I suppose you're using the "regular" version, as you speak of setuid.
You have to read carefully instructions at www.interazioni.it/qmail.
These are the instructions for the regular version:
"regular" qmail-smtpd-chkusr must be installed (by default in /var/qmail/bin) with setuid (user qmaild) and setgid (group qnofiles), and executed by tcpserver with -u vpopmail-user and -g vchkpw-group parameters.
qmail-smtpd-chkusr starts running with the original qmail-smtpd uid and gid, switching to needed uid and gid only for vpopmail checks on user existance, turning back to the starting uid and gid.
You have to set SUID (set-user-ID-on-execution) and SGID (set-group-ID-on-execution) bits on qmail-smtpd-chkusr:
chown qmaild qmail-smtpd-chkusr
chgrp qnofiles qmail-smtpd-chkusr
chmod 6555 qmail-smtpd-chkusr
and the result you see should be like (different size and date, of course):
-r-sr-sr-x 1 qmaild qnofiles 57056 Feb 14 18:18 qmail-smtpd-chkusr
Integrate qmail-smtpd-chkusr in your start files:
As example, a real start command for qmail-smtpd-chkusr may be
#!/bin/sh -e
#
# Using splogger to send the log through syslog.
exec env - PATH="/var/qmail/bin:/usr/local/bin" \
tcpserver -t 5 -v -p -x <your.tcp.smtp.cdb> \
-u <vpopmail-user> -g <vchkpw-group> -l <your-host.domain> 0 smtp \
qmail-smtpd-chkusr splogger smtpd &
where
<vpopmail-user> = vpopmail uid
<vchkpw-group> = vchkpw gid
<your-host.domain> = your host.domain (!)
<your.tcp.smtp.cdb> = your tcp.permission.to.relay cdb
NOTE: if you are using more system users for your domains, the execution uid (which I indicated as vpopmail) should be set to root.
Ciao,
Tonino
At 05/06/03 05/06/03 -0500, Tom Walsh wrote:
I have patched my qmail to use the qmail-smtpd-chkusr functionality (on rcpt
to: check to see if a user exists on the mail server and if the user doesn't
send a 550).
I have tested the functionality of qmail-smtpd (compiled with this patch and
a couple others) and it works when I run it from the command line.
My problem is when I run it from the tcpserver/supervise script the
functionality doesn't work.
I have managed to get it working by altering the -u and -g on the tcpserver
command line to be root. When I do that it works flawlessly. It also works
if I set the uid to root and set the gid to qmaild.
My question (and I suppose directed at tonix):
How can I get this to run with the proper user and group permissions of
qmaild?
Here are some of the details of my installation.
/usr/bin/id -g qmaild
81
cat /etc/group |grep 81
qnofiles:*:81:
./supervise/smtp/run
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
QMAILUID=0
#NOFILESGID=0
#QMAILUID=`/usr/bin/id -u qmaild`
NOFILESGID=`/usr/bin/id -g qmaild`
exec softlimit -m 8000000 tcpserver -v -c 384 -p -R -x
/usr/home/vpopmail/etc/tcp.smtp.cdb -u $QMAILUID -g $NOFILESGID 0 25
rblsmtpd -b -r relays.osirusoft.com -r relays.ordb.org fixcrio qmail-smtpd
mail.ala.net /usr/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1
permissions on qmail-smtpd:
-rwxr-xr-x 1 root qmail 128528 Jun 5 16:26 qmail-smtpd
I am assuming it has something to do with the setuid that the patch does,
but I am unsure.
Any pointers?
Tom Walsh
Network Admin
http://www.ala.net/
------------------------------------------------------------
[EMAIL PROTECTED] Interazioni di Antonio Nati
http://www.interazioni.it [EMAIL PROTECTED]
------------------------------------------------------------
