Re: [vchkpw] vpopmail-to-vpopmail migration plan and questions
My uplevel talked me into using an even simpler approach (more like yours), making my original question partly moot. The two servers (freebsd jail vps's actually) are binary-compatible so we just rsync'd the entire server (vps). We will do a final rsync for the real transition after doing some testing first. However your step 5 concerns me. I'm assuming in the scenario I just described that your step 5 isn't necessary, and please correct me if I'm wrong. The uid/gid's should be identical, and I confirmed that vpopmail gets 89:89 on both servers. Qmailadmin seems to think the domains and users were transferred ok. Pop and smtp access seems to work. My originally described approach was intended to be more conservative and even permit me to migrate one domain at a time in a leisurely and careful way, and would avoid shutting down qmail until the entire transition is complete. From a message on the toaster list I gleaned that I would need to hand-empty the virtualdomains file on the old server to implement my original step 5. Thanks for your detailed info, which confirmed my uplevel's suggested strategy, and which I'll file for future use, and is a good piece for the archives. -Kurt on 8/13/06 9:31 PM, Austin Jorden [EMAIL PROTECTED] wrote: I've worked with your exact setup before nearly. The best thing you can do is.. 1) Do nothing on your old vpopmail machine yet. 2) Install vpopmail on your new machine 3) DO-NOT create your domains or anything on your new machine yet. 4) Use Rsync through SSH to copy your vpopmail directory from your old server to your new one. I know the exact command if you want it. should be /home/vpopmail 5) Create your domains on your new machine, you'll get a warning Domain already exists however it will create anyways and all of your users will be automatically created, and your domains will get the correct UID and GID's. 6) When you're sure it'll work for you (which I'm 99.9% positive it will), simply use rsync to recopy your old vpopmail directory to your new one on the new server. RSync will only copy the new files, so it doesn't recopy anything, therefore you don't have any missed e-mails. 7) Repoint your DNS and you have a complete transfer. on your old machine, do this.. rsync -av -e ssh /home/vpopmail 0.0.0.0:/home Replace the 0's with the destination IP address, it'll prompt you for the new servers root password, enter it in and it'll build file list and transfer everything over. You may get some warnings and/or errors from rsync saying Some files could not be transfered that's because some files your trying to transfer are currently being used, etc. To stop that, simply cutoff the connections and then transfer (possible right before you transfer everything to make the new server active) If you have any questions, let me know. - Austin Jorden On Sun, August 13, 2006 8:35 pm, Kurt Bigler wrote: I'm migrating my vpopmail server to a new machine. The DNS zones fortunately do not have to be moved. My tentative plan for how to achieve the transition is as follows. (1) set up the new server with identical vpopmail domain/user structure (2) have the new server ready to receive SMTP for these domains, but with no MX pointing to it yet (3) set up the old server to route ALL outgoing SMTP through the new server At that point everything is basically set up for a transition, but nothing has really changed yet except how outgoing SMTP is being routed. (4) On the old server, delete all domains currently delivered locally there, but still accept incoming messages for those domains. (Also retain maildirs and contents for later copying. So I can't just vdeldomain.) The idea is that incoming messages still go through the old server, but as soon as the local domains are gone they get passed on to the new server with all other outgoing SMTP. (5) Copy all residual POP directory contents left on the old server to the new server. (6) Re-point the MX to the new server. Actually this is probably just an A record change since the MX hostname will remain the same. (7) Update all other relevant A records that end-users have entered into their MUA configurations. I'm not sure of a couple things in the above plan. (a) Basically how do I achieve step (4) above? Do I manually empty the assign file and/or virtualdomains files since I need to retain the POP directories and so can't use vdeldomain? (b) On the new server, is there any advantage (or necessity) to accepting delivery for the domains but deferring the actual local delivery until the old POP contents are copied over first? Thanks for any thoughts. -Kurt Bigler
[vchkpw] qmail-spf-rc5.patch conflicts with qmail-smtpd-auth-0.5.6
Hello I use vpopmail5.4 on qmail-1.03. I patched qmail-smtpd-auth.0.5.6 on vpopmail5.4. I want to use qmail-spf.patch on the same server but I get a conflict while patching. How can I patch both ?
[vchkpw] chkuser + localhost as sender MX
Hi. I've noticed some spam sending hosts, which use e.g. localhost/127.0.0.1 as their sender MX. When my mailserver tries to verify the sending account via bounce check (connecting to 127.0.0.1), the rcpt to: check is ok, because chkuser accepts unknown rcpt to's from localhost. Is there a settings to get rid of that? regards, Veit
[vchkpw] qmail-spf-rc5.patch conflicts with qmail-smtpd-auth-0.5.6
Hello I use vpopmail5.4 on qmail-1.03. I patched qmail-smtpd-auth.0.5.6 on vpopmail5.4. I want to use qmail-spf.patch on the same server but I get a conflict while patching. How can I patch both of them ?
