[vchkpw] tcp.smtp / open-smtp rule precedence
Hi folks. We're experiencing a weird issue related to the open-smtp / roaming users feature of vpopmail. We have a line in our ~vpopmail/etc/tcp.smtp file that looks like this: 12.161.105.140:allow,MFCHECK=0,RBLSMTPD=,QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl The notable part for my question is that we want to accept mail from this server and run it through qmail-scanner. qmail-scanner.pl will process the message as long as RELAYCLIENT is not set for the connecting host, which, as you can see above, it is not. BUT, we have a meddlesome user on 12.161.105.140 who is popping into vpopmail, which has the allow roaming users flag set. As soon as this user does that, an entry is created in the tcp.smtp database for that user, as reflected in the open-smtp file: 12.161.105.140:allow,RELAYCLIENT=,RBLSMTPD= 1074272408 The result is that the users pop / roaming action is disabling qmail-scanner for all mail from that server. In general, the issue is that a user popping in from an IP that has a line in the main ~vpopmail/etc/tcp.smtp can override the rule for that IP. I realize this could be discussed on any number of lists (tcpserver, qmail-scanner, etc.), but I *think* this is just a matter of precedence in the way tcprules is run to incorporate the ~vpopmail/etc/tcp.smtp file AND the roaming user entry that's added by vpopmail. So I'm hoping it might be worth exploring here since other vpopmail users may want to override tcpserver environment variables with the main tcp.smtp file. This seems to be the relevant part of vpopmail.c: strncpy(bin0, TCPRULES_PROG, BUFF_SIZE); strncpy( bin1, TCP_FILE, BUFF_SIZE); strncat( bin1, .cdb, BUFF_SIZE); strncpy( bin2, TCP_FILE, BUFF_SIZE); strncat( bin2, relay_template, BUFF_SIZE); binqqargs[0] = bin0; binqqargs[1] = bin1; binqqargs[2] = bin2; binqqargs[3] = 0; execv(*binqqargs,binqqargs); But I'm not quite clear on how tcprules is processing / ordering the ruleset when a roaming user triggers this action. I scanned the archives and couldn't find a reference to this problem, but apologizes if it's been discussed under a different set of keywords. Any thoughts? Thanks, Chris
Re: [vchkpw] tcp.smtp / open-smtp rule precedence
Em Sex, 2004-01-16 às 14:10, Chris Hardie escreveu: The result is that the users pop / roaming action is disabling Why don't you enable qmail-scanner globally? I put QMAILQUEUE=bin/qmail-scanner-queue.pl into /service/qmail-smtpd/run before smtpd initialization, in a way it's used by all connections. If you want some other connection NOT to use the scanner,you would have to specify it in tcp.smtp My 2c. -- [] Mauricio Teixeira - Maceió/AL/Brazil [] * Este e-mail serve apenas para listas!!! * [] * This e-mail is for mailing lists only!!! *
Re: [vchkpw] tcp.smtp / open-smtp rule precedence
On Fri, 2004-01-16 at 11:10, Chris Hardie wrote: We have a line in our ~vpopmail/etc/tcp.smtp file that looks like this: 12.161.105.140:allow,MFCHECK=0,RBLSMTPD=,QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl BUT, we have a meddlesome user on 12.161.105.140 who is popping into vpopmail, which has the allow roaming users flag set. As soon as this user does that, an entry is created in the tcp.smtp database for that user, as reflected in the open-smtp file: 12.161.105.140:allow,RELAYCLIENT=,RBLSMTPD= 1074272408 The result is that the users pop / roaming action is disabling qmail-scanner for all mail from that server. In general, the issue is that a user popping in from an IP that has a line in the main ~vpopmail/etc/tcp.smtp can override the rule for that IP. Interesting indeed! I would simply disable pop-before-smtp for this user. Look at vmoduser. Then, add RELAYCLIENT= to your original line, and call it good. -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
[vchkpw] rblsmtpd / tcp.smtp rules precedence
Another message from Chris Hardie did remember me about an old question I have. How can I make tcp.smtp rules be processed BEFORE rblsmtpd, when rblsmtp is called from tcpserver's qmail-smtpd initialization command? I mean, some times we find one IP blocked by the RBL systems, and want to allow it pass, without having to deal with the de-listing problems (specially when the IPs are not ours). Any help would be nice. TIA. -- [] Mauricio Teixeira - Maceió/AL/Brazil [] * Este e-mail serve apenas para listas!!! * [] * This e-mail is for mailing lists only!!! *
Re: [vchkpw] rblsmtpd / tcp.smtp rules precedence
Mauricio Teixeira (listas) wrote: Another message from Chris Hardie did remember me about an old question I have. How can I make tcp.smtp rules be processed BEFORE rblsmtpd, when rblsmtp is called from tcpserver's qmail-smtpd initialization command? I mean, some times we find one IP blocked by the RBL systems, and want to allow it pass, without having to deal with the de-listing problems (specially when the IPs are not ours). Hi, Add the IP in question to your tcp.smtp file with RBLSMTPD=, that will cause tcpserver to by pass the rblsmtpd check. Regards, Rick
Re: [vchkpw] tcp.smtp / open-smtp rule precedence
