Re: [vchkpw] about vchkpw + tls + smtp-auth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hemm ... no advices about that? :) Thanks for all Regards Andrea -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) iD8DBQFCQTcIMakHrsrHP9wRAqw1AKDfSCN8IMePQ4iJRHHPAABhCCOV8QCfYJQR 9asSe6FAb3jzNHSi38hl1qU= =8BN2 -END PGP SIGNATURE-
[vchkpw] about vchkpw + tls + smtp-auth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi folks, I know, we've discussed about that too much, but ... I don't know if it's solved :) I use freebsd 5.3, and I've tryed unlucky with the port 'qmail-smtp_auth+tls'. My ehlo is: 250-mail.nesys.it 250-AUTH LOGIN CRAM-MD5 PLAIN 250-AUTH=LOGIN CRAM-MD5 PLAIN 250-STARTTLS 250-PIPELINING 250 8BITMIME but the authentication through vchkpw doesn't work. If I try with two qmail-smtpd, ones with TLS and ones with SMTP-AUTH as follow: 250-mail.nesys.it 250-PIPELINING 250-8BITMIME 250-SIZE 0 250 AUTH LOGIN PLAIN CRAM-MD5 It works perfectly. Then, I think that 250-AUTH LOGIN CRAM-MD5 PLAIN 250-AUTH=LOGIN CRAM-MD5 PLAIN and 250 AUTH LOGIN PLAIN CRAM-MD5 aren't the same patch. Well, there's a patch that works correctly with vpopmail and with TLS and SMTP-AUTH togheter? Thanks for your support Regards Andrea -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) iD8DBQFCPADEMakHrsrHP9wRAm8JAJ9gFgGlntZkxawGTtsU+bAfCDcKhACfZLUp jdjKnLZGYIVuveRpHRyRVAU= =8xx0 -END PGP SIGNATURE-
Re: [vchkpw] about smtp auth and vpopmail: MD5 problem
Tom Collins wrote: On Oct 17, 2004, at 3:54 PM, Andrea Riela wrote: Now the smtp auth with pass in PLAIN text works fine, in CRAM-MD5 not. Vpopmail 5.4.0 or later? 5.5.0 Do you have a clear password for that user in your vpasswd file or database? CRAM-MD5 only works if you have a cleartext password stored I think no. How could I convert my password in vpasswd file to clear text? thanks for any suggestion Regards Andrea
[vchkpw] about smtp auth and vpopmail: MD5 problem
Hi folks, I've solved my problems with smtp auth (thanks Jeremy). Now the smtp auth with pass in PLAIN text works fine, in CRAM-MD5 not. this is the log: @40004172f62f29de299c sslserver: status: 1/20 @40004172f62f29ee65dc sslserver: pid 602 from 192.168.17.23 @40004172f62f29fed0fc sslserver: ok 602 0:192.168.1.11:465 :192.168.17.23::50077 @40004172f62f2ae4bc5c sslserver: warning: dropping connection, unable to accept SSL: error:0001:lib(0):func(0):reason(1) @40004172f62f2af3a0dc sslserver: end 602 status 28416 @40004172f62f2af48754 sslserver: status: 0/20 @40004172f63232858e3c sslserver: status: 1/20 @40004172f63232944f94 sslserver: pid 603 from 192.168.17.23 @40004172f63232a4ce3c sslserver: ok 603 0:192.168.1.11:465 :192.168.17.23::50080 @40004172f63238bec19c sslserver: ssl 603 accept 40004172f63239017ba4 604 > 220 nesys.it ESMTP 40004172f63307ed0f74 604 < EHLO [192.168.17.23] 40004172f63307f193b4 604 > 250-nesys.it 40004172f63307f52d94 604 > 250-PIPELINING 40004172f63307f53d34 604 > 250-8BITMIME 40004172f63307f54cd4 604 > 250-SIZE 0 40004172f63307f55c74 604 > 250 AUTH LOGIN PLAIN CRAM-MD5 40004172f633081c2a0c 604 < AUTH CRAM-MD5 40004172f63308203534 604 > 334 PDYwNC4xMD4MDUzTYxQDA+ 40004172f63308743904 604 < YXJpZWxhQ5lc3lzLml0IDBhM2I5NjmMWQ3MDEzNDE0MT4Y2U2NGRjNDYxN2E2 40004172f63808fe3154 604 > 535 authentication failed (#5.7.1) @40004172f6380933df84 604 < [EOF] @40004172f63809429cf4 604 > [EOF] @40004172f6380942bc34 sslserver: end 603 status 256 @40004172f6380942cfbc sslserver: status: 0/20 what I've to do? My vpopmail: make WITH_QMAIL_EXT=yes WITH_DOMAIN_QUOTAS=yes WITH_SPAMASSASSIN=yes SPAM_THRESHOLD=15 RELAYCLEAR=15 WITH_CLEAR_PASSWD=yes Thanks for any suggestion Regards Andrea
Re: [vchkpw] about smtp auth
Andrea Riela wrote: Oct 16 19:16:39 observe vpopmail[34852]: vchkpw-smtps: password fail [EMAIL PROTECTED]:192.168.17.23 telnet 127.0.0.1 25 EHLO 250-nesys.it 250-PIPELINING 250-8BITMIME 250-SIZE 0 250 AUTH LOGIN PLAIN CRAM-MD5 AUTH CRAM-MD5 503 auth not available (#5.3.3) AUTH PLAIN 503 auth not available (#5.3.3) ... Andrea
Re: [vchkpw] about smtp auth
Andrea Riela wrote: I've installed vpopmail with make WITH_QMAIL_EXT=yes WITH_DOMAIN_QUOTAS=yes WITH_SPAMASSASSIN=yes SPAM_THRESHOLD=15 RELAYCLEAR=15 WITH_CLEAR_PASSWD=yes I've tryed it. Now in my maillog I see that: Oct 16 19:01:54 observe vpopmail[33600]: vchkpw-smtps: vpopmail user not found [EMAIL PROTECTED]:192.168.17.23 partial solution: I've changed my runscript (as Jeremy says): /usr/local/bin/sslserver -e -v -R -h -l 0 -x /usr/local/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u 89 -g 89 0 465 /var/qmail/bin/qmail-smtpd /usr/local/vpopmail/bin/vchkpw-noroaming /bin/true 2>&1 Now my log is: Oct 16 19:16:39 observe vpopmail[34852]: vchkpw-smtps: password fail [EMAIL PROTECTED]:192.168.17.23 What about this? Regards Andrea
Re: [vchkpw] about smtp auth
I've installed vpopmail with make WITH_QMAIL_EXT=yes WITH_DOMAIN_QUOTAS=yes WITH_SPAMASSASSIN=yes SPAM_THRESHOLD=15 RELAYCLEAR=15 WITH_CLEAR_PASSWD=yes I've tryed it. Now in my maillog I see that: Oct 16 19:01:54 observe vpopmail[33600]: vchkpw-smtps: vpopmail user not found [EMAIL PROTECTED]:192.168.17.23 normally when I try to connect with bincimap I see: Oct 16 19:02:01 observe vpopmail[33603]: vchkpw-imaps: (PLAIN) login success [EMAIL PROTECTED]:192.168.17.23 What I've to check? Regards Andrea
Re: [vchkpw] about smtp auth
Jeremy Kitchen wrote: try authenticating right there. http://fehcom.de/qmail/smtpauth.html I need tls support too. the patch is that? http://shupp.org/patches/netqmail-1.05-tls-smtpauth-20040927.patch thanks for any suggestion Andrea
Re: [vchkpw] about smtp auth
Jeremy Kitchen wrote: Do you have clear password support in vpopmail? I've installed vpopmail with make WITH_QMAIL_EXT=yes WITH_DOMAIN_QUOTAS=yes WITH_SPAMASSASSIN=yes SPAM_THRESHOLD=15 RELAYCLEAR=15 I need WITH_CLEAR_PASSWD=yes too? Regards Andrea
Re: [vchkpw] about smtp auth
Tom Collins wrote: On Oct 15, 2004, at 8:40 AM, Andrea Riela wrote: 250-AUTH LOGIN CRAM-MD5 PLAIN 250-AUTH=LOGIN CRAM-MD5 PLAIN That's an old, outdated patch. Use the other patch mentioned (or the one included in the vpopmail contrib directory). Well, I've installed the last fehcom (0.43), but nothing, the same problem (the email client send a password request ... always). now: observe# telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 nesys.it ESMTP ehlo 250-nesys.it 250-PIPELINING 250-8BITMIME 250 AUTH LOGIN PLAIN CRAM-MD5 what I've to check? Now I use bincimap with vchkpw-noroaming, and qmail-smtpds (with ucspi-ssl) with vchkpw-noroaming. thanks for all Regards Andrea
Re: [vchkpw] about smtp auth
Well, I've tested http://students.imsa.edu/~ngroot/qmail-1.03-starttls-smtp-auth.patch (that is in /usr/ports/mail in Freebsd), my steps was: cd /usr/ports/mail/qmail-smtp_auth+tls make cp work/.../qmail-smtpd /var/qmail/bin/qmail-smtpd observe# telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 nesys.it ESMTP ehlo 250-nesys.it 250-AUTH LOGIN CRAM-MD5 PLAIN 250-AUTH=LOGIN CRAM-MD5 PLAIN 250-STARTTLS 250-PIPELINING 250 8BITMIME My runscript is: #!/bin/sh CERTFILE="/var/qmail/certs/pop3s.cert" KEYFILE="/var/qmail/certs/pop3s.key" DHFILE="/var/qmail/certs/dh1024.pem" export CERTFILE KEYFILE DHFILE QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" ]; then echo QMAILDUID, NOFILESGID, or MAXSMTPD is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi exec /usr/local/bin/softlimit -m 1000 \ /usr/local/bin/sslserver -e -v -R -h -l 0 -x /usr/local/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 465 /var/qmail/bin/qmail-smtpd nesys.it /usr/local/vpopmail/bin/vchkpw-noroaming /bin/true 2>&1 well, the problem is: when I try to connect to send an email, I receive a password request for the user (the same as account user), I type the same password as account user, but, I couldn't send the email, and I receive always the password request. What I've to do? Regards Andrea
[vchkpw] about smtp auth
Hi folks, there's someone here that use Freebsd and qmail+vpopmail+smtp auth? the smtp auth patch in freebsd ports could use vchkpw? there's an howto about that? thank you very much for your support Regards Andrea
Re: [vchkpw] problem with open-smtp and ucspi-ssl
Jiri Navratil wrote: Hi, I think, that you can download with correct name and password but not to send messages if you are using IP address only (not smtp auth). nope, with roaming enabled I could make pop3-b4-smtp and imaps-b4-smtp But my problem is: I could make that only the first time, after nothing Thanks Andrea
Re: [vchkpw] problem with open-smtp and ucspi-ssl
Andrea Riela wrote: Hi guys, my problem in a word is that: when open my email client (whichever), I see my IP in open-smtp, and that sounds fine. But, after $RELAYCLEAR, my IP isn't in open-smtp (correct), but if I try to recheck my emails, I could download, but my IP isn't in open-smtp, that is the roaming is disable. What I've to do? What I've to check? I've reinstalled vpopmail-devel from port (I've freebsd 4.9), and for about 1 hour it worked. Then, the same problem. Probably a little bug? Or a mistake? thank you for your support, and any suggestion Regards Andrea
Re: [vchkpw] problem with open-smtp and ucspi-ssl
Hi guys, my problem in a word is that: when open my email client (whichever), I see my IP in open-smtp, and that sounds fine. But, after $RELAYCLEAR, my IP isn't in open-smtp (correct), but if I try to recheck my emails, I could download, but my IP isn't in open-smtp, that is the roaming is disable. What I've to do? What I've to check? I hope you could help me Regards Andrea
[vchkpw] problem with open-smtp and ucspi-ssl
