[vchkpw] Howto block querys from user?
Hi folks! Have have a crazy user who logs everytime in as: Mar 14 15:29:26 icebear vpopmail[3787]: vchkpw-pop3: vpopmail user not found web150p1@:217.233.6.196 Mar 14 15:30:26 icebear vpopmail[12984]: vchkpw-pop3: vpopmail user not found web150p1@:217.233.6.196 Mar 14 15:31:26 icebear vpopmail[20331]: vchkpw-pop3: vpopmail user not found web150p1@:217.233.6.196 Mar 14 15:32:26 icebear vpopmail[7910]: vchkpw-pop3: vpopmail user not found web150p1@:217.233.6.196 Mar 14 15:33:26 icebear vpopmail[23565]: vchkpw-pop3: vpopmail user not found web150p1@:217.233.6.196 Mar 14 15:34:26 icebear vpopmail[27315]: vchkpw-pop3: vpopmail user not found web150p1@:217.233.6.196 Have someone of you an idea how I can block these user or how I can add this IP temp. into iptables? Viele Gruesse, Peter. -- [EMAIL PROTECTED], gpg -key http://blackhole.pca.dfn.de:11371/pks/lookup?op=getsearch=0x690A1AC2
RE: [vchkpw] Howto block querys from user?
iptables -A INPUT -p tcp -s 217.233.6.196 --dport 25 -j DROP will do what you want Shane -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Sunday, 14 March 2004 10:46 PM To: [EMAIL PROTECTED] Subject: [vchkpw] Howto block querys from user? Hi folks! Have have a crazy user who logs everytime in as: Mar 14 15:29:26 icebear vpopmail[3787]: vchkpw-pop3: vpopmail user not found web150p1@:217.233.6.196 Mar 14 15:30:26 icebear vpopmail[12984]: vchkpw-pop3: vpopmail user not found web150p1@:217.233.6.196 Mar 14 15:31:26 icebear vpopmail[20331]: vchkpw-pop3: vpopmail user not found web150p1@:217.233.6.196 Mar 14 15:32:26 icebear vpopmail[7910]: vchkpw-pop3: vpopmail user not found web150p1@:217.233.6.196 Mar 14 15:33:26 icebear vpopmail[23565]: vchkpw-pop3: vpopmail user not found web150p1@:217.233.6.196 Mar 14 15:34:26 icebear vpopmail[27315]: vchkpw-pop3: vpopmail user not found web150p1@:217.233.6.196 Have someone of you an idea how I can block these user or how I can add this IP temp. into iptables? Viele Gruesse, Peter. -- [EMAIL PROTECTED], gpg -key http://blackhole.pca.dfn.de:11371/pks/lookup?op=getsearch=0x690A1AC2
[vchkpw] Re: Howto block querys from user?
Hello List, On Sunday, March 14, 2004 at 3:45:52 PM [EMAIL PROTECTED] wrote (at least in part): Mar 14 15:29:26 icebear vpopmail[3787]: vchkpw-pop3: vpopmail user not found web150p1@:217.233.6.196 [...] Have someone of you an idea how I can block these user or how I can add this IP temp. into iptables? $ echo '217.233.6.196:deny' ~vpopmail/etc/tcp.smtp $ clearopensmtp Assuming your tcp.smtp file is located in ~vpopmail/etc. You'll not need to make an effort and configure IPTABLES, tcpserver is able to reject the connection by itself (when told in .cdb file). -- Best regards Peter Palmreuther The Greatest of Faults Is To Be Conscious of None
Re: [vchkpw] Re: Howto block querys from user?