On Fri, 16 Jan 2004, Mauricio Teixeira (listas) wrote: Em Sex, 2004-01-16 às 14:10, Chris Hardie escreveu: The result is that the users pop / roaming action is disabling Why don't you enable qmail-scanner globally? I put QMAILQUEUE=bin/qmail-scanner-queue.pl into /service/qmail-smtpd/run before smtpd initialization, in a way it's used by all connections. If you want some other connection NOT to use the scanner,you would have to specify it in tcp.smtp Hmm, if it's in the run file, isn't it still subject to the rules of tcpserver, in terms of the impact the environment variables have? Perhaps you could paste in /service/qmail-smtpd/run. Chris
Re: [vchkpw] rblsmtpd / tcp.smtp rules precedence
On Fri, 2004-01-16 at 11:21, Mauricio Teixeira (listas) wrote: Another message from Chris Hardie did remember me about an old question I have. How can I make tcp.smtp rules be processed BEFORE rblsmtpd, when rblsmtp is called from tcpserver's qmail-smtpd initialization command? they already are. tcpserver doesn't launch prog until it finishes setting up the environment, doing ident/hostname lookups, etc. When it runs prog, tcprules have already been processed. I mean, some times we find one IP blocked by the RBL systems, and want to allow it pass, without having to deal with the de-listing problems (specially when the IPs are not ours). put RBLSMTPD= in an entry that matches their IP address in your tcprules file. http://cr.yp.to/ucspi-tcp/rblsmtpd.html explains that seeing RBLSMTPD set, and empty, will cause it to ignore that particular address, and continue as normal. -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
Re: [vchkpw] tcp.smtp / open-smtp rule precedence
On Fri, 16 Jan 2004, Jeremy Kitchen wrote: I would simply disable pop-before-smtp for this user. Look at vmoduser. Then, add RELAYCLIENT= to your original line, and call it good. I see why that would work (though I think you didn't mean the part about putting RELAYCLIENT= in tcp.smtp, as that disables qmail-scanner), but it doesn't seem to scale very well. As other users on 12.161.105.140 do the same thing, we'd have to watch for them and vmoduser each one. Chris
Re: [vchkpw] rblsmtpd / tcp.smtp rules precedence
On Fri, 2004-01-16 at 11:24, Rick Macdougall wrote: Add the IP in question to your tcp.smtp file with RBLSMTPD=, that will cause tcpserver to by pass the rblsmtpd check. tcpserver doesn't do any rbl check. that's what rblsmtpd does. putting RBLSMTPD= into your environment for the connection doesn't cause tcpserver to NOT run rblsmtpd.. it just causes rblsmtpd to continue on as normal and execute its argument. http://cr.yp.to/ucspi-tcp/rblsmtpd.html -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
Re: [vchkpw] tcp.smtp / open-smtp rule precedence
Em Sex, 2004-01-16 às 14:24, Chris Hardie escreveu: Hmm, if it's in the run file, isn't it still subject to the rules of tcpserver, in terms of the impact the environment variables have? Perhaps The variable is used by qmail-smtpd to determine how it will queue the mesage. tcpserver does not know anything about it. qmail-qsmtpd/run follows: - #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` QMAILQUEUE=bin/qmail-scanner-queue.pl export QMAILQUEUE if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD -o -z $LOCAL ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo No /var/qmail/control/rcpthosts! echo Refusing to start SMTP listener because it'll create an open relay exit 1 fi exec /usr/local/bin/softlimit -m 6400 \ /usr/local/bin/tcpserver -v -R -l $LOCAL -S -x /etc/tcp.smtp.cdb \ -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd -r relays.ordb.org -r sbl.spamhaus.org -r bl.spamcop.net \ /var/qmail/bin/qmail-smtpd 21 -- [] Mauricio Teixeira - Maceió/AL/Brazil [] * Este e-mail serve apenas para listas!!! * [] * This e-mail is for mailing lists only!!! *
Re: [vchkpw] tcp.smtp / open-smtp rule precedence
On Fri, 2004-01-16 at 11:25, Chris Hardie wrote: On Fri, 16 Jan 2004, Jeremy Kitchen wrote: I would simply disable pop-before-smtp for this user. Look at vmoduser. Then, add RELAYCLIENT= to your original line, and call it good. I see why that would work (though I think you didn't mean the part about putting RELAYCLIENT= in tcp.smtp, as that disables qmail-scanner), but it doesn't seem to scale very well. As other users on 12.161.105.140 do the same thing, we'd have to watch for them and vmoduser each one. well then you'll have to either: a) vmoduser all of them and force the other clients on that IP to use SMTP auth. b) set up another qmail-smtpd service specifically for the server you want to have all mail from scanned with qmail-scanner, and configure that server to use your new qmail-smtpd service. there's no other way to do it, since tcpserver doesn't know which client is which, it just knows IPs, and since you pointed out that qmail-scanner doesn't run if the RELAYCLIENT is set, then having them both on the same port/ip is not possible. -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
Re: [vchkpw] tcp.smtp / open-smtp rule precedence