Hi folks, I've a problem with ucspi-ssl and vpopmail. I use pop-b4-smtp (qmail) and imap-b4-smtp (bincimap) with ssl support (ucspi-ssl). Well, the first time all works fine: I open my email client (thunderbird), I check my emails and in open-smtp I see my IP address. But, when the clearopensmtp clears the IP list, I try to check again my accounts, but nothing appears in open-smtp. In pop3s and imaps logs I could see something like that: sslserver: warning: dropping connection, unable to speak SSL: error:0005:lib(0):func(0):DH lib What could I do? My OS: freebsd 4.9 My ports: ucspi-ssl 0.68 (last), vpopmail 5.5.0_1 (last devel) thanks for any suggestion. Regards Andrea
[vchkpw] about .qmail-default and .qmail
Hi folks, I need your feedbacks, I hope that isn't an OT :) I would implement a solution like that: a script in .qmail-default, that checks emails for viruses, and a script in each .qmail for spam checking (with spamassassin, or dspam, or using tmda). There's someone that has implemented that? I wouldn't have "qmail-queue solutions", like qmail-qfilter, qscanq or qmail-scanner. Then, if it works, I would call the antispam-script from qmailadmin antispam checkbox. For .qmail-default nothing (vqadmin?). Thanks for your support Regards Andrea
[vchkpw] [semi-OT] bincimap and vpopmail
Hi folks, I don't understand the problem at http://lifewithbincimap.org/index.php/HelpMe/QmailVpopmail. There's someone that could help me to configure bincimap with vpopmail and vchkpw? I've to patch vpopmail? thanks for your help Regards Andrea
[vchkpw] strange problem with pop3d
Hi folks, I've a strange problem. Situation: I've a vchkpw-noroaming for my pop3, and vchkpw for my pop3s (qmail-pop3d with ssl: I use pop3-b4-smtp). Well, all works fine, but for one account (always the same account) I see: vchkpw-pop3: vpopmail user not found "account-bugged"@:192.168.17.15 normally I see: vchkpw-pop3: (PLAIN) login success "account-ok"@nesys.it:192.168.17.22 If for that account I use pop3-ssl, all works fine: vchkpw-pop3s: (PLAIN) login success "account-bugged"@nesys.it:192.168.17.15 what I've to do to solve that problem? Is a client problem? thanks for your support Regards Andrea
RE: [vchkpw] pop3 login frequency patch
Oden Eriksson wrote: > Sunday 08 February 2004 14.45 skrev Eduardo M. Bragatto: >> Jeremy Kitchen wrote: >>> that could only be done in tcpserver by rate limiting connections by >>> IP address, and would also affect legitimate connections made by >>> valid users using proper authentication credentials. I'd be mighty >>> upset if anyone rate limited my pop3 connections ;) >>> >>> Of course, special provisions could be made, but >> >> I don't want it at the pop3, I want it on smtpd. Spammers are >> hammering my server, sending messages to lots of domains that I'm >> hosting. If I could set a limit like 5 simultaneously connections for >> each IP address, no one would be able to use all my "slots". > > Could pretty easily be done with: > http://www.deserve-it.com/sw/patches/patch-ucspi-tcp-0.88-periplimit well, just a question. With that patch, I could have problems with mailing lists? And, with that patch, I could download from a lot of pop3 accounts, but send through only "5" smtp connections, right? thanks Andrea
RE: [vchkpw] Re: Problem with qmail-scanner
Tom Collins wrote: > An easier solution should be to add the following to your > qmail-smtpd/run file: > > export QMAIL_QUEUE="/var/qmail/bin/qmail-scanner-queue" > > And then restart qmail-smtpd. In this case, I apply the qmail-scanner-queue for the emails from LAN or loopback (127.). I wouldn't, better I could not would that. Mine patch works only with open-smtp connections, not at all. Why is better the qmail-smtpd/run change? Thanks for your suggestions Andrea
RE: [vchkpw] "multimaildir" in .qmail
Luca Morettoni wrote: > starting delivery 10826: msg 178327 to local ./Maildir2/@the_host > status: local 1/20 remote 0/40 > delivery 10826: failure: > Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/ > status: local 0/20 remote 0/40 Well, the same with 5.4.0-rc2. I've created another two maildir with maildirmake, but when I send a message, I receive the message in Maildir, but an error from Maildir2 and Maildir3: <[EMAIL PROTECTED]>: Sorry, no mailbox here by that name. vpopmail (#5.1.1) <[EMAIL PROTECTED]>: Sorry, no mailbox here by that name. vpopmail (#5.1.1) Well, where is the problem? A mistake in the configuration? Thanks for your support Regards Andrea
RE: [vchkpw] Re: About open-smtp, tcp.smtp and qmail-scanner
Peter Palmreuther wrote: > Hello Andrea, Hi, thanks for support. Now my tcp.smtp: # No Qmail-Scanner at all for mail from 127.0.0.1 127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail- queue" # Use Qmail-Scanner without SpamAssassin on any mail from the LAN 192.168.:allow,RELAYCLIENT="",RBLSMTPD="",TCPREMOTEIP="Protected",QMAILQUEUE ="/var/qmail/bin/qmail-queue" # Use Qmail-Scanner with SpamAssassin on any mail from the rest of the world :allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" Well, how could I use qmail-scanner-queue with emails from pop-before-smtp users? Thanks Andrea
[vchkpw] About open-smtp, tcp.smtp and qmail-scanner
Hi folks, I've a problem. My domain hasn't a catchall account (with qmailadmin I've used the option bounce all), but this morning I've received an email like that: Received: (qmail 16116 invoked from network); 2 Feb 2004 07:59:14 - Received: from adsl-62-123-116-229.dial.atlanet.it (HELO JERICOMASTER.it) (62.123.116.229) by 0 with SMTP; 2 Feb 2004 07:59:14 - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: ups, i've got your mail Importance: Normal X-Mailer: Microsoft Outlook Express 4.72.3612.1700 X-MSMail-Priority: Normal MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="JERICOMASTERd6b4f0dded.2672" This is a multi-part message in MIME format. Well, 62.123.116.229 is a dialup enabled to use smtp relay with pop3-before-smtp. The email above is a worm. That is, my qmail-scanner in tcp.smtp hasn't checked the email, probably because there's nothing that says "the tcp.smtp rules have precedence instead of open-smtp". I haven't an [EMAIL PROTECTED] or [EMAIL PROTECTED] account. That's a problem. Have you got any idea to solve it? My tcp.smtp: # No Qmail-Scanner at all for mail from 127.0.0.1 127.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue " # Use Qmail-Scanner without SpamAssassin on any mail from the LAN 192.168.:allow,RELAYCLIENT="",RBLSMTPD="",TCPREMOTEIP="Protected",QMAILQUEUE ="/var/qmail/bin/qmail-queue" # Use Qmail-Scanner with SpamAssassin on any mail from the rest of the world :allow,DENYMAIL="DNSCHECK",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl " Thanks for all Regards Andrea
RE: [vchkpw] important: roaming users
> I compiled vpopmail 5.4.0-rc2 with: > ./configure --prefix=/usr/local/vpopmail/ > --enable-roaming-users--enable > -relay-clear-minutes=10 --enable-learn-passwords > --enable-domainquotas --ena ble-tcpserver-file=/etc/tcp.smtp I think you have to use /home/vpopmail/etc/tcp.smtp Try with --enable-tcpserver-file=/home/vpopmail/etc/tcp.smtp. In you tcp.smtp add your rules. An example (with qmail-scanner): # No Qmail-Scanner at all for mail from 127.0.0.1 127.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue " # Use Qmail-Scanner without SpamAssassin on any mail from the LAN 192.168.:allow,RELAYCLIENT="",RBLSMTPD="",TCPREMOTEIP="Protected",QMAILQUEUE ="/var/qmail/bin/qmail-queue" # Use Qmail-Scanner with SpamAssassin on any mail from the rest of the world :allow,DENYMAIL="DNSCHECK",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl " Then check 2 things: 1. your pop3 runscript 2. /home/vpopmail/etc/* permissions (like those): -rw-r--r-- 1 root vchkpw25 Jan 24 15:52 inc_deps -rw-r--r-- 1 root vchkpw34 Jan 24 15:52 lib_deps -rw-r--r-- 1 vpopmail vchkpw58 Jan 27 01:48 open-smtp -rw-r--r-- 1 root vchkpw 0 Jan 27 01:41 open-smtp.lock -rw-r--r-- 1 root vchkpw 455 Jan 16 15:55 tcp.smtp -rw-r--r-- 1 vpopmail vchkpw 2414 Jan 27 01:48 tcp.smtp.cdb -rw-r--r-- 1 vpopmail vchkpw 1107 Jan 16 15:54 vlimits.default Andrea
[vchkpw] [OT] problems with server qmailadmin
Hi folks, I've problems to send emails to qmailadmin-devel. For example: [EMAIL PROTECTED] Delay reason: SMTP error from remote mailer after end of data: host sc8-sf-list1-b.sourceforge.net [10.3.1.7]: 421 Unexpected failure, please try later Where could I send my questions about "bug" with tmda, and about the spamassassin patch? Thanks for all, sorry for OT Regards Andrea
RE: [vchkpw] vpopmail 5.4.0-rc2 and defaultquota
Tom Collins wrote: > After installation, edit ~vpopmail/etc/vlimits.default to change the > settings. For me, I've to write 'NOQUOTA' in vlimits.default? Thanks for all, Tom. Regards Andrea
[vchkpw] vpopmail 5.4.0-rc2 and defaultquota
Hi folks, Normally in the past I've used --enable-defaultquota=NOQUOTA. Now, what I've to do, because "configure: error: --enable-defaultquota has been superceded. Please use the ~vpopmail/vlimits.default file instead". What's vlimits.default? Thanks for all Regards Andrea
[vchkpw] Strange question about open-smtp
Hi folks, Probably is a strange question, but for administration I would see all Ip's that use and have used the smtp relay. It's possible to log the open-smtp changes, and all Ip's that probably have used the roaming? Thanks for all Regards Andrea
[vchkpw] Yermo's patch: welcome msg
Hi folks, The Yermo's patch at http://sourceforge.net/tracker/index.php?func=detail&aid=851781&group_id=859 37&atid=577800 works only on 5.3.30, or it could work on 5.4.0-rc1? Thanks for all Regards Andrea
[vchkpw] vpopmail and qconfirm?
