Re: [qmailtoaster] Qmail-toaster relay with Exchange Failed.... help
Add smtproute in qmail server for your domain as --- mydomain.com.my: exchange server IP --- On 10/1/05, Gabriel Lai Yong Shern [EMAIL PROTECTED] wrote: Hi Guys.I've configured qmail-toaster with guide by Nick http://www.qmailtoaster.com/info/EZ-QmailToaster-Install.txtafter compilation installation of the packages, everything was runningvery well. Then I edit /var/qmail/control and put in mydomain.com.my forallowing mails to come in.Then, I edit /etc/tcprules.d/tcp.smtp and insert a line [ExchangeServer's IP]:allow, RELAYCLIENT= then run qmailctl cdbEvery setup was fine. Then, I tried sending emails from yahoo.com tomydomain.com.my, qmail server received the emails, but queue-ing at thefolder, cannot deliver to the exchange server. Then, I tried to send from Exchange Server to my yahoo mail, it works fine for outgoing mails.I can received mail from mydomain.com.myLater, I realise that I need to setup a local DNS for the server, so I configure bind on the server itself, and set 127.0.0.1 as PrimaryServer, and Secondary is another DNS Server. However, it's still thesame. It bounced all emails back to senders from qmail server. I've no ideas how to get this works relaying with Exchange Server. Ineed more helps from everyone. I suspect this is caused by DNS server,however, I don't have any experienced in this.Please help -To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]-- Stay tuned. I could say something brilliant at any moment.. Arvind A. WadkarNetwork Administratorhttp://www.ozoneinfo.co.in
Re: [qmailtoaster] Qmail Toaster with LDAP
i configured all the settings but when i give username and password it shows following error in /var/log/squid/cache.log and users are not able to authanticate 2005/09/22 10:19:01| helperOpenServers: Starting 5 'squidauth.py' processes2005/09/22 10:19:01| ipcCreate: /root/squidauth.py: (13) Permission denied2005/09/22 10:19:01| ipcCreate: /root/squidauth.py: (13) Permission denied 2005/09/22 10:19:01| ipcCreate: /root/squidauth.py: (13) Permission denied2005/09/22 10:19:01| ipcCreate: /root/squidauth.py: (13) Permission denied2005/09/22 10:19:01| ipcCreate: /root/squidauth.py: (13) Permission denied 2005/09/22 10:19:55| WARNING: basicauthenticator #4 (FD 9) exited if i run squidauth.py from command line and give username and password it shows 'OK' plz reply how to configure it properly
Re: [qmailtoaster] Qmail Toaster with LDAP
thanks, it is working fine i tryed changing permission as 755 to that file but i forgot that the script is in root folder and that folder is not having proper rights for squid, so then i transferred file in the usr/bin then it is working thanks ones again On 9/22/05, T. V. Sivaraman [EMAIL PROTECTED] wrote: Yes you have to set proper permissions to the .py file for authentication. I have not yet integrated the python script with squid but I did try it independently, it really works. Sivaraman. Arvind Wadkar wrote: i configured all the settings but when i give username and password it shows following error in /var/log/squid/cache.log and users are not able to authanticate 2005/09/22 10:19:01| helperOpenServers: Starting 5 'squidauth.py' processes2005/09/22 10:19:01| ipcCreate: /root/squidauth.py: (13) Permission denied2005/09/22 10:19:01| ipcCreate: /root/squidauth.py: (13) Permission denied 2005/09/22 10:19:01| ipcCreate: /root/squidauth.py: (13) Permission denied2005/09/22 10:19:01| ipcCreate: /root/squidauth.py: (13) Permission denied2005/09/22 10:19:01| ipcCreate: /root/squidauth.py: (13) Permission denied 2005/09/22 10:19:55| WARNING: basicauthenticator #4 (FD 9) exited if i run squidauth.py from command line and give username and password it shows 'OK' plz reply how to configure it properly -- Dr. T. V. Sivaraman, Scientist,National Geophysical Research Institute,Uppal Road, Hyderabad - 500 007. INDIA. Telephone: 91-40-23434644 (Office), 91-40-23434828 (Home)FAX: 91-40-23434651, 91-40-27171564Email: [EMAIL PROTECTED], [EMAIL PROTECTED]Web: www.ngri.org.in-- Stay tuned. I could say something brilliant at any moment.. Arvind A. WadkarNetwork Administratorhttp://www.ozoneinfo.co.in
[qmailtoaster] Qmail Toaster with LDAP
Can any one tell me how to configure toaster with LDAP for user authentication for SMTP,pop3, imap or how i can user the same user name and password from mysql for squid authentication -- Stay tuned. I could say something brilliant at any moment..Arvind A. WadkarNetwork Administratorhttp://www.ozoneinfo.co.in
Re: [qmailtoaster] Qmail Toaster with LDAP
Thank you
On 9/21/05, T. V. Sivaraman [EMAIL PROTECTED] wrote:
Attached script in the html file can be used with squid for user authentication. It uses vpopmail authentication mechanism.