Hallo Peter! Am So, 2004-03-14 um 16.41 schrieb Peter Palmreuther: Hello List, On Sunday, March 14, 2004 at 3:45:52 PM [EMAIL PROTECTED] wrote (at least in part): Mar 14 15:29:26 icebear vpopmail[3787]: vchkpw-pop3: vpopmail user not found web150p1@:217.233.6.196 [...] Have someone of you an idea how I can block these user or how I can add this IP temp. into iptables? $ echo '217.233.6.196:deny' ~vpopmail/etc/tcp.smtp $ clearopensmtp Assuming your tcp.smtp file is located in ~vpopmail/etc. You'll not need to make an effort and configure IPTABLES, tcpserver is able to reject the connection by itself (when told in .cdb file). Will I have a chance to fight against BruteForce-Attacks? Or to generate an smtp-Error-Message like: Do not login every 5 Seconds. Try again in 3 Minutes. or something else!? Thank you all, for your time! Viele Gruesse, Peter. -- [EMAIL PROTECTED], gpg -key http://blackhole.pca.dfn.de:11371/pks/lookup?op=getsearch=0x690A1AC2
[vchkpw] vpopbull
Hi. It appears vpopbull has the same bug as vdominfo pre 5.4.3. # cat /var/qmail/users/assign =uucp:uucp:10:14:/var/spool/uucp::: +uucp-:uucp:10:14:/var/spool/uucp:-:: =oden:oden:1000:1000:/home/oden/::: +oden-:oden:1000:1000:/home/oden/:-:: +:alias:800:800:/var/qmail/alias:-:: =alias:alias:800:800:/var/qmail/alias::: +alias-:alias:800:800:/var/qmail/alias:-:: =vpopmail:vpopmail:808:808:/home/vpopmail::: +vpopmail-:vpopmail:808:808:/home/vpopmail:-:: [...] # ./vpopbull -v -V -n -f message version: 5.4.3 skipping uuc (alias of uucp) skipping ode (alias of oden) skipping (alias of alias) skipping alia (alias of alias) skipping vpopmai (alias of vpopmail) [...]
[vchkpw] spamassassin features added to cvs version
I added the spamassasin features to the cvs version today. New configure option: --enable-spamassassin With this option, spamassassin is turned on by default New vmoddomlimits options -gc disable spamassassin for whole domain -gx enable automatically deleting email marked as spam New vmoduser options -f disables spamassassin for a user -F enable automatic deletion of email marked as spam for a user To make it as clean as possible and support individual users spam assassin preferences, it only calls spamd when writing the email to a users Maildir. It uses the spamassassin vpopmail features to read a users .spamassassin/user_prefs file. And uses spamd with a unix socket. Right now the spamd options are hard coded in vdelivermail.c I found some problems with the current SpamAssassin 2.63 code for automated creation of user_prefs files. I'll post the patch to vpopmail source forge and submit it to the spamassassin folks. We have been using the code in production for weeks with no problems. So hopefully it will work for you. Ken Jones
Re: [vchkpw] vpopbull
On Mar 14, 2004, at 11:03 AM, Oden Eriksson wrote: It appears vpopbull has the same bug as vdominfo pre 5.4.3. I saw that as well. I plan to add centralized functions to vpopmail.c for opening and reading the users/assign file. At some point, it can be updated to read users/cdb instead for performance. Any of the vpopmail binaries that currently parse that file will be updated to the new code. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] vpopbull
söndagen den 14 mars 2004 20.31 skrev Tom Collins: On Mar 14, 2004, at 11:03 AM, Oden Eriksson wrote: It appears vpopbull has the same bug as vdominfo pre 5.4.3. I saw that as well. I plan to add centralized functions to vpopmail.c for opening and reading the users/assign file. At some point, it can be updated to read users/cdb instead for performance. Any of the vpopmail binaries that currently parse that file will be updated to the new code. Very wise and very cool! Thank you very much Tom.
[vchkpw] Re: Howto block querys from user?
