[vchkpw] vpopmail and courier authentication whoas
So per Courier's instructions I am posting my questions to this list. I am on OpenBSD 3.2, with qmail, vpopmail 5.2.1, and courier 2.2.1. my vpopmail works like a dream and I don't have any problems. But I decided to add some IMAP connectivity for various reasons. I installed the latest Courier stable and did just a simple ./configure and let it run. Now anytime I try to authenticate locally, via telnet or anything else, I have strange authentication issues. So long as the username part of the login email ([EMAIL PROTECTED]) is a local system account as well, it logs on just fine. But as soon as I enter ANY virtual account, it fails with: Dec 31 02:44:30 gstc01 imapd: Connection, ip=[::1] Dec 31 02:44:47 gstc01 imapd: LOGIN: DEBUG: ip=[::1], command=LOGIN Dec 31 02:44:47 gstc01 imapd: LOGIN: DEBUG: ip=[::1], [EMAIL PROTECTED] Dec 31 02:45:07 gstc01 imapd: LOGIN FAILED, ip=[::1] in the log files. For reference sake, [EMAIL PROTECTED] is a virtual account, but if I use my geoff @ whootis.com account (where geoff is also a local account on the system) it passes right in. I currently am only using authdaemon, and only have the vchkpwd module selected in the config files. Any thoughts? Thanks Geoff
Re: [vchkpw] vpopmail and courier authentication whoas
Geoff Sweet wrote: So per Courier's instructions I am posting my questions to this list. Any thoughts? Try this... ./configure \ --disable-root-check \ --without-authdaemon \ --with-authvchkpw \ --enable-workarounds-for-imap-client-bugs Rick
Re: [vchkpw] vpopmail and courier authentication whoas
vpopmail-5.2.1 contains a bug which causes auth problems with courier-imap and sqwebmail vpopmail-5.2.2 contains a fix for that bug, as does the recent vpopmail development builds. You can download 5.2.2 or the development builds from www.sourceforge.net/projects/vpopmail Once you have upgraded your vpopmail, you need to recompile any other add-on applications that use the vpopmail system eg qmailadmin, courier-imap Michael. - Original Message - From: Geoff Sweet [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 31, 2003 10:40 PM Subject: [vchkpw] vpopmail and courier authentication whoas So per Courier's instructions I am posting my questions to this list. I am on OpenBSD 3.2, with qmail, vpopmail 5.2.1, and courier 2.2.1. my vpopmail works like a dream and I don't have any problems. But I decided to add some IMAP connectivity for various reasons. I installed the latest Courier stable and did just a simple ./configure and let it run. Now anytime I try to authenticate locally, via telnet or anything else, I have strange authentication issues. So long as the username part of the login email ([EMAIL PROTECTED]) is a local system account as well, it logs on just fine. But as soon as I enter ANY virtual account, it fails with: Dec 31 02:44:30 gstc01 imapd: Connection, ip=[::1] Dec 31 02:44:47 gstc01 imapd: LOGIN: DEBUG: ip=[::1], command=LOGIN Dec 31 02:44:47 gstc01 imapd: LOGIN: DEBUG: ip=[::1], [EMAIL PROTECTED] Dec 31 02:45:07 gstc01 imapd: LOGIN FAILED, ip=[::1] in the log files. For reference sake, [EMAIL PROTECTED] is a virtual account, but if I use my geoff @ whootis.com account (where geoff is also a local account on the system) it passes right in. I currently am only using authdaemon, and only have the vchkpwd module selected in the config files. Any thoughts? Thanks Geoff
Re: [vchkpw] vchkpw suid perms..
