin/head -1 /var/qmail/control/me` /usr/bin/spamd -a -c -d -F0 -u qmailq exec /usr/local/bin/softlimit -m 600 \ /usr/local/bin/tcpserver -H -R -l $LOCAL \ -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /bin/true 21 2) Some examples/patches show that a hostname is required in the run file for auth http://www.enderunix.org/documents/eng/smtp-auth/; and some do not http://www.fehcom.de/qmail/smtpauth.html#IMPLEMENTATION;. I would think this is not possible using vpopmail, as a hardcoded host would cause vchkpw to fail the lookup. Correct? An older patch required it, but the current patch does not. The hardcoded host name was only used in generating the MD5 challenge, and could be any string of text. If you're using the patch from vpopmail's contrib directory, then you shouldn't have the hostname. 3) How does this effect users who do not supply auth info? Does qmail-smtpd fall back to using the RELAYCLIENT value from tcp.smtp.cdb? Yes. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] Re: SMTP Auth delay...can it be sped up ????
i've followed the qmailrocks installation method. But i've a problem i need to port the old mails to this new mail server. the problem is the old mail server is using mbox format and the newer one is using Maildir. is there a way to convert these mbox messages to Maildir mails. On Wed, 2005-01-12 at 07:03, Allie D wrote: Actually I did...but then I found the problem. It was the user and group of the .pem files. It looks as though when my corn job ran update_tmprsadh, the script changes the user and group. That broke it, I updated the script to make the user vpopmail.vchkpw and it's all good. I tested it from about 5 different clients across 3 OS's and now it takes about 5 seconds. MUCH BETTER...thanks for sending me down the right path... Adi Pircalabu said: On Mon, 10 Jan 2005 22:52:54 -0800 Allie D [EMAIL PROTECTED] wrote: Ok fine...I did exactly as it states and it didn't make a difference. It takes from 20 to 40 seconds to send an email...that's horrible. If I disable TLS it's immediateI can see qmail-smtpd just sitting there while it's authenticating..the entire time. Should I use http://inoa.net/qmail-tls/ instead of Bill Shupp's patch Hi, I think your problem is not related to vpopmail. I think you missed few steps from Bill Shupp's setup. You should run make tmprsadh from qmail source directory and setup a cronjob that updates three files: /var/qmail/control/rsa512.pem /var/qmail/control/dh512.pem /var/qmail/control/dh1024.pem If you followed Bill Shupp's tutorial you could insert a cronjob like this: 01 01 * * * /var/qmail/bin/update_tmprsadh Best regards -- Adrian Pircalabu Public KeyID = 0xF902393A -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://www.bitdefender.com/
Re: [vchkpw] Re: SMTP Auth delay...can it be sped up ????
this question has nothing to do with the message you replied to. When posting to the list to ask a new question you should start a new thread by using your MTA's 'new' function. On Friday 14 January 2005 02:32 am, Rizwan Iqbal Malik wrote: i've followed the qmailrocks installation method. But i've a problem i need to port the old mails to this new mail server. the problem is the old mail server is using mbox format and the newer one is using Maildir. is there a way to convert these mbox messages to Maildir mails. yes, and google will help you find it. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgppfjxxcB5Hp.pgp Description: PGP signature
Re: [vchkpw] Re: SMTP Auth delay...can it be sped up ????
On Jan 14, 2005, at 12:32 AM, Rizwan Iqbal Malik wrote: i've followed the qmailrocks installation method. But i've a problem i need to port the old mails to this new mail server. the problem is the old mail server is using mbox format and the newer one is using Maildir. is there a way to convert these mbox messages to Maildir mails. There's a website called Google at google.com. You can search the entire Internet with it. I just tried it with the phrase 'convert mbox to Maildir' and this was the first result: http://batleth.sapienti-sat.org/projects/mb2md/ It looks like it will do what you want. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] Re: SMTP Auth delay...can it be sped up ????
On Mon, 10 Jan 2005 22:52:54 -0800 Allie D [EMAIL PROTECTED] wrote: Ok fine...I did exactly as it states and it didn't make a difference. It takes from 20 to 40 seconds to send an email...that's horrible. If I disable TLS it's immediateI can see qmail-smtpd just sitting there while it's authenticating..the entire time. Should I use http://inoa.net/qmail-tls/ instead of Bill Shupp's patch Hi, I think your problem is not related to vpopmail. I think you missed few steps from Bill Shupp's setup. You should run make tmprsadh from qmail source directory and setup a cronjob that updates three files: /var/qmail/control/rsa512.pem /var/qmail/control/dh512.pem /var/qmail/control/dh1024.pem If you followed Bill Shupp's tutorial you could insert a cronjob like this: 01 01 * * * /var/qmail/bin/update_tmprsadh Best regards -- Adrian Pircalabu Public KeyID = 0xF902393A -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://www.bitdefender.com/
Re: [vchkpw] Re: SMTP Auth delay...can it be sped up ????
Actually I did...but then I found the problem. It was the user and group of the .pem files. It looks as though when my corn job ran update_tmprsadh, the script changes the user and group. That broke it, I updated the script to make the user vpopmail.vchkpw and it's all good. I tested it from about 5 different clients across 3 OS's and now it takes about 5 seconds. MUCH BETTER...thanks for sending me down the right path... Adi Pircalabu said: On Mon, 10 Jan 2005 22:52:54 -0800 Allie D [EMAIL PROTECTED] wrote: Ok fine...I did exactly as it states and it didn't make a difference. It takes from 20 to 40 seconds to send an email...that's horrible. If I disable TLS it's immediateI can see qmail-smtpd just sitting there while it's authenticating..the entire time. Should I use http://inoa.net/qmail-tls/ instead of Bill Shupp's patch Hi, I think your problem is not related to vpopmail. I think you missed few steps from Bill Shupp's setup. You should run make tmprsadh from qmail source directory and setup a cronjob that updates three files: /var/qmail/control/rsa512.pem /var/qmail/control/dh512.pem /var/qmail/control/dh1024.pem If you followed Bill Shupp's tutorial you could insert a cronjob like this: 01 01 * * * /var/qmail/bin/update_tmprsadh Best regards -- Adrian Pircalabu Public KeyID = 0xF902393A -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://www.bitdefender.com/
Re: [vchkpw] Re: SMTP Auth delay...can it be sped up ????
Thanks for the direction...but I appear to be following it as is. Stuff of interest follows from my run file: exec /usr/local/bin/softlimit -m 400 \ /usr/local/bin/tcpserver -vR -l $LOCAL -c $MAXSMTPD \ -u $VPOPMAILUID -g $VPOPMAILGID 0 smtp \ /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /usr/bin/true 21 Any other options ??? Peter Palmreuther said: Hello Allie, On Monday, January 10, 2005 at 5:43:11 AM Allie wrote: I'm running vpopmail-5.4.9, netqmail-1.05, and Bill Shupp's TLS + SMTP-AUTH patch. It runs great...but the delay is bordering on grueling. No matter what the client is it takes a goods 10-20 seconds to send mail. The server is 2G P4..so it's not the server. Is it the patch...or something else ??? Thanks in advance ;) http://www.lifewithqmail.org/lwq.html#smtp-slow -- Best regards Peter Palmreuther Do not follow in the footsteps of men of old; seek what they sought.
Re: [vchkpw] Re: SMTP Auth delay...can it be sped up ????
Allie D wrote: Thanks for the direction...but I appear to be following it as is. Stuff of interest follows from my run file: exec /usr/local/bin/softlimit -m 400 \ /usr/local/bin/tcpserver -vR -l $LOCAL -c $MAXSMTPD \ -u $VPOPMAILUID -g $VPOPMAILGID 0 smtp \ /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /usr/bin/true 21 Any other options ??? Did you read the link? It clearly says to add certain options to tcpserver! Here it is again: http://www.lifewithqmail.org/lwq.html#smtp-slow Peter Palmreuther said: Hello Allie, On Monday, January 10, 2005 at 5:43:11 AM Allie wrote: I'm running vpopmail-5.4.9, netqmail-1.05, and Bill Shupp's TLS + SMTP-AUTH patch. It runs great...but the delay is bordering on grueling. No matter what the client is it takes a goods 10-20 seconds to send mail. The server is 2G P4..so it's not the server. Is it the patch...or something else ??? Thanks in advance ;) http://www.lifewithqmail.org/lwq.html#smtp-slow -- Best regards Peter Palmreuther Do not follow in the footsteps of men of old; seek what they sought.
Re: [vchkpw] Re: SMTP Auth delay...can it be sped up ????