Sivaraman
Arvind Wadkar wrote:
Can any one tell me how to configure toaster with LDAP
for user authentication for SMTP,pop3, imap
or
how i can user the same user name and password from mysql for
squid authentication
-- Stay tuned. I could say something brilliant at any moment..Arvind A. WadkarNetwork Administrator
http://www.ozoneinfo.co.in
-- Dr. T. V. Sivaraman, Scientist,National Geophysical Research Institute,Uppal Road, Hyderabad - 500 007. INDIA.
Telephone: 91-40-23434644 (Office), 91-40-23434828 (Home)FAX: 91-40-23434651, 91-40-27171564Email:
[EMAIL PROTECTED], [EMAIL PROTECTED]Web:
www.ngri.org.in
Squid authentication via POP or IMAP
Home
Archives
Articles
LUGLI
Pictures
KFTE
KDE
KRSN
bartleblog
Uqbar
Qmail Stuff
Discuss this article [6]
Why do this?
It is often obviously needed to restrict web access based on usernames and passwords, rather than IP numbers, specially if users switch computers often (example, a computer lab in a school).
The usual ways to handle this are:
PAM authentication for Squid
This makes Squid use the system's list of users to identify the clients. The problem is, of course, that then you need to have all the users defined in the Squid system, or something involving remote PAM authentication, which is non-trivial sometimes.
NTLM authentication for Squid
This uses the windows session credentials to check identity against a Windows Domain Controller. The issues here for Linux clients are obvious. Besides, sometimes people don't start sessions, or have generic sessions shared between many users.
Apache style password files
The same problems as PAM, and you don't have the chance to authenticate remotely.
So, here's another solution: make Squid check the user and password against a POP or IMAP account. As long as everyone has a mail account on some server (all users in the same server, if you want this to be simple), this should work.
External Authentication Programs
Squid uses external programs to handle the authentication. Here are simple versions written in Python. feel free to write better ones in other languages and send them to me.
POP3 external authentication program for Squid#!/usr/bin/env python
from poplib import POP3
import sys
#POP server against which we authenticate
server=127.0.0.1
#Port number for POP server. Usually 110
port=110
#Below here you shouldn't need to edit anything
while 1:
#Read user and password from stdin, remove the newline, split at the space
#and assign to the user and password variables
line=sys.stdin.readline()[:-1]
[user,password]=line.split(' ')
#Connect to the POP server
p=POP3(server,port)
#Try to authenticate. If it doesn't work, it throws an exception
try:
p.user(user)
p.pass_(password)
except:
#If it threw an exception, log in cache.log the ayth booboo
sys.stderr.write(ERR authenticating %s\n%user)
#Then deny access
sys.stdout.write(ERR\n)
#IMPORTANT Flush stdout
sys.stdout.flush()
continue
#If it didn't throw exceptions, that means it authenticated
#Log success to cache.log
sys.stderr.write(OK authenticated %s\n%user)
#Then allow access
sys.stdout.write(OK\n)
sys.stdout.flush()
The IMAP version is better because POP access often locks the mailbox, so you could have authentication failures in the proxy is the user is reading his mail at the same time. As you can see, the programs are pretty much the same.
