Re: [vchkpw] vpopmail and qmail smtp-auth patch, cram-md5 problem
On Tue, 24 Feb 2004, Tom Collins wrote: Unfortunately, vchkpw up until 5.4.0 (final) was coded to the old, incorrect cram-md5 patch. Make sure that you re-patch qmail-smtpd with the new CRAM-MD5 patch. from README.auth: There is no need to include additionally the hostname in the call. is this new? .. i've thought there was some time ago some rumor about people that haven't added the hostname in the commandline of qmail-smtpd and have had an open relay or so? i had some time to figure out why after upgrading to vpopmail-5.4.x first the cram-md5 wasn't working and after upgrading to netqmail-1.05 with toaster-0.6.1 the whole smtp-auth thing wasn't working.. greets KoS -- Martin Kos +41-76-384-93-33 http://kos.liSay NO to HTML in mail ICQ# 13556143 Proudly running Debian GNU/Linux
Re: [vchkpw] vpopmail and qmail smtp-auth patch, cram-md5 problem
On Feb 25, 2004, at 6:33 AM, Martin Kos wrote: from README.auth: There is no need to include additionally the hostname in the call. is this new? .. i've thought there was some time ago some rumor about people that haven't added the hostname in the commandline of qmail-smtpd and have had an open relay or so? Originally, it wasn't a parameter, then it was, and now it isn't. Definitely confusing, and we've tried to point it out in the documentation. i had some time to figure out why after upgrading to vpopmail-5.4.x first the cram-md5 wasn't working and after upgrading to netqmail-1.05 with toaster-0.6.1 the whole smtp-auth thing wasn't working.. I haven't read Bill's new toaster, but I'm sure he mentions that upgraders need to remove the hostname from their qmail-smptd run file. As for upgrading vpopmail, anyone who reads the UPGRADE file should easily find this information: IF USING SMTP AUTH PATCH TO QMAIL-SMTPD * This release of vpopmail includes fixes for vchkpw that may break certain SMTP AUTH implementations. If SMTP AUTH fails after installing vpopmail 5.4.x, you may need to use the qmail-smtpd-auth-0.4.2 patch included in the contrib directory. * If you do switch to the 0.4.2 SMTP AUTH patch, you may need to update your qmail-smtpd run file (the first parameter to qmail-smtpd should now be the path to vchkpw and not the hostname). The ChangeLog even alludes to it (but should probably mention the UPGRADE file by name): 5.4.0 - released 1-Feb-04 Tom Collins - Update configure with correct location of vlimits.default. - Fix typo (ammount) in vmoddomlimits. [882884] - Don't include $(DESTDIR) when building vpopmailbindir. [884247] - Mention compatability issues with older SMTP AUTH patches. [882351] And, the release notes on SourceForge say: Finally. The 5.3 development series is stable. Be sure to read the UPGRADE file and various README files if upgrading from a previous version. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter handheld Network Tester: http://sniffter.com/
[vchkpw] convert to mysql
Hi, I'm planning to convert from a normal vpopmail setup to a mysql setup. I have been looking at the vconvert program but both the manpage and the docs are poor. I run it with: ./vconvert -c -m and it says converting done on all my domains. but where is the mysqldump? How am I suppoed to put it into the db? The docs says: Most current vpopmail users would probably be interested in how to convert current domains into mysql domains. To make it simple to convert an entire machine to mysql, use the following command: vconvert -c -s This will go through all the domains in ~vpopmail/domains directory and read each vpasswd file and load the contents into the vpopmail.vpopmail mysql table. But where do I specify the passord for the database?? I am moving this setup to another server and converting it to mysql. I also already have a vpopmail setup running on yet another server with mysql, how will merging these two installs work out? Problems? Thanks. -- Martin
Re: [vchkpw] vpopmail and qmail smtp-auth patch, cram-md5 problem
Hi, At 14:33 25.02.04 +0100, Martin Kos wrote: On Tue, 24 Feb 2004, Tom Collins wrote: Unfortunately, vchkpw up until 5.4.0 (final) was coded to the old, incorrect cram-md5 patch. Make sure that you re-patch qmail-smtpd with the new CRAM-MD5 patch. from README.auth: There is no need to include additionally the hostname in the call. is this new? .. i've thought there was some time ago some rumor about people that haven't added the hostname in the commandline of qmail-smtpd and have had an open relay or so? No. Actually, the opposite if true: In the old scheme: ... qmail-smtpd hostname pam true in case you miss to include the hostname, your MTA is acting as on open relay. In the new scheme: ... qmail-smtpd pam true if you include the hostname by mistake (as above), AUTH will fail; thats it. i had some time to figure out why after upgrading to vpopmail-5.4.x first the cram-md5 wasn't working and after upgrading to netqmail-1.05 with toaster-0.6.1 the whole smtp-auth thing wasn't working.. You should prefer reading the documentation and READMEs rather then listing to rumors. See in addition: http://www.fehcom.de/qmail/smtpauth.html There's a lot of reasoning. regards. --eh. Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/ Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24