On Fri, 2004-01-16 at 11:31, Jeremy Kitchen wrote: and since you pointed out that qmail-scanner doesn't run if the RELAYCLIENT is set, then having them both on the same port/ip is not possible. ahem, it runs. it just doesn't do anything. *MORE REDBULL* -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
RE: [vchkpw] QS to reject misaddressed email at SMTP conversation
-Original Message- From: Shane Chrisp [mailto:[EMAIL PROTECTED] Sent: Friday, January 16, 2004 9:56 AM To: 'Russell Mann' Subject: RE: [vchkpw] QS to reject misaddressed email at SMTP conversation I had the same issues until I realised I needed to run the smtp daemon as the vpopmail user so it could look up the user. Shane Dear Shane, I changed my supervise script to do this: -- [EMAIL PROTECTED] qmail-smtpd]# more /service/qmail-smtpd/run #!/bin/sh # when QMAILQUEUE is set, all mail will be sent to the nominated script QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl export QMAILQUEUE VPOPMAILUID=`id -u vpopmail` VPOPMAILGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` if [ -z $VPOPMAILUID -o -z $VPOPMAILGID -o -z $MAXSMTPD -o -z $LOCAL ]; then echo VPOPMAILUID, VPOPMAILGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo No /var/qmail/control/rcpthosts! echo Refusing to start SMTP listener because it'll create an open relay exit 1 fi exec /usr/local/bin/softlimit -m 1500 \ /usr/local/bin/tcpserver -v -R -l $LOCAL \ -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $VPOPMAILUID -g $VPOPMAILGID -c100 0 smtp rblsmtpd \ /var/qmail/bin/qmail-smtpd 21 -- It still doesn't appear to be working, but I'm not sure if I'm doing this right. Thanks, Russell
Re: [vchkpw] QS to reject misaddressed email at SMTP conversation
Russell Mann wrote: Hello, Vpopmail, Qmail, Qmail Scanner. Sorry for the cross-list-post, but I'm not sure who to ask for this one, as I'm not sure which software isn't doing what I want! Hi, You'll need to run qmail-smtpd as vpopmail.vchkpw or suid root so it can access the vpopmail files. His web page fully explains how to do it and why it has to be done. Example #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 1900 \ /usr/local/bin/tcpserver -p -v -R \ -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /var/qmail/bin/qmail-smtpd-chkusr domain.com \ /home/vpopmail/bin/vchkpw /bin/true Regards, Rick
RE: [vchkpw] QS to reject misaddressed email at SMTP conversation
You'll need to run qmail-smtpd as vpopmail.vchkpw or suid root so it can access the vpopmail files. His web page fully explains how to do it and why it has to be done. Example #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 1900 \ /usr/local/bin/tcpserver -p -v -R \ -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /var/qmail/bin/qmail-smtpd-chkusr domain.com \ /home/vpopmail/bin/vchkpw /bin/true Regards, Rick Ok, following the instructions on: http://www.interazioni.it/qmail/#qmail-smtpd I thought I was doing it right to have it like this: [EMAIL PROTECTED] l /var/qmail/bin/qmail-smtpd -r-sr-sr-x 1 qmaild nofiles 30k Jan 15 16:17 /var/qmail/bin/qmail-smtpd* Should it be something different? I've readjusted my supervise script like this: - [EMAIL PROTECTED] bin]# more /service/qmail-smtpd/run #!/bin/sh # when QMAILQUEUE is set, all mail will be sent to the nominated script QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl export QMAILQUEUE VPOPMAILUID=`id -u vpopmail` VPOPMAILGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` if [ -z $VPOPMAILUID -o -z $VPOPMAILGID -o -z $MAXSMTPD -o -z $LOCAL ]; then echo VPOPMAILUID, VPOPMAILGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo No /var/qmail/control/rcpthosts! echo Refusing to start SMTP listener because it'll create an open relay exit 1 fi exec /usr/local/bin/softlimit -m 1500 \ /usr/local/bin/tcpserver -v -R -l $LOCAL \ -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $VPOPMAILUID -g $VPOPMAILGID -c100 0 smtp rblsmtpd \ /var/qmail/bin/qmail-smtpd 21 - Is that effectively doing the same thing? Thanks, Russell
Re: [vchkpw] QS to reject misaddressed email at SMTP conversation
Russell Mann wrote: You'll need to run qmail-smtpd as vpopmail.vchkpw or suid root so it can access the vpopmail files. His web page fully explains how to do it and why it has to be done. Ok, following the instructions on: http://www.interazioni.it/qmail/#qmail-smtpd I thought I was doing it right to have it like this: [EMAIL PROTECTED] l /var/qmail/bin/qmail-smtpd -r-sr-sr-x 1 qmaild nofiles 30k Jan 15 16:17 /var/qmail/bin/qmail-smtpd* Should it be something different? I've readjusted my supervise script like this: - Hi, Depends on which patch you used. In my case my qmail-smtpd is just a regular file owned by qmaild.nofiles, it is not suid. Not sure if that makes a difference or not. I'd try running a few tests using a new /service running on a different port (port 2500 maybe) and cp qmail-smtpd to qmail-smtpd-chkusr and try it with different settings until you see which one works. Regards, Rick
[vchkpw] vpopmail and spamassassin
