[vchkpw] SMTP Authenticaton
Dear all, I have a question. We have a mailserver that only accepts incoming SMTP connections from our anti-spam appliances. So far so good, this is done at the tcpserver level. So default is :deny. Our clients, however also need SMTP functionality so we've set up the same server with SMTP Authentication, however that wont work, since by default all connections other than those from the Barracuda are blocked. We experimented with pop before smtp, but those results are not satisfactory either. The reason we block by default is that sooner or later spammers connect to the server directly rendering the anti-spam appliances completely useless. (or at the very least ineffective) An option for us to setup a different server that only handles smtp functionality for our client, however the problem then is that a domain needs to exist on two servers. one for the popbox and one for smtp authentication to work. Or is it possible for the vpopmail to connect to the database on the other mailserver for authentication or would that be too slow? Does anybody have any other suggestions perhaps? Thanks, Sincerely, - Wouter van der Schagt !DSPAM:47fdd050120507919821043!
Re: [vchkpw] SMTP Authenticaton
Wouter van der Schagt wrote: An option for us to setup a different server that only handles smtp functionality for our client, however the problem then is that a domain needs to exist on two servers. one for the popbox and one for smtp authentication to work. Or is it possible for the vpopmail to connect to the database on the other mailserver for authentication or would that be too slow? Does anybody have any other suggestions perhaps? Hi Wouter I ran into this same problem. I got around it by creating a SMTP submission port that accepts SMTP Auth emails into the server on port 587. Port 25 only accepts messages from our spam appliance by firewall restriction. Each mail client has to be set to use port 587 and SMTP Auth of course. -- Alastair Battrick !DSPAM:47fdd237120501306216291!
Re: [vchkpw] SMTP Authenticaton
Wouter van der Schagt wrote: My apologies, you already mentioned it.. by firewall restriction. Another question.. spammers could still connect if they knew they were supposed to connect to port 587 am i correct? Or did you find a way around this as well? Hi Wouter Port 587 has SMTP Auth, so although they might be able to connect to the daemon, they cannot send email through it. -- Alastair Battrick http://www.aj8.org !DSPAM:47fdd5aa120501200218640!
Re: [vchkpw] SMTP Authenticaton
My apologies, you already mentioned it.. by firewall restriction. Another question.. spammers could still connect if they knew they were supposed to connect to port 587 am i correct? Or did you find a way around this as well? Thanks - Wouter - Original Message - From: Alastair Battrick [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Thursday, April 10, 2008 4:39 PM Subject: Re: [vchkpw] SMTP Authenticaton Wouter van der Schagt wrote: An option for us to setup a different server that only handles smtp functionality for our client, however the problem then is that a domain needs to exist on two servers. one for the popbox and one for smtp authentication to work. Or is it possible for the vpopmail to connect to the database on the other mailserver for authentication or would that be too slow? Does anybody have any other suggestions perhaps? Hi Wouter I ran into this same problem. I got around it by creating a SMTP submission port that accepts SMTP Auth emails into the server on port 587. Port 25 only accepts messages from our spam appliance by firewall restriction. Each mail client has to be set to use port 587 and SMTP Auth of course. -- Alastair Battrick !DSPAM:47fdd469120501275178592!
Re: [vchkpw] SMTP Authenticaton
Tonix (Antonio Nati) ha scritto: I guess you use vpopmail. Sorry for the stupid deduction, I confused this mailing list with the general qmail mailing list :-). Tonino If you use chkuser patch (on for qmail/vpopmail), or Shupp's toaster which includes chkuser, you can force a server to accept only authenticated sessions. So, you can set up a dedicated port (like the submission port) or a dedicated IP only for this purpose. See http://www.interazioni.it/opensource/chkuser/ for more details. Tonino Wouter van der Schagt ha scritto: My apologies, you already mentioned it.. by firewall restriction. Another question.. spammers could still connect if they knew they were supposed to connect to port 587 am i correct? Or did you find a way around this as well? Thanks - Wouter - Original Message - From: Alastair Battrick [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Thursday, April 10, 2008 4:39 PM Subject: Re: [vchkpw] SMTP Authenticaton Wouter van der Schagt wrote: An option for us to setup a different server that only handles smtp functionality for our client, however the problem then is that a domain needs to exist on two servers. one for the popbox and one for smtp authentication to work. Or is it possible for the vpopmail to connect to the database on the other mailserver for authentication or would that be too slow? Does anybody have any other suggestions perhaps? Hi Wouter I ran into this same problem. I got around it by creating a SMTP submission port that accepts SMTP Auth emails into the server on port 587. Port 25 only accepts messages from our spam appliance by firewall restriction. Each mail client has to be set to use port 587 and SMTP Auth of course. -- Alastair Battrick -- [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED] !DSPAM:47fdd62d120501018317444!
Re: [vchkpw] SMTP Authenticaton
I guess you use vpopmail. If you use chkuser patch (on for qmail/vpopmail), or Shupp's toaster which includes chkuser, you can force a server to accept only authenticated sessions. So, you can set up a dedicated port (like the submission port) or a dedicated IP only for this purpose. See http://www.interazioni.it/opensource/chkuser/ for more details. Tonino Wouter van der Schagt ha scritto: My apologies, you already mentioned it.. by firewall restriction. Another question.. spammers could still connect if they knew they were supposed to connect to port 587 am i correct? Or did you find a way around this as well? Thanks - Wouter - Original Message - From: Alastair Battrick [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Thursday, April 10, 2008 4:39 PM Subject: Re: [vchkpw] SMTP Authenticaton Wouter van der Schagt wrote: An option for us to setup a different server that only handles smtp functionality for our client, however the problem then is that a domain needs to exist on two servers. one for the popbox and one for smtp authentication to work. Or is it possible for the vpopmail to connect to the database on the other mailserver for authentication or would that be too slow? Does anybody have any other suggestions perhaps? Hi Wouter I ran into this same problem. I got around it by creating a SMTP submission port that accepts SMTP Auth emails into the server on port 587. Port 25 only accepts messages from our spam appliance by firewall restriction. Each mail client has to be set to use port 587 and SMTP Auth of course. -- Alastair Battrick -- [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED] !DSPAM:47fdd5d1120501953143563!
