Re: [vchkpw] [SPAM] qmail+vpopmail upgrade questions
Am Thu, 02 Aug 2012 17:47:33 -0700 schrieb Kurt Bigler k...@breathsense.com: I run a small server currently with qmail-1.03 + qmailadmin 1.2.8 + vpopmail 5.4.10 The above is currently running on FreeBSD (that is 3 years old or so) and I'm hoping to move it to Mac server (although not using their included email), and hope to have a solution that will not make such a transition more difficult. I'd also like to keep existing mail flow with all users and their qmailadmin settings, etc., so hopefully just a recompile that will preserve existing functionality, something I can test live in the wee hours expecting no major issues. Thanks in advance for any thoughts. I, too, have to ask: Why, of all things, do you want to run it on OSX? I would stick with FreeBSD and use Matt Simerson's setup: http://www.tnpi.net/wiki/Mail_Toaster There is nothing on OSX-server (that I know of) that would be of advantage compared to FreeBSD. !DSPAM:501e5acb34215922511780!
Re: [vchkpw] Domain wide quotas
Wouter van der Schagt schrieb: Hi all, Is it possible to disable domain-wide quotas (sum of all popboxes) and just to use popbox quotas ? At the moment i have both. Or do i have to set the domain to NOQUOTA and then configure the popbox individually to have a quota? Sincerely, - Wouter van der Schagt Domain quotas don't work anyway. AFAIK, you need OS quotas to get that to work. But that slows things down. Ideally, you would have a database of domains and quotas where a provisioning system deducts the amounts of diskspace that are given to individual users. Once the domain-quota is used up, it would not allow adding any more quota to any user in that domain. AFAIK, most control-panels with qmail underneath use this way, more or less. cheers, Rainer !DSPAM:484e7ed532351829196463!
Re: [vchkpw] new server OS suggestions
Am 04.11.2007 um 22:51 schrieb Quey: If you are going to use that as a stand point, maybe you need to use bloated winblows :) No thanks. Or for that matter in Linux I think Ubuntu, or OpenSolaris as they all apparently have trillions of packages ... It's not the packages - it's the ports-system that let's you easily compile these packages yourself with the customizations _you_ need and want (if you know what you need). but I rather know whats going into my system and I know where it goes, and I know its compiled just right for my system, never any dependency issues and I *know* the sources have not been messed about with, FreeBSD ports are just like a RH/Deb, they will customised for the OS, and I hate it when they do it. It depends - FreeBSD in my experience messes a lot less with the packages than most other distributions out there. Recently, more stuff has been split-up into the different /usr/local subdirectories (lib, libexec, share etc.), but it's still all very logic and simple. It's also nice for running a server because the base-OS is split from the applications. Of course, to understand what the toasters do, you should have done some work with qmail and vpopmail. So you're not completely helpless when something breaks. (But the people building the toaster-scripts usually also sell support for these cases...) I tried CentOS5 once, but I'm not sure if I could get happy with it. E.g. I can't seem to be able to get around the 32bit vs. 64bit package-mess (I tried the 64 bit version inside VMware). It's just another bloated RedHat OS. I don't think it's bloated - it's just next to useless running any kind of OSS that needs dependencies or customizations outside the packages provided on the CDs (CentOS has some more than RHEL, but the problem is the same). Need a PHP-module for some webmail that isn't on the CDs? Either do your own PHP RPM or try to create additional modules from the (horrible) SPEC-file provided (and subsequently also backport your own patches - thank you). Cool for running Oracle, SAP or Notes, where the OS is just kernel +filesystem+sshd (in case of Oracle, even the filesystem is sometime not used). Qmail + Vpopmail+clamav etc. need so many dependencies with so many special compile-time configurations that it's usually a big hassle to do it on any Linux distribution (maybe Ubuntu or Debian is better, but they also do a lot of behind-the-scene magic (and freeze the API, so squirrelmail never get's updated, only bugfixed etc.). FreeBSD has a nicely balanced approach for most of these problems. Not to start a flamewar - but the original poster did ask for suggestions ;-) cheers, Rainer -- Rainer Duffner CISSP, LPI, MCSE [EMAIL PROTECTED] !DSPAM:472fbd2c32002112017289!
Re: [vchkpw] new server OS suggestions
Quey schrieb: Remo Mattei wrote: Hello I have a few questions since I am building a new server. Now the box is running centos 4.5 with qmail and fuzzyocr, spamassassin,dspam and tmda with simscan the load during the day is hi since it's an old P3 1.2mgz and 1.5g of mem. this box is running mysql 4.1.x, vpopmail 5.4.17 with the DB already modified for the 5.4.20. I was looking at the new centos 5 with mysql 5. Anyone has done the installation on this distro or is anyone suggesting any other. Thanks. Sl;ackware 12, MySQL 5, Qmail, MailScanner, S.A and so on... MailScanner has the advantage of processing for spam/viruses in batch mode, thereby not holding open smtp connections and running multiple copies of everything, also nicely does phishing fraud tests and bad files and so on. I've used RH based OS's before and trust me, for servers, I'd never use anything but Slackware now, its modern, clean and lean and not really modified from what all the programs were in tarball releases, which = less problems and less required updates because the likes of RH and co have not butchered it to bits. But it's still Linux ;-) Who would want to run a linux-distribution when most of the software he wants are not included in the packaging-system? I try to run as much as possible on FreeBSD. FreeBSD has most of the stuff that is needed for a Toaster in the ports - and what is missing is on http://mail-toaster.org/ I tried CentOS5 once, but I'm not sure if I could get happy with it. E.g. I can't seem to be able to get around the 32bit vs. 64bit package-mess (I tried the 64 bit version inside VMware). cheers, Rainer !DSPAM:472e050532001336789273!
Re: [vchkpw] Using vdelivermail
Rick Widmer schrieb: Tom Collins wrote: snip Please reconsider that recommendation. Perhaps some discussion on the list is in order... Discussion is most welcome. That's a major reason why I posted it. With chkuser, is it possible to pull a joe-job? The spammer connects directly to my SMTP server, but I reject it at the SMTP level instead of generating a bounce that I then try to deliver to the actual target (the forged sender of the message). Good question. Anyone know off the top of their head how this works. Joe-Job means, that someone is using your address as sender for a spam-mail (or 5 million spams). They aren't relayed through your server, so there's little you can do about that. But you get the bounces...and there are lots. SPF et.al is supposed to eliminate this, but it's a technology of the future (and always will be...). I guess I should, as I use chkuser too. I'm thinking either delete or bounce should act the same and reject non-existent users. I know I can't forward mail to a catchall account and still reject non-existent users. This topic should probably be added to the file since it does affect how deliveries work on the server. Setting a catchall-delete means, you've got to spam-check and clamav-check each of the thousand of spams and viruses that those bone-head spammers try to send to your non-existent accounts. Just imagine you've got a whopping 10k domains with this activated by default and get several hundret thousands of additional spams per day that you've got to process and then throw away. A nightmare. I'd even advocate an R U Serious, dude? popup, if someone wants to activate this setting in qmailadmin. ;-) You might have mixed that up with some discard double bounces patch. cheers, Rainer
[vchkpw] Indexing email
Hi, has anyone got an idea how to go at indexing email? What I've seen from looking around, you can't do that via cron - it has do be done on-the-fly. For this purpose, there seem to be mostly two contenders: Lucene and Xapian. From reading the Xapian docs that come with it, the big gotcha is to pass an email to it the moment it enters the system. This seems to imply that somehow vdelivermail and courier-imap (and qmail-pop3d or courier-pop3d) would have to be patched. The imap-server, too, because messages can also enter via IMAP (sent- folder, drafts). One would have to delete a document from the index, once it's fetched via POP3, too. Has anyone given this some thought? It would be very cool to have a good search in one's webmail that actually works for big mailboxes cheers, Rainer
Re: [vchkpw] Vpopmail smtp-auth
DAve wrote: Good morning, Seems I am posting all over the internet these last two weeks, but I can't seem to grab my butt lately. I got FreeBSD running on the Sunfires, netqmail installed, Simscan install, ClamAV installed, everything is working fine. Last step, smtp-auth, why did I try? I should have let today end on a good note. If you use FreeBSD, you should use Matt Simersons FreeBSD Qmail Toaster: http://www.tnpi.biz. ... Mysql 4.0, also tried 4.1. I think both are now EOL in that no timely security-fixes are provided any longer. You have to use 5.x - though 4.x should still work, of course. No errors when building, seems to work, bash-2.05b# /home/vpopmail/bin/vuserinfo [EMAIL PROTECTED] Error. Domain pixelhammer.com was not found in the assign file That should not happen. What happens when you add a domain? Does it get added to the assign file? The one thing that is different, is I have an empty assign file. This server is used for smtp-auth *outbound* only service. So, just for fun I added the test domain to the assign file, still fails. Did you build the cdb? The sql-error is also not good, though I can't say what it is caused by ATM. If you can, use Matt's toaster. cheers, Rainer
Re: [vchkpw] Maintenance mail to all user / to a whole domain
Kenneth Ling wrote: hi all if i want to broadcast the mail automatically when a mail reach a email address then to all user of specify domain eg. when i send a mail to this [EMAIL PROTECTED] then all user of domain abc.com will receive the same mail. how to do it using vpopbull or have any other way to do it ? please advice tq You must maintain this alias yourself (e.g. via vpopbull -Vn list.txt every night) cheers, Rainer
Re: [vchkpw] Why is vadduser creating a hierarchy?
