[toaster] smtp-auth
Hello, I installed Bill's qmail toaster v.0.9.2(qmail + vpopmail without mysql) for three of my domains. I want to allow all my user(intranet/internet) sending emails only using smtp authentication for local outside domain except squirrelmail. Appreciate your suggestion. Thanks, Tarique
Re[2]: [toaster] smtp auth not working
Tarique, What do you mean with local users? What is the source IP address of the users that smtp auth does not work? Thanks Wednesday, June 18, 2008, 6:14:41 PM, you wrote: Here is my qmail-smtpd/run file #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 8000 \ /usr/local/bin/tcpserver -v -H -R -l 0 \ -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd \ -r bl.spamcop.net \ -r list.dsbl.org \ -r combined.njabl.org \ /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /bin/true 21 Please advisei want smtp-auth for all user... -Original Message- From: Tarique Saleh Mahmud [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 18, 2008 8:51 PM To: toaster@shupp.org Subject: [toaster] smtp auth not working I am facing problem with my smtp server. I want to use smtp auth option for all user while sending mails but I found smtp auth is not working for local users. Please verify my tcp.smtp file and advise. 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/default,Q MAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmail/bin/simscan 192.168.2.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.3.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.4.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.5.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.6.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.7.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.8.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.9.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.10.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.0.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.14.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.15.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.16.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.20.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.24.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.34.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 194.128.159.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qm ail/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default :allow,RELAYCLIENT=,CHKUSER_RCPTLIMIT=15,CHKUSER_WRONGRCPTLIMIT=3,DKVE RIFY=DEGIJKfh,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmail/bin/simscan Thanks, Tarique -- + + http://www.enderunix.org/ismail http://www.endersys.com.tr + + EnderUNIX SDT @ Tr Endersys Consultancy Ltd.+ + ismail ~ enderunix.org ismail.yenigul ~ endersys.com.tr + + Volunteer, Core Team Member Project Manager + + SurGATE Messaging Gateway http://www.endersys.com.tr/urunler/surgate/surgate.html
Re: Re[2]: [toaster] smtp auth not working
Dear Ismail, Thank you for your mail. Sorry local user means inside my network user (192.168.2.0/24). Actually I want to enable smtp-auth for all user of my 3 domains, means i want to restrict all user sending mails without smtp auth. Thanks, Tarique Tarique, What do you mean with local users? What is the source IP address of the users that smtp auth does not work? Thanks Wednesday, June 18, 2008, 6:14:41 PM, you wrote: Here is my qmail-smtpd/run file #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 8000 \ /usr/local/bin/tcpserver -v -H -R -l 0 \ -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd \ -r bl.spamcop.net \ -r list.dsbl.org \ -r combined.njabl.org \ /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /bin/true 21 Please advisei want smtp-auth for all user... -Original Message- From: Tarique Saleh Mahmud [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 18, 2008 8:51 PM To: toaster@shupp.org Subject: [toaster] smtp auth not working I am facing problem with my smtp server. I want to use smtp auth option for all user while sending mails but I found smtp auth is not working for local users. Please verify my tcp.smtp file and advise. 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/default,Q MAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmail/bin/simscan 192.168.2.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.3.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.4.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.5.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.6.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.7.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.8.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.9.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.10.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.0.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.14.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.15.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.16.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.20.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.24.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.34.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 194.128.159.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qm ail/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default :allow,RELAYCLIENT=,CHKUSER_RCPTLIMIT=15,CHKUSER_WRONGRCPTLIMIT=3,DKVE RIFY=DEGIJKfh,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmail/bin/simscan Thanks, Tarique -- + + http://www.enderunix.org/ismail http://www.endersys.com.tr + + EnderUNIX SDT @ Tr Endersys Consultancy Ltd.+ + ismail ~ enderunix.org ismail.yenigul ~ endersys.com.tr + + Volunteer, Core Team Member Project Manager + + SurGATE Messaging Gateway http://www.endersys.com.tr/urunler/surgate/surgate.html
Re[4]: [toaster] smtp auth not working
Tarique, You must remove ,RELAYCLIENT= from the following line in tcp.smtp then rebuild tcp.smtp.cdb; 192.168.2.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qm Apply this rule for any other IP blocks that you want to enforce SMTP AUTH. Thanks Wednesday, June 18, 2008, 9:06:54 PM, you wrote: Dear Ismail, Thank you for your mail. Sorry local user means inside my network user (192.168.2.0/24). Actually I want to enable smtp-auth for all user of my 3 domains, means i want to restrict all user sending mails without smtp auth. Thanks, Tarique Tarique, What do you mean with local users? What is the source IP address of the users that smtp auth does not work? Thanks Wednesday, June 18, 2008, 6:14:41 PM, you wrote: Here is my qmail-smtpd/run file #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 8000 \ /usr/local/bin/tcpserver -v -H -R -l 0 \ -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd \ -r bl.spamcop.net \ -r list.dsbl.org \ -r combined.njabl.org \ /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /bin/true 21 Please advisei want smtp-auth for all user... -Original Message- From: Tarique Saleh Mahmud [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 18, 2008 8:51 PM To: toaster@shupp.org Subject: [toaster] smtp auth not working I am facing problem with my smtp server. I want to use smtp auth option for all user while sending mails but I found smtp auth is not working for local users. Please verify my tcp.smtp file and advise. 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/default,Q MAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmail/bin/simscan 192.168.2.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.3.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.4.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.5.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.6.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.7.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.8.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.9.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.10.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.0.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.14.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.15.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.16.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.20.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.24.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.34.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 194.128.159.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qm ail/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default :allow,RELAYCLIENT=,CHKUSER_RCPTLIMIT=15,CHKUSER_WRONGRCPTLIMIT=3,DKVE RIFY=DEGIJKfh,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmail/bin/simscan Thanks, Tarique -- + + http://www.enderunix.org/ismail http://www.endersys.com.tr + + EnderUNIX SDT @ Tr Endersys Consultancy Ltd.+ + ismail ~ enderunix.org ismail.yenigul ~ endersys.com.tr + + Volunteer, Core Team Member Project Manager + + SurGATE Messaging Gateway http://www.endersys.com.tr/urunler/surgate/surgate.html -- + + http://www.enderunix.org/ismail http://www.endersys.com.tr
Re: Re[4]: [toaster] smtp auth not working
Dear Ismail, I have removed RELAYCLIENT from all the lines in tcp.smtp file for all the IP blocks. Just let me know about 1st and last line of my tcp.smtp file--- 1 st line: 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/default,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmail/bin/simscan If i remove RELAYCLIENT option from this line will my squirrelmail user able to send emails Last line: :allow,CHKUSER_RCPTLIMIT=15,CHKUSER_WRONGRCPTLIMIT=3,DKVERIFY=DEGIJKfh,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmail/bin/simsc an Without RELAYCLIENT is my last line okay or i don't need this line. Please help me...i am a new user thank you for all of your effort. -Tarique Tarique, You must remove ,RELAYCLIENT= from the following line in tcp.smtp then rebuild tcp.smtp.cdb; 192.168.2.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qm Apply this rule for any other IP blocks that you want to enforce SMTP AUTH. Thanks Wednesday, June 18, 2008, 9:06:54 PM, you wrote: Dear Ismail, Thank you for your mail. Sorry local user means inside my network user (192.168.2.0/24). Actually I want to enable smtp-auth for all user of my 3 domains, means i want to restrict all user sending mails without smtp auth. Thanks, Tarique Tarique, What do you mean with local users? What is the source IP address of the users that smtp auth does not work? Thanks Wednesday, June 18, 2008, 6:14:41 PM, you wrote: Here is my qmail-smtpd/run file #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 8000 \ /usr/local/bin/tcpserver -v -H -R -l 0 \ -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd \ -r bl.spamcop.net \ -r list.dsbl.org \ -r combined.njabl.org \ /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /bin/true 21 Please advisei want smtp-auth for all user... -Original Message- From: Tarique Saleh Mahmud [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 18, 2008 8:51 PM To: toaster@shupp.org Subject: [toaster] smtp auth not working I am facing problem with my smtp server. I want to use smtp auth option for all user while sending mails but I found smtp auth is not working for local users. Please verify my tcp.smtp file and advise. 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/default,Q MAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmail/bin/simscan 192.168.2.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.3.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.4.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.5.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.6.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.7.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.8.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.9.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.10.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.0.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.14.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.15.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.16.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.20.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.24.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.34.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 194.128.159.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qm ail/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default :allow,RELAYCLIENT=,CHKUSER_RCPTLIMIT=15,CHKUSER_WRONGRCPTLIMIT=3,DKVE RIFY=DEGIJKfh,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmail
Re[6]: [toaster] smtp auth not working