Ok fine...I did exactly as it states and it didn't make a difference. It takes from 20 to 40 seconds to send an email...that's horrible. If I disable TLS it's immediateI can see qmail-smtpd just sitting there while it's authenticating..the entire time. Should I use http://inoa.net/qmail-tls/ instead of Bill Shupp's patch vpopmail 15967 0.0 0.180 760 ?? I 10:35PM0:00.00 /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /usr/bin/tru How many seconds does it take to send an email for others using this patch ? Rick Widmer([EMAIL PROTECTED])@Mon, Jan 10, 2005 at 06:45:20PM -0700: Allie D wrote: Thanks for the direction...but I appear to be following it as is. Stuff of interest follows from my run file: exec /usr/local/bin/softlimit -m 400 \ /usr/local/bin/tcpserver -vR -l $LOCAL -c $MAXSMTPD \ -u $VPOPMAILUID -g $VPOPMAILGID 0 smtp \ /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /usr/bin/true 21 Any other options ??? Did you read the link? It clearly says to add certain options to tcpserver! Here it is again: http://www.lifewithqmail.org/lwq.html#smtp-slow Peter Palmreuther said: Hello Allie, On Monday, January 10, 2005 at 5:43:11 AM Allie wrote: I'm running vpopmail-5.4.9, netqmail-1.05, and Bill Shupp's TLS + SMTP-AUTH patch. It runs great...but the delay is bordering on grueling. No matter what the client is it takes a goods 10-20 seconds to send mail. The server is 2G P4..so it's not the server. Is it the patch...or something else ??? Thanks in advance ;) http://www.lifewithqmail.org/lwq.html#smtp-slow -- Best regards Peter Palmreuther Do not follow in the footsteps of men of old; seek what they sought. -- Drain Fade (A Daneman) '98 ZX9R http://drainfade.com
[vchkpw] SMTP Auth delay...can it be sped up ????
I'm running vpopmail-5.4.9, netqmail-1.05, and Bill Shupp's TLS + SMTP-AUTH patch. It runs great...but the delay is bordering on grueling. No matter what the client is it takes a goods 10-20 seconds to send mail. The server is 2G P4..so it's not the server. Is it the patch...or something else ??? Thanks in advance ;)
[vchkpw] Re: SMTP Auth delay...can it be sped up ????
Hello Allie, On Monday, January 10, 2005 at 5:43:11 AM Allie wrote: I'm running vpopmail-5.4.9, netqmail-1.05, and Bill Shupp's TLS + SMTP-AUTH patch. It runs great...but the delay is bordering on grueling. No matter what the client is it takes a goods 10-20 seconds to send mail. The server is 2G P4..so it's not the server. Is it the patch...or something else ??? Thanks in advance ;) http://www.lifewithqmail.org/lwq.html#smtp-slow -- Best regards Peter Palmreuther Do not follow in the footsteps of men of old; seek what they sought.
[vchkpw] SMTP Auth problem
I'm having problems with SMTP Auth. I have installed: Netqmail 1.0.5 Vpopmail 5.4.8 Simscan 1.0.8 Spamassassin Clamav Chkuser 2.0.7 Bill Shupp's composite TLS SMTP Auth patch, from http://shupp.org/smtp-auth-tls/ The error I'm getting is this: 503 auth not available (#5.3.3) -- # telnet 217.158.68.125 25 Trying 217.158.68.125... Connected to 217.158.68.125. Escape character is '^]'. 220 mail.datasnake.co.uk ESMTP EHLO datasnake.co.uk 250-mail.datasnake.co.uk 250-STARTTLS 250-PIPELINING 250-8BITMIME 250-SIZE 0 250 AUTH LOGIN PLAIN CRAM-MD5 AUTH PLAIN 503 auth not available (#5.3.3) -- SMTP does deliver locally. The smtpd log gives only this: 2004-12-07 11:30:47.177877500 tcpserver: pid 20753 from 81.178.252.159 2004-12-07 11:30:47.178302500 tcpserver: ok 20753 mail.datasnake.co.uk:217.158.68.125:25 81-178-252-159.dsl.pipex.com:81.178.252.159::1314 I am starting SMTP with -- #!/bin/sh QMAILQUEUE=/var/qmail/bin/simscan export QMAILQUEUE QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` exec /usr/local/bin/softlimit -m 20971520 \ /usr/local/bin/tcpserver -v -R -l $LOCAL -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd 21 -- Any help gratefully received Cheers Alastair ___ Moving house? Beach bar in Thailand? New Wardrobe? Win £10k with Yahoo! Mail to make your dream a reality. Get Yahoo! Mail www.yahoo.co.uk/10k
Re: [vchkpw] SMTP Auth problem
On Tuesday 07 December 2004 13:56, Alastair Battrick wrote: I'm having problems with SMTP Auth. I have installed: Netqmail 1.0.5 Vpopmail 5.4.8 Simscan 1.0.8 Spamassassin Clamav Chkuser 2.0.7 Bill Shupp's composite TLS SMTP Auth patch, from http://shupp.org/smtp-auth-tls/ The error I'm getting is this: 503 auth not available (#5.3.3) -- # telnet 217.158.68.125 25 Trying 217.158.68.125... Connected to 217.158.68.125. Escape character is '^]'. 220 mail.datasnake.co.uk ESMTP EHLO datasnake.co.uk 250-mail.datasnake.co.uk 250-STARTTLS 250-PIPELINING 250-8BITMIME 250-SIZE 0 250 AUTH LOGIN PLAIN CRAM-MD5 AUTH PLAIN 503 auth not available (#5.3.3) -- SMTP does deliver locally. The smtpd log gives only this: 2004-12-07 11:30:47.177877500 tcpserver: pid 20753 from 81.178.252.159 2004-12-07 11:30:47.178302500 tcpserver: ok 20753 mail.datasnake.co.uk:217.158.68.125:25 81-178-252-159.dsl.pipex.com:81.178.252.159::1314 I am starting SMTP with -- #!/bin/sh QMAILQUEUE=/var/qmail/bin/simscan export QMAILQUEUE QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` exec /usr/local/bin/softlimit -m 20971520 \ /usr/local/bin/tcpserver -v -R -l $LOCAL -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd 21 -- You should start smtp with the folowing command line : qmail-smtpd mail.example.com /home/vpopmail/bin/vchkpw /bin/true Read the smtp-auth docs.
Re: [vchkpw] SMTP Auth problem
Ispas Paul wrote: On Tuesday 07 December 2004 13:56, Alastair Battrick wrote: I'm having problems with SMTP Auth. snip I am starting SMTP with -- #!/bin/sh QMAILQUEUE=/var/qmail/bin/simscan export QMAILQUEUE QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` exec /usr/local/bin/softlimit -m 20971520 \ /usr/local/bin/tcpserver -v -R -l $LOCAL -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd 21 -- You should start smtp with the folowing command line : qmail-smtpd mail.example.com /home/vpopmail/bin/vchkpw /bin/true Read the smtp-auth docs. Hi Paul Thanks for your help. Which documentation are you referring to? The information you gave me does not appear to be correct, as a different error started when doing it the way you describe. It now works, when starting qmail-smtpd like so: qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true Thanks anyway - it's working now Alastair
Re: [vchkpw] disable_smtp / no_smtp gid flag smtp-auth question
On Mon, 22 Nov 2004 17:20:15 -0800, Tom Collins wrote: On Nov 22, 2004, at 3:30 PM, Rick Macdougall wrote: Tom Collins wrote: On Nov 22, 2004, at 12:01 PM, Steve wrote: Please could someone tell me exactly what is the use of the disable_smtp no_smtp gid flag ? I ask that because I use qmail + vpopmail (5.4.7) + smtp-auth, and the above settings don't have any effect when I connect with an authenticated user to my smtp server... I can still send emails even with the no_smtp bit flag set. It's supposed to work. If you look at the user with vuserinfo, does it show the flag set? Hi, You (not you Tom) might want the no_relay flag, not the no_smtp flag. NO_RELAY is to disable POP-before-SMTP and doesn't affect SMTP AUTH. Of course I have tested with this flag too (no_relay), and effectively it doesn't have any effect on smtp auth...