Bert JW Regeer wrote: Hey Ismail, I would like to see some stats on this. Do you have any facts or evidence to back this up? It's true - if you don't have some sort of directory-hashing (UFS_DIRHASH in FreeBSD-land) in place, which for FreeBSD has been default since sometime in the early 4.x days, IIRC. On current systems 7000 directories inside a directory should not be a problem. Most employ hashing of some sort to speed up this kind of thing. On my FreeBSD system there is currently a directory with 10,010 directories, and it is no slower than if that same directory had only 128 directories in it for example. Several of my users are on several mailing lists for open source projects, and some of their Maildir's have cur directories with over 30,000 emails in them. Biggest one is 150,000, with no slow downs. No extra load on my server. DJB gave qmail's queue split directories, See above. DJB was or is a (Free)-BSD user (when he started, Linux was a toy anyway), which back in these days had this problem. why I do not understand, and I might never, since clearly he did not create his Maildir's to have the same sort of split directories for speedy access by IMAP/POP3 or other mail protocols. I always disable vpopmail's big dir stuff, as writing scripts for it is harder, extra sub directories to traverse. Just use the output of vuserinfo -d BTW: Does the latest version of vpopmail include the patch someone posted that fills up earlier hash-directories, where domains have been deleted from, instead of creating new ones? cheers, Rainer
Re: [vchkpw] Segfault when invalid domain in ./qmail/users/assign file.
Tom Collins wrote: On Sep 13, 2006, at 3:33 PM, Rick Macdougall wrote: Same bug from the 5.4.17 changelog ? - vpopmail: fix segfault in users/assign sorting code caused by entries that don't contain a dot (.). [1514733] Yep. BTW - 5.4.17 should be production quality now. Tom or Bill, are you going to release it as stable soon ? It has passed all my stress testing. Good point -- I just switched it to stable on SourceForge. Is that with- or without Me Zwinkels' mem-leak fix? Also, somebody should update http://www.inter7.com/vpopmail/changelog.txt Or is it on sf.net somewhere? Also ,the changelog should feature the sf.net bugtracking ids, if they apply. So one can deduce which of the bugs and patches still marked active on sf.net is actually relevant. cheers, Rainer
Re: [vchkpw] Re: Segfaulting in vadddomain
Manuzhai wrote: Paul Oehler wrote: I believe I've seen this happen when the vpopmail/vchkpw user/group ids are incorrect - that is, they don't match the value specified in the assign file. Well, this looks maybe kind of off: enrai users # cd /var/vpopmail/bin/ enrai bin # ls -l total 1504 -rwx--x--x 1 root root 60696 Jun 14 12:17 clearopensmtp -rwx--x--x 1 root root 60952 Jun 14 12:17 dotqmail2valias -rwx--x--x 1 root root 60696 Jun 14 12:17 vaddaliasdomain -rwx--x--x 1 root root 61720 Jun 14 12:17 vadddomain -rwx--x--x 1 root root 60888 Jun 14 12:17 vadduser -rwx--x--x 1 root root 60824 Jun 14 12:17 valias -rwx--x--x 1 root root 60696 Jun 14 12:17 vchangepw -rws--x--x 1 root vpopmail 67124 Jun 14 12:17 vchkpw -rwx--x--x 1 root root 62424 Jun 14 12:17 vconvert -rwx--x--x 1 root root 60696 Jun 14 12:17 vdeldomain -rwx--x--x 1 root root 69016 Jun 14 12:17 vdelivermail -rwx--x--x 1 root root 60696 Jun 14 12:17 vdeloldusers -rwx--x--x 1 root root 60696 Jun 14 12:17 vdeluser -rwx--x--x 1 root root 60792 Jun 14 12:17 vdominfo -rwx--x--x 1 root root 60696 Jun 14 12:17 vipmap -rwx--x--x 1 root root 60696 Jun 14 12:17 vkill -rwx--x--x 1 root root 60696 Jun 14 12:17 vmkpasswd -rwx--x--x 1 root root 6 Jun 14 12:17 vmoddomlimits -rwx--x--x 1 root root 62584 Jun 14 12:17 vmoduser -rwx--x--x 1 root root 59768 Jun 14 12:17 vpasswd -rwx--x--x 1 root root 62552 Jun 14 12:17 vpopbull -rwx--x--x 1 root root 77592 Jun 14 12:17 vpopmaild -rwx--x--x 1 root root 60696 Jun 14 12:17 vsetuserquota -rwx--x--x 1 root root 64792 Jun 14 12:17 vuserinfo Is vchkpw supposed to have the different bits? Regards, Manuzhai I've got everything owned by vpopmail:vchkpw. Maybe that is the problem. Also, the output of id vpopmail is of interest. (To see if it matches the uid/gid in the assign-file) cheers, Rainer
Re: [vchkpw] CHKUSER for non-netqmail, non-stock-qmail
tonix (Antonio Nati) wrote: Cut away all these lines: and put the following code: /* start chkuser code */ switch (chkuser_realrcpt (mailfrom, addr)) { case CHKUSER_KO: return; break; case CHKUSER_RELAYING: --addr.len; if (!stralloc_cats(addr,relayclient)) die_nomem(); if (!stralloc_0(addr)) die_nomem(); break; } /* end chkuser code */ Ciao, Tonino Thanks, Tonino. But isn't that snippet needed for the TLS-support? I must admit that I'm not familiar with the code here - according to a .spec-file, this is a qmail that is patched with: errno.h fix qmail-0.0.0.0 patch qmail local patch qmail-smtpd-auth-close3 patch big concurrency patch qregex patch qmail-queue patch mfcheck patch tarpit patch oversize dns patch maildir quota patch smtp-auth patch tls patch qmail smtpd viruscan patch Also, the current qmail-smtpd seems to be linked to libssl, too. (And the spec-file also says: %define ccflags %{optflags} -DTLS -I/usr/kerberos/include) Do you think there is a problem? Best Regards, Rainer
Re: [vchkpw] CHKUSER for non-netqmail, non-stock-qmail
tonix (Antonio Nati) schrieb: At 16.15 15/06/2006, you wrote: Thanks, Tonino. But isn't that snippet needed for the TLS-support? If you are using specific certificates on client side you probably need it, otherwise it is completely unuseful. Ah, yes. So the TLS-patch would support authentication by client-certificates? Cool ;-) Anyway, I will try this ASAP. Thanks a lot, again. cheers, Rainer
Re: [vchkpw] Domain Quota Features
Ken Jones wrote: kengheng wrote: Hi, when will the domain quota feature back to vpopmail? Thanks. Probably never. It is too resource intensive. I recommend using operating system user quotas. Place each domain under a different user and let the file system handle the quota. I assume you have to either a) run qmail-smtpd as user root (because if ~vpopmail/domain/user.domain is own by user, vdelivermail as user vpopmail won't be able to deliver anymore) b) place the domain unter user vpopmail but with different groups, using OS-group-quotas (does that work?) Or what else is best practice? cheers, Rainer
Re: [vchkpw] Domain Quota Features
Rick Macdougall wrote: Rainer Duffner wrote: Ken Jones wrote: kengheng wrote: Hi, when will the domain quota feature back to vpopmail? Thanks. Probably never. It is too resource intensive. I recommend using operating system user quotas. Place each domain under a different user and let the file system handle the quota. I assume you have to either a) run qmail-smtpd as user root (because if ~vpopmail/domain/user.domain is own by user, vdelivermail as user vpopmail won't be able to deliver anymore) b) place the domain unter user vpopmail but with different groups, using OS-group-quotas (does that work?) Or what else is best practice? I run qmail-smtpd as root but that was along time ago that it was setup. Nowadays only needed when there are legacy-users in /etc/passwd. IIRC. I'd probably try using the vpopmail user and group quotas myself if I was setting it up again. OK. cheers, Rainer
Re: [vchkpw] Vpopmail + NetApp still best practice?