Tarique, Without RELAYCLIENT is my last line okay or i don't need this line. Please help me...i am a new user thank you for all of your effort. That's OK. you don't have to change it. Thanks -Tarique Tarique, You must remove ,RELAYCLIENT= from the following line in tcp.smtp then rebuild tcp.smtp.cdb; 192.168.2.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qm Apply this rule for any other IP blocks that you want to enforce SMTP AUTH. Thanks Wednesday, June 18, 2008, 9:06:54 PM, you wrote: Dear Ismail, Thank you for your mail. Sorry local user means inside my network user (192.168.2.0/24). Actually I want to enable smtp-auth for all user of my 3 domains, means i want to restrict all user sending mails without smtp auth. Thanks, Tarique Tarique, What do you mean with local users? What is the source IP address of the users that smtp auth does not work? Thanks Wednesday, June 18, 2008, 6:14:41 PM, you wrote: Here is my qmail-smtpd/run file #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 8000 \ /usr/local/bin/tcpserver -v -H -R -l 0 \ -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd \ -r bl.spamcop.net \ -r list.dsbl.org \ -r combined.njabl.org \ /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /bin/true 21 Please advisei want smtp-auth for all user... -Original Message- From: Tarique Saleh Mahmud [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 18, 2008 8:51 PM To: toaster@shupp.org Subject: [toaster] smtp auth not working I am facing problem with my smtp server. I want to use smtp auth option for all user while sending mails but I found smtp auth is not working for local users. Please verify my tcp.smtp file and advise. 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/default,Q MAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmail/bin/simscan 192.168.2.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.3.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.4.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.5.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.6.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.7.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.8.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.9.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.10.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.0.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmai l/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.14.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.15.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.16.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.20.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.24.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 192.168.34.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qma il/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default 194.128.159.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qm ail/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/default :allow,RELAYCLIENT=,CHKUSER_RCPTLIMIT=15,CHKUSER_WRONGRCPTLIMIT=3,DKVE RIFY=DEGIJKfh,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmail/bin/simscan Thanks, Tarique -- + + http://www.enderunix.org/ismail http://www.endersys.com.tr + + EnderUNIX SDT @ Tr Endersys Consultancy Ltd.+ + ismail ~ enderunix.org ismail.yenigul ~ endersys.com.tr + + Volunteer, Core Team Member Project Manager + + SurGATE
Re: [toaster] smtp auth
Satish Alwani ha scritto: Hi, I have the qmail-toaster-0.8.3.patch, I am currently running 2 instances of qmail-smtpd (on 2 different ips). 1 is for the users to send the email from, 1 is for the MX record where their domain can get emails. What I would like to do is the smtp used as relay, should ONLY accept emails if they are authenticated. i.e. Even if the user wants to send an email to the same domain, it shouldnt accept it, unless authenticated. The other smtp server will be as is where the public incoming emails would go to. For this as I understand I can set it with tcp.smtp. Currently I am sharing the same tcp.smtp.cdb across both qmail-smtpd instances. I will be willing to manage 2 cdb files for this ofcourse. I tried to follow : http://www.mail-archive.com/toaster@shupp.org/msg04780.html and enabled CHKUSER_MUSTAUTH= on my ip (and yes i ran qmailctl cdb to update). However, I am still able to send emails to any domain I have on the box. Can someone help me with this please. Regards, Satish Alwani Did you also enable the option within chkuser_settings.h and recompile? Tonino -- [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [toaster] smtp auth
Hello, you should have #define CHKUSER_EXTRA_MUSTAUTH_VARIABLE CHKUSER_MUSTAUTH enabled (in chkuser_settings.h) and in tcp.smtp CHKUSER_MUSTAUTH= and RELAYCLIENT= must be deleted or it will be not working. If you change anything in chkuser_settings.h, qmail must be recompiled and installed again (make, make setup check) For me works ok. 2007/12/29, tonix (Antonio Nati) [EMAIL PROTECTED]: Satish Alwani ha scritto: Hi, I have the qmail-toaster-0.8.3.patch, I am currently running 2 instances of qmail-smtpd (on 2 different ips). 1 is for the users to send the email from, 1 is for the MX record where their domain can get emails. What I would like to do is the smtp used as relay, should ONLY accept emails if they are authenticated. i.e. Even if the user wants to send an email to the same domain, it shouldnt accept it, unless authenticated. The other smtp server will be as is where the public incoming emails would go to. For this as I understand I can set it with tcp.smtp. Currently I am sharing the same tcp.smtp.cdb across both qmail-smtpd instances. I will be willing to manage 2 cdb files for this ofcourse. I tried to follow : http://www.mail-archive.com/toaster@shupp.org/msg04780.html and enabled CHKUSER_MUSTAUTH= on my ip (and yes i ran qmailctl cdb to update). However, I am still able to send emails to any domain I have on the box. Can someone help me with this please. Regards, Satish Alwani Did you also enable the option within chkuser_settings.h and recompile? Tonino -- [EMAIL PROTECTED] Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED] -- Lampa
Re: [toaster] smtp auth
But it should work if i have 2 seperate cdb files to do this right? one for the local users / 1 for the public internet to MX to Satish tonix (Antonio Nati) wrote, On 2007-12-29 6:51 PM: Satish Alwani ha scritto: Hi, I have the qmail-toaster-0.8.3.patch, I am currently running 2 instances of qmail-smtpd (on 2 different ips). 1 is for the users to send the email from, 1 is for the MX record where their domain can get emails. What I would like to do is the smtp used as relay, should ONLY accept emails if they are authenticated. i.e. Even if the user wants to send an email to the same domain, it shouldnt accept it, unless authenticated. The other smtp server will be as is where the public incoming emails would go to. For this as I understand I can set it with tcp.smtp. Currently I am sharing the same tcp.smtp.cdb across both qmail-smtpd instances. I will be willing to manage 2 cdb files for this ofcourse. I tried to follow : http://www.mail-archive.com/toaster@shupp.org/msg04780.html and enabled CHKUSER_MUSTAUTH= on my ip (and yes i ran qmailctl cdb to update). However, I am still able to send emails to any domain I have on the box. Can someone help me with this please. Regards, Satish Alwani Did you also enable the option within chkuser_settings.h and recompile? Tonino -- [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [toaster] smtp auth
okay added that line.. recompiled as well, (make; make setup check ) however its still not working. for now i am trying to do it on my ip address ip.add.re.ss:allow,CHKUSER_MUSTAUTH= any suggestions on this? I also do have this going to qmail-scanner-st as my default qmail-queue Satish Lampa wrote, On 2007-12-29 8:14 PM: i'm using 2 separate cdb files (one with MUSTAUTH for local users and second for public mx) - two ip adresses 2007/12/29, Satish Alwani [EMAIL PROTECTED]: But it should work if i have 2 seperate cdb files to do this right? one for the local users / 1 for the public internet to MX to Satish tonix (Antonio Nati) wrote, On 2007-12-29 6:51 PM: Satish Alwani ha scritto: Hi, I have the qmail-toaster-0.8.3.patch, I am currently running 2 instances of qmail-smtpd (on 2 different ips). 1 is for the users to send the email from, 1 is for the MX record where their domain can get emails. What I would like to do is the smtp used as relay, should ONLY accept emails if they are authenticated. i.e. Even if the user wants to send an email to the same domain, it shouldnt accept it, unless authenticated. The other smtp server will be as is where the public incoming emails would go to. For this as I understand I can set it with tcp.smtp. Currently I am sharing the same tcp.smtp.cdb across both qmail-smtpd instances. I will be willing to manage 2 cdb files for this ofcourse. I tried to follow : http://www.mail-archive.com/toaster@shupp.org/msg04780.html and enabled CHKUSER_MUSTAUTH= on my ip (and yes i ran qmailctl cdb to update). However, I am still able to send emails to any domain I have on the box. Can someone help me with this please. Regards, Satish Alwani Did you also enable the option within chkuser_settings.h and recompile? Tonino -- [EMAIL PROTECTED] Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [toaster] smtp auth
actually i see the problem. the patch is of 2.0.8, you need 2.0.9 to make it work. I had to go to http://www.interazioni.it/opensource/chkuser/ and get the latest update tarball. After that it seems to be working. This seems to have fixed the problem. Perhaps we can move the 2.0.9 patch into the big patch? and update the readme for netqmail-1.06 now ? Regards, Satish Lampa wrote, On 2007-12-30 12:32 AM: Hello, in log is something ? Relayclient is not set, because if is set user can sent email? 2007/12/29, Satish Alwani [EMAIL PROTECTED]: okay added that line.. recompiled as well, (make; make setup check ) however its still not working. for now i am trying to do it on my ip address ip.add.re.ss:allow,CHKUSER_MUSTAUTH= any suggestions on this? I also do have this going to qmail-scanner-st as my default qmail-queue Satish Lampa wrote, On 2007-12-29 8:14 PM: i'm using 2 separate cdb files (one with MUSTAUTH for local users and second for public mx) - two ip adresses 2007/12/29, Satish Alwani [EMAIL PROTECTED]: But it should work if i have 2 seperate cdb files to do this right? one for the local users / 1 for the public internet to MX to Satish tonix (Antonio Nati) wrote, On 2007-12-29 6:51 PM: Satish Alwani ha scritto: Hi, I have the qmail-toaster-0.8.3.patch, I am currently running 2 instances of qmail-smtpd (on 2 different ips). 1 is for the users to send the email from, 1 is for the MX record where their domain can get emails. What I would like to do is the smtp used as relay, should ONLY accept emails if they are authenticated. i.e. Even if the user wants to send an email to the same domain, it shouldnt accept it, unless authenticated. The other smtp server will be as is where the public incoming emails would go to. For this as I understand I can set it with tcp.smtp. Currently I am sharing the same tcp.smtp.cdb across both qmail-smtpd instances. I will be willing to manage 2 cdb files for this ofcourse. I tried to follow : http://www.mail-archive.com/toaster@shupp.org/msg04780.html and enabled CHKUSER_MUSTAUTH= on my ip (and yes i ran qmailctl cdb to update). However, I am still able to send emails to any domain I have on the box. Can someone help me with this please. Regards, Satish Alwani Did you also enable the option within chkuser_settings.h and recompile? Tonino -- [EMAIL PROTECTED] Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [toaster] smtp auth
Hmm, little weird. i'm using http://www.shupp.org/patches/qmail-toaster-0.9.1.patch.bz2 eg patch 0.9.1. on main patch is link to older version but on http://www.shupp.org/toaster/?page=gettingstarted is to the newer version (0.9.1) To Shupp: please update main page to point to latest patch version. 2007/12/29, Satish Alwani [EMAIL PROTECTED]: actually i see the problem. the patch is of 2.0.8, you need 2.0.9 to make it work. I had to go to http://www.interazioni.it/opensource/chkuser/ and get the latest update tarball. After that it seems to be working. This seems to have fixed the problem. Perhaps we can move the 2.0.9 patch into the big patch? and update the readme for netqmail-1.06 now ? Regards, Satish Lampa wrote, On 2007-12-30 12:32 AM: Hello, in log is something ? Relayclient is not set, because if is set user can sent email? 2007/12/29, Satish Alwani [EMAIL PROTECTED]: okay added that line.. recompiled as well, (make; make setup check ) however its still not working. for now i am trying to do it on my ip address ip.add.re.ss:allow,CHKUSER_MUSTAUTH= any suggestions on this? I also do have this going to qmail-scanner-st as my default qmail-queue Satish Lampa wrote, On 2007-12-29 8:14 PM: i'm using 2 separate cdb files (one with MUSTAUTH for local users and second for public mx) - two ip adresses 2007/12/29, Satish Alwani [EMAIL PROTECTED]: But it should work if i have 2 seperate cdb files to do this right? one for the local users / 1 for the public internet to MX to Satish tonix (Antonio Nati) wrote, On 2007-12-29 6:51 PM: Satish Alwani ha scritto: Hi, I have the qmail-toaster-0.8.3.patch, I am currently running 2 instances of qmail-smtpd (on 2 different ips). 1 is for the users to send the email from, 1 is for the MX record where their domain can get emails. What I would like to do is the smtp used as relay, should ONLY accept emails if they are authenticated. i.e. Even if the user wants to send an email to the same domain, it shouldnt accept it, unless authenticated. The other smtp server will be as is where the public incoming emails would go to. For this as I understand I can set it with tcp.smtp. Currently I am sharing the same tcp.smtp.cdb across both qmail-smtpd instances. I will be willing to manage 2 cdb files for this ofcourse. I tried to follow : http://www.mail-archive.com/toaster@shupp.org/msg04780.html and enabled CHKUSER_MUSTAUTH= on my ip (and yes i ran qmailctl cdb to update). However, I am still able to send emails to any domain I have on the box. Can someone help me with this please. Regards, Satish Alwani Did you also enable the option within chkuser_settings.h and recompile? Tonino -- [EMAIL PROTECTED] Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED] -- Lampa
Re: [toaster] smtp auth
So do you think i should recompile once again using the latest patches? im using the old patches with netqmail-1.06 and updated chkuser. Considering its a crazy hybrid system, would appreciate your input on suggestions Satish Lampa wrote, On 2007-12-30 1:11 AM: Hmm, little weird. i'm using http://www.shupp.org/patches/qmail-toaster-0.9.1.patch.bz2 eg patch 0.9.1. on main patch is link to older version but on http://www.shupp.org/toaster/?page=gettingstarted is to the newer version (0.9.1) To Shupp: please update main page to point to latest patch version. 2007/12/29, Satish Alwani [EMAIL PROTECTED]: actually i see the problem. the patch is of 2.0.8, you need 2.0.9 to make it work. I had to go to http://www.interazioni.it/opensource/chkuser/ and get the latest update tarball. After that it seems to be working. This seems to have fixed the problem. Perhaps we can move the 2.0.9 patch into the big patch? and update the readme for netqmail-1.06 now ? Regards, Satish Lampa wrote, On 2007-12-30 12:32 AM: Hello, in log is something ? Relayclient is not set, because if is set user can sent email?
