[vchkpw] Re: Qmail-pop3d (with or without ssl) and open-smtp
Hello Andrea, On Friday, January 16, 2004 at 11:30:31 PM you wrote (at least in part): Why qmail-pop3d via ssl don't open the relay? Reading your dumps a having a look in vpopmail sources I get the impression when you're in SSL mode the environment variable TCPREMOTEIP seems not to be set. I don't know which vpopmail version you're actually using, so I don't know if there are other versions when vpopmail does neither read nor write open-smtp, but this could be /one/ reason. Please execute this on a command line: ,- [ ] | #!/bin/sh | CAFILE=/usr/local/ssl/certs/pop3s.cert | CERTFILE=/usr/local/ssl/certs/pop3s.cert | KEYFILE=/usr/local/ssl/certs/pop3s.key | DHFILE=/usr/local/ssl/certs/dh1024.pem | export CAFILE CERTFILE KEYFILE DHFILE | exec /usr/local/bin/softlimit -m 380 \ | /usr/local/bin/sslserver -v -R -H -l 0 0 996 \ | echo IP: $TCPREMOTEIP 21 `- And on a different terminal use 'openssl s_client ...' to connect to port 996. I'd expect the output 'IP: ' and nothing else ... -- Best regards Peter Palmreuther Other than that, Mrs. Lincoln, how was the play?
RE: [vchkpw] Re: Qmail-pop3d (with or without ssl) and open-smtp
Peter Palmreuther wrote: Hello Andrea, Reading your dumps a having a look in vpopmail sources I get the impression when you're in SSL mode the environment variable TCPREMOTEIP seems not to be set. I don't know which vpopmail version you're actually using, so I don't know if there are other versions when vpopmail does neither read nor write open-smtp, but this could be /one/ reason. Well, my version is 5.4.0-rc1. Now my runscript is: #!/bin/sh CAFILE=/usr/local/ssl/certs/pop3s.cert CERTFILE=/usr/local/ssl/certs/pop3s.cert KEYFILE=/usr/local/ssl/certs/pop3s.key DHFILE=/usr/local/ssl/certs/dh1024.pem export CAFILE CERTFILE KEYFILE DHFILE exec /usr/local/bin/softlimit -m 380 \ /usr/local/bin/sslserver -v -R -H -l 0 0 996 \ echo IP: $TCPREMOTEIP 21 I've tried on the same terminal, with 'openssl s_client -connect 127.0.0.1:996', and with 'openssl s_client -connect 'server's_public_IP:996' from a remote terminal, this is my output: observe# openssl s_client -connect 127.0.0.1:996 CONNECTED(0004) cut --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher: DHE-RSA-AES256-SHA Session-ID: 564576620745756255D48121BE33D73A63D01F365BC3610D3ECF008EE129C3E3 Session-ID-ctx: Master-Key: ACA2871B120D636E91035E8C61CBEF378BFB241D454CFAD088B2DB5217A81E2747D881946AB1 06CBB564E3F3590FEDF4 Key-Arg : None Start Time: 1074331971 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- read:errno=0 observe# TiG4:~ andrea$ openssl s_client -connect server's_public_ip:996 CONNECTED(0003) cut --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher: DHE-RSA-AES256-SHA Session-ID: EAB08452498F726CC32FE84EEE09E8F2DA2273D42ED6D70382B7D31A980CECEE Session-ID-ctx: Master-Key: F044319BCC17B487ED2E457F7305F0F1FD6267AC7385A02DFAFDC522B67CDDC2760BD9F7C5E1 2931106380FD54054F30 Key-Arg : None Start Time: 1074335061 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- read:errno=0 TiG4:~ andrea$ Well, I think you've hit the problem. But what I've to do to resolve it? Thanks for all Regards Andrea
RE: [vchkpw] Re: Qmail-pop3d (with or without ssl) and open-smtp