Hello, I have a qmail/vpopmail installation that works great. I'm also running spamassassin for the accounts that want it through maildrop. What I'm looking for is a way to use sa-learn with vpopmail to use bayes filtering. I'm looking to have a system where each uer would have their own database for bayes. sa-learn doesn't have a -u function like spamc, so all generated databases are setup for the actual vpopmail user. I imagine it would be possible to setup some script to copy these databases to the user's .spamassassin account, does anyone have any example? I know it's not a vpopmail question, but I figured some users' might have had the experience. Thanks
Re: [vchkpw] tcp.smtp / open-smtp rule precedence
On Jan 16, 2004, at 10:10 AM, Chris Hardie wrote: BUT, we have a meddlesome user on 12.161.105.140 who is popping into vpopmail, which has the allow roaming users flag set. As soon as this user does that, an entry is created in the tcp.smtp database for that user, as reflected in the open-smtp file: 12.161.105.140:allow,RELAYCLIENT=,RBLSMTPD= 1074272408 I don't think it's an unreasonable request for us to modify vpopmail so that the rules in tcp.smtp take precedence over the rules established by open-smtp. The actual code to change is in update_rules(). I was under the impression that the first line to match an IP was the one selected. If that's the case, then processing tcp.smtp first, followed by open-smtp (which is how it works now) should work correctly. I see two options: 1) keep track of all IPs listed in tcp.smtp when sending that data to tcprules, and ignore entries that match those IPs when processing open-smtp. 2) send entries from open-smtp to tcprules FIRST, followed by the rules in tcp.smtp. I don't personally use roaming users, so I don't know the full details of how it works. If someone can provide more information, it should be possible to modify vpopmail to handle this situation. Also, if anyone can think of a reason that rules in tcp.smtp SHOULDN'T override entries in open-smtp, then please speak up now. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] QS to reject misaddressed email at SMTP conversation
On Fri, 2004-01-16 at 14:35, Doug Clements wrote: Make sure you used his other big patch as well. it's not required for this. Maybe he doesn't want it. Please don't give him the impression that he NEEDS the other patch for this to work. You can however, recommend it, if you want. I would suggest you look at his other big patch as well might be more appropriate. Sorry, but I hate patching qmail if I have to, and I think the checkuser patch is good, but I wouldn't use it if I had to use the 'qmail toaster' patch as well. my two cents :) -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
[vchkpw] qmail-smtpd-chkusr patch not applying
Hello, Ok, my previous emails have been assuming that the patch was applied, however by diffing the old qmail-smtpd and the new qmail-smtpd and finding zero binary differences, I figured out that my previous patch had been failing due to an earlier patch moving lines around in qmail-smtpd.c. So, I stripped it back to just vanilla qmail-1.03, plus the patch, just to see where I could get, and this is whats up: I've been having some trouble applying the qmail-smtpd-chkusr patch to qmail-1.03. I'm on a RedHat 6.2 system, and I tried to make it as simple as possible. Below are what I hope are the relevant information for figuring out what's wrong. I'm using the regular-patch from this page: http://www.interazioni.it/qmail/#qmail-smtpd Any suggestions would be great. Thanks, Russell Mann -- Commands I use to unpack, patch, and compile. -- tar -xzpf qmail-1.03.tar.gz cp qmail-smtpd-chkusr-1.0.patch qmail-1.03 cd qmail-1.03 patch qmail-smtpd.c qmail-smtpd-chkusr-1.0.patch make -- last few lines of compile output -- ./compile qmail-smtpd.c qmail-smtpd.c: In function `realrcpt_check': qmail-smtpd.c:346: warning: comparison between pointer and integer qmail-smtpd.c: In function `main': qmail-smtpd.c:637: warning: return type of `main' is not `int' ./load qmail-smtpd rcpthosts.o commands.o timeoutread.o \ timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o \ received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \ datetime.a getln.a open.a sig.a case.a env.a stralloc.a \ alloc.a substdio.a error.a str.a fs.a auto_qmail.o `cat \ socket.lib` qmail-smtpd.o: In function `realrcpt_check': qmail-smtpd.o(.text+0x803): undefined reference to `default_domain' qmail-smtpd.o(.text+0x87a): undefined reference to `vget_assign' qmail-smtpd.o(.text+0x957): undefined reference to `vauth_getpw' qmail-smtpd.o(.text+0x987): undefined reference to `valias_select' collect2: ld returned 1 exit status make: *** [qmail-smtpd] Error 1 -- Patch Edited: -- 26a37,47 #include pwd.h #include sys/types.h #include unistd.h #include dirent.h #include stdio.h #include open.h #include /home/vpopmail/include/vpopmail.h #include /home/vpopmail/include/vauth.h #include /home/vpopmail/include/vpopmail_config.h 62d82 -- Patch Edited Again: -- /* Check if domain is a real domain */ /* Let's get domain's real path */ -- [EMAIL PROTECTED] qmail-1.03]# l /home/vpopmail/include/ -- total 24k -r--r--r-- 1 vpopmail vchkpw 3.6k Oct 2 09:45 config.h -r--r--r-- 1 vpopmail vchkpw 3.7k Oct 2 09:45 vauth.h -r--r--r-- 1 vpopmail vchkpw 1.8k Oct 2 09:45 vlimits.h -r--r--r-- 1 vpopmail vchkpw 5.8k Oct 2 09:45 vpopmail.h -r--r--r-- 1 vpopmail vchkpw 3.6k Oct 2 09:45 vpopmail_config.h -- [EMAIL PROTECTED] qmail-1.03]# more qmail-smtpd.c -- /* * * Patch 'qmail-smtpd-chkusr' v.1.0 * for qmail 1.03 and vpopmail 5.3.3 * * Antonio Nati [EMAIL PROTECTED] * */ /* Lots of includes here, edited for brevity /* #include pwd.h #include sys/types.h #include unistd.h #include dirent.h #include stdio.h #include open.h #include /home/vpopmail/include/vpopmail.h #include /home/vpopmail/include/vauth.h #include /home/vpopmail/include/vpopmail_config.h --