Re: [vchkpw] disable_smtp / no_smtp gid flag smtp-auth question
On Mon, 22 Nov 2004 17:20:15 -0800, Tom Collins wrote: On Nov 22, 2004, at 3:30 PM, Rick Macdougall wrote: Tom Collins wrote: On Nov 22, 2004, at 12:01 PM, Steve wrote: Please could someone tell me exactly what is the use of the disable_smtp no_smtp gid flag ? I ask that because I use qmail + vpopmail (5.4.7) + smtp-auth, and the above settings don't have any effect when I connect with an authenticated user to my smtp server... I can still send emails even with the no_smtp bit flag set. It's supposed to work. If you look at the user with vuserinfo, does it show the flag set? Hi, You (not you Tom) might want the no_relay flag, not the no_smtp flag. NO_RELAY is to disable POP-before-SMTP and doesn't affect SMTP AUTH. My problem is solved, I'm very sorry folks, it was coming from my startup script :-( In fact, with the smtp-auth patch from http://www.mcmilk.de/qmail/ , the FQDN is still needed just after qmail-smtpd ... it's very confusing !! So now with tcpserver -v -H -R -x /etc/tcp.smtp.cdb -c70 -u 89 -g 89 0 smtp \ /var/qmail/bin/qmail-smtpd my.domain.com /home/vpopmail/bin/vchkpw /bin/true 21 all is working perfectly, like expected. I thank you all anyway :)
[vchkpw] Solution to segfaults in vchkpw under SMTP AUTH on amd64
Thanks to some help from Martin Kos, I was able to find a solution to the SMTP AUTH problems on the amd64 platform. It's in the stable branch of CVS now, and will be in the next (5.4.9) release. Until then, you can manually patch any version from the 5.4 series (and probably most of 5.3) as follows. --- md5.h 20 Oct 2003 18:59:57 - 1.2 +++ md5.h 22 Nov 2004 15:13:37 - @@ -19,7 +19,7 @@ #ifndef VPOPMAIL_MD5_H #define VPOPMAIL_MD5_H -#ifdef __alpha +#if (defined(__alpha) || defined(__x86_64__)) typedef unsigned int uint32; #else typedef unsigned long uint32; A cleaner solution might be to #include cdb/uint32.h, as that header is derived during Make. This will work for now though. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
[vchkpw] disable_smtp / no_smtp gid flag smtp-auth question
Hi everybody, Please could someone tell me exactly what is the use of the disable_smtp no_smtp gid flag ? I ask that because I use qmail + vpopmail (5.4.7) + smtp-auth, and the above settings don't have any effect when I connect with an authenticated user to my smtp server... I can still send emails even with the no_smtp bit flag set. Besides that, all my system is working like a charm, so I can of course use another authentication program like cmd5checkpw, with another user database... but I really want to have vchkpw for smtp and pop3 auth, and my goal is to have the possibility of selecting who can use my smtp server (with smtp-auth) and who cannot. What am I missing ?? Thank's a bunch for any answer. Steve
Re: [vchkpw] disable_smtp / no_smtp gid flag smtp-auth question
On Nov 22, 2004, at 12:01 PM, Steve wrote: Please could someone tell me exactly what is the use of the disable_smtp no_smtp gid flag ? I ask that because I use qmail + vpopmail (5.4.7) + smtp-auth, and the above settings don't have any effect when I connect with an authenticated user to my smtp server... I can still send emails even with the no_smtp bit flag set. It's supposed to work. If you look at the user with vuserinfo, does it show the flag set? Are you running on a port other than 25 (such that vchkpw might not know it's being used for SMTP AUTH)? -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] disable_smtp / no_smtp gid flag smtp-auth question
Tom Collins wrote: On Nov 22, 2004, at 12:01 PM, Steve wrote: Please could someone tell me exactly what is the use of the disable_smtp no_smtp gid flag ? I ask that because I use qmail + vpopmail (5.4.7) + smtp-auth, and the above settings don't have any effect when I connect with an authenticated user to my smtp server... I can still send emails even with the no_smtp bit flag set. It's supposed to work. If you look at the user with vuserinfo, does it show the flag set? Hi, You (not you Tom) might want the no_relay flag, not the no_smtp flag. Regards, Rick
Re: [vchkpw] disable_smtp / no_smtp gid flag smtp-auth question
On Mon, 22 Nov 2004 13:34:31 -0800, Tom Collins wrote:
On Nov 22, 2004, at 12:01 PM, Steve wrote:
Please could someone tell me exactly what is the use of the
disable_smtp no_smtp gid flag ? I ask that because I use qmail
+ vpopmail (5.4.7) + smtp-auth, and the above settings don't have
any effect when I connect with an authenticated user to my smtp
server... I can still send emails even with the no_smtp bit
flag set.
It's supposed to work.
If you look at the user with vuserinfo, does it show the flag set?
Are you running on a port other than 25 (such that vchkpw might not
know it's being used for SMTP AUTH)?
Yes, vuserinfo does show the right flag set, nothing wrong with that. The
server runs on standard port 25. I have used the patch from
http://www.mcmilk.de/qmail/ , perhaps does it cause some incompatibility with
vchkpw ?? Or do I need to specify a special env. variable in my startup script ?
So if I understand well, in my case vchkpw cannot retrieve the TCPLOCALPORT
env. variable from tcpserver, am I right ?
I give you my startup script for the SMTP server, perhaps you could find
something buggy !
#!/bin/sh
#
# chkconfig: 345 80 30
# description: SMTP
# Qmail smtp Startup
# Source function library.
. /etc/rc.d/init.d/functions
# See how we were called.
case $1 in
start)
echo -n Starting:
env - PATH=/var/qmail/bin:/usr/local/bin \
/var/qmail/bin/qmail-start ./Maildir/ | /usr/local/bin/tai64n \
| /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog s100 n20
/var/log/qmail
echo Qmail running ( Pid : $! )
env - PATH=/var/qmail/bin:/usr/local/bin \
tcpserver -v -H -R -x /etc/tcp.smtp.cdb -c70 -u 89 -g 89 0 smtp \
/var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true 21 |
/usr/local/bin/multilog t \
'-*S: 250-*' '-*S: 250 8BIT*' '-*tcpserver: status: 0*' '-*tcpserver:
ok*' '+*S: 250-tesaweb2*' s100 n20 /var/log/smtpd
pidsmtp=`ps -aefww | egrep (tcpserver)+.+(smtp) | grep -v grep | awk
'{print $2}'`
echo $pidsmtp /var/run/smtp.pid
echo SMTP running ( Pid : $pidsmtp )
echo OK
;;
stop)
echo Stopping Qmail SMTP server
killproc qmail-send
kill `cat /var/run/smtp.pid`
rm -f /var/run/smtp.pid
echo Stopped
;;
restart)
$0 stop
$0 start
;;
status)
status qmail-send
echo -n Pid of SMTP server :
echo `cat /var/run/smtp.pid`
;;
*)
echo Usage: qmail {start|stop|restart|status}
exit 1
esac
exit 0
Thank you very much for your help !