Hello Jeremy, On Sunday, March 14, 2004 at 4:51:45 PM you wrote (at least in part): Mar 14 15:29:26 icebear vpopmail[3787]: vchkpw-pop3: vpopmail user not found web150p1@:217.233.6.196 [...] Have someone of you an idea how I can block these user or how I can add this IP temp. into iptables? $ echo '217.233.6.196:deny' ~vpopmail/etc/tcp.smtp $ clearopensmtp Assuming your tcp.smtp file is located in ~vpopmail/etc. You'll not need to make an effort and configure IPTABLES, tcpserver is able to reject the connection by itself (when told in .cdb file). but what you missed is that this is a pop3 connection. Actually it's not that hard to figure: - this .cdb file is used by tcpserver - tcpserver of POP3 process can use one too - One can enter the same line into a different text file and make an appropriate .cdb file from it or tell POP3 server to use the same .cdb file as SMTP server; qmail-popup and qmail-pop3d will not be disturbed by set RELAYCLIENT or even QMAILQUEUE variables. Somebody who deals with his own mail server I simply expect to be able to read documentation to make it as secure as possible. When this person got a hint I expect it to be able to carry over this knowledge to other problems as well. That's the responsibility someone has when he/she wants to have his/her own server. Sorry for that opinion. -- Best regards Peter Palmreuther Death is God's way of telling you not to be such a wise guy.
[vchkpw] Re: Howto block querys from user?
Hello List, On Sunday, March 14, 2004 at 4:57:06 PM [EMAIL PROTECTED] wrote (at least in part): Mar 14 15:29:26 icebear vpopmail[3787]: vchkpw-pop3: vpopmail user not found web150p1@:217.233.6.196 [...] Have someone of you an idea how I can block these user or how I can add this IP temp. into iptables? $ echo '217.233.6.196:deny' ~vpopmail/etc/tcp.smtp $ clearopensmtp Assuming your tcp.smtp file is located in ~vpopmail/etc. You'll not need to make an effort and configure IPTABLES, tcpserver is able to reject the connection by itself (when told in .cdb file). Will I have a chance to fight against BruteForce-Attacks? No. Not this way. You'll need a patch discussed not long ago which logs the login attempts and reacts according to this data. Have a look at the archive for further information. The subject of corresponding thread was Heureka! Finished POP3-Frequency-Patch (against bruteforcing) initiated by knom knom19 at gmx.net -- Best regards Peter Palmreuther Wealthy people are no happier than those of modest means.
Re: [vchkpw] spamassassin features added to cvs version
Ken Jones wrote: I added the spamassasin features to the cvs version today. New configure option: --enable-spamassassin With this option, spamassassin is turned on by default New vmoddomlimits options -gc disable spamassassin for whole domain -gx enable automatically deleting email marked as spam Do we get to set the limit? Like i prefer to not delete anything over 4, but delete anyting higher than 8. If we delete anything marked as spam, it would delete at level 4, which is not what i would like, as i have one or two messages daily that are from family and friends that are at that level, but i cant whitelist them all one by one. Anything over 8 would really be spam, and i could care less about them. New vmoduser options -f disables spamassassin for a user -F enable automatic deletion of email marked as spam for a user To make it as clean as possible and support individual users spam assassin preferences, it only calls spamd when writing the email to a users Maildir. It uses the spamassassin vpopmail features to read a users .spamassassin/user_prefs file. And uses spamd with a unix socket. Right now the spamd options are hard coded in vdelivermail.c using spamc right? I found some problems with the current SpamAssassin 2.63 code for automated creation of user_prefs files. I'll post the patch to vpopmail source forge and submit it to the spamassassin folks. I had posted a patch for this before, but it was rejected, for some reason it is unable to create it at the moment, and it causes spamassassin to hang for ages (over 300 seconds per message) for some unknown reason before just letting it pass. We have been using the code in production for weeks with no problems. So hopefully it will work for you. Good to know :) Ken Jones X-Istence
[vchkpw] Move to new server