Re: [vchkpw] qmail-smtpd-chkusr patch not applying
Russell Mann wrote: Hello, Ok, my previous emails have been assuming that the patch was applied, however by diffing the old qmail-smtpd and the new qmail-smtpd and finding zero binary differences, I figured out that my previous patch had been failing due to an earlier patch moving lines around in qmail-smtpd.c. So, I stripped it back to just vanilla qmail-1.03, plus the patch, just to see where I could get, and this is whats up: I've been having some trouble applying the qmail-smtpd-chkusr patch to qmail-1.03. I'm on a RedHat 6.2 system, and I tried to make it as simple as possible. Below are what I hope are the relevant information for figuring out what's wrong. I'm using the regular-patch from this page: http://www.interazioni.it/qmail/#qmail-smtpd Hi, You didn't patch the Makefile to include the vpopmail libs... From the documentation on his site *** Modify your qmail Makefile and include vpopmail and crypt libraries (also include mysql or whenever other libraries you're using for authentication within vpopmail - i.e. ldap, sybase, postgres, etc.) Make make and rebuild qmake-smtpd, and rename it qmail-smtpd-chkusr, in order to know later which version you're using. ie in the Make file add -L/home/vpopmail/lib -lvpopmail to the end of the qmail-smtpd: compile line in the Makefile. Mine reads as below (I have extra stuff like mysql, so don't worry about that). qmail-smtpd: \ load qmail-smtpd.o rcpthosts.o commands.o timeoutread.o \ timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o received.o \ date822fmt.o now.o qmail.o cdb.a fd.a wait.a datetime.a getln.a \ open.a sig.a case.a env.a stralloc.a alloc.a substdio.a error.a str.a \ fs.a auto_qmail.o base64.o socket.lib ./load qmail-smtpd rcpthosts.o commands.o timeoutread.o \ timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o \ received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \ datetime.a getln.a open.a sig.a case.a env.a stralloc.a \ alloc.a substdio.a error.a str.a fs.a auto_qmail.o base64.o `cat \ socket.lib` -L/usr/local/ssl/lib -L/home/vpopmail/lib -lssl -lcrypto -lv popmail \ -L/usr/local/mysql/lib -lmysqlclient -lz Regards, Rick
Re: [vchkpw] QS to reject misaddressed email at SMTP conversation
Jeremy Kitchen wrote: On Fri, 2004-01-16 at 14:35, Doug Clements wrote: Make sure you used his other big patch as well. it's not required for this. Maybe he doesn't want it. Please don't give him the impression that he NEEDS the other patch for this to work. You can however, recommend it, if you want. Actually, the patch Shupp has posted does in fact require his larger patch for it to apply cleanly. I just installed it today, I know :) --Doug
Re: [vchkpw] QS to reject misaddressed email at SMTP conversation
On Fri, 2004-01-16 at 15:46, Doug Clements wrote: Jeremy Kitchen wrote: On Fri, 2004-01-16 at 14:35, Doug Clements wrote: Make sure you used his other big patch as well. it's not required for this. Maybe he doesn't want it. Please don't give him the impression that he NEEDS the other patch for this to work. You can however, recommend it, if you want. Actually, the patch Shupp has posted does in fact require his larger patch for it to apply cleanly. I just installed it today, I know :) ok so we're both right and we're both wrong. the patch functionality itself does not require the qmail-toaster patch, however, since the patch file itself was created against the qmail-toaster patch, it requires it to be cleanly patched without manual intervention. So, if you don't want to do any work, then I guess it requires the toaster patch. Perhaps he should make a patch against stock qmail so those of us who don't want to use his 'toaster' patch can use it anyways. -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
[vchkpw] Qmail-pop3d (with or without ssl) and open-smtp