Re: [vchkpw] vpopmail and qmail smtp-auth patch, cram-md5 problem
On Wed, 25 Feb 2004, Tom Collins wrote: As for upgrading vpopmail, anyone who reads the UPGRADE file should easily find this information: uuups...shame on me i was upgrading from 5.3.30 (i think) and i wasn't reading the upgrade file because i thought there were no big changes :-( .. and when the smtp auth stopped working i started reading the toaster-patch and finally found the information on the smtp-auth website ;-).. perhaps this message helps some people searching the archive for the same problem...hihi... greets KoS -- Martin Kos +41-76-384-93-33 http://kos.liSay NO to HTML in mail ICQ# 13556143 Proudly running Debian GNU/Linux
Re: [vchkpw] vpopmail and qmail smtp-auth patch, cram-md5 problem
In the old scheme: in case you miss to include the hostname, your MTA is acting as on open relay. exactly what i had in mind You should prefer reading the documentation and READMEs rather then listing to rumors. yup you're right... for the next time i should check all the README/UPGRADE files BEFORE upgrading :-) greets KoS -- Martin Kos +41-76-384-93-33 http://kos.liSay NO to HTML in mail ICQ# 13556143 Proudly running Debian GNU/Linux
[vchkpw] vpopmail - stunnel
I have started seeing stunnel processes owned by vpopmail in the process log. Can anyone explain what that's about? or should I be concerned? vpopmail 6977 0.0 0.0 3272 848 ?SFeb19 0:00 /usr/sbin/stunnel -f -p /var/qmail/control/servercert.pem -l /var/qma Best Regards, Jeff Koch
Re: [vchkpw] vpopmail - stunnel
Hi Tom: Thanks. That's interesting. So we can do encrypted smtp and pop or imap sessions without bothering with PGP? Any idea which email clients support that? At 01:00 PM 2/25/2004, you wrote: On Feb 25, 2004, at 9:43 AM, Jeff Koch wrote: I have started seeing stunnel processes owned by vpopmail in the process log. Can anyone explain what that's about? or should I be concerned? vpopmail 6977 0.0 0.0 3272 848 ?SFeb19 0:00 /usr/sbin/stunnel -f -p /var/qmail/control/servercert.pem -l /var/qma Probably POP, IMAP or SMTP over SSL. If you get a longer listing (ps auxw) you'd probably see that it's qmail-popup or qmail-smtpd running. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter handheld Network Tester: http://sniffter.com/ Best Regards, Jeff Koch, Intersessions
[vchkpw] Re: vpopmail - stunnel
On Wed, Feb 25, 2004 at 01:45:53PM -0500, Jeff Koch wrote: I have started seeing stunnel processes owned by vpopmail in the process log. Can anyone explain what that's about? or should I be concerned? vpopmail 6977 0.0 0.0 3272 848 ?SFeb19 0:00 /usr/sbin/stunnel -f -p /var/qmail/control/servercert.pem -l /var/qma Probably POP, IMAP or SMTP over SSL. If you get a longer listing (ps auxw) you'd probably see that it's qmail-popup or qmail-smtpd running. Thanks. That's interesting. So we can do encrypted smtp and pop or imap sessions without bothering with PGP? PGP does not encrypt a 'SMTP|POP3|IMAP4' /session/, but the /message content/. SSL in fact does only encrypt the 'session', i.e. the transfer from 'client A to server B'. PGP ( Co.) protects your mail being read from /anybody/ without proper key, SSL protects your mail from being intercepted and read on transport over SSL encrypted path. This means: if you SSL connect your primary SMTP server your message is 'safe'. If this very server send the mail out using a not SSL protected connection anybody else can again reasd it, if he somehow manages it to fetch the packets. Any idea which email clients support that? There're some: Lookout Quickly can do, IIRC, so can 'The Bat!', 'Pocomai', 'Becky' and Eudora (to name the Windows fraction). Some of them even can 'STARTTLS'. For *nix there also a few: I know at least about 'mutt' and 'Sylpheed', but I'm quite sure 'Evolution' has SSL support as well, if not it's on the straight way to having it. SSL for mail issues at client side is not that uncommon anymore, albeits it's use is rather limited. It can be of use if you send/receive your mail using an external SMTP/POP3/IMAP server and do not want your ISP to be able to read it. For any unkown term or program: use Google to locate it or it's meaning, I'm to lazy to provide all applicable URLs. :-) -- Best regards Peter
Re: [vchkpw] Re: roaming users