Alex Borges wrote: While youre considering proprietary solutions and naturally, would like to pay for them, perhaps you should consider redhat's GFS thingie. Its GPL but redhat offers it with their AS for an extra $$ Ive seen it work and it seems like quite a scalable solution and tipically cheaper than buying a SAN. We have GFS (6.0). Its performance is mediocre - and horrible for some things (like doing du(1) on a GFS-directory) Also, I hate generating (well, trying to) packages for RHEL, where I could use the FreeBSD-port and have all the necessary patches and tuning included. Of the 1400 or so RPMs delivered by RHEL, I can barely use a handful for my toasters (some libraries, maybe). IMO, RHEL et.al. don't make any sense at all for this type of work. You're paying to have a supported linux-kernel + sshd updated regularly (because that's all that is left of the original after 5 years). And you've got more work adapting your software to your OS than elsewhere. Just try to get an equally modularized PHP4 or PHP5-RPM for RHEL that has support for as many modules as the FreeBSD-port. However, sans do offer plenty advantages on some environments (wann have the winboxes and linboxes scsi-plugged into the same san), if this is just for email, this can be a cheaper solution. We have a SAN (HP EVA 3000 with 6 TB raw cap.), it's nice. But it costs a lot of money all together (HBAs, FC-switches, FC-ports, cables etc.pp.) and my gut-feeling is that I can deliver the same performance and scalability (or even much more, in our case) with about the same level of reliability when going with a high-end NAS - and even save money in the end. Also, email is not just email unfortunately. Left without their email, our customers would just go to another ISP... With this kind of thing, what you get to do is plug three or more boxes with whatever storage they have and then store on all of them. This thing works with LVM2 so you can partition, snapshot and share it to your hearts content. Put a solid GB net on it with separate NICS (from the NICS youll be using to actually provide service) for best results. That's the theory, yes. In pratice, though, it seems that GFS6.0 (no tests with 6.1, yet) is not suitable for workloads where a lot of transactions occur in one directory (like mail-delivery). It creates a lock-file, everytime a file is changed in a maildir, doubling (at least) the I/Os of maildir-maildelivery). That's useless in this case because IMO qmail itself takes care that no locking-issues are race-conditions occur. cheers, Rainer
Re: [vchkpw] Vpopmail + NetApp still best practice?
Nicholas Harring wrote: Hi, when going the Maildir on NFS for clustering-route, is using NetApp Filers still considered state of the art or has something better emerged? There are plenty of other NAS options, see EMC for one vendor (also not cheap). Dell offers NAS, HP I believe does as well. Not sure how much clustering they offer, and what sort of feature set it has compared to NetApp. These are all basically W2K3-servers (Windows Storage Server) (EMC uses Windows even in the high-end gear, IIRC, but not necessarily WSS). I'm not going to gamble with the NFS-performance and the compatibility issues of Microsoft-flavoured NFS. From a price-point, I'd rather use FreeBSD, but the fact that there's no real volume-manager makes it unusable for our purposes. I've actually mailed Blue Arc about their hardware, but despite not being in the black, they didn't feel it necessary to answer my query. For a smaller cluster or one that doesn't have hard uptime commitments in the 4 or 5 9s range I'd say that a *nix solution would work just fine. If you laid something like Veritas Clustering on top of it then moving into the real HA range should also be quite possible and supportable. I've also thought about buying an X4100 and fitting it with a Dual QLA, then exporting the mailstorage via NFS from that (using our HP SAN as backend). But using a NetApp would allow have our hosting-operations being spread over two completely independent technologies (Web- HP EVA, Mail-NetApp), avoiding a complete loss of service should one of the two fail for whatever reason (like a competitor, who put all eggs in a single basket recently learned the hard way...). Does anybody have any sizing-information? NetApp offers a lot of hardware and even the entry-level stuff is not cheap. I'd like to know how many deliveries/h one can make e.g. with a small FAS 270. I'm running 8 servers (4 smtp, 4 pop/imap) on an F820c cluster doing around 600k messages daily. I don't have any hourly stats at the moment, but that load is spread with about 80% across 10-12 hours with the remainder spread evenly across the other 12-14. I'm currently upgrading my cluster to FAS3050s but not due to performance reasons, but rather storage consolidation throughout my network. 600k deliveries/day? How much room is there 'till the NetApp is maxed out? ... Hope that helps, Nick Yeah, it does. Thanks a lot. Rainer
[vchkpw] Vpopmail + NetApp still best practice?
Hi, when going the Maildir on NFS for clustering-route, is using NetApp Filers still considered state of the art or has something better emerged? From a price-point, I'd rather use FreeBSD, but the fact that there's no real volume-manager makes it unusable for our purposes. I've actually mailed Blue Arc about their hardware, but despite not being in the black, they didn't feel it necessary to answer my query. Does anybody have any sizing-information? NetApp offers a lot of hardware and even the entry-level stuff is not cheap. I'd like to know how many deliveries/h one can make e.g. with a small FAS 270. cheers, Rainer
Re: [vchkpw] Create forward
Michele Virgilio wrote: Hi, i’ve a problem. I’ve two accounts, [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] and [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] I want that all mail received from user1 will be forwarded to user2, how can I do this? Thanks. qmail-tap perhaps? http://www.inter7.com/?page=qmailtap Rainer
Re: [vchkpw] disk error?
Shane Chrisp wrote: On Thu, 2005-09-01 at 03:50 -0400, kalin mintchev wrote: hi all... suddenly today out of nowhere this happens (log below) and now i get vchkpw core dumps every few minutes or so. vchkpw is authorization module for vpopmail... does this mean the disk where vpopmail lives - ad2 - is already craping up?! thanks... here is the log: [...] It certainly looks that way. Indeed. dump(8) what you have and get (a) new disk(s). ASAP. It's not a bad idea to have a spare one in the drawer. cheers, Rainer
Re: [vchkpw] Domain limits
Bastiaan van der Put wrote: Hi, I have been using vpopmail with user quota's for some time now. I want to move to domainlimits, is it possible to set the user quota to -1 and domainquota to say 500 MB on a domain. If the 500 MB is reached for the domain will the emails be bounced or does vpopmail accept it because the user limit has -1? Domainquotas don't work. See the README or changelog. You could use OS-quotas, which should result in the message being deferred for some time in your queue and then bounced (I presume - someone correct me if I'm wrong) I haven't done this, but I had the impression that you would need to create a new group for each domain and then use group-quotas, because the directory still have to be owned by the vpopmail-user. cheers, Rainer
Re: [vchkpw] multiple domains across a given server
Craig Lewis wrote: Here is a posting I origionally made to qmail list. === Please bear with me as I am new to qmail, but I need to design and build a system where hosting is done for a domain whos users are spread across 2 or more mail servers. So if the qmail server has accounts for [EMAIL PROTECTED], [EMAIL PROTECTED], . [EMAIL PROTECTED], and then another server, server B, not a qmail server, has [EMAIL PROTECTED], [EMAIL PROTECTED], . [EMAIL PROTECTED] . Then if the qmail server gets a message for [EMAIL PROTECTED], I want it to relay the message on to server B. Now from my vague understanding of qmail, it seems I could put [EMAIL PROTECTED], [EMAIL PROTECTED], etc in the virtualdomains file, Actually, I think the qmail-ldap-patches allow you to do just that. There's an LDAP-attribute that specifies what mailserver a user lives on. Of course, qmail-ldap is not vpopmail, and you can't use any of the inter7-tools, but at least it should be able to address your problem the right way. Rainer
Re: [vchkpw] Why not Inter7 tools for Qmail-Ldap?