Re: [toaster] smtp auth
If you are using shupp toaster, use shupp's howto http://www.shupp.org/toaster/. Which seems using new version (0.9.1). in netqmail 1.06 aren't any significant changes (there is need to patch base qmail-1.03 and contains already error.h patch) So my suggestion is start from clean with shupp toaster. 2007/12/29, Satish Alwani [EMAIL PROTECTED]: So do you think i should recompile once again using the latest patches? im using the old patches with netqmail-1.06 and updated chkuser. Considering its a crazy hybrid system, would appreciate your input on suggestions Satish Lampa wrote, On 2007-12-30 1:11 AM: Hmm, little weird. i'm using http://www.shupp.org/patches/qmail-toaster-0.9.1.patch.bz2 eg patch 0.9.1. on main patch is link to older version but on http://www.shupp.org/toaster/?page=gettingstarted is to the newer version (0.9.1) To Shupp: please update main page to point to latest patch version. 2007/12/29, Satish Alwani [EMAIL PROTECTED]: actually i see the problem. the patch is of 2.0.8, you need 2.0.9 to make it work. I had to go to http://www.interazioni.it/opensource/chkuser/ and get the latest update tarball. After that it seems to be working. This seems to have fixed the problem. Perhaps we can move the 2.0.9 patch into the big patch? and update the readme for netqmail-1.06 now ? Regards, Satish Lampa wrote, On 2007-12-30 12:32 AM: Hello, in log is something ? Relayclient is not set, because if is set user can sent email? -- Lampa
Re: [toaster] smtp auth
Okay, used netqmail-1.06, rebuilt with latest qmail-toaster-0.91. Needed libdomainkeys to compile so got that as well, however the paths were broken. It needed ../../libdomainkeys whereas its it was in ../libdomainkeys only, so did those changes. Re-checked, MUSTAUTH works fine. , but my ssl doesnt. But at the moment, thats not a primary concern/major requirement. Also, is there a way to set the smtpgreeting / me mentioned from with the supervise/qmail-smtpd/run file itself ? Cause having 2 instances of qmail-smtpd on 2 different ip's, i would like to change the smtpgreeting on each to match the right server/host doing the job. Also, perhaps the site should mention all the variables/files which are affected with each patch (group by patch). That way users will know how to use the addl patches quickly. Satish Lampa wrote, On 2007-12-30 1:32 AM: If you are using shupp toaster, use shupp's howto http://www.shupp.org/toaster/. Which seems using new version (0.9.1). in netqmail 1.06 aren't any significant changes (there is need to patch base qmail-1.03 and contains already error.h patch) So my suggestion is start from clean with shupp toaster. 2007/12/29, Satish Alwani [EMAIL PROTECTED]: So do you think i should recompile once again using the latest patches? im using the old patches with netqmail-1.06 and updated chkuser. Considering its a crazy hybrid system, would appreciate your input on suggestions Satish Lampa wrote, On 2007-12-30 1:11 AM: Hmm, little weird. i'm using http://www.shupp.org/patches/qmail-toaster-0.9.1.patch.bz2 eg patch 0.9.1. on main patch is link to older version but on http://www.shupp.org/toaster/?page=gettingstarted is to the newer version (0.9.1) To Shupp: please update main page to point to latest patch version. 2007/12/29, Satish Alwani [EMAIL PROTECTED]: actually i see the problem. the patch is of 2.0.8, you need 2.0.9 to make it work. I had to go to http://www.interazioni.it/opensource/chkuser/ and get the latest update tarball. After that it seems to be working. This seems to have fixed the problem. Perhaps we can move the 2.0.9 patch into the big patch? and update the readme for netqmail-1.06 now ? Regards, Satish Lampa wrote, On 2007-12-30 12:32 AM: Hello, in log is something ? Relayclient is not set, because if is set user can sent email?
Re: [toaster] smtp auth
For ssl - did you make certficate and make tmprsadh (http://www.shupp.org/toaster/?page=vpopmail) ? For smtp greetings i think that isn't possible (maybe is possible via some variable), but i think that you must run 2 separate qmail (separate control files). Maybe sometime i write patch which load specified file instead default. 2007/12/29, Satish Alwani [EMAIL PROTECTED]: Okay, used netqmail-1.06, rebuilt with latest qmail-toaster-0.91. Needed libdomainkeys to compile so got that as well, however the paths were broken. It needed ../../libdomainkeys whereas its it was in ../libdomainkeys only, so did those changes. Re-checked, MUSTAUTH works fine. , but my ssl doesnt. But at the moment, thats not a primary concern/major requirement. Also, is there a way to set the smtpgreeting / me mentioned from with the supervise/qmail-smtpd/run file itself ? Cause having 2 instances of qmail-smtpd on 2 different ip's, i would like to change the smtpgreeting on each to match the right server/host doing the job. Also, perhaps the site should mention all the variables/files which are affected with each patch (group by patch). That way users will know how to use the addl patches quickly. Satish Lampa wrote, On 2007-12-30 1:32 AM: If you are using shupp toaster, use shupp's howto http://www.shupp.org/toaster/. Which seems using new version (0.9.1). in netqmail 1.06 aren't any significant changes (there is need to patch base qmail-1.03 and contains already error.h patch) So my suggestion is start from clean with shupp toaster. 2007/12/29, Satish Alwani [EMAIL PROTECTED]: So do you think i should recompile once again using the latest patches? im using the old patches with netqmail-1.06 and updated chkuser. Considering its a crazy hybrid system, would appreciate your input on suggestions Satish Lampa wrote, On 2007-12-30 1:11 AM: Hmm, little weird. i'm using http://www.shupp.org/patches/qmail-toaster-0.9.1.patch.bz2 eg patch 0.9.1. on main patch is link to older version but on http://www.shupp.org/toaster/?page=gettingstarted is to the newer version (0.9.1) To Shupp: please update main page to point to latest patch version. 2007/12/29, Satish Alwani [EMAIL PROTECTED]: actually i see the problem. the patch is of 2.0.8, you need 2.0.9 to make it work. I had to go to http://www.interazioni.it/opensource/chkuser/ and get the latest update tarball. After that it seems to be working. This seems to have fixed the problem. Perhaps we can move the 2.0.9 patch into the big patch? and update the readme for netqmail-1.06 now ? Regards, Satish Lampa wrote, On 2007-12-30 12:32 AM: Hello, in log is something ? Relayclient is not set, because if is set user can sent email? -- Lampa
Re: [toaster] SMTP AUTH and authenticated sender
On 8/3/07, Bill Shupp [EMAIL PROTECTED] wrote: On Aug 2, 2007, at 8:54 PM, Muhammad Mukmin Pattikraton wrote: Hello, I know when someone has authenticated via SMTP AUTH mechanism, he or she can send email with whatever sender address. My question, is there a way to restrict the sender address with the address that being used to authenticate ? Or at least restrict the domain. Any help would be appreciated. Thank you. /var/qmail/control/badmailto man -M /var/qmail/man qmail-smtpd Regards, Bill Ok, I've read the documentation about badmailto but (please correct me if i'm wrong) it's used to reject email with recipient address' listed in it. My problem is ... Let's say Mr. Foo has an account [EMAIL PROTECTED] in Mail System A with SMTP AUTH verification and vpopmail. When Mr. Foo has succeeded to authenticate with [EMAIL PROTECTED] and password *** , I want him can only send email with sender address [EMAIL PROTECTED] And when he tries to use sender address [EMAIL PROTECTED] when he had authenticated with [EMAIL PROTECTED], the system will reject to relay so he could not fake the sender address. Is that possible to do that ? Any help would be appreciated. Thank you.
Re: [toaster] SMTP AUTH and authenticated sender
On Aug 3, 2007, at 5:28 AM, Muhammad Mukmin Pattikraton wrote: On 8/3/07, Bill Shupp [EMAIL PROTECTED] wrote: On Aug 2, 2007, at 8:54 PM, Muhammad Mukmin Pattikraton wrote: Hello, I know when someone has authenticated via SMTP AUTH mechanism, he or she can send email with whatever sender address. My question, is there a way to restrict the sender address with the address that being used to authenticate ? Or at least restrict the domain. Any help would be appreciated. Thank you. /var/qmail/control/badmailto man -M /var/qmail/man qmail-smtpd Regards, Bill Ok, I've read the documentation about badmailto but (please correct me if i'm wrong) it's used to reject email with recipient address' listed in it. My problem is ... Let's say Mr. Foo has an account [EMAIL PROTECTED] in Mail System A with SMTP AUTH verification and vpopmail. When Mr. Foo has succeeded to authenticate with [EMAIL PROTECTED] and password *** , I want him can only send email with sender address [EMAIL PROTECTED] And when he tries to use sender address [EMAIL PROTECTED] when he had authenticated with [EMAIL PROTECTED], the system will reject to relay so he could not fake the sender address. Is that possible to do that ? Any help would be appreciated. Thank you. Sorry, I misread your query. I'm not aware of how to do what you need. However, the authenticated user will be embedded in the headers. So it's not completely forged. Bill
Re: [toaster] SMTP AUTH and authenticated sender
On Aug 2, 2007, at 8:54 PM, Muhammad Mukmin Pattikraton wrote: Hello, I know when someone has authenticated via SMTP AUTH mechanism, he or she can send email with whatever sender address. My question, is there a way to restrict the sender address with the address that being used to authenticate ? Or at least restrict the domain. Any help would be appreciated. Thank you. /var/qmail/control/badmailto man -M /var/qmail/man qmail-smtpd Regards, Bill
[toaster] smtp auth
Hello, i've problem with smtp authorization tls works ok, non crypted (non tls/ssl) doesn't work,it returns 535 authentication failed (#5.7.1) but more strange is that it doesn't works only on few computers (tested in outlook there is ok second outlook got error). tested in kmail too (tls works ok, non tls doesn't) Any advices ? Thank you. Lampa
[toaster] smtp-auth
Hi, How do I test the smtp-auth ? I do seem to have been running smtp-auth, but now my servere rejects me when I try :( Sincerely Max smime.p7s Description: S/MIME Cryptographic Signature
Re: [toaster] smtp-auth
Max Andersen wrote: Hi, How do I test the smtp-auth ? I do seem to have been running smtp-auth, but now my servere rejects me when I try :( I've dug a bit deeper and see this: when connecting from the lan I get the following: [EMAIL PROTECTED] root]# telnet linux01.netformidling.dk 25 Trying local ip... Connected to linux01.netformidling.dk. Escape character is '^]'. 220 linux01.netformidling.dk ESMTP ehlo test 250-linux01.netformidling.dk 250-STARTTLS 250-PIPELINING 250-8BITMIME 250-SIZE 0 250 AUTH LOGIN PLAIN CRAM-MD5 but when connecting from wan, i get this : [EMAIL PROTECTED]:~$ telnet linux01.netformidling.dk 25 Trying wan ip... Connected to linux01.netformidling.dk. Escape character is '^]'. 220 linux01.netformidling.dk ESMTP ehlo test 502 sincerely Max smime.p7s Description: S/MIME Cryptographic Signature
Re: [toaster] smtp-auth
On Tue, 11 Apr 2006 16:19:51 +0200 Max Andersen [EMAIL PROTECTED] wrote: [EMAIL PROTECTED]:~$ telnet linux01.netformidling.dk 25 Trying wan ip... Connected to linux01.netformidling.dk. Escape character is '^]'. 220 linux01.netformidling.dk ESMTP ehlo test 502 Do you have another SMTP proxy in front of your system? That proxy probably does not implement some SMTP extensions. -- Adrian Pircalabu -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://www.bitdefender.com/
Re: [toaster] smtp-auth
Adi Pircalabu wrote: Do you have another SMTP proxy in front of your system? That proxy probably does not implement some SMTP extensions. I've just investigated, and My cisco 806 at home does not have the fixup smtp configuration, and the router is all that is between me and the mailserver. But I just noticed that there is another kind of packet inspection on the 806 router that an ordinary pix, so it seems that this : ip inspect name Ethernet_1 smtp could be the sinner in the cisco config. I will try and remove it to see if it helps. Any success will be reported for the archives. Thank you for your response. Sincerely Max smime.p7s Description: S/MIME Cryptographic Signature
Re: [toaster] smtp-auth
Max Andersen wrote: Adi Pircalabu wrote: Do you have another SMTP proxy in front of your system? That proxy probably does not implement some SMTP extensions. The cisco box was the reason. removed the fixup smtp or similar did the job. Sincerely Max smime.p7s Description: S/MIME Cryptographic Signature
[toaster] SMTP AUTH: Setting TCPREMOTEINFO for an IP can release it from smtp authentication?