Alex, Jeremy, Michael and the rest, I just have to say that I have belonged to a number of email lists and this has to be the best one for signal to noise ratio. That being said, further investigations have lead me to some discoveries. I will share them with you briefly because the symptoms were a little confusing and lead me to think the problem was something other than what it actually is. This is one for the trouble shooting list that seems right up there with Is it plugged in? 1) After further testing I was able to determine that my smtp after pop3 auth is working fine. 2) After questioning the owner of one lovely little cafe he gave me the email to his network person. He was able to quickly determine the root of the problem. The public network that I use when I am out at lovely little cafe's is personaltelco.net. personaltelco.net blocks outgoing traffic to port 25 on any machine in the world. They do this for good reason. Spam control. By blocking outgoing smtp traffic on all of their public nodes they eliminate the possibility of some less than honorable people sending out masses of UCE's through open/broken relays. 3) This network person thanked me for my information and is now informing personaltelco.net that one of their nodes is broken and ALLOWING outgoing smtp traffic. Personaltelco is fixing that since they don't want a bunch of spammers wearing Rush Limbaugh lapel pins sucking up their bandwidth and getting them listed in an rbl. Possible Solutions: 1) Destroy all spammers and take back our network 2) Write a small proxy listener that I can connect to and forward the traffic to my smtp server. 3) Continue being happy using my sqwebmail install when I am out a lovely little cafes Of the possible solutions 3 seems to be the easiest, 2 will be the one that I will probably do and 1 seems like the funnest. Sorry for the noise and thanks for the help. I guess you learn something everyday. I've got to get back to work. sparky
Re: [vchkpw] Re: roaming users
On Wednesday 25 February 2004 1:47 pm, davila wrote: Alex, Jeremy, Michael and the rest, I just have to say that I have belonged to a number of email lists and this has to be the best one for signal to noise ratio. That being said, further investigations have lead me to some discoveries. I will share them with you briefly because the symptoms were a little confusing and lead me to think the problem was something other than what it actually is. This is one for the trouble shooting list that seems right up there with Is it plugged in? 1) After further testing I was able to determine that my smtp after pop3 auth is working fine. 2) After questioning the owner of one lovely little cafe he gave me the email to his network person. He was able to quickly determine the root of the problem. The public network that I use when I am out at lovely little cafe's is personaltelco.net. personaltelco.net blocks outgoing traffic to port 25 on any machine in the world. They do this for good reason. Spam control. By blocking outgoing smtp traffic on all of their public nodes they eliminate the possibility of some less than honorable people sending out masses of UCE's through open/broken relays. 3) This network person thanked me for my information and is now informing personaltelco.net that one of their nodes is broken and ALLOWING outgoing smtp traffic. Personaltelco is fixing that since they don't want a bunch of spammers wearing Rush Limbaugh lapel pins sucking up their bandwidth and getting them listed in an rbl. Possible Solutions: 1) Destroy all spammers and take back our network 2) Write a small proxy listener that I can connect to and forward the traffic to my smtp server. 3) Continue being happy using my sqwebmail install when I am out a lovely little cafes Of the possible solutions 3 seems to be the easiest, 2 will be the one that I will probably do and 1 seems like the funnest. Option 4: run an additional smtp tcpserver on port 587 ( mail message submission ) Most likely they are not blocking port 587 Ken Jones
[vchkpw] Re: roaming users
OR as Ken suggests I could just make my life easier and follow standard conventions. ;-) Ken Jones writes: On Wednesday 25 February 2004 1:47 pm, davila wrote: Alex, Jeremy, Michael and the rest, I just have to say that I have belonged to a number of email lists and this has to be the best one for signal to noise ratio. That being said, further investigations have lead me to some discoveries. I will share them with you briefly because the symptoms were a little confusing and lead me to think the problem was something other than what it actually is. This is one for the trouble shooting list that seems right up there with Is it plugged in? 1) After further testing I was able to determine that my smtp after pop3 auth is working fine. 2) After questioning the owner of one lovely little cafe he gave me the email to his network person. He was able to quickly determine the root of the problem. The public network that I use when I am out at lovely little cafe's is personaltelco.net. personaltelco.net blocks outgoing traffic to port 25 on any machine in the world. They do this for good reason. Spam control. By blocking outgoing smtp traffic on all of their public nodes they eliminate the possibility of some less than honorable people sending out masses of UCE's through open/broken relays. 