Bruno Negrao wrote: Is it that difficult to answer? Problably. But I doubt it gets easier, the more you press 'em. cheers, Rainer
Re: [vchkpw] vdeldomain issue
Pablo Medina wrote: Hi all. Hope someone can help me I am running a qmail/vpopmail/maildrop installation in a mail box. Yesterday the box stopped receiving mail. All mail was rejected with the error: 421 unable to read controls After a quick search in the net i solved it chmodding /var/qmail/control/rcpthosts. But i was yet to discover what could cause this , as this box was running smoothly for months. The last think i did was add and delete a domain via popmaild. So today i tried again. Logged to the server via popmaild add_domain sample.com list_domains del_domain sample.com and bang...the server stops receiving mail. bash-3.00$ telnet xxx.xxx.xxx.xxx 25 Trying xxx.xxx.xxx.xxx... Connected to xxx.xxx.xxx.xxx. Escape character is '^]'. 421 unable to read controls (#4.3.0) vpopmail version is : 5.5.3 (downloaded from http://www.inter7.com/vhostadmin) I think you want to stay in the 5.4.x-tree, if you want to run it on a production-system and keep your sanity. (And your customers) Rainer
Re: [vchkpw] vpopmail authentications failing randomly
Matt Simerson wrote: Problem: vpopmail authentications failing randomly [snip] So, anyone got ideas on how to debug this issue further? Does this also happen with courier-pop3? Somehow, there must be a problem that only exists on this machine. Does /usr/ports/sysutils/cpuburn run without problems? All I can think of is maybe somewhere an old version of any of the mysql/vpopmail libs is sitting around. pkg_delete -a rm -rf'ing /usr/local is not an option, I assume? Rainer
Re: [vchkpw] SMTP Auth problem for non vpopmail users
Ken Jones wrote: On Monday 16 May 2005 3:52 pm, Nick Gilbert wrote: Hi, I have IMAP authentication working for vpopmail and standard linux users, but I have a problem with SMTP authentication. I need SMTP authentication to work for standard linux users (I'm not worried about vpop users at all for SMTP-AUTH). I have built my box using the instructions on Shupp.org (Bill Schupp). I understand that Bill's toaster incorporates a Qmail AUTH patch but when I try to login it doesn't work: Escape character is '^]'. 220 blue.x-rm.com ESMTP ehlo localhost 250-blue.x-rm.com 250-STARTTLS 250-PIPELINING 250-8BITMIME 250-SIZE 0 250 AUTH LOGIN PLAIN CRAM-MD5 auth login 334 VXNlcm5hbWU6 bmljaw== 334 UGFzc3dvcmQ6 base64 encoded password 535 authentication failed (#5.7.1) I also have this line in /var/log/maillog May 16 20:56:23 blue vpopmail[22654]: vchkpw-smtp: vpopmail user not found nick@:127.0.0.1 ..which implies that perhaps it's only looking for vpopmail users rather than /etc/passwd users. I would like it to work for /etc/passwd users only, or both vpopmail AND /etc/passwd users - whichever is easier. Can someone please give me some pointers on how I can fix this problem so that normal shell account users can authenticate. I think smtp auth requires a clear text password for CRAM-MD5 authentication to work. If so, /etc/passwd users won't be able to use smtp authentication. Wasn't the other problem that qmail-smtpd needed to be run as root? Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] listing over-quota users
Charles J. Boening wrote: How about this? snip filename='/home/vpopmail/bin/overquota.sh' #!/bin/sh for i in `/home/vpopmail/bin/vpopbull -n -V`; do echo `/home/vpopmail/bin/vuserinfo -Q $i` $i done /snip Called like this /home/vpopmail/bin/overquota.sh | grep 100% | mail -s Overquota users your-email-addy Hey, that's nice. I added a |sort -n -r to get the list sorted by top-offendes How would I grep out every single-digit percentage ? cheers, Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] listing over-quota users
Charles J. Boening wrote: How about the following the following command here | grep -v ^[0-9]% Should work. Yup. I always get confused where I have to set the quotes... Thanks. Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] OpenBSD configure failure
Bill Wichers wrote: On OpenBSD 3.6, with vpopmail-5.4.9, running as root, with ls unaliased, a ./configure gives me these two errors: [snip] I did not see any options in ./configure --help that would appear to help in this case. Has anyone built this on OpenBSD lately? Not being a BSD guru myself (I could help on Linux), I offer a question: are you using vpopmail from ports? Several BSD users in our colo have had problems with vpopmail from BSD ports. Apparently some odd assumptions are made in the packages you get that way. If that's the case, you could try compiling the sources directly (use clean copies from Sourceforge). Maybe not as much as you were hoping for, but at least it was fast :-) There is some info in the archives about BSD compile time errors too that you should probably have a look at. In addition, Matt Simerson maintains a collection of PERL-scripts (really CPAN-modules now) that take a more deterministic approach in producing a working qmail+vpopmail+much-else installation - on FreeBSD. But as it is said to work on Fedora, too, I'd say chances are good it also works on OpenBSD (with the silly obstacle that OpenBSD has killed all DJB-software from ports...) http://www.tnpi.biz/internet/mail/toaster/index.shtml cheers, Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] vchkpw authentication fails
X-Istence wrote: Shameless plug url:http://bsdguides.org/guides/freebsd/mailserver/ qmail+vpopmail+qmailadmin.php. Guide was written by me, site owned by a friend of mine. It is geared to using the FreeBSD ports tree to make install easier. And includes all the standard stuff you would want (imap, pop3, sa, qmailadmin, qmail, vpopmail) Noted. Thx. Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] vchkpw authentication fails
John Berliner wrote: In the kernel, is UFS_DIRHASH enabled, or whatever the option is? This caused a lot of trouble on another server i admin, where it would be so slow, that at times login sporadically failed. It is enabled by default, and it would be stupid to have been removed, but you never know. Hm...I'm pretty new to BSD (more used to Linux) so I'm not sure how to discover kernel compile options...but AFAIK the guy who set all this stuff up just used a generic 4.6 kernel config. The FreeBSD handbook and FAQ (directly linked from http://www.freebsd.org) makes an excellent reading and goes to great lengths explaining the details, which in the end boils down to editing one file and executing a handful of commands (in the right sequence. The UFS_DIRHASH options is - TTBOMK - only useful when creating new filesystems. It doesn't have any effect later-on. Well, shouldn't. ;-) UFS_DIRHASH was introduced with or post-RELENG_4_6, IIRC, together with making softupdates the default at installtime If anything see if it is possible to at least upgrade to the last 4.10 version, as there have been a lot of overall improvements (This is off topic BTW) Yeah, that's on my overly long to-do list. It should be on top. ;-) 4.6 contains numerous vulnerabilites and is no longer supported. Looking at it, it was released in June 2002 - that's a long time in FreeBSD-land. If you have a test-machine, you can try going from 4.6 to 4.10 directly via cvsup. Otherwhise, I'm not 100%sure if going straight from 4.6 to 4.10 works (it should, but the devil is a squirrel, as we say here around) - read /usr/src/UPDATING for more information. Also, when you manually auth using pop3: telnet localhost 110 user username pass password list What is the output? (Please truncate, if the user has a ton of emails, we don't need the entire list) Or does it die saying can't scan maildir? per my earlier post, it dies with the Maildir scan ERR. Does this only happen for his account, yes and have you tried to mv the Maildir,and then /var/qmail/bin/maildirmake Maildir in the same dir, then chowning it to the right user and then trying to login again to see if it succeeds then? I didn't try that, but when I do, it authenticates correctly. This is good. So now: I read somewhere that it's not a great idea to manipulate the queues directly; what's the consensus? Can I not just move the messages back into the appropriate directories in the new Maildir I just created? The queue is in /var/qmail/queue and it *is* a bad idea to manipulate it directly (unless You Know What You Are Doing (TM). But what you're manipulating here is the maildir. If you shut down qmail while you move the mail to the old place, you are 100% safe. As it crashes with POP, the error should be in the top-level maildirectory somewhere, I assume. If you're bored, you can truss -p the process after you connected with telnet and before you authenticated ;-) If you have further ambitions with your Qmail-installation, you might want to check-out Matt Simerson's Qmail-FreeBSD-Toaster at http://www.tnpi.biz. Though it's geared towards ISPs, it does also work very nicely for smaller installations. cheers, Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] MySql load causes bounced mail
Jason Wilkinson wrote: Jason Wilkinson wrote: Hello all, I've searched and wasn't able to come up with an answer to this question. Though I did see a reference to it in the Bug Lists ( http://tinyurl.com/59gos ). We're hitting a wall with our MySql install and our traffic is filling up all available MySql connections. We are currently working to tune our MySql install. Until that happens, I was wondering if there was a reason that vpopmail bounces all mail with a 5xx response when it can't connect to MySql. I know that I can increase my max_connections in MySql...it just seems as if vpopmail should respond with a 4xx response so that valid mail isn't bounced. I will admit that I am using an old version of vpopmail (5.2). If this has been fixed I'll work towards an upgrade. Thanks in advance, -jw- Can anybody tell me if this issue is being addressed in future releases? I think, it is being addressed and will be incorporated in a future version. I think, as of today, you can only try spreading the load amongst more servers, via mysql-replication. It doesn't protect from spikes to one particular server, though. Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
[vchkpw] ampersand () in email-address possible ?