Andrea Riela wrote: Well, I think you've hit the problem. But what I've to do to resolve it? exec /usr/local/bin/softlimit -m 380 \ ktrace -f /tmp/ktrace.ip /usr/local/bin/sslserver -v -R -H -l 0 0 996 \ echo IP: $TCPREMOTEIP 21 The kdump says: cut 13884 sslserver GIO fd 2 wrote 56 bytes sslserver: cafile 13884 /usr/local/ssl/certs/pop3s.cert 13884 sslserver RET write 56/0x38 13884 sslserver CALL write(0x2,0xf558,0x1a) 13884 sslserver GIO fd 2 wrote 26 bytes sslserver: ccafile 13884 13884 sslserver RET write 26/0x1a 13884 sslserver CALL write(0x2,0xf558,0x2c) 13884 sslserver GIO fd 2 wrote 44 bytes sslserver: cadir 13884 /usr/local/ssl/certs 13884 sslserver RET write 44/0x2c 13884 sslserver CALL write(0x2,0xf558,0x36) 13884 sslserver GIO fd 2 wrote 54 bytes sslserver: cert 13884 /usr/local/ssl/certs/pop3s.cert 13884 sslserver RET write 54/0x36 13884 sslserver CALL write(0x2,0xf558,0x34) 13884 sslserver GIO fd 2 wrote 52 bytes sslserver: key 13884 /usr/local/ssl/certs/pop3s.key 13884 sslserver RET write 52/0x34 13884 sslserver CALL write(0x2,0xf558,0x3b) 13884 sslserver GIO fd 2 wrote 59 bytes sslserver: param 13884 /usr/local/ssl/certs/dh1024.pem 512 13884 sslserver RET write 59/0x3b 13884 sslserver CALL close(0) 13884 sslserver RET close 0 13884 sslserver CALL close(0x1) 13884 sslserver RET close 0 13884 sslserver CALL write(0x2,0xf558,0x18) 13884 sslserver GIO fd 2 wrote 24 bytes sslserver: status: 0/40 13884 sslserver RET write 24/0x18 13884 sslserver CALL sigprocmask(0x2,0x8) 13884 sslserver RET sigprocmask 524288/0x8 13884 sslserver CALL accept(0x3,0xcfbfd810,0xcfbfd80c) 13884 sslserver RET accept 0 13884 sslserver CALL sigprocmask(0x1,0x8) 13884 sslserver RET sigprocmask 0 13884 sslserver CALL write(0x2,0xf558,0x18) 13884 sslserver GIO fd 2 wrote 24 bytes sslserver: status: 1/40 13884 sslserver RET write 24/0x18 13884 sslserver CALL fork 13884 sslserver RET fork 32655/0x7f8f 13884 sslserver CALL close(0) 13884 sslserver RET close 0 13884 sslserver CALL sigprocmask(0x2,0x8) 13884 sslserver RET sigprocmask 524288/0x8 13884 sslserver CALL accept(0x3,0xcfbfd810,0xcfbfd80c) 13884 sslserver PSIG SIGCHLD caught handler=0x26b0 mask=0x0 13884 sslserver RET accept -1 errno 4 Interrupted system call 13884 sslserver CALL wait4(0x,0xcfbfd6ec,0x1,0) 13884 sslserver RET wait4 32655/0x7f8f 13884 sslserver CALL write(0x2,0xf558,0x22) 13884 sslserver GIO fd 2 wrote 34 bytes sslserver: end 32655 status 28416 13884 sslserver RET write 34/0x22 13884 sslserver CALL write(0x2,0xf558,0x18) 13884 sslserver GIO fd 2 wrote 24 bytes sslserver: status: 0/40 13884 sslserver RET write 24/0x18 13884 sslserver CALL wait4(0x,0xcfbfd6ec,0x1,0) 13884 sslserver RET wait4 -1 errno 10 No child processes 13884 sslserver CALL sigreturn(0xcfbfd708) 13884 sslserver RET sigreturn JUSTRETURN 13884 sslserver CALL sigprocmask(0x1,0x8) 13884 sslserver RET sigprocmask 0 13884 sslserver CALL sigprocmask(0x2,0x8) 13884 sslserver RET sigprocmask 524288/0x8 13884 sslserver CALL accept(0x3,0xcfbfd810,0xcfbfd80c) I hope that could help you to define the problem Thanks Andrea
RE: [vchkpw] Re: Qmail-pop3d (with or without ssl) and open-smtp [SOLVED]
Thanks Peter, thanks ml, Now I've solved my problem. I need this patch: http://jonaspasche.de/ucspi-ssl/sslserver-compat.patch Because with ssl connection I haven't the $TCPREMOTEIP, as Peter said. Thank you very much Regards Andrea
[vchkpw] Question about roaming
Hi folks, Could you send me your advices about the most secure configuration of roaming vpopmail's option? --enable-relay-clear-minutes=# how many minutes? clearopensmtp: in crontab, but when? Every hour? Thanks for all Regards Andrea
RE: [vchkpw] Question about roaming
