[vchkpw] Encrypted Password

2002-12-11 Thread Ryan Adorable 
Hi,

I'm doing qmail+vpopmail+mysql here.

My problem is, how could I make vpopmail to check pw_passwd field,
instead of pw_clear_passwd for password lookup?

Thanks

Re: [vchkpw] Qmailadmin not working

2002-12-11 Thread Peter Palmreuther 
Hi Jeremy,

let me first please you to answer on list so the mails get archived and
might be used for future reference.

On Tue, 10 Dec 2002 14:07:46 -0500
Jeremy Doolin [EMAIL PROTECTED] wrote:

 I'm having fits getting qmailadmin to authenticate properly.  Here
 is my setup:

 qmail, vpopmail, autoresponder, ezmlm, apache 2.0, squirrelmail,
 courier-imap.

 I can authenticate with my virtual user ([EMAIL PROTECTED]) via
 squirrelmail, sqwebmail, pop3 and IMAP, but not qmailadmin.  I enter
 postmaster for the user account, domain.com for the domain name
 and my password and I continue to get Invalid User.  Any help with
 this would be greatly appreciated.  Thanks.

 Have a look into system log, maybe vchkpw logs the reason of
 rejection. Might be it's only your qmailadmin cgi is not properly
 set SUID and therefore refused to authenticate.

 well, I checked the permissions and it was as follows:
 
 -rwsr-sr-x  1  vpopmail  vchkpw   99728 Dec 10 10:23 qmailadmin
 
 upon advising from  a friend, I changed it to 4711, or:
 
 -rws--x--x
 
 but it still doesn't work.

chmod 6755 qmailadmin

should be OK.

So you still didn't tell us what's in system log (if vchkpw logs
something about unable to authenticate) and what is maybe in web servers
log about possible errors.

You don't write about your OS, so I don't know if it's Linux or a BSD.
For Linux you could try to attach a strace() process to apache processes
to maybe figure out if and where permission might be denied.

As an example you can use the following as a template and adapt it to
your concrete setup:

---
ps auxwww |grep '[h]ttpd' |awk '{print $2}' /tmp/pids_of_httpd
PIDS=
while read x; do PIDS=$PIDS -p $x; done  /tmp/pids_of_httpd
strace -s 512 -o /tmp/qmailadmin.log -fqix $PIDS
---

Replace '[h]ttpd' with the name of your web server binary. On my Debian
it's 'apache' and therefore '[a]apache', the parethis '[]' around the
first characters make the 'grep' recognize only the real processes but
exclude itself from the resulting list.

Now try to log in and after failure have a look in 

/tmp/qmailadmin.log

if you can figure out the culprit.

You should use this on a web server not to busy with other stuff, else
the log file (/tmp/qmailadmin.log) will be filled with a _lot_ of
useless information for sloving this issue.
If your web server _is_ busy, start a new instance with different
configuration file, bound to 127.0.0.1:8080, figure it's IPs manually
and 'strace()' this PIDs.

If you're not using Linux you'll have to search for how to apply an
strace() to a running process yourself, unless somebody else on this
list, who uses BSD, can help out. I don't have a single BSD machine here
(yet), so I don't have any clue what's different, but the general
strategie should be very similar.
-- 
Peter

Re: [vchkpw] bounce email

2002-12-11 Thread Peter Palmreuther 
Hi Joeffrey,

On Wed, 11 Dec 2002 17:29:06 +0800
Joeffrey Betita [EMAIL PROTECTED] wrote:


 we host multiple hostname. like example.com, example.net etc.
 when somebody email [EMAIL PROTECTED] [EMAIL PROTECTED]
 receive it also. what i want is to bounce the message. it should says
 no such user or domain.
 what should i do so that [EMAIL PROTECTED] should not
 receive the email being sent to [EMAIL PROTECTED] thanks for your
 help.

You've either set example.com and example.net to one being an alias to
the other (using vaddaliasdomain) or set up a dot-qmail file for
[EMAIL PROTECTED] to forward to [EMAIL PROTECTED]

Depending on which of both is your set up you have to either delete
the alias domain (which ever you've set up with 'vaddaliasdomain') or
change the dot-qmail file.
-- 
Peter

Re: [vchkpw] Memory allocation for vckpw ?

2002-12-11 Thread Peter Palmreuther 
Hi Anders,

On Wed, 11 Dec 2002 11:26:13 +0100
Anders Norrbring [EMAIL PROTECTED] wrote:

 Does anyone know how much memory I should allocate in softlimit in the
 line I have below?  As it looks now, I get allocation errors when
 vckpw is called.

First: This topic is covered in the archive _several_ time.

http://bluedot.net/mail/archive/list.php?f=2

is the link that's promoted on Inter7s vpopmail-site too. It _really_
ain't hard to find.

