[vchkpw] qmail-smtpd-chkusr Patch Problem
I have patched my qmail to use the qmail-smtpd-chkusr functionality (on rcpt to: check to see if a user exists on the mail server and if the user doesn't send a 550). I have tested the functionality of qmail-smtpd (compiled with this patch and a couple others) and it works when I run it from the command line. My problem is when I run it from the tcpserver/supervise script the functionality doesn't work. I have managed to get it working by altering the -u and -g on the tcpserver command line to be root. When I do that it works flawlessly. It also works if I set the uid to root and set the gid to qmaild. My question (and I suppose directed at tonix): How can I get this to run with the proper user and group permissions of qmaild? Here are some of the details of my installation. /usr/bin/id -g qmaild 81 cat /etc/group |grep 81 qnofiles:*:81: ./supervise/smtp/run #!/bin/sh PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin export PATH QMAILUID=0 #NOFILESGID=0 #QMAILUID=`/usr/bin/id -u qmaild` NOFILESGID=`/usr/bin/id -g qmaild` exec softlimit -m 800 tcpserver -v -c 384 -p -R -x /usr/home/vpopmail/etc/tcp.smtp.cdb -u $QMAILUID -g $NOFILESGID 0 25 rblsmtpd -b -r relays.osirusoft.com -r relays.ordb.org fixcrio qmail-smtpd mail.ala.net /usr/home/vpopmail/bin/vchkpw /usr/bin/true 21 permissions on qmail-smtpd: -rwxr-xr-x 1 rootqmail 128528 Jun 5 16:26 qmail-smtpd I am assuming it has something to do with the setuid that the patch does, but I am unsure. Any pointers? Tom Walsh Network Admin http://www.ala.net/
Re: [vchkpw] qmail-smtpd-chkusr Patch Problem
Hi, I had the same problem, root.nofiles for for qmail-smtpd-chkusr with owner and group suid workd for me ls -l qmail-smtp* -rwxr-xr-x1 root qmail 37740 Mar 26 11:36 qmail-smtpd -r-sr-sr-x1 root nofiles224080 May 13 05:27 qmail-smtpd-chkusr Regards, Rick Tom Walsh wrote: I have patched my qmail to use the qmail-smtpd-chkusr functionality (on rcpt to: check to see if a user exists on the mail server and if the user doesn't send a 550). I have tested the functionality of qmail-smtpd (compiled with this patch and a couple others) and it works when I run it from the command line. My problem is when I run it from the tcpserver/supervise script the functionality doesn't work. I have managed to get it working by altering the -u and -g on the tcpserver command line to be root. When I do that it works flawlessly. It also works if I set the uid to root and set the gid to qmaild. My question (and I suppose directed at tonix): How can I get this to run with the proper user and group permissions of qmaild? Here are some of the details of my installation. /usr/bin/id -g qmaild 81 cat /etc/group |grep 81 qnofiles:*:81: ./supervise/smtp/run #!/bin/sh PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin export PATH QMAILUID=0 #NOFILESGID=0 #QMAILUID=`/usr/bin/id -u qmaild` NOFILESGID=`/usr/bin/id -g qmaild` exec softlimit -m 800 tcpserver -v -c 384 -p -R -x /usr/home/vpopmail/etc/tcp.smtp.cdb -u $QMAILUID -g $NOFILESGID 0 25 rblsmtpd -b -r relays.osirusoft.com -r relays.ordb.org fixcrio qmail-smtpd mail.ala.net /usr/home/vpopmail/bin/vchkpw /usr/bin/true 21 permissions on qmail-smtpd: -rwxr-xr-x 1 rootqmail 128528 Jun 5 16:26 qmail-smtpd I am assuming it has something to do with the setuid that the patch does, but I am unsure. Any pointers? Tom Walsh Network Admin http://www.ala.net/
Re: [vchkpw] qmail-smtpd-chkusr Patch Problem
On Fri, 2003-06-06 at 01:39, Tom Walsh wrote: I have patched my qmail to use the qmail-smtpd-chkusr functionality (on rcpt to: check to see if a user exists on the mail server and if the user doesn't send a 550). I have tested the functionality of qmail-smtpd (compiled with this patch and a couple others) and it works when I run it from the command line. My problem is when I run it from the tcpserver/supervise script the functionality doesn't work. They need som changes, see below. I have managed to get it working by altering the -u and -g on the tcpserver command line to be root. Don't! When I do that it works flawlessly. It also works if I set the uid to root and set the gid to qmaild. Don't! My question (and I suppose directed at tonix): How can I get this to run with the proper user and group permissions of qmaild? Read this carefully and you are set. http://www.interazioni.it/qmail/#Installation Here are some of the details of my installation. /usr/bin/id -g qmaild 81 cat /etc/group |grep 81 qnofiles:*:81: ./supervise/smtp/run #!