[vchkpw] tcpserver-rblsmtpd-vpopmail issue
Hello, I just build a new qmail box and am currently using vpopmail and have set up selective relay with pop-before-smtp and have applied the ucspi-mysql patch to ucspi-tcp. I have also enabled rblsmtpd and am using zen.spamhaus.org. A remote pop session is correctly updating the relay table in the database. But I seem to be having an issue with the tcpserver as I am unable to send emails from a dynamic ip address even though the ipaddress has been added to the relay table.I am immediately being blocked by the rblsmtpd. So it seems that tcpserver is not quering the relay table during the smtp connection. I am using the -V switch in the qmail startup file for tcpserver. I have been searching all morning for a solution, any help would be much appreciated. Thanks, Vik !DSPAM:4cc1ef9c32711943013099!
Re: [vchkpw] tcpserver-rblsmtpd-vpopmail issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/22/2010 03:09 PM, Vik Nat wrote: I just build a new qmail box and am currently using vpopmail and have set up selective relay with pop-before-smtp and have applied the ucspi-mysql patch to ucspi-tcp. I have also enabled rblsmtpd and am using zen.spamhaus.org. A remote pop session is correctly updating the relay table in the database. But I seem to be having an issue with the tcpserver as I am unable to send emails from a dynamic ip address even though the ipaddress has been added to the relay table.I am immediately being blocked by the rblsmtpd. So it seems that tcpserver is not quering the relay table during the smtp connection. I am using the ?V switch in the qmail startup file for tcpserver. I have been searching all morning for a solution, any help would be much appreciated. The RBL check should be done post-authentication. If you use the rblsmtpd command, even if the IP is trusted, it will be blocked by rblsmtpd. The other option is to modify rblsmtpd.c to honor the RELAYCLIENT environment variable and exit if it's set. Hope that helps. - -- /* Matt Brookings m...@inter7.com GnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzB8FQACgkQIwet2/rgZyzq5QCePSvI/ehopDf9+uM6X+aNWECG fzYAoIbDN1Zh1z23uJmmHszX4/U6K1H4 =wEOF -END PGP SIGNATURE-
RE: [vchkpw] tcpserver-rblsmtpd-vpopmail issue
Thanks Matt. Is there a patch available for rblsmtpd to allow selective relaying? Vik -Original Message- From: Matt Brookings [mailto:m...@inter7.com] Sent: Friday, October 22, 2010 4:13 PM To: vchkpw@inter7.com Subject: Re: [vchkpw] tcpserver-rblsmtpd-vpopmail issue -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/22/2010 03:09 PM, Vik Nat wrote: I just build a new qmail box and am currently using vpopmail and have set up selective relay with pop-before-smtp and have applied the ucspi-mysql patch to ucspi-tcp. I have also enabled rblsmtpd and am using zen.spamhaus.org. A remote pop session is correctly updating the relay table in the database. But I seem to be having an issue with the tcpserver as I am unable to send emails from a dynamic ip address even though the ipaddress has been added to the relay table.I am immediately being blocked by the rblsmtpd. So it seems that tcpserver is not quering the relay table during the smtp connection. I am using the ?V switch in the qmail startup file for tcpserver. I have been searching all morning for a solution, any help would be much appreciated. The RBL check should be done post-authentication. If you use the rblsmtpd command, even if the IP is trusted, it will be blocked by rblsmtpd. The other option is to modify rblsmtpd.c to honor the RELAYCLIENT environment variable and exit if it's set. Hope that helps. - -- /* Matt Brookings m...@inter7.com GnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzB8FQACgkQIwet2/rgZyzq5QCePSvI/ehopDf9+uM6X+aNWECG fzYAoIbDN1Zh1z23uJmmHszX4/U6K1H4 =wEOF -END PGP SIGNATURE- !DSPAM:4cc1f60432712117511552!
Re: [vchkpw] tcpserver-rblsmtpd-vpopmail issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/22/2010 03:37 PM, Vik Nat wrote: Thanks Matt. Is there a patch available for rblsmtpd to allow selective relaying? No, because rblsmtpd doesn't have information on how authentication is done. All it can do is check if an IP is on an RBL. - -- /* Matt Brookings m...@inter7.com GnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzB9lIACgkQIwet2/rgZywctgCfQAEYBVU2Df+FmlOPUHehdzx/ q2kAni1tPNuD9swc7C4PXd0c2CH1/tl/ =n0m0 -END PGP SIGNATURE-
RE: [vchkpw] tcpserver-rblsmtpd-vpopmail issue
Right, makes sense. I want to keep the RBL checks at the smtp level and not move it to post authentication. -Original Message- From: Matt Brookings [mailto:m...@inter7.com] Sent: Friday, October 22, 2010 4:39 PM To: vchkpw@inter7.com Subject: Re: [vchkpw] tcpserver-rblsmtpd-vpopmail issue -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/22/2010 03:37 PM, Vik Nat wrote: Thanks Matt. Is there a patch available for rblsmtpd to allow selective relaying? No, because rblsmtpd doesn't have information on how authentication is done. All it can do is check if an IP is on an RBL. - -- /* Matt Brookings m...@inter7.com GnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzB9lIACgkQIwet2/rgZywctgCfQAEYBVU2Df+FmlOPUHehdzx/ q2kAni1tPNuD9swc7C4PXd0c2CH1/tl/ =n0m0 -END PGP SIGNATURE- !DSPAM:4cc1fce232713226617792!
Re: [vchkpw] patch for tcpserver
Hello again, In my previous message, I wrote: quote With this patch applied, tcpserver can: 1) Enable POP3 before SMTP by MySQL 2) Bypass greylisting for reliable IP address 3) Block POP3 access from malicious IP address /quote But I should write: This patch is the slight modification of 'UCSPI-TCP MySQL patch' Version 2, that is available at: http://www.tnpi.biz/internet/mail/toaster/patches/tcpserver-mysql.shtml With 'UCSPI-TCP MySQL patch', the list of reliable IP address can be passed from 'vpopmail' to 'tcpserver' through MySQL table, not: /etc/tcp.smtp.cdb In other words, 'vpopmail' does not need to update: /etc/tcp.smtp.cdb for every successful POP3 authentication. With this patch, greylisting can be skipped for those reliable IP address. In addition, the list of malicious IP address can be passed from 'vpopmail' to 'tcpserver' through MySQL table, not: /etc/tcp.smtp.cdb If POP3 authentication fails more than 2 times from the same IP address within 2 minutes, 'tcpserver' thinks it as malicious IP address and drops the connection. Any suggestions and questions are welcome to Jun Inamori ([EMAIL PROTECTED]). Jun Inamori patch4mysql_jgreylist_pop3.tar.gz Description: GNU Zip compressed data
[vchkpw] patch for tcpserver
Hello, I wrote some small patch for 'tcpserver'. It is just the slight modification of 'UCSPI-TCP MySQL patch Version 2', that is available at: http://www.tnpi.biz/internet/mail/toaster/patches/tcpserver-mysql.shtml I don't know if this is the correct mailing list to post about 'tcpserver'. But, because it depends on vpopmail, I post my patch here. With this patch applied, tcpserver can: 1) Enable POP3 before SMTP by MySQL 2) Bypass greylisting for reliable IP address 3) Block POP3 access from malicious IP address Any suggestions and questions are welcome to Jun Inamori ([EMAIL PROTECTED]). patch4mysql_jgreylist_pop3.tar.gz Description: GNU Zip compressed data
[vchkpw] OT: tcpserver and rblsmtpd clones
Sorry for the off topic. Does anyone know about good clones/substitutes of tcpserver and rblsmtpd? I'ld like they to have a more open licensing, so developing and deployment of new integrated features could be more easy. Thanks, Tonino
Re: [vchkpw] OT: tcpserver and rblsmtpd clones
On 2006-10-26, at 0441, tonix (Antonio Nati) wrote: Does anyone know about good clones/substitutes of tcpserver and rblsmtpd? I'ld like they to have a more open licensing, so developing and deployment of new integrated features could be more easy. (sorry for going even further off topic) i don't see anything in the ucspi-tcp source package, or on djb's web site, which indicates the kind of license under which the ucspi-tcp package is distributed. i know we've probably all seen http://cr.yp.to/qmail/dist.html but that only applies to qmail. i've heard it said that all of djb's other software is essentially public domain, but now i'm curious and would like know for sure. has anybody heard or seen any kind of statement from djb about this, and if so where can i find a copy of it? -- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ [EMAIL PROTECTED] | -- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | -- PGP.sig Description: This is a digitally signed message part
Re: [vchkpw] OT: tcpserver and rblsmtpd clones
John Simpson wrote: i've heard it said that all of djb's other software is essentially public domain, but now i'm curious and would like know for sure. has anybody heard or seen any kind of statement from djb about this, and if so where can i find a copy of it? Most of his software is not public domain. (Several of his math and crypto libraries are, but to my knowledge none of the networking software is). First, there's a copyright statement in the README file of each package. Second: http://cr.yp.to/distributors.html Daemontools is explicitly mentioned here-- he licenses the current version to be distributed (in package form, with a specific MD5 checksum) until the beginning of 2007. Third: http://cr.yp.to/softwarelaw.html In other words, DJB has the right to control distribution of his software and he specifically asserts that right. David
Re: [vchkpw] OT: tcpserver and rblsmtpd clones
On 2006-10-26, at 1454, David Chaplin-Loebell wrote: John Simpson wrote: i've heard it said that all of djb's other software is essentially public domain, but now i'm curious and would like know for sure. has anybody heard or seen any kind of statement from djb about this, and if so where can i find a copy of it? Most of his software is not public domain. (Several of his math and crypto libraries are, but to my knowledge none of the networking software is). First, there's a copyright statement in the README file of each package. Second: http://cr.yp.to/distributors.html Daemontools is explicitly mentioned here-- he licenses the current version to be distributed (in package form, with a specific MD5 checksum) until the beginning of 2007. ah. i had only seen the qmail-specific version of this page, http:// cr.yp.to/qmail/dist.html ... you have answered my question, thank you. next question, and this may be better directed to djb himself (hence the CC to him.) i build servers for my clients, and i carry around a USB memory stick which contains, among other things, the source code packages for daemontools and ucspi-tcp. does this mean that starting in january i'm going to have to manually download the packages from his server instead of copying them from my USB stick when i build a client's machine? i don't really mind either way, but i'd like to know what his policy is, just to be sure. before you pointed out this page this i was not aware of 2007-01-01 having any significance (other than new years day, obviously.) -- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ [EMAIL PROTECTED] | -- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | -- PGP.sig Description: This is a digitally signed message part
Re: [vchkpw] OT: tcpserver and rblsmtpd clones
John Simpson wrote: i don't really mind either way, but i'd like to know what his policy is, just to be sure. before you pointed out this page this i was not aware of 2007-01-01 having any significance (other than new years day, obviously.) He periodically updates those dates. I think the point is that he doesn't want prerelease versions of his software distributed forever-- but if you check out http://web.archive.org/web/*/http://cr.yp.to/distributors.html you'll see that those dates have been pushed forward several times. David
Re: [vchkpw] OT: tcpserver and rblsmtpd clones
On 2006-10-26, at 1737, David Chaplin-Loebell wrote: John Simpson wrote: i don't really mind either way, but i'd like to know what his policy is, just to be sure. before you pointed out this page this i was not aware of 2007-01-01 having any significance (other than new years day, obviously.) He periodically updates those dates. I think the point is that he doesn't want prerelease versions of his software distributed forever-- but if you check out http://web.archive.org/web/*/http:// cr.yp.to/distributors.html you'll see that those dates have been pushed forward several times. okay. thanks again. -- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ [EMAIL PROTECTED] | -- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | -- PGP.sig Description: This is a digitally signed message part
[vchkpw] tcpserver error
Has anyone ever seen this type of error before? telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. tcpserver: fatal: unable to bind: access denied Connection closed by foreign host. Any ideas on how to fix this? Doug
Re: [vchkpw] tcpserver error
On Wed, 2006-08-23 at 09:12 -0400, Doug Appleton wrote: Has anyone ever seen this type of error before? telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. tcpserver: fatal: unable to bind: access denied Connection closed by foreign host. Any ideas on how to fix this? Doug Is the service starting as root to bing to the low port?
RE: [vchkpw] tcpserver error
YES .. When I do a netstat -an | grep 25 this is the result .. tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN Any thoughts to solving this one last problem? Doug -Original Message- From: Shane Chrisp [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 23, 2006 9:14 AM To: vchkpw@inter7.com Subject: Re: [vchkpw] tcpserver error On Wed, 2006-08-23 at 09:12 -0400, Doug Appleton wrote: Has anyone ever seen this type of error before? telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. tcpserver: fatal: unable to bind: access denied Connection closed by foreign host. Any ideas on how to fix this? Doug Is the service starting as root to bing to the low port?