Hi guys, I enabled SMTP authentication in my qmail-toaster server and it's working fine. But I need to allow one machine (say, ip: 192.168.0.4) to send emails without authenticating. I read that when a SMTP connection was successfully authenticated, the environment variable TCPREMOTEINFO is set to the user name that authenticated. My question is, if I set TCPREMOTEINFO in my tcprules for that machine, will it release the machine from authentication? Will qmail-smtpd unset this variable if the user didn't authenticate? Thank you, Bruno Negrao Analista de Suporte Engepel Teleinformática LTDA 31 34812311 Belo Horizonte - MG. Brasil
Re: [toaster] SMTP AUTH: Setting TCPREMOTEINFO for an IP can release it from smtp authentication?
Ok, setting TCPREMOTEINFO in tcp.smtp file works. bnegrao. - Original Message - From: Bruno Negrao [EMAIL PROTECTED] To: toaster@shupp.org Sent: Friday, January 20, 2006 1:44 PM Subject: [toaster] SMTP AUTH: Setting TCPREMOTEINFO for an IP can release it from smtp authentication? Hi guys, I enabled SMTP authentication in my qmail-toaster server and it's working fine. But I need to allow one machine (say, ip: 192.168.0.4) to send emails without authenticating. I read that when a SMTP connection was successfully authenticated, the environment variable TCPREMOTEINFO is set to the user name that authenticated. My question is, if I set TCPREMOTEINFO in my tcprules for that machine, will it release the machine from authentication? Will qmail-smtpd unset this variable if the user didn't authenticate? Thank you, Bruno Negrao Analista de Suporte Engepel Teleinformática LTDA 31 34812311 Belo Horizonte - MG. Brasil
Re: [toaster] smtp-auth
On Mon, 2006-01-16 at 19:57 +0800, aim mix wrote: Greetings, can someone explain to me why ? my /var/qmail/supervise/qmail-smtpd/run ... /var/qmail/bin/qmail-smtpd HOSTNAME \ /home/vpopmail/bin/vchkpw /bin/true 21 ... if the word HOSTNAME there the smtp-auth won't work. it must be blank then the smtp-auth will work. i don't know why. Because it shouldnt be there. Try something like this instead. #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` HOSTNAME=`hostname -f` /usr/local/bin/tcpserver -vRD -l $HOSTNAME -c 20 -x /home/vpopmail/etc/tcp.smtp.cdb -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd -t5 -b -C -r dnsbl.sorbs.net -r sbl-xbl.spamhaus.org -r list.dsbl.org -r relays.ordb.org \ -r bl.spamcop.net -r multihop.dsbl.org -r combined.njabl.org \ /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true 21
Re: [toaster] smtp-auth
thanks bill. In my tcp.smtp 127.:allow,RELAYCLIENT= xx.xx.xx.xx:allow,RELAYCLIENT=,RBLSMTPD=,QMAILQUEUE=/var/qmail/bin/simscan :allow,QMAILQUEUE=/var/qmail/bin/simscan where xx.xx.xx.xx is my ip address, do i need to remove my ip address in order to make smtp-auth work ? In my /var/qmail/supervise/qmail-smtpd/run (run file) #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 4000 \ /usr/local/bin/tcpserver -v -H -R -l 0 \ -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd -b -C \ -r relays.ordb.org \ -r sbl.spamhaus.org \ -r bl.spamcop.net \ -r or.orbl.org \ -r blackholes.mail-abuse.org \ -t 5 \ /var/qmail/bin/qmail-smtpd --smtp \ /home/vpopmail/bin/vchkpw /bin/true 21 the word --smtp do i need to change the word smtp there or can put my hostname ? Thats All. Thanks in advance. Regards, Aimmix On 1/6/06, Bill Shupp [EMAIL PROTECTED] wrote: aim mix wrote: Greetings all, hi, i need to know how to do smtp-auth based on shupp toaster. in the frontpage, To do SMTP-AUTH, and chkuser, you need to run qmail-smtpd as user vpopmail, group vchkpw if you plan on using this with vpopmail (the certificates are chowned vpopmail for this reason). is it need to reconfigure vpopmail to --disable-roaming-users ? coz, i compile vpopmail with --enable-roaming-users.No, you can use both roaming-users and SMTP-AUTH at the same time. Regards,Bill
Re: [toaster] smtp-auth
aim mix wrote: thanks bill. In my tcp.smtp 127.:allow,RELAYCLIENT= xx.xx.xx.xx:allow,RELAYCLIENT=,RBLSMTPD=,QMAILQUEUE=/var/qmail/bin/simscan :allow,QMAILQUEUE=/var/qmail/bin/simscan where xx.xx.xx.xx is my ip address, do i need to remove my ip address in order to make smtp-auth work ? All SMTP-AUTH does is set RELAYCLIENT for the remainder of the SMTP session. Setting RELAYCLIENT in the rule above does this before the conversation starts, so SMTP-AUTH is not even needed. If you want SMTP-AUTH to be useful, don't set a RELAYCLIENT rule. Regards, Bill
Re: [toaster] smtp-auth
aim mix wrote: Greetings all, hi, i need to know how to do smtp-auth based on shupp toaster. in the frontpage, To do SMTP-AUTH, and chkuser, you need to run qmail-smtpd as user vpopmail, group vchkpw if you plan on using this with vpopmail (the certificates are chowned vpopmail for this reason). is it need to reconfigure vpopmail to --disable-roaming-users ? coz, i compile vpopmail with --enable-roaming-users. No, you can use both roaming-users and SMTP-AUTH at the same time. Regards, Bill
Re: [toaster] SMTP-AUTH before rblsmtpd
Hi, i solved this by installing another qmail without rblsmtp on another ip-adress at the same host using vserver. the second on use mysql-tables from master and so it's up2date. regards rene Erki-Kiss Zsolt schrieb: What is the best way to use SMTP-AUTH and tcpserver's reverse DNS checking and rblsmtpd? I want to allow users with SMTP-AUTH from addresses that are in rbl lists or no reverse DNS entry. I dont want to bind another qmail-smtpd to another port than 25. I have a lot of users, that dont understand this change.
Re: [toaster] SMTP-AUTH before rblsmtpd
Erki-Kiss Zsolt wrote: What is the best way to use SMTP-AUTH and tcpserver's reverse DNS checking and rblsmtpd? I want to allow users with SMTP-AUTH from addresses that are in rbl lists or no reverse DNS entry. I dont want to bind another qmail-smtpd to another port than 25. I have a lot of users, that dont understand this change. If you know the IP that you do NOT want rblsmtpd to look up, Just set the environment correctly like so: 192.168.1.5:allow,RBLSMTPD= If RBLSMTPD is set to , then rblsmtpd does NOT perform lookups for that IP. Regards, Bill
Re: [toaster] SMTP-AUTH before rblsmtpd
On Tue, Dec 13, 2005 at 12:29:02PM +0100, rene marticke wrote: i solved this by installing another qmail without rblsmtp on another ip-adress at the same host using vserver. the second on use mysql-tables from master and so it's up2date. Hm, http://linux-vserver.org/ sounds great! But yet it is most desirable that if simscan can check reverse dns and rbl lists after smtp auth level. Of course it is not suitable for all cases... I just thinking. -- Erki-Kiss Zsolt
Re: [toaster] SMTP-AUTH not working...
On 9/25/05, Jason (AMD_) [EMAIL PROTECTED] wrote: Good Evening Bill, Still having my smtp auth problem here :( I just got done doing a complete reinstall of vpopmail and qmail using your guide and it still won't work. The weird thing is that I am getting this error when tryingto do a manual SMTP 'AUTH LOGIN' (after i enter my username and password (base64 encoded)): 454 oops, unable to write pipe and I can't auth (#4.3.0) Any ideas? -- HP On 9/24/05, Jason (AMD_) [EMAIL PROTECTED] wrote: Bill, I just looked in my logs and saw this: vchkpw-smtp: vpopmail user not found [EMAILADDY]:[IPADDY] The email address is correct though. Authentication via pop3d works fine with it. It's like the smtp auth isn't looking up the password in MySQL's db or something??? -- HP On 9/24/05, Jason (AMD_) [EMAIL PROTECTED] wrote: Hi Bill, Thanks for the quick response. It was running as root:qmail but I changed it to vpopmail:vchkpw and restarted the services but it still won't work :( The weird thing is it's even making me authenticate (or try to authenticate) when sending to local domains as well. -- HP On 9/24/05, Bill Shupp [EMAIL PROTECTED] wrote: Jason (AMD_) wrote: Hi, Let me first say what an awesome resource this is :) Thanks! Now then, I've got a working toaster install EXCEPT for smtp-auth. Here is my qmail-smtpd/run file: exec softlimit -m 1000 \ tcpserver -v -H -R -l 0 \ -x /var/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ recordio /var/qmail/bin/qmail-smtpd /var/vpopmail/bin/vchkpw /bin/true 21 Of course, the variables are good, and recordio is only in there for diagnosing this problem. The problem is I can POP mail using vpopmail (using MySQL), but can't send mail to remote domains by logging in. It keeps prompting me for the username and password (as if they are wrong). I've recompile qmail from scratch and it still wont work. I've recompiled vpopmail thinking it was a corrupt install but still nothing. Can anyone see anything wrong with my run file, or at least help me in finding the problem? Below is my log of the smtp-auth attempt: @40004335f426301040ac tcpserver: status: 0/20 @40004335f48f23a632a4 tcpserver: status: 1/20 @40004335f48f23a64a14 tcpserver: pid 9565 from REMOTEIP @40004335f48f23a655cc tcpserver: ok 9565 0:SERVERIP :REMOTEIP::50665 40004335f48f23b68e24 9565 220 DOMAIN ESMTP 40004335f48f266dc6b4 9565 EHLO froogy 40004335f48f266f2a2c 9565 250-DOMAIN 40004335f48f266f64c4 9565 250-PIPELINING 40004335f48f266f93a4 9565 250-8BITMIME 40004335f48f266fbe9c 9565 250-SIZE 1000 40004335f48f2670d7dc 9565 250 AUTH LOGIN PLAIN CRAM-MD5 40004335f48f2938ecd4 9565 AUTH LOGIN 40004335f48f2939b024 9565 334 VXNlcm5hbWU6 40004335f48f2bee0a54 9565 64 BIT HASH 40004335f48f2bee9ec4 9565 334 UGFzc3dvcmQ6 40004335f48f2ea644b4 9565 64 BIT HASH 40004335f4942edf1b7c 9565 535 authentication failed (#5.7.1) @40004335f4943198e064 9565 [EOF] @40004335f494319ac8ac 9565 [EOF] @40004335f494319ad07c tcpserver: end 9565 status 256 Thanks for the help! What user is qmail-smtpd running as? It should be vpopmail:vchkpw Bill One step I would do is turn on mysql logging and watch the select statements that are executed when you try to authenticate - make sure everything looks good there and keep troubleshooting. If you followed the toaster exactly, it should just 'work' - I noticed in your previous post that you were specifying CRAM_MD5 as your login type - do you have clear text passwords in your vpopmail database ? If not, CRAM_MD5 won't work. Try AUTH PLAIN -- Jason [EMAIL PROTECTED]
Re: [toaster] SMTP-AUTH not working...
