Re: [vchkpw] Vpopmail smtp-auth
DAve wrote: Good morning, Seems I am posting all over the internet these last two weeks, but I can't seem to grab my butt lately. I got FreeBSD running on the Sunfires, netqmail installed, Simscan install, ClamAV installed, everything is working fine. Last step, smtp-auth, why did I try? I should have let today end on a good note. If you use FreeBSD, you should use Matt Simersons FreeBSD Qmail Toaster: http://www.tnpi.biz. ... Mysql 4.0, also tried 4.1. I think both are now EOL in that no timely security-fixes are provided any longer. You have to use 5.x - though 4.x should still work, of course. No errors when building, seems to work, bash-2.05b# /home/vpopmail/bin/vuserinfo [EMAIL PROTECTED] Error. Domain pixelhammer.com was not found in the assign file That should not happen. What happens when you add a domain? Does it get added to the assign file? The one thing that is different, is I have an empty assign file. This server is used for smtp-auth *outbound* only service. So, just for fun I added the test domain to the assign file, still fails. Did you build the cdb? The sql-error is also not good, though I can't say what it is caused by ATM. If you can, use Matt's toaster. cheers, Rainer
Re: [vchkpw] Vpopmail smtp-auth
On Thu, 2007-03-08 at 08:55 -0500, DAve wrote: Rainer Duffner wrote: DAve wrote: Good morning, No errors when building, seems to work, bash-2.05b# /home/vpopmail/bin/vuserinfo [EMAIL PROTECTED] Error. Domain pixelhammer.com was not found in the assign file That should not happen. What happens when you add a domain? Does it get added to the assign file? I do not want to add a domain to this server. I do not think you understand what this server is doing. See below, this server is doing *outbound* service only, there will be no local deliveries. I have a similar setup - but locked down to an IP and a separate qmail install. That IP/qmail install is only for auth'd outgoing email - nothing gets delivered to hosted domains. Even if you're not doing 'local' delivery, you still need to be able to resolve a username with vuserinfo. Otherwise vchkpw won't be able to auth for you either. So yes, you need a complete install as if it's a complete server. Now, what I did for my 'local' domains, since delivery is not happening locally, is create a smtproutes file for those domains and point them to the MX. Rick
Re: [vchkpw] Vpopmail smtp-auth
Rick Romero wrote: On Thu, 2007-03-08 at 08:55 -0500, DAve wrote: Rainer Duffner wrote: DAve wrote: Good morning, No errors when building, seems to work, bash-2.05b# /home/vpopmail/bin/vuserinfo [EMAIL PROTECTED] Error. Domain pixelhammer.com was not found in the assign file That should not happen. What happens when you add a domain? Does it get added to the assign file? I do not want to add a domain to this server. I do not think you understand what this server is doing. See below, this server is doing *outbound* service only, there will be no local deliveries. I have a similar setup - but locked down to an IP and a separate qmail install. That IP/qmail install is only for auth'd outgoing email - nothing gets delivered to hosted domains. Even if you're not doing 'local' delivery, you still need to be able to resolve a username with vuserinfo. Otherwise vchkpw won't be able to auth for you either. So yes, you need a complete install as if it's a complete server. Hmm, other than the assign file situation vuserinfo works, bash-2.05b# ./vuserinfo [EMAIL PROTECTED] Error. Domain pixelhammer.com was not found in the assign file name: dave.list passwd: $1$jB.dCgrW$GbolDS0pK/BMUJuoHwhq20 clear passwd: xx comment/gecos: dave.list uid:0 gid:0 flags: 0 gecos: dave.list limits: No user limits set. dir: /home/vpopmail/domains/pixelhammer.com/dave.list quota: NOQUOTA usage: NOQUOTA last auth: Thu Mar 8 09:13:00 2007 last auth ip: 64.184.10.26 bash-2.05b# Other than the assign file and the virtualdomains file, it is a complete server. If I scp over a assign file, a virtualdomains file, run /var/qmail/bin/qmail-newu, restart qmail, the assign error goes away in vuserinfo. However the checkpassword_debug still fails to work. I am going to try and get back to it today. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible.
Re: [vchkpw] Vpopmail smtp-auth
DAve, I think you've found a bug in vchkpw. For some reason, it wants to create the user's directory if it doesn't already exist. This could be related to updating the lastauth file in the user's directory. Disabling AUTH_LOGGING on that system will help, but you'll still have code trying to create the directory. Go into login_virtual_user() and get rid of everything from the comment, If thier directory path is empty make them a new one to right before #ifdef CLEAR_PASS. Let me know if that works, and I'll make changes to the release version. That code could probably be permanently removed -- the user's directory is created by vdelivermail when necessary. vchkpw doesn't need to be doing it. -- Tom Collins - [EMAIL PROTECTED] Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/ QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/
Re: [vchkpw] Vpopmail smtp-auth
Tom Collins wrote: DAve, I think you've found a bug in vchkpw. Bug? After running this entire situation through my thick head, again, I more suspect I am trying to do something with vchkpw it was never intended to do. In a nutshell I am trying to use vchkpw as an auth tool only, and nothing else from vpopmail. For some reason, it wants to create the user's directory if it doesn't already exist. This could be related to updating the lastauth file in the user's directory. Disabling AUTH_LOGGING on that system will help, but you'll still have code trying to create the directory. Ok, so I'm not completely crazy. Configuring with --disable-auth-logging got the messages to stop last night, so I was on the right track. However, tailing the remote MySQL logs shows that the only queries to hit MySQL are the following. # configured with --disable-auth-logging select pw_name, pw_passwd, pw_uid, pw_gid, pw_gecos, pw_dir, pw_shell , pw_clear_passwd from vpopmail where pw_name = dave.list and pw_domain = pixelhammer.com # configured with --enable-auth-logging select pw_name, pw_passwd, pw_uid, pw_gid, pw_gecos, pw_dir, pw_shell , pw_clear_passwd from vpopmail where pw_name = dave.list and pw_domain = pixelhammer.com replace into lastauth set user='dave.list', domain='pixelhammer.com', remote_ip='', timestamp=1173418087 Remote IP is not set. (I would think this was normal as checkpassword_debug is not setting the env variables) So disabling auth logging helped, but authentication still fails. Though, it certainly looks like the query is made correctly to SQL and the result returned. I am again suspicious of the assign error shown in the output of checkpassword_debug. bash-2.05b# /usr/local/src/vpopmail-5.4.17/contrib/checkpassword_debug -vvv -c /home/vpopmail/bin/vchkpw -l dave.list%pixelhammer.com Please enter password: /home/vpopmail/bin/vchkpw started with pid 20840 sending dave.list%pixelhammer.comNULLNULL0NULL (35 bytes) to checkpassword with uid/gid: 0/0 waiting... Error. Domain pixelhammer.com was not found in the assign file done normal exit from checkpassword checkpassword exit value: 6 I think... that vchkpw will not work without a complete working install. It seems to need to have access to the domains, virtualdomains, and users/cdb file. Go into login_virtual_user() and get rid of everything from the comment, If thier directory path is empty make them a new one to right before #ifdef CLEAR_PASS. Let me know if that works, and I'll make changes to the release version. That code could probably be permanently removed -- the user's directory is created by vdelivermail when necessary. vchkpw doesn't need to be doing it. It seemed to have no effect. If that means can you remove it?, I can test on a working production toaster and let you know (I got a spare now ;^) Now debating how to go around this. I really want to auth against my existing vpopmail DB. Thanks Tom, DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible.