Re: [vchkpw] tcpserver error
- Original Message - From: Doug Appleton To: vchkpw@inter7.com Sent: Wednesday, August 23, 2006 6:42 PM Subject: [vchkpw] tcpserver error Has anyone ever seen this type of error before? telnet localhost 25Trying 127.0.0.1...Connected to localhost.localdomain (127.0.0.1).Escape character is '^]'.tcpserver: fatal: unable to bind: access deniedConnection closed by foreign host.Any ideas on how to fix this? Doug Hi, Pls make sure that smtp service is running. Thanks Regards, Aneesh Joseph System Administrator Internet Sales Promotion Group28/118A, Parapilly Lane, Panampilly Nagar,Cochin , Kerala -682036Ph : 91 484 4010972, Mobile :91 9895012331E-mail : [EMAIL PROTECTED]
[vchkpw] Help with UCSPI (tcpserver) MySQL Patch Redhat
If your trying to apply the Matt Simerson on a stock redhat/other rpm based systems you will run into a small problem wrt to the location of the mysql libraries if you use the distros included mysql RPMs. The patch can be found at http://atl.tnpi.biz/internet/mail/toaster/patches/ucspi-tcp-0.88-mysql%2 Brss.patch D/L and save the patch in a file like vpopmail.patch then run the following simple command line perl -pi -e 's/\/usr\/local\//\/usr\//g' vpopmail.patch Even on moderately loaded vpopmail systems, this patch is extremely valuable. Aaron Gee Network Engineering Atlantic Net --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.769 / Virus Database: 516 - Release Date: 9/24/2004
[vchkpw] RSA KEY tcpserver
how can i generate this key ? tcpserver: fatal: unable to load RSA private key Itamar Reis Peixoto Analista Consultor TreyNet Consultoria - Uberlândia Tel : + 55 34 3231 0598 Cel: +55 38 9107 1250 http://www.treynet.com.br
Re: [vchkpw] RSA KEY tcpserver
On Monday 27 September 2004 01:30 pm, Itamar Reis Peixoto wrote: how can i generate this key ? tcpserver: fatal: unable to load RSA private key this question has what to do with vpopmail? http://www.openssl.org -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ scriptkitchen.com/kitchen.asc pgp1t4QS8IHhB.pgp Description: PGP signature
[vchkpw] tcpserver pid patch
I've got a new patch to tcpserver that allows you to save the process id to a file, so it can be used later to kill it. It makes it easier to write standard init scripts. Anyone interested in trying it out before it is released? The patch file includes a README on how to apply and a sample standard init script for starting/stopping qmail, pop and smtp. Ken Jones
Re: [vchkpw] tcpserver pid patch
fredagen den 23 juli 2004 19.02 skrev Ken Jones: I've got a new patch to tcpserver that allows you to save the process id to a file, so it can be used later to kill it. It makes it easier to write standard init scripts. Anyone interested in trying it out before it is released? The patch file includes a README on how to apply and a sample standard init script for starting/stopping qmail, pop and smtp. Ken Jones Sounds cool. I can test it at one newly staged server. -- Regards // Oden Eriksson
Re: [vchkpw] tcpserver pid patch
On Friday 23 July 2004 12:04 pm, Oden Eriksson wrote: fredagen den 23 juli 2004 19.02 skrev Ken Jones: I've got a new patch to tcpserver that allows you to save the process id to a file, so it can be used later to kill it. It makes it easier to write standard init scripts. Anyone interested in trying it out before it is released? The patch file includes a README on how to apply and a sample standard init script for starting/stopping qmail, pop and smtp. Ken Jones Sounds cool. I can test it at one newly staged server. Thanks! here's the patch file. Hopefully the README makes sense. Ken tcpserver-pid.patch.tar.gz Description: application/tgz
Re: [vchkpw] tcpserver pid patch
On Friday 23 July 2004 12:06 pm, Ken Jones wrote: On Friday 23 July 2004 12:04 pm, Oden Eriksson wrote: fredagen den 23 juli 2004 19.02 skrev Ken Jones: I've got a new patch to tcpserver that allows you to save the process id to a file, so it can be used later to kill it. It makes it easier to write standard init scripts. Anyone interested in trying it out before it is released? The patch file includes a README on how to apply and a sample standard init script for starting/stopping qmail, pop and smtp. Ken Jones Sounds cool. I can test it at one newly staged server. Thanks! here's the patch file. Hopefully the README makes sense. Sorry, I meant to just send the file to Oden Ken
Re: [vchkpw] tcpserver pid patch
fredagen den 23 juli 2004 19.06 skrev Ken Jones: On Friday 23 July 2004 12:04 pm, Oden Eriksson wrote: fredagen den 23 juli 2004 19.02 skrev Ken Jones: I've got a new patch to tcpserver that allows you to save the process id to a file, so it can be used later to kill it. It makes it easier to write standard init scripts. Anyone interested in trying it out before it is released? The patch file includes a README on how to apply and a sample standard init script for starting/stopping qmail, pop and smtp. Ken Jones Sounds cool. I can test it at one newly staged server. Thanks! here's the patch file. Hopefully the README makes sense. Ken I get: # cat /var/log/qmail-pop3d/current @40004100e84d2d137b6c tcpserver: illegal option -- w @40004100e84d2d138ef4 tcpserver: usage: tcpserver [ -1UXpPhHrRoOdDqQv ] [ -c limit ] [ -s perip limit ] [ -x rules.cdb ] [ -B banner ] [ -g gid ] [ -u uid ] [ -b backlog ] [ -l localname ] [ -t timeout ] [ -w pidfile ] host port program I use your rc.qmail file. -- Regards // Oden Eriksson
RE: [vchkpw] MySQL questions, vchkpw tcpserver
On Tue, 2004-03-30 at 13:20, Shane Chrisp wrote: PS: I just confirmed the format is as I said before. Add the IP address like 192.168.0 with a NULL timestamp. Shane Well, I've tried this, but it always disappears from the DB eventually, I presume (unchecked) when clearopensmtp runs. I've had success, however, using a ludicrously high timestamp (99). j -- Not all those who wander are lost. - JRR Tolkien
[vchkpw] MySQL questions, vchkpw tcpserver
I've got a couple of issues. I'm in the process of migrating a cluster of qmail servers to MySQL backend for authentication, and have a question: I'm set up to use vpopmail:relay table to track pops, and I've applied the tcpserver patch to also use vpopmail:relay to store info on 'always-allowed' relaying from our own IPs. My questions: 1 - Previously, with .cdb arrangement, we used the form 192.168.0. to permit relaying from any machine in that /24 network. How do I specify the same using vpopmail:relay?? When I've tried using the same form, it appears not to work. Do I need to insert each IP individually? (that'd be ugly, with a /21 public network and roughly the same size in combined private networks, but if that's the way then that's the way...) 2 - Allowing 'permanent' relaying - Do I just use a ridiculously high timestamp? 3 - How did I end up with entries like this in vpopmail:relay??? | 216.26.255.33 | 1080657350 | | 216.26.255.65.41.4 | 108036425024 | I've got (currently) two qmail/vpopmail nodes in the cluster running on the MySQL backend, and a third still on cdb (until we're assured of the stability of the new setup). Because of this split, I've written a small perl program that periodically synchronizes the two - it reads in open-smtp, reads in all entries from the relay table, removes the earlier of any duplicates, then inserts/updates entries in the db and writes a new open-smtp. j -- Not all those who wander are lost. - JRR Tolkien
RE: [vchkpw] MySQL questions, vchkpw tcpserver
Im not certain, but I think you can add the IP like 192.168.0 with a NULL timestamp with version 2 of the tcpserver patch. Shane -Original Message- From: Joel Newkirk [mailto:[EMAIL PROTECTED] Sent: Tuesday, 30 March 2004 11:41 PM To: [EMAIL PROTECTED] Subject: [vchkpw] MySQL questions, vchkpw tcpserver I've got a couple of issues. I'm in the process of migrating a cluster of qmail servers to MySQL backend for authentication, and have a question: I'm set up to use vpopmail:relay table to track pops, and I've applied the tcpserver patch to also use vpopmail:relay to store info on 'always-allowed' relaying from our own IPs. My questions: 1 - Previously, with .cdb arrangement, we used the form 192.168.0. to permit relaying from any machine in that /24 network. How do I specify the same using vpopmail:relay?? When I've tried using the same form, it appears not to work. Do I need to insert each IP individually? (that'd be ugly, with a /21 public network and roughly the same size in combined private networks, but if that's the way then that's the way...) 2 - Allowing 'permanent' relaying - Do I just use a ridiculously high timestamp? 3 - How did I end up with entries like this in vpopmail:relay??? | 216.26.255.33 | 1080657350 | | 216.26.255.65.41.4 | 108036425024 | I've got (currently) two qmail/vpopmail nodes in the cluster running on the MySQL backend, and a third still on cdb (until we're assured of the stability of the new setup). Because of this split, I've written a small perl program that periodically synchronizes the two - it reads in open-smtp, reads in all entries from the relay table, removes the earlier of any duplicates, then inserts/updates entries in the db and writes a new open-smtp. j -- Not all those who wander are lost. - JRR Tolkien
Re: [vchkpw] MySQL questions, vchkpw tcpserver
On Tuesday 30 March 2004 03:40 pm, Joel Newkirk wrote: I'm set up to use vpopmail:relay table to track pops, and I've applied the tcpserver patch to also use vpopmail:relay to store info on 'always-allowed' relaying from our own IPs. ugh. this is better: http://untroubled.org/relay-ctrl put /var/spool/relay-ctrl on an nfs share. Easy as pie. then you can just use normal tcprules stuff if you want to do static relay controls, etc. -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
RE: [vchkpw] MySQL questions, vchkpw tcpserver
The mysql server patch for tcpserver works very well and its simple to use. That's aside from the fact that almost every qmail install out there is using tcpserver anyway. Makes sense to keep it simple. But each to their own, I personally would rather keep all the IP's that are allowed to relay in one place. PS: I just confirmed the format is as I said before. Add the IP address like 192.168.0 with a NULL timestamp. Shane On Tuesday 30 March 2004 03:40 pm, Joel Newkirk wrote: I'm set up to use vpopmail:relay table to track pops, and I've applied the tcpserver patch to also use vpopmail:relay to store info on 'always-allowed' relaying from our own IPs. ugh. this is better: http://untroubled.org/relay-ctrl put /var/spool/relay-ctrl on an nfs share. Easy as pie. then you can just use normal tcprules stuff if you want to do static relay controls, etc.
