[vchkpw] cram-md5 smtp auth failure.
Hello, im trying send mail with cram-md5. I send the mails with thunderbird, and always take 5 seconds in send the mail, i have seening the logs and i can see that, first send the authentication in cram-md5, but 5 seconds later it come back to send the authentication in clear text. I have seen this with a tcpdump. I have using vpopmail-5.4.13, qmail + smtp-auth (http://members.elysium.pl/brush/qmail-smtpd-auth/dist/qmail-smtpd-auth-0.31.tar.gz). Do i need to patch vchkpw or any similar things ? Thanks and regards, N0K.
Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??
Ibiltari wrote: Thanks for your answer Tonino, i take that solution in account but i would prefer another solution if possible, that smtp server is being already used by lots of clients so running another server for them would imply that they have to change their mail server (its a little change, i know, but they are lots and the average user would need assistance for doing that simple change) so i would try to another solution first if someone has another idea.. or i get illuminated in between hehe Change the MX record to a new ip and add an alias IP on the server. Current users still use mail.example.com but all outside mail comes in on mx.example.com. Regards, Rick
Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??
At 20.31 06/02/2006, you wrote: Thanks for your answer Tonino, i take that solution in account but i would prefer another solution if possible, that smtp server is being already used by lots of clients so running another server for them would imply that they have to change their mail server (its a little change, i know, but they are lots and the average user would need assistance for doing that simple change) so i would try to another solution first if someone has another idea.. or i get illuminated in between hehe Simplest solution is to put another VARIABLE disabling this check. Let me see how add something like what you ask. I'm just wondering if other checks could be excluded for authenticathed users. Any comment is welcome. Tonino On 2/6/06, tonix (Antonio Nati) [EMAIL PROTECTED] wrote: At 18.36 06/02/2006, you wrote: Hi, i have a working qmail installation from netqmail and recently included chkuser (very nice!). I want to use the CHKUSER_RCPTLIMIT and CHKUSER_WRONGRCPTLIMIT variables to block spam because they work very nice in my system, but the problem is that i don't want to apply these limits to the authenticated clients, so they can send mail with lot of recipients and even whit wrong recipient so they receive a bounced message. (if they get an error when sending they just think, o! the server is not working, lets call the provider). So, i tried whit #define CHKUSER_SENDER_NOCHECK_VARIABLE RELAYCLIENT but it doesn't works. It only disables sender checking or also the limits? how i can disable the limits only for authenticated clients? any idea? Actually I'm using a separate qmail-smtpd server for authenticated users (i.e. relay.mydomain.com), on a dedicated IP address. This solves the most of my problems, as in this way I can make the deepest customization I can, and I keep separated normal MX traffic and relaying traffic. In this dedicated server for authenticated users I think it could be even better not to enable CHKUSER, so normal users with Outlook will receive normal error messages instead of short SMTP responses. Tonino Thanks in advance Ion
Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??
At 20.57 06/02/2006, you wrote: Ibiltari wrote: Thanks for your answer Tonino, i take that solution in account but i would prefer another solution if possible, that smtp server is being already used by lots of clients so running another server for them would imply that they have to change their mail server (its a little change, i know, but they are lots and the average user would need assistance for doing that simple change) so i would try to another solution first if someone has another idea.. or i get illuminated in between hehe Change the MX record to a new ip and add an alias IP on the server. Current users still use mail.example.com but all outside mail comes in on mx.example.com. Much better than changing chkuser code :-) !!! Tonino Regards, Rick
Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??