Cordially,
Steve
Re: [vchkpw] disable_smtp / no_smtp gid flag smtp-auth question
On Nov 22, 2004, at 3:30 PM, Rick Macdougall wrote: Tom Collins wrote: On Nov 22, 2004, at 12:01 PM, Steve wrote: Please could someone tell me exactly what is the use of the disable_smtp no_smtp gid flag ? I ask that because I use qmail + vpopmail (5.4.7) + smtp-auth, and the above settings don't have any effect when I connect with an authenticated user to my smtp server... I can still send emails even with the no_smtp bit flag set. It's supposed to work. If you look at the user with vuserinfo, does it show the flag set? Hi, You (not you Tom) might want the no_relay flag, not the no_smtp flag. NO_RELAY is to disable POP-before-SMTP and doesn't affect SMTP AUTH. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] vchkpw segfault with smtp auth on amd64
On Nov 16, 2004, at 2:28 PM, Martin Kos wrote: i've done a fresh qmail/vpopmail installation on a debian amd64 port. everything seems to work just fine, except the smtp auth. sending an email without smtp auth works just fine. but if i try it with smtp auth i get the following in my logs: kernel: vchkpw[28473] segfault at rip rsp 007fbab0 error 14 the only thing that i have found on the net is the following: http://archives.neohapsis.com/archives/openbsd/2004-05/1814.html i'm not sure if it is really a vpopmail problem. perhaps somebody has already had the same problem? i've tried with disalbing the -02 in the CFLAGS but that does not help. compiling vpopmail with gcc 3.4 was the same thing :-( That's -O2, (oh two) not -02 (zero two). I'm guessing that there's a problem related to memory alignment, or just assumptions on the size of certain data types (like int). Since vchkpw works fine from qmail-pop3d, it might be in how qmail-smtpd passes information to vchkpw. Someone else reported this problem, and I was trying to get him to use strace to dump a trace to a log file in an attempt to determine WHERE the problem was happening. Here's what I last wrote: Try replacing /home/vpopmail/bin/vchkpw with /tmp/vchkpw.sh in the run file, and then create /tmp/vchkpw.sh as: #!/bin/sh /usr/bin/strace -ff -o /tmp/vchkpw.dump /home/vpopmail/bin/vchkpw /bin/true Make sure to `chmod +x /tmp/vchkpw.sh`. Set /bin/true to /usr/bin/true if that's the path to true. If it crashes, send me (directly, not through the list) a copy of /tmp/vchkpw.dump and I'll see if I can make any sense of it. You can also try using the checkpassword_debug in the contrib directory to test vchkpw. If that fails as well, it might be easier to get a trace on checkpassword_debug than in the qmail-smtpd process. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] vchkpw segfault with smtp auth on amd64
On Nov 16, 2004, at 5:28 PM, Martin Kos wrote: hi i've done a fresh qmail/vpopmail installation on a debian amd64 port. everything seems to work just fine, except the smtp auth. sending an email without smtp auth works just fine. but if i try it with smtp auth i get the following in my logs: kernel: vchkpw[28473] segfault at rip rsp 007fbab0 error 14 the only thing that i have found on the net is the following: http://archives.neohapsis.com/archives/openbsd/2004-05/1814.html i'm not sure if it is really a vpopmail problem. perhaps somebody has already had the same problem? i've tried with disalbing the -02 in the CFLAGS but that does not help. compiling vpopmail with gcc 3.4 was the same thing :-( greets KoS I was trying to trouble shoot this with an AMD 64 server, but was unable to find the culprit, since then we just grabbed a 32 bit old P3, and put that up as our mail gateway with SMTP auth, and all works well again. It would seem that the data that qmail-smtpd sends is not correct, for some reason it sends incorrect base64 decoded information. Best way to test it that i have done is use strace: telnet localhost 25 in another terminal: ps aux | grep qmail-smtpd look for the qmail-smtpd which is not tcpserver, and then use strace to hook onto its PID. Then in the telnet window send the commands to the server until it says auth failed, in which case you just QUIT and then grab the strace output. X-Istence
[vchkpw] vchkpw segfault with smtp auth on amd64
hi i've done a fresh qmail/vpopmail installation on a debian amd64 port. everything seems to work just fine, except the smtp auth. sending an email without smtp auth works just fine. but if i try it with smtp auth i get the following in my logs: kernel: vchkpw[28473] segfault at rip rsp 007fbab0 error 14 the only thing that i have found on the net is the following: http://archives.neohapsis.com/archives/openbsd/2004-05/1814.html i'm not sure if it is really a vpopmail problem. perhaps somebody has already had the same problem? i've tried with disalbing the -02 in the CFLAGS but that does not help. compiling vpopmail with gcc 3.4 was the same thing :-( if i've missed something or you need more details: just ask ;-). the startup scripts for daemontools are the same as i use on other machines. software used: vpopmail-5.4.8 netqmail-1.05 qmail-toaster-0.6-1.patch thanks for help greets KoS -- Martin Kos +41-76-384-93-33 http://kos.liSay NO to HTML in mail ICQ# 13556143 Proudly running Debian GNU/Linux
Re: [vchkpw] about smtp auth and vpopmail: MD5 problem
Tom Collins wrote: On Oct 17, 2004, at 3:54 PM, Andrea Riela wrote: Now the smtp auth with pass in PLAIN text works fine, in CRAM-MD5 not. Vpopmail 5.4.0 or later? 5.5.0 Do you have a clear password for that user in your vpasswd file or database? CRAM-MD5 only works if you have a cleartext password stored I think no. How could I convert my password in vpasswd file to clear text? thanks for any suggestion Regards Andrea
Re: [vchkpw] about smtp auth and vpopmail: MD5 problem
On Monday 18 October 2004 01:49 am, Andrea Riela wrote: Tom Collins wrote: On Oct 17, 2004, at 3:54 PM, Andrea Riela wrote: Now the smtp auth with pass in PLAIN text works fine, in CRAM-MD5 not. Vpopmail 5.4.0 or later? 5.5.0 Do you have a clear password for that user in your vpasswd file or database? CRAM-MD5 only works if you have a cleartext password stored I think no. How could I convert my password in vpasswd file to clear text? you can't, it's a one way hash. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ scriptkitchen.com/kitchen.asc pgpYyZP175ebv.pgp Description: PGP signature
[vchkpw] about smtp auth and vpopmail: MD5 problem
Hi folks, I've solved my problems with smtp auth (thanks Jeremy). Now the smtp auth with pass in PLAIN text works fine, in CRAM-MD5 not. this is the log: @40004172f62f29de299c sslserver: status: 1/20 @40004172f62f29ee65dc sslserver: pid 602 from 192.168.17.23 @40004172f62f29fed0fc sslserver: ok 602 0:192.168.1.11:465 :192.168.17.23::50077 @40004172f62f2ae4bc5c sslserver: warning: dropping connection, unable to accept SSL: error:0001:lib(0):func(0):reason(1) @40004172f62f2af3a0dc sslserver: end 602 status 28416 @40004172f62f2af48754 sslserver: status: 0/20 @40004172f63232858e3c sslserver: status: 1/20 @40004172f63232944f94 sslserver: pid 603 from 192.168.17.23 @40004172f63232a4ce3c sslserver: ok 603 0:192.168.1.11:465 :192.168.17.23::50080 @40004172f63238bec19c sslserver: ssl 603 accept 40004172f63239017ba4 604 220 nesys.it ESMTP 40004172f63307ed0f74 604 EHLO [192.168.17.23] 40004172f63307f193b4 604 250-nesys.it 40004172f63307f52d94 604 250-PIPELINING 40004172f63307f53d34 604 250-8BITMIME 40004172f63307f54cd4 604 250-SIZE 0 40004172f63307f55c74 604 250 AUTH LOGIN PLAIN CRAM-MD5 40004172f633081c2a0c 604 AUTH CRAM-MD5 40004172f63308203534 604 334 PDYwNC4xMD4MDUzTYxQDA+ 40004172f63308743904 604 YXJpZWxhQ5lc3lzLml0IDBhM2I5NjmMWQ3MDEzNDE0MT4Y2U2NGRjNDYxN2E2 40004172f63808fe3154 604 535 authentication failed (#5.7.1) @40004172f6380933df84 604 [EOF] @40004172f63809429cf4 604 [EOF] @40004172f6380942bc34 sslserver: end 603 status 256 @40004172f6380942cfbc sslserver: status: 0/20 what I've to do? My vpopmail: make WITH_QMAIL_EXT=yes WITH_DOMAIN_QUOTAS=yes WITH_SPAMASSASSIN=yes SPAM_THRESHOLD=15 RELAYCLEAR=15 WITH_CLEAR_PASSWD=yes Thanks for any suggestion Regards Andrea
Re: [vchkpw] about smtp auth and vpopmail: MD5 problem
On Oct 17, 2004, at 3:54 PM, Andrea Riela wrote: Now the smtp auth with pass in PLAIN text works fine, in CRAM-MD5 not. Vpopmail 5.4.0 or later? Do you have a clear password for that user in your vpasswd file or database? CRAM-MD5 only works if you have a cleartext password stored -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] about smtp auth
Jeremy Kitchen wrote: Do you have clear password support in vpopmail? I've installed vpopmail with make WITH_QMAIL_EXT=yes WITH_DOMAIN_QUOTAS=yes WITH_SPAMASSASSIN=yes SPAM_THRESHOLD=15 RELAYCLEAR=15 I need WITH_CLEAR_PASSWD=yes too? Regards Andrea
Re: [vchkpw] about smtp auth