Second give 300 a try, if it still fails raise it to 400.
Go on in small steps until it works for you. There is _no_ general rule
about this limit, it depends on how much memory you've got and what
programs are loaded in your startup script. Some have only tcpserver
that calls qmail-popup, other have more applications in between, like
e.g. recordio, fixcrio, stunnel, or a SSL patched tcpserver.
-- 
Peter

Re: [vchkpw] IMAP Relay export vpopmail

2002-12-11 Thread Miguel A. Argañaraz² ® 
Run this before ./configure  make

export CFLAGS=-DHAVE_OPEN_SMTP_RELAY


Cheers,
// Mitch²®

- Original Message - 
From: Remo Mattei [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, December 11, 2002 4:05 AM
Subject: [vchkpw] IMAP Relay export vpopmail


 Hi Guys I can never remember how to set the variable before setting Imap up
 so that it works with vpopmail user relay agent.
 
 Thanks, 
 Remo

[vchkpw] how fight abuse of spammin qmail

2002-12-11 Thread Oliver Etzel - GoodnGo.COM \(R\) 



Hello list,

my qmail is abused by another spammer. He is 
sending spam from my server 
Here is what 
ps ax 
say
18855 ? 
S 0:00 qmail-remote kxk.com [EMAIL PROTECTED] 
[EMAIL PROTECTED]19088 
? S 0:00 
qmail-remote ak.com [EMAIL PROTECTED] 
[EMAIL PROTECTED]19121 
? S 0:00 
qmail-remote nt.com [EMAIL PROTECTED] 
[EMAIL PROTECTED]19130 
? S 0:00 
qmail-remote aol.com [EMAIL PROTECTED] 
[EMAIL PROTECTED]19149 
? S 0:00 
qmail-remote p0.com [EMAIL PROTECTED] 
[EMAIL PROTECTED]

What can I do against that?

Oliver Etzel

[vchkpw] fight spamming qmail

2002-12-11 Thread Oliver Etzel - GoodnGo.COM \(R\) 



Hello list,

my qmail is abused by another spammer. He is 
sending spam from my server 
Here is what 
ps ax 
say
18855 ? 
S 0:00 qmail-remote kxk.com [EMAIL PROTECTED] 
[EMAIL PROTECTED]19088 
? S 0:00 
qmail-remote ak.com [EMAIL PROTECTED] 
[EMAIL PROTECTED]19121 
? S 0:00 
qmail-remote nt.com [EMAIL PROTECTED] 
[EMAIL PROTECTED]19130 
? S 0:00 
qmail-remote aol.com [EMAIL PROTECTED] 
[EMAIL PROTECTED]19149 
? S 0:00 
qmail-remote p0.com [EMAIL PROTECTED] 
[EMAIL PROTECTED]

What can I do against that?

Oliver Etzel

Re: [vchkpw] Encrypted Password

2002-12-11 Thread Clayton Weise 
It doesn't check pw_clear_passwd, it checks pw_passwd for 
authentication.  pw_clear_passwd is just for your reference.

On Wednesday, December 11, 2002, at 09:19 AM, Ryan Adorable wrote:

Hi,

I'm doing qmail+vpopmail+mysql here.

My problem is, how could I make vpopmail to check pw_passwd field,
instead of pw_clear_passwd for password lookup?

Thanks

[vchkpw] What to choose for verification?

2002-12-11 Thread Anders Norrbring 

Hello!

Finally I have a mail system up and running perfectly!

But I'm not really sure about what's the (if not safest) so in any case
a very good smtp-relaying verification system?  I have installed qmail
1.03, vpopmail 5.3.12 with MySQL, and currectly I run on pop-before-smtp
for verification.

I've seen more and more systems using smtp-auth and/or SSL for relaying,
is those so much safer than pop-before-smtp so it's worth the effort to
install?

If so, where should I look for more info and/or software to support it?
I really like to be able to run a as clean system as possible, i.e. not
a lot of patches.

And finally, I have lots of questions about the configure options for
vpopmail, it seems like most of them doesn't work, are they not
implemented or am I just using them erroneously?  If someone out there
are familiar with those, please e-mail me for details..

Thank you all!

Anders Norrbring
Norrbring Consulting.
Karlskoga / Sweden.

Re: [vchkpw] Encrypted Password

2002-12-11 Thread Bill Shupp 
On Wednesday, December 11, 2002, at 09:19  AM, Ryan Adorable wrote:


Hi,

I'm doing qmail+vpopmail+mysql here.

My problem is, how could I make vpopmail to check pw_passwd field,
instead of pw_clear_passwd for password lookup?


Don't use APOP or CRAM-MD5.  You can also disable clear passwords at 
compile time.  This will permanently disable APOP and CRAM-MD5.