[vchkpw] tcpserver logging of extra pop info
Hi! I have some users that are sending mails trough my mailserver (pop before smtp), i have enabled-roaming-users when i compiled vpopmail and it is working perfect now. But i want to catch abuse if some user get a crasy idea and sends spam trough my mailserver, så i need extra info in my pop3 log Today my startup script contains this: # pop3 server: echo -n Starting pop: env - PATH=/var/qmail/bin:/usr/local/bin \ tcpserver -H -R -v -l -c200 0 pop3 /var/qmail/bin/qmail-popup loke.yanet.dk \ /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 21 | \ /var/qmail/bin/splogger pop3d echo it creates this in my logfile: Dec 28 11:53:53 odin pop3d: 1072608833.464242 tcpserver: pid 31615 from 217.157.31.98 Dec 28 11:53:53 odin pop3d: 1072608833.464265 tcpserver: ok 31615 -c200:81.7.136.34:110 :217.157.31.98::32924 Dec 28 11:53:53 odin pop3d: 1072608833.560968 tcpserver: end 31615 status 256 Dec 28 11:53:53 odin pop3d: 1072608833.561047 tcpserver: status: 0/40 Dec 28 11:53:58 odin pop3d: 1072608838.572219 tcpserver: status: 1/40 Dec 28 11:53:58 odin pop3d: 1072608838.572299 tcpserver: pid 31617 from 217.157.31.98 Dec 28 11:53:58 odin pop3d: 1072608838.572320 tcpserver: ok 31617 -c200:81.7.136.34:110 :217.157.31.98::32925 Dec 28 11:53:58 odin pop3d: 1072608838.673983 tcpserver: end 31617 status 256 I need some info about wich username is doing the pop sessionis it possible to get that kind off information With the popuser in the log and the ipnumber sending spam, then i can find the user doing the abuse.toherwise i have to drop the whole thing :-( ;-Peter Yanet.dk
Re: [vchkpw] tcpserver logging of extra pop info
On Dec 28, 2003, at 3:57 AM, Peter Nilsson wrote: I need some info about wich username is doing the pop sessionis it possible to get that kind off information With the popuser in the log and the ipnumber sending spam, then i can find the user doing the abuse.toherwise i have to drop the whole thing :-( Take a look at the --enable-logging option. You can recompile/install vpopmail, adding --enable-logging=y to your ./configure options. It will then log all pop3 connections, not just the failures. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
[vchkpw] Re: tcpserver logging of extra pop info
thanks it helped...and without the -v option in the startup script then i get online one line pr. login with info about ipadresse + loginnameperfect ;-Peter Tom Collins writes: On Dec 28, 2003, at 3:57 AM, Peter Nilsson wrote: I need some info about wich username is doing the pop sessionis it possible to get that kind off information With the popuser in the log and the ipnumber sending spam, then i can find the user doing the abuse.toherwise i have to drop the whole thing :-( Take a look at the --enable-logging option. You can recompile/install vpopmail, adding --enable-logging=y to your ./configure options. It will then log all pop3 connections, not just the failures. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
[vchkpw] Interesting clearopensmtp and tcpserver issue
Hello all, I have gone through the archives and have gone through all the posts that looked like my error, however I am still stuck and I have not seen any changes at all. Here is what I have, I get this error each time I run /usr/local/vpopmail/bin/clearopensmtp: tcpserver: fatal: unable to figure out port number for /etc/tcp.smtptmp.3517 (- the number changes each time I run) I have done the following: 1) read all postings that looked similar (on this list and the qmail list) 2) gone through Life with Qmail 3) gone through vpopmail Adminstration Guide 4) recompiled vpopmail 5) recompiled the tcp.smtp.cdb file 6) restarted all services and still no change, I must be doing something wrong or I am changing the wrong files :S This is on FreeBSD 5.1-RELEASE using qmail-1.03_1 vpopmail-5.3.24 ucspi-tcp-0.88 Is it a permissions thing? Any help would be greatly appreciated. TIA Jay tcp.smt* permissions mail1# ll /etc/tcp.smt* lrwxr-xr-x 1 root wheel 32 Nov 11 10:31 /etc/tcp.smtp - /usr/local/vpopmail/etc/tcp.smtp lrwxr-xr-x 1 root wheel 36 Nov 11 10:31 /etc/tcp.smtp.cdb - /usr/local/vpopmail/etc/tcp.smtp.cdb mail1# ll /usr/local/vpopmail/etc/tcp.smt* -rw-r--r-- 1 vpopmail vchkpw 608 Nov 11 09:55 /usr/local/vpopmail/etc/tcp.smtp -rw-r--r-- 1 vpopmail vchkpw 2119 Nov 10 14:11 /usr/local/vpopmail/etc/tcp.smtp.cdb my tcp.smtp file 127.0.0.1:allow,RELAYCLIENT= 192.168.:allow,RELAYCLIENT= 216.138.224.10:allow,RELAYCLIENT= 216.138.226.17:allow,RELAYCLIENT= 216.138.226.18:allow,RELAYCLIENT= 216.138.226.19:allow,RELAYCLIENT= 216.138.226.20:allow,RELAYCLIENT= 216.138.226.21:allow,RELAYCLIENT= 216.138.226.22:allow,RELAYCLIENT= 216.138.226.23:allow,RELAYCLIENT= 216.138.226.24:allow,RELAYCLIENT= 216.138.226.25:allow,RELAYCLIENT= 216.138.226.26:allow,RELAYCLIENT= 216.138.226.27:allow,RELAYCLIENT= 216.138.226.28:allow,RELAYCLIENT= 216.138.226.29:allow,RELAYCLIENT= 216.138.226.30:allow,RELAYCLIENT= :allow my configure command ./configure --enable-vpopuser=vpopmail --enable-vpopgroup=vchkpw --enable-log-name=vpopmail --enable-roaming-users=y --enable-logging=p --enable-defaultquota=52428800 --enable-ip-alias-domains=n --enable-passwd=n --enable-clear-passwd=y --enable-domain-quotas=y --enable-mysql=y --enable-many-domains=n --enable-auth-logging=y --enable-mysql-logging=y --enable-valias=y --enable-ucspi-dir=../ucspi-tcp-0.88 --enable-mysql-limits=y --enable-relay-clear-minutes=30 --enable-domains-dir=domains --enable-tcpserver-file=/etc/tcp.smtp --enable-tcprules-prog=/usr/local/bin/tcpserver --enable-domainquotas=y [EMAIL PROTECTED] --enable-many-domains=y my smtp run script #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD -o -z $LOCAL ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo No /var/qmail/control/rcpthosts! echo Refusing to start SMTP listener because it'll create an open relay exit 1 fi exec /usr/local/bin/softlimit -m 800 \ /usr/local/bin/tcpserver -v -S -H -R -l $LOCAL -x /etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp fixcrio /var/qmail/bin/qmail-smtpd 21
RE: [vchkpw] Interesting clearopensmtp and tcpserver issue
I used the toaster, is there an issue with it? Jay -Original Message- From: Luca Morettoni [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 11, 2003 11:15 AM To: [EMAIL PROTECTED] Subject: Re: [vchkpw] Interesting clearopensmtp and tcpserver issue Jason Lavigne, il 11/11/2003 alle 10:35, mi scrisse... Hello all, I have gone through the archives and have gone through all the posts that looked like my error, however I am still stuck and I have not seen any changes at all. Here is what I have, I get this error each time I run /usr/local/vpopmail/bin/clearopensmtp: tcpserver: fatal: unable to figure out port number for /etc/tcp.smtptmp.3517 (- the number changes each time I run) [...CUT...] This is on FreeBSD 5.1-RELEASE using qmail-1.03_1 vpopmail-5.3.24 ucspi-tcp-0.88 have you installed this by FreeBSD ports? I use them on my servers and all work fine! -- Luca Morettoni [EMAIL PROTECTED] - http://morettoni.net GPG keys avaiable at: http://morettoni.net/key Key fingerprint: D69411BB/C329AED4592319826F12 3036B51E664FD69411BB Current system: FreeBSD 5.1-CURRENT, up 2 hrs, 44 mins, 1 sec
Re: [vchkpw] Interesting clearopensmtp and tcpserver issue
Jason Lavigne, il 11/11/2003 alle 11:50, mi scrisse... I used the toaster, is there an issue with it? the FreeBSD way: (update your ports tree) # cd /usr/ports/mail/vpopmail # make install clean repeat the two command for all software you need -- Luca Morettoni [EMAIL PROTECTED] - http://morettoni.net GPG keys avaiable at: http://morettoni.net/key Key fingerprint: D69411BB/C329AED4592319826F12 3036B51E664FD69411BB Current system: FreeBSD 5.1-CURRENT, up 3 hrs, 34 mins, 4 secs
RE: [vchkpw] Interesting clearopensmtp and tcpserver issue
I tried the ports version, vpopmail-5.3.29, and it worked fine for 1 hour, now it is doing it again, I reinstalled from ports again and it didn't help at all. :S I must be doing something wrong but I just don't see it. tcpserver: fatal: unable to figure out port number for /etc/tcp.smtptmp.3517 TIA Jay -Original Message- From: Luca Morettoni [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 11, 2003 11:15 AM To: [EMAIL PROTECTED] Subject: Re: [vchkpw] Interesting clearopensmtp and tcpserver issue Jason Lavigne, il 11/11/2003 alle 10:35, mi scrisse... Hello all, I have gone through the archives and have gone through all the posts that looked like my error, however I am still stuck and I have not seen any changes at all. Here is what I have, I get this error each time I run /usr/local/vpopmail/bin/clearopensmtp: tcpserver: fatal: unable to figure out port number for /etc/tcp.smtptmp.3517 (- the number changes each time I run) [...CUT...] This is on FreeBSD 5.1-RELEASE using qmail-1.03_1 vpopmail-5.3.24 ucspi-tcp-0.88 have you installed this by FreeBSD ports? I use them on my servers and all work fine! -- Luca Morettoni [EMAIL PROTECTED] - http://morettoni.net GPG keys avaiable at: http://morettoni.net/key Key fingerprint: D69411BB/C329AED4592319826F12 3036B51E664FD69411BB Current system: FreeBSD 5.1-CURRENT, up 2 hrs, 44 mins, 1 sec
Re: [vchkpw] Interesting clearopensmtp and tcpserver issue
- Original Message - From: Jason Lavigne [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 2:35 AM Subject: [vchkpw] Interesting clearopensmtp and tcpserver issue Hello all, I have gone through the archives and have gone through all the posts that looked like my error, however I am still stuck and I have not seen any changes at all. Here is what I have, I get this error each time I run /usr/local/vpopmail/bin/clearopensmtp: tcpserver: fatal: unable to figure out port number for /etc/tcp.smtptmp.3517 (- the number changes each time I run) Generally when using roaming-users, you need to put all the tcp.smtp.* files in ~vpopmail/etc rather than /etc This is because the vpopmail user needs write permission on the tcp.smtp.cdb and tcp.smtp.tmp files and typically the /etc dir wont allow that. Just linking the files to the vpopmail/etc dir isnt sufficient, as vpopmail needs to create temp files etc, and in your case these will be created in /etc which I guess will fail. Michael.
RE: [vchkpw] Interesting clearopensmtp and tcpserver issue
WOOHOO found the issue. On FreeBSD if you are going to do a custom compile, make sure you add '--prefix=/usr/local i386-portbld-freebsd5.1' to your ./configure command. (this is not documented and I only knew by looking at the ports version closely) Using the following command worked! ./configure --enable-valias=y --enable-mysql-logging=y --enable-auth-logging=y --enable-default-domain=bwlogic.com --enable-domain-quotas=y --enable-mysql=y --enable-many-domains=y --enable-vpopgroup=vchkpw --enable-log-name=vpopmail--enable-domains-dir=domains [EMAIL PROTECTED] --enable-qmaildir=/var/qmail --enable-tcprules-prog=/usr/local/bin/tcprules --enable-tcpserver-file=/usr/local/vpopmail/etc/tcp.smtp --enable-defaultquota=52428800 --enable-logging=p --enable-roaming-users=y --enable-relay-clear-minutes=30 --enable-clear-passwd=y --prefix=/usr/local i386-portbld-freebsd5.1 As you can see I am using MySQL and the default ports distribution uses cdb, this is why doing a build straight from the ports tree fixed my clearopensmtp error message, however I lost all my user accounts as these are in MySQL. Using the ports version with the above configure command fixed all my issues. Thanks all for your input, it help a ton :D Jay -Original Message- From: Michael Bowe [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 11, 2003 3:00 PM To: [EMAIL PROTECTED] Subject: Re: [vchkpw] Interesting clearopensmtp and tcpserver issue - Original Message - From: Jason Lavigne [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 2:35 AM Subject: [vchkpw] Interesting clearopensmtp and tcpserver issue Hello all, I have gone through the archives and have gone through all the posts that looked like my error, however I am still stuck and I have not seen any changes at all. Here is what I have, I get this error each time I run /usr/local/vpopmail/bin/clearopensmtp: tcpserver: fatal: unable to figure out port number for /etc/tcp.smtptmp.3517 (- the number changes each time I run) Generally when using roaming-users, you need to put all the tcp.smtp.* files in ~vpopmail/etc rather than /etc This is because the vpopmail user needs write permission on the tcp.smtp.cdb and tcp.smtp.tmp files and typically the /etc dir wont allow that. Just linking the files to the vpopmail/etc dir isnt sufficient, as vpopmail needs to create temp files etc, and in your case these will be created in /etc which I guess will fail. Michael.
[vchkpw] tcpserver/mysql patch with vpopmail-5.2.1
Hi folks, I'm wondering if anyone has a patch for vpopmail-5.2.1 that disables the update of the tcp.smtp.cdb file (I'm using Matt Simersons tcpserver-mysql patch). I'm aware that vpopmail-5.3.20 and above has a configure option --enable-rebuild-tcpserver-file=n, which prevents the file from being rebuilt, but I would like to keep my stable version of vpopmail if possible... In this message: http://www.mail-archive.com/[EMAIL PROTECTED]/msg08758.html Matt Simerson seems to indicate that such a hack was posted but I'm unable to find it. Thanks! Karim.
Re: [vchkpw] Matt Simersons tcpserver-mysql patch how-to??
Hi Jonathan On Thu, Sep 25, 2003 at 12:24:22PM +1200, Jonathan Viney wrote: Hi, I just checked Matt's patch, and he indeed added that code. So it will work. You cannot set ENV-vars though! It must set RELAYCLIENT though I would have thought just had a quick look at the code and yes: you are right. what i actually meant was: you cannot set env-vars on a per-entry base which are different than relayclient. So if you wanted any other ENV variables set you could just add them there under env(RELAYCLIENT,); . right? yes, that is correct. but it would affect all the ips then! hope it helps thank you Flavio -- http://no-way.org/~fcu/
[vchkpw] [SECURITY] RE: [vchkpw] Matt Simersons tcpserver-mysql patch how-to??