Hi Jason, Thanks for the suggesstion about logging for MySQL. I will give that a try. Yes, i did try using AUTH PLAIN and it too doesn't work. I also compiled vpopmail with clear passwords as well. Just as a test, i recompiled vpopmail with roaming-users on, and it works fine. BUT if I enable the 'My outgoing server requires authentication' for my email client, it of course doesn't work. So it has something to do with the smtp-auth code, or at least the integration of the vchkpw utility and qmail-smtpd. Keep the suggesstions and help coming! :) -- HP On 9/25/05, Jason S [EMAIL PROTECTED] wrote: On 9/25/05, Jason (AMD_) [EMAIL PROTECTED] wrote: Good Evening Bill, Still having my smtp auth problem here :( I just got done doing a complete reinstall of vpopmail and qmail using your guide and it still won't work. The weird thing is that I am getting this error when tryingto do a manual SMTP 'AUTH LOGIN' (after i enter my username and password (base64 encoded)): 454 oops, unable to write pipe and I can't auth (#4.3.0) Any ideas? -- HP On 9/24/05, Jason (AMD_) [EMAIL PROTECTED] wrote: Bill, I just looked in my logs and saw this: vchkpw-smtp: vpopmail user not found [EMAILADDY]:[IPADDY] The email address is correct though. Authentication via pop3d works fine with it. It's like the smtp auth isn't looking up the password in MySQL's db or something??? -- HP On 9/24/05, Jason (AMD_) [EMAIL PROTECTED] wrote: Hi Bill, Thanks for the quick response. It was running as root:qmail but I changed it to vpopmail:vchkpw and restarted the services but it still won't work :( The weird thing is it's even making me authenticate (or try to authenticate) when sending to local domains as well. -- HP On 9/24/05, Bill Shupp [EMAIL PROTECTED] wrote: Jason (AMD_) wrote: Hi, Let me first say what an awesome resource this is :) Thanks! Now then, I've got a working toaster install EXCEPT for smtp-auth. Here is my qmail-smtpd/run file: exec softlimit -m 1000 \ tcpserver -v -H -R -l 0 \ -x /var/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ recordio /var/qmail/bin/qmail-smtpd /var/vpopmail/bin/vchkpw /bin/true 21 Of course, the variables are good, and recordio is only in there for diagnosing this problem. The problem is I can POP mail using vpopmail (using MySQL), but can't send mail to remote domains by logging in. It keeps prompting me for the username and password (as if they are wrong). I've recompile qmail from scratch and it still wont work. I've recompiled vpopmail thinking it was a corrupt install but still nothing. Can anyone see anything wrong with my run file, or at least help me in finding the problem? Below is my log of the smtp-auth attempt: @40004335f426301040ac tcpserver: status: 0/20 @40004335f48f23a632a4 tcpserver: status: 1/20 @40004335f48f23a64a14 tcpserver: pid 9565 from REMOTEIP @40004335f48f23a655cc tcpserver: ok 9565 0:SERVERIP :REMOTEIP::50665 40004335f48f23b68e24 9565 220 DOMAIN ESMTP 40004335f48f266dc6b4 9565 EHLO froogy 40004335f48f266f2a2c 9565 250-DOMAIN 40004335f48f266f64c4 9565 250-PIPELINING 40004335f48f266f93a4 9565 250-8BITMIME 40004335f48f266fbe9c 9565 250-SIZE 1000 40004335f48f2670d7dc 9565 250 AUTH LOGIN PLAIN CRAM-MD5 40004335f48f2938ecd4 9565 AUTH LOGIN 40004335f48f2939b024 9565 334 VXNlcm5hbWU6 40004335f48f2bee0a54 9565 64 BIT HASH 40004335f48f2bee9ec4 9565 334 UGFzc3dvcmQ6 40004335f48f2ea644b4 9565 64 BIT HASH 40004335f4942edf1b7c 9565 535 authentication failed (#5.7.1) @40004335f4943198e064 9565 [EOF] @40004335f494319ac8ac 9565 [EOF] @40004335f494319ad07c tcpserver: end 9565 status 256 Thanks for the help! What user is qmail-smtpd running as? It should be vpopmail:vchkpw Bill One step I would do is turn on mysql logging and watch the select statements that are executed when you try to authenticate - make sure everything looks good there and keep troubleshooting. If you followed the toaster exactly, it should just 'work' - I noticed in your previous post that you were specifying CRAM_MD5 as your login type - do you have clear text passwords in your vpopmail database ? If not, CRAM_MD5 won't work. Try AUTH PLAIN -- Jason [EMAIL PROTECTED]
Re: [toaster] SMTP-AUTH not working...
Jason (AMD_) wrote: Hi, Let me first say what an awesome resource this is :) Thanks! Now then, I've got a working toaster install EXCEPT for smtp-auth. Here is my qmail-smtpd/run file: exec softlimit -m 1000 \ tcpserver -v -H -R -l 0 \ -x /var/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ recordio /var/qmail/bin/qmail-smtpd /var/vpopmail/bin/vchkpw /bin/true 21 Of course, the variables are good, and recordio is only in there for diagnosing this problem. The problem is I can POP mail using vpopmail (using MySQL), but can't send mail to remote domains by logging in. It keeps prompting me for the username and password (as if they are wrong). I've recompile qmail from scratch and it still wont work. I've recompiled vpopmail thinking it was a corrupt install but still nothing. Can anyone see anything wrong with my run file, or at least help me in finding the problem? Below is my log of the smtp-auth attempt: @40004335f426301040ac tcpserver: status: 0/20 @40004335f48f23a632a4 tcpserver: status: 1/20 @40004335f48f23a64a14 tcpserver: pid 9565 from REMOTEIP @40004335f48f23a655cc tcpserver: ok 9565 0:SERVERIP :REMOTEIP::50665 40004335f48f23b68e24 9565 220 DOMAIN ESMTP 40004335f48f266dc6b4 9565 EHLO froogy 40004335f48f266f2a2c 9565 250-DOMAIN 40004335f48f266f64c4 9565 250-PIPELINING 40004335f48f266f93a4 9565 250-8BITMIME 40004335f48f266fbe9c 9565 250-SIZE 1000 40004335f48f2670d7dc 9565 250 AUTH LOGIN PLAIN CRAM-MD5 40004335f48f2938ecd4 9565 AUTH LOGIN 40004335f48f2939b024 9565 334 VXNlcm5hbWU6 40004335f48f2bee0a54 9565 64 BIT HASH 40004335f48f2bee9ec4 9565 334 UGFzc3dvcmQ6 40004335f48f2ea644b4 9565 64 BIT HASH 40004335f4942edf1b7c 9565 535 authentication failed (#5.7.1) @40004335f4943198e064 9565 [EOF] @40004335f494319ac8ac 9565 [EOF] @40004335f494319ad07c tcpserver: end 9565 status 256 Thanks for the help! What user is qmail-smtpd running as? It should be vpopmail:vchkpw Bill
Re: [toaster] SMTP-AUTH not working...
Hi Bill, Thanks for the quick response. It was running as root:qmail but I changed it to vpopmail:vchkpw and restarted the services but it still won't work :( The weird thing is it's even making me authenticate (or try to authenticate) when sending to local domains as well. -- HP On 9/24/05, Bill Shupp [EMAIL PROTECTED] wrote: Jason (AMD_) wrote: Hi, Let me first say what an awesome resource this is :) Thanks! Now then, I've got a working toaster install EXCEPT for smtp-auth. Here is my qmail-smtpd/run file: exec softlimit -m 1000 \ tcpserver -v -H -R -l 0 \ -x /var/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ recordio /var/qmail/bin/qmail-smtpd /var/vpopmail/bin/vchkpw /bin/true 21 Of course, the variables are good, and recordio is only in there for diagnosing this problem. The problem is I can POP mail using vpopmail (using MySQL), but can't send mail to remote domains by logging in. It keeps prompting me for the username and password (as if they are wrong). I've recompile qmail from scratch and it still wont work. I've recompiled vpopmail thinking it was a corrupt install but still nothing. Can anyone see anything wrong with my run file, or at least help me in finding the problem? Below is my log of the smtp-auth attempt: @40004335f426301040ac tcpserver: status: 0/20 @40004335f48f23a632a4 tcpserver: status: 1/20 @40004335f48f23a64a14 tcpserver: pid 9565 from REMOTEIP @40004335f48f23a655cc tcpserver: ok 9565 0:SERVERIP :REMOTEIP::50665 40004335f48f23b68e24 9565 220 DOMAIN ESMTP 40004335f48f266dc6b4 9565 EHLO froogy 40004335f48f266f2a2c 9565 250-DOMAIN 40004335f48f266f64c4 9565 250-PIPELINING 40004335f48f266f93a4 9565 250-8BITMIME 40004335f48f266fbe9c 9565 250-SIZE 1000 40004335f48f2670d7dc 9565 250 AUTH LOGIN PLAIN CRAM-MD5 40004335f48f2938ecd4 9565 AUTH LOGIN 40004335f48f2939b024 9565 334 VXNlcm5hbWU6 40004335f48f2bee0a54 9565 64 BIT HASH 40004335f48f2bee9ec4 9565 334 UGFzc3dvcmQ6 40004335f48f2ea644b4 9565 64 BIT HASH 40004335f4942edf1b7c 9565 535 authentication failed (#5.7.1) @40004335f4943198e064 9565 [EOF] @40004335f494319ac8ac 9565 [EOF] @40004335f494319ad07c tcpserver: end 9565 status 256 Thanks for the help! What user is qmail-smtpd running as? It should be vpopmail:vchkpw Bill
[toaster] Smtp auth with qmail-remote
Hi, I want to add the qmail-authentication-0.6.4 patch to thetoaster. because i want to relay mailto authenticated server.Just now its with theqmail-smtpd-auth-0.5.7 patch Is there any way we can include thistoaster Thanks in advance
[toaster] SMTP Auth problem
Hi all, I have successfully installed the Toaster from shupp.org, and it works fine and do authenticate well. but it also accept sending without authentication ! and this is what I want not to happen. Through telnet 192.168.1.x 25 I can skip the AUTH process and immediatly issue MAIL FROM: [EMAIL PROTECTED]. Also i am mad because i do not want [EMAIL PROTECTED] be used, I just want to accept the from from my domains only. Any help to guide me to implement these tow isses. Thanks , Dimsh __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [toaster] SMTP Auth problem
On Tue, 2005-08-30 at 00:23 -0700, Dimsh wrote: Hi all, I have successfully installed the Toaster from shupp.org, and it works fine and do authenticate well. but it also accept sending without authentication ! and this is what I want not to happen. Through telnet 192.168.1.x 25 I can skip the AUTH process and immediatly issue MAIL FROM: [EMAIL PROTECTED]. Also i am mad because i do not want [EMAIL PROTECTED] be used, I just want to accept the from from my domains only. Any help to guide me to implement these tow isses. Did you add anything to the tcp.smtp file?