Hi folks, Have you ever been using vpopmail with qconfirm? I need your help about qconfirm's installation. Probably is a mistake, but I hope you could help me. Configuration - I've installed qconfirm as root, and I've configurated that for the account '[EMAIL PROTECTED]' as vpopmail user. That is, all the qconfirm binaries are root:wheel, while all in /home/vpopmail... is vpopmail:vchkpw. My qconfirm binaries (/package/mail/qconfirm/command): -rwxr-xr-x 1 root wheel 36864 Jan 18 17:18 qconfirm -rwxr-xr-x 1 root wheel 20480 Jan 18 17:18 qconfirm-accept -rwxr-xr-x 1 root wheel 28672 Jan 18 17:18 qconfirm-cdb-check -rwxr-xr-x 1 root wheel 28672 Jan 18 17:18 qconfirm-cdb-update -rwxr-xr-x 1 root wheel 45056 Jan 18 17:18 qconfirm-check -rwxr-xr-x 1 root wheel 24576 Jan 18 17:18 qconfirm-check-mid -rwxr-xr-x 1 root wheel 32768 Jan 18 17:18 qconfirm-conf -rwxr-xr-x 1 root wheel 40960 Jan 18 17:18 qconfirm-control -rwxr-xr-x 1 root wheel 36864 Jan 18 17:18 qconfirm-inject -rwxr-xr-x 1 root wheel 40960 Jan 18 17:18 qconfirm-notice -rwxr-xr-x 1 root wheel 24576 Jan 18 17:18 qconfirm-return Then I've something like '|qconfirm-check -d/home/vpopmail/domains/nesys.it/test/.qconfirm' in the first line of my .qmail file, and all dir '.qconfirm' is vpopmail:vchkpw. My /home/vpopmail/domains/nesys.it/test/.qconfirm: drwxr-x--- 6 vpopmail vchkpw 512 Jan 19 02:17 . drwx-- 4 vpopmail vchkpw 512 Jan 19 02:19 .. -rw--- 1 vpopmail vchkpw0 Jan 19 02:17 .lock drwxr-x--- 2 vpopmail vchkpw 512 Jan 19 02:16 conf drwxr-x--- 2 vpopmail vchkpw 512 Jan 19 02:15 msg drwxr-x--- 2 vpopmail vchkpw 512 Jan 19 02:15 ok drwxr-x--- 2 vpopmail vchkpw 512 Jan 19 02:25 pending In the 'conf' dir I've the QCONFIRM_PREPEND as follow: 'nesys.it-', because this is a virtualdomain. Problem When I send a message to '[EMAIL PROTECTED]' from '[EMAIL PROTECTED]', I see in the qmail-send log: @4000400b30ab0e3f4cfc delivery 9: deferral: qconfirm-check:_info:_Waiting_for_confirmation:_/home/vpopmail/domains/nesys .it/test/.qconfirm/pending/domain.dom=-user/ And I've two new files: 1. a domain.dom=-user in the pending dir. 2. a new .qmail file after the original .qmail, for example: .qmail-test-qconfirm-439b890d75ba70ca9a944b9a52788a67 His text is: |qconfirm-accept 'domain.dom=-user' '/home/vpopmail/domains/nesys.it/test/.qconfirm' But, when I respond to the qconfirm message, the original message isn't authorizated, and in the qmail-send log I've something like: @4000400b31fa37884924 starting delivery 16: msg 140209 to local [EMAIL PROTECTED] @4000400b31fa37947a3c status: local 1/10 remote 0/20 @4000400b31fa385443e4 delivery 16: deferral: qconfirm-check:_info:_defer:_/home/vpopmail/domains/nesys.it/test/.qconfirm/ pending/domain.dom=-user/ @4000400b31fa385ba684 status: local 0/10 remote 0/20 Have you an advice for me, or a test that I could try to find the problem? Thanks for you patience and support, and sorry if that's an OT question. Regards Andrea
RE: [vchkpw] Question about roaming
Shane Chrisp wrote: > I run 15 minutes for open relay and clearopensmtp every minute from > crontab. I'm sorry, Shane, but I'm very tired and I don't understand. --enable-relay-clear-minutes=15 */1 * * * * /home/vpopmail/bin/clearopensmtp 2>&1 > /dev/null ? Thanks Andrea
[vchkpw] Question about roaming
Hi folks, Could you send me your advices about the most secure configuration of roaming vpopmail's option? --enable-relay-clear-minutes=# how many minutes? clearopensmtp: in crontab, but when? Every hour? Thanks for all Regards Andrea
RE: [vchkpw] Re: Qmail-pop3d (with or without ssl) and open-smtp [SOLVED]
Thanks Peter, thanks ml, Now I've solved my problem. I need this patch: http://jonaspasche.de/ucspi-ssl/sslserver-compat.patch Because with ssl connection I haven't the $TCPREMOTEIP, as Peter said. Thank you very much Regards Andrea
RE: [vchkpw] Re: Qmail-pop3d (with or without ssl) and open-smtp
Andrea Riela wrote: > Well, I think you've hit the problem. > But what I've to do to resolve it? exec /usr/local/bin/softlimit -m 380 \ ktrace -f /tmp/ktrace.ip /usr/local/bin/sslserver -v -R -H -l 0 0 996 \ echo "IP: " $TCPREMOTEIP 2>&1 The kdump says: 13884 sslserver GIO fd 2 wrote 56 bytes "sslserver: cafile 13884 /usr/local/ssl/certs/pop3s.cert " 13884 sslserver RET write 56/0x38 13884 sslserver CALL write(0x2,0xf558,0x1a) 13884 sslserver GIO fd 2 wrote 26 bytes "sslserver: ccafile 13884 " 13884 sslserver RET write 26/0x1a 13884 sslserver CALL write(0x2,0xf558,0x2c) 13884 sslserver GIO fd 2 wrote 44 bytes "sslserver: cadir 13884 /usr/local/ssl/certs " 13884 sslserver RET write 44/0x2c 13884 sslserver CALL write(0x2,0xf558,0x36) 13884 sslserver GIO fd 2 wrote 54 bytes "sslserver: cert 13884 /usr/local/ssl/certs/pop3s.cert " 13884 sslserver RET write 54/0x36 13884 sslserver CALL write(0x2,0xf558,0x34) 13884 sslserver GIO fd 2 wrote 52 bytes "sslserver: key 13884 /usr/local/ssl/certs/pop3s.key " 13884 sslserver RET write 52/0x34 13884 sslserver CALL write(0x2,0xf558,0x3b) 13884 sslserver GIO fd 2 wrote 59 bytes "sslserver: param 13884 /usr/local/ssl/certs/dh1024.pem 512 " 13884 sslserver RET write 59/0x3b 13884 sslserver CALL close(0) 13884 sslserver RET close 0 13884 sslserver CALL close(0x1) 13884 sslserver RET close 0 13884 sslserver CALL write(0x2,0xf558,0x18) 13884 sslserver GIO fd 2 wrote 24 bytes "sslserver: status: 0/40 " 13884 sslserver RET write 24/0x18 13884 sslserver CALL sigprocmask(0x2,0x8) 13884 sslserver RET sigprocmask 524288/0x8 13884 sslserver CALL accept(0x3,0xcfbfd810,0xcfbfd80c) 13884 sslserver RET accept 0 13884 sslserver CALL sigprocmask(0x1,0x8) 13884 sslserver RET sigprocmask 0 13884 sslserver CALL write(0x2,0xf558,0x18) 13884 sslserver GIO fd 2 wrote 24 bytes "sslserver: status: 1/40 " 13884 sslserver RET write 24/0x18 13884 sslserver CALL fork 13884 sslserver RET fork 32655/0x7f8f 13884 sslserver CALL close(0) 13884 sslserver RET close 0 13884 sslserver CALL sigprocmask(0x2,0x8) 13884 sslserver RET sigprocmask 524288/0x8 13884 sslserver CALL accept(0x3,0xcfbfd810,0xcfbfd80c) 13884 sslserver PSIG SIGCHLD caught handler=0x26b0 mask=0x0 13884 sslserver RET accept -1 errno 4 Interrupted system call 13884 sslserver CALL wait4(0x,0xcfbfd6ec,0x1,0) 13884 sslserver RET wait4 32655/0x7f8f 13884 sslserver CALL write(0x2,0xf558,0x22) 13884 sslserver GIO fd 2 wrote 34 bytes "sslserver: end 32655 status 28416 " 13884 sslserver RET write 34/0x22 13884 sslserver CALL write(0x2,0xf558,0x18) 13884 sslserver GIO fd 2 wrote 24 bytes "sslserver: status: 0/40 " 13884 sslserver RET write 24/0x18 13884 sslserver CALL wait4(0x,0xcfbfd6ec,0x1,0) 13884 sslserver RET wait4 -1 errno 10 No child processes 13884 sslserver CALL sigreturn(0xcfbfd708) 13884 sslserver RET sigreturn JUSTRETURN 13884 sslserver CALL sigprocmask(0x1,0x8) 13884 sslserver RET sigprocmask 0 13884 sslserver CALL sigprocmask(0x2,0x8) 13884 sslserver RET sigprocmask 524288/0x8 13884 sslserver CALL accept(0x3,0xcfbfd810,0xcfbfd80c) I hope that could help you to define the problem Thanks Andrea
RE: [vchkpw] Re: Qmail-pop3d (with or without ssl) and open-smtp
Peter Palmreuther wrote: > Hello Andrea, > Reading your dumps a having a look in vpopmail sources I get > the impression when you're in SSL mode the environment > variable TCPREMOTEIP seems not to be set. I don't know which > vpopmail version you're actually using, so I don't know if > there are other versions when vpopmail does neither read nor > write open-smtp, but this could be /one/ reason. Well, my version is 5.4.0-rc1. Now my runscript is: #!/bin/sh CAFILE="/usr/local/ssl/certs/pop3s.cert" CERTFILE="/usr/local/ssl/certs/pop3s.cert" KEYFILE="/usr/local/ssl/certs/pop3s.key" DHFILE="/usr/local/ssl/certs/dh1024.pem" export CAFILE CERTFILE KEYFILE DHFILE exec /usr/local/bin/softlimit -m 380 \ /usr/local/bin/sslserver -v -R -H -l 0 0 996 \ echo "IP: " $TCPREMOTEIP 2>&1 I've tried on the same terminal, with 'openssl s_client -connect 127.0.0.1:996', and with 'openssl s_client -connect 'server's_public_IP:996' from a remote terminal, this is my output: observe# openssl s_client -connect 127.0.0.1:996 CONNECTED(0004) --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher: DHE-RSA-AES256-SHA Session-ID: 564576620745756255D48121BE33D73A63D01F365BC3610D3ECF008EE129C3E3 Session-ID-ctx: Master-Key: ACA2871B120D636E91035E8C61CBEF378BFB241D454CFAD088B2DB5217A81E2747D881946AB1 06CBB564E3F3590FEDF4 Key-Arg : None Start Time: 1074331971 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- read:errno=0 observe# TiG4:~ andrea$ openssl s_client -connect :996 CONNECTED(0003) --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher: DHE-RSA-AES256-SHA Session-ID: EAB08452498F726CC32FE84EEE09E8F2DA2273D42ED6D70382B7D31A980CECEE Session-ID-ctx: Master-Key: F044319BCC17B487ED2E457F7305F0F1FD6267AC7385A02DFAFDC522B67CDDC2760BD9F7C5E1 2931106380FD54054F30 Key-Arg : None Start Time: 1074335061 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- read:errno=0 TiG4:~ andrea$ Well, I think you've hit the problem. But what I've to do to resolve it? Thanks for all Regards Andrea