If it's the same smtp auth patch I use (http://members.elysium.pl/brush/qmail-smtpd-auth/) then I had to set my qmail-smtpd process to run as the vpopmail user and not qmaild. It's in the FAQ :). Shaun wrote: I have kind of a custom setup here. I'm trying to get smtp-auth to work and i noticed that the site says to give suid perms to vchkpw. I assume this is because vchkpw needs permission to read the vpasswd files. Mine is running as qmaild, and when i su to qmaild i can cat the vpasswd and vpasswd.cdb file so i it has read access to those files. my question is what could be wrong! what else does it need read perms too... i must be missing somthing. ## My Setup The qmail setup is pretty much straight from lwq, qmaild(501) is the user and nofiles(500) is the group for the process below qmaild4900 0.0 0.0 3148 492 ?S16:38 0:00 | | \_ /usr/local/bin/tcpserver -v -R -H -l0 -x /etc/tcp.smtp.cdb -c 20 -u 501 -g 500 0 smtp /var/qmail/bin/qmail-smtpd hostname.com /home/vpopmail/bin/vchkpw /bin/true /home/user1 is 0711 and user1.nofiles /home/user1/domains is 0711 and user1.nofiles /home/user1/domains/user1.domain.com is 0711 and user1.nofiles /home/user1/domains/user1.domain.com/vpasswd is 0640 and user1.nofiles /home/user1/domains/user1.domain.com/vpasswd.cdb is 0640 and user1.nofiles su to qmaild and i can cat both /home/user1/domains/user1.domain.com/vpasswd and /home/user1/domains/user1.domain.com/vpasswd.cdb When running vchkpw as qmaild auth always fails, strace doesnt show me any permissions errors... -- ~Shaun
Re: [vchkpw] vchkpw suid perms..
You can also run the smtp server as root if any of your domains are not owned by vpopmail. Ken Jones On Wednesday 31 December 2003 12:28 pm, Clayton Weise wrote: If it's the same smtp auth patch I use (http://members.elysium.pl/brush/qmail-smtpd-auth/) then I had to set my qmail-smtpd process to run as the vpopmail user and not qmaild. It's in the FAQ :). Shaun wrote: I have kind of a custom setup here. I'm trying to get smtp-auth to work and i noticed that the site says to give suid perms to vchkpw. I assume this is because vchkpw needs permission to read the vpasswd files. Mine is running as qmaild, and when i su to qmaild i can cat the vpasswd and vpasswd.cdb file so i it has read access to those files. my question is what could be wrong! what else does it need read perms too... i must be missing somthing. ## My Setup The qmail setup is pretty much straight from lwq, qmaild(501) is the user and nofiles(500) is the group for the process below qmaild4900 0.0 0.0 3148 492 ?S16:38 0:00 | | \_ /usr/local/bin/tcpserver -v -R -H -l0 -x /etc/tcp.smtp.cdb -c 20 -u 501 -g 500 0 smtp /var/qmail/bin/qmail-smtpd hostname.com /home/vpopmail/bin/vchkpw /bin/true /home/user1 is 0711 and user1.nofiles /home/user1/domains is 0711 and user1.nofiles /home/user1/domains/user1.domain.com is 0711 and user1.nofiles /home/user1/domains/user1.domain.com/vpasswd is 0640 and user1.nofiles /home/user1/domains/user1.domain.com/vpasswd.cdb is 0640 and user1.nofiles su to qmaild and i can cat both /home/user1/domains/user1.domain.com/vpasswd and /home/user1/domains/user1.domain.com/vpasswd.cdb When running vchkpw as qmaild auth always fails, strace doesnt show me any permissions errors... -- ~Shaun
[vchkpw] vpopmail and qmailadmin
Still no luck logging in from remote using Eudora with smtpd-auth patch... have tried using root in qmail-smtpd, no help there... in qmailqueue: messages contain: Unable to switch to /var/vpopmail/users/root -- which should have been /var/vpopmail/domains/www9.landings.com/root right? /var/log/maillog contains: www9 vpopmail[21742]: vchkpw-pop3: vpopmail user not found root@:69.3.72.9 -- seems the above should be [EMAIL PROTECTED]:69.3.72.9 is that correct?) qmailctl stat reports stuck messages: /service/qmail-send: up (pid 23547) 13 seconds /service/qmail-send/log: up (pid 23548) 13 seconds /service/qmail-smtpd: up (pid 23551) 13 seconds /service/qmail-smtpd/log: up (pid 23552) 13 seconds /service/qmail-pop3d: up (pid 23555) 13 seconds /service/qmail-pop3d/log: up (pid 23556) 13 seconds messages in queue: 15 messages in queue but not yet preprocessed: 0 /var/qmail/control/defaultdomain