Hi, my research showed that it should pe possible (legal, as far as the standard is concerned) to use the ampersand-character () in an email-address (like john[EMAIL PROTECTED]). I migrated an installation to vpopmail, where the previous system (postfix) apparently had such email-addresses. Is it possible to create these addresses with qmail or vpopmail ? Note that I personally consider this idea to be complete BS, because you can't be sure what the next infestation of OE makes of it (when entering the address at the client-side) but nevertheless... Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] ampersand () in email-address possible ?
Clayton Milos wrote: Sure it is... Very simple really... ~vpopmail/bin/vadduser john[EMAIL PROTECTED] password And OE6 doesn't complain about it for some reason (strange how a M$ app doesn't complain. Then again it's a stupid idea so it goes with them) D'uh. I tried vadduser -r -q 300 john[EMAIL PROTECTED] and it complained that You did not use a full email address for the user name Only full email addresses should be used Now, I tried to specify the password directly and it worked. Strange. Thanks a lot ! Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
[vchkpw] libvpopmail equivalent of ~vpopmail/bin/vuserinfo ?
Hi, is there the equivalent of a vuserinfo function in libvpopmail ? Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] horde imp + vpopmail
Am Mi, den 27.10.2004 schrieb Jesse D. Guardiani um 15:39: Niek wrote: On 10/27/2004 12:14 AM +0200, Jesse Guardiani wrote: Hello, Does anyone know how I can get ip alias capability working with Horde IMP and vpopmail? Hello Jesse, http://www.catb.org/~esr/faqs/smart-questions.html Lemme guess: You think that question was off topic? Well it's a question that can only come up when you use IMP + vpopmail, and there are plenty of vpopmail people here, and one of them is bound to have gotten it working, so I don't think it's off topic. I think he thought that it was rather a problem with IMP rather than with vpopmail. That said, you could probably create several instances of IMP on different ip-based virtual-hosts with configurations that make the IMAP-connection to the different IP-addresses. cheers, Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] a couple of (newbie?) questions
Am Mo, den 11.10.2004 schrieb Rick Widmer um 11:48: Nemir N wrote: On Mon, 11 Oct 2004 01:08:06 -0600, Rick Widmer [EMAIL PROTECTED] wrote: If you only want that one user to be special: create a file .qmail-tutor in ~/domains/test.org/ and another in ~/domains/test.net/ that contains: [EMAIL PROTECTED] will the email still appear to be from [EMAIL PROTECTED] in this case? I'm not sure what you are asking... from? Maybe he wants users to be able to select which domain (or alias) (of the ones they own) will be used as sender-domain. Some postfix-based implementations of webmailers can do this, by querying a database or LDAP. It's a nice feature, but not easily done with vpopmail/qmail - at least that's what my research would make me believe ;-) Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] Problem with --enable-domain-quotas in vpopmail.
Am Mo, den 04.10.2004 schrieb Amit khatri um 7:17: I set the domain limit to 100 MB for my virtual domain using vpopmail but I was able create 11 users with 10 MB each which is wrong it should not happen. I read document at http://www.pipeline.com.au/staff/mbowe/isp/webmail-server.htm#VPOPMAIL Their it is told that --disable-domain-quotas in vpopmail code is buggy though and is not recommended for use. I think that this is true. Current version of vpopmail consequently seem to just ignore the domain-quotas. But I need to set domain limits in my application. It is very necessary for my application. So is their any way I can set domain limits ? OS-quotas. Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
[vchkpw] [Fwd: ezmlm warning]
Hi, I just got the following bounce from the list. Can anyone explain what exactly this error-message might mean ? I can't remember having head any outages back then. Thanks, Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ === ---BeginMessage--- Hi! This is the ezmlm program. I'm managing the [EMAIL PROTECTED] mailing list. I'm working for my owner, who can be reached at [EMAIL PROTECTED] Messages to you from the vchkpw mailing list seem to have been bouncing. I've attached a copy of the first bounce message I received. If this message bounces too, I will send you a probe. If the probe bounces, I will remove your address from the vchkpw mailing list, without further notice. I've kept a list of which messages from the vchkpw mailing list have bounced from your address. Here are the message numbers: 28354 28355 28356 28357 28360 28365 28363 28368 28370 28367 --- Enclosed is a copy of the bounce message I received. Return-Path: Received: (qmail 29081 invoked for bounce); 16 Sep 2004 21:25:01 - Date: 16 Sep 2004 21:25:01 - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: failure notice Hi. This is the qmail-send program at mail.inter7.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. [EMAIL PROTECTED]: 62.146.20.26 does not like recipient. Remote host said: 451 216008.107568.78.194.78TTL.94.98/1116.408/0.2 Giving up on 62.146.20.26. I'm not going to try again; this message has been in the queue too long. ---End Message---
Re: [vchkpw] suggestions on valias error
Am So, den 26.09.2004 schrieb Remo Mattei um 20:08: vmysql: error creating table 'valias': MySQL server has gone away @40004156f5701a931f9c vmysql: sql error[j]: MySQL server has gone away any one has any suggestions? I have mysql running though!! Credentials OK ? Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] How are you all using maildrop with qmailadmin etc?
Am Sa, den 25.09.2004 schrieb Brian Feeny um 3:40: We use maildrop so that we can do some fancy mail routing for our customers. For all of our domains we put a .qmail-default file that references a .mailfilter file. I use Matt Simersons Qmail-Toaster on FreeBSD, and the .qmail-default file there looks like this: | /usr/local/vpopmail/bin/vdelivermail '' bounce-no-mailbox (for a non-catchall domain - it would be the maildir of the catchall-account in case that option was activated) Then, if I turn on spam-filtering on my account, *my* .qmail reads this: | /usr/local/bin/maildrop /usr/local/etc/mail/mailfilter This is a central file, that does the filtering. It also picks-up any personal filters. I've never heard anyone complain about catchall etc. Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] Do hooks exist for vpopmail or its lib?
Am Sa, den 25.09.2004 schrieb Brian Feeny um 6:41: Does vpopmail have any hooks available so that when someone adds a domain or removes a domain, I can fire off an external script? No. qmailadmin had some hooks and they are nice, but I need to take some actions whenever a domain is added. I am going to have techs adding domains via vqadmin That's a pitty. Since I didn't know of any hooks, I have cron just looking in each domains directory (every 15 min) and if it doesn't see the files I want to be there, then it adds them. But I would rather have a mechinism that worked more like a trigger/hook. That would be nice, yes. Unfortunately, it's not there. cheers, Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
RE: [vchkpw] Quota
Am Fr, den 24.09.2004 schrieb Edward Neville um 17:34: -Original Message- From: Tom Collins [mailto:[EMAIL PROTECTED] Sent: 24 September 2004 15:02 To: [EMAIL PROTECTED] Subject: Re: [vchkpw] Quota Vpopmail has domain quotas, but they're broken. Even if/when they do work, they add a lot of load since vdelivermail has to calculate the domain's disk usage every time a message is delivered. I didn't write the original implementation, I don't use them myself, and I'm not particularly interested in finding the problem and fixing it. Ok! I have a large number of domains to administer (6000 ish). I Just stumbled upon the high disk usage that one domain had through having many accounts of 50meg mailboxes. Hehe. I've now created a little script: [EMAIL PROTECTED] cat /root/bin/top50.sh #!/bin/sh /root/bin/space.sh |sort -u|xargs du -d 0|sort -n -r |head -n 50 where space.sh contains: #!/bin/sh for i in `~vpopmail/bin/vdominfo -n | egrep -v ^$` do ~vpopmail/bin/vuserinfo -d -D $i done That should at least match the topX accounts. I don't know how well it scales, though. Would a quota filesystem be a big overhead? If not, can you suggest a implementation for locking a domain to a quota? OS Quotas is the only way to go, I'm told. If you have any questions or queries please let me know. I think you must create am OS-group and add the new domain with -g GID_of_the_new_group. Then you can use group-quotas to limit the disk-usage of the files of this particular group. I still have to try this myself- the problem is, there's no GUI to do that, vqadmin doesn't handle GIDs. Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] What's vdeloldusers ?