Hi, Then create a file called 'sql' in the qmail control dir with the following layout server localhost port3306 databasevpopmail table relay uservpopmailuser passvpopmailpassword time1800 Add the -S switch to your qmail-smtpd script and restart the servers. Make sure 100% that /var/qmail/control/sql file is either chowned 'qmaild', chgrouped 'nofiles', or BOTH! I forgot about that one time and changed ownership on that file to vpopmail:vchkpw (during a server migration), and started qmail. Apparently I didn't tail qmail-smtpd/log/current while tcpserver was complaining about control/sql file Permission denied. This was for a few days before I found out my mail server was AN OPEN RELAY. fixing the permissions on the sql file and restarting qmail fixed the problem. This is for tcpserver, correct? (Because the current version of vPopmail has a control file like this now. And what does your full smptd line look like now? e.g. I have (no tcpserver patch): env - PATH=/var/qmail/bin:/usr/local/bin \ tcpserver -p -H -l0 -R -c 512 -x \ /var/qmail/vpopmail/etc/tcp.smtp.cdb -u 301 -g 302 \ 0 smtp /var/qmail/bin/qmail-smtpd foo.bar.org \ /var/qmail/vpopmail/bin/vchkpw /bin/true after the patch it would be? env - PATH=/var/qmail/bin:/usr/local/bin \ tcpserver -p -H -l0 -R -c 512 -x \ -S \ 0 smtp /var/qmail/bin/qmail-smtpd foo.bar.org \ /var/qmail/vpopmail/bin/vchkpw /bin/true If you are no longer needing the cdb file (example allowing particular ips/subnets to relay) just omit the -x option. Although I use -S for mysql relay info, I also still use the -x option to call a static file that rarely ever changes: -x /etc/tcp.smtp.cdb I think this is better than depending on the mysql db also for static relayclients (unless they're over a 1000), and also in case of mysql database failure, the static relayclients would still be able to relay mail (because it's read from cdb on disk), while roaming users will fail - better than both client groups failing. Respectfully, Tim Hasson
Re: [vchkpw] [SECURITY] RE: [vchkpw] Matt Simersons tcpserver-mysql patch how-to??
At 02:38 AM 9/25/2003, Tim Hasson wrote: Make sure 100% that /var/qmail/control/sql file is either chowned 'qmaild', chgrouped 'nofiles', or BOTH! -rw-r--r--1 root other 106 Aug 18 09:37 sql Mine works fine as above. Paul Theodoropoulos http://www.anastrophe.com
Re: [vchkpw] [SECURITY] RE: [vchkpw] Matt Simersons tcpserver-mysql patch how-to??
On Thursday, September 25, 2003, at 08:03 AM, Paul Theodoropoulos wrote: Make sure 100% that /var/qmail/control/sql file is either chowned 'qmaild', chgrouped 'nofiles', or BOTH! -rw-r--r--1 root other 106 Aug 18 09:37 sql Mine works fine as above. But anyone with access to your system can read the file and get the sql username and password. Better to have it owned and readable only by the user that needs it. -- Tom Collins [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] [SECURITY] RE: [vchkpw] Matt Simersons tcpserver-mysql patch how-to??
At 08:41 AM 9/25/2003, Tom Collins wrote: On Thursday, September 25, 2003, at 08:03 AM, Paul Theodoropoulos wrote: Make sure 100% that /var/qmail/control/sql file is either chowned 'qmaild', chgrouped 'nofiles', or BOTH! -rw-r--r--1 root other 106 Aug 18 09:37 sql Mine works fine as above. But anyone with access to your system can read the file and get the sql username and password. Better to have it owned and readable only by the user that needs it. only root has access to the system in question. if someone gets in, that means they've broken root, thus they already own the machine, so obscurity accomplishes nothing. Paul Theodoropoulos http://www.anastrophe.com
[vchkpw] Matt Simersons tcpserver-mysql patch how-to??
All, I have also applied this patch to tcpserver and am getting this error. MYSQL Error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' I found that the file lives in /tmp/mysql.sock Does anyone know where to set the path for this? Regards, -Tom
[vchkpw] Matt Simersons tcpserver-mysql patch how-to??
Hi! I've installed vpopmail on a new server according to the instructions in the INSTALL file and finally I arrived at point 13: 13. For sites using the mysql module and --enable-roaming-users=y it is highly suggested to use Matt Simersons tcpserver-mysql patch. This removes the need for vpopmail to compile a tcp.smtp.cdb file for each pop authentication. Instead, tcpserver looks directly into the vpopmail mysql table of IP's. But the question is: how do I install it?? I searched the list and I looked at Matt's website, but I couldn't find documentation on this. Thanks in advance! Kind regards, Jasper Metselaar
RE: [vchkpw] Matt Simersons tcpserver-mysql patch how-to??
Run the patch against the source of ucspi-tcp-0.88 and then install it again. Then create a file called 'sql' in the qmail control dir with the following layout server localhost port3306 databasevpopmail table relay uservpopmailuser passvpopmailpassword time1800 Add the -S switch to your qmail-smtpd script and restart the servers. You should now be running off the relay table in your database. cheers Shane -Original Message- From: Jasper Metselaar [mailto:[EMAIL PROTECTED] Sent: Wednesday, 24 September 2003 7:33 PM To: [EMAIL PROTECTED] Subject: [vchkpw] Matt Simersons tcpserver-mysql patch how-to?? Hi! I've installed vpopmail on a new server according to the instructions in the INSTALL file and finally I arrived at point 13: 13. For sites using the mysql module and --enable-roaming-users=y it is highly suggested to use Matt Simersons tcpserver-mysql patch. This removes the need for vpopmail to compile a tcp.smtp.cdb file for each pop authentication. Instead, tcpserver looks directly into the vpopmail mysql table of IP's. But the question is: how do I install it?? I searched the list and I looked at Matt's website, but I couldn't find documentation on this. Thanks in advance! Kind regards, Jasper Metselaar
RE: [vchkpw] Matt Simersons tcpserver-mysql patch how-to??
Add the -S switch to your qmail-smtpd script and restart the servers. You should now be running off the relay table in your database. cheers Shane Hi, Is it possible to use this patch in place of /etc/tcp.smtp.cdb for permanently allowed hosts? I had a look a while back and noticed it seemed to run on a timeout basis. Also, does anyone have an example of the sql table structure needed? Thanks, Jonathan
Re: [vchkpw] Matt Simersons tcpserver-mysql patch how-to??
Hi Jonathan On Thu, Sep 25, 2003 at 01:27:21AM +1200, Jonathan Viney wrote: Add the -S switch to your qmail-smtpd script and restart the servers. You should now be running off the relay table in your database. cheers Shane Is it possible to use this patch in place of /etc/tcp.smtp.cdb for permanently allowed hosts? I had a look a while back and noticed it seemed to run on a timeout basis. AFAIK yes, i submitted a patch for that, which i think Matt has added to his patch. it works by having records in the database with NULL as Timestamp, they will not get removed. Also, does anyone have an example of the sql table structure needed? # # Table structure for table `relay` # CREATE TABLE relay ( ip_addr char(40) NOT NULL default '', timestamp char(12) default NULL, PRIMARY KEY (ip_addr) ) TYPE=MyISAM; Hope it helps greetz Flavio -- http://no-way.org/~fcu/
Re: [vchkpw] Matt Simersons tcpserver-mysql patch how-to??
Me again On Wed, Sep 24, 2003 at 03:48:57PM +0200, Flavio Curti wrote: On Thu, Sep 25, 2003 at 01:27:21AM +1200, Jonathan Viney wrote: Is it possible to use this patch in place of /etc/tcp.smtp.cdb for permanently allowed hosts? I had a look a while back and noticed it seemed to run on a timeout basis. AFAIK yes, i submitted a patch for that, which i think Matt has added to his patch. it works by having records in the database with NULL as Timestamp, they will not get removed. I just checked Matt's patch, and he indeed added that code. So it will work. You cannot set ENV-vars though! Hope it helps Flavio -- http://no-way.org/~fcu/
RE: [vchkpw] Matt Simersons tcpserver-mysql patch how-to??
At 04:44 AM 9/24/2003, Shane Chrisp wrote: Run the patch against the source of ucspi-tcp-0.88 and then install it again. I was under the assumption that you only installed this patch to stop the rebuild of the tcp.smtp.cdb file for each pop3 authentication. And if you installed mySQL support for vPopMail that this patch was just saving a trip to the cdb file, nothing more. True? False? Out in deep roving left, knee-deep in the lake? Then create a file called 'sql' in the qmail control dir with the following layout server localhost port3306 databasevpopmail table relay uservpopmailuser passvpopmailpassword time1800 Add the -S switch to your qmail-smtpd script and restart the servers. This is for tcpserver, correct? (Because the current version of vPopmail has a control file like this now. And what does your full smptd line look like now? e.g. I have (no tcpserver patch): env - PATH=/var/qmail/bin:/usr/local/bin \ tcpserver -p -H -l0 -R -c 512 -x \ /var/qmail/vpopmail/etc/tcp.smtp.cdb -u 301 -g 302 \ 0 smtp /var/qmail/bin/qmail-smtpd foo.bar.org \ /var/qmail/vpopmail/bin/vchkpw /bin/true after the patch it would be? env - PATH=/var/qmail/bin:/usr/local/bin \ tcpserver -p -H -l0 -R -c 512 -x \ -S \ 0 smtp /var/qmail/bin/qmail-smtpd foo.bar.org \ /var/qmail/vpopmail/bin/vchkpw /bin/true Am I close? ;-) --- Anthony Baratta President Keyboard Jockeys Conformity is the refuge of the unimaginative.
Re: [vchkpw] Matt Simersons tcpserver-mysql patch how-to??
Hi, I just checked Matt's patch, and he indeed added that code. So it will work. You cannot set ENV-vars though! Hi, It must set RELAYCLIENT though I would have thought just had a quick look at the code and yes: ! if(usemysql) { ! if(flagdeny==2) { !/* drop_db(); */ ! } else if(!flagdeny) { !env(RELAYCLIENT,); ! } ! flagdeny=0; ! } So if you wanted any other ENV variables set you could just add them there under env(RELAYCLIENT,); . right? Cheers, Jonathan
[vchkpw] tcpserver: fatal: unable to bind: address already used
Hi I've installed qmail following Lfe with qmail and vpopmail with the scripts that allow roaming users to use our smtp server without opening the machine up to everyone on the internet. Now I've the subject error. I guess it's produced because qmail supervise is running from the original Life with qmail configuration. How could avoid supervise to start or how could I use FAQ scripts with supervise to avoid to receive subject error in /var/qmail/log/smtpd/current and pop3d/current ? Thanks in advance ! jl
Re: [vchkpw] tcpserver: fatal: unable to bind: address already used
Have you checked your /etc/inetd for anything starting with SMTP? Hash it out, and restart inetd. That will probably solve the tcpserver: fatal: unable to bind: address already used, if you have an SMTP server running from there. Else, kill sendmail / postfix / exim if it apprears in ps ax Regarding your second question, depending on the platform used, you can cp /var/qmail/bin/maildir /var/qmail/rc /var/qmail/rc start Goto /var/qmaill/docs/ and checkout the README.* files, to see which file from /var/qmail/bin you want to use. - Original Message - From: Javier [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 29, 2003 11:42 AM Subject: [vchkpw] tcpserver: fatal: unable to bind: address already used Hi I've installed qmail following Lfe with qmail and vpopmail with the scripts that allow roaming users to use our smtp server without opening the machine up to everyone on the internet. Now I've the subject error. I guess it's produced because qmail supervise is running from the original Life with qmail configuration. How could avoid supervise to start or how could I use FAQ scripts with supervise to avoid to receive subject error in /var/qmail/log/smtpd/current and pop3d/current ? Thanks in advance ! jl
[vchkpw] vpopmail and tcpserver-mysql (was: Re: [vchkpw] tcp.smtp fileperms/owns for -enable-roaming-users?)