Of course, it is possible to write versions that use secure POP, or TLS, or APOP. Since I don't need them, I won't write them, but it is possible if you write them ;-)
IMAP external authentication program for Squid#!/usr/bin/env python
from imaplib import IMAP4
import sys
#IMAP server against which we authenticate
server=127.0.0.1
#Port number for IMAP server. Usually 143
port=143
#Below here you shouldn't need to edit anything
while 1:
#Read user and password from stdin, remove the newline, split at the space
#and assign to the user and password variables
line=sys.stdin.readline()[:-1]
[user,password]=line.split(' ')
#Connect to the IMAP server
p=IMAP4(server,port)
#Try to authenticate. If it doesn't work, it throws an exception
try:
p.login(user,password)
except:
#If it threw an exception, log in cache.log the auth booboo
sys.stderr.write(ERR authenticating %s\n%user)
#Then deny access
sys.stdout.write(ERR\n)
#IMPORTANT Flush stdout
sys.stdout.flush()
continue
#If it didn't throw exceptions, that means it authenticated
#Log success to cache.log
sys.stderr.write(OK authenticated %s\n%user)
#Then allow access
sys.stdout.write(OK\n)
sys.stdout.flush
Re: Fw: [qmailtoaster] QMail relay with Exchange.. Please help
This is the flow
USERS Exchange Server Qmail {{{ INTERNET }}}
On 9/22/05, Gabriel Lai Yong Shern [EMAIL PROTECTED] wrote:
So exchange users can send emails to the internet through qmail??Arvind Wadkar wrote:
No need to add all users in qmail servers just allow relaying for exchange server IP On 9/22/05, *Gabriel Lai Yong Shern* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote: I wonder now, 1) whether all emails from Exchange Server will be sent through
Qmail ? If so, all emails from local users to the internet will be scan by Qmail simscan. 2) Did I need to add all users into qmail since it's just a
relaying server. Diagram POP: Internet--- Qmail server (frontend)-- Exchange Server (Back-end) Diagram SMTP Local users-- Exchange Server (users profile)-- Qmail Server
(scanning)--- Internet please advice in further Wayne Blick wrote: How can I setup tcp.smtp rule??
In /etc/tcprules.d/tcp.smtp add a line like: 192.168.0.2:allow,RELAYCLIENT= Make sure to use the IP address of YOUR Exchange server.Then run:
qmailctl cdb Regards, Wayne Blick -
To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail:
[EMAIL PROTECTED]-- Stay tuned. I could say something brilliant at any moment..Arvind A. WadkarNetwork Administrator
http://www.ozoneinfo.co.in
Re: [qmailtoaster] isoqlog-toaster
Don't see exact last lines of error above 5 or 6 lines u can see the error about failed dependencies 1st install that and then continue to isoqlog-toaster On 9/20/05, Jack D. Martin Jr. [EMAIL PROTECTED] wrote: I am trying to install qmail-toaster on Mandrake 10.1. When I issue the following command: rpmbuild --rebuild --with mdk101 isoqlog-toaster-2.1-1.2.5.src.rpm It fails with this error: Makefile:231: *** missing separator. Stop. error: Bad exit status from /var/tmp/rpm-tmp.19047 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.19047 (%build) I have tried pulling down the src rpm again, and rebuilding, to no avail. Any ideas? -- Stay tuned. I could say something brilliant at any moment.. Arvind A. WadkarNetwork Administratorhttp://www.ozoneinfo.co.in
Re: [qmailtoaster] isoqlog-toaster
chk this
/usr/src/RPM/BUILD/isoqlog-2.1/missing --help
On 9/20/05, Jack D. Martin Jr. [EMAIL PROTECTED] wrote:
Here is all of the output while I was running the command - nothing about a failed dependency that I see (doesn't mean I didn't miss it)