contains www9.landings.com have reinstalled qmail with smtpd-auth patch... using ./config etc... as previously done... did this cause this problem? current /var/qmail/supervise/qmail-smtpd/run: #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD -o -z $LOCAL ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo No /var/qmail/control/rcpthosts! echo Refusing to start SMTP listener because it'll create an open relay exit 1 fi exec /usr/local/bin/softlimit -m 200 \ /usr/local/bin/tcpserver -v -R -l $LOCAL -x /etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd www9.landings.com \ /var/vpopmail/bin/vchkpw /bin/true 21 -- no different if -u 89 -g 89 above... -rwxr-xr-x1 root root 895532 Dec 29 17:47 /var/vpopmail/bin/vchkpw -rwxr-xr-x1 root qmail 32872 Dec 30 19:05 /var/qmail/bin/qmail-smtpd = setup: RH7.2 MySQL 4.1.1 vpopmail-5.4.0-pre2 vqadmin-2.3.6 qmailadmin-1.2.0-rc1 netqmail-1.04 (qmail) patch smtp-auth ezmlm-idx-0.40 ezmlm-0.53 qmail-scanner-1.20 ucspi-tcp-0.88 autorespond-2.0.2 any ideas to try next? Thx, Yonatan.
Re: [vchkpw] vpopmail and qmailadmin
On Wed, 31 Dec 2003, DOV wrote: Still no luck logging in from remote using Eudora with smtpd-auth patch... have tried using root in qmail-smtpd, no help there... in qmailqueue: messages contain: Unable to switch to /var/vpopmail/users/root -- which should have been /var/vpopmail/domains/www9.landings.com/root right? /var/log/maillog contains: www9 vpopmail[21742]: vchkpw-pop3: vpopmail user not found root@:69.3.72.9 -- seems the above should be [EMAIL PROTECTED]:69.3.72.9 is that correct?) [snip] This may sound like a silly question, but... What is the login name you are using in Eudora? Are you using '[EMAIL PROTECTED]'? If so, try using 'root%www9.landings.com'. In my experience, Eudora drops the '@' and everything to the right of it in the login name. Sincerely, Chris Ess System Administrator / CDTT (Certified Duct Tape Technician)
Re: [vchkpw] vpopmail and qmailadmin
On Wed, 2003-12-31 at 15:05, Chris Ess wrote: /var/log/maillog contains: www9 vpopmail[21742]: vchkpw-pop3: vpopmail user not found root@:69.3.72.9 -- seems the above should be [EMAIL PROTECTED]:69.3.72.9 is that correct?) [snip] This may sound like a silly question, but... What is the login name you are using in Eudora? Are you using '[EMAIL PROTECTED]'? If so, try using 'root%www9.landings.com'. In my experience, Eudora drops the '@' and everything to the right of it in the login name. older versions of eudora did this because you specified your incoming mail server in the username field: [EMAIL PROTECTED] where username was (duh) your username, and mail.example.com was the address of the pop3 server. 5.xx+ doesn't do this. -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
[vchkpw] qmail queue issue
Though I am using the latest Eudora (OS X 6.02) it seems that Chris's suggestion made remote-smtp login-in work... Are you using '[EMAIL PROTECTED]'? If so, try using 'root%www9.landings.com'. In my experience, Eudora drops the '@' and everything to the right of it in the login name. not clear on why this is needed! Current problem: in qmailqueue: messages contain: Unable to switch to /var/vpopmail/users/root -- which should have been /var/vpopmail/domains/www9.landings.com/root right? have recompiled vpopmail using: ./configure \ --enable-log-name=vpopmail \ --enable-roaming-users=y \ --enable-logging=p \ --enable-defaultquota=52428800 \ --enable-ip-alias-domains=n \ --enable-passwd=n \ --enable-clear-passwd=y \ --enable-domain-quotas=y \ --enable-many-domains=y \ --enable-auth-logging=y \ --enable-mysql-logging=y \ --enable-valias=y \ --enable-mysql-limits=y \ --enable-relay-clear-minutes=30 \ --enable-domains-dir=domains \ --enable-qmail-ext=y \ --enable-auth-module=mysql \ --enable-learn-passwords=y \ --enable-mysql-replication=y \ --enable-domains-dir=/var/vpopmail/domains \ --enable-logging=v has not changed the queue problem... any ideas? Thx, Yonatan. = setup: RH7.2 MySQL 4.1.1 vpopmail-5.4.0-pre2 vqadmin-2.3.6 qmailadmin-1.2.0-rc1 netqmail-1.04 (qmail) patch smtp-auth ezmlm-idx-0.40 ezmlm-0.53 qmail-scanner-1.20 ucspi-tcp-0.88 autorespond-2.0.2 any ideas to try next? Thx, Yonatan.