mmm but is not harder to mantain a server whit 2 smtp server runing together? i think i would prefer the other method anyway. And by the way, it could be a nice feature to add to chkuser? somthing like CHKUSER_NOCHECKS_VARIABLE RELAYCLIENT On 2/6/06, tonix (Antonio Nati) [EMAIL PROTECTED] wrote: At 20.57 06/02/2006, you wrote: Ibiltari wrote: Thanks for your answer Tonino, i take that solution in account but i would prefer another solution if possible, that smtp server is being already used by lots of clients so running another server for them would imply that they have to change their mail server (its a little change, i know, but they are lots and the average user would need assistance for doing that simple change) so i would try to another solution first if someone has another idea.. or i get illuminated in between hehe Change the MX record to a new ip and add an alias IP on the server. Current users still use mail.example.com but all outside mail comes in on mx.example.com. Much better than changing chkuser code :-) !!! Tonino Regards, Rick
Re: [vchkpw] qmailtap question
On Saturday 04 February 2006 23:47, John Simpson wrote: just a quick question. i'm maintaining the monster combined patch that qmailrocks has adopted, and over the past few months i've been hammered with questions about using QUEUE_EXTRA. apparently it works with older versions of my combined patch, but since i added the ext_todo patch (which solves the silly qmail syndrome by splitting qmail-send into two programs- qmail-todo which classifies messages as local or remote, and qmail-send which schedules deliveries) people are saying that it doesn't work. I don't see why it wouldn't. the QUEUE_EXTRA just modifies the qmail.c interface (which is used by all qmail programs that queue mail, including ezmlm and fastforward, etc.) to add an extra recipient to the message. i'm thinking about possibly including the qmailtap patch in my combined patch file. however, the biggest problem i've seen from people using QUEUE_EXTRA is that they set up loops when they try to send the copies to a remote address, and because the copy has to traverse the queue, it gets logged and sent to the monitor address... and THAT copy gets logged, and so forth... that's not a problem with QUEUE_EXTRA, that's a problem with the person not reading how to properly use QUEUE_EXTRA. Adding 'loop detection' code into this drastically complicates the process and doesn't add any real value. -Jeremy -- Jeremy Kitchen ++ [EMAIL PROTECTED] In the beginning was The Word and The Word was Content-type: text/plain -- The Word of Bob. pgpZrECZK8OT7.pgp Description: PGP signature
Re: [vchkpw] cram-md5 smtp auth failure.
On Monday 06 February 2006 08:45, Tom Collins wrote: On Feb 6, 2006, at 4:14 AM, N0K wrote: I have using vpopmail-5.4.13, qmail + smtp-auth (http://members.elysium.pl/brush/qmail-smtpd-auth/dist/qmail-smtpd- auth-0.31.tar.gz). Do i need to patch vchkpw or any similar things ? You're using an outdated SMTP AUTH patch. Try the one included in vpopmail's contrib directory. But, that reminds me, I could update vchkpw to try swapping the challenge and response parameter order (the underlying problem) if the correct way fails. This would allow it to continue working with the old patches that passed them in the wrong order. my two cents: the old patch should die. it's really, really, really bad. Leave vchkpw how it is :) -Jeremy -- Jeremy Kitchen ++ [EMAIL PROTECTED] In the beginning was The Word and The Word was Content-type: text/plain -- The Word of Bob. pgpXQLqSdKpZf.pgp Description: PGP signature
Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??
On Monday 06 February 2006 09:36, Ibiltari wrote: Hi, i have a working qmail installation from netqmail and recently included chkuser (very nice!). I want to use the CHKUSER_RCPTLIMIT and CHKUSER_WRONGRCPTLIMIT variables to block spam because they work very nice in my system, but the problem is that i don't want to apply these limits to the authenticated clients, so they can send mail with lot of recipients and even whit wrong recipient so they receive a bounced message. (if they get an error when sending they just think, o! the server is not working, lets call the provider). So, i tried whit #define CHKUSER_SENDER_NOCHECK_VARIABLE RELAYCLIENT but it doesn't works. It only disables sender checking or also the limits? how i can disable the limits only for authenticated clients? any idea? just a guess (since I haven't looked at chkuser code in ages): try removing the quotes from RELAYCLIENT your define will look like this: #define CHKUSER_SENDER_NOCHECK_VARIABLE RELAYCLIENT if that won't work, it shouldn't compile, so you'll know immediately ;) -Jeremy -- Jeremy Kitchen ++ [EMAIL PROTECTED] In the beginning was The Word and The Word was Content-type: text/plain -- The Word of Bob. pgp2sm1AOK9Ro.pgp Description: PGP signature
Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??