Am Mi, den 22.09.2004 schrieb Ken Jones um 0:18: On Tuesday 21 September 2004 04:28 pm, Rainer Duffner wrote: Hi, the programm doesn't show any help and there's no manpage or other documentation I can find via google. run: vdeloldusers -h for a list of options. I knew the options, but the program didn't say what it actually was for. Even the options are not explained. Is -e for enumerate and -d for delete ? It is for deleting users who have not logged in for a certain time period. It may require mysql. Ah. OK. Thanks. And while I'm at it: what's vkill for, and vqmaillocal ? vkill is similar to killall, except it searches for a string in the process environment. killall will only kill processes of that name. I wrote it to simplify creation of qmail init scripts. NowI use a pid-patch to tcpserver to save the tcpservers pid to /var/run/service.pid with a new -w option. like: tcpserver -w /var/run/smtp.pid . vqmaillocal is an abandoned attemtp at creating a qmail-local program that understands Maildir++ quotas. If it's abandoned, it should perhaps be moved out of the install-target, shouldn't it ? cheers, Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] Re: adding more storage: semiOT
Am Di, den 21.09.2004 schrieb Payal Rathod um 16:26: On Mon, Sep 20, 2004 at 07:10:16PM +0200, Peter Nilsson wrote: forgot to say that if you new the total storage of the two drive , then a raid 0 is the way to combine the disks, you can read the raid howto that follows with hte linux documentation, but i would recommend to use at least two disks on a mailserver i raid1 (mirror) How do big server manage their data? I don't assume they must be having single large disk. Upto some point (10 users or so, from anecdotes), you can apparently get away with a large NetApp-filer that exports ~vpopmail/domains to the indivual cluster-nodes (you must have a cluster, because a single server can't handle too many simultanous connections). On the NetApp, you just define a volume and if you have expanded your filer with another shelf or two (provided it is still expandable, depends on the model, which depends entirely on the deepness of your pockets, financially), you just add the additional space in the GUI to that volume. The same can be achieved (although with a bit more work) with a volume-manager on BSD, Solaris, Linux or just about any serious OS (nowadays, I think all commercial Unices come with a volume manager). But the performance, resiliency, service and ease of adminsitration is apparently unmatched. Otherwise nobody would pay their insane prices. The must be putting some accounts on one disk and some on others. What is their way usually? What if I run out of space on one disk? Even bigger servers run with qmail+ldap patches. In the ldap-schema there's place to give each user his own mailserver. If one server is full, you can add another, totally tranparently to the users. It's really a question of how many time you want to throw at it, because the inital configuration can get a bit more complicated than with a simple fire-and-forget one-shot-install server You must (well, if you're sane) have the space to backup your server anyway, so it should not be too difficult to backup all of the partition that ~vpopmail is sitting on and reinstall on a bigger harddisk. Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
[vchkpw] What's vdeloldusers ?
Hi, the programm doesn't show any help and there's no manpage or other documentation I can find via google. And while I'm at it: what's vkill for, and vqmaillocal ? Thanks. Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] Quota Question
Am Do, den 09.09.2004 schrieb Tom Collins um 18:18: On Sep 9, 2004, at 8:42 AM, Matthew Walker wrote: Some of my users have a rather odd quota setting, while others have what looks right. Normal: 1 Odd: 3000,1000C What's up with the second one? I can't find any documentation about that syntax anywhere. Is it valid? And if so, what does it mean. The second one should be 3000S,1000C. S=size, C=count. So the limit is 30,000,000 bytes or 1000 messages, whichever comes first. Hm. BTW: how do I set these in qmailadmin ? Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] QMail + Vpopmail vs. Postfix + Cyrus IMAP
Am Mi, den 08.09.2004 schrieb Michael Bowe um 23:20: But! whenever I demonstrate the vpopmail software to any of the guys at my new place of employment, they are the ones who are marvelling at the ease of use and features of vpopmail. Indeed. Postfix _is_ nice (cyrus is debatable, IMO), but what use is a mailserver without any webinterface for customers to add/modify/delete their users? There are lots of bits and pieces around, but no complete package. Just compare what is available to postfix with qmail+patches^3+vpopmail+qmailadmin and see which one you want to start with. cheers, Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] Re: un-subscribe
Am Do, den 09.09.2004 schrieb Jeremy Kitchen um 0:50: On Wednesday 08 September 2004 04:44 pm, Kirti S. Bajwa wrote: [EMAIL PROTECTED] please stop this madness. read the headers of every message sent to you by the mailing list to figure out how to unsubscribe. You'd think that people subscribing to a list about a mailserver-management software would know how to read (let alone find) a header. But the last time someone posted the above advice, the person in question promptly asked how to find the header... It scares me to think that these people might actually run a mailserver. Gives a whole new meaning to the joke about on the internet, nobody knows you're a dog, doesn't it ? Perhaps you could implement a filter that directs people wanting subscribe with Outlook-clients to a web-page describing how to view the header in various Outlook-variants. Then, before the subscription is approved, they have to fill out a little multiple choice test Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] chaning passwords
Am Do, den 09.09.2004 schrieb Alexandre Vieira um 6:01: Thanks for your input but I wasn't explicit enough. We use a non-browsing services, it's just simple smtp/pop3 with no panels. Granted - but what's the problem directing users to a webpage with qmailadmin ? Or do your users not have browsers installed ? However, this users have shell access to the server That's not an ideal situation, from a security point of view. From my understanding, vpopmail (or just about any mail-server software) is not really suited for a multi-user environment where users have local access to the mailserver itself. and I was thinking that maybe there were a way to modify passwords with the bin/vchangepw but when i use it as a regular user it gives me the following error (and yes the user exists): It's not designed to be run by other users than root. cheers, Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
[vchkpw] Domain quota not working?
Hi, I see from the archives that domain-quota does not work. Is this true ? What's the status of that feature ? I see no mention of this in the README.quota. At least for me, it doesn't seem to work. When a user is over quota, the postmaster can lift the quota beyond the domain-quota. That's pretty pointless. I tried 5.4.3 and/or 5.4.6 Rainer
Re: [vchkpw] good howto
Am Do, 2004-07-15 um 11.38 schrieb Michiels Tom (Uptime): Can somebody point me to a good howto for installing and configuring vpopmail together with squirrelmail/qmail/antispam/antivirus I thought of http://www.tnpi.biz ... A highly automated script for qmail+lots-of-other-things. Currently only supported on FreeBSD. on a Debian machine ? ...until I read that ;-) But if you're not religiously tied to Debian, you can always give FreeBSD a try. Though, reading the other non-automated tutorials is unavoidable in the long run, IMO. Rainer
Re: [vchkpw] NFS / Disk Access / Load Concerns on Vpopmail cluster
Eric Ziegast wrote: What we're seeing is that our network and RAID 5 IDE-based disk array on our central mail store server is not able to keep up with the 'client' servers doing the POP3, IMAP, Webmail, and SMTP legwork. I've found an interesting bottleneck with webmail. When people use POP or IMAP clients (Outlook, Mozilla, Opera, Thunderbird, etc.), the client application caches alot of the information locally and synchronizes occasionally with the server to see if there are new messages. Things like browsing and searching run eally fast because the user is utilizing the resources of their local PC to do most of teh work. With webmail, the session state is not saved nor cached, so with each new request, the mailbox can be rescanned. I think, if you use sqwebmail, it *will* cache some information. I've got a very large mailbox, with over 5 messages (though split in 100 directories) amounting to over 350 MB of mail, mostly mailinglists like this one. When I open a folder the first time in sqwebmail, it takes a lot of time, but the second time, it's rather quick (as quick as opening a folder with 3000 messages can be). I like sqwebmail, though I sometimes think I'm the only one and the rest of the world wants squirrelmail and IMP ;-) A relatively modest webmail application might only rescan all headers and show subject lines. A complex application might scan all content in a folder to present content more fully. Without anything to throttle back the webmail server, it's possible that the webmail server softwar can pound the mail spool server to death. I used to run a Qmail-based infrastructure for 4000 clients on a single slow machine without much memory. They used POP as their only pickup mechanism. We recently reimplemented on a Dell 1750 with two Xeon procs, alot of RAM and a GigE backend to a NetApp filer with 14 fast disks, and I STILL notice that the machine sometimes slowed down while people tried to read their 140MB mailboxes via webmail. sigh I put some bottlenecks on the search and retrieval algorithms of the webmail software