Hi again, However, I strongly disagree with the INSTALL wording if that's the case! It makes it sound like Matt's patch is only suggested, but it honestly seems to be REQUIRED when mysql support is enabled in vpopmail. The INSTALL file is right. Short note; quoting the INSTALL file: --- begin --- 13. For sites using the mysql module and --enable-roaming-users=y it is highly suggested to use Matt Simersons tcpserver-mysql patch. This removes the need for vpopmail to compile a tcp.smtp.cdb file for each pop authentication. Instead, tcpserver looks directly into the vpopmail mysql table of IP's. --- end --- It is correct that the tcpserver-mysql patch removes the need for vpopmail to compile a tcp.smtp.cdb file for each pop authentication. That's true, the _need_ for that functionality is removed - but not the functionality itself! vpopmail still compiles a tcp.smtp.cdb file, so the tcpserver-mysql patch doesn't mean anything to vpopmail. As vpopmail doesn't know of you're using the tcpserver-mysql patch, it has no way to know that it doesn't have to update tcp.smtp.cdb. I don't think there's a big performance hit using the tcpserver-mysql patch, as reading from a cdb file is already extremely fast. Thus, the benefit isn't in tcpserver itself; but it's the _possibility_ to remove the time-consuming tcp.smtp.cdb rebuild functionality from the vpopmail code. If you don't do that (manually), the tcpserver-mysql patch doesn't mean anything better to you compared to a working cdb setup without it. To make that patch really usable, vpopmail needs a way to know that it doesn't have to update tcp.smtp.cdb, maybe a ./configure parameter like --i-use-the-tcpserver-mysql-patch-and-thus-do-not-need-cdb-updates. In some situations (like yours, Jesse), the tcpserver-mysql patch seems to act as a fix, but it actually is a different thing. Your problems have been with file permissions, not with vpopmail requiring a patch that's marked as optional/suggested. It only looks like a fix because its totally different approach doesn't depend on file permissions. And, while we're at it... the newest README.mysql file tells us to... #define MYSQL_UPDATE_SERVER localhost #define MYSQL_UPDATE_USER root #define MYSQL_UPDATE_PASSWD secret #define MYSQL_READ_SERVER localhost #define MYSQL_READ_USER root #define MYSQL_READ_PASSWD secret From a security perspective, it should be preferred to use a dedicated MySQL user instead of root; this would highly reduce the danger that a possibly table-corrupting vpopmail bug would have on MySQL data. Yes, it's the user's choice, and MySQL administrators should already know that, but IMHO the README.mysql file should set a good example here. Jonas
Re: [vchkpw] qmail-pop3d does not run with tcpserver
- Original Message - From: Ihsan Turkmen [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, February 28, 2003 8:35 AM Subject: [vchkpw] qmail-pop3d does not run with tcpserver 1. I can make qmail-pop3d run with xined ,but it does not run with tcpserver. 2. /var/log/qmail-pop3d/current /whateever th path is) is empty. 3. When I run the deamon manually, my typing is logged in the log (current) file. I found several mail threads in the search engines.But no answer for the question. You can suggest me a maillist or a solution . Qmail mailing list might help, but it's doubtful. Probably your best bet would be to research the way that qmail-smtpd is run from tcpserver and read about tcpserver in your man pages and on the web. Then attempt to duplicate that functionality with qmail-pop3d. Research is usually the name of the game with UNIX. Best reagards.. Shsan
RE: [vchkpw] qmail-pop3d does not run with tcpserver
And a copy of your startup scripts might help with troubleshooting. Saying it doesn't work without showing us what's in your scripts is very vague and hard to troubleshoot. -Clayton -Original Message- From: Jesse Guardiani [mailto:[EMAIL PROTECTED] Sent: Friday, February 28, 2003 6:38 AM To: [EMAIL PROTECTED] Subject: Re: [vchkpw] qmail-pop3d does not run with tcpserver - Original Message - From: Ihsan Turkmen [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, February 28, 2003 8:35 AM Subject: [vchkpw] qmail-pop3d does not run with tcpserver 1. I can make qmail-pop3d run with xined ,but it does not run with tcpserver. 2. /var/log/qmail-pop3d/current /whateever th path is) is empty. 3. When I run the deamon manually, my typing is logged in the log (current) file. I found several mail threads in the search engines.But no answer for the question. You can suggest me a maillist or a solution . Qmail mailing list might help, but it's doubtful. Probably your best bet would be to research the way that qmail-smtpd is run from tcpserver and read about tcpserver in your man pages and on the web. Then attempt to duplicate that functionality with qmail-pop3d. Research is usually the name of the game with UNIX. Best reagards.. Shsan
[vchkpw] tcpserver won't die when started with the -D flag
Hello all, I have a strange problem with tcpserver and the pop3 daemon. The short story: When I start the pop3 daemon through tcpserver with the -D flag the daemon refuses to die when I run svc -d /service/qmail-pop3d. Without the -D, the pop3 server is extremely slow and is serving only 3-4 messages per second. The long story: tcpserver refuses to die using svc -d /service/qmail-pop3d when the startup script looks like this: #!/bin/sh tcpserver -H -R -D -lmail.yourplana.com 0 pop3 \ /var/qmail/bin/qmail-popup mail.yourplana.com \ /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 21 If I try to start the pop3 daemon again with svc -u /service/qmail-pop3d I get the well known tcpserver: fatal: unable to bind: address already used error message. To kill the tcpserver I have to run 'lsof | grep tcpserver' and then kill the pid of the tcpserver -OR- just 'killall tcpserver'. Then I can start the pop3 daemon through tcpserver again. When I'm using this startup script I' having no start/stop problems, but the pop3 daemon is terribly slow and hands out only 3-4 messages to the client per second: #!/bin/sh tcpserver -H -R -lmail.yourplana.com 0 pop3 \ /var/qmail/bin/qmail-popup mail.yourplana.com \ /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 21 Please note that the only thing changed here is the tcpserver startup flags. The first startup script has the extra -D and won't die, the second one is without the -D flag and is terribly slow but dies nicely. All the -D flag does is telling the tcpserver not to delay sending data, so I can't imagine why it becomes a problem when stopping the tcpserver. Any ideas? Thanks, -- Erik
Re: [vchkpw] tcpserver won't die when started with the -D flag
what operating system are you running? not all systems support TCP_NODELAY equally. If a system has poor TCP_NODELAY support, i would imagine it could cause this behavior. At 12:44 PM 01-15-2003, [EMAIL PROTECTED] wrote: Hello all, I have a strange problem with tcpserver and the pop3 daemon. The short story: When I start the pop3 daemon through tcpserver with the -D flag the daemon refuses to die when I run svc -d /service/qmail-pop3d. Without the -D, the pop3 server is extremely slow and is serving only 3-4 messages per second. The long story: tcpserver refuses to die using svc -d /service/qmail-pop3d when the startup script looks like this: #!/bin/sh tcpserver -H -R -D -lmail.yourplana.com 0 pop3 \ /var/qmail/bin/qmail-popup mail.yourplana.com \ /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 21 If I try to start the pop3 daemon again with svc -u /service/qmail-pop3d I get the well known tcpserver: fatal: unable to bind: address already used error message. To kill the tcpserver I have to run 'lsof | grep tcpserver' and then kill the pid of the tcpserver -OR- just 'killall tcpserver'. Then I can start the pop3 daemon through tcpserver again. When I'm using this startup script I' having no start/stop problems, but the pop3 daemon is terribly slow and hands out only 3-4 messages to the client per second: #!/bin/sh tcpserver -H -R -lmail.yourplana.com 0 pop3 \ /var/qmail/bin/qmail-popup mail.yourplana.com \ /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 21 Please note that the only thing changed here is the tcpserver startup flags. The first startup script has the extra -D and won't die, the second one is without the -D flag and is terribly slow but dies nicely. All the -D flag does is telling the tcpserver not to delay sending data, so I can't imagine why it becomes a problem when stopping the tcpserver. Any ideas? Thanks, -- Erik Paul Theodoropoulos http://www.anastrophe.com http://folding.stanford.edu The Nicest Misanthrope on the Net
Re: [vchkpw] Relay Problems: tcpserver?
On Thu, 2 Jan 2003, Tim Hasson wrote: Tim, Are you using tcpserver -x ~vpopmail/etc/tcp.smtp.cdb in your qmail-smtpd run file? If yes, then proceed.. I was using tcp.smtp.cdb in vpopmail for roaming users until I upgraded to 5.2.1 w/ mysql, so i ended up also applying matt simerson's mysql patch to tcpserver (or ucscpi package -- as recommended by README.mysql): http://matt.simerson.net/computing/mail/qmail/ucspi-tcp-0.88-mysql.patch After that you could run tcpserver with the new -S option (to enable tcpserver to read relay information from vpopmail's relay table in mysql) Just make sure you create a file /var/qmail/control/sql containing: server localhost port3306 databasevpopmail table relay userusername passsecret time7200 Then you could compile your tcp.smtp to another location (for example /etc/tcp.smtp.cdb) and change tcpserver -x to that new file (maintaining the additional -S option). This way, you will have a slim tcp.smtp.cdb that never changes except when you change it. This is a much better approach if you are using both --enable-roaming-users=y and --enable- mysql=y. Many thanks for the pointers. I'll try this out ASAP... --Duncan
Re: [vchkpw] Relay Problems: tcpserver?
Greetings, I'm running vpopmail+qmail+mysql on RedHat 7.3. Everything seems to be working fine except for roaming user POP authentication. I've tried a number of different tcpserver configs I've found in the docs and through googling, but none seem to solve the problem. ~vpopmail/etc/tcp.smtp.cdb is updated (time stamp changes) whenever I POP to the server, but the remote IP is never added to the .cdb database and roaming users are getting relaying denied errors after POPing. I've got the same setup, and I'm experiencing the same thing, I think. If anyone has insight, I'd love to know the solution. Any suggestion/pointers would be greatly appreciated. TIA, --Duncan
Re: [vchkpw] Relay Problems: tcpserver?
Are you using tcpserver -x ~vpopmail/etc/tcp.smtp.cdb in your qmail-smtpd run file? If yes, then proceed.. I was using tcp.smtp.cdb in vpopmail for roaming users until I upgraded to 5.2.1 w/ mysql, so i ended up also applying matt simerson's mysql patch to tcpserver (or ucscpi package -- as recommended by README.mysql): http://matt.simerson.net/computing/mail/qmail/ucspi-tcp-0.88-mysql.patch After that you could run tcpserver with the new -S option (to enable tcpserver to read relay information from vpopmail's relay table in mysql) Just make sure you create a file /var/qmail/control/sql containing: server localhost port3306 databasevpopmail table relay userusername passsecret time7200 Then you could compile your tcp.smtp to another location (for example /etc/tcp.smtp.cdb) and change tcpserver -x to that new file (maintaining the additional -S option). This way, you will have a slim tcp.smtp.cdb that never changes except when you change it. This is a much better approach if you are using both --enable-roaming-users=y and --enable- mysql=y. Quoting Matthew Walker [EMAIL PROTECTED]: Greetings, I'm running vpopmail+qmail+mysql on RedHat 7.3. Everything seems to be working fine except for roaming user POP authentication. I've tried a number of different tcpserver configs I've found in the docs and through googling, but none seem to solve the problem. ~vpopmail/etc/tcp.smtp.cdb is updated (time stamp changes) whenever I POP to the server, but the remote IP is never added to the .cdb database and roaming users are getting relaying denied errors after POPing. I've got the same setup, and I'm experiencing the same thing, I think. If anyone has insight, I'd love to know the solution. Any suggestion/pointers would be greatly appreciated. TIA, --Duncan
[vchkpw] Relay Problems: tcpserver?
Greetings, I'm running vpopmail+qmail+mysql on RedHat 7.3. Everything seems to be working fine except for roaming user POP authentication. I've tried a number of different tcpserver configs I've found in the docs and through googling, but none seem to solve the problem. ~vpopmail/etc/tcp.smtp.cdb is updated (time stamp changes) whenever I POP to the server, but the remote IP is never added to the .cdb database and roaming users are getting relaying denied errors after POPing. Any suggestion/pointers would be greatly appreciated. TIA, --Duncan
[vchkpw] tcpserver-mysql patch
/* server sql.mailserver.com port3306 databasevpopmail table relay uservpopmail passsecret time1800 */ there is this line inside the db.c should we uncomment it and replace with our settings?