Shane Chrisp wrote: I run 15 minutes for open relay and clearopensmtp every minute from crontab. I'm sorry, Shane, but I'm very tired and I don't understand. --enable-relay-clear-minutes=15 */1 * * * * /home/vpopmail/bin/clearopensmtp 21 /dev/null ? Thanks Andrea
RE: [vchkpw] Question about roaming
Andrea, Yes that is what I meant. Sorry, im also very tired myself and though I knew what I meant I probably typed it in shorthand :) I should also add that im running a MySQL backend in my setup and that 1 minute for clearopensmtp is probably overkill, but it doesn't really add any load to the system, so I don't see the harm. I would rather have the relay cleared from the table sooner than later. Shane -Original Message- From: Andrea Riela [mailto:[EMAIL PROTECTED] Sent: Saturday, 17 January 2004 10:40 PM To: [EMAIL PROTECTED] Subject: RE: [vchkpw] Question about roaming Shane Chrisp wrote: I run 15 minutes for open relay and clearopensmtp every minute from crontab. I'm sorry, Shane, but I'm very tired and I don't understand. --enable-relay-clear-minutes=15 */1 * * * * /home/vpopmail/bin/clearopensmtp 21 /dev/null ? Thanks Andrea
[vchkpw] Vpopmail MySQL Table Layouts
Are the MySQL table layouts documented anywhere? I went all through the doc's and source but maybe someone could give me a pointer please. Thanks Best Regards, Jeff Koch
RE: [vchkpw] Question about roaming
Andrea, Running every minute or clearing the rules every 15 is probably a little paranoid. You might want to look into SMTP AUTH so that you don't have to worry about opening a relay. I set my open relay to 1 day due to people not checking their email often enough to keep the relay open when they are sending. If your going to keep the same setup you only need to run clearopensmtp every 15 minutes or so. I don't think you will see any problem running it every 15 minutes. Regards, Brad Davis -Original Message- From: Andrea Riela [mailto:[EMAIL PROTECTED] Sent: Saturday, January 17, 2004 7:40 AM To: [EMAIL PROTECTED] Subject: RE: [vchkpw] Question about roaming Shane Chrisp wrote: I run 15 minutes for open relay and clearopensmtp every minute from crontab. I'm sorry, Shane, but I'm very tired and I don't understand. --enable-relay-clear-minutes=15 */1 * * * * /home/vpopmail/bin/clearopensmtp 21 /dev/null ? Thanks Andrea
RE: [vchkpw] qmail-smtpd-chkusr patch not applying
At 16/01/2004 16/01/2004 -0800, Russell Mann wrote: Thanks Rick... I'm sure that's where I'm hanging up, but there are no good instructions on how to do this, just This is what you should do. You should understand the reason. As you, with vpopmail, could use MySQL, ldap, Postgres, etc., I cannot point all possible problems coming from those products. I may just give you the direction, you have to do the rest. So, I've tried several things in the Makefile, to no avail. .. [snip] .. -lcrypt /home/vpopmail/lib/libvpopmail.a \ -L/usr/lib/mysql -lmysqlclient /usr/lib/mysql/libmysqlclient.a(my_compress.o): In function `my_uncompress': my_compress.o(.text+0x9a): undefined reference to `uncompress' /usr/lib/mysql/libmysqlclient.a(my_compress.o): In function `my_compress_alloc': my_compress.o(.text+0x12a): undefined reference to `compress' collect2: ld returned 1 exit status make: *** [qmail-smtpd] Error 1 You should check if mysql client libraries have dependencies, and need other external libraries. Probably you need to add -lz in the Makefile (after -lcrypt), as you could miss those libraries. Ciao, Tonino [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
[vchkpw] Sorry....