Jeremy Kitchen wrote: try authenticating right there. http://fehcom.de/qmail/smtpauth.html I need tls support too. the patch is that? http://shupp.org/patches/netqmail-1.05-tls-smtpauth-20040927.patch thanks for any suggestion Andrea
Re: [vchkpw] about smtp auth
I've installed vpopmail with make WITH_QMAIL_EXT=yes WITH_DOMAIN_QUOTAS=yes WITH_SPAMASSASSIN=yes SPAM_THRESHOLD=15 RELAYCLEAR=15 WITH_CLEAR_PASSWD=yes I've tryed it. Now in my maillog I see that: Oct 16 19:01:54 observe vpopmail[33600]: vchkpw-smtps: vpopmail user not found [EMAIL PROTECTED]:192.168.17.23 normally when I try to connect with bincimap I see: Oct 16 19:02:01 observe vpopmail[33603]: vchkpw-imaps: (PLAIN) login success [EMAIL PROTECTED]:192.168.17.23 What I've to check? Regards Andrea
Re: [vchkpw] about smtp auth
Andrea Riela wrote: I've installed vpopmail with make WITH_QMAIL_EXT=yes WITH_DOMAIN_QUOTAS=yes WITH_SPAMASSASSIN=yes SPAM_THRESHOLD=15 RELAYCLEAR=15 WITH_CLEAR_PASSWD=yes I've tryed it. Now in my maillog I see that: Oct 16 19:01:54 observe vpopmail[33600]: vchkpw-smtps: vpopmail user not found [EMAIL PROTECTED]:192.168.17.23 partial solution: I've changed my runscript (as Jeremy says): /usr/local/bin/sslserver -e -v -R -h -l 0 -x /usr/local/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u 89 -g 89 0 465 /var/qmail/bin/qmail-smtpd /usr/local/vpopmail/bin/vchkpw-noroaming /bin/true 21 Now my log is: Oct 16 19:16:39 observe vpopmail[34852]: vchkpw-smtps: password fail [EMAIL PROTECTED]:192.168.17.23 What about this? Regards Andrea
Re: [vchkpw] about smtp auth
Andrea Riela wrote: Oct 16 19:16:39 observe vpopmail[34852]: vchkpw-smtps: password fail [EMAIL PROTECTED]:192.168.17.23 telnet 127.0.0.1 25 EHLO 250-nesys.it 250-PIPELINING 250-8BITMIME 250-SIZE 0 250 AUTH LOGIN PLAIN CRAM-MD5 AUTH CRAM-MD5 503 auth not available (#5.3.3) AUTH PLAIN 503 auth not available (#5.3.3) ... Andrea
[vchkpw] about smtp auth
Hi folks, there's someone here that use Freebsd and qmail+vpopmail+smtp auth? the smtp auth patch in freebsd ports could use vchkpw? there's an howto about that? thank you very much for your support Regards Andrea
Re: [vchkpw] about smtp auth
On Friday 15 October 2004 04:42 am, Andrea Riela wrote: Hi folks, there's someone here that use Freebsd and qmail+vpopmail+smtp auth? the smtp auth patch in freebsd ports could use vchkpw? there's an howto about that? I'm sure it can. There are two types of smtp auth patches out there. Ones that require that you have the hostname, and ones that don't. I highly recommend, however, that you do not use the qmail from ports and simply roll your own tarball. The recommended smtp auth patch to use is the one found at http://fehcom.de/qmail/smtpauth.html -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ scriptkitchen.com/kitchen.asc pgp0mky8XHuzq.pgp Description: PGP signature
Re: [vchkpw] about smtp auth
Well, I've tested http://students.imsa.edu/~ngroot/qmail-1.03-starttls-smtp-auth.patch (that is in /usr/ports/mail in Freebsd), my steps was: cd /usr/ports/mail/qmail-smtp_auth+tls make cp work/.../qmail-smtpd /var/qmail/bin/qmail-smtpd observe# telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 nesys.it ESMTP ehlo 250-nesys.it 250-AUTH LOGIN CRAM-MD5 PLAIN 250-AUTH=LOGIN CRAM-MD5 PLAIN 250-STARTTLS 250-PIPELINING 250 8BITMIME My runscript is: #!/bin/sh CERTFILE=/var/qmail/certs/pop3s.cert KEYFILE=/var/qmail/certs/pop3s.key DHFILE=/var/qmail/certs/dh1024.pem export CERTFILE KEYFILE DHFILE QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD ]; then echo QMAILDUID, NOFILESGID, or MAXSMTPD is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi exec /usr/local/bin/softlimit -m 1000 \ /usr/local/bin/sslserver -e -v -R -h -l 0 -x /usr/local/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 465 /var/qmail/bin/qmail-smtpd nesys.it /usr/local/vpopmail/bin/vchkpw-noroaming /bin/true 21 well, the problem is: when I try to connect to send an email, I receive a password request for the user (the same as account user), I type the same password as account user, but, I couldn't send the email, and I receive always the password request. What I've to do? Regards Andrea
Re: [vchkpw] about smtp auth
Jeremy Kitchen wrote: there's someone here that use Freebsd and qmail+vpopmail+smtp auth? The recommended smtp auth patch to use is the one found at http://fehcom.de/qmail/smtpauth.html Which works fine. Installation instructions are either on the site or included in the tarball; can't remember. -- Regards, Charles. signature.asc Description: OpenPGP digital signature
Re: [vchkpw] about smtp auth
On Friday 15 October 2004 10:40 am, Andrea Riela wrote: QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` [snip] /var/qmail/bin/qmail-smtpd nesys.it /usr/local/vpopmail/bin/vchkpw-noroaming /bin/true 21 well, the problem is: when I try to connect to send an email, I receive a password request for the user (the same as account user), I type the same password as account user, but, I couldn't send the email, and I receive always the password request. Can the qmaild user read your vpopmail information? I certainly hope not :) Change qmail-smtpd to run as the vpopmail user and it should Just Work. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ scriptkitchen.com/kitchen.asc pgpI7HeaMaCVo.pgp Description: PGP signature
Re: [vchkpw] about smtp auth
On Oct 15, 2004, at 8:40 AM, Andrea Riela wrote: 250-AUTH LOGIN CRAM-MD5 PLAIN 250-AUTH=LOGIN CRAM-MD5 PLAIN That's an old, outdated patch. Use the other patch mentioned (or the one included in the vpopmail contrib directory). -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] about smtp auth
On Oct 15, 2004, at 9:24 AM, Jeremy Kitchen wrote: /var/qmail/bin/qmail-smtpd nesys.it /usr/local/vpopmail/bin/vchkpw-noroaming /bin/true 21 Change qmail-smtpd to run as the vpopmail user and it should Just Work. But he's using the old patch (it requires a hostname as the first arg to qmail-smtpd) which isn't compatible with vpopmail 5.4.x. Use the fehcom patch. Either the latest version from Erwin's site, or the older one included in vpopmail's contrib directory. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] about smtp auth
Tom Collins wrote: On Oct 15, 2004, at 8:40 AM, Andrea Riela wrote: 250-AUTH LOGIN CRAM-MD5 PLAIN 250-AUTH=LOGIN CRAM-MD5 PLAIN That's an old, outdated patch. Use the other patch mentioned (or the one included in the vpopmail contrib directory). Well, I've installed the last fehcom (0.43), but nothing, the same problem (the email client send a password request ... always). now: observe# telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 nesys.it ESMTP ehlo 250-nesys.it 250-PIPELINING 250-8BITMIME 250 AUTH LOGIN PLAIN CRAM-MD5 what I've to check? Now I use bincimap with vchkpw-noroaming, and qmail-smtpds (with ucspi-ssl) with vchkpw-noroaming. thanks for all Regards Andrea
Re: [vchkpw] about smtp auth
On Friday 15 October 2004 05:51 pm, Andrea Riela wrote: Tom Collins wrote: On Oct 15, 2004, at 8:40 AM, Andrea Riela wrote: 250-AUTH LOGIN CRAM-MD5 PLAIN 250-AUTH=LOGIN CRAM-MD5 PLAIN That's an old, outdated patch. Use the other patch mentioned (or the one included in the vpopmail contrib directory). Well, I've installed the last fehcom (0.43), but nothing, the same problem (the email client send a password request ... always). now: observe# telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 nesys.it ESMTP ehlo 250-nesys.it 250-PIPELINING 250-8BITMIME 250 AUTH LOGIN PLAIN CRAM-MD5 what I've to check? try authenticating right there. http://fehcom.de/qmail/smtpauth.html tells you the protocol for SMTP auth... also, your server advertises cram-md5, most mail clients will use the most secure method available, which in this case is cram-md5.. but in order for cram-md5 to work you have to have the clear text password on both sides of the authentication. Do you have clear password support in vpopmail? -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ scriptkitchen.com/kitchen.asc pgpYfNR2qPJgD.pgp Description: PGP signature
Re: [vchkpw] qmail-smtp-auth patch
Hi, At 17:22 22.09.04 -0300, you wrote: how to install qmail-smtp-auth patch ? (2) (a) Untar the archive in the qmail/netqmail dir. (b) call ./install_auth.sh (c) make (d) make setup what´s the best smtp-auth patch? (1) The most recent smtp-auth patch can be found at: http://www.fehcom.de/qmail/smtp-auth.html (qmail-smtpd-auth-054.tgz). regards. --eh. Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/ Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24
[vchkpw] qmail-smtp-auth patch
how to install qmail-smtp-auth patch ? what´s the best smtp-auth patch? Itamar Reis Peixoto Analista Consultor TreyNet Consultoria - Uberlândia Tel : + 55 34 3231 0598 Cel: +55 38 9107 1250 http://www.treynet.com.br
Re: [vchkpw] Qmail SMTP AUTH + vchkpw on 64 bit...