Re: [vchkpw] vpopmail and qmailadmin
please keep list posts on the list. I get lots of email, and if it's posted to the list it's automatically filed for me, as well as being available for other list members and for the archives. If it arrives in my inbox, it may get inadvertently deleted, or perhaps, even intentionally deleted. also: bad: http://www.faqs.org/docs/jargon/T/top-post.html good: http://www.faqs.org/docs/jargon/B/bottom-post.html On Wed, 2003-12-31 at 15:28, DOV wrote: (note: that something looks off... from main page: click 'List Domains' leave it empty and click on button, now showing All domains roo Aliased to root root localhost test.com www9.landings.com the only domain setup is www9.landings.com, where are the extras arriving from?) vqadmin reads the users/assign (cdb?) file. Perhaps you have some other entries in there and it's getting confused. If this is the case, ignore it. This is the contents of assign... /var/qmail/users/assign =root:root:89:89:/var/vpopmail/users/root::: +root-:root:89:89:/var/vpopmail/users/root:-:: +localhost-:localhost:89:89:/var/vpopmail/domains/localhost:-:: +test.com-:test.com:89:89:/var/vpopmail/domains/test.com:-:: +www9.landings.com-:www9.landings.com:89:89:/var/vpopmail/domains/www9.landings.com:-:: What is the procedure for rebuilding the cdb file... man qmail-users (hint: /var/qmail/bin/qmail-newu ) and does it look right? sure. if it's not right, qmail-newu will complain. like I said, vqadmin is seeing those other entries and getting confused. Ignore it. -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
[vchkpw] Re: vchkpw suid perms..
I dont want to run qmaild as vpopmail user, with the correct permissions this should work i dont see why it wouldnt. -- ~Shaun Clayton Weise [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] If it's the same smtp auth patch I use (http://members.elysium.pl/brush/qmail-smtpd-auth/) then I had to set my qmail-smtpd process to run as the vpopmail user and not qmaild. It's in the FAQ :). Shaun wrote: I have kind of a custom setup here. I'm trying to get smtp-auth to work and i noticed that the site says to give suid perms to vchkpw. I assume this is because vchkpw needs permission to read the vpasswd files. Mine is running as qmaild, and when i su to qmaild i can cat the vpasswd and vpasswd.cdb file so i it has read access to those files. my question is what could be wrong! what else does it need read perms too... i must be missing somthing. ## My Setup The qmail setup is pretty much straight from lwq, qmaild(501) is the user and nofiles(500) is the group for the process below qmaild4900 0.0 0.0 3148 492 ?S16:38 0:00 | | \_ /usr/local/bin/tcpserver -v -R -H -l0 -x /etc/tcp.smtp.cdb -c 20 -u 501 -g 500 0 smtp /var/qmail/bin/qmail-smtpd hostname.com /home/vpopmail/bin/vchkpw /bin/true /home/user1 is 0711 and user1.nofiles /home/user1/domains is 0711 and user1.nofiles /home/user1/domains/user1.domain.com is 0711 and user1.nofiles /home/user1/domains/user1.domain.com/vpasswd is 0640 and user1.nofiles /home/user1/domains/user1.domain.com/vpasswd.cdb is 0640 and user1.nofiles su to qmaild and i can cat both /home/user1/domains/user1.domain.com/vpasswd and /home/user1/domains/user1.domain.com/vpasswd.cdb When running vchkpw as qmaild auth always fails, strace doesnt show me any permissions errors... -- ~Shaun
[vchkpw] Re: vchkpw suid perms..