3) This network person thanked me for my information and is now informing personaltelco.net that one of their nodes is broken and ALLOWING outgoing smtp traffic. Personaltelco is fixing that since they don't want a bunch of spammers wearing Rush Limbaugh lapel pins sucking up their bandwidth and getting them listed in an rbl. Possible Solutions: 1) Destroy all spammers and take back our network 2) Write a small proxy listener that I can connect to and forward the traffic to my smtp server. 3) Continue being happy using my sqwebmail install when I am out a lovely little cafes Of the possible solutions 3 seems to be the easiest, 2 will be the one that I will probably do and 1 seems like the funnest. Option 4: run an additional smtp tcpserver on port 587 ( mail message submission ) Most likely they are not blocking port 587 Ken Jones
Re: [vchkpw] Re: vpopmail - stunnel
Peter Palmreuther wrote: On Wed, Feb 25, 2004 at 01:45:53PM -0500, Jeff Koch wrote: I have started seeing stunnel processes owned by vpopmail in the process log. Can anyone explain what that's about? or should I be concerned? vpopmail 6977 0.0 0.0 3272 848 ?SFeb19 0:00 /usr/sbin/stunnel -f -p /var/qmail/control/servercert.pem -l /var/qma Probably POP, IMAP or SMTP over SSL. If you get a longer listing (ps auxw) you'd probably see that it's qmail-popup or qmail-smtpd running. Thanks. That's interesting. So we can do encrypted smtp and pop or imap sessions without bothering with PGP? PGP does not encrypt a 'SMTP|POP3|IMAP4' /session/, but the /message content/. SSL in fact does only encrypt the 'session', i.e. the transfer from 'client A to server B'. PGP ( Co.) protects your mail being read from /anybody/ without proper key, SSL protects your mail from being intercepted and read on transport over SSL encrypted path. This means: if you SSL connect your primary SMTP server your message is 'safe'. If this very server send the mail out using a not SSL protected connection anybody else can again reasd it, if he somehow manages it to fetch the packets. Any idea which email clients support that? There're some: Lookout Quickly can do, IIRC, so can 'The Bat!', 'Pocomai', 'Becky' and Eudora (to name the Windows fraction). Some of them even can 'STARTTLS'. For *nix there also a few: I know at least about 'mutt' and 'Sylpheed', but I'm quite sure 'Evolution' has SSL support as well, if not it's on the straight way to having it. Forgot to mention the lovely ThunderBird, which runs on both windows and Linux, BSD, Solaris, and many more. Its nice and fast, and easy to use. SSL for mail issues at client side is not that uncommon anymore, albeits it's use is rather limited. It can be of use if you send/receive your mail using an external SMTP/POP3/IMAP server and do not want your ISP to be able to read it. For any unkown term or program: use Google to locate it or it's meaning, I'm to lazy to provide all applicable URLs. :-)
[vchkpw] Re: Re: vpopmail - stunnel
On Wed, Feb 25, 2004 at 04:30:56PM -0500, X-Istence wrote: Any idea which email clients support that? [SSL] There're some: Lookout Quickly can do, IIRC, so can 'The Bat!', 'Pocomai', 'Becky' and Eudora (to name the Windows fraction). Some of them even can 'STARTTLS'. For *nix there also a few: I know at least about 'mutt' and 'Sylpheed', but I'm quite sure 'Evolution' has SSL support as well, if not it's on the straight way to having it. Forgot to mention the lovely ThunderBird, which runs on both windows and Linux, BSD, Solaris, and many more. Its nice and fast, and easy to use. Sure. It simply didn't came to my mind but is, of course, not the least in this list :-) -- Best regards Peter
[vchkpw] Need help troubleshooting (long)
Hello! I have problems with my qmail-setup, and I'm not sure where to start looking. I have a fairly new installation of qmail, vpopmail, spamassassin qmail-scanner on FreeBSD 4.6.2 and currently four different domains. Now, some of my users have complained that sometimes people are unable to mail them at one domain, but they can recieve the mail at the other domain(alias). I've never experienced this when I try to mail my users and it seems that almost all other mail come through. I've managed to get a mailheader from one of the people who couldn't mail one of my users. Unfortunately the mail is too old for me to track in my logs. Something that my users told me is that people who have been unable to mail them often experience this problem when replying to mail. The one log that I have is from a person who seems not to be able to