RE: [vchkpw] Qmail-pop3d (with or without ssl) and open-smtp
Andrea Riela wrote: > Kdump.pop3d (< ktrace.pop3d): > http://www.nesys.it/kdump.pop3d > Kdump.pop3s (< ktrace.pop3s): > http://www.nesys.it/kdump.pop3s The differences probably are here: --- kdump.pop3d Sat Jan 17 00:34:38 2004 +++ kdump.pop3s Sat Jan 17 00:40:50 2004 @ -292,86 +292,42 @@ [...] - 14311 vchkpw CALL write(0x3,0x17000,0xd) - 14311 vchkpw GIO fd 3 wrote 13 bytes - - "[... my IP ...]" - - 14311 vchkpw RET write 13/0xd [...] - 14311 vchkpw CALL fstat(0x4,0xcfbfd7b0) - 14311 vchkpw RET fstat 0 - 14311 vchkpw CALL mprotect(0x4002b000,0x1000,0x3) - 14311 vchkpw RET mprotect 0 - 14311 vchkpw CALL mprotect(0x4002b000,0x1000,0x1) - 14311 vchkpw RET mprotect 0 - 14311 vchkpw CALL read(0x4,0x16000,0x2000) - 14311 vchkpw GIO fd 4 read 116 bytes - - "[... the open-smtp file ...]" - - 14311 vchkpw RET read 116/0x74 - 14311 vchkpw CALL fstat(0x5,0xcfbfd760) - 14311 vchkpw RET fstat 0 - 14311 vchkpw CALL break(0x1a000) - 14311 vchkpw RET break 0 - 14311 vchkpw CALL break(0x1c000) - 14311 vchkpw RET break 0 - 14311 vchkpw CALL mprotect(0x4002b000,0x1000,0x3) - 14311 vchkpw RET mprotect 0 - 14311 vchkpw CALL mprotect(0x4002b000,0x1000,0x1) - 14311 vchkpw RET mprotect 0 - 14311 vchkpw CALL read(0x4,0x16000,0x2000) - 14311 vchkpw RET read 0 - 14311 vchkpw CALL close(0x4) - 14311 vchkpw RET close 0 - 14311 vchkpw CALL write(0x5,0x1a000,0x74) - 14311 vchkpw GIO fd 5 wrote 116 bytes - - "[... the open-smtp file ...]" - - 14311 vchkpw RET write 116/0x74 - 14311 vchkpw CALL close(0x5) - 14311 vchkpw RET close 0 - 14311 vchkpw CALL rename(0xcfbfdb0c,0x835e) - 14311 vchkpw NAMI "/home/vpopmail/etc/open-smtp.tmp.14311" - 14311 vchkpw NAMI "/home/vpopmail/etc/open-smtp" - 14311 vchkpw RET rename 0 Thanks for any suggestion. Regards Andrea
[vchkpw] Qmail-pop3d (with or without ssl) and open-smtp
Hi folks, Now I've checked permissions and configurations, but I don't find the mistake. Why qmail-pop3d via ssl don't open the relay? I hope someone could help me, looking my ktrace's tests Qmail-pop3d with vchkpw (roaming enabled) (that's OK) - #!/bin/sh exec /usr/local/bin/softlimit -m 380 \ /usr/local/bin/tcpserver -v -R -H -l 0 0 110 /var/qmail/bin/qmail-popup \ nesys.it ktrace -f /tmp/ktrace.pop3d /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 2>&1 Kdump.pop3d (< ktrace.pop3d): http://www.nesys.it/kdump.pop3d My /home/vpopmail/etc: drwxr-xr-x 2 vpopmail vchkpw 512 Jan 16 23:25 . drwxr-xr-x 8 root wheel512 Jan 16 15:54 .. -rw-r--r-- 1 root vchkpw25 Jan 16 15:57 inc_deps -rw-r--r-- 1 root vchkpw34 Jan 16 15:57 lib_deps -rw-r--r-- 1 root vchkpw 116 Jan 16 23:09 open-smtp -rw-r--r-- 1 root vchkpw 0 Jan 16 23:20 open-smtp.lock -rw-r--r-- 1 root vchkpw 455 Jan 16 15:55 tcp.smtp -rw-r--r-- 1 root vchkpw 2352 Jan 16 23:18 tcp.smtp.cdb -rw-r--r-- 1 vpopmail vchkpw 1107 Jan 16 15:54 vlimits.default Then I've changed my IP and Qmail-pop3d via ssl with the same vchkpw (roaming enabled) (no OK) -- #!/bin/sh CAFILE="/usr/local/ssl/certs/pop3s.cert" CERTFILE="/usr/local/ssl/certs/pop3s.cert" KEYFILE="/usr/local/ssl/certs/pop3s.key" DHFILE="/usr/local/ssl/certs/dh1024.pem" export CAFILE CERTFILE KEYFILE DHFILE exec /usr/local/bin/softlimit -m 380 \ /usr/local/bin/sslserver -v -R -H -l 0 0 995 /var/qmail/bin/qmail-popup \ nesys.it ktrace -f /tmp/ktrace.pop3s /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 2>&1 Kdump.pop3s (< ktrace.pop3s): http://www.nesys.it/kdump.pop3s My /home/vpopmail/etc: drwxr-xr-x 2 vpopmail vchkpw 512 Jan 16 23:25 . drwxr-xr-x 8 root wheel512 Jan 16 15:54 .. -rw-r--r-- 1 root vchkpw25 Jan 16 15:57 inc_deps -rw-r--r-- 1 root vchkpw34 Jan 16 15:57 lib_deps -rw-r--r-- 1 root vchkpw 116 Jan 16 23:09 open-smtp -rw-r--r-- 1 root vchkpw 0 Jan 16 23:20 open-smtp.lock -rw-r--r-- 1 root vchkpw 0 Jan 16 23:20 open-smtp.tmp.13569 -rw-r--r-- 1 root vchkpw 455 Jan 16 15:55 tcp.smtp -rw-r--r-- 1 root vchkpw 2352 Jan 16 23:18 tcp.smtp.cdb -rw-r--r-- 1 vpopmail vchkpw 1107 Jan 16 15:54 vlimits.default Well, there's a difference, but I don't see it. I need your help. I hope you have time again to help me. Thank you very much for all Regards Andrea
RE: [vchkpw] Re: Ucspi-ssl? --> permissions
Well, I don't undestand. Wich are the right permissions? In my 'bin' dir all's vpopmail:vchkpw In my 'domains' dir all's vpopmail:vchkpw In my 'include' dir all's root:vchkpw In my 'lib' dir the libvpopmail.a is root:vchkpw And in my 'etc'? What about? And my tcpserver/sslserver has to run as '-u 89 -g 89' or without that (as root, I think)? Thanks for the support Andrea
RE: [vchkpw] Re: Ucspi-ssl? --> test
Peter Palmreuther wrote: > Execute > > chown vpopmail.vchkpw /home/vpopmail/etc > > and test again. If this succeeds you /can/ further search for > the cause of 'setuid' vchkpw is run as, or you can live with > the fact you need 'write permissions for vpopmail on ~vpopmail/etc'. Now the etc dir is vpopmail:vchkpw. But, after the pop3-ssl download, I see that in my /home/vpopmail/etc: observe# ls -la total 10 drwxr-xr-x 2 vpopmail vchkpw 512 Jan 16 02:12 . drwxr-xr-x 8 root wheel512 Jan 12 01:10 .. -rw-r--r-- 1 root wheel 25 Jan 12 12:13 inc_deps -rw-r--r-- 1 root wheel 34 Jan 12 12:13 lib_deps -rw-r--r-- 1 vpopmail vchkpw 0 Jan 16 01:40 open-smtp -rw-r--r-- 1 vpopmail vchkpw 0 Jan 16 02:12 open-smtp.lock -rw-r--r-- 1 vpopmail vchkpw 0 Jan 16 02:12 open-smtp.tmp.4179 -rw-r--r-- 1 root wheel454 Jan 12 01:07 tcp.smtp -rw-r--r-- 1 root vchkpw 2352 Jan 16 01:56 tcp.smtp.cdb -rw-r--r-- 1 vpopmail vchkpw 1107 Jan 12 01:09 vlimits.default This is a piece of my kdump.out: 4179 vchkpw CALL chown(0x16000,0x59,0x59) 4179 vchkpw NAMI "/home/vpopmail/domains/nesys.it/test/lastauth" 4179 vchkpw RET chown 0 4179 vchkpw CALL gettimeofday(0xcfbfd784,0) 4179 vchkpw RET gettimeofday 0 4179 vchkpw CALL open(0x833c,0x602,0x1b6) 4179 vchkpw NAMI "/home/vpopmail/etc/open-smtp.lock" 4179 vchkpw RET open 3 4179 vchkpw CALL fcntl(0x3,0x8,0xcfbfd734) 4179 vchkpw RET fcntl 0 4179 vchkpw CALL open(0x835e,0x2,0x1b6) 4179 vchkpw NAMI "/home/vpopmail/etc/open-smtp" 4179 vchkpw RET open 4 4179 vchkpw CALL getpid 4179 vchkpw RET getpid 4179/0x1053 4179 vchkpw CALL open(0xcfbfd9d8,0x602,0x1b6) 4179 vchkpw NAMI "/home/vpopmail/etc/open-smtp.tmp.4179" 4179 vchkpw RET open 5 4179 vchkpw CALL fcntl(0x3,0x8,0xcfbfd764) 4179 vchkpw RET fcntl 0 4179 vchkpw CALL close(0x3) 4179 vchkpw RET close 0 4179 vchkpw CALL setgid(0x59) 4179 vchkpw RET setgid 0 4179 vchkpw CALL setuid(0x59) 4179 vchkpw RET setuid 0 4179 vchkpw CALL chdir(0x12c22) 4179 vchkpw NAMI "/home/vpopmail/domains/nesys.it/test" 4179 vchkpw RET chdir 0 4179 vchkpw CALL close(0x) 4179 vchkpw RET close -1 errno 9 Bad file descriptor 4179 vchkpw CALL execve(0xcfbfdbca,0xcfbfdb74,0x16000) 4179 vchkpw NAMI "/var/qmail/bin/qmail-pop3d" 4179 qmail-pop3d EMUL "native" 4179 qmail-pop3d RET execve 0 4179 qmail-pop3d CALL open(0x10e5,0,0) Well, my /home/vpopmail/domains/nesys.it/test is: drwx-- 3 vpopmail vchkpw 512 Jan 14 11:36 test Question: the /home dir needs the nosuid in "fstab" file, or not? My fstab: /dev/wd0a / ffs rw 1 1 /dev/wd0h /home ffs rw,nodev,nosuid 1 2 /dev/wd0n /logs ffs rw,nodev,nosuid 1 2 /dev/wd0m /src ffs rw,nodev,nosuid 1 2 /dev/wd0d /tmp ffs rw,nodev,nosuid 1 2 /dev/wd0g /usr ffs rw,nodev 1 2 /dev/wd0e /var ffs rw,nodev 1 2 #/dev/wd0e /var ffs rw,nodev,nosuid 1 2 /dev/wd0l /web ffs rw,nodev 1 2 #/dev/wd0l /web ffs rw,nodev,nosuid 1 2 Thanks for all Regards Andrea
RE: [vchkpw] Re: Ucspi-ssl? --> test