Hi folks, Now I've checked permissions and configurations, but I don't find the mistake. Why qmail-pop3d via ssl don't open the relay? I hope someone could help me, looking my ktrace's tests Qmail-pop3d with vchkpw (roaming enabled) (that's OK) - #!/bin/sh exec /usr/local/bin/softlimit -m 380 \ /usr/local/bin/tcpserver -v -R -H -l 0 0 110 /var/qmail/bin/qmail-popup \ nesys.it ktrace -f /tmp/ktrace.pop3d /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 21 Kdump.pop3d ( ktrace.pop3d): http://www.nesys.it/kdump.pop3d My /home/vpopmail/etc: drwxr-xr-x 2 vpopmail vchkpw 512 Jan 16 23:25 . drwxr-xr-x 8 root wheel512 Jan 16 15:54 .. -rw-r--r-- 1 root vchkpw25 Jan 16 15:57 inc_deps -rw-r--r-- 1 root vchkpw34 Jan 16 15:57 lib_deps -rw-r--r-- 1 root vchkpw 116 Jan 16 23:09 open-smtp -rw-r--r-- 1 root vchkpw 0 Jan 16 23:20 open-smtp.lock -rw-r--r-- 1 root vchkpw 455 Jan 16 15:55 tcp.smtp -rw-r--r-- 1 root vchkpw 2352 Jan 16 23:18 tcp.smtp.cdb -rw-r--r-- 1 vpopmail vchkpw 1107 Jan 16 15:54 vlimits.default Then I've changed my IP and Qmail-pop3d via ssl with the same vchkpw (roaming enabled) (no OK) -- #!/bin/sh CAFILE=/usr/local/ssl/certs/pop3s.cert CERTFILE=/usr/local/ssl/certs/pop3s.cert KEYFILE=/usr/local/ssl/certs/pop3s.key DHFILE=/usr/local/ssl/certs/dh1024.pem export CAFILE CERTFILE KEYFILE DHFILE exec /usr/local/bin/softlimit -m 380 \ /usr/local/bin/sslserver -v -R -H -l 0 0 995 /var/qmail/bin/qmail-popup \ nesys.it ktrace -f /tmp/ktrace.pop3s /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 21 Kdump.pop3s ( ktrace.pop3s): http://www.nesys.it/kdump.pop3s My /home/vpopmail/etc: drwxr-xr-x 2 vpopmail vchkpw 512 Jan 16 23:25 . drwxr-xr-x 8 root wheel512 Jan 16 15:54 .. -rw-r--r-- 1 root vchkpw25 Jan 16 15:57 inc_deps -rw-r--r-- 1 root vchkpw34 Jan 16 15:57 lib_deps -rw-r--r-- 1 root vchkpw 116 Jan 16 23:09 open-smtp -rw-r--r-- 1 root vchkpw 0 Jan 16 23:20 open-smtp.lock -rw-r--r-- 1 root vchkpw 0 Jan 16 23:20 open-smtp.tmp.13569 -rw-r--r-- 1 root vchkpw 455 Jan 16 15:55 tcp.smtp -rw-r--r-- 1 root vchkpw 2352 Jan 16 23:18 tcp.smtp.cdb -rw-r--r-- 1 vpopmail vchkpw 1107 Jan 16 15:54 vlimits.default Well, there's a difference, but I don't see it. I need your help. I hope you have time again to help me. Thank you very much for all Regards Andrea
RE: [vchkpw] QS to reject misaddressed email at SMTP conversation
ok so we're both right and we're both wrong. the patch functionality itself does not require the qmail-toaster patch, however, since the patch file itself was created against the qmail-toaster patch, it requires it to be cleanly patched without manual intervention. So, if you don't want to do any work, then I guess it requires the toaster patch. Perhaps he should make a patch against stock qmail so those of us who don't want to use his 'toaster' patch can use it anyways. -Jeremy Or he should at least say somewhere on his site that the chkuser patch requires the toaster. At least then I would have ignored it instead of trying to get it to work against vanilla qmail :) -Russell
Re: [vchkpw] QS to reject misaddressed email at SMTP conversation
Russell Mann wrote: Perhaps he should make a patch against stock qmail so those of us who don't want to use his 'toaster' patch can use it anyways. -Jeremy Or he should at least say somewhere on his site that the chkuser patch requires the toaster. At least then I would have ignored it instead of trying to get it to work against vanilla qmail :) It does: Qmail chkuser patch Checks that the vpopmail recipient is valid before accepting the message. requires vpopmail to be installed first, and that the 0.5 patch above is applied to qmail. Please select the appropriate version: --Doug
RE: [vchkpw] qmail-smtpd-chkusr patch not applying
You didn't patch the Makefile to include the vpopmail libs... From the documentation on his site *** Modify your qmail Makefile and include vpopmail and crypt libraries (also include mysql or whenever other libraries you're using for authentication within vpopmail - i.e. ldap, sybase, postgres, etc.) Make make and rebuild qmake-smtpd, and rename it qmail-smtpd-chkusr, in order to know later which version you're using. ie in the Make file add -L/home/vpopmail/lib -lvpopmail to the end of the qmail-smtpd: compile line in the Makefile. Mine reads as below (I have extra stuff like mysql, so don't worry about that). qmail-smtpd: \ load qmail-smtpd.o rcpthosts.o commands.o timeoutread.o \ timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o received.o \ date822fmt.o now.o qmail.o cdb.a fd.a wait.a datetime.a getln.a \ open.a sig.a case.a env.a stralloc.a alloc.a substdio.a error.a str.a \ fs.a auto_qmail.o base64.o socket.lib ./load qmail-smtpd rcpthosts.o commands.o timeoutread.o \ timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o \ received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \ datetime.a getln.a open.a sig.a case.a env.a stralloc.a \ alloc.a substdio.a error.a str.a fs.a auto_qmail.o base64.o `cat \ socket.lib` -L/usr/local/ssl/lib -L/home/vpopmail/lib -lssl -lcrypto -lv popmail \ -L/usr/local/mysql/lib -lmysqlclient -lz Thanks Rick... I'm sure that's where I'm hanging up, but there are no good instructions on how to do this, just This is what you should do. The patch author pointed me to this url: http://www.kendzorra.de/chkusr.html So, I've tried several things in the Makefile, to no avail. - Original Makefile: - qmail-smtpd: \ load qmail-smtpd.o rcpthosts.o commands.o timeoutread.o \ timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o received.o \ date822fmt.o now.o qmail.o cdb.a fd.a wait.a