On Monday 06 February 2006 11:57, tonix (Antonio Nati) wrote: At 20.31 06/02/2006, you wrote: Thanks for your answer Tonino, i take that solution in account but i would prefer another solution if possible, that smtp server is being already used by lots of clients so running another server for them would imply that they have to change their mail server (its a little change, i know, but they are lots and the average user would need assistance for doing that simple change) so i would try to another solution first if someone has another idea.. or i get illuminated in between hehe Simplest solution is to put another VARIABLE disabling this check. Let me see how add something like what you ask. I'm just wondering if other checks could be excluded for authenticathed users. I would say the simplest solution would be to skip these checks when RELAYCLIENT is set. That way it works without modification with existing SMTP AUTH patches, as well as manually setting RELAYCLIENT in your tcprules file. or perhaps make the variable checked configurable, and default it to RELAYCLIENT. -Jeremy -- Jeremy Kitchen ++ [EMAIL PROTECTED] In the beginning was The Word and The Word was Content-type: text/plain -- The Word of Bob. pgpTmOjhkVPCp.pgp Description: PGP signature
Re: [vchkpw] Problem about qmail
On -1 xxx -1 [EMAIL PROTECTED] wrote: Hi I have one qmail with double-boucetrim.patch, bigconcurrency,rcptchecks with tarpit and tarpit palomine patches but I have a big problem, my server have 800 qmail-smtpd process if I compile qmail without rcptchecks my mail server stay in crash with a lot of process spamd and clamav but I would like to drop this connection of spammer if detected, not tarpiting this conect how the rcptcheck do. anybody have one idea? Hi Thiago, if you can identify your spammer ip/subnet watching your qmail-smtpd logs or directly with a netstat, just include one line in your ~vpopmail/etc/tcp.smtp file: ip_or_subnet_of_spammer:deny after that don't forget run: (cd ~vpopmail/etc ; tcprules tcp.smtp.cdb tcp.smtp.tmp tcp.smtp) to re-generate your ~vpopmail/etc/tcp.smtp.cdb file. regards __Abel
Re: [vchkpw] qmailtap question
On 2006-02-06, at 1620, Jeremy Kitchen wrote: i'm thinking about possibly including the qmailtap patch in my combined patch file. however, the biggest problem i've seen from people using QUEUE_EXTRA is that they set up loops when they try to send the copies to a remote address, and because the copy has to traverse the queue, it gets logged and sent to the monitor address... and THAT copy gets logged, and so forth... that's not a problem with QUEUE_EXTRA, that's a problem with the person not reading how to properly use QUEUE_EXTRA. Adding 'loop detection' code into this drastically complicates the process and doesn't add any real value. that's what i was afraid of. i understand the problem, you understand the problem, and i'm sure anybody who thinks about it for more than ten seconds will understand it as well... but because my combined patch has been adopted by qmailrocks, if i were to add inter7's qmailtap patch (or any other QUEUE_EXTRA patch) i would be flooded with question from typical qmailrocks users about why their server is sending multiple copies of every message and killing their server. i'm sure you of all people know that qmailrocks has a reputation for being qmail for dummies. the only reason i joined their list is because they're using my combined patch- before i joined their list i was getting several messages per day from qmailrocks users who couldn't figure something-or-other out, and emailed me directly because i wrote the patch so i must be an expert who's willing to offer free consulting services to every random person on the internet... the question came up on the qmailrocks list, from a user in europe somewhere, who is legally required to keep copies of every message sent or received by every employee at their company. you and i know that QUEUE_EXTRA is the core of how to make this happen, but trying to explain all of the details to somebody who has no idea what a queue is, let alone how to tell if a given delivery instruction will result in another message being added to it... i'm sure you can imagine the aggravation waiting along that road. my hope was that inter7's qmailtap patch would have some kind of loop detection built in, so that this doesn't happen and i can add it to my combined patch, knowing that i'm not going to have people setting up server-killing loops. my answer to this question is usually i'm not going to add it to my combined patch- if you can add it, more power to you but i figured in the interest of fairness i would at least ask the inter7 guys about it... the qmailtap web page lists this as one of the places to discuss qmailtap, and i know several of the inter7 guys are on this list. maybe one of them will have better news... -- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ [EMAIL PROTECTED] | -- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | -- PGP.sig Description: This is a digitally signed message part
[vchkpw] Vchkpw pass word policy
Dear All, We wish to enforce pass word policy on the users of our mail system . Can it be done using Vpopmail. Common policy include changing password on first logon etc...
Re: [vchkpw] qmailtap question
my answer to this question is usually i'm not going to add it to my combined patch- if you can add it, more power to you but i figured in the interest of fairness i would at least ask the inter7 guys about it... the qmailtap web page lists this as one of the places to discuss qmailtap, and i know several of the inter7 guys are on this list. maybe one of them will have better news... -- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ [EMAIL PROTECTED] | -- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | -- I was able to integrate your qmail-1.03-jms1.6c patch and the qmail tap patch successfully. It compiled and ran with the tap functionality. However, I could not give any testimonial about performance loss due to QUEUE_EXTRA because the test server never reached production. I understand you have released an updated version of your combined patch. I haven't had an opportunity to attempt combining the two once again. If the server isn't high volume would the functionality outweigh the performance loss due to the drawbacks with QUEUE_EXTRA? Sincerely, Adam Ossenford