Am Mittwoch, 25. August 2004 19:20 schrieb Jacob S.: Is an strace from a working 64 bit installation of any help? Don't know. It's on Tom Collins to decide whether he wants it or not. I'm unable to duplicate this bug on a new vpopmail 5.4.5 installation using the qmailrocks.org toaster on a Sun Ultra 10 with a 64bit Sparc processor. Hmmm... Seems there are differences in 64bit Linux and 64bit Solaris. As I found out, it makes no difference which LINUX distribution is used. I heard from people who have the same problem on SuSE where I have it on Gentoo... Due to the fact that somebody send a 'shutdown -h' to me (I have been ill all the week), I'll do the right strace for Tom right now. Then we hopefully will see... Greetings Tobias
Re: [vchkpw] Qmail SMTP AUTH + vchkpw on 64 bit...
On Thu, 19 Aug 2004 10:36:47 -0700 Tom Collins [EMAIL PROTECTED] wrote: Could someone with this problem use strace (or ptrace?) to get a trace of what happens when vchkpw is called? It should be as easy as adding: /usr/bin/strace -ff -o /tmp/vchkpw.dump right before /home/vpopmail/bin/vchkpw in the qmail-smtpd/run file. Attempt a SMTP AUTH connection, and then send me a copy of the /tmp/vchkpw.dump file and I'll try to isolate the source of the problem. Is an strace from a working 64 bit installation of any help? I'm unable to duplicate this bug on a new vpopmail 5.4.5 installation using the qmailrocks.org toaster on a Sun Ultra 10 with a 64bit Sparc processor. Jacob -- GnuPG Key: 1024D/16377135 Random .signature #9: Going from DOS to Linux is like trading a glider for an F117. pgpH8JE2X06ii.pgp Description: PGP signature
Re: [vchkpw] Qmail SMTP AUTH + vchkpw on 64 bit...
Am Donnerstag, 19. August 2004 19:36 schrieb Tom Collins: Could someone with this problem use strace (or ptrace?) to get a trace of what happens when vchkpw is called? It should be as easy as adding: /usr/bin/strace -ff -o /tmp/vchkpw.dump right before /home/vpopmail/bin/vchkpw in the qmail-smtpd/run file. Attempt a SMTP AUTH connection, and then send me a copy of the /tmp/vchkpw.dump file and I'll try to isolate the source of the problem. I'll do it later on today (need some interesting work for Friday afternoon :-) ). If I remember right, we found out, that something went totally wrong concerning hashes and the declaration of their variables (which seem to be different in 32bit and 64 bit - short integer!). For the fact that I am not a coder, I just try to remember what Erwin Hoffmann and some other people tried to explain me after they did some debugging on my machine. Like mentioned above, I'll post the output later. Greetings Tobias
Re: [vchkpw] Qmail SMTP AUTH + vchkpw on 64 bit...
Am Mittwoch, 18. August 2004 23:22 schrieb Matthew Walker: I saw this was discussed a month or two ago, but no conclusion seemed to be reached. I have been the one who had this problem. We reached some kind of conclusion (see below). I have qmail 1.03, and vpopmail 5.4 installed, and everything works except for SMTP AUTH. I get segfaults or bad user errors, depending on whether or not vchkpw is owned by root or by the vpopmail user. I tried also all these combinations with no success. Here's a transcript from a session where vchkpw was owned by vpopmail. When it's owned by root, the last line changes to simply say the authentication failed. [...] 454 oops, problem with child and I can't auth (#4.3.0) Exactly! I wrote a bug-report, but nobody seemed to be interested. (I will have a quick look into the tracker when I've finished this mail, but I don't think anything happened). Erwin Hoffmann (www.fehcom.de) spent some time looking through the code. His personal summary was that the easiest way would be to rewrite the whole vchkpw because there seems to be quite much unused and/or useless (and buggy(?)) code which makes it really hard to do a debug of this problem. But: We found a workaround! 1. Take vpopmail in any version of your choice, configure, compile and install it. 2. Take vpopmail-5.2.2, configure and compile it. Do NOT install it! 3. Rename your current '/var/vpopmail/bin/vchkpw' in whatever you want. 4. Copy the vchkpw-binary from your vpopmail-5.2.2-directory into '/var/vpopmail/bin/' 5. Test it. See that it works. Have fun. There is only one disadvantage: CRAM-MD5 doesn't work with 5.2.2. Everything else will work fine (I am running it against MySQL without any problems). HTH Greetings Tobias
Re: [vchkpw] Qmail SMTP AUTH + vchkpw on 64 bit...
Thank you /so/ much for this information! I'll be attempting this fix over the next hour or two. On Thu, 19 Aug 2004 10:10:04 +0200, Linux-Guru [EMAIL PROTECTED] wrote: Am Mittwoch, 18. August 2004 23:22 schrieb Matthew Walker: I saw this was discussed a month or two ago, but no conclusion seemed to be reached. I have been the one who had this problem. We reached some kind of conclusion (see below). I have qmail 1.03, and vpopmail 5.4 installed, and everything works except for SMTP AUTH. I get segfaults or bad user errors, depending on whether or not vchkpw is owned by root or by the vpopmail user. I tried also all these combinations with no success. Here's a transcript from a session where vchkpw was owned by vpopmail. When it's owned by root, the last line changes to simply say the authentication failed. [...] 454 oops, problem with child and I can't auth (#4.3.0) Exactly! I wrote a bug-report, but nobody seemed to be interested. (I will have a quick look into the tracker when I've finished this mail, but I don't think anything happened). Erwin Hoffmann (www.fehcom.de) spent some time looking through the code. His personal summary was that the easiest way would be to rewrite the whole vchkpw because there seems to be quite much unused and/or useless (and buggy(?)) code which makes it really hard to do a debug of this problem. But: We found a workaround! 1. Take vpopmail in any version of your choice, configure, compile and install it. 2. Take vpopmail-5.2.2, configure and compile it. Do NOT install it! 3. Rename your current '/var/vpopmail/bin/vchkpw' in whatever you want. 4. Copy the vchkpw-binary from your vpopmail-5.2.2-directory into '/var/vpopmail/bin/' 5. Test it. See that it works. Have fun. There is only one disadvantage: CRAM-MD5 doesn't work with 5.2.2. Everything else will work fine (I am running it against MySQL without any problems). HTH Greetings Tobias
Re: [vchkpw] Qmail SMTP AUTH + vchkpw on 64 bit...
Success! On Thu, 19 Aug 2004 09:45:38 -0600, Matthew Walker [EMAIL PROTECTED] wrote: Thank you /so/ much for this information! I'll be attempting this fix over the next hour or two. On Thu, 19 Aug 2004 10:10:04 +0200, Linux-Guru [EMAIL PROTECTED] wrote: Am Mittwoch, 18. August 2004 23:22 schrieb Matthew Walker: I saw this was discussed a month or two ago, but no conclusion seemed to be reached. I have been the one who had this problem. We reached some kind of conclusion (see below). I have qmail 1.03, and vpopmail 5.4 installed, and everything works except for SMTP AUTH. I get segfaults or bad user errors, depending on whether or not vchkpw is owned by root or by the vpopmail user. I tried also all these combinations with no success. Here's a transcript from a session where vchkpw was owned by vpopmail. When it's owned by root, the last line changes to simply say the authentication failed. [...] 454 oops, problem with child and I can't auth (#4.3.0) Exactly! I wrote a bug-report, but nobody seemed to be interested. (I will have a quick look into the tracker when I've finished this mail, but I don't think anything happened). Erwin Hoffmann (www.fehcom.de) spent some time looking through the code. His personal summary was that the easiest way would be to rewrite the whole vchkpw because there seems to be quite much unused and/or useless (and buggy(?)) code which makes it really hard to do a debug of this problem. But: We found a workaround! 1. Take vpopmail in any version of your choice, configure, compile and install it. 2. Take vpopmail-5.2.2, configure and compile it. Do NOT install it! 3. Rename your current '/var/vpopmail/bin/vchkpw' in whatever you want. 4. Copy the vchkpw-binary from your vpopmail-5.2.2-directory into '/var/vpopmail/bin/' 5. Test it. See that it works. Have fun. There is only one disadvantage: CRAM-MD5 doesn't work with 5.2.2. Everything else will work fine (I am running it against MySQL without any problems). HTH Greetings Tobias
Re: [vchkpw] Qmail SMTP AUTH + vchkpw on 64 bit...
Could someone with this problem use strace (or ptrace?) to get a trace of what happens when vchkpw is called? It should be as easy as adding: /usr/bin/strace -ff -o /tmp/vchkpw.dump right before /home/vpopmail/bin/vchkpw in the qmail-smtpd/run file. Attempt a SMTP AUTH connection, and then send me a copy of the /tmp/vchkpw.dump file and I'll try to isolate the source of the problem. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] Qmail SMTP AUTH + vchkpw on 64 bit...