Re: [vchkpw] rcpt check patch - rejected rcpt
On 5/30/06, DAve [EMAIL PROTECTED] wrote: DAve wrote: Ken Jones wrote: tonix (Antonio Nati) wrote: At 22.53 22/05/2006, you wrote: Has anyone else run into this? A microsoft smtp service is sending an email with a list of rcpt's. Some of the rcpt's are invalid. The microsoft keeps reporting rejection of almost all the email addresses including valid ones. We are using fixcrio on the smtp server, so it's not a bare line feed problem. Using chkuser v.2.0.8. Everything works fine when a qmail server sends the same list of emails. All the good rcpts get the email and all the invalid rcpts are rejected. Any ideas? I am looking into disabling the chk user for the senders static IP address but wonder if there is possibly something in the qmail/chkuser code that needs looking into. What do chkuser logs say about these rejected rcpt? For the rejected addresses seeing: CHKUSER rejected not existing recipient For the accepted addresses CHKUSER accepted found existing recipient We ran some other tests. If all the recipients are accepted the email comes through to all the users. If any one of the recipients are rejected then the sender says they get a bounce message with valid and invalid recipients listed with the regular qmail failure status of the form: There was a SMTP communication problem with the recipient's email server.Please contact your system administrator. HOST_SENDER #5.5.0 smtp;511 sorry, no mailbox here by that name (#5.1.1 - chkuser) Thier email system returns a bounce message containing those types of status for valid and invalid accounts. And the chkuser log shows the correct information, reporting invalid for invalid accounts and valid for existing accounts. I'm going to run a test when I telnet to port 25 and walk through the conversation by hand. Then check the logs and received emails. Ken I have been looking into the same issue since last week. I am waiting to confirm the client is using an exchange server at their location. The issue I am seeing is that the client has a distribution list with 22 recipients in it. Once ten recipients fail, the message is bounced as per my chkuser setup. #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`head -1 /var/qmail/control/concurrencyincoming` # CHKUSER values CHKUSER_MBXQUOTA=90 export CHKUSER_MBXQUOTA CHKUSER_RCPTLIMIT=150 export CHKUSER_RCPTLIMIT CHKUSER_WRONGRCPTLIMIT=10 export CHKUSER_WRONGRCPTLIMIT if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD ]; then echo QMAILDUID, NOFILESGID, or MAXSMTPD is unset in echo $0 exit 1 fi exec /usr/local/bin/softlimit -m 200 \ /usr/local/bin/tcpserver -v -P -R -h -l ecluster4.tls.net -x /var/qmail/control/tcp.smtp. cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 10.0.241.134 25 \ /usr/local/bin/fixcrio /var/qmail/bin/qmail-smtpd 21 Addresses that are valid are rejected until the rejection count goes over the intrusion threshold, even though the user exists and still receives mail otherwise. snip 26-196-65.tls.net:65.196.226.41 rcpt [EMAIL PROTECTED] : not existing recipient 2006-05-10 17:30:32.579064500 CHKUSER rejected rcpt: from [EMAIL PROTECTED]:: remote JHexamerGardner:wls-41-2 26-196-65.tls.net:65.196.226.41 rcpt [EMAIL PROTECTED] : not existing recipient 2006-05-10 17:30:36.283696500 CHKUSER intrusion threshold: from [EMAIL PROTECTED]:: remote JHexamerGardner:wl s-41-226-196-65.tls.net:65.196.226.41 rcpt [EMAIL PROTECTED] : max number of allowed invalid rcpt 2006-05-10 17:30:36.543197500 CHKUSER rejected intrusion: from [EMAIL PROTECTED]:: remote JHexamerGardner:wls bash-2.05b# ./vuserinfo [EMAIL PROTECTED] name: lisah passwd: x clear passwd: x comment/gecos: lisah uid:0 gid:0 flags:0 gecos: lisah limits: No user limits set. dir: /home/vpopmail/domains/1/x.com/lisah quota: NOQUOTA usage: NOQUOTA last auth: Mon Mar 27 15:22:13 2006 last auth ip: 10.0.241.134 I see no issues with the MySQL backend, but I am updating the MySQL install tonight so I can use query caching. Not sure if that will make a difference or not but I wanted the advantage of caching to reduce load on my SQL server. I am seeing this with one client only, and the issue is intermittent at that. Using chkuser-2.0.8b-release. Anything else I can offer? DAveThere is no Exchange server involved.Looking closer I see that the user was in her office, so I am not surewhy she even hit chkuser! She should have been on smpt-auth from her IP and I don't use chkuser for smpt-auth clients.The message has failed twice in two weeks and worked three times. Lastattempt worked perfectly.Still looking.DAve--This message was checked by forty monkeys and found to not contain any SPAM whatsoever.Your monkeys may varyHas anyone else had any luck with this issue? I'm seeing the same scenario using chkuser v.2.0.8 with delivery to a group of recipients from MS Exchange server. One bad address in a group of recipients results in the exchange server reporting failure for all recipients.