run qmail-smtpd as root, if it came down to it i would just suid vchkpw as that works.. I'm trying to get all this stuff to run with non-suid privs. -- ~Shaun Ken Jones [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] You can also run the smtp server as root if any of your domains are not owned by vpopmail. Ken Jones On Wednesday 31 December 2003 12:28 pm, Clayton Weise wrote: If it's the same smtp auth patch I use (http://members.elysium.pl/brush/qmail-smtpd-auth/) then I had to set my qmail-smtpd process to run as the vpopmail user and not qmaild. It's in the FAQ :). Shaun wrote: I have kind of a custom setup here. I'm trying to get smtp-auth to work and i noticed that the site says to give suid perms to vchkpw. I assume this is because vchkpw needs permission to read the vpasswd files. Mine is running as qmaild, and when i su to qmaild i can cat the vpasswd and vpasswd.cdb file so i it has read access to those files. my question is what could be wrong! what else does it need read perms too... i must be missing somthing. ## My Setup The qmail setup is pretty much straight from lwq, qmaild(501) is the user and nofiles(500) is the group for the process below qmaild4900 0.0 0.0 3148 492 ?S16:38 0:00 | | \_ /usr/local/bin/tcpserver -v -R -H -l0 -x /etc/tcp.smtp.cdb -c 20 -u 501 -g 500 0 smtp /var/qmail/bin/qmail-smtpd hostname.com /home/vpopmail/bin/vchkpw /bin/true /home/user1 is 0711 and user1.nofiles /home/user1/domains is 0711 and user1.nofiles /home/user1/domains/user1.domain.com is 0711 and user1.nofiles /home/user1/domains/user1.domain.com/vpasswd is 0640 and user1.nofiles /home/user1/domains/user1.domain.com/vpasswd.cdb is 0640 and user1.nofiles su to qmaild and i can cat both /home/user1/domains/user1.domain.com/vpasswd and /home/user1/domains/user1.domain.com/vpasswd.cdb When running vchkpw as qmaild auth always fails, strace doesnt show me any permissions errors... -- ~Shaun
[vchkpw] qmail queue bouncing...
Things are getting close to working... this is where it is now: The following is filling up the queue... generated by cron on localhost... Have modified virtualdomains: localhost:www9.landings.com www9.landings.com:www9.landings.com www9:www9.landings.com 127.0.0.1:www9.landings.com This is what queued messsages look like: -- Hi. This is the qmail-send program at www9.landings.com. I tried to deliver a bounce message to this address, but the bounce bounced! [EMAIL PROTECTED]: This message is looping: it already has my Delivered-To line. (#5.4.6) --- Below this line is the original bounce. Return-Path: Received: (qmail 18577 invoked by alias); 31 Dec 2003 22:21:04 - Delivered-To: [EMAIL PROTECTED] Received: (qmail 18574 invoked by alias); 31 Dec 2003 22:21:04 - Delivered-To: [EMAIL PROTECTED] Received: (qmail 18571 invoked for bounce); 31 Dec 2003 22:21:03 - Date: 31 Dec 2003 22:21:03 - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: failure notice Hi. This is the qmail-send program at www9.landings.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. [EMAIL PROTECTED]: This message is looping: it already has my Delivered-To line. (#5.4.6) --- Below this line is a copy of the message. Return-Path: [EMAIL PROTECTED] Received: (qmail 18568 invoked by alias); 31 Dec 2003 22:21:03 - Delivered-To: [EMAIL PROTECTED] Received: (qmail 18565 invoked by uid 0); 31 Dec 2003 22:21:03 - Date: 31 Dec 2003 22:21:03 - Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] (Cron Daemon) To: [EMAIL PROTECTED] Subject: Cron [EMAIL PROTECTED] cd /home/httpd/cgi-bin/forums ./cron_xfer1.pl X-Cron-Env: RecipientAction=add-to [EMAIL PROTECTED] X-Cron-Env: cipientAction=add-to [EMAIL PROTECTED] X-Cron-Env: SHELL=/bin/sh X-Cron-Env: HOME=/root X-Cron-Env: PATH=/usr/bin:/bin X-Cron-Env: LOGNAME=root