Re: [toaster] SMTP Auth problem
tcp.smtp have the following 3 lines: 127.:allow,RELAYCLIENT= 192.168.1.:allow,RELAYCLIENT= qmailctl cdb --- Shane Chrisp [EMAIL PROTECTED] wrote: Did you add anything to the tcp.smtp file? Dimsh __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [toaster] SMTP Auth problem
Thanks Shane. The message is sent from telnet or outlook without errors BUT it Did arrive to its destination when sending from outlook (from: [EMAIL PROTECTED] no smtp auth) but did not arrive when sending through telnet... why is this behaviour ? --- Shane Chrisp [EMAIL PROTECTED] wrote: On Tue, 2005-08-30 at 00:26 -0700, Dimsh wrote: tcp.smtp have the following 3 lines: 127.:allow,RELAYCLIENT= 192.168.1.:allow,RELAYCLIENT= qmailctl cdb 192.168.1.:allow,RELAYCLIENT= That is why your able to relay without Auth. Its bypassing the smtpauth and setting the RELAYCLIENT when you connect. If you take that out and rebuild the file, it will require you to auth. Shane Dimsh Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Re: [toaster] SMTP Auth problem
On Tue, 2005-08-30 at 00:42 -0700, Dimsh wrote: Thanks Shane. The message is sent from telnet or outlook without errors BUT it Did arrive to its destination when sending from outlook (from: [EMAIL PROTECTED] no smtp auth) but did not arrive when sending through telnet... why is this behaviour ? If the domain is on the server, then it will be accepted regardless. If your meaning something else, you will need to be a bit more specif as I dont understand quite what your asking. Shane
Re: [toaster] smtp-auth
yeah, this is correct, i use a empf patch to force authentication, in local domains http://www.inter7.com/?page=empf Em Ter, 2005-07-26 às 14:00 -0300, Carlos Cesario escreveu: Hi peoples I'm testing smtp-auth and I don't understand thing. I have 2 virtual doamins and when I send mail to theses domains the smtp-auth isn't required, only to external domains the smtp-auth is required. This is correct ? Exists any mode to enable smtp-auth for all domains also the my virtuals domains!? greats Carlos -- ___ Pruonckk le Punk UIN: 165399143 MSN: [EMAIL PROTECTED] /home /docs /fotos: http://www.pruonckk.org _ Liberdade, Igualdade, Respeito __
[toaster] smtp-auth
Hi peoples I'm testing smtp-auth and I don't understand thing. I have 2 virtual doamins and when I send mail to theses domains the smtp-auth isn't required, only to external domains the smtp-auth is required. This is correct ? Exists any mode to enable smtp-auth for all domains also the my virtuals domains!? greats Carlos signature.asc Description: This is a digitally signed message part
Re: [toaster] SMTP AUTH problem
PS: I also have this line in /var/log/maillog May 16 20:56:23 blue vpopmail[22654]: vchkpw-smtp: vpopmail user not found nick@:127.0.0.1 ..which implies that perhaps it's only looking for vpopmail users rather than /etc/passwd users. I would like it to work for /etc/passwd users only, or both - whichever is easier. Thanks!
Re: [toaster] SMTP AUTH problem
Nick Gilbert wrote: PS: I also have this line in /var/log/maillog May 16 20:56:23 blue vpopmail[22654]: vchkpw-smtp: vpopmail user not found nick@:127.0.0.1 ..which implies that perhaps it's only looking for vpopmail users rather than /etc/passwd users. I would like it to work for /etc/passwd users only, or both - whichever is easier. Exactly. Your qmail-smtpd/run file is calling vchkpw as for doing smtp-auth. You should use DJB's checkpasswd program, located here: http://cr.yp.to/checkpwd.html I don't recall if it is installed setuid root or not.. check the documentation about what user qmail-smtpd should run as (the toaster has you runnign as vpopmail:vchkpw, which might not work for this situation). Regards, Bill
Re: [toaster] SMTP-AUTH and --enable-roaming-users
On Tue, 8 Mar 2005, Bill Shupp wrote: Abel Lucano wrote: Hi there, scenario: netqmail 1.05 plus SMTP-AUTH Bill Shupp's patch vpopmail-5.4.8 compiled with just --enable-logging=v Many MAC's mua clients claims that they're unable to Send email smtp-authenticated; I've noticed that these email clients (Entourage mainly) makes APOP auth. Maybe SMTP-AUTH (MD5-CRAM o plain text) doesn't like encrypted password like APOP? The only provisory workaround seems to compile vpopmail with --enable-roaming-users but I'm concerned about this because it seems to enable two ways to open my qmail... Do I worry about this or it could be a right configuration? thanks in advance for your advice I know CRAM-MD5 works fine with at least Thunderbird, the OS X client I use. And back when I used Mail.app, it worked fine, I believe with APOP. Regards, Bill Thanks Bill for your quick answer, Entourage 9 (10) at least seems doesn't like SMTP-AUTH to enable relay. My provisory workaround is recompile toaster's vpopmail with --enable-roaming-users I'm concerned about this scheme: is it just un-elegant (smtp-auth plus --enable-roaming) or maybe could be a source of problems (open relays, etc)?? best regards, --Abel
Re: [toaster] SMTP-AUTH and --enable-roaming-users
Abel Lucano wrote: On Tue, 8 Mar 2005, Bill Shupp wrote: Thanks Bill for your quick answer, Entourage 9 (10) at least seems doesn't like SMTP-AUTH to enable relay. My provisory workaround is recompile toaster's vpopmail with --enable-roaming-users I'm concerned about this scheme: is it just un-elegant (smtp-auth plus --enable-roaming) or maybe could be a source of problems (open relays, etc)?? best regards, --Abel If it were me, I'd tell them to change mail clients. All modern mail clients should support smtp-auth properly, even cram-md5. If they refuse, and you don't want to lose them, one other option is to turn on roaming users, but disable it as the default in vlimits.default, and turn it on only for that domain or user. Regards, Bill
[toaster] SMTP-AUTH and --enable-roaming-users
Hi there, scenario: netqmail 1.05 plus SMTP-AUTH Bill Shupp's patch vpopmail-5.4.8 compiled with just --enable-logging=v Many MAC's mua clients claims that they're unable to Send email smtp-authenticated; I've noticed that these email clients (Entourage mainly) makes APOP auth. Maybe SMTP-AUTH (MD5-CRAM o plain text) doesn't like encrypted password like APOP? The only provisory workaround seems to compile vpopmail with --enable-roaming-users but I'm concerned about this because it seems to enable two ways to open my qmail... Do I worry about this or it could be a right configuration? thanks in advance for your advice --Abel
Re: [toaster] SMTP-AUTH and --enable-roaming-users
Abel Lucano wrote: Hi there, scenario: netqmail 1.05 plus SMTP-AUTH Bill Shupp's patch vpopmail-5.4.8 compiled with just --enable-logging=v Many MAC's mua clients claims that they're unable to Send email smtp-authenticated; I've noticed that these email clients (Entourage mainly) makes APOP auth. Maybe SMTP-AUTH (MD5-CRAM o plain text) doesn't like encrypted password like APOP? The only provisory workaround seems to compile vpopmail with --enable-roaming-users but I'm concerned about this because it seems to enable two ways to open my qmail... Do I worry about this or it could be a right configuration? thanks in advance for your advice I know CRAM-MD5 works fine with at least Thunderbird, the OS X client I use. And back when I used Mail.app, it worked fine, I believe with APOP. Regards, Bill
[toaster] SMTP-AUTH + simscan
I installed the toaster on a test server and noticed that mail coming from authenticated users is not scanned by simscan. I would like to scan all outgoing mail for viruses even from authenticated users. Is it possible to modify the SMTP-AUTH patch to scan outgoing messages with simscan or qmail-scanner? Rick Shropshire
RE: [toaster] SMTP Auth Doesn't work ??
Tom, Thanx a lot!! Your answer is correct, i have a PIX and they have rewriting the SMTP session. Sincery, thank you! (please, excuse my poor english) -Mensaje original- De: Tom Collins [mailto:[EMAIL PROTECTED] Enviado el: divendres, 4 / febrer / 2005 16:29 Para: toaster@shupp.org Asunto: Re: [toaster] SMTP Auth Doesn't work ?? On Feb 4, 2005, at 6:19 AM, David wrote: At the 127.0.0.1 and in the DMZ looks: 220 DOMAIN ESMTP But out looks: 220 It's normal? No. This has come up before though, on this list last November, here's the answer: http://www.mail-archive.com/toaster@shupp.org/msg01905.html You have a firewall (Cisco PIX or F5 Big IP) that is rewriting the SMTP session. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [toaster] SMTP Auth Doesn't work ??
On Feb 4, 2005, at 6:19 AM, David wrote: At the 127.0.0.1 and in the DMZ looks: 220 DOMAIN ESMTP But out looks: 220 Its normal? No. This has come up before though, on this list last November, here's the answer: http://www.mail-archive.com/toaster@shupp.org/msg01905.html You have a firewall (Cisco PIX or F5 Big IP) that is rewriting the SMTP session. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
[toaster] SMTP Auth Doesn't work ??
Hello, First, excuse my poor English. I have a problem with the SMTP AUTH. I think that Ckkuser is not working properly. I send an email from the same IP segment and no problems. CHKUSER relaying rcpt: from any_existing_mail:any_existing_mail: remote david:unknown::Origin_IP rcpt EMAIL_DESTINO : client allowed to relay CHKUSER rejected relaying: from any_existing_mail:: remote servermail:unknown:Origin_IP rcpt EMAIL_DESTINO : client not allowed to relay What's wrong? Why the first chkuser is any_existing_mail:any_existing_mail: and the second any_existing_mail:: ? The email client responds in the first case: Respuesta del servidor: '553 sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3 - chkuser)', Puerto: 25, Seguridad (SSL): No, Error de servidor: 553, Número de error: 0x800CCC79 Configuration: tcp.smtp 127.:allow,RELAYCLIENT= :allow,QMAILQUEUE=/var/qmail/bin/simscan qmail vpopmail spamassasin clamav simscan Any ideas? Thanx.