Regards,

Bill Shupp

[vchkpw] lost gifs

2002-12-11 Thread Michael Christie 



Hi There ,Sorry I did not get back to the list. 
I solved my problem , I am using openbsd 3.2 with "-u" in the 
rc.conf file when you install qmailadmin all theimage files load correct, 
but when you alter the httpd.conf the path to theimages change for some 
reason , so I looked at the httpd logs , found thepath, moved the all 
the images to the right path and all is working ok ,the same went for 
sqwebmailMichael- Original Message -From: "Kurt 
Bigler" [EMAIL PROTECTED]To: "Michael 
Christie" [EMAIL PROTECTED]Sent: 
Sunday, December 08, 2002 1:58 PMSubject: Re: [vchkpw] lost 
gifs off-list... Did you figure out this 
problem? I didn't see any further follow-up toyour email but 
maybe I missed it. In any case I was able to get my images back 
based on the info fromClayton Weise. I already had an images 
directory under the domain that I used for qmailadmin access. I 
just added a subdirectory named qmailadmin to that images directory, 
which is actually a symbolic link to the original images/qmailadmin 
directory. I am a little worried about the symbolic link, 
because I seem to recall it is a dangerous idea to use links (of any 
kind?) in web directories for security reasons, particular where cgi's 
are involved. But I forget the details on this. Of course I 
could have copied the files but I decided in this case the symlink was 
probably safe. -Kurt Bigler on 
12/2/02 12:26 PM, Michael Christie [EMAIL PROTECTED] wrote: 
 I have my images in a /var/www/htdocs folder, the images folder 
containsa  folder called qmailadmin , when I did the config of 
qmailadmin I used /configure 
--enable-htmldir=/var/www/htdocs --enable-cgibindir=/var/www/c 
 gi-bin I access the site using www.mywebsite.com/cgi/qmailadmin 
asyou  can see I think I have all that is needed for qmailadmin 
to run , butstill  no images , this all changed when I added 
virtual domains to myhttpd.conf ,  I can not see how that would 
change my path in the cgi-bin, can youplease  explain to me if I 
am on the right track or right off it , what do Ineed to  do to 
fix this  or dose something in the httpd.conf need to bechanged 
 as wellthank you  
Michael   - Original Message -  
From: "Clayton Weise" [EMAIL PROTECTED]  To: 
"vchkpw" [EMAIL PROTECTED]  Sent: 
Tuesday, December 03, 2002 5:09 AM  Subject: Re: [vchkpw] lost 
gifsQmailadmin puts it's images in it's 
own images folder. You'll want to  check how you configured 
qmailadmin to be sure, but my images are in  
/usr/local/apache/htdocs/images/qmailadmin. The images are called 
upon  through relative path, so since my cgi-bin directory 
is  www.mywebsite.com/cgi-bin then there 
also needs to be a  www.mywebsite.com/images/qmailadmin 
directory.   On Monday, December 2, 2002, at 01:57 AM, 
Michael Christie wrote:   Hi all ,  
Hope some one can help, I have installed qmail admin on openbsd 3.2 
 without making any changes to the httpd.conf file , Tested qmail 
admin  all worked fine , after adding virtual domains to the 
httpd.conf, the  gif files and art work in qmail admin will not 
load in my browser, but  I can still log in . I have looked in 
the /cgi-bin/qmailadmin all  looks to be correct , can any one 
tell me what is going on and how to  fix this , if you need to 
see what I am talking about email me and I  will give you the 
url of the siteThank 
you  Michael   ps the same has 
happened to sqwebmail

[vchkpw] Email encryption

2002-12-11 Thread Remo Mattei 
Hi guys does any of you have an howto on how to have email drop in the user
mailbox encrypted? So if send to a particolar address it's going to be
automatically encrypted.
Thanks, 

Ciao, 
Remo Mattei

Re: [vchkpw] Email encryption

2002-12-11 Thread Anders Brander 
Hi,

On Wednesday 11 December 2002 22:16, Remo Mattei wrote:
 Hi guys does any of you have an howto on how to have email drop in the
 user mailbox encrypted? So if send to a particolar address it's going
 to be automatically encrypted.

I have often been thinking about this myself.
We must face one thing, as long as the mail is travelling unencrypted, 
somebody can read it. The root-user of the local mailserver can always 
read it!

I see two scenarios.

1. Client side software is helping.
Pros:
One can use existing PGP encryption with fairly good client support.
PGP's prone public key system would make it quite secure too.

Cons:
It requires client side support (PGP software).

2. Invisible to client side.
Could be implemented using some sort of public-key crypto, where the 
private part was the pop3/imap password.

Pros:
It doesn't require any client side support.
Will stop the occasional cracker.

Cons:
Too unsecure to be used.
Root will have access after the mail is encrypted! (think about it!)

Just a few thoughts... (btw: I ended up using tcpserver with ssl support)

/Anders

Re: [vchkpw] Email encryption

2002-12-11 Thread Anders Brander 
Hi,

On Wednesday 11 December 2002 23:21, W.D.McKinney wrote:
  Just a few thoughts... (btw: I ended up using tcpserver with ssl
  support)
 How did you do this if may ask ?

How i got tcpserver ssl-enabled? Here's a patch:
http://www.nrg4u.com/qmail/ucspi-tcp-ssl-20020705.patch.gz

- did that help?

/Anders

[vchkpw] /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox

2002-12-11 Thread Joeffrey Betita 
hi ppl all want is to bounce some email. on the instruction no. 3  on
 the FAQ of vpopmail. what should i do next. do i have to create each
.qmail-default for each user. do i have restart qmail. thanks for your help.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.427 / Virus Database: 240 - Release Date: 12/6/2002