Re: [vchkpw] tcpserver-mysql patch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Said Neo Wee Teck on Wed, Oct 30, 2002 at 11:55:31PM +0800: /* server sql.mailserver.com port3306 databasevpopmail table relay uservpopmail passsecret time1800 */ there is this line inside the db.c should we uncomment it and replace with our settings? No, create a /var/qmail/control/sql that contains that info. - -- [!] Justin R. Miller [EMAIL PROTECTED] Encrypted email preferred (key 0xC9C40C31) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE9wAXD94d6K8nEDDERAhj7AKCVTlf/w8vLGJhyJkT5s6y2iMr6CACfRxmY B7MNCLu7PpuX90SxvlZp8vY= =wWpI -END PGP SIGNATURE-
Re: [vchkpw] Using tcpserver/mysql
On Friday, September 6, 2002, at 07:10 AM, David Phillips wrote: Paul Fries writes: Yeah I have been really pulling my hair out over that one. =) With as many Pop-3 connections/sec that our servers handle I thought that I would make things a little smoother if Vpopmail didn't write the cdb. I am afraid that the hash would become corrupt and cause relay problems for my users. Assuming that vpopmail has proper locking for the tcprules(1) source file and uses unique temporary files everytime it runs tcprules, then this isn't a problem. tcprules atomically updates the cdb file. In theory, you are correct David. In practice, that file gets truncated regularly on a high volume mail server. Discovering that, and subsequent problems because of it caused me to write the mysql patch in the first place. Matt
Re: [vchkpw] Using tcpserver/mysql
Paul Fries writes: Yeah I have been really pulling my hair out over that one. =) With as many Pop-3 connections/sec that our servers handle I thought that I would make things a little smoother if Vpopmail didn't write the cdb. I am afraid that the hash would become corrupt and cause relay problems for my users. Assuming that vpopmail has proper locking for the tcprules(1) source file and uses unique temporary files everytime it runs tcprules, then this isn't a problem. tcprules atomically updates the cdb file. -- David Phillips [EMAIL PROTECTED] http://david.acz.org/
Re: [vchkpw] Using tcpserver/mysql
Paul, You are exactly correct. Even when using my patch, vpopmail continues to update the tcp.smtp.cdb file. There's one reason for that. The first is that my suggestion for adding a --dont-update-tcprulesfile=true was never implemented. Granted, it would only benefit a few users (really big ones like me) and it really doesn't make that much difference. So, in short you are right. You can do as I do and manually disable the routines in the vpopmail code that writes out the file, or you can just ignore it. If you're really clever, you can code in a --don't-update-tcprulesfile function but to save some time, you might want to search through the archives of this list as I've already been down that road. Matt On Tuesday, September 3, 2002, at 12:08 PM, Paul Fries wrote: Greetings, I am trying to accomplish using vpopmail with the tcpserver/mysql patch. Based on the documentation found on step 13 of http://www.inter7.com/vpopmail/INSTALL: -- For sites using the mysql module and --enable-roaming-users=y it is highly suggested to use Matt Simersons tcpserver-mysql patch. This removes the need for vpopmail to compile a tcp.smtp.cdb file for each pop authentication. -- I have implemented the patch, and verified that tcpserver is reading my /var/qmail/control/sql file properly (if I chmod 000 this file, tcpserver complains about it on startup). Also with --enable-roaming-users=y in vpopmail, vchkpw properly writes the authenticated IP addresses/timestamp to the vpopmail.relay table in MySQL. My problem is this: Even though it is properly writing the IPs to the vpopmail.relay table, it is also writing them into the tcp.smtp.cdb hash file. I would like it to ONLY write to MySQL and not to the .cdb. I have tried --enable-roaming-users=n, but this causes vchkpw to stop writing the IP addresses to either location. It is almost like there should be a --dont-update-tcprulesfile=true variable upon configuration. Am I missing something here? Has someone else configured vpopmail in this manner and gotten around this problem? Thanks! Regards, Paul Fries [EMAIL PROTECTED]
RE: [vchkpw] Using tcpserver/mysql
Thanks Matt. =) Yeah I have been really pulling my hair out over that one. =) With as many Pop-3 connections/sec that our servers handle I thought that I would make things a little smoother if Vpopmail didn't write the cdb. I am afraid that the hash would become corrupt and cause relay problems for my users. Instead, I am just having vpopmail write to a cdb elsewhere on the file system that nothing else reads. Then I have tcpserver read a different cdb file that I have created. It's messy, but it works. =) Paul J. Fries CWIE, LLC - Internet Services -Original Message- From: Matt Simerson [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 05, 2002 11:24 AM To: Paul Fries Cc: [EMAIL PROTECTED] Subject: Re: [vchkpw] Using tcpserver/mysql Paul, You are exactly correct. Even when using my patch, vpopmail continues to update the tcp.smtp.cdb file. There's one reason for that. The first is that my suggestion for adding a --dont-update-tcprulesfile=true was never implemented. Granted, it would only benefit a few users (really big ones like me) and it really doesn't make that much difference. So, in short you are right. You can do as I do and manually disable the routines in the vpopmail code that writes out the file, or you can just ignore it. If you're really clever, you can code in a --don't-update-tcprulesfile function but to save some time, you might want to search through the archives of this list as I've already been down that road. Matt On Tuesday, September 3, 2002, at 12:08 PM, Paul Fries wrote: Greetings, I am trying to accomplish using vpopmail with the tcpserver/mysql patch. Based on the documentation found on step 13 of http://www.inter7.com/vpopmail/INSTALL: -- For sites using the mysql module and --enable-roaming-users=y it is highly suggested to use Matt Simersons tcpserver-mysql patch. This removes the need for vpopmail to compile a tcp.smtp.cdb file for each pop authentication. -- I have implemented the patch, and verified that tcpserver is reading my /var/qmail/control/sql file properly (if I chmod 000 this file, tcpserver complains about it on startup). Also with --enable-roaming-users=y in vpopmail, vchkpw properly writes the authenticated IP addresses/timestamp to the vpopmail.relay table in MySQL. My problem is this: Even though it is properly writing the IPs to the vpopmail.relay table, it is also writing them into the tcp.smtp.cdb hash file. I would like it to ONLY write to MySQL and not to the .cdb. I have tried --enable-roaming-users=n, but this causes vchkpw to stop writing the IP addresses to either location. It is almost like there should be a --dont-update-tcprulesfile=true variable upon configuration. Am I missing something here? Has someone else configured vpopmail in this manner and gotten around this problem? Thanks! Regards, Paul Fries [EMAIL PROTECTED]
RE: [vchkpw] Using tcpserver/mysql
;) Yep Doing that with the -S. That causes it to read the database. It is vchkpw that is updating the hash file. Paul J. Fries CWIE, LLC - Internet Services -Original Message- From: slashboy [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 03, 2002 10:52 AM To: [EMAIL PROTECTED] Subject: RE: [vchkpw] Using tcpserver/mysql ChangeLog: v1.6 - SMTP relay table is entirely contained in a MySQL table. Previously the tcp.smtp.cdb file was still generated based upon the contents of a MySQL table. We have modified the tcpserver application to check a MySQL table (instead of a flat file) for each SMTP session to determine if a user's IP can relay or not. If the database connection fails, we allow the SMTP session anyway but don't allow relaying. Invoke tcpserver with the -S flag to utilize the new feature. :) -Original Message- From: Paul Fries [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 04, 2002 12:08 AM To: [EMAIL PROTECTED] Subject: [vchkpw] Using tcpserver/mysql Greetings, I am trying to accomplish using vpopmail with the tcpserver/mysql patch. Based on the documentation found on step 13 of http://www.inter7.com/vpopmail/INSTALL: -- For sites using the mysql module and --enable-roaming-users=y it is highly suggested to use Matt Simersons tcpserver-mysql patch. This removes the need for vpopmail to compile a tcp.smtp.cdb file for each pop authentication. -- I have implemented the patch, and verified that tcpserver is reading my /var/qmail/control/sql file properly (if I chmod 000 this file, tcpserver complains about it on startup). Also with --enable-roaming-users=y in vpopmail, vchkpw properly writes the authenticated IP addresses/timestamp to the vpopmail.relay table in MySQL. My problem is this: Even though it is properly writing the IPs to the vpopmail.relay table, it is also writing them into the tcp.smtp.cdb hash file. I would like it to ONLY write to MySQL and not to the .cdb. I have tried --enable-roaming-users=n, but this causes vchkpw to stop writing the IP addresses to either location. It is almost like there should be a --dont-update-tcprulesfile=true variable upon configuration. Am I missing something here? Has someone else configured vpopmail in this manner and gotten around this problem? Thanks! Regards, Paul Fries [EMAIL PROTECTED]
RE: [vchkpw] Using tcpserver/mysql
Yep. Have that, and tcpserver is reading it properly. Paul J. Fries CWIE, LLC - Internet Services -Original Message- From: slashboy [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 03, 2002 11:05 AM To: [EMAIL PROTECTED] Subject: RE: [vchkpw] Using tcpserver/mysql Hmm... One more thing I notice also, you will need a file /qmaildir/control/sql Content server sql.server port 3306 database vpopmail table relay user sqluser pass sqlpass time 1800 *Assuming mySQL using port 3306 :P correct me if I'm wrong -Original Message- From: Paul Fries [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 04, 2002 1:57 AM To: 'slashboy'; [EMAIL PROTECTED] Subject: RE: [vchkpw] Using tcpserver/mysql ;) Yep Doing that with the -S. That causes it to read the database. It is vchkpw that is updating the hash file. Paul J. Fries CWIE, LLC - Internet Services -Original Message- From: slashboy [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 03, 2002 10:52 AM To: [EMAIL PROTECTED] Subject: RE: [vchkpw] Using tcpserver/mysql ChangeLog: v1.6 - SMTP relay table is entirely contained in a MySQL table. Previously the tcp.smtp.cdb file was still generated based upon the contents of a MySQL table. We have modified the tcpserver application to check a MySQL table (instead of a flat file) for each SMTP session to determine if a user's IP can relay or not. If the database connection fails, we allow the SMTP session anyway but don't allow relaying. Invoke tcpserver with the -S flag to utilize the new feature. :) -Original Message- From: Paul Fries [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 04, 2002 12:08 AM To: [EMAIL PROTECTED] Subject: [vchkpw] Using tcpserver/mysql Greetings, I am trying to accomplish using vpopmail with the tcpserver/mysql patch. Based on the documentation found on step 13 of http://www.inter7.com/vpopmail/INSTALL: -- For sites using the mysql module and --enable-roaming-users=y it is highly suggested to use Matt Simersons tcpserver-mysql patch. This removes the need for vpopmail to compile a tcp.smtp.cdb file for each pop authentication. -- I have implemented the patch, and verified that tcpserver is reading my /var/qmail/control/sql file properly (if I chmod 000 this file, tcpserver complains about it on startup). Also with --enable-roaming-users=y in vpopmail, vchkpw properly writes the authenticated IP addresses/timestamp to the vpopmail.relay table in MySQL. My problem is this: Even though it is properly writing the IPs to the vpopmail.relay table, it is also writing them into the tcp.smtp.cdb hash file. I would like it to ONLY write to MySQL and not to the .cdb. I have tried --enable-roaming-users=n, but this causes vchkpw to stop writing the IP addresses to either location. It is almost like there should be a --dont-update-tcprulesfile=true variable upon configuration. Am I missing something here? Has someone else configured vpopmail in this manner and gotten around this problem? Thanks! Regards, Paul Fries [EMAIL PROTECTED]
RE: [vchkpw] Using tcpserver/mysql
That would keep tcpserver from reading the hash. However, vchkpw will still go about happily updating this file on every popauth even though nothing is reading it. Seems like a waste of CPU cycles to me. Also, I WANT tcpserver to read this file so that I can use it for blocking mail from abusive hosts, etc. I just do not want vchkpw to update it on every popauth. Paul J. Fries CWIE, LLC - Internet Services -Original Message- From: slashboy [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 03, 2002 10:47 AM To: 'Paul Fries' Subject: RE: [vchkpw] Using tcpserver/mysql Ooops I repeating what you said Maybe try running the tcpserver without -x /xxx/tcp.smtp.cdb option -Original Message- From: Paul Fries [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 04, 2002 12:08 AM To: [EMAIL PROTECTED] Subject: [vchkpw] Using tcpserver/mysql Greetings, I am trying to accomplish using vpopmail with the tcpserver/mysql patch. Based on the documentation found on step 13 of http://www.inter7.com/vpopmail/INSTALL: -- For sites using the mysql module and --enable-roaming-users=y it is highly suggested to use Matt Simersons tcpserver-mysql patch. This removes the need for vpopmail to compile a tcp.smtp.cdb file for each pop authentication. -- I have implemented the patch, and verified that tcpserver is reading my /var/qmail/control/sql file properly (if I chmod 000 this file, tcpserver complains about it on startup). Also with --enable-roaming-users=y in vpopmail, vchkpw properly writes the authenticated IP addresses/timestamp to the vpopmail.relay table in MySQL. My problem is this: Even though it is properly writing the IPs to the vpopmail.relay table, it is also writing them into the tcp.smtp.cdb hash file. I would like it to ONLY write to MySQL and not to the .cdb. I have tried --enable-roaming-users=n, but this causes vchkpw to stop writing the IP addresses to either location. It is almost like there should be a --dont-update-tcprulesfile=true variable upon configuration. Am I missing something here? Has someone else configured vpopmail in this manner and gotten around this problem? Thanks! Regards, Paul Fries [EMAIL PROTECTED]
Re: [vchkpw] tcpserver mysql patch
the vchkpw program updates the tcp.smtp.cdb file. So you'll need to reconfigure vpopmail without roaming-users (the default is roaming users turned off). Ken Jones On Friday 30 August 2002 11:31 pm, Paul Fries wrote: Please forgive me if this is the wrong forum for this question. It seems that even after applying Matt Simerson's tcpserver-mysql patch, the tcp.smtp.cdb file is still being rehashed on every pop authentication. I am getting data in the relay table properly, and my /var/qmail/control/sql file is correct. Also, my qmail-smtpd/run file includes the -S flag to tcpserver. Does anyone know what I am missing here? Thanks! Regards, Paul Fries [EMAIL PROTECTED]
RE: [vchkpw] tcpserver mysql patch
Hmm. I tried that, but then the IP addresses are no longer written to my vpopmail/relay table in the MySQL database. -Original Message- From: Ken Jones [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 31, 2002 9:25 AM To: Paul Fries; 'VpopMail Mailing List' Subject: Re: [vchkpw] tcpserver mysql patch the vchkpw program updates the tcp.smtp.cdb file. So you'll need to reconfigure vpopmail without roaming-users (the default is roaming users turned off). Ken Jones On Friday 30 August 2002 11:31 pm, Paul Fries wrote: Please forgive me if this is the wrong forum for this question. It seems that even after applying Matt Simerson's tcpserver-mysql patch, the tcp.smtp.cdb file is still being rehashed on every pop authentication. I am getting data in the relay table properly, and my /var/qmail/control/sql file is correct. Also, my qmail-smtpd/run file includes the -S flag to tcpserver. Does anyone know what I am missing here? Thanks! Regards, Paul Fries [EMAIL PROTECTED]
[vchkpw] tcpserver mysql patch
Please forgive me if this is the wrong forum for this question. It seems that even after applying Matt Simerson's tcpserver-mysql patch, the tcp.smtp.cdb file is still being rehashed on every pop authentication. I am getting data in the relay table properly, and my /var/qmail/control/sql file is correct. Also, my qmail-smtpd/run file includes the -S flag to tcpserver. Does anyone know what I am missing here? Thanks! Regards, Paul Fries [EMAIL PROTECTED]
problem with tcpserver
hi all iam trying to patch tcpserver-mysql patch (adds MySQL support) i patched like this patch -strip ucspi-tcp-0.88-mysql.patch when i try to make iam getting following erro ./compile db.c db.c:4:19: mysql.h: No such file or directory make: *** [db.o] Error 1 iam using redhat 7.2 with vpopmail 5.0 and mysql-3.23.41-1 what could be the problem any help thanks _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Re: problem with tcpserver
hi all sorry to mention that iam already running vpopmail with mysql with any problem with out patching i want to patch this and reconfigure - Original Message - From: Dushyanth Harinath [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 16, 2001 5:29 PM Subject: Re: problem with tcpserver Hi, hari_bhr wrote : iam trying to patch tcpserver-mysql patch (adds MySQL support) i patched like this patch -strip ucspi-tcp-0.88-mysql.patch when i try to make iam getting following erro ./compile db.c db.c:4:19: mysql.h: No such file or directory make: *** [db.o] Error 1 iam using redhat 7.2 with vpopmail 5.0 and mysql-3.23.41-1 what could be the problem Did u install mysql with source or rpm... if u installed it using rpm's..did u install the mysql-devel rpm ? cheers dushyanth -- Linux is like living in a teepee.| Dushyanth .H No Windows, no Gates,| Archean Infotech Apache in house. | www.archeanit.com - This email was sent using SquirrelMail. Webmail for nuts! http://squirrelmail.org/ _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
RE: Matt Simersons tcpserver-mysql patch.