I can do this over the weekend, but I can't right now since the system I'm having troubles on is a production server. I'll get back to you though. On Thu, 19 Aug 2004 10:36:47 -0700, Tom Collins [EMAIL PROTECTED] wrote: Could someone with this problem use strace (or ptrace?) to get a trace of what happens when vchkpw is called? It should be as easy as adding: /usr/bin/strace -ff -o /tmp/vchkpw.dump right before /home/vpopmail/bin/vchkpw in the qmail-smtpd/run file. Attempt a SMTP AUTH connection, and then send me a copy of the /tmp/vchkpw.dump file and I'll try to isolate the source of the problem. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
[vchkpw] Qmail SMTP AUTH + vchkpw on 64 bit...
I saw this was discussed a month or two ago, but no conclusion seemed to be reached. I have qmail 1.03, and vpopmail 5.4 installed, and everything works except for SMTP AUTH. I get segfaults or bad user errors, depending on whether or not vchkpw is owned by root or by the vpopmail user. Here's a transcript from a session where vchkpw was owned by vpopmail. When it's owned by root, the last line changes to simply say the authentication failed. 220 domain.com ESMTP EHLO domain.net 250-domain.com 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-SIZE 0 250-PIPELINING 250 8BITMIME AUTH LOGIN 334 VXNlcm5hbWU6 dXNlcm5hbWVAZG9tYWluLmNvbQ== 334 UGFzc3dvcmQ6 cGFzc3dvcmQ= 454 oops, problem with child and I can't auth (#4.3.0)
[vchkpw] RBL blocking both SMTP AUTH and POP before SMTP users from sending
still debugging a few users here. vpopmail/vchkpw with mysql install (Matt Simerson's qmail toaster, aged about 9 months) that has had vmysql manually patched for pop before smtp removal of RBL checks, and has had tcpserver patched(old error, subsequenty fixed in newer patches toaster releases) to allow SMTP AUTH users. Both POP before SMTP and SMTP AUTH work fine on the server for a vast majority of the users. We do have a few holdouts though that are troubling me as I am not sure how or why. The purpose of installing the SMTP AUTH was to hopefully force the whole RELAYCLIENT=,RBLSMTPD=\n entry and ensure that if there were issues with POP before SMTP timeouts or something else that would ensure they could relay and bypass the RBL. We are still having some problem users that can't seem to bypass the RBL check and are subsequently blocked by the dynablock list(justifiably so if they aren't bypassing it). Is there a set of events that would cause the rblsmtpd variable not to be set to blank on either POP before SMTP or SMTP AUTH? Server is not under heavy load or anything... mysql is located on the same box, and it is the same handful of users who can't get around this for the most point. Can't help but think that vchkpw isn't passing the RBLSMTPD= to qmail for some reason. Look forward to any ideas or suggestions. Dave
[vchkpw] SMTP-AUTH fails, POP3 auth works. Mysql, Linux
I've built vpopmail 5.4.5 with mysql 3.23.57-ish on Debian potato. I've enabled roaming users and have included the SMTP-AUTH patch. Courier, vpopmail, qmail, and everything else compiled fine (I did not use Debian packages). POP3 works fine. Spam filtering works fine. Squirrelmail fine. Squirrelmail sends via 127.0.0.1 SMTP fine via /home/vpopmail/etc/tcp.smtp. SMTP-AUTH fails on password look ups and therefore roaming users cannot send email. ERROR LOG: Aug 7 06:58:21 puffer vpopmail[28939]: vchkpw-smtp: password fail [email protected]:[ip protected] vpopmail was compiled like this: ./configure --enable-roaming-users=y --enable-logging=y --enable-ip-alias-domains=y --enable-auth-module=mysql --enable-clear-passwd=n --enable-libdir=/usr/include/mysql/ --enable-tcpserver-path=/home/vpopmail/etc/ --enable-tcpserver-file=/home/vpopmail/etc/tcp.smtp --enable-qmail-ext --enable-logging=e --enable-tcprules-prog=/usr/local/bin/tcprules --enable-rebuild-tcpserver-file My qmail-smtp/run file reads: #!/bin/sh QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl export QMAILQUEUE VPOPMAILUID=`id -u vpopmail` VPOPMAILGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD -o -z $LOCAL ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi exec /usr/local/bin/softlimit -m 1500 \ /usr/local/bin/tcpserver \ -H -l [server hostname protected] \ -v -x /etc/tcp.smtp.cdb \ -c 20 -R -u $VPOPMAILUID -g $VPOPMAILGID 0 smtp \ /usr/local/bin/rblsmtpd -b -C \ -r 'relays.ordb.org:Your message was rejected. \ -r 'sbl-xbl.spamhaus.org:Your message was rejected \ /var/qmail/bin/qmail-smtpd $LOCAL /home/vpopmail/bin/vchkpw \ /usr/bin/true 21 /home/vpopmail/bin/vchkpw is owned by vpopmail.vchkpw /usr/local/courier-imap/etc/imapd bears the line AUTHMODULES=authdaemon How do I go further debug this? Thanks. D.
Re: [vchkpw] SMTP-AUTH fails, POP3 auth works. Mysql, Linux
I've built vpopmail 5.4.5 with mysql 3.23.57-ish on Debian potato. I've enabled roaming users and have included the SMTP-AUTH patch. Courier, vpopmail, qmail, and everything else compiled fine (I did not use Debian packages). POP3 works fine. Spam filtering works fine. Squirrelmail fine. Squirrelmail sends via 127.0.0.1 SMTP fine via /home/vpopmail/etc/tcp.smtp. SMTP-AUTH fails on password look ups and therefore roaming users cannot send email. [SNIP] OK, I've found that it was a client software error where CRAM-MD5 login is advertised first. Pegasus mail wouldn't keep trying to get to plain LOGIN, but The BAT! would fail back from CRAM-MD5 to plain LOGIN and roaming SMTP relay works fine. Sorry for the initial concern, but I'd like to remove CRAM-MD5 from the advertised capabilities to avoid this kind of confusion with users. Any help there?! Sorry, but thanks so far!
Re: [vchkpw] SMTP-AUTH fails, POP3 auth works. Mysql, Linux
On Aug 7, 2004, at 5:39 AM, ISP Lists wrote: OK, I've found that it was a client software error where CRAM-MD5 login is advertised first. Pegasus mail wouldn't keep trying to get to plain LOGIN, but The BAT! would fail back from CRAM-MD5 to plain LOGIN and roaming SMTP relay works fine. If you're using an older SMTP AUTH patch, CRAM-MD5 won't work properly. Use the patch that's in the contrib directory of vpopmail 5.4.x instead (and note that you may need to update your qmail-smtpd/run file as well). You really should have CRAM-MD5, since it's the only SMTP AUTH protocol that encrypts the password when sending. Note that you'll also need to enable cleartext passwords in vpopmail for it to work properly. If you can't use CRAM-MD5 for some reason, edit the source to qmail-smtpd and remove it from the text sent to the SMTP client (just search for CRAM-MD5 and it should be easy to find). -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] Strange problem with SMTP AUTH
Hi Tom! Can anybody tell me what is happening here? Is it a problem with permissions? If yes, permissions of what file? Make sure your SMTP server is running as the vpopmail user. This seemed to be the problem although I actually don't know how that happened because it worked for quite some time. Anyway, at least it's working again now. Christian -- Ein Geduldiger ist besser als ein Starker und wer sich selbst be- herrscht, besser als einer, der Städte gewinnt. Sprüche 16,32 Wisst, dass euer Glaube, wenn er bewährt ist, Geduld wirkt. Jakobus 1,3
[vchkpw] Strange problem with SMTP AUTH
Hi! I have a really strange problem with vpopmail and smtp. I'm using qmail and vpopmail together and for pop3 and imap4 it works perfectly. However, with SMTP AUTH it did work well for some time but doesn't do so any more. As I didn't realize the problem at once, I actually can't say what exactly has changed on the system since it worked last. I'm running Gentoo Linux and there was at least one emerge -u world since it worked. I'm using Qmail+vpopmail+MySQL. So here's what happens: My client gives me an error but there's no error message from the server. If I look into the log files I find two interesting lines. Jul 14 12:23:27 myserver vpopmail[13453]: vchkpw-smtp: vpopmail user not found [EMAIL PROTECTED]:134.123.123.123 Jul 14 12:23:27 myserver vpopmail[13453]: vchkpw: can't write MySQL logs I've found out that if I change the permissions of /etc/vpopmail.conf to world-readability, I don't get the second line and the message is also written to my vlog-table. I guess it's only a subsequent error which I wouldn't get if the first one wasn't there. The first error message I don't understand at all because the user is valid. The same user can fetch mail without any problems. Can anybody tell me what is happening here? Is it a problem with permissions? If yes, permissions of what file? Regards, Christian -- Die Heiden, die um euch her übriggeblieben sind, sollen erfahren, dass ich der Herr bin, der da baut, was niedergerissen ist, und pflanzt, was verheert war. Hesekiel 36,36 /Paulus schreibt:/ Wir sind Gottes Mitarbeiter; ihr seid Gottes Ackerfeld und Gottes Bau. 1.Korinther 3,9