I guess you get this question every day and twice on sundays, although not on this list since ive checked the archives. Now, the thing is, i cannot get to compile courier-imap (0.42.2, source package as distributed in debian sarge. Courier latest stable vanilla also fails the exact same way) with vpopmail (latest stable vanilla) in debian due to two things: 1.- Configure fails due to a missing /home/vpopmail/etc/lib_deps which is just not there. I 'touch' it and configure continues 2.- After doing that, it fails when linking the vchkpwd auth stuff. This happens even if i copy /home/vpopmail/lib/libvpopmail.a to /usr/lib. Im compling all this from the /usr/local/src directory with all the flags in the debian package let me show you: COMMON_CONFOPTS=--prefix=/usr --mandir=\$${prefix}/share/man \ --with-piddir=/var/run/courier \ --sysconfdir=/etc/courier \ --libexecdir=\$${prefix}/lib/courier \ --datadir=\$${prefix}/lib/courier \ --localstatedir=/var/lib/courier \ --sbindir=\$${prefix}/sbin \ --with-mailuser=daemon \ --with-mailgroup=daemon \ --without-socks \ --enable-workarounds-for-imap-client-bugs \ --with-authpam \ --without-authpwd \ --with-authmysql \ --with-mysql-includes=/usr/include/mysql \ --with-mysql-libs=/usr/lib \ --with-authpgsql \ --with-pgsql-includes=/usr/include/postgresql \ --with-pgsql-libs=/usr/lib \ --without-authshadow \ --with-authdaemonvar=/var/run/courier/authdaemon \ --with-authcram \ --with-db=gdbm \ --without-fcgi \ --with-htmllibdir=/usr/share/sqwebmail \ --with-ispell=/usr/bin/ispell \ --enable-imageurl=/sqwebmail \ --with-mailer=/usr/sbin/sendmail \ --enable-sendmail=/usr/sbin/sendmail \ --with-cachedir=/var/cache/sqwebmail \ --with-calendardir=/var/run/courier/calendar \ --with-webadmindir=/usr/share/courier/webadmin \ --enable-userdb \ --enable-syslog=1 \ --enable-unicode \ --disable-root-check As you can see, i took away the without-vchkpw directive so that it correctly attempts to configure for vpopmail. The courier people (from their ml archives) claim it all the vpopmail's people fault, i think they can be pretty snotty but hey, its their imap server So, any help would be greatly appreciated
Re: [vchkpw] Sorry....
No better teacher than one selfsorry for the happy trigger, i shouldve researched a bit morehere is the solution with the latest vanilla courier imap: 1.- Dont know why /home/vpopmail/etc/lib_deps and inc_deps is not created by vpopmail installBUT, you need to put in there the includes and libs that courier will need to link into vpopmail. Here is mine: [EMAIL PROTECTED]:~/courier-imap-2.2.1$ cat /home/vpopmail/etc/lib_deps -L/home/vpopmail/lib -lvpopmail -L/usr/lib/ -lmysqlclient -lz [EMAIL PROTECTED]:~/courier-imap-2.2.1$ cat /home/vpopmail/etc/inc_deps -I/home/vpopmail/include 2.- Even then, as vpopmail sets the permissions on the ~/lib directory to +x to root and to vpopmail.a +r only to root, youll need to either change (temporarily) the permissions so that the compiling user can read and change into the directory. To be on the safe side, you can put in /etc/ld.so.conf the /home/vpopmail/lib directory. Thats what i did, it worked. Now, ill keep you posted on DOES IT RUN? 3.- Too much to keep track off with my previous configure options so, i changed to what the inter7 vpopmail faq recomends
Re: [vchkpw] Sorry....
What version of vpopmail are you using? I think you will find that the bugs you mention below are fixed in the recent vpopmail development versions Michael. - Original Message - From: Alex Borges [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, January 18, 2004 7:59 AM Subject: Re: [vchkpw] Sorry No better teacher than one selfsorry for the happy trigger, i shouldve researched a bit morehere is the solution with the latest vanilla courier imap: 1.- Dont know why /home/vpopmail/etc/lib_deps and inc_deps is not created by vpopmail installBUT, you need to put in there the includes and libs that courier will need to link into vpopmail. Here is mine: [EMAIL PROTECTED]:~/courier-imap-2.2.1$ cat /home/vpopmail/etc/lib_deps -L/home/vpopmail/lib -lvpopmail -L/usr/lib/ -lmysqlclient -lz [EMAIL PROTECTED]:~/courier-imap-2.2.1$ cat /home/vpopmail/etc/inc_deps -I/home/vpopmail/include 2.- Even then, as vpopmail sets the permissions on the ~/lib directory to +x to root and to vpopmail.a +r only to root, youll need to either change (temporarily) the permissions so that the compiling user can read and change into the directory. To be on the safe side, you can put in /etc/ld.so.conf the /home/vpopmail/lib directory. Thats what i did, it worked. Now, ill keep you posted on DOES IT RUN? 3.- Too much to keep track off with my previous configure options so, i changed to what the inter7 vpopmail faq recomends
Re: [vchkpw] spamassassin patch ready ahead of schedule
is this a feature that will be added to vpopmail permantly?? if not now it should be in contrib on the stable i think