Not sure the vpopmail list is the best place to be asking a sqwebmail question. Look in the authdaemonrc file and see what authentication modules it's running inside there. The name of authdaemon doesn't really seem to matter, but the list of authmodules in the rc file does. If you're only using vchkpw to authenticate, then only have that one authentication module loaded. Regards, Tren. -Original Message- From: hari_bhr [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 18, 2001 11:38 PM To: [EMAIL PROTECTED] Subject: Re: Matt Simersons tcpserver-mysql patch. hi all iam using authentication more with vpopmail used mysql and authvchkpw but when iam running qmail iam getting this services running ia not using ldap at all how do i remove thanks root 951 946 0 10:40 ?00:00:00 /usr/local/share/sqwebmail/libexec/authlib/authdaemond.ldap start root 952 946 0 10:40 ?00:00:00 /usr/local/share/sqwebmail/libexec/authlib/authdaemond.ldap start root 953 946 0 10:40 ?00:00:00 /usr/local/share/sqwebmail/libexec/authlib/authdaemond.ldap start _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Matt Simersons tcpserver-mysql patch.
hi all can some one tell me where can i get this patch thanks _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Re: Matt Simersons tcpserver-mysql patch.
hi all i have down loaded the patch how do i patch, where should i patch till now i did not ahve problem with my qmail setup could some one recomed why do i need this patch but in the installation procedure receomended highly if i use large site if i dont what will be the problem if i apply what is the adavantage thanks - Original Message - From: Yuri A. Kabaenkov [EMAIL PROTECTED] To: hari_bhr [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, October 18, 2001 4:35 PM Subject: Re: Matt Simersons tcpserver-mysql patch. Hello hari_bhr, Thursday, October 18, 2001, 3:26:33 PM, you wrote: h hi all h can some one tell me where can i get this patch I think you can found it on http://matt.simerson.com h thanks h _ h Do You Yahoo!? h Get your free @yahoo.com address at http://mail.yahoo.com With respect, Yuri A. Kabaenkov [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Re: Matt Simersons tcpserver-mysql patch.
hari_bhr wrote: hi all i have down loaded the patch how do i patch, where should i patch till now i did not ahve problem with my qmail setup could some one recomed why do i need this patch but in the installation procedure receomended highly if i use large site if i dont what will be the problem if i apply what is the adavantage thanks - Original Message - From: Yuri A. Kabaenkov [EMAIL PROTECTED] To: hari_bhr [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, October 18, 2001 4:35 PM Subject: Re: Matt Simersons tcpserver-mysql patch. Hello hari_bhr, Thursday, October 18, 2001, 3:26:33 PM, you wrote: h hi all h can some one tell me where can i get this patch I think you can found it on http://matt.simerson.com h thanks h _ h Do You Yahoo!? h Get your free @yahoo.com address at http://mail.yahoo.com With respect, Yuri A. Kabaenkov [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com hi my question is it uses whichever table u tell it right does anyone know if it still uses the cdb due to the fact that i also clear my relay table - Energy Equals Milk Chocolate Squared -
Re: Matt Simersons tcpserver-mysql patch.
hi all iam using authentication more with vpopmail used mysql and authvchkpw but when iam running qmail iam getting this services running ia not using ldap at all how do i remove thanks root 951 946 0 10:40 ?00:00:00 /usr/local/share/sqwebmail/libexec/authlib/authdaemond.ldap start root 952 946 0 10:40 ?00:00:00 /usr/local/share/sqwebmail/libexec/authlib/authdaemond.ldap start root 953 946 0 10:40 ?00:00:00 /usr/local/share/sqwebmail/libexec/authlib/authdaemond.ldap start _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Re: running two copies of qmail-smtpd/tcpserver one with RBL one without...
Does it have to be different ports can it just be different IP addresses bound to the same interface? - Original Message - From: Mark Persohn [EMAIL PROTECTED] To: Qmail [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, August 20, 2001 10:16 AM Subject: Re: running two copies of qmail-smtpd/tcpserver one with RBL one without... No there is no reason you can't run 2 tcpservers on different ports I run four with differnet combos of RBL and Antivirus scanning. Mark Qmail wrote: Is there any reason not to run two with seperate IPs on the same server. I'm running This way we could easly allow domainholders to choose whether they want their mail filtered using the various DNS based blacklists or not, simply by pointing their mail to one of two IPs. Everything else would be the same on the machine. Am I missing something?
Re: running two copies of qmail-smtpd/tcpserver one with RBL one without...
No there is no reason you can't run 2 tcpservers on different ports I run four with differnet combos of RBL and Antivirus scanning. Mark Qmail wrote: Is there any reason not to run two with seperate IPs on the same server. I'm running This way we could easly allow domainholders to choose whether they want their mail filtered using the various DNS based blacklists or not, simply by pointing their mail to one of two IPs. Everything else would be the same on the machine. Am I missing something?
running two copies of qmail-smtpd/tcpserver one with RBL one without...
Is there any reason not to run two with seperate IPs on the same server. I'm running This way we could easly allow domainholders to choose whether they want their mail filtered using the various DNS based blacklists or not, simply by pointing their mail to one of two IPs. Everything else would be the same on the machine. Am I missing something?
I: smtp auth with tcpserver and vchkpw
*Sorry I posted with the wrong address before* Hello everybody, does someone knows where I can find any documentation for the start up script of qmail-smtpd (auth patched) with tcpserver and vchkpw as authenticator ? thanks Stefano Baronio Cefin Systems Italia s.r.l. 88, c.so Duca degli Abruzzi 10129, Torino -ITALY- Tel:+39.011.504609 Fax:+39.011.504386 [EMAIL PROTECTED] www.sateltrack.com
tcpserver
Hello, I installed vpopmail with mysql and everthing seems to work fine. I can add virutal domains, users using vpopmail and the information is also stored in mysql db. So everything seems to work fine. The problem is with tcpserver. When i execute tcpserver as mentioned in INSTALL file that comes with the distribution i get the following error tcpserver: fatal: unable to figure out port number for /var/qmail/bin/qmail-popup I'm using RH Linux 7.1 Aadish Shreshta Everest Net.
Re: tcpserver
Hello Aadish, On Monday, July 30, 2001 at 12:36:16 PM you wrote (at least in part): AS Hello, AS I installed vpopmail with mysql and everthing seems to work fine. I can add AS virutal domains, users using vpopmail and the information is also stored in AS mysql db. So everything seems to work fine. AS The problem is with tcpserver. When i execute tcpserver as mentioned in AS INSTALL file that comes with the distribution i get the following error AS tcpserver: fatal: unable to figure out port number for AS /var/qmail/bin/qmail-popup AS I'm using RH Linux 7.1 What's the start line of your tcpserver for pop3? It should look similar to this tcpserver 0 pop-3 qmail-popup HOSTNAME /home/of/vpopmail/bin/vchkpw qmail-pop3d Maildir/ ^ ^ | | | --- THIS must be the on listed in /etc/services for port 110 - THIS is the IP tcpserver binds itself on ('0' for all interfaces or specific IP [192.168.1.1, e.g.]) -- Best Regards Peter Palmreuther mailto:[EMAIL PROTECTED] Okay, everybody in this room who's telekinetic, raise my hand.
Re: Problem killing tcpserver
on 7/13/01 8:53 PM, Daniel Pook Ngai Lin at [EMAIL PROTECTED] spake: Hi I have problem shutting down the tcpserver process. seems like it isnt in the linux setup nor init.d nor cron jobs. Everytime I do a kill it respawn itself. Any tips? Thanks! Daniel Sounds like it's supervised. See http://cr.yp.to/daemontools.html for more info. Cheers, Bill Shupp
Re: Problem killing tcpserver
I have problem shutting down the tcpserver process. seems like it isnt in the linux setup nor init.d nor cron jobs. Everytime I do a kill it respawn itself. Any tips? Thanks! It wont start until u have started it.There's no way it will respawn itself after killing it...atleast i dint experience this... check ur startup line for tcpserver... regards dushyanth -- Dushyanth Harinath Archean Infotech Limited Ph No:091-040-3228666,6570704,3228674 http://www.archeanit.com - This email was sent using SquirrelMail. Webmail for nuts! http://squirrelmail.org/
tcpserver
This question is not specifically vpopmail but I'm hoping that someone can help me better understand qmail and tcpserver. Here goes: As I understand after reading the docs for tcpserver that if I use the -p option with qmail-smtpd that it will reject smtp requests from mailers that have no valid DNS entry. But my system doesn't appear to be doing that. Here is the final Recieve line from a Spam message that I got this morning: Received: from unknown (HELO mail.ntechville.com) (211.63.67.251) by mail.certainty.net with SMTP; 3 Jul 2001 04:35:30 -0400 Doesn't the unkown indicate that the DNS name was not resolvable and therefore the message should have been rejected? I also tried nslookup on the IP address and got nothing for it as expected. Here is my tcpserver run line for qmail-smtpd: exec /usr/local/bin/softlimit -m 200 /usr/local/bin/tcpserver -p -v -R -l mail.certainty.net -x /etc/tcp.smtp.cdb -c $MAXSMTPD -u $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd 21
Re: tcpserver
Your Received line breaks down like this: - unknown is the user identified by the ident service on the remote end. If the remote server is not running ident it will lag SMTP connections between 15 and 45 seconds, depending on the mailer. MS Exchange usually does not run ident, other servers could have it firewalled off. Because of this (chicken or the egg?), it's a helper for diagnosis, not a requirement of a SMTP session. - HELO mail.ntechville.com is who the remote server thinks it is and identifies itself as when it connects to your mail server - 211.63.67.251 is the IP of the remote mail server - mail.certainty.net is your mail server (or what it thinks it is) - the rest is obvious The enforcement of reverse DNS lookups requires the IP address to reverse-resolve to the HELO identification string. The reverse DNS requirement helps knock down rogue mail servers or ones that are improperly configured. It does not block spammers if they have their mail server properly setup. If this leads to a spammer hitting your server I have built notes for tracking techniques if you are interested. Hope this helps, -Dave - Original Message - From: Ed Henderson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 03, 2001 8:50 AM Subject: tcpserver This question is not specifically vpopmail but I'm hoping that someone can help me better understand qmail and tcpserver. Here goes: As I understand after reading the docs for tcpserver that if I use the -p option with qmail-smtpd that it will reject smtp requests from mailers that have no valid DNS entry. But my system doesn't appear to be doing that. Here is the final Recieve line from a Spam message that I got this morning: Received: from unknown (HELO mail.ntechville.com) (211.63.67.251) by mail.certainty.net with SMTP; 3 Jul 2001 04:35:30 -0400 Doesn't the unkown indicate that the DNS name was not resolvable and therefore the message should have been rejected? I also tried nslookup on the IP address and got nothing for it as expected. Here is my tcpserver run line for qmail-smtpd: exec /usr/local/bin/softlimit -m 200 /usr/local/bin/tcpserver -p -v -R -l mail.certainty.net -x /etc/tcp.smtp.cdb -c $MAXSMTPD -u $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd 21
tcpserver questions
1. When tcpserver is setup, do I remove the hosts.allow RELAYCLIENT line, or is it ignored? 2. Does the /var/qmail/users/cdb have anything to do with the /home/vpopmail/etc/tcp.smtp.cdb? 3. Once pop and smtp are handled by tcpserver, how do I control access to Courier-IMAP?