Re: [vchkpw] Strange problem with SMTP AUTH
On Jul 14, 2004, at 5:50 AM, Christian Lerrahn wrote: Can anybody tell me what is happening here? Is it a problem with permissions? If yes, permissions of what file? Make sure your SMTP server is running as the vpopmail user. Make sure qmail-smtpd has the correct SMTP AUTH patch to match your vpopmail installation. At some point leading up to the 5.4 release, we fixed a bug in vchkpw related to CRAM-MD5 SMTP AUTH. But, you need to use the correct (bug-fixed) SMTP AUTH patch to qmail-smtpd to go with it. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] smtp-auth on separate server queries vpopmail -mysql
Ron Culler wrote: I'm and having difficulty setting up a separate qmail server as a smtp-auth server. (* Its being done to provide inbound virus scanning prior to the message being delivered to the local mailbox) I have successfully setup Qmail and can get smtp-auth to work with checkpassword and the local shadow users. I installed vpopmail enabling roaming users, and mysql-auth. I then set the vpopmail.mysql file to use the DB on my main vpopmail server. I can see it connect but it returns an incorrect password response for the user and then sends the email. My question is can vpopmail provide this type of functionality? If not has anyone seen something that can? I want to be able to have smtp-auth query the vpopmail user DB. Thanks Ron Culler this works great. the only think to do is to mirror the /var/qmail/users dir to the auth server. then your users can auth against your mainserver regards mandy
[vchkpw] smtp-auth on separate server queries vpopmail -mysql
I'm and having difficulty setting up a separate qmail server as a smtp-auth server. (* Its being done to provide inbound virus scanning prior to the message being delivered to the local mailbox) I have successfully setup Qmail and can get smtp-auth to work with checkpassword and the local shadow users. I installed vpopmail enabling roaming users, and mysql-auth. I then set the vpopmail.mysql file to use the DB on my main vpopmail server. I can see it connect but it returns an incorrect password response for the user and then sends the email. My question is can vpopmail provide this type of functionality? If not has anyone seen something that can? I want to be able to have smtp-auth query the vpopmail user DB. Thanks Ron Culler
[vchkpw] Re: SMTP Auth HOW? *UPDATE* AMD64
Hello Blist, On Monday, May 24, 2004 at 11:16:58 PM you wrote (at least in part): 10092 write(4, [EMAIL PROTECTED], 27) = 27 However your Base64-encoded your login data, something went wrong. There's a '\n' that shouldn't be there. The correct B64-data would be: Username: YnJvb2tzQGJyb29rc3JveS5jb20= Password: amo= Please try again with these data and report in. -- Best regards Peter Palmreuther I have been guilty of kicking myself in the teeth...
Re: [vchkpw] Re: SMTP Auth HOW? *UPDATE* AMD64
Peter Palmreuther wrote: However your Base64-encoded your login data, something went wrong. There's a '\n' that shouldn't be there. The correct B64-data would be: Username: YnJvb2tzQGJyb29rc3JveS5jb20= Password: amo= Please try again with these data and report in. Peter, After tyring with these values I get: ps1:/tmp # tail -f qmail.log 24162 write(2, tcpserver: status: 0/20\n, 24) = 24 24162 write(2, tcpserver: status: 1/20\n, 24) = 24 24403 write(2, tcpserver: pid 24403 from 192.168.5.50\n, 39) = 39 24403 write(2, tcpserver: ok 24403 0:192.168.5.50:25 :192.168.5.50::32838\n, 59) = 59 24403 write(1, 220 box.prostream.net ESMTP\r\n, 29) = 29 24403 write(1, 250-box.prostream.net\r\n250-PIPELINING\r\n250-8BITMIME\r\n250 AUTH LOGIN PLAIN CRAM-MD5\r\n, 84) = 84 24403 write(1, 334 VXNlcm5hbWU6\r\n, 18) = 18 24403 write(1, 334 UGFzc3dvcmQ6\r\n, 18) = 18 24403 write(4, [EMAIL PROTECTED], 25) = 25 24597 write(4, \33\0\0\1\215 \0\0\0root\0[_O\\SRHM\0vpopmail, 31) = 31 24597 write(4, \240\0\0\0\3select pw_name, pw_passwd, pw_uid, pw_gid, pw_gecos, pw_dir, pw_shell , pw_clear_passwd from vpopmail where pw_name = \brooks\ and pw_domain = \brooksroy.com\ , 164) = 164 24597 --- SIGSEGV (Segmentation fault) @ 0 (0) --- 24403 --- SIGCHLD (Child exited) @ 0 (0) --- 24403 write(1, 454 oops, problem with child and I can\'t auth (#4.3.0)\r\n, 56) = 56 Also in my /var/log/messages I am seeing: vchkpw[24597]: segfault at rip rsp 007fb450 error 14 Thanks!
[vchkpw] Re: SMTP Auth HOW? *UPDATE* AMD64
Hello Blist, On Tuesday, May 25, 2004 at 6:22:11 PM you wrote (at least in part): After tyring with these values I get: 24597 --- SIGSEGV (Segmentation fault) @ 0 (0) --- That's not necessarily easy to debug. First try this: $printf [EMAIL PROTECTED] /tmp/auth.data $setuidgid /usr/local/vpopmail/bin/vchkpw \ /bin/sh -c 'echo Yes' /tmp/auth.data 30 And if this does not output 'Yes' please 'strace' it without '-e' option. If this segfaults too, one /might/ be able to guess why from the strace and the last action done. If this is not possible you'd have to 'dbg' vchkpw, to figure what's wrong. Nevertheless 'til now your original problem was not reproduced. So it seems something is really going wrong in your installation. -- Best regards Peter Palmreuther Clap on! clap clap Clap off! clap clap ~2v2h~#bu4bNO CARRIER
Re: [vchkpw] Re: SMTP Auth HOW? *UPDATE* AMD64
Am Dienstag, 25. Mai 2004 19:18 schrieb Peter Palmreuther: Hello Blist, On Tuesday, May 25, 2004 at 6:22:11 PM you wrote (at least in part): After tyring with these values I get: [...] If this segfaults too, one /might/ be able to guess why from the strace and the last action done. If this is not possible you'd have to 'dbg' vchkpw, to figure what's wrong. Nevertheless 'til now your original problem was not reproduced. So it seems something is really going wrong in your installation. Hi Peter, hi blist, hi all others. Peter, you are wrong! Same behaviour here. The only difference is, that I use Gentoo and not SuSE. What Erwin and I found out today, is, that we get the same error when using checkpassword. So Jeremy was partly right on IRC when he said it's not vpopmail. If it is qmail, which he thiught it wouldn't bee, too, can't be said right now. Of course, it is not stock qmail, but IMHO it _could_ be the smtp-auth-patch. Peter, I'll contact you in replay of your mail which you wrote me off-list. Greetings Tobias
Re: [vchkpw] smtp auth
Hi, I've installed SPAMCONTROL and i've modified the tcp.smtp file like you say (:allow,REQUIREAUTH="") but now nobody can send me e-mail the sender receive the message: Your message has encountered delivery problems to the following recipient(s): [EMAIL PROTECTED] Delivery failed 535 authentication failed (#5.7.1) No recipients were successfully delivered to. bye, signo Erwin Hoffmann wrote: Erwin Hoffmann wrote: Hi, At 10:49 19.05.04 +0200, you wrote: Erwin Hoffmann wrote:Hi, At 09:46 19.05.04 +0200, signo wrote: hello, i ve 2 problems first: I've installed qmail 1.03 with qmail-smtpd-auth-043. Now the smth auth work fine but if i try to send an email (with Mozilla) without smpt authentication set it work??!!!?? Hm. Could you please explain that in more details ? If i set (in mozilla) 'the server require smtp-auth, he ask me for user name and passwd, he verify the entries and if the username/password are correct he send the mail. control)!!! I would like to acceprtONLY mail after a successfull smtp-auth. Ok. As I assumed. Look for my SPAMCONTROL patch. It includes SMTP Authentication. http://www.fehcom.de/qmail/spamcontrol.html The README (http://www.fehcom.de/qmail/spamcontrol/README_spamcontrol.html) tells more (Section 7.4). In your case you to have to set: :allow,REQUIREAUTH="" That will do the trick. regards. --eh. Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/ Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24