Peter Palmreuther wrote: > Not 'probably', for sure. vchpw ain't able to open a lock > file and therefore refuses to continue writing IP to open-smtp. > >> -rw-r--r-- 1 vpopmail vchkpw 0 Jan 15 15:40 open-smtp >> -rw-r--r-- 1 root wheel 0 Jan 15 01:22 open-smtp.lock > Returning to your problem: in line 188 of your dump I see: > >> 16072 vchkpw CALL geteuid >> 16072 vchkpw RET geteuid 89/0x59 > > So your vchkpw is run as 'vpopmail'. But the lock file is > owned by (and write restricted to) root. I don't see a setuid > call in your run script, so: any of vpopmail binaries set the > setuid bit? What's the output of > > ls -l /home/vpopmail/bin/* > > Any '-u 89' anywhere in your startup script? Any other > possible 'change user ID' mechanism? Vpopmail: -u 89 Vchkpw: -g 89 observe# ls -l /home/vpopmail/bin/* -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/clearopensmtp -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/vaddaliasdomain -rwx--x--x 1 vpopmail vchkpw 69632 Jan 12 12:13 /home/vpopmail/bin/vadddomain -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/vadduser -rwx--x--x 1 vpopmail vchkpw 69632 Jan 12 12:13 /home/vpopmail/bin/valias -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/vchangepw -rwx--x--x 1 vpopmail vchkpw 73728 Jan 12 12:13 /home/vpopmail/bin/vchkpw -rwx--x--x 1 vpopmail vchkpw 208734 Jan 12 01:08 /home/vpopmail/bin/vchkpw-noroaming -rwx--x--x 1 vpopmail vchkpw 69632 Jan 12 12:13 /home/vpopmail/bin/vconvert -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/vdeldomain -rwx--x--x 1 vpopmail vchkpw 73728 Jan 12 12:13 /home/vpopmail/bin/vdelivermail -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/vdeloldusers -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/vdeluser -rwx--x--x 1 vpopmail vchkpw 69632 Jan 12 12:13 /home/vpopmail/bin/vdominfo -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/vipmap -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/vkill -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/vmkpasswd -rwx--x--x 1 vpopmail vchkpw 77824 Jan 12 12:13 /home/vpopmail/bin/vmoddomlimits -rwx--x--x 1 vpopmail vchkpw 69632 Jan 12 12:13 /home/vpopmail/bin/vmoduser -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/vpasswd -rwx--x--x 1 vpopmail vchkpw 69632 Jan 12 12:13 /home/vpopmail/bin/vpopbull -rwx--x--x 1 vpopmail vchkpw 73728 Jan 12 12:13 /home/vpopmail/bin/vqmaillocal -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/vsetuserquota -rwx--x--x 1 vpopmail vchkpw 69632 Jan 12 12:13 /home/vpopmail/bin/vuserinfo > Nonetheless you can try to delete open-smtp.lock, maybe (if > '/home/vpopmail/etc' permits UID 89 to create a new file) > this already solves your problem. I've deleted my open-smtp.lock, and I've tried to download emails from pop3-ssl, but my ktrace says the same: [...] 29540 vchkpw NAMI "/home/vpopmail/domains/nesys.it/test/lastauth" 29540 vchkpw RET chown 0 29540 vchkpw CALL gettimeofday(0xcfbfd58c,0) 29540 vchkpw RET gettimeofday 0 29540 vchkpw CALL open(0x833c,0x602,0x1b6) 29540 vchkpw NAMI "/home/vpopmail/etc/open-smtp.lock" 29540 vchkpw RET open -1 errno 13 Permission denied 29540 vchkpw CALL setgid(0x59) 29540 vchkpw RET setgid 0 29540 vchkpw CALL setuid(0x59) 29540 vchkpw RET setuid 0 29540 vchkpw CALL chdir(0x12c22) 29540 vchkpw NAMI "/home/vpopmail/domains/nesys.it/test" 29540 vchkpw RET chdir 0 29540 vchkpw CALL close(0x) 29540 vchkpw RET close -1 errno 9 Bad file descriptor 29540 vchkpw CALL execve(0xcfbfd9d2,0xcfbfd97c,0x16000) 29540 vchkpw NAMI "/var/qmail/bin/qmail-pop3d" 29540 qmail-pop3d EMUL "native" 29540 qmail-pop3d RET execve 0 29540 qmail-pop3d CALL open(0x10e5,0,0) 29540 qmail-pop3d NAMI "/usr/libexec/ld.so" 29540 qmail-pop3d RET open 3 29540 qmail-pop3d CALL read(0x3,0xcfbfd984,0x20) [...] ... Ooopss ... I've seen now the problem! observe# ls -la total 8 drwxr-xr-x 8 root wheel512 Jan 12 01:10 . drwxr-xr-x 5 root wheel512 Dec 11 09:23 .. drwxr-xr-x 2 vpopmail vchkpw 1024 Jan 12 12:13 bin drwxr-xr-x 4 vpopmail vchkpw 512 Jul 15 2003 doc drwx-- 8 vpopmail vchkpw 512 Dec 23 00:45 domains drwxr-xr-x 2 root wheel512 Jan 15 17:10 etc drwxr-xr-x 2 vpopmail vchkpw 512 Jan 12 12:13 include drwxr-xr-x 2 vpopmail vchkpw 512 Jan 12 12:13 lib The etc directory is the problem, I think. Right? What the right permission? My etc dir: observe# ls -la total 10 drwxr-xr-x 2 root wheel512 Jan 15 17:10 . drwxr-xr-x 8 root wheel512 Jan 12 01:10 .. -rw-r--r-- 1 root wheel 25 Jan 12 12:13 inc_deps -rw-r--r-- 1 root wheel 34 Jan 12 12:13 lib_deps -rw-r--r--
RE: [vchkpw] Re: Ucspi-ssl? --> test
Tom Collins wrote: > Yep, delete the lock file. ok > > Is /home/vpopmail/domains/nesys.it/test a valid directory? > If not, why > not? What are its permissions. drwx-- 3 vpopmail vchkpw 512 Jan 14 11:36 test It's right? > In the vpopmail source directory, type `make fix-priv` to set the > proper permissions on the domains directory. Then I've to make install-strip and recompile qmailadmin/vqadmin/courier-imap? Thanks Andrea
RE: [vchkpw] Re: Ucspi-ssl? --> test
fstatfs 0 16072 qmail-pop3d CALL getdirentries(0x3,0x8000,0x1000,0x7054) 16072 qmail-pop3d RET getdirentries 512/0x200 16072 qmail-pop3d CALL getdirentries(0x3,0x8000,0x1000,0x7054) 16072 qmail-pop3d RET getdirentries 0 16072 qmail-pop3d CALL lseek(0x3,0,0,0,0) 16072 qmail-pop3d RET lseek 0 16072 qmail-pop3d CALL close(0x3) 16072 qmail-pop3d RET close 0 16072 qmail-pop3d CALL stat(0x61fc,0xcfbfd8e8) 16072 qmail-pop3d NAMI "new/1074177960.M303595P13440V0007I00298BC8_0.observe.nesys.it,S=1214" 16072 qmail-pop3d RET stat 0 16072 qmail-pop3d CALL select(0x2,0,0xcfbfd868,0,0xcfbfd860) 16072 qmail-pop3d RET select 1 16072 qmail-pop3d CALL write(0x1,0x64c0,0x6) 16072 qmail-pop3d GIO fd 1 wrote 6 bytes "+OK \r " 16072 qmail-pop3d RET write 6 16072 qmail-pop3d CALL select(0x1,0xcfbfd828,0,0,0xcfbfd820) 16072 qmail-pop3d RET select 1 16072 qmail-pop3d CALL read(0,0x6318,0x80) 16072 qmail-pop3d GIO fd 0 read 6 bytes "STAT\r " 16072 qmail-pop3d RET read 6 16072 qmail-pop3d CALL select(0x2,0,0xcfbfd818,0,0xcfbfd810) 16072 qmail-pop3d RET select 1 16072 qmail-pop3d CALL write(0x1,0x64c0,0xc) 16072 qmail-pop3d GIO fd 1 wrote 12 bytes "+OK 1 1214\r " 16072 qmail-pop3d RET write 12/0xc 16072 qmail-pop3d CALL select(0x1,0xcfbfd828,0,0,0xcfbfd820) 16072 qmail-pop3d RET select 1 16072 qmail-pop3d CALL read(0,0x6318,0x80) 16072 qmail-pop3d GIO fd 0 read 6 bytes "UIDL\r " 16072 qmail-pop3d RET read 6 16072 qmail-pop3d CALL select(0x2,0,0xcfbfd7e8,0,0xcfbfd7e0) 16072 qmail-pop3d RET select 1 16072 qmail-pop3d CALL write(0x1,0x64c0,0x6) 16072 qmail-pop3d GIO fd 1 wrote 6 bytes "+OK \r " 16072 qmail-pop3d RET write 6 16072 qmail-pop3d CALL select(0x2,0,0xcfbfd808,0,0xcfbfd800) 16072 qmail-pop3d RET select 1 16072 qmail-pop3d CALL write(0x1,0x64c0,0x4b) 16072 qmail-pop3d GIO fd 1 wrote 75 bytes "1 1074177960.M303595P13440V0007I00298BC8_0.observe.nesys.it,S=1214\r .\r " 16072 qmail-pop3d RET write 75/0x4b 16072 qmail-pop3d CALL select(0x1,0xcfbfd828,0,0,0xcfbfd820) 16072 qmail-pop3d RET select 1 16072 qmail-pop3d CALL read(0,0x6318,0x80) 16072 qmail-pop3d GIO fd 0 read 6 bytes "LIST\r " 16072 qmail-pop3d RET read 6 16072 qmail-pop3d CALL select(0x2,0,0xcfbfd7e8,0,0xcfbfd7e0) 16072 qmail-pop3d RET select 1 16072 qmail-pop3d CALL write(0x1,0x64c0,0x6) 16072 qmail-pop3d GIO fd 1 wrote 6 bytes "+OK \r " 16072 qmail-pop3d RET write 6 16072 qmail-pop3d CALL select(0x2,0,0xcfbfd808,0,0xcfbfd800) 16072 qmail-pop3d RET select 1 16072 qmail-pop3d CALL write(0x1,0x64c0,0xb) 16072 qmail-pop3d GIO fd 1 wrote 11 bytes "1 1214\r .\r " 16072 qmail-pop3d RET write 11/0xb 16072 qmail-pop3d CALL select(0x1,0xcfbfd828,0,0,0xcfbfd820) 16072 qmail-pop3d RET select 1 16072 qmail-pop3d CALL read(0,0x6318,0x80) 16072 qmail-pop3d GIO fd 0 read 8 bytes "RETR 1\r " 16072 qmail-pop3d RET read 8 16072 qmail-pop3d CALL open(0x61fc,0x4,0x619c) 16072 qmail-pop3d NAMI "new/1074177960.M303595P13440V0007I00298BC8_0.observe.nesys.it,S=1214" 16072 qmail-pop3d RET open 3 16072 qmail-pop3d CALL select(0x2,0,0xcfbfd808,0,0xcfbfd800) 16072 qmail-pop3d RET select 1 16072 qmail-pop3d CALL write(0x1,0x64c0,0x6) 16072 qmail-pop3d GIO fd 1 wrote 6 bytes "+OK \r " 16072 qmail-pop3d RET write 6 16072 qmail-pop3d CALL read(0x3,0x68c8,0x400) 16072 qmail-pop3d GIO fd 3 read 1024 bytes "Received: (qmail 28700 invoked by uid 1008); 15 Jan 2004 14:46:00 - Received: from [EMAIL PROTECTED] by observe.nesys.it by uid 1001 with qmail-scanner-1.20 (f-prot: 4.0.0/3.13.3. spamassassin: 2.60. Clear:RC:0(212.216.176.206):SA:0(0.0/6.9):. Processed in 0.235665 secs); 15 Jan 2004 14:46:00 - Received: from unknown (HELO vsmtp12.tin.it) (212.216.176.206) by 0 with SMTP; 15 Jan 2004 14:45:59 - Received: from Avatar (80.180.15.150) by vsmtp12.tin.it (7.0.019) id 3FE0347C004E0626 for [EMAIL PROTECTED]; Thu, 15 Jan 2004 15:45:59 +0100 From: "Dott. Andrea Riela" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Test Date: Thu, 15 Jan 2004 15:45:58 +0100 Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal X-Spam-C" &
RE: [vchkpw] vchkpw and courier 2.2.2 (update)
Dear ml, Thanks for your help. Now courier-pop3d and courier-pop3s work fine. I can download my emails, but the relay isn't opened. Test >From a dialup I've received emails from two accounts, one with pop3d, one with pop3s. Then I've tried to send emails through my smtp relay from my remote IP (and, not important, from the same accounts). My smtp server's answer: error 553 It's clear that the roaming option (enabled in my vpopmail) doesn't work propertly. Question: wich type of test could I do to help you to find the problem (my mistake or a bug, I don't know; my open-smtp is completely blank, but I don't know if courier, as qmail, may write that)? Thanks for your support, and patience Regards Andrea
RE: [vchkpw] Re: Ucspi-ssl? --> test [2]