[toaster] smtp-auth log
hi all, is there any easy way to include on logs (qmail-scanner-queue.pl should be the better place) the smtp auth information? You can see on logs each authentication, but in a server with some thousands of accounts, should be great to know who authenticated user sent what email. qmail-scanner-queue.pl log each email with from, to, clear/virus, ip, SA rate, subject. Is there any easy way to pass user like a env variable to be read on qmail-scanner-queue? Regards, Eduardo Cortés
Re: [toaster] smtp-auth log
On Sep 15, 2004, at 3:42 AM, Eduardo Cortés wrote: is there any easy way to include on logs (qmail-scanner-queue.pl should be the better place) the smtp auth information? You can see on logs each authentication, but in a server with some thousands of accounts, should be great to know who authenticated user sent what email. qmail-scanner-queue.pl log each email with from, to, clear/virus, ip, SA rate, subject. Is there any easy way to pass user like a env variable to be read on qmail-scanner-queue? You might be able to modify qmail-scanner-queue to extract that information from the Received header(s). It should also be possible to modify qmail-smtpd to set an environment variable with the AUTH username. I know that Erwin Hoffmann has been doing some work with the SMTP AUTH patch recently, perhaps he'd have time to add (and standardize) such a feature. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [toaster] smtp-auth log
Thanks Tom, smtp-auth patch upgrade has something about this, released yesterday. Should be very complex to upgrade this patch on 0.7b3 with chkusr-mysql? Probably is what I need. More details on http://www.fehcom.de/qmail/smtpauth.html From changelog: Version 0.51 includes the evaluation of the 'Auth' and the 'Size' parameter in the 'Mail From:' command. Version 0.52 uses DJB functions to copy FDs. Regards, Eduardo Cortés El Miércoles, 15 de Septiembre de 2004 16:41, Tom Collins escribió: It should also be possible to modify qmail-smtpd to set an environment variable with the AUTH username. I know that Erwin Hoffmann has been doing some work with the SMTP AUTH patch recently, perhaps he'd have time to add (and standardize) such a feature. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: Re[2]: [toaster] smtp-auth problems in freebsd [update]
On Aug 27, 2004, at 8:57 AM, Erwin Hoffmann wrote: No. Thats wrong. The Auth patch skips the auth-id and uses the user-id and the password: You're right -- I took a closer look. I also went back to the original message that showed the error was 501 malformed auth input (#5.5.4). So, it had nothing to do with the authentication failing. It makes me wonder what version of the SMTP AUTH patch the original poster is using, and whether any errors with base64 decoding of auth plain were fixed in recent releases. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
[toaster] smtp-auth problems in freebsd
Hi, I recompile all netqmail with vchkusr patch and with http://shupp.org/patches/netqmail-1.05-tls-smtpauth-20040705.patch but auth is not working as expected. I don´t use CRAM because I don´t want to have plaintext passwords in database, so I want to use auth login plain with tls. But 004-08-08 19:40:39.658546500 94306 250 AUTH LOGIN PLAIN 004-08-08 19:40:39.899217500 94306 AUTH PLAIN 004-08-08 19:40:39.899534500 94306 334 004-08-08 19:40:40.140874500 94306 AGx1Y2FzQHZhbGRlb24ubmV0AE1hcmdhcml0YTI0 004-08-08 19:40:40.141250500 94306 501 malformed auth input (#5.5.4) I followed Bill sugestion: http://www.mail-archive.com/[EMAIL PROTECTED]/msg01589.html I did the same in a linux box and everything seems to be ok. How can I debug the problem? Thank you in advance, Lucas
Re: [toaster] smtp-auth problems in freebsd
On Aug 10, 2004, at 1:19 AM, [EMAIL PROTECTED] wrote: 004-08-08 19:40:39.658546500 94306 250 AUTH LOGIN PLAIN 004-08-08 19:40:39.899217500 94306 AUTH PLAIN 004-08-08 19:40:39.899534500 94306 334 004-08-08 19:40:40.140874500 94306 AGx1Y2FzQHZhbGRlb24ubmV0AE1hcmdhcml0YTI0 004-08-08 19:40:40.141250500 94306 501 malformed auth input (#5.5.4) It might actually be bad input. If you decode that string, you'll see that it's NULLusernameNULLpassword. I just tried it myself, using usernameNULLusernameNULLpassword and it worked. Although it only worked with I sent the request as a single line (AUTH PLAIN code) -- sending in response to 334 failed. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re[2]: [toaster] smtp-auth problems in freebsd
Hola Tom, What does it means ?. Is the client (thebat) implementing the protocol incorrectly ? Thanks, Lucas Tuesday, August 10, 2004, 7:20:18 PM, you wrote: TC On Aug 10, 2004, at 1:19 AM, [EMAIL PROTECTED] wrote: 004-08-08 19:40:39.658546500 94306 250 AUTH LOGIN PLAIN 004-08-08 19:40:39.899217500 94306 AUTH PLAIN 004-08-08 19:40:39.899534500 94306 334 004-08-08 19:40:40.140874500 94306 AGx1Y2FzQHZhbGRlb24ubmV0AE1hcmdhcml0YTI0 004-08-08 19:40:40.141250500 94306 501 malformed auth input (#5.5.4) TC It might actually be bad input. If you decode that string, you'll see TC that it's NULLusernameNULLpassword. I just tried it myself, using TC usernameNULLusernameNULLpassword and it worked. TC Although it only worked with I sent the request as a single line (AUTH TC PLAIN code) -- sending in response to 334 failed. TC -- TC Tom Collins - [EMAIL PROTECTED] TC QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ TC Info on the Sniffter hand-held Network Tester: http://sniffter.com/ --
Re[3]: [toaster] smtp-auth problems in freebsd
Hi, It seems Tom is rigth. I try it with outlook and seems to work like a charm. Thank you, Lucas Wednesday, August 11, 2004, 12:27:32 AM, you wrote: L Hola Tom, L What does it means ?. Is the client (thebat) implementing the protocol incorrectly ? L Thanks, LLucas L Tuesday, August 10, 2004, 7:20:18 PM, you wrote: TC On Aug 10, 2004, at 1:19 AM, [EMAIL PROTECTED] wrote: 004-08-08 19:40:39.658546500 94306 250 AUTH LOGIN PLAIN 004-08-08 19:40:39.899217500 94306 AUTH PLAIN 004-08-08 19:40:39.899534500 94306 334 004-08-08 19:40:40.140874500 94306 AGx1Y2FzQHZhbGRlb24ubmV0AE1hcmdhcml0YTI0 004-08-08 19:40:40.141250500 94306 501 malformed auth input (#5.5.4) TC It might actually be bad input. If you decode that string, you'll see TC that it's NULLusernameNULLpassword. I just tried it myself, using TC usernameNULLusernameNULLpassword and it worked. TC Although it only worked with I sent the request as a single line (AUTH TC PLAIN code) -- sending in response to 334 failed. TC -- TC Tom Collins - [EMAIL PROTECTED] TC QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ TC Info on the Sniffter hand-held Network Tester: http://sniffter.com/ --
[toaster] SMTP-AUTH
Can anyone explain how SMTP-AUTH works in conjunction with the toaster? It have SMTP-AUTH working on other servers just fine so I am familiar with the over concepts. The part that I don't get relative to the toaster is where/how is user authentication handled? When I give it the same access info that works to retrieve mail ([EMAIL PROTECTED] plus password) SMTP-AUTH fails to authenticate. Does the access database need to be setup separately or is it supported to pull that data from vpopmail? TIA David Shirley http://www.webquarry.com
RE: [toaster] SMTP-AUTH does not work for me.
-Original Message- From: Tom Collins [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 7:59 AM To: [EMAIL PROTECTED] Subject: Re: [toaster] SMTP-AUTH does not work for me. On Jun 30, 2004, at 7:11 PM, John Doe wrote: I think that the problem is in some of configuration files, because when I remove from vpopmail defaultdomain file my domain and added my domain in qmail locals file the email is not recived to user and log is: Jul 1 04:43:10 ns qmail: 1088646190.282575 starting delivery 377: msg 277963 to local [EMAIL PROTECTED] That's expected behavior -- you're telling qmail that a.net is a local domain. qmail will deliver mail to user blabla in the /etc/passwd file. if I not make these changes email send/recive is work, and smtp auth is work but not not blocked emails that is send without autorization. Log is: Jul 1 04:43:10 ns qmail: 1088646190.282575 starting delivery 377: msg 277963 to local [EMAIL PROTECTED] Like I said before. If a.net is a vpopmail domain, then anyone can send to it without needing to AUTH -- this is normal. Try using a domain like hotmail.com for your SMTP AUTH test. Qmail should reply that it won't relay the mail. That log message is normal when a.net is a vpopmail domain. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/ Hm.. interest, before I update to netqmail + patch I have old qmail 1.03 with smtp auth patch 0.31 and it's work great. If user does not autenticate the email is accepted but does not sended from server to recipien and this is that I want and I expect from patch, user can not send email without authorization independently user is local or not. I just change version only of netqmail and vpopmail, no configuration change and now does not work. I tryed with hotmail and email is recived normal: Jul 1 12:22:00 ns qmail: 1088673720.726568 new msg 217778 Jul 1 12:22:00 ns qmail: 1088673720.726729 info msg 217778: bytes 905 from [EMAIL PROTECTED] qp 29078 uid 89 Jul 1 12:22:00 ns qmail: 1088673720.749611 starting delivery 585: msg 217778 to local [EMAIL PROTECTED] Jul 1 12:22:00 ns qmail: 1088673720.749713 status: local 1/10 remote 3/20 Jul 1 12:22:00 ns spamd[155]: connection from localhost [127.0.0.1] at port 54123 Jul 1 12:22:00 ns spamd[29086]: processing message (unknown) for vpopmail:1006. Jul 1 12:22:08 ns spamd[29086]: clean message (0.0/5.0) for vpopmail:1006 in 7.6 seconds, 905 bytes. Jul 1 12:22:08 ns qmail: 1088673728.451975 delivery 585: success: did_0+0+1/ Jul 1 12:22:08 ns qmail: 1088673728.452675 status: local 0/10 remote 3/20 Jul 1 12:22:08 ns qmail: 1088673728.452793 end msg 217778 Tom if you use smtp auth patch, do you can help me, I will say you my configuration in private email and if you find some errors to say me where is my errors ? Regards, John
RE: [toaster] SMTP-AUTH does not work for me.
-Original Message- From: Tom Collins [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 7:59 AM To: [EMAIL PROTECTED] Subject: Re: [toaster] SMTP-AUTH does not work for me. On Jun 30, 2004, at 7:11 PM, John Doe wrote: I think that the problem is in some of configuration files, because when I remove from vpopmail defaultdomain file my domain and added my domain in qmail locals file the email is not recived to user and log is: Jul 1 04:43:10 ns qmail: 1088646190.282575 starting delivery 377: msg 277963 to local [EMAIL PROTECTED] That's expected behavior -- you're telling qmail that a.net is a local domain. qmail will deliver mail to user blabla in the /etc/passwd file. if I not make these changes email send/recive is work, and smtp auth is work but not not blocked emails that is send without autorization. Log is: Jul 1 04:43:10 ns qmail: 1088646190.282575 starting delivery 377: msg 277963 to local [EMAIL PROTECTED] Like I said before. If a.net is a vpopmail domain, then anyone can send to it without needing to AUTH -- this is normal. Try using a domain like hotmail.com for your SMTP AUTH test. Qmail should reply that it won't relay the mail. That log message is normal when a.net is a vpopmail domain. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/ I fix problem :) I don't know where has been the problem, I just edit rcpthost file and added only one domain, now for email from local user to local user does not need autzation but if I send email to remote user, autorization is needed. I not tested my virtual domains will work or not but this is not big problem. Regards, John
RE: [toaster] SMTP-AUTH does not work for me.
Any body know what is the problem in my case ?
here are a header from server when I send email:
2351 220 a.net ESMTP
2351 EHLO condorc8y1adjr
2351 250-a.net
2351 250-STARTTLS
2351 250-PIPELINING
2351 250-8BITMIME
2351 250 AUTH LOGIN PLAIN CRAM-MD5
2351 MAIL FROM: [EMAIL PROTECTED]
2351 250 ok
2351 RCPT TO: [EMAIL PROTECTED]
2351 250 ok
2351 DATA
2351 354 go ahead
2351 Reply-To: [EMAIL PROTECTED]
2351 From: John Doe [EMAIL PROTECTED]
2351 To: [EMAIL PROTECTED]
2351 Subject: aaa
2351 Date: Wed, 30 Jun 2004 13:54:15 +0300
2351 MIME-Version: 1.0
2351 Content-Type: text/plain;
2351 charset=us-ascii
2351 Content-Transfer-Encoding: 7bit
32351 X-Mailer: Mic+
2351 rosoft Office Outlook, Build 11.0.5510
2351 Thread-Index: AcRekJWE2CMv/LJYRwudR4y50q3f6g==
2351 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
2351
2351 aaa
2351
2351 .