to help protect the filer from a flood of queries, and we've been better since then. The power users with super-large mailboxes complain that it's slow, but now its a localized problem rather than a problem that affects everyone. Good tip. You can try to run up-imapproxy (if you don't do that allready) and see if it helps. It will try to cache at least the IMAP-sessions. Jeremy's comments are great for scaling the database, but it sounds to me that you're just maxed out on what you can serve over NFS. An SQL select might take at most a few kilobytes of data on the network whereas a webmail scan of a 30MB mailbox will take, well, 30MB. Doh! I'd also like to add that people perhaps overestimate what IDE-RAID can do compared with a true SCSI-RAID - especially in cases where a horrendous amount of small, scattered files and highly concurrent access is envolved (hello qmail). I always joke that nothing can beat a (current) IDE-disk when installing Windows and Office - they are optimized for rather large files and sequential access to these. But mail-spool (/var/qmail/queue/) and mail-storage (~vpopmail/) ain't an Office-installation So what to do? Instead of the centralized NFS mail spool (where the central spool becomes the bottleneck), you might consider splitting the user base across several machines. Each machine would have its own RAID1 mail spool. Each machine would be responsible for its own Inbound SMTP and POP/IMAP/Webmail and use the local disk for the spool. Use lots of RAM for buffer cache to make sure your disk is hit less frequently. You might be able to centralize outbound SMTP. Once a machine fills up, you add another machine. This is one way to scale. The big boys in teh mailbox size wars (google, yahoo, hotmail) can't afford centralized storage for their mailboxes. Look for each to roll out racks of distribtuted storage where each storage server is a 1/2 U box with a couple large ATA disks in it. We might learn from this method of scaling. I'd be interested to know how one can achieve this while still maintaining the single-system-image-nature that a central mail-storage with surrounding mysql-slaves provides. Not that I want to start a we're-bigger-than-google-kind of freakshow, but just in case I hit the wall with the current system. Before we take this costly step, what have you noticed for user / system loads before you start hitting the limits of your hardware? Yes. I serve 6000 users right now. They used to all be POP, and life was good. Now a significant percentage of my new customers use webmail, and I'm not happy with how my current web-based mail reading software scales. I may have to hack it alot to get it to perform well. Something that would help is if we rolled out spam/virus filtering out for everyone whih will cut 50% inbound mail and 10% viruses from being
Re: [vchkpw] SATA NAS for vpop cluster
[EMAIL PROTECTED] wrote: I am looking around for a suitable (ie, reasonably priced and performance) NAS unit in order to convert a bunch of standalone servers into a cluster. SATA RAID units seem to be what I am looking for. I would appreciate those out there who have experience using NAS boxes for this purpose to share your wisdom. What are you using ? How has it been working for you ? Any performance issues during busy times etc ? Thanks a lot. Lu From: Clayton Weise [mailto:[EMAIL PROTECTED] We use netapps (www.netapp.com) and it works great. One of the big things that made me move towards the netapp in place of many of the other NAS units out there was the fact that it runs a nix based OS. Most of the ones, say.. Dell for example just run a stripped down version of windows with file sharing for unix. It doesn't give you the ability to make any tweaks to the nfs server. We've been using the netapps for about 6 months now and it's been awesome. A client that hosts in our datacenter turned us on to the netapps nas units. He's been using them for I think about 2 years now and swears by them. That's great to hear. Can you let me know the specific model you are using ? They recently introduced some lower-end models that cannot be expanded to such a high degree and also may lack clustering-support, depending on the exact model. They run a real-time OS, but can be accessed via ssh and a web-interface. NetApp is really the high-end of storage, but also from a price-viewpoint. But if you have enough customers and/or pretty strict SLAs, there's hardly a choice, unless you want to gamble ;-) How many domains are you currently handling with the above unit ? Also, do you have any redundancy capability in case that box goes down ? The clustering-software is very expensive - and you've got to buy a 2nd NetApp, too. ;-) Ask a local NetApp distributor for more info. Rainer
RE: [vchkpw] RE: Redundant server
Am Do, 2004-06-03 um 17.49 schrieb David Petruzzella: Basically yes but the other half of the cluster would be at a different office. So you want to replicate all account data and email-boxes to the other office, too ? As described, you can have a master-mysql-server and any number of slaves, but there's usually only one NFS-server for the maildirs. I think NetworkAppliance sells software for their NetApp Filers to replicate them and create a high-availability configuration even for NFS. But usually, if you have to ask about something like that, it's allready too expensive ;-) Rainer
Re: [vchkpw] vpopmail installation on a Client MySQL Server
Am Fr, 2004-06-04 um 19.57 schrieb Kirti S. Bajwa: Hello List: This is my first message on this list. Please consider me a newbie in the area of LINUX, vpopmail, etc. I have setup two servers as follows: [snip] I haven't done this either, but I think I've heard that one uses a master-slave model because the lookups in the mysql-tables need to be as fast as possible. And a connection to a local mysql-db is much faster than making a remote tcp/ip-connection - the latency envolved may be just too much. Rainer
Re: [vchkpw] MySQL / LDAP
Edward Neville wrote: Can someone direct me to a descent site that compares or details how to install LDAP and/or MySQL with Qmail please? http://www.tnpi.biz/ No comparison though. Rainer
Re: [vchkpw] Re: vpopmail with Postifix
Steve Ames wrote: Qmail is a minority when it comes to MTA deployment. I disagree there also. qmail is probably the second most, if not the most, deployed MTA across the internet, and many different surveys have gone to show this. Without pointing to DJB's website, care to back this up? http://cr.yp.to/surveys/smtpsoftware6.txt That's from 2001. It would be a fun project to try to do that again, though. The biggest challenge will probably be to get a representative sample of domains and MXs Lastly we aren't talking about general deployment but deployment by those entities who might wish to have virtualized e-mail and multiple domains. Yes, and it's with those where there's no alternative to qmail and vpopmail. At least, through a brief search of freshmeat, sf.net and google, I couldn't find anything that comes near vpopmail+qmailadmin+vqadmin+qmail. The problem with qmail is that it's not really developed any further. But given that, it has surprisingly little security-holes found ;-) But the applications more or less dictate the choice of the underlying platform. And the choice could be much worse. Also, this is WITH most new redhat installations coming with sendmail installed (and enabled) by default, which would skew this number, as sendmail might be running but it's not necessarily doing anything. And not just redhat. Other linux and BSD varients come with sendmail. One that I know of comes with postfix. SuSE I don't know any that come with qmail. I don't think anyone will do that. There's also a lot more Exchange out there these days. Yes, but people usually put proxies and paketfilters before that. At least, if they are not completely stupid (or ill-advised). It's very difficult (impossible?) to account for the usage of a MTA, when most of them are now hidden behind AV-gateways. Also: what do you count ? Just handling or actual mailboxes ? It's an endless debate. And until someone comes up with a real cool solution that allows to use postfix as a hosting-platform without writing everything from scratch, qmail and vpopmail are just going to stay around. Unless all those hosted MSFT-Exchange-crap (calendar, groupware) kills it. Unfortunately, OSS-equivalents of these don't work very well, yet. And they don't scale, I'm afraid. Rainer
Re: [vchkpw] Re: vpopmail with Postifix
Rick Macdougall wrote: Rainer Duffner wrote: http://cr.yp.to/surveys/smtpsoftware6.txt That's from 2001. It would be a fun project to try to do that again, though. The biggest challenge will probably be to get a representative sample of domains and MXs Hi, That would be a fun script to write. See what mail server *sent* to your mail server based on the headers and get a sampling that way. I'll mull this over and see how I might implement this, since our mail server handles over 400K messages a day, it should give us a good idea of what ISP's are using. Regards, Rick Hey, I found some more: http://www.credentia.cc/research/surveys/smtp/200304/ Quote: Due to AUP policy violations (Comcast) this will be the last survey done. Apparently NASA and the U.S. Navy did not like the unsolicited connections. ROTFL ;-) From the pages returned by a google search on smtp server survey, I'm afraid anyone who does that actively will be in deep trouble rather sooner than later. The passive approach makes more sense. qmail comes in at 8-10% in these surveys. Rainer Rainer
[vchkpw] Migrating old users from another system