Another test, with: exec /usr/local/bin/softlimit -m 380 \ /usr/local/bin/sslserver -u 89 -g 89 -v -R -H -l 0 0 995 ktrace -f /tmp/ktrace.out /var/qmail/bin/qmail-popup \ nesys.it /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 2>&1 Now I've resolved the .tmp files problem. Now I haven't the open-smtp.tmp. But my open-smtp is blank. It's fine that directory (as permissions)? observe# ls -la total 10 drwxr-xr-x 2 root wheel 1024 Jan 15 01:24 . drwxr-xr-x 8 root wheel512 Jan 12 01:10 .. -rw-r--r-- 1 root wheel 25 Jan 12 12:13 inc_deps -rw-r--r-- 1 root wheel 34 Jan 12 12:13 lib_deps -rw-r--r-- 1 vpopmail vchkpw 0 Jan 15 00:40 open-smtp -rw-r--r-- 1 root wheel 0 Jan 15 01:22 open-smtp.lock -rw-r--r-- 1 root wheel454 Jan 12 01:07 tcp.smtp -rw-r--r-- 1 root wheel 2352 Jan 15 00:59 tcp.smtp.cdb -rw-r--r-- 1 vpopmail vchkpw 1107 Jan 12 01:09 vlimits.default My test --- Connect with Outlook --> 995, user [EMAIL PROTECTED], pass test There's an email, I've downloaded that. But no roaming enabled. Result -- 31443 ktrace RET ktrace 0 31443 ktrace CALL execve(0xcfbfd862,0xcfbfd800,0xcfbfd818) 31443 ktrace NAMI "/var/qmail/bin/qmail-popup" 31443 qmail-popup EMUL "native" 31443 qmail-popup RET execve 0 31443 qmail-popup CALL open(0x10e5,0,0) 31443 qmail-popup NAMI "/usr/libexec/ld.so" 31443 qmail-popup RET open 3 31443 qmail-popup CALL read(0x3,0xcfbfda34,0x20) 31443 qmail-popup GIO fd 3 read 32 bytes "[EMAIL PROTECTED] \0\0\0\0\0\0\0\0\0\0 \0\0\0\0\0\0\0\0\0\0\0" 31443 qmail-popup RET read 32/0x20 31443 qmail-popup CALL mmap(0,0xf000,0x5,0x2,0x3,0,0,0) 31443 qmail-popup RET mmap 1073762304/0x40005000 31443 qmail-popup CALL mmap(0x40012000,0x2000,0x7,0x12,0x3,0,0xd000,0) 31443 qmail-popup RET mmap 1073815552/0x40012000 31443 qmail-popup CALL issetugid 31443 qmail-popup RET issetugid 0 31443 qmail-popup CALL __sysctl(0xcfbfd8a4,0x2,0x40013a08,0xcfbfd8a0,0,0) 31443 qmail-popup RET __sysctl 0 31443 qmail-popup CALL mmap(0,0x8000,0x3,0x1004,0x,0,0,0) 31443 qmail-popup RET mmap 1073823744/0x40014000 31443 qmail-popup CALL open(0x40006b74,0,0) 31443 qmail-popup NAMI "/var/run/ld.so.hints" 31443 qmail-popup RET open 4 31443 qmail-popup CALL fstat(0x4,0xcfbfd84c) 31443 qmail-popup RET fstat 0 31443 qmail-popup CALL mmap(0,0x1bcb,0x1,0x4,0x4,0,0,0) 31443 qmail-popup RET mmap 1073856512/0x4001c000 31443 qmail-popup CALL open(0x4001d093,0,0) 31443 qmail-popup NAMI "/usr/lib/libc.so.29.0" 31443 qmail-popup RET open 5 31443 qmail-popup CALL read(0x5,0xcfbfd92c,0x20) 31443 qmail-popup GIO fd 5 read 32 bytes "[EMAIL PROTECTED] \0\0\0\0\0\0\0\0\0\0\0" 31443 qmail-popup RET read 32/0x20 31443 qmail-popup CALL mmap(0,0xbd6f0,0x5,0x4,0x5,0,0,0) 31443 qmail-popup RET mmap 1073864704/0x4001e000 31443 qmail-popup CALL mprotect(0x400a4000,0x9000,0x7) 31443 qmail-popup RET mprotect 0 31443 qmail-popup CALL mmap(0x400ad000,0x2e6f0,0x3,0x1014,0x,0,0,0) 31443 qmail-popup RET mmap 1074450432/0x400ad000 31443 qmail-popup CALL close(0x5) 31443 qmail-popup RET close 0 31443 qmail-popup CALL __sysctl(0xcfbfd854,0x2,0x400abb6c,0xcfbfd850,0,0) 31443 qmail-popup RET __sysctl 0 31443 qmail-popup CALL __sysctl(0xcfbfd854,0x2,0x400abb70,0xcfbfd850,0,0) 31443 qmail-popup RET __sysctl 0 31443 qmail-popup CALL __sysctl(0xcfbfd854,0x2,0x400abb74,0xcfbfd850,0,0) 31443 qmail-popup RET __sysctl 0 31443 qmail-popup CALL __sysctl(0xcfbfd854,0x2,0x400abb78,0xcfbfd850,0,0) 31443 qmail-popup RET __sysctl 0 31443 qmail-popup CALL __sysctl(0xcfbfd854,0x2,0x400abb7c,0xcfbfd850,0,0) 31443 qmail-popup RET __sysctl 0 31443 qmail-popup CALL __sysctl(0xcfbfd854,0x2,0x400abb80,0xcfbfd850,0,0) 31443 qmail-popup RET __sysctl 0 31443 qmail-popup CALL __sysctl(0xcfbfd854,0x2,0x400abb84,0xcfbfd850,0,0) 31443 qmail-popup RET __sysctl 0 31443 qmail-popup CALL __sysctl(0xcfbfd854,0x2,0x400abb88,0xcfbfd850,0,0) 31443 qmail-popup RET __sysctl 0 31443 qmail-popup CALL munmap(0x4001c000,0x1bcb) 31443 qmail-popup RET munmap 0 31443 qmail-popup CALL close(0x4) 31443 qmail-popup RET close 0 31443 qmail-popup CALL close(0x3) 31443 qmail-popup RET close 0 31443 qmail-popup CALL __sysctl(0xcfbfd9dc,0x2,0x400db6e8,0xcfbfd9d8,0,0) 31443 qmail-popup RET __sysctl 0 31443 qmail-popup CALL readlink(0x400655f6,0xcfbfd934,0x3f) 31443 qmail-popup NAMI "/etc/malloc.conf" 31443 qmail-popup RET readlink -1 errno 2 No such file or directory 31443 qmail-popup CALL issetugid 31443 qmail-popup RET issetugid 0 31443 qmail-popup CALL mmap(0,0x1000,0x3,0x1002,0x,0,0,0) 31443 qmail-popup RET mmap 1073856512/0x4001c000 31443 qmail-popup CALL break(0x5558) 31443 qmail-popup RET break 0 31443 qmail-popup CALL break(0x5558) 31443 qmail-popup RET break 0 31443 qmail-popup CALL break(0
RE: [vchkpw] Re: Ucspi-ssl? --> test
This is my test: The runscript - #!/bin/sh CAFILE="/usr/local/ssl/certs/pop3s.cert" CERTFILE="/usr/local/ssl/certs/pop3s.cert" KEYFILE="/usr/local/ssl/certs/pop3s.key" DHFILE="/usr/local/ssl/certs/dh1024.pem" export CAFILE CERTFILE KEYFILE DHFILE exec /usr/local/bin/softlimit -m 380 \ /usr/local/bin/sslserver -v -R -H -l 0 0 995 ktrace -f /tmp/ktrace.out /var/qmail/bin/qmail-popup \ nesys.it /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 2>&1 Test observe# openssl s_client -connect 127.0.0.1:995 CONNECTED(0004) --- +OK <[EMAIL PROTECTED]> USER [EMAIL PROTECTED] +OK PASS test +OK LIST +OK . QUIT DONE observe# kdump -f ktrace.out > kdump.out The result --- 5752 ktrace RET ktrace 0 5752 ktrace CALL execve(0xcfbfd8e6,0xcfbfd884,0xcfbfd89c) 5752 ktrace NAMI "/var/qmail/bin/qmail-popup" 5752 qmail-popup EMUL "native" 5752 qmail-popup RET execve 0 5752 qmail-popup CALL open(0x10e5,0,0) 5752 qmail-popup NAMI "/usr/libexec/ld.so" 5752 qmail-popup RET open 3 5752 qmail-popup CALL read(0x3,0xcfbfd90c,0x20) 5752 qmail-popup GIO fd 3 read 32 bytes "[EMAIL PROTECTED] \0\0\0\0\0\0\0\0\0\0 \0\0\0\0\0\0\0\0\0\0\0" 5752 qmail-popup RET read 32/0x20 5752 qmail-popup CALL mmap(0,0xf000,0x5,0x2,0x3,0,0,0) 5752 qmail-popup RET mmap 1073762304/0x40005000 5752 qmail-popup CALL mmap(0x40012000,0x2000,0x7,0x12,0x3,0,0xd000,0) 5752 qmail-popup RET mmap 1073815552/0x40012000 5752 qmail-popup CALL issetugid 5752 qmail-popup RET issetugid 0 5752 qmail-popup CALL __sysctl(0xcfbfd77c,0x2,0x40013a08,0xcfbfd778,0,0) 5752 qmail-popup RET __sysctl 0 5752 qmail-popup CALL mmap(0,0x8000,0x3,0x1004,0x,0,0,0) 5752 qmail-popup RET mmap 1073823744/0x40014000 5752 qmail-popup CALL open(0x40006b74,0,0) 5752 qmail-popup NAMI "/var/run/ld.so.hints" 5752 qmail-popup RET open 4 5752 qmail-popup CALL fstat(0x4,0xcfbfd724) 5752 qmail-popup RET fstat 0 5752 qmail-popup CALL mmap(0,0x1bcb,0x1,0x4,0x4,0,0,0) 5752 qmail-popup RET mmap 1073856512/0x4001c000 5752 qmail-popup CALL open(0x4001d093,0,0) 5752 qmail-popup NAMI "/usr/lib/libc.so.29.0" 5752 qmail-popup RET open 5 5752 qmail-popup CALL read(0x5,0xcfbfd804,0x20) 5752 qmail-popup GIO fd 5 read 32 bytes "[EMAIL PROTECTED] \0\0\0\0\0\0\0\0\0\0\0" 5752 qmail-popup RET read 32/0x20 5752 qmail-popup CALL mmap(0,0xbd6f0,0x5,0x4,0x5,0,0,0) 5752 qmail-popup RET mmap 1073864704/0x4001e000 5752 qmail-popup CALL mprotect(0x400a4000,0x9000,0x7) 5752 qmail-popup RET mprotect 0 5752 qmail-popup CALL mmap(0x400ad000,0x2e6f0,0x3,0x1014,0x,0,0,0) 5752 qmail-popup RET mmap 1074450432/0x400ad000 5752 qmail-popup CALL close(0x5) 5752 qmail-popup RET close 0 5752 qmail-popup CALL __sysctl(0xcfbfd72c,0x2,0x400abb6c,0xcfbfd728,0,0) 5752 qmail-popup RET __sysctl 0 5752 qmail-popup CALL __sysctl(0xcfbfd72c,0x2,0x400abb70,0xcfbfd728,0,0) 5752 qmail-popup RET __sysctl 0 5752 qmail-popup CALL __sysctl(0xcfbfd72c,0x2,0x400abb74,0xcfbfd728,0,0) 5752 qmail-popup RET __sysctl 0 5752 qmail-popup CALL __sysctl(0xcfbfd72c,0x2,0x400abb78,0xcfbfd728,0,0) 5752 qmail-popup RET __sysctl 0 5752 qmail-popup CALL __sysctl(0xcfbfd72c,0x2,0x400abb7c,0xcfbfd728,0,0) 5752 qmail-popup RET __sysctl 0 5752 qmail-popup CALL __sysctl(0xcfbfd72c,0x2,0x400abb80,0xcfbfd728,0,0) 5752 qmail-popup RET __sysctl 0 5752 qmail-popup CALL __sysctl(0xcfbfd72c,0x2,0x400abb84,0xcfbfd728,0,0) 5752 qmail-popup RET __sysctl 0 5752 qmail-popup CALL __sysctl(0xcfbfd72c,0x2,0x400abb88,0xcfbfd728,0,0) 5752 qmail-popup RET __sysctl 0 5752 qmail-popup CALL munmap(0x4001c000,0x1bcb) 5752 qmail-popup RET munmap 0 5752 qmail-popup CALL close(0x4) 5752 qmail-popup RET close 0 5752 qmail-popup CALL close(0x3) 5752 qmail-popup RET close 0 5752 qmail-popup CALL __sysctl(0xcfbfd8b4,0x2,0x400db6e8,0xcfbfd8b0,0,0) 5752 qmail-popup RET __sysctl 0 5752 qmail-popup CALL readlink(0x400655f6,0xcfbfd80c,0x3f) 5752 qmail-popup NAMI "/etc/malloc.conf" 5752 qmail-popup RET readlink -1 errno 2 No such file or directory 5752 qmail-popup CALL issetugid 5752 qmail-popup RET issetugid 0 5752 qmail-popup CALL mmap(0,0x1000,0x3,0x1002,0x,0,0,0) 5752 qmail-popup RET mmap 1073856512/0x4001c000 5752 qmail-popup CALL break(0x5558) 5752 qmail-popup RET break 0 5752 qmail-popup CALL break(0x5558) 5752 qmail-popup RET break 0 5752 qmail-popup CALL break(0x7000) 5752 qmail-popup RET break 0 5752 qmail-popup CALL break(0x7000) 5752 qmail-popup RET break 0 5752 qmail-popup CALL break(0x8000) 5752 qmail-popup RET break 0 5752 qmail-popup CALL mmap(0,0x1000,0x3,0x1002,0x,0,0,0) 5752 qmail-popup RET mmap 1073860608/0x4001d000 5752 qmail-popup CALL mprotect(0x4001d000,0x1000,0x1) 5752 qmail-popup RET mprotect 0 575
RE: [vchkpw] Re: Ucspi-ssl?
