Re: [vchkpw] smtp after pop

2007-11-11 Thread ckubu 
Hi

  I have vpopmail running with smtp-after-pop functionality
  (--enable-roaming-users). the pop-daemon is from qmail. this works fine
  for normal (unsecure) connection via port 110. but this doesn't work if
  connecting via strunnel on port 995. I know, thats correct, because
  stunnel is connecting to qmail's pop3 daemon from ip 127.0.0.1.
 
  Is there any setup known, that results in writing users ip-address to
  open-smtp file so that smtp-after-pop work's even if connected via
  stunnel ?

 As STunnel proxies the connection, it probably looks like a connection
 on 127.0.0.1 to the SMTP server.

 You might want to look at using ucspi-ssl
 (http://www.superscript.com/ucspi-ssl/intro.html) which is an
 SSL-enabled version of tcpserver.

Thanks for that tip. It works fine.

for your interest. compiling uscpi-ssl with default conf-* files, my run 
script (on openbsd4.1 system) looks as follows

#!/bin/sh
CAFILE=/var/qmail/control/pop3d.pem
CERTFILE=/var/qmail/control/pop3d.pem
KEYFILE=/var/qmail/control/pop3d.pem
DHFILE=/var/qmail/control/dh1024.pem
export CAFILE CERTFILE KEYFILE DHFILE

MAX_CON=60
VPOPMAILUID=`id -u vpopmail`
VPOPMAILGID=`id -g vpopmail`
LOCAL=`head -1 /var/qmail/control/me`
LISTEN_IP=123.123.123.123

exec  /usr/local/bin/softlimit -m 500 \
  sslserver -e -v -HR -l $LOCAL \
  -c $MAX_CON \
  -u$VPOPMAILUID -g$VPOPMAILGID $LISTEN_IP 995 \
  /var/qmail/bin/qmail-popup `hostname` \
  /home/vpopmail/bin/vchkpw \
  /var/qmail/bin/qmail-pop3d  Maildir 21

cu Christoph

!DSPAM:473794ce32002129798806!

Re: [vchkpw] Two qmails in same machine

2007-11-11 Thread Christopher Chan 


All that is needed is identical assign, rcpthosts and virtualdomains 
files for mail delivery and acceptance. Patched qmails may or may not 
need a bit more.


I am retracting this comment if the setup is for one qmail instance to 
pass the mail to another qmail instance instead of both delivering to 
vpopmail.


!DSPAM:4737c92e32001657985750!

Re: [vchkpw] Two qmails in same machine

2007-11-11 Thread Christopher Chan 


Both qmail-smtpd instances can share the tcp.smtp.cdb file without 
trouble. Now that you actually brought up routing...I see that I have 
made a mistake. You must do your scanning with the /var/qmail instance 
or which ever vpopmail does it changes on. The other qmail instance must 
be the one that faces the internet. That should share the same rcpthosts 
file with the vpopmail supported qmail. Then you setup smtproutes to 
point all the domains to the scanning instance (/var/qmail). I have not 
looked at John's patches but I suspect you might need something else for 
recipient verification on the Internet facing instance...does your 
vpopmail installation support mysql?


John Simpson's validrcppto will handle user verification provided you 
build the cdb file with his mkvalidrcptto script for the Internet facing 
qmail instance if your vpopmail does not use mysql. Also, the scanner 
instance will then not need recipient verification support at all.


!DSPAM:4737ce2132001692820061!