Re: tcpserver questions
* John Stile [EMAIL PROTECTED] [010508 00:43]: 1. When tcpserver is setup, do I remove the hosts.allow RELAYCLIENT line, or is it ignored? It is ignored 2. Does the /var/qmail/users/cdb have anything to do with the /home/vpopmail/etc/tcp.smtp.cdb? No 3. Once pop and smtp are handled by tcpserver, how do I control access to Courier-IMAP? man couriertcpd (man man /usr/lib/courier-imap/man/man8/couriertcpd.8 in my installation) -Johan -- Johan Almqvist http://www.almqvist.net/johan/qmail/ PGP signature
tcpserver w/ qmail+vpopmail?
Do I have all the steps here? I am mainly worried about the syntax of steps 4 and 5 (startup scripts syntax). # 1. Install tcpserver # gunzip ucspi-tcp-0.88.tar tar -xf ucspi-tcp-0.88.tar cd ucspi-tcp-0.88 make su make setup check ## # 2. Make the rules file # cat - EOT /home/vpopmail/etc/tcp.smtp.txt 127.0.0.1:allow,RELAYCLIENT= # local can relay 192.168.:allow,RELAYCLIENT=# private net can relay netzero.com:allow,RELAYCLIENT= # netzero.com can relay [EMAIL PROTECTED]:allow,RELAYCLIENT= # mail from jstile can relay :deny# deny all others EOT # 3. Make the database, fix perms, checkit # cat /etc/tcp.smtp | tcprules /home/vpopmail/etc/.smtp.cdb /home/vpopmail/etc/tcp.smtp.txt chmod 644 /home/vpopmail/etc/.smtp.cdb tcprulescheck /home/vpopmail/etc/.smtp.cdb # # 4. Make the smtp startup script for linux # # my qmaild uid=508, gid=509 cat - EOT /etc/rc.d/init.d/smtp #!/bin/sh env - PATH=/var/qmail/bin:/usr/local/bin \ tcpserver -H -R \ -x /home/vpopmail/etc/tcp.smtp.cdb \ -v -u 509 -g 508 0 \ smtp \ /var/qmail/bin/qmail-smtpd \ 21 | /var/qmail/bin/splogger smtpd 3 exit 0 EOT chmod 700 /etc/rc.d/init.d/smtp ## # 5. make the pop3 startup script for linux # cat - EOT /etc/rc.d/init.d/pop3 #!/bin/sh env - PATH=/var/qmail/bin:/usr/local/bin \ tcpserver -H -R 0 pop3 \ /var/qmail/bin/qmail-popup \ stilen.com \ /home/vpopmail/bin/vchkpw \ /var/qmail/bin/qmail-pop3d Maildir \ /var/qmail/bin/splogger pop3d exit 0 EOT chmod 700 /etc/rc.d/init.d/pop3 # 6. comment out lines from inetd, and HUP-it # sed 's/^pop/#pop/' /etc/inetd.conf /tmp/inetd.conf sed 's/^smtp/#smtp/' /tmp/inetd.conf /etc/inetd.conf ##3 # 7. startup tcpserver /etc/rc.d/init.d/smtp /etc/rc.d/init.d/pop3
Re: tcpserver w/ qmail+vpopmail?
Looks pretty good. I would send the output of tcpserver into multilog, not splogger/syslog. Ken Jones John Stile wrote: Do I have all the steps here? I am mainly worried about the syntax of steps 4 and 5 (startup scripts syntax). # 1. Install tcpserver # gunzip ucspi-tcp-0.88.tar tar -xf ucspi-tcp-0.88.tar cd ucspi-tcp-0.88 make su make setup check ## # 2. Make the rules file # cat - EOT /home/vpopmail/etc/tcp.smtp.txt 127.0.0.1:allow,RELAYCLIENT= # local can relay 192.168.:allow,RELAYCLIENT=# private net can relay netzero.com:allow,RELAYCLIENT= # netzero.com can relay [EMAIL PROTECTED]:allow,RELAYCLIENT= # mail from jstile can relay :deny# deny all others EOT # 3. Make the database, fix perms, checkit # cat /etc/tcp.smtp | tcprules /home/vpopmail/etc/.smtp.cdb /home/vpopmail/etc/tcp.smtp.txt chmod 644 /home/vpopmail/etc/.smtp.cdb tcprulescheck /home/vpopmail/etc/.smtp.cdb # # 4. Make the smtp startup script for linux # # my qmaild uid=508, gid=509 cat - EOT /etc/rc.d/init.d/smtp #!/bin/sh env - PATH=/var/qmail/bin:/usr/local/bin \ tcpserver -H -R \ -x /home/vpopmail/etc/tcp.smtp.cdb \ -v -u 509 -g 508 0 \ smtp \ /var/qmail/bin/qmail-smtpd \ 21 | /var/qmail/bin/splogger smtpd 3 exit 0 EOT chmod 700 /etc/rc.d/init.d/smtp ## # 5. make the pop3 startup script for linux # cat - EOT /etc/rc.d/init.d/pop3 #!/bin/sh env - PATH=/var/qmail/bin:/usr/local/bin \ tcpserver -H -R 0 pop3 \ /var/qmail/bin/qmail-popup \ stilen.com \ /home/vpopmail/bin/vchkpw \ /var/qmail/bin/qmail-pop3d Maildir \ /var/qmail/bin/splogger pop3d exit 0 EOT chmod 700 /etc/rc.d/init.d/pop3 # 6. comment out lines from inetd, and HUP-it # sed 's/^pop/#pop/' /etc/inetd.conf /tmp/inetd.conf sed 's/^smtp/#smtp/' /tmp/inetd.conf /etc/inetd.conf ##3 # 7. startup tcpserver /etc/rc.d/init.d/smtp /etc/rc.d/init.d/pop3
tcpserver setup how-to questions
Right now I run inetd for qmail-smtpd and qmail-pop3d with hosts.allow for smtp relay controlling. All the stuff I have read says to move to tcpserver, but I have some questions. 1. When tcpserver is setup, do I remove the hosts.allow RELAYCLIENT line, or is it ignored? 2. Does the /var/qmail/users/cdb have anything to do with the /home/vpopmail/etc/tcp.smtp.cdb? 3. Once pop and smtp are handled by tcpserver, how do I control access to Courier-IMAP? 4. Many people have posted problems with tcpserver setup. I am trying to make sense of it, and make it simple, and make a how-to. Are these the correct steps for smtp and pop3 with qmail+vpopmail? Why don't the setup instructions cover this better? # 1. Install tcpserver # gunzip ucspi-tcp-0.88.tar tar -xf ucspi-tcp-0.88.tar cd ucspi-tcp-0.88 make su make setup check ## # 2. Make the rules file # cat - EOT /home/vpopmail/etc/tcp.smtp.txt 127.0.0.1:allow,RELAYCLIENT= # local can relay 192.168.:allow,RELAYCLIENT= # private net can relay netzero.com:allow,RELAYCLIENT= # netzero.com can relay [EMAIL PROTECTED]:allow,RELAYCLIENT= # mail from jstile can relay :deny # deny all others EOT # 3. Make the database, fix perms, checkit # cat /etc/tcp.smtp | tcprules /home/vpopmail/etc/.smtp.cdb /home/vpopmail/etc/tcp.smtp.txt chmod 644 /home/vpopmail/etc/.smtp.cdb tcprulescheck /home/vpopmail/etc/.smtp.cdb # # 4. Make the smtp startup script for linux # # my qmaild uid=508, gid=509 cat - EOT /etc/rc.d/init.d/smtp #!/bin/sh env - PATH=/var/qmail/bin:/usr/local/bin \ tcpserver -H -R \ -x /home/vpopmail/etc/tcp.smtp.cdb \ -v -u 509 -g 508 0 \ smtp \ /var/qmail/bin/qmail-smtpd \ 21 | /var/qmail/bin/splogger smtpd 3 exit 0 EOT chmod 700 /etc/rc.d/init.d/smtp ## # 5. make the pop3 startup script for linux # cat - EOT /etc/rc.d/init.d/pop3 #!/bin/sh env - PATH=/var/qmail/bin:/usr/local/bin \ tcpserver -H -R 0 pop3 \ /var/qmail/bin/qmail-popup \ stilen.com \ /home/vpopmail/bin/vchkpw \ /var/qmail/bin/qmail-pop3d Maildir \ /var/qmail/bin/splogger pop3d exit 0 EOT chmod 700 /etc/rc.d/init.d/pop3 # 6. comment out lines from inetd, and HUP-it # sed 's/^pop/#pop/' /etc/inetd.conf /tmp/inetd.conf sed 's/^smtp/#smtp/' /tmp/inetd.conf /etc/inetd.conf ##3 # 7. startup tcpserver /etc/rc.d/init.d/smtp /etc/rc.d/init.d/pop3
qmail with tcpserver does not deliver any emails
Hi, I have installed qmail and vpopmail. Now I start qmail like this: smtp: ./tcpserver -u 502 -g 101 -x /home/vpopmail/etc/tcp.smtp.cdb 0 smtp /var/qmail/bin/qmail-smtpd pop3: ./tcpserver -H -R 0 pop3 /var/qmail/bin/qmail-popup name.domain.com /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir The user id 502 and gid 101 belongs to the extra qmail user and group. Now I can sent and receive mail but somehow all mails are messed up in the queue because neither they can be received via pop3 nor a remote host receives any message when I send one. When I start qmail like this, the mails are delivered immediately: exec env - PATH=/var/qmail/bin:$PATH \ qmail-start ./Maildir/ splogger qmail When a user logs in a tail -f /var/log/mail brings: May 4 19:40:50 rootbeer vpopmail[2475]: vchkpw login [EMAIL PROTECTED]:217.2.145.94 What is wrong here? When I authenticate via pop3 he says everything is okay. I compiled vpopmail with this line: ./configure --enable-roaming-users=y --enable-relay-clear-minutes=30 --enabl e-logging=y [EMAIL PROTECTED] --enable-passwd =n --enable-apop=y and even when I install it like this: ./configure --enable-roaming-users=y --enable-relay-clear-minutes=30 --enabl e-logging=y [EMAIL PROTECTED] It does not work either. I send an email to [EMAIL PROTECTED] and I did not get an error but it is not in his maildir. And when I sent a mail it is not delivered. Does anyone have more ideas? Bye, Sebastian
tcpserver problem
Hi All , I have installed the qmail+vpopmail .While starting it starting .But while I am try to send messages out it giving error message .As well as when I to telnet on port 25 the error message is connection closed by forign host . I checked the log file it shows failed to ma segment from shared object cann't allocate memory .Please advice me to overcome this problem . Thanks RegardsSundar @ Net:WxS CommunicationsSupport Engineer Ph : 258 8806 Ext : 142