2351 250 ok 1088592746 qp 32354
2351 QUIT
2351 221 a.net
32351 [EOF]
and here is tcp.smtp
127.0.0.1:allow,RELAYCLIENT=,RBLSMTPD=,QMAILQUEUE=/var/qmail/bin/qmail-
queue
10.:allow,RELAYCLIENT=,RBLSMTPD=,QMAILQUEUE=/var/qmail/bin/qmail-scanne
r-queue.pl
:allow,QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl
I read lots of documntation in network
but nothing about my problem. I still can send email without authorization
and qmail-smtpd
does not block these emails.
I think that the problem may be is in configuration because
patch is applayed and compile successful.
Any body can help me?
Regards,
John
-Original Message-
From: John Doe [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 29, 2004 1:51 PM
To: [EMAIL PROTECTED]
Subject: [toaster] SMTP-AUTH does not work for me.
Hello,
I installed a new version of netqmail-1.05 with the 'Large Qmail patch' but
SMTP-AUTH isn't working.
I took a new
netqmail-1.05 and only aplied the 'Large qmail patch' without errors.
compiled without errors, installed and started the daemons. There were no
startup errors.
When I try to send mail without authentification it works !?! So this
creates an open relay to me.
I use vpopmail 5.4.5 with MySQL Auth. The smtpd startup script is:
$more /etc/rc.d/rc.qmail
#!/bin/bash
export
PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/var/qmail/bin:/var/vpopm
ail/bin
[ -f /var/qmail/bin/qmail-send ] || exit 0
start() {
echo -n Starting Qmail:
qmail-start `cat /var/qmail/dot-qmail` splogger qmail
# SMTP-AUTH w/RBL's
tcpserver -H -l0 -R -c 512 -x /var/vpopmail/etc/tcp.smtp.cdb -u 89
-g 89 0.0.0.0 25 /var/qmail/bin/tcp-env \
tcp-env rblsmtpd -r bl.spamcop.net -r list.dsbl.org -r
rbl-plus.mail-abuse.org -r list.dsbl.org -r sbl.spamhaus.org \
/var/qmail/bin/qmail-smtpd /var/vpopmail/bin/vchkpw /bin/true
# SMTP-AUTH w/SSL
tcpserver -n /etc/ssl/certs/smtps.pem -x
/var/vpopmail/etc/tcp.smtp.cdb \
-s -H -l0 -R -u 89 -g 89 0 465 /var/qmail/bin/tcp-env \
tcp-env /var/qmail/bin/qmail-smtpd /var/vpopmail/bin/vchkpw
/bin/true
}
stop() {
echo -n Shutting down Qmail:
killall qmail-send
killall tcpserver
rm -f /var/lock/subsys/qmail
}
case $1 in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo $Usage: $0 {start|stop|restart}
exit 1
esac
In old version this is work great, but in new version this does not work.
I can send email without authentication.
Any body know what is the problem ?
Regards,
John
[toaster] SMTP-AUTH does not work for me.
Hello,
I installed a new version of netqmail-1.05 with the 'Large Qmail patch' but
SMTP-AUTH isn't working.
I took a new
netqmail-1.05 and only aplied the 'Large qmail patch' without errors.
compiled without errors, installed and started the daemons. There were no
startup errors.
When I try to send mail without authentification it works !?! So this
creates an open relay to me.
I use vpopmail 5.4.5 with MySQL Auth. The smtpd startup script is:
$more /etc/rc.d/rc.qmail
#!/bin/bash
export
PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/var/qmail/bin:/var/vpopm
ail/bin
[ -f /var/qmail/bin/qmail-send ] || exit 0
start() {
echo -n Starting Qmail:
qmail-start `cat /var/qmail/dot-qmail` splogger qmail
# SMTP-AUTH w/RBL's
tcpserver -H -l0 -R -c 512 -x /var/vpopmail/etc/tcp.smtp.cdb -u 89
-g 89 0.0.0.0 25 /var/qmail/bin/tcp-env \
tcp-env rblsmtpd -r bl.spamcop.net -r list.dsbl.org -r
rbl-plus.mail-abuse.org -r list.dsbl.org -r sbl.spamhaus.org \
/var/qmail/bin/qmail-smtpd /var/vpopmail/bin/vchkpw /bin/true
# SMTP-AUTH w/SSL
tcpserver -n /etc/ssl/certs/smtps.pem -x
/var/vpopmail/etc/tcp.smtp.cdb \
-s -H -l0 -R -u 89 -g 89 0 465 /var/qmail/bin/tcp-env \
tcp-env /var/qmail/bin/qmail-smtpd /var/vpopmail/bin/vchkpw
/bin/true
}
stop() {
echo -n Shutting down Qmail:
killall qmail-send
killall tcpserver
rm -f /var/lock/subsys/qmail
}
case $1 in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo $Usage: $0 {start|stop|restart}
exit 1
esac
In old version this is work great, but in new version this does not work.
I can send email without authentication.
Any body know what is the problem ?
Regards,
John
[toaster] SMTP-AUTH not working
Hi, I installed a new version of netqmail-1.05 with the 'Large Qmail patch' but SMTP-AUTH isn't working. I had an running qmail-1.03 with older patches. So I took a new netqmail-1.05 and only aplied the 'Large qmail patch' without errors. compiled without errors, installed and started the daemons. There were no startup errors. I receive mail without errors. But I can't send mail with SMTP-AUTH. I always get status 256 in the smtpd logs: - @400040c6f26730645bec tcpserver: status: 1/20 @400040c6f2673064735c tcpserver: pid 2657 from 217.5.65.181 @400040c6f267309468b4 tcpserver: ok 2657 0:80.190.231.XX:25 pd90541b5.dip.t-dialin.net:217.5.65.181::4588 @400040c6f2680c5101ec tcpserver: end 2657 status 256 @400040c6f2680c51195c tcpserver: status: 0/20 - When I try to send mail without authentification it works !?! So this creates an open relay to me. I use vpopmail 5.4.3 with MySQL Auth. As I said, it worked great with qmail 1.03 an the old qmail-toaster-0.5.patch.bz2. The smtpd startup script is: - #!/bin/sh VPOPMAILUID=`id -u vpopmail` VCHKPWGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` if [ -z $VPOPMAILUID -o -z $VCHKPWGID -o -z $MAXSMTPD ]; then echo VPOPMAILUID or VCHKPWGID is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi qmail-scanner QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl export QMAILQUEUE exec softlimit -m 1000 \ tcpserver -D -R -h -v -l 0 \ -x /www/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $VPOPMAILUID -g $VCHKPWGID 0 smtp \ rblsmtpd -C -r relays.ordb.org -C -r relays.visi.com \ -C -r sbl-xbl.spamhaus.org -C -r opm.blitzed.org \ /var/qmail/bin/qmail-smtpd serv.de \ /www/vpopmail/bin/vchkpw /bin/true 21 -- A telnet session shows up: -- 220 serv.de ESMTP ehlo 250-serv.de 250-STARTTLS 250-PIPELINING 250-8BITMIME 250 AUTH LOGIN PLAIN CRAM-MD5 AUTH FOOBAR 504 auth type unimplemented (#5.5.1) AUTH LOGIN 334 VXNlcm5hbWU6 -- The System is redhat 9 with latest updates. Everything is errno patched. The Kerberos symlinks are set. (The IP Address and the domain name are anonymized.) Can anyone give me a hint ? Thank you. dimaki -- +++ Jetzt WLAN-Router für alle DSL-Einsteiger und Wechsler +++ GMX DSL-Powertarife zudem 3 Monate gratis* http://www.gmx.net/dsl
Re: [toaster] SMTP-AUTH not working
dimaki wrote: Hi, I installed a new version of netqmail-1.05 with the 'Large Qmail patch' but SMTP-AUTH isn't working. I had an running qmail-1.03 with older patches. So I took a new netqmail-1.05 and only aplied the 'Large qmail patch' without errors. compiled without errors, installed and started the daemons. There were no startup errors. I receive mail without errors. But I can't send mail with SMTP-AUTH. I always get status 256 in the smtpd logs: - @400040c6f26730645bec tcpserver: status: 1/20 @400040c6f2673064735c tcpserver: pid 2657 from 217.5.65.181 @400040c6f267309468b4 tcpserver: ok 2657 0:80.190.231.XX:25 pd90541b5.dip.t-dialin.net:217.5.65.181::4588 @400040c6f2680c5101ec tcpserver: end 2657 status 256 @400040c6f2680c51195c tcpserver: status: 0/20 - When I try to send mail without authentification it works !?! So this creates an open relay to me. I use vpopmail 5.4.3 with MySQL Auth. As I said, it worked great with qmail 1.03 an the old qmail-toaster-0.5.patch.bz2. The smtpd startup script is: - #!/bin/sh VPOPMAILUID=`id -u vpopmail` VCHKPWGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` if [ -z $VPOPMAILUID -o -z $VCHKPWGID -o -z $MAXSMTPD ]; then echo VPOPMAILUID or VCHKPWGID is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi qmail-scanner QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl export QMAILQUEUE exec softlimit -m 1000 \ tcpserver -D -R -h -v -l 0 \ -x /www/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $VPOPMAILUID -g $VCHKPWGID 0 smtp \ rblsmtpd -C -r relays.ordb.org -C -r relays.visi.com \ -C -r sbl-xbl.spamhaus.org -C -r opm.blitzed.org \ /var/qmail/bin/qmail-smtpd serv.de \ /www/vpopmail/bin/vchkpw /bin/true 21 -- A telnet session shows up: -- 220 serv.de ESMTP ehlo 250-serv.de 250-STARTTLS 250-PIPELINING 250-8BITMIME 250 AUTH LOGIN PLAIN CRAM-MD5 AUTH FOOBAR 504 auth type unimplemented (#5.5.1) AUTH LOGIN 334 VXNlcm5hbWU6 -- The System is redhat 9 with latest updates. Everything is errno patched. The Kerberos symlinks are set. (The IP Address and the domain name are anonymized.) Can anyone give me a hint ? Thank you. Remove the hostname argument to qmail-smtpd. That's for the old smtp-auth version. The new one does not use it. Bill
Re: [toaster] smtp-auth, mysql auth, Outlook Express and a Mac - strange problem
Don't know if this works on Mac, but I have used this on Windows before: http://email.about.com/library/daily/et/blet021804_1.htm Mike Jeff Koch wrote: Hi: Is there any logging or debugging available with the mysql smtp-auth routines? We have a situation in which users from one domain can't seem to authenticate for sending mail when connecting from Outlook Express on a Macintosh whereas users on several other domains can authenticate using a Mac and the same program. These users get an error message on their Mac's that SMTP Authentication failed and would they like to re-enter the username and password. (Using this combination of PC and Mail Client one needs to use the '%' instead of an '@' in the email address used for the username.) We confirmed the problem with this domain on one of our Mac's and also that other domains could smtp-authenticate. We compared the mysql table information for the domains and users that did work with those that didn't and we can't find any differences. And we compared the The domain/users that cannot authenticate using Outlook Express with a Mac can authenticate using Outlook Express on a PC. So it seems the only difference is related to how the '%' in the username is interpreted by the smtp-auth routines for this domain. Can someone help explain how the smtp-auth mechanism works with mysql or explain how we might debug this situation. Best Regards, Jeff Koch