/bin/sh PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin export PATH # Get rid of this four lines ##QMAILUID=0 ###NOFILESGID=0 ##QMAILUID=`/usr/bin/id -u qmaild` ##NOFILESGID=`/usr/bin/id -g qmaild` # Use these ones instead to be able to access the vopmail databases. # Run as the uid and gid of the vpopmail user. QMAILUID=`/usr/bin/id -u vpopmail` NOFILESGID=`/usr/bin/id -g vpopmail` exec softlimit -m 800 tcpserver -v -c 384 -p -R -x /usr/home/vpopmail/etc/tcp.smtp.cdb -u $QMAILUID -g $NOFILESGID 0 25 rblsmtpd -b -r relays.osirusoft.com -r relays.ordb.org fixcrio qmail-smtpd mail.ala.net /usr/home/vpopmail/bin/vchkpw /usr/bin/true 21 permissions on qmail-smtpd: -rwxr-xr-x 1 rootqmail 128528 Jun 5 16:26 qmail-smtpd chown 6555 /var/qmail/bin/qmail-smtpd I am assuming it has something to do with the setuid that the patch does, but I am unsure. Any pointers? follow the comments above and you should be set. Tom Walsh Network Admin http://www.ala.net/ -- Lars Gustafson [EMAIL PROTECTED] i3 micro technology ab
Re: [vchkpw] qmail-smtpd-chkusr Patch Problem
sorry.. i made a typo in pmy prevoius post... the line below should been saying. chmod 6555 qmail-smtpd sorry On 06 Jun 2003 08:08:44 +0200 Lars Gustafson [EMAIL PROTECTED] wrote: permissions on qmail-smtpd: -rwxr-xr-x 1 rootqmail 128528 Jun 5 16:26 qmail-smtpd Never mind the following line. the on on top is the one to use. chown 6555 /var/qmail/bin/qmail-smtpd -- Lars Gustafson [EMAIL PROTECTED] i3 micro technology ab --
Re: [vchkpw] qmail-smtpd-chkusr Patch Problem
Tom, I suppose you're using the regular version, as you speak of setuid. You have to read carefully instructions at www.interazioni.it/qmail. These are the instructions for the regular version: regular qmail-smtpd-chkusr must be installed (by default in /var/qmail/bin) with setuid (user qmaild) and setgid (group qnofiles), and executed by tcpserver with -u vpopmail-user and -g vchkpw-group parameters. qmail-smtpd-chkusr starts running with the original qmail-smtpd uid and gid, switching to needed uid and gid only for vpopmail checks on user existance, turning back to the starting uid and gid. You have to set SUID (set-user-ID-on-execution) and SGID (set-group-ID-on-execution) bits on qmail-smtpd-chkusr: chown qmaild qmail-smtpd-chkusr chgrp qnofiles qmail-smtpd-chkusr chmod 6555 qmail-smtpd-chkusr and the result you see should be like (different size and date, of course): -r-sr-sr-x 1 qmaild qnofiles 57056 Feb 14 18:18 qmail-smtpd-chkusr Integrate qmail-smtpd-chkusr in your start files: As example, a real start command for qmail-smtpd-chkusr may be #!/bin/sh -e # # Using splogger to send the log through syslog. exec env - PATH=/var/qmail/bin:/usr/local/bin \ tcpserver -t 5 -v -p -x your.tcp.smtp.cdb \ -u vpopmail-user -g vchkpw-group -l your-host.domain 0 smtp \ qmail-smtpd-chkusr splogger smtpd where vpopmail-user = vpopmail uid vchkpw-group = vchkpw gid your-host.domain = your host.domain (!) your.tcp.smtp.cdb = your tcp.permission.to.relay cdb NOTE: if you are using more system users for your domains, the execution uid (which I indicated as vpopmail) should be set to root. Ciao, Tonino At 05/06/03 05/06/03 -0500, Tom Walsh wrote: I have patched my qmail to use the qmail-smtpd-chkusr functionality (on rcpt to: check to see if a user exists on the mail server and if the user doesn't send a 550). I have tested the functionality of qmail-smtpd (compiled with this patch and a couple others) and it works when I run it from the command line. My problem is when I run it from the tcpserver/supervise script the functionality doesn't work. I have managed to get it working by altering the -u and -g on the tcpserver command line to be root. When I do that it works flawlessly. It also works if I set the uid to root and set the gid to qmaild. My question (and I suppose directed at tonix): How can I get this to run with the proper user and group permissions of qmaild? Here are some of the details of my installation. /usr/bin/id -g qmaild 81 cat /etc/group |grep 81 qnofiles:*:81: ./supervise/smtp/run #!/bin/sh PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin export PATH QMAILUID=0 #NOFILESGID=0 #QMAILUID=`/usr/bin/id -u qmaild` NOFILESGID=`/usr/bin/id -g qmaild` exec softlimit -m 800 tcpserver -v -c 384 -p -R -x /usr/home/vpopmail/etc/tcp.smtp.cdb -u $QMAILUID -g $NOFILESGID 0 25 rblsmtpd -b -r relays.osirusoft.com -r relays.ordb.org fixcrio qmail-smtpd mail.ala.net /usr/home/vpopmail/bin/vchkpw /usr/bin/true 21 permissions on qmail-smtpd: -rwxr-xr-x 1 root qmail 128528 Jun 5 16:26 qmail-smtpd I am assuming it has something to do with the setuid that the patch does, but I am unsure. Any pointers? Tom Walsh Network Admin http://www.ala.net/ [EMAIL PROTECTED] Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [vchkpw] qmail-smtpd-chkusr Patch Problem