datetime.a getln.a \ open.a sig.a case.a env.a stralloc.a alloc.a substdio.a error.a str.a \ fs.a auto_qmail.o socket.lib ./load qmail-smtpd rcpthosts.o commands.o timeoutread.o \ timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o \ received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \ datetime.a getln.a open.a sig.a case.a env.a stralloc.a \ alloc.a substdio.a error.a str.a fs.a auto_qmail.o `cat \ socket.lib` - - Failed Makefile: - qmail-smtpd: \ load qmail-smtpd.o rcpthosts.o commands.o timeoutread.o \ timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o received.o \ date822fmt.o now.o qmail.o cdb.a fd.a wait.a datetime.a getln.a \ open.a sig.a case.a env.a stralloc.a alloc.a substdio.a error.a str.a \ fs.a auto_qmail.o socket.lib ./load qmail-smtpd rcpthosts.o commands.o timeoutread.o \ timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o \ received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \ datetime.a getln.a open.a sig.a case.a env.a stralloc.a \ alloc.a substdio.a error.a str.a fs.a auto_qmail.o `cat \ socket.lib` \ -lcrypt /home/vpopmail/lib/libvpopmail.a \ -L/usr/lib/mysql -lmysqlclient - Failure Messages: - qmail-smtpd.c: In function `realrcpt_check': qmail-smtpd.c:346: warning: comparison between pointer and integer qmail-smtpd.c: In function `main': qmail-smtpd.c:637: warning: return type of `main' is not `int' ./load qmail-smtpd rcpthosts.o commands.o timeoutread.o \ timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o \ received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \ datetime.a getln.a open.a sig.a case.a env.a stralloc.a \ alloc.a substdio.a error.a str.a fs.a auto_qmail.o `cat \ socket.lib` \ -lcrypt /home/vpopmail/lib/libvpopmail.a \ -L/usr/lib/mysql -lmysqlclient /usr/lib/mysql/libmysqlclient.a(my_compress.o): In function `my_uncompress': my_compress.o(.text+0x9a): undefined reference to `uncompress' /usr/lib/mysql/libmysqlclient.a(my_compress.o): In function `my_compress_alloc': my_compress.o(.text+0x12a): undefined reference to `compress' collect2: ld returned 1 exit status make: *** [qmail-smtpd] Error 1 - Thanks, Russell Mann
RE: [vchkpw] QS to reject misaddressed email at SMTP conversation
It does: Qmail chkuser patch Checks that the vpopmail recipient is valid before accepting the message. requires vpopmail to be installed first, and that the 0.5 patch above is applied to qmail. Please select the appropriate version: --Doug Oops, my bad. Sorry bout that. I shouldn't have been so grumpy either. 32 hours awake with a little 1 hour nap. Turns out using the toaster and Shupp's patch worked best for me. Almost all the other patches worked too, except this one: nullenvsender-recipcount.patch. I guess that'll have to be an OK trade off. Thanks Bill, and thanks eveyone else! -Russell
RE: [vchkpw] QS to reject misaddressed email at SMTP conversation
On Fri, 2004-01-16 at 17:32, Russell Mann wrote: It does: Qmail chkuser patch Checks that the vpopmail recipient is valid before accepting the message. requires vpopmail to be installed first, and that the 0.5 patch above is applied to qmail. Please select the appropriate version: --Doug Oops, my bad. Sorry bout that. I shouldn't have been so grumpy either. me either, and I apologize. I'm just not a fan at all of that patch, nor am I a fan, at all of anything related to qmail referencing the word 'toaster'. Hence why I have registered roastyourtoaster.com and am currently working on a site for it. -Jeremy -- Jeremy Kitchen [EMAIL PROTECTED]
RE: [vchkpw] Qmail-pop3d (with or without ssl) and open-smtp
Andrea Riela wrote: Kdump.pop3d ( ktrace.pop3d): http://www.nesys.it/kdump.pop3d Kdump.pop3s ( ktrace.pop3s): http://www.nesys.it/kdump.pop3s The differences probably are here: --- kdump.pop3d Sat Jan 17 00:34:38 2004 +++ kdump.pop3s Sat Jan 17 00:40:50 2004 @ -292,86 +292,42 @@ [...] - 14311 vchkpw CALL write(0x3,0x17000,0xd) - 14311 vchkpw GIO fd 3 wrote 13 bytes - - [... my IP ...] - - 14311 vchkpw RET write 13/0xd [...] - 14311 vchkpw CALL fstat(0x4,0xcfbfd7b0) - 14311 vchkpw RET fstat 0 - 14311 vchkpw CALL mprotect(0x4002b000,0x1000,0x3) - 14311 vchkpw RET mprotect 0 - 14311 vchkpw CALL mprotect(0x4002b000,0x1000,0x1) - 14311 vchkpw RET mprotect 0 - 14311 vchkpw CALL read(0x4,0x16000,0x2000) - 14311 vchkpw GIO fd 4 read 116 bytes - - [... the open-smtp file ...] - - 14311 vchkpw RET read 116/0x74 - 14311 vchkpw CALL fstat(0x5,0xcfbfd760) - 14311 vchkpw RET fstat 0 - 14311 vchkpw CALL break(0x1a000) - 14311 vchkpw RET break 0 - 14311 vchkpw CALL break(0x1c000) - 14311 vchkpw RET break 0 - 14311 vchkpw CALL mprotect(0x4002b000,0x1000,0x3) - 14311 vchkpw RET mprotect 0 - 14311 vchkpw CALL mprotect(0x4002b000,0x1000,0x1) - 14311 vchkpw RET mprotect 0 - 14311 vchkpw CALL read(0x4,0x16000,0x2000) - 14311 vchkpw RET read 0 - 14311 vchkpw CALL close(0x4) - 14311 vchkpw RET close 0 - 14311 vchkpw CALL write(0x5,0x1a000,0x74) - 14311 vchkpw GIO fd 5 wrote 116 bytes - - [... the open-smtp file ...] - - 14311 vchkpw RET write 116/0x74 - 14311 vchkpw CALL close(0x5) - 14311 vchkpw RET close 0 - 14311 vchkpw CALL rename(0xcfbfdb0c,0x835e) - 14311 vchkpw NAMI /home/vpopmail/etc/open-smtp.tmp.14311 - 14311 vchkpw NAMI /home/vpopmail/etc/open-smtp - 14311 vchkpw RET rename 0 Thanks for any suggestion. Regards Andrea