mail one of my users at all at the domain named malcolmgrace.com, but when mailing the same user at the domainalias haas.se, it works. Apparently the person mailing has a Macintosh. I know that another person who has trouble mailing my users is on Hotmail. I'm thinking that this is perhaps a DNS-problem, but the person who I got the log from who couldn't mail on one domain, but it worked on the other - those domains are on the same DNS with identical configurations. ( I run a dynamic DNS client to update my domainnames.) So, perhaps it has something to do with strangely formated mailheaders and an oversensitive spamassassin? I tried to mail and reply to a mail with a lot of high-character ASCII from one of my users and that worked fine. (The reason is that the mail-log that I got had a lot of Swedish characters in it,) I really need some advice where to look, maybe this is a common problem with my kind of set-up? (Wishful thinking perhaps...) Here's the logfile, I've edited the users names somewhat and deleted some of the content for privacy. It's two messages long: -- Original Message -- From: Postmaster [EMAIL PROTECTED] Date: Tue, 24 Feb 2004 03:36:32 +0100 Delivery failed 20 attempts: [EMAIL PROTECTED] Original message follows. Subject: =?ISO-8859- 1?Q?Tack=20sj=E4lv=20f=F6r=20m=F6tet!?= Date: Mon, 23 Feb 2004 18:17:16 +0100 Message-Id: [EMAIL PROTECTED] design.com Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable From: patricia Wid=?ISO-8859-1?Q?=E9?=n [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Mailer: IMail v7.11 Hello sanna, [SNIP] /patricia. -- Original Message -- From: Postmaster [EMAIL PROTECTED] Date: Fri, 13 Feb 2004 03:08:41 +0100 Delivery failed 20 attempts: [EMAIL PROTECTED] Original message follows. Subject: =3D?ISO-8859- 1?Q?M=3DF6te=3D20den=3D2019=3D2F2?=3D Date: Thu, 12 Feb 2004 17:02:26 +0100 Message-Id: [EMAIL PROTECTED] design.com Mime-Version: 1.0 Content-Type: text/plain; charset=3DISO-8859-1 Content-Transfer-Encoding: quoted-printable From: patricia Wid=3D?ISO-8859-1?Q?=3DE9?=3Dn [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Mailer: IMail v7.11 Hello sanna! I'm not sure what happend, but I got your mail back... [SNIP] /patricia. -- Original Message-- From: Postmaster [EMAIL PROTECTED] Date: Wed, 11 Feb 2004 22:24:25 +0100 Delivery failed 20 attempts: [EMAIL PROTECTED] Original message follows. Subject: =3D3D?ISO-8859- 1?Q?Bes=3D3DF6k=3D3D20p=3D3DE5=3D3D20malcolm= 3D3D20grace=3D3 D20den=3D3D2019=3D3D [message truncated] I'd be sincerely gratful for any kind of help here. Thanks a lot, Mathias Haas.
Re: [vchkpw] vpopmail and qmail smtp-auth patch, cram-md5 problem
On Wed, 2004-02-25 at 07:33, Martin Kos wrote: On Tue, 24 Feb 2004, Tom Collins wrote: from README.auth: There is no need to include additionally the hostname in the call. is this new? .. i've thought there was some time ago some rumor about people that haven't added the hostname in the commandline of qmail-smtpd and have had an open relay or so? it seems to change every week. version 0.31 of that patch required the hostname argument. earlier versions didn't, great for consistency! -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
Re: [vchkpw] Re: roaming users
davila wrote: 1) Destroy all spammers and take back our network 2) Write a small proxy listener that I can connect to and forward the traffic to my smtp server. 3) Continue being happy using my sqwebmail install when I am out a lovely little cafes Of the possible solutions 3 seems to be the easiest, 2 will be the one that I will probably do and 1 seems like the funnest. Sorry for the noise and thanks for the help. I guess you learn something everyday. I've got to get back to work. Actually, 1 is the best, if you can figure out how to do it. Hopefully something that gives them as much grief in their last few minutes of life as they have spread to the rest of the world! 2 isn't as hard as it seems at first. Just start a second instance of SMTP on a different port, and configure your mail client to send to that port. I used 24, and am able to slip mail out past my ISP that is also blocking port 25. (Which is a good idea IMHO. It stops all the mail servers that are built into the latest viruses.) Just copy your SMTP run script into a new directory, (possibly in /var/qmail/supervise) change 25 to 24 and link it to /services. It will still respect your settings for things like roaming users as long as you only change the port. Then there is #4, find out what outgoing mail server they are using, and point your mail client at it. The problem is you may have to change your outgoing mail settings a lot. I've recommended this to my clients for a long time. I have web hosting and incoming mail, but my clients access the internet through someone else. I have them point pop/imap at my server, and SMTP at their ISP's server. Rick