[EMAIL PROTECTED] qtms-install]# rpmbuild --rebuild --with mdk101 isoqlog-toaster-2.1-1.2.5.src.rpmInstalling isoqlog-toaster-2.1-1.2.5.src.rpm
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.45825+ umask 022+ cd /usr/src/RPM/BUILD+ cd /usr/src/RPM/BUILD+ rm -rf isoqlog-2.1+ /usr/bin/bzip2 -dc /usr/src/RPM/SOURCES/isoqlog-
2.1.tar.bz2+ tar -xf -+ STATUS=0+ '[' 0 -ne 0 ']'+ cd isoqlog-2.1+ echo 'Patch #0 (isoqlog-2.1-fixes.patch.bz2):'Patch #0 (isoqlog-2.1-fixes.patch.bz2):+ /usr/bin/bzip2 -d+ patch -p0 -s
+ echo 'Patch #1 (isoqlog-2.1-errno.patch.bz2):'Patch #1 (isoqlog-2.1-errno.patch.bz2):+ /usr/bin/bzip2 -d+ patch -p1 -s++ find . -type d -name CVS++ find . -type f -name '.cvs*'++ find . -type f -name '.#*'
+ '[' -f /var/tmp/isoqlog-2.1-gcc ']'+ rm -f /var/tmp/isoqlog-2.1-gcc+ '[' -x /usr/bin/gcc-3.2.3 ']'+ '[' -x /usr/bin/gcc-3.2.2 ']'+ '[' -x /usr/bin/gcc-3.2.1 ']'+ '[' -x /usr/bin/gcc-3.2 ']'+ '[' -x /usr/bin/gcc-
3.1.1 ']'+ echo gcc+ '[' -f /var/tmp/isoqlog-2.1-show_flags ']'+ cat++ cat /var/tmp/isoqlog-2.1-gcc+ chmod u+x /var/tmp/isoqlog-2.1-show_flags+ /var/tmp/isoqlog-2.1-show_flags
RPM RELEASE : isoqlog-toaster-2.1-1.2.5mdkOS TYPE IS : Mandrake 10.1 LinuxGCC IS : gccCCFLAGS : -O2 -fomit-frame-pointer -pipe -march=i586 -mtune=pentiumproLDFLAGS : -O2 -fomit-frame-pointer -pipe -march=i586 -mtune=pentiumpro
Apache User : apacheApache Group: apache
+ '[' -f /var/tmp/isoqlog-2.1-show_flags ']'+ rm -f /var/tmp/isoqlog-2.1-show_flags++ cat /var/tmp/isoqlog-2.1-gcc+ export 'CC=gcc -O2 -fomit-frame-pointer -pipe -march=i586 -mtune=pentiumpro '
+ CC=gcc -O2 -fomit-frame-pointer -pipe -march=i586 -mtune=pentiumpro+ exit 0Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.19047+ umask 022+ cd /usr/src/RPM/BUILD+ cd isoqlog-2.1
+ libtoolize --copy --forceRemember to add `AC_PROG_LIBTOOL' to `configure.in'.You should add the contents of `/usr/share/aclocal/libtool.m4' to `aclocal.m4'.+ aclocal+ autoheaderautoheader-2.5x
: error: AC_CONFIG_HEADERS not found in configure.in+ automake --add-missing+ ./configure --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --
sysconfdir=/etc/isoqlog --datadir=/usr/share/toaster --includedir=/usr/include --libdir=/usr/lib --
libexecdir=/usr/lib --localstatedir=/var/lib --sharedstatedir=/usr/com --mandir=/usr/share/man --
infodir=/usr/share/infochecking for a BSD-compatible install... /usr/bin/install -cchecking whether build environment is sane... yes/usr/src/RPM/BUILD/isoqlog-2.1/missing: Unknown `--run' option
Try `/usr/src/RPM/BUILD/isoqlog-2.1/missing --help' for more informationconfigure: WARNING: `missing' script is too old or missingchecking for gawk... gawkchecking whether make sets ${MAKE}... yes
checking for gcc... gccchecking for C compiler default output... a.outchecking whether the C compiler works... yeschecking whether we are cross compiling... nochecking for suffix of executables...checking for suffix of object files... o
checking whether we are using the GNU C compiler... yeschecking whether gcc accepts -g... yeschecking for style of include used by make... GNUchecking dependency style of gcc... gcc3checking for a BSD-compatible install... /usr/bin/install -c
checking for gawk... (cached) gawkchecking for dirent.h that defines DIR... yeschecking for library containing opendir... none requiredchecking how to run the C preprocessor... gcc -Echecking for ANSI C header files... yes
checking for sys/types.h... yeschecking for sys/stat.h... yeschecking for stdlib.h... yeschecking for string.h... yeschecking for memory.h... yeschecking for strings.h... yeschecking for inttypes.h..