Peter Palmreuther wrote: > [...] > /usr/local/bin/sslserver -v -R -H -l 0 0 995 \ > strace -f -s 4096 -o /tmp/ssl-pop3.log \ /var/qmail/bin/qmail-popup \ [...] > > Don't let this run when "real" users try to log in, the > password will be in '/tmp/ssl-pop3.log'. Use this only with > test accounts, if you intend to publish the log (or relevant > excerpts from it) in this list. If you don't intend to do > this we will probably not be able to help. Yes I would. But I've ktrace, not strace. Wich command I've to insert in my runscript? Like that? [...] /usr/local/bin/sslserver -v -R -H -l 0 0 995 \ ktrace -f /tmp/ktrace.out \ /var/qmail/bin/qmail-popup \ [...] observe# ktrace usage: ktrace [-aCcdi] [-f trfile] [-g pgid] [-p pid] [-t [ceinsw]] ktrace [-adi] [-f trfile] [-t [ceinsw]] command > Looks like vchkpw is run as root, therefore a pure problem > with permissions is more or less unlikely. -rwx--x--x 1 vpopmail vchkpw 73728 Jan 12 12:13 vchkpw Probably I've to insert -u 89 -g 89 in my sslserver? Thanks Andrea
RE: [vchkpw] Re: Ucspi-ssl?
Peter Palmreuther wrote: > If you don't find any error logs about vchkpw failed to write > data to 'open-smtp' insert a 'strace' or similar behind > ssl-listener and let it log all file open/read/write actions. > You should see the error code, and maybe even a short note > printed by vchkpw, why it failed to finish it's work. Could you send me an example? Something like 'strace openssl s_client -connect 127.0.0.1:995'? > Maybe a permission problem? Is ssl-listener or vchkpw not > started as 'root' or 'vpopmail' (or whatever your vpopmail > user is named)??? My /home/vpopmail/etc: observe# ls -la total 10 drwxr-xr-x 2 root wheel512 Jan 14 17:40 . drwxr-xr-x 8 root wheel512 Jan 12 01:10 .. -rw-r--r-- 1 root wheel 25 Jan 12 12:13 inc_deps -rw-r--r-- 1 root wheel 34 Jan 12 12:13 lib_deps -rw-r--r-- 1 vpopmail vchkpw 0 Jan 14 17:40 open-smtp -rw-r--r-- 1 root wheel 0 Jan 12 01:39 open-smtp.lock -rw-r--r-- 1 root wheel454 Jan 12 01:07 tcp.smtp -rw-r--r-- 1 vpopmail vchkpw 2352 Jan 14 17:40 tcp.smtp.cdb -rw-r--r-- 1 vpopmail vchkpw 1107 Jan 12 01:09 vlimits.default After a connection via pop3-ssl, I've this /home/vpopmail/etc: observe# ls -la total 10 drwxr-xr-x 2 root wheel512 Jan 14 19:03 . drwxr-xr-x 8 root wheel512 Jan 12 01:10 .. -rw-r--r-- 1 root wheel 25 Jan 12 12:13 inc_deps -rw-r--r-- 1 root wheel 34 Jan 12 12:13 lib_deps -rw-r--r-- 1 vpopmail vchkpw 0 Jan 14 18:40 open-smtp -rw-r--r-- 1 root wheel 0 Jan 14 19:03 open-smtp.lock -rw-r--r-- 1 root wheel 0 Jan 14 19:03 open-smtp.tmp.4634 -rw-r--r-- 1 root wheel454 Jan 12 01:07 tcp.smtp -rw-r--r-- 1 vpopmail vchkpw 2352 Jan 14 18:40 tcp.smtp.cdb -rw-r--r-- 1 vpopmail vchkpw 1107 Jan 12 01:09 vlimits.default And the open-smtp is blank (and roaming doesn't work). My pstree: | | |-+- 04259 root supervise qmail-pop3s | | | \--- 01717 root /usr/local/bin/sslserver -v -R -H -l 0 0 995 /var/qmail/ | | \-+- 32362 root supervise log | | \--- 20434 qmaill multilog t /var/log/qmail/pop3s My runscript: Irun Row 1 Col 17:08 Ctrl-K H for help #!/bin/sh CAFILE="/usr/local/ssl/certs/pop3s.cert" CERTFILE="/usr/local/ssl/certs/pop3s.cert" KEYFILE="/usr/local/ssl/certs/pop3s.key" DHFILE="/usr/local/ssl/certs/dh1024.pem" export CAFILE CERTFILE KEYFILE DHFILE exec /usr/local/bin/softlimit -m 380 \ /usr/local/bin/sslserver -v -R -H -l 0 0 995 /var/qmail/bin/qmail-popup \ nesys.it /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 2>&1 Thanks for all Regards Andrea
RE: [vchkpw] vchkpw and courier 2.2.2 (probably a bug)
Andrea Riela wrote: > Then, where is my problem? Pop3 and pop3-ssl don't completely > work. The auth is ok (thanks to Michael Bowe, for the patch), > but I couldn't download the emails. Sorry Jeremy, sorry Peter, I'm stupid. I need a beer :) Here, all works fine with courier-pop3. Now I check the roaming with vpopmail. The courier-pop3s, instead, doesn't work: I couldn't download the emails. After openssl s_client -connect 127.0.0.1:995, and USER (correct or not) and PASS (correct or not), the session is closed. That's normal? Thanks Andrea
RE: [vchkpw] vchkpw and courier 2.2.2 (probably a bug)
> I assume you > are mailing the list because you are having a problem, am I incorrect? No, I'm incorrect. When I've seen +OK POP3 clients that break here, they violate STD53. I've supposed "that's a bug", or "that's a strange thing, a problem?" Well, I couldn't donwload my emails with courier, and I'm checking my system. The ":::192.168.17.13" for me is a strange thing too. But, If you say no, I agree with you. Then, where is my problem? Pop3 and pop3-ssl don't completely work. The auth is ok (thanks to Michael Bowe, for the patch), but I couldn't download the emails. Now I try with imap, but I need the pop3 service. Andrea
RE: [vchkpw] vchkpw and courier 2.2.2 (probably a bug)
Jeremy Kitchen wrote: > It states clearly that POP3 clients that break here, they > violate STD53 That is courier saying that. It doesn't HAVE to be > there, but it can be. It's a courier bug, for you? >> Another thing: > they look like successful logins to me. You have an MUA > issue, and are blaming courier for it. Try a different MUA. Wich MUA, for example? I need a pop3+ssl to connect to vpopmail for roaming through my smtp relay. I've tried with qmail-pop3d with ucspi-ssl, auth is ok, I could download my emails, but the roaming doesn't work. With courier (2.2.1) I've problems to connect to vpopmail, or (now:2.2.2.20040112) I couldn't donwload the emails (I don't know if the roaming works). Courier+relay-ctrl has a bug: an user with password wrong opens the smtp relay. Well, what I've to try? All advices are appreciates to me. Thanks Andrea
RE: [vchkpw] vchkpw and courier 2.2.2 (probably a bug)
Anders Brander wrote: >> +OK POP3 clients that break here, they violate STD53. > > Is this an error or a warning? It does return "+OK" and > nothing seems wrong about the output? Is there actually any > mail waiting? Please double-check. I don't know, in my opinion is a bug, I've never seen that with qmail-pop3d, only with courier-imap pop3 and pop3-ssl. There's probably a problem. Another thing: When I try to download the emails through courier-imap pop3, I couldn't, and in my /var/log/maillog I've something like: Jan 14 10:23:07 observe pop3d: Connection, ip=[:::192.168.17.13] Jan 14 10:23:06 observe pop3d: LOGIN, [EMAIL PROTECTED], ip=[:::192.168.17.13] Jan 14 10:23:06 observe pop3d: LOGOUT, [EMAIL PROTECTED], ip=[:::192.168.17.13], top=0, retr=0 Jan 14 10:23:06 observe pop3d: Connection, ip=[:::192.168.17.13] Jan 14 10:23:06 observe pop3d: LOGIN, [EMAIL PROTECTED], ip=[:::192.168.17.13] Jan 14 10:23:06 observe pop3d: LOGOUT, [EMAIL PROTECTED], ip=[:::192.168.17.13], top=0, retr=0 Jan 14 10:23:06 observe pop3d: Connection, ip=[:::192.168.17.13] Jan 14 10:23:06 observe pop3d: LOGIN, [EMAIL PROTECTED], ip=[:::192.168.17.13] Jan 14 10:23:07 observe pop3d: LOGOUT, [EMAIL PROTECTED], ip=[:::192.168.17.13], top=0, retr=0 And so on. What's that? Thanks Andrea
RE: [vchkpw] vchkpw and courier 2.2.2 (probably a bug)
Michael Bowe wrote: > Try something simple like > > telnet 127.0.0.1 pop3 > user [EMAIL PROTECTED] > pass password I've tried with courier pop3. observe# telnet 127.0.0.1 110 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. +OK Hello there. USER [EMAIL PROTECTED] +OK Password required. PASS test +OK logged in. LIST +OK POP3 clients that break here, they violate STD53. . QUIT +OK Bye-bye. Connection closed by foreign host I couldn't donwload my emails, in /var/log/maillog I see: Jan 14 10:23:22 observe pop3d: LOGIN, [EMAIL PROTECTED], ip=[:::192.168.0.15] Jan 14 10:23:24 observe pop3d: LOGOUT, [EMAIL PROTECTED], ip=[:::192.168.0.15], top=0, retr=0 192.168.0.15 is my local ip. Is the :: problem that Tom said about clearopensmtp? Thanks Andrea
[vchkpw] Ucspi-ssl?