[vchkpw] Dovecot and disable non IMAP webmail access
I need to disable non IMAP webmail access, then allow access to IMAP only from
localhost/webmail, and in the future enable full IMAP access only for some
users.
In a previous message I was advised to switch from courier-imap to dovecot and
so I did, but the problem persists.
My installation is based on shupp.org toaster but with some modifications:
vpopmail version is: 5.4.26
MySQL backend
dovect version is: 1.0.13
webmail is horde and connects to the IMAP server through 127.0.0.1 or
localhost
Example:
mail:~# /home/vpopmail/bin/vmoduser -i [EMAIL PROTECTED]
NOTE: (-i : disable non-webmail IMAP access )
mail:~# /home/vpopmail/bin/vuserinfo [EMAIL PROTECTED]
name: cbs
passwd: X
clear passwd: X
uid:0
gid:8
flags: 2152
gecos: cbs
limits:
imap access closed
smtp access is closed (*)
user not allowed to relay mail (*)
no dialup flag has been set (*)
* = set by domain-wide limits
dir: /home/vpopmail/domains/mail.it/cbs
quota: 52428800S
usage: 26%
last auth: Thu Apr 10 10:31:02 2008
last auth ip: imap
From my PC IMAP is disable now:
mail:~# tail -f /var/log/dovecot/dovecot.log | grep cbs
dovecot: Apr 10 11:06:36 Info: auth(default):
vpopmail([EMAIL PROTECTED],80.149.171.97): lookup user=cbs domain=mail.it
dovecot: Apr 10 11:06:36 Info: auth(default):
vpopmail([EMAIL PROTECTED],80.149.171.97): IMAP disabled
dovecot: Apr 10 11:06:37 Info: auth(default): client out: FAIL 752
[EMAIL PROTECTED]
dovecot: Apr 10 11:06:37 Info: imap-login: Disconnected: user=[EMAIL
PROTECTED],
method=PLAIN, rip=80.149.171.97, lip=152.19.154.67
But also from Webmail (localhost) is disable
dovecot: Apr 10 11:07:57 Info: auth(default): vpopmail([EMAIL
PROTECTED],127.0.0.1):
lookup user=cbs domain=mail.it
dovecot: Apr 10 11:07:57 Info: auth(default): vpopmail([EMAIL
PROTECTED],127.0.0.1):
IMAP disabled
dovecot: Apr 10 11:07:59 Info: auth(default): client out: FAIL 1990
[EMAIL PROTECTED]
If i set:
mail:~# /home/vpopmail/bin/vmoduser -w [EMAIL PROTECTED]
limits:
webmail access closed
smtp access is closed (*)
user not allowed to relay mail (*)
no dialup flag has been set (*)
* = set by domain-wide limits
I do not get any effect, IMAP always work from any IP.
My vchkpw.c is set properly, I think:
char *webmailips[] = { 127.0.0.1 };
Some questions:
Where writes the settings on limits vmoduser (MySQL, Maildir)?
How can investigate to find out where is the problem?
Thanks
--
Alessio Cecchi is:
@ ILS - http://www.linux.it/~alessice/
Assistenza Sistemi GNU/Linux - http://www.cecchi.biz/
@ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it
@ LOLUG - neo-Socio http://www.lolug.net
!DSPAM:47fde164120509006914130!
Re: [vchkpw] SMTP Authenticaton
Thanks for your reply, how did you configure tcpserver to be selective on the ports? Or what did you put in the /etc/tcp.smtp file? = Wouter - Original Message - From: Alastair Battrick [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Thursday, April 10, 2008 4:39 PM Subject: Re: [vchkpw] SMTP Authenticaton Wouter van der Schagt wrote: An option for us to setup a different server that only handles smtp functionality for our client, however the problem then is that a domain needs to exist on two servers. one for the popbox and one for smtp authentication to work. Or is it possible for the vpopmail to connect to the database on the other mailserver for authentication or would that be too slow? Does anybody have any other suggestions perhaps? Hi Wouter I ran into this same problem. I got around it by creating a SMTP submission port that accepts SMTP Auth emails into the server on port 587. Port 25 only accepts messages from our spam appliance by firewall restriction. Each mail client has to be set to use port 587 and SMTP Auth of course. -- Alastair Battrick !DSPAM:47fdd38d120501382840492!
[vchkpw] vpopmail domain directory + NFS
Hello! In nowadays, I have the following setup: /dev/sda1 - 720GB - reiserfs - (/domains) directory. (Contains the cdb file, bins etc) I want to place the domains dir... and cdb file, vpopmail bins in a new storage(NFS). My question is... what is the best practices to move the vpopmail user-boxes to another server using NFS? I've read that reiserfs and nfs doesn't work correctely. Maybe XFS are fully guaranted? And about mantain the same user and group vpopmail.vchkpw in NFS? Best Regards, -- * Juliano Souza * Tecnologia Grupo BEM - EmergĂȘncias MĂ©dicas PABX (11) 38716746 www.grupobem.com.br !DSPAM:47fe19af120501420718495!