. yeschecking for stdint.h... yeschecking for unistd.h... yeschecking fcntl.h usability... yeschecking fcntl.h presence... yeschecking for fcntl.h... yeschecking for strings.h... (cached) yeschecking for
unistd.h... (cached) yeschecking for size_t... yeschecking whether struct tm is in sys/time.h or time.h... time.hchecking for gethostname... yeschecking for mkdir... yeschecking for strdup... yeschecking for strerror... yes
checking for strstr... yesconfigure: creating ./config.statusconfig.status: creating Makefileconfig.status: creating htmltemp/Makefileconfig.status: creating htmltemp/images/Makefileconfig.status: creating htmltemp/library/Makefile
config.status: creating lang/Makefileconfig.status: creating tr/Makefileconfig.status: executing default-1 commands+ makeMakefile:231: *** missing separator. Stop.error: Bad exit status from /var/tmp/rpm-
tmp.19047 (%build)
RPM build errors: Bad exit status from /var/tmp/rpm-tmp.19047 (%build)
From: Arvind Wadkar [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 20, 2005 7:45 AM
To: qmailtoaster-list@qmailtoaster.comSubject: Re: [qmailtoaster] isoqlog-toaster
Don't
[qmailtoaster] SMTP problem
Sir, till16th my mail server is working fine when i came in office on monday mornning i saw that no one can able to send mails, when i try to telnet on port 25 it is not showing the welcome message and got stuck over there this is the log of smtp @4000432e3fdc2dd1ce14 tcpserver: status: 1/100@4000432e3fdc2dd5bde4 tcpserver: pid 29806 from 172.27.1.112@4000432e3fdc2dd75bf4 tcpserver: ok 29806 rnd.nio.org:192.168.1.10:25 :172.27.1.112::4441 i tryed qmailctl stop and start but to luck can any one help me-- Stay tuned. I could say something brilliant at any moment..Arvind A. WadkarNetwork Administratorhttp://www.ozoneinfo.co.in
[qmailtoaster] Re: SMTP problem
Sorry boys i found the problem, this is because of DNS my server is not able to reach the dns server thats why it is happened now it is working fine.. On 9/19/05, Arvind Wadkar [EMAIL PROTECTED] wrote: Sir, till16th my mail server is working fine when i came in office on monday mornning i saw that no one can able to send mails, when i try to telnet on port 25 it is not showing the welcome message and got stuck over there this is the log of smtp @4000432e3fdc2dd1ce14 tcpserver: status: 1/100@4000432e3fdc2dd5bde4 tcpserver: pid 29806 from 172.27.1.112 @4000432e3fdc2dd75bf4 tcpserver: ok 29806 rnd.nio.org:192.168.1.10:25 :172.27.1.112::4441 i tryed qmailctl stop and start but to luck can any one help me-- Stay tuned. I could say something brilliant at any moment..Arvind A. WadkarNetwork Administrator http://www.ozoneinfo.co.in -- Stay tuned. I could say something brilliant at any moment..Arvind A. WadkarNetwork Administrator http://www.ozoneinfo.co.in
[qmailtoaster] Configure Mail Storage relay server
hi i want to configure to mail servers one is in intranet and other is in dmz, intranet mail server is forwarding all mail to dmz mail server to relay when i configure this i have to add entry in smtproute :x.x.x.x (ip of dmz mail) on intranet server my que. is what configration i have to do on dmz mail server 'cuse when i do this it is showing relaying denied -- Stay tuned. I could say something brilliant at any moment..Arvind A. WadkarNetwork Administratorhttp://www.ozoneinfo.co.in