Hey: A little OT, but I'm looking for a last-minute sanity check before I move a whole bunch of domains from my old server to the shiny new box I've been prepping for weeks... Here is what I plan on doing: vadddomain each domain on the new server Stop qmail-smtpd on the old server Stop POP on the old server rsync domain directories from old-new Change DNS so new server responds on old servers name Does this sound like a good plan? Also, is there a way to move the queue over from the old machine to the new one? I think it's all spam bounces, but there may be a live message or 2 in there... Thanks, -Kit
[vchkpw] vchkpw / qmail-pop3d hanging/not responding
Hey all, out of nowhere vchkpw stopped responding on port 110. I'm running it on FreeBSD 5.2.1 and I think another Admin on the system might have broke something.. Either way, I start vchkpw under tcpserver with : #!/bin/sh exec /usr/local/bin/softlimit -m 900 \ /usr/local/bin/tcpserver -v -R -H -l 0 0 110 /var/qmail/bin/qmail-popup \ 0 /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 21 And it seems to startup fine, lsof shows it listening, But any outside connections are just ignored.. tcpdump shows my client attempting, but vchkpw or the qmail daemons do not respond at all. I also ran from command line : $ /var/qmail/bin/qmail-popup 0 /home/vpopmail/bin/vchkpw +OK [EMAIL PROTECTED] user [EMAIL PROTECTED] +OK pass test -ERR aack, child crashed my pass IS correct though! So maybe this is an insight to the problem. Can anyone else help me our of give me idea on how I can troubleshoot further? Any help appriciated, Let me know if more data is needed Thank you in advance. Nick
Re: [vchkpw] vchkpw / qmail-pop3d hanging/not responding
On Sun, 2004-03-14 at 19:58, Nick wrote: Hey all, out of nowhere vchkpw stopped responding on port 110. I'm running it on FreeBSD 5.2.1 and I think another Admin on the system might have broke something.. Either way, I start vchkpw under tcpserver with : #!/bin/sh exec /usr/local/bin/softlimit -m 900 \ /usr/local/bin/tcpserver -v -R -H -l 0 0 110 /var/qmail/bin/qmail-popup \ 0 /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 21 And it seems to startup fine, lsof shows it listening, But any outside connections are just ignored.. tcpdump shows my client attempting, but vchkpw or the qmail daemons do not respond at all. you have -v flag, what do your tcpserver logs say? I also ran from command line : $ /var/qmail/bin/qmail-popup 0 /home/vpopmail/bin/vchkpw +OK [EMAIL PROTECTED] user [EMAIL PROTECTED] +OK pass test -ERR aack, child crashed my pass IS correct though! correct, and vchkpw is not able to run its argument because, well... there isn't one! If you had the wrong password it would have just said -ERR Authorization failed. -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
RE: [vchkpw] Move to new server
A little OT, but I'm looking for a last-minute sanity check before I move a whole bunch of domains from my old server to the shiny new box I've been prepping for weeks... I recently went through this myself just last week. If you're using MySQL backend, you'll need to use vconvert to repopulate the MySQL stuff from the old box to the new. Otherwise, your plan looks OK.
RE: [vchkpw] vchkpw / qmail-pop3d hanging/not responding
Ths logs are logging to /var/log/maillog and show nothing but my command line auth attempts.. This is crazy! -Original Message- From: Jeremy Kitchen [mailto:[EMAIL PROTECTED] Sent: Sunday, March 14, 2004 7:27 PM To: [EMAIL PROTECTED] Subject: Re: [vchkpw] vchkpw / qmail-pop3d hanging/not responding On Sun, 2004-03-14 at 19:58, Nick wrote: Hey all, out of nowhere vchkpw stopped responding on port 110. I'm running it on FreeBSD 5.2.1 and I think another Admin on the system might have broke something.. Either way, I start vchkpw under tcpserver with : #!/bin/sh exec /usr/local/bin/softlimit -m 900 \ /usr/local/bin/tcpserver -v -R -H -l 0 0 110 /var/qmail/bin/qmail-popup \ 0 /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 21 And it seems to startup fine, lsof shows it listening, But any outside connections are just ignored.. tcpdump shows my client attempting, but vchkpw or the qmail daemons do not respond at all. you have -v flag, what do your tcpserver logs say? I also ran from command line : $ /var/qmail/bin/qmail-popup 0 /home/vpopmail/bin/vchkpw +OK [EMAIL PROTECTED] user [EMAIL PROTECTED] +OK pass test -ERR aack, child crashed my pass IS correct though! correct, and vchkpw is not able to run its argument because, well... there isn't one! If you had the wrong password it would have just said -ERR Authorization failed. -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