You did not read the instruction carefully it needs to run as vpopmail users -- Remo Mattei --cell 801-209-8554 http://www.italy1.com Freelance Networking-Security/Consultant MCSE, MCP, MCP+I, MCT Linux Trainer Firewall Development [EMAIL PROTECTED] From: Tom Walsh [EMAIL PROTECTED] Date: Thu, 5 Jun 2003 18:39:12 -0500 To: [EMAIL PROTECTED] Subject: [vchkpw] qmail-smtpd-chkusr Patch Problem I have patched my qmail to use the qmail-smtpd-chkusr functionality (on rcpt to: check to see if a user exists on the mail server and if the user doesn't send a 550). I have tested the functionality of qmail-smtpd (compiled with this patch and a couple others) and it works when I run it from the command line. My problem is when I run it from the tcpserver/supervise script the functionality doesn't work. I have managed to get it working by altering the -u and -g on the tcpserver command line to be root. When I do that it works flawlessly. It also works if I set the uid to root and set the gid to qmaild. My question (and I suppose directed at tonix): How can I get this to run with the proper user and group permissions of qmaild? Here are some of the details of my installation. /usr/bin/id -g qmaild 81 cat /etc/group |grep 81 qnofiles:*:81: ./supervise/smtp/run #!/bin/sh PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin export PATH QMAILUID=0 #NOFILESGID=0 #QMAILUID=`/usr/bin/id -u qmaild` NOFILESGID=`/usr/bin/id -g qmaild` exec softlimit -m 800 tcpserver -v -c 384 -p -R -x /usr/home/vpopmail/etc/tcp.smtp.cdb -u $QMAILUID -g $NOFILESGID 0 25 rblsmtpd -b -r relays.osirusoft.com -r relays.ordb.org fixcrio qmail-smtpd mail.ala.net /usr/home/vpopmail/bin/vchkpw /usr/bin/true 21 permissions on qmail-smtpd: -rwxr-xr-x 1 rootqmail 128528 Jun 5 16:26 qmail-smtpd I am assuming it has something to do with the setuid that the patch does, but I am unsure. Any pointers? Tom Walsh Network Admin http://www.ala.net/
Re: [vchkpw] qmail-smtpd-chkusr Patch Problem
Here is mine: rwxr-xr-x1 root qmail 90680 May 9 01:21 qmail-smtpd -- Remo Mattei --cell 801-209-8554 http://www.italy1.com Freelance Networking-Security/Consultant MCSE, MCP, MCP+I, MCT Linux Trainer Firewall Development [EMAIL PROTECTED] From: Rick Macdougall [EMAIL PROTECTED] Organization: Nougen Canada Inc. Date: Thu, 05 Jun 2003 19:58:25 -0400 To: Tom Walsh [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [vchkpw] qmail-smtpd-chkusr Patch Problem Hi, I had the same problem, root.nofiles for for qmail-smtpd-chkusr with owner and group suid workd for me ls -l qmail-smtp* -rwxr-xr-x1 root qmail 37740 Mar 26 11:36 qmail-smtpd -r-sr-sr-x1 root nofiles224080 May 13 05:27 qmail-smtpd-chkusr Regards, Rick Tom Walsh wrote: I have patched my qmail to use the qmail-smtpd-chkusr functionality (on rcpt to: check to see if a user exists on the mail server and if the user doesn't send a 550). I have tested the functionality of qmail-smtpd (compiled with this patch and a couple others) and it works when I run it from the command line. My problem is when I run it from the tcpserver/supervise script the functionality doesn't work. I have managed to get it working by altering the -u and -g on the tcpserver command line to be root. When I do that it works flawlessly. It also works if I set the uid to root and set the gid to qmaild. My question (and I suppose directed at tonix): How can I get this to run with the proper user and group permissions of qmaild? Here are some of the details of my installation. /usr/bin/id -g qmaild 81 cat /etc/group |grep 81 qnofiles:*:81: ./supervise/smtp/run #!/bin/sh PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin export PATH QMAILUID=0 #NOFILESGID=0 #QMAILUID=`/usr/bin/id -u qmaild` NOFILESGID=`/usr/bin/id -g qmaild` exec softlimit -m 800 tcpserver -v -c 384 -p -R -x /usr/home/vpopmail/etc/tcp.smtp.cdb -u $QMAILUID -g $NOFILESGID 0 25 rblsmtpd -b -r relays.osirusoft.com -r relays.ordb.org fixcrio qmail-smtpd mail.ala.net /usr/home/vpopmail/bin/vchkpw /usr/bin/true 21 permissions on qmail-smtpd: -rwxr-xr-x 1 rootqmail 128528 Jun 5 16:26 qmail-smtpd I am assuming it has something to do with the setuid that the patch does, but I am unsure. Any pointers? Tom Walsh Network Admin http://www.ala.net/