[vchkpw] QS to reject misaddressed email at SMTP conversation
Hello, Vpopmail, Qmail, Qmail Scanner. Sorry for the cross-list-post, but I'm not sure who to ask for this one, as I'm not sure which software isn't doing what I want! I've recently installed the chkuser patch found here: http://www.interazioni.it/qmail/#qmail-smtpd I tried the Bill Shupp one, but it didn't patch right, even on a vanilla Qmail 1.03. I've got a good compile and replaced qmail-smptd, and I'm calling it the exact same way I was before, which is through djb's service. [EMAIL PROTECTED] russ]# more /service/qmail-smtpd/run #!/bin/sh # when QMAILQUEUE is set, all mail will be sent to the nominated script QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl export QMAILQUEUE QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD -o -z $LOCAL ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo No /var/qmail/control/rcpthosts! echo Refusing to start SMTP listener because it'll create an open relay exit 1 fi exec /usr/local/bin/softlimit -m 1500 \ /usr/local/bin/tcpserver -v -R -l $LOCAL \ -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID -c100 0 smtp rblsmtpd \ /var/qmail/bin/qmail-smtpd 21 When I set my /home/vpopmail/domains/mydomain.dom/.qmail-default file to this contents: | /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox I get bounces, which are accepted, then bounced back, without the chkuser tag on the bounce line. Not sure if I'm doing this telnet conversation right, but this is what happens when I try to test by telnet: [EMAIL PROTECTED] telnet domain.com 25 Trying xx.xx.xx.xx... Connected to domain.com. Escape character is '^]'. 220 domain.com ESMTP HELO 250 domain.com MAIL 250 ok MAIL FROM [EMAIL PROTECTED] 250 ok RCPT TO [EMAIL PROTECTED] 250 ok I'm expecting it to stop me at the RCPT TO line when there is no such user or forward as [EMAIL PROTECTED]. Any other suggestions on what gives? [EMAIL PROTECTED] /home/vpopmail/bin/vpasswd -v version: 5.3.27 Here's my exact qmail install info: tar -xzpf qmail-1.03.tar.gz tar -xzpf qmail-verh-0.06.tar.gz cp outgoing/*.c qmail-1.03 cp qmail-verh-0.06/q*.diff qmail-1.03 cp doublebounce-trim.patch qmail-1.03 cp qmail-1.03-mfcheck.3.patch qmail-1.03 cp nullenvsender-recipcount.patch qmail-1.03 cp sendmail-flagf.patch qmail-1.03 cp qmail-maildir++.patch qmail-1.03 cp qmail-queue.patch qmail-1.03 cp qmail-smtpd-chkusr-1.0.patch qmail-1.03 cd qmail-1.03 patch doublebounce-trim.patch patch qmail-remote.diff patch qmail-local.diff patch nullenvsender-recipcount.patch patch sendmail-flagf.patch patch qmail-maildir++.patch patch qmail-queue.patch patch qmail-1.03-mfcheck.3.patch patch qmail-smtpd.c qmail-smtpd-chkusr-1.0.patch make # stop your qmail server qmailctl stop # recompile qmail make setup check chown qmaild /var/qmail/bin/qmail-smtpd chgrp nofiles /var/qmail/bin/qmail-smtpd chmod 6555 /var/qmail/bin/qmail-smtpd Here's my qmail-scanner install info: tar -xzpf q-s-1.20st-20040105.tgz cd qmail-scanner-1.20st #useradd qscand ./configure \ --admin virusadmin --domain domain.dom \ --scanners clamscan,verbose_spamassassin \ --debug no \ --sa-quarantine 10 \ --sa-delete 20 \ --sa-reject no \ --install /var/qmail/bin/qmail-scanner-queue.pl -g /var/qmail/bin/qmail-scanner-queue.pl -z Here's my vpopmail install info: tar -xzpf vpopmail-5.3.27.tar.gz cd vpopmail-5.3.27 ./configure \ --enable-roaming-users=y \ --enable-tcpserver-file=/home/vpopmail/etc/tcp.smtp \ --enable-tcprules-prog=/usr/local/bin/tcprules \ --enable-relay-clear-minutes=180 \ --enable-auth-logging=y \ --enable-logging=p \ --enable-learn-passwords=y \ --enable-clear-passwd=y \ --enable-mysql=y \ --enable-incdir=/usr/include/mysql \ --enable-libdir=/usr/lib/mysql \ --enable-mysql-logging=y \ --enable-valias=y \ --enable-mysql-limits=n \ --enable-many-domains=n \ --enable-qmail-ext=y \ --enable-defaultquota=5000 make make install-strip Any ideas or suggestions on getting QS to drop misaddressed email at SMTP would be very appreciated. The Shupp patch seems to say that mysql vpopmail installs need different info to be able to do this, but that patch didn't work for me and I'm not clear as to whether I *must* use it or not. I'm getting 86% spam
Re: [vchkpw] QS to reject misaddressed email at SMTP conversation
Russell Mann wrote: Hello, Vpopmail, Qmail, Qmail Scanner. Sorry for the cross-list-post, but I'm not sure who to ask for this one, as I'm not sure which software isn't doing what I want! I've recently installed the chkuser patch found here: http://www.interazioni.it/qmail/#qmail-smtpd I tried the Bill Shupp one, but it didn't patch right, even on a vanilla Qmail 1.03. Qmail chkuser patch Checks that the vpopmail recipient is valid before accepting the message. requires vpopmail to be installed first, and that the 0.5 patch above is applied to qmail. Make sure you used his other big patch as well. --Doug