Hi, we have a customer who uses a mail-server with postfix (very old, last century or so). His accounts are of the form mailXYZ0005 and so on and are translated to aliases ([EMAIL PROTECTED]) via postfix virtual-table. Very ugly. Now when we install a new server with vpopmail, the accounts go [EMAIL PROTECTED] But he says, this is impossible because customers would have to change their config, which some even can't do themselves. He has virtual domains, too, so I can't just use default-domain. Is there a way to have a username without @ and map it to a virtual account of domain ? cheers, Rainer
Re: [vchkpw] Major overhaul - mysql? - suggestions wanted
Christian Reeves wrote: I admin an ISP (relatively small operation but may scale exponentially in the near future). I recently moved to a vpop solution for our hosting customers and it's working great. We use qmail, courier-imap, qmailadmin, and HORDE/IMP for webmail. All existing domains were moved to the new server relatively easy. Only one left is our main company domain with a few thousand users and their personal webspace (a real gotcha). CURRENT: We manage the main domain users with a custom program that parses the command line and runs the appropriate scripts to create the users in our own way (fancy way to create system accounts). Since these users are dialup customers too the scripting sends off the account info to our RADIUS servers (updates a cdb file) when we add a user. Problem is, the way it was built a long time ago required us to use system accounts to accommodate the personal webspace (FTP) we provide as well. WANTED: I want to make more of a vanilla setup (within reason) so I can find more support options and allow more technicians to administer our services. I like what I read about the flexibility of vpopmail with mysql as a backend. But a few questions puzzle me... 1. Are there any drawbacks to using the mysql backend compared to using the default vpopmail way? I thought mysql was the default ;-) 2. Our main domain has few thousand mailbox accounts (which will grow). Will this present a problem to qmailadmin or with administration by our technical support staff (vqadmin)? Are there limitation that eclipse performance at some point? I can't comment on this one, but I think I've heard that one can run several hundret thousand users via one mysql-server and have replicated frontend-servers with mysql-slaves on them. Will probably depend on your storage-subsystem, the network and the usage-pattern of those users. I assume disk-I/O will be a big problem at a certain point (concurrent users...). Real world figures welcome ;-) 3. Anyone have input on a virtual user FTP solution for these customers, I've considered a separate server, vsftpd (but it requires a common shared dir) and the dreaded system accounts once again. I've recently toyed with the idea to use davenport: http://davenport.sourceforge.net/ together with samba and mysql as a backend: http://www.freebsddiary.org/samba-pam.php I think it would be dead-cool, but I haven't found time to try it out. Only problem is, you need either Windoze 2000/XP or KDE 3.x (OSX works, too, though) to use webdav natively. Win95-NT4 need not apply... ;-) 5. Anyone have suggestions/experience with a giant NAS type setup where qmail/courier-imap/vpopmail would connect to for the user MailDir's? ...LDAP? ...NFS? I mean Hotmail and yahoo must have terabytes of attached storage they store If you have the money, go for Netapp Filers: http://www.netapp.com (but you won't find pricing there...). Most expensive on the planet. Else, I'd use FreeBSD as NFS-server. I don't know how well IDE-RAIDs scale in this scenario (lot's of small files). Or Solaris x86 (Slowlaris). And as I said, you have one mysql-server, one NFS-server as backend. the frontend-servers provide webmail,smtp, imap and mount the nfs-exported maildirs. They also have a read-only copy of the mysql-db. And you might need some kind of load-balancing solution to map www1, www2, www3, ... to www their mailboxes on right? Any ISP's listening? As you can see I'm stepping into some land I don't know much about but I'm learning fast and willing to take the time to do it right the first time. I'm willing to spend some time with a consultant for suggestions or just plain real-world ISP type tips since I'm sure there are many variables. http://www.google.com/search?q=qmail+toaster+freebsd That's the real experts ;-) Rainer
Re: [vchkpw] vlimits.default ?
master wrote: Hi, to make this file work what should i do ? just put it on the domain directory and the quota will work or something else to do ? thanks (because i don t see the limit on the domain even with this file) I thought this was the defaults chosen when creating a new domain. Existing ones aren't touched. Rainer
[vchkpw] Can users add their own aliases ?
Hi, is it possible to enable non-postmaster to add aliases to their own account ? I've played with vmoddomain flags, but it doesn't seem to have an effect in qmailadmin. Rainer
Re: [vchkpw] read receipt things...
Tom Collins wrote: [I'm cc'ing Bruce Guenter as the new maintainer of ezmlm-idx, as there's a change he should make to ezmlmrc.template.] On Apr 14, 2004, at 2:07 AM, Jeremy Kitchen wrote: I'm not sure what these 'read receipt' emails are with the winmail.dat files attached, I will, for now, assume they are some new form of virus, as they have come in via many different addresses. Actually, it's Peter Palmreuther's fault, he included a return receipt request in the following email (Disposition-Notification-To). A good solution would be to add that header to the headerremove file for this list. It already strips return-receipt-to and x-confirm-reading-to. The disposition-notification-to must be a new one, but it should get added to the ezmlmrc.template file in the next release of ezmlm-idx. (Thanks for jumping in as the new maintainer, Bruce!) Headers of Peter's message, showing the Disposition-Notification-To: Additionally, some corporate Outlooks are configured to automatically honour a return receipt request, with no user-interaction possible (and no way to turn it off, either). At least, it was like that at a former company. The joys of corporate email Rainer
Re: [vchkpw] Large scale mail server
Alessandro A. wrote: Hello everyone, I need implementing a large scale mail server for multi-domain hosting. I'm consider using Qmail on FreeBSD. What's the best solution for scalability? 1. Qmail-ldap (qmail with ldap patch) + courier-imap 2. Qmail + Vpopmail compiled with ldap support + courier-imap What solution is more stable? I need scalability and stability...vpopmail is good with ldap support? If yes, what is the best version of Vpopmail I should use? Thanks in advance! Alessandro A. I think (not from own experience, though) that technically, qmail+ldap is probably the most scaleable. But it needs a lot of know-how to get started. From my experience, a setup like this: http://www.tnpi.biz/internet/mail/toaster/index.shtml is way quicker to get into production. How large is large for you ? Rainer
[vchkpw] Where are alias-domains stored in the database ?
Hi, I've got a vpopmail+mysql setup and aliased some domains to exisiting ones (usually, a .com-domain is vaddaliasdomain'ed to an existing .de domain). Where can I see which aliases a given domain has, if any ? Is this possible at all ? I've looked at the tables via phpMyAdmin, but I can't seem to find it. I'd like to use this information to extend sqwebmail or another webmailer to enable a user to choose only those domains as sender-address that he has aliases for. cheers, Rainer == Powered by SQWebmail
Re: [vchkpw] Fwd: PCL-0002: Session Hijacking in Sqwebmail
On Mon, 17 Nov 2003 11:14:24 -0800 Anthony Baratta [EMAIL PROTECTED] wrote: For those that use SqWebMail...this came across BugTraq. Date: Tue, 18 Nov 2003 02:18:04 +0100 (CET) From: Vincenzo Ciaglia [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: PCL-0002: Session Hijacking in Sqwebmail --- PUCCIOLAB.ORG - ADVISORIES http://www.pucciolab.org --- PCL-0002: Session Hijacking in Sqwebmail [snip] Example: --- MY STAT FOR MY WEBSITE - REFERENT DOMAIN http://mailserver.society.com/cgi-bin/sqwebmail/login/mail%40server.org.authvchkpw/3247A0578D6F3E74F37A20FF37B52A1C/1069089171?folder=Trashform=folders In this example, the victim has visualized our website reading the mail that we have sent to him. Visiting the link is been marked from our counter. Now we will be able to access to the victim's mail page admin and will be able to read and to send, calmly, its email without make login. The session comes sluice after approximately 20/30 minutes and the attacker has the time to make its comfortable ones. I haven't tried this, but I was under the impression that the Restrict access to your IP address only (increased security) - option specifically avoided the problem of session-hijacking. Also, I thought that sqwebmail used to escape outbound hyperlinks via a special URL-forwarder (which often didn't work in some browsers)., with the only intent to cloak the referrer. Is this all useless ? Rainer
[vchkpw] Re: Inserting new users via mysql-insert into the vpopmail database
Oliver Etzel - GoodnGo.COM (R) writes: Hello Paul, hello all, Oh my god, that is what I was looking for! Also, there is also a PERL-module for vpopmail ! It exposes almost all commands via an API. And if that isn't enought, you can compile PHP with vpopmail-support. cheers, Rainer
[vchkpw] vaddaliasdomain inconsistency ?
Hi, when I vaddaliasdomain a domain to another (e.g. the-domain.com as an alias to (main) the-domain.de domain), vdominfo shows two domains with the-domain.de name. Yet, the aliasing works (mail sent to the-domain.com end up in the user's the-domain.de inbox. Is this normal ? How would I make vdominfo return only those domains that are not aliases and whose directories actually exist ? Or would I need to pipe the results through something like uniq(1) ? cheers, Rainer -- Rainer Duffner Munich [EMAIL PROTECTED] Germany http://www.i-duffner.deFreising When shall we three meet again In thunder, lightning, or in rain?