Re: [vchkpw] rcpt check patch - rejected rcpt
On 8/14/06, Jason S [EMAIL PROTECTED] wrote: On 5/30/06, DAve [EMAIL PROTECTED] wrote: DAve wrote: Ken Jones wrote: tonix (Antonio Nati) wrote: At 22.53 22/05/2006, you wrote: Has anyone else run into this? A microsoft smtp service is sending an email with a list of rcpt's. Some of the rcpt's are invalid. The microsoft keeps reporting rejection of almost all the email addresses including valid ones. We are using fixcrio on the smtp server, so it's not a bare line feed problem. Using chkuser v.2.0.8. Everything works fine when a qmail server sends the same list of emails. All the good rcpts get the email and all the invalid rcpts are rejected. Any ideas? I am looking into disabling the chk user for the senders static IP address but wonder if there is possibly something in the qmail/chkuser code that needs looking into. What do chkuser logs say about these rejected rcpt? For the rejected addresses seeing: CHKUSER rejected not existing recipient For the accepted addresses CHKUSER accepted found existing recipient We ran some other tests. If all the recipients are accepted the email comes through to all the users. If any one of the recipients are rejected then the sender says they get a bounce message with valid and invalid recipients listed with the regular qmail failure status of the form: There was a SMTP communication problem with the recipient's email server.Please contact your system administrator. HOST_SENDER #5.5.0 smtp;511 sorry, no mailbox here by that name (#5.1.1 - chkuser) Thier email system returns a bounce message containing those types of status for valid and invalid accounts. And the chkuser log shows the correct information, reporting invalid for invalid accounts and valid for existing accounts. I'm going to run a test when I telnet to port 25 and walk through the conversation by hand. Then check the logs and received emails. Ken I have been looking into the same issue since last week. I am waiting to confirm the client is using an exchange server at their location. The issue I am seeing is that the client has a distribution list with 22 recipients in it. Once ten recipients fail, the message is bounced as per my chkuser setup. #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`head -1 /var/qmail/control/concurrencyincoming` # CHKUSER values CHKUSER_MBXQUOTA=90 export CHKUSER_MBXQUOTA CHKUSER_RCPTLIMIT=150 export CHKUSER_RCPTLIMIT CHKUSER_WRONGRCPTLIMIT=10 export CHKUSER_WRONGRCPTLIMIT if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD ]; then echo QMAILDUID, NOFILESGID, or MAXSMTPD is unset in echo $0 exit 1 fi exec /usr/local/bin/softlimit -m 200 \ /usr/local/bin/tcpserver -v -P -R -h -l ecluster4.tls.net -x /var/qmail/control/tcp.smtp. cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 10.0.241.134 25 \ /usr/local/bin/fixcrio /var/qmail/bin/qmail-smtpd 21 Addresses that are valid are rejected until the rejection count goes over the intrusion threshold, even though the user exists and still receives mail otherwise. snip 26-196-65.tls.net:65.196.226.41 rcpt [EMAIL PROTECTED] : not existing recipient 2006-05-10 17:30:32.579064500 CHKUSER rejected rcpt: from [EMAIL PROTECTED]:: remote JHexamerGardner:wls-41-2 26-196-65.tls.net:65 .196.226.41 rcpt [EMAIL PROTECTED] : not existing recipient 2006-05-10 17:30:36.283696500 CHKUSER intrusion threshold: from [EMAIL PROTECTED]:: remote JHexamerGardner:wl s-41-226-196-65.tls.net:65.196.226.41 rcpt [EMAIL PROTECTED] : max number of allowed invalid rcpt 2006-05-10 17:30:36.543197500 CHKUSER rejected intrusion: from [EMAIL PROTECTED]:: remote JHexamerGardner:wls bash-2.05b# ./vuserinfo [EMAIL PROTECTED] name: lisah passwd: x clear passwd: x comment/gecos: lisah uid:0 gid:0 flags:0 gecos: lisah limits: No user limits set. dir: /home/vpopmail/domains/1/x.com/lisah quota: NOQUOTA usage: NOQUOTA last auth: Mon Mar 27 15:22:13 2006 last auth ip: 10.0.241.134 I see no issues with the MySQL backend, but I am updating the MySQL install tonight so I can use query caching. Not sure if that will make a difference or not but I wanted the advantage of caching to reduce load on my SQL server. I am seeing this with one client only, and the issue is intermittent at that. Using chkuser-2.0.8b-release. Anything else I can offer? DAveThere is no Exchange server involved.Looking closer I see that the user was in her office, so I am not surewhy she even hit chkuser! She should have been on smpt-auth from her IP and I don't use chkuser for smpt-auth clients.The message has failed twice in two weeks and worked three times. Lastattempt worked perfectly.Still looking.DAve--This message was checked by forty monkeys and found to not contain any SPAM whatsoever.Your monkeys may varyHas anyone else had any luck with this issue? I'm seeing the same scenario using chkuser v.2.0.8 with delivery to a group of recipients from MS Exchange server. One bad address in a group of recipients results in the