Hi folks, Have you ever been using ucspi-ssl to connect to pop3 service with ssl? I've tested that, and it works fine with vchkpw. The problem is the roaming: after the pop3 connection (with ssl), I look my /home/vpopmail/etc: the open-smtp is blank, and I've a lot .tmp files (one for one connection; like open-smtp.tmp., where is a random number). Have you ever been seen anything like that? Thanks for all Regards Andrea
RE: [vchkpw] vchkpw and courier 2.2.2 (probably a bug)
> I should have a patch available soon Well, Michael, now it partially works. I send my test to you: observe# openssl s_client -connect 127.0.0.1:995 CONNECTED(0004) depth=0 /C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated POP3 SSL key/CN=localhost/[EMAIL PROTECTED] --- +OK Hello there. USER [EMAIL PROTECTED] +OK Password required. PASS test +OK logged in. LIST +OK POP3 clients that break here, they violate STD53. . QUIT DONE observe# The auth works, I think, but I couldn't donwload my emails through the pop3-ssl service. The 'testit' test already fails! My /tmp/testit file --- pop3 login [EMAIL PROTECTED] test --- observe# /usr/local/courier-imap/libexec/authlib/authvchkpw \ /bin/sh -c 'echo $AUTHENTICATED' 3
RE: [vchkpw] vchkpw and courier 2.2.2 (probably a bug)
Andrea Riela wrote: > 18592 authvchkpw CALL fcntl(0x3,0x3,0) > 18592 authvchkpw RET fcntl -1 errno 9 Bad file descriptor Well, I've seen that MrSam has released another 2.2.2 version (20040112). In the changelog there isn't our bug, but MrSam says that "This build fixes all reported bugs". I need your feedbacks. Thanks Andrea
RE: [vchkpw] vchkpw and courier 2.2.1 (long)
Michael Bowe wrote: > You shouldnt need to manually edit this file... It should be > auto-populated when you run "make install-strip" After the "make install-strip" (vpopmail/cdb) I've: -L/home/vpopmail/lib -lvpopmail If I add '-crypt' after, and compile courier-imap, I've an error and I couldn't install it. Without '-lcrypt', the installation is completed. Well, what could I do? Without '-crypt' apparently all works fine, but I don't know about open-relay. Thanks Andrea > Here is what the lib_deps would contain for a typical > vpopmail/cdb install > -L/home/vpopmail/lib -lvpopmail -lcrypt
[vchkpw] vchkpw and courier 2.2.2 (probably a bug)
Hi folks, I've tryed to connect courier-2.2.2 with authvchkpw to the vpopmail-5.4.0-rc1, and probably I've finded a bug. MrSam has confirmed. I hope my test could help you to define the bug, and to find the solution. The thread in courier-imap ml is this: '[Courier-imap] Re: courier-2.2.2.20040110, vpopmail-5.4.0-rc1 and authentication problem' My test: # cat >/tmp/testit pop3 login [EMAIL PROTECTED] test ^D # /usr/local/courier-imap/libexec/authlib/authvchkpw \ /bin/sh -c 'echo $AUTHENTICATED' 3 kdump.out 18592 ktrace RET ktrace 0 18592 ktrace CALL execve(0xcfbfdbcf,0xcfbfdb74,0xcfbfdb8c) 18592 ktrace NAMI "/usr/local/courier-imap/libexec/authlib/authvchkpw" 18592 authvchkpw EMUL "native" 18592 authvchkpw RET execve 0 18592 authvchkpw CALL open(0x10e5,0,0) 18592 authvchkpw NAMI "/usr/libexec/ld.so" 18592 authvchkpw RET open 3 18592 authvchkpw CALL read(0x3,0xcfbfd8a4,0x20) 18592 authvchkpw GIO fd 3 read 32 bytes "[EMAIL PROTECTED] \0\0\0\0\0\0\0\0\0\0 \0\0\0\0\0\0\0\0\0\0\0" 18592 authvchkpw RET read 32/0x20 18592 authvchkpw CALL mmap(0,0xf000,0x5,0x2,0x3,0,0,0) 18592 authvchkpw RET mmap 1073831936/0x40016000 18592 authvchkpw CALL mmap(0x40023000,0x2000,0x7,0x12,0x3,0,0xd000,0) 18592 authvchkpw RET mmap 1073885184/0x40023000 18592 authvchkpw CALL issetugid 18592 authvchkpw RET issetugid 0 18592 authvchkpw CALL __sysctl(0xcfbfd714,0x2,0x40024a08,0xcfbfd710,0,0) 18592 authvchkpw RET __sysctl 0 18592 authvchkpw CALL mmap(0,0x8000,0x3,0x1004,0x,0,0,0) 18592 authvchkpw RET mmap 1073893376/0x40025000 18592 authvchkpw CALL open(0x40017b74,0,0) 18592 authvchkpw NAMI "/var/run/ld.so.hints" 18592 authvchkpw RET open 4 18592 authvchkpw CALL fstat(0x4,0xcfbfd6bc) 18592 authvchkpw RET fstat 0 18592 authvchkpw CALL mmap(0,0x1bcb,0x1,0x4,0x4,0,0,0) 18592 authvchkpw RET mmap 1073926144/0x4002d000 18592 authvchkpw CALL open(0x4002e26e,0,0) 18592 authvchkpw NAMI "/usr/lib/libm.so.1.0" 18592 authvchkpw RET open 5 18592 authvchkpw CALL read(0x5,0xcfbfd79c,0x20) 18592 authvchkpw GIO fd 5 read 32 bytes "[EMAIL PROTECTED] \0\0\0\0\0\0\0\0\0\0\0" 18592 authvchkpw RET read 32/0x20 18592 authvchkpw CALL mmap(0,0x14000,0x5,0x4,0x5,0,0,0) 18592 authvchkpw RET mmap 1073934336/0x4002f000 18592 authvchkpw CALL mprotect(0x40042000,0x1000,0x7) 18592 authvchkpw RET mprotect 0 18592 authvchkpw CALL mmap(0x40043000,0,0x3,0x1014,0x,0,0,0) 18592 authvchkpw RET mmap 1074016256/0x40043000 18592 authvchkpw CALL close(0x5) 18592 authvchkpw RET close 0 18592 authvchkpw CALL open(0x4002e093,0,0) 18592 authvchkpw NAMI "/usr/lib/libc.so.29.0" 18592 authvchkpw RET open 5 18592 authvchkpw CALL read(0x5,0xcfbfd79c,0x20) 18592 authvchkpw GIO fd 5 read 32 bytes "[EMAIL PROTECTED] \0\0\0\0\0\0\0\0\0\0\0" 18592 authvchkpw RET read 32/0x20 18592 authvchkpw CALL mmap(0,0xbd6f0,0x5,0x4,0x5,0,0,0) 18592 authvchkpw RET mmap 1074016256/0x40043000 18592 authvchkpw CALL mprotect(0x400c9000,0x9000,0x7) 18592 authvchkpw RET mprotect 0 18592 authvchkpw CALL mmap(0x400d2000,0x2e6f0,0x3,0x1014,0x,0,0,0) 18592 authvchkpw RET mmap 1074601984/0x400d2000 18592 authvchkpw CALL close(0x5) 18592 authvchkpw RET close 0 18592 authvchkpw CALL __sysctl(0xcfbfd6c4,0x2,0x18210,0xcfbfd6c0,0,0) 18592 authvchkpw RET __sysctl 0 18592 authvchkpw CALL __sysctl(0xcfbfd6c4,0x2,0x18214,0xcfbfd6c0,0,0) 18592 authvchkpw RET __sysctl 0 18592 authvchkpw CALL __sysctl(0xcfbfd6c4,0x2,0x18218,0xcfbfd6c0,0,0) 18592 authvchkpw RET __sysctl 0 18592 authvchkpw CALL __sysctl(0xcfbfd6c4,0x2,0x1821c,0xcfbfd6c0,0,0) 18592 authvchkpw RET __sysctl 0 18592 authvchkpw CALL __sysctl(0xcfbfd6c4,0x2,0x18220,0xcfbfd6c0,0,0) 18592 authvchkpw RET __sysctl 0 18592 authvchkpw CALL __sysctl(0xcfbfd6c4,0x2,0x18224,0xcfbfd6c0,0,0) 18592 authvchkpw RET __sysctl 0 18592 authvchkpw CALL __sysctl(0xcfbfd6c4,0x2,0x18228,0xcfbfd6c0,0,0) 18592 authvchkpw RET __sysctl 0 18592 authvchkpw CALL __sysctl(0xcfbfd6c4,0x2,0x1822c,0xcfbfd6c0,0,0) 18592 authvchkpw RET __sysctl 0 18592 authvchkpw CALL munmap(0x4002d000,0x1bcb) 18592 authvchkpw RET munmap 0 18592 authvchkpw CALL close(0x4) 18592 authvchkpw RET close 0 18592 authvchkpw CALL close(0x3) 18592 authvchkpw RET close 0 18592 authvchkpw CALL __sysctl(0xcfbfd84c,0x2,0x401006e8,0xcfbfd848,0,0) 18592 authvchkpw RET __sysctl 0 18592 authvchkpw CALL readlink(0x4008a5f6,0xcfbfd7a4,0x3f) 18592 authvchkpw NAMI "/etc/malloc.conf" 18592 authvchkpw RET readlink -1 errno 2 No such file or directory 18592 authvchkpw CALL issetugid 18592 authvchkpw RET issetugid 0 18592 authvchkpw CALL mmap(0,0x1000,0x3,0x1002,0x,0,0,0) 18592 authvchkpw RET mmap 1073926144/0x4002d000 18592 authvchkpw CALL break(0x185bc) 18592 authvchkpw RET break 0 18592 authvchkpw CALL break(0x185bc) 18592 authvchkpw RET break 0 18
[vchkpw] A strange problem with ssl connection
Hi folks, As I said, I've tested the qmail-pop3d daemon over ssl with ucspi-ssl (http://www.superscript.com/ucspi-ssl/intro.html). My runscript was: #!/bin/sh CAFILE="/usr/local/ssl/certs/pop3s.cert" CERTFILE="/usr/local/ssl/certs/pop3s.cert" KEYFILE="/usr/local/ssl/certs/pop3s.key" DHFILE="/usr/local/ssl/certs/dh1024.pem" export CAFILE CERTFILE KEYFILE DHFILE exec /usr/local/bin/softlimit -m 380 \ /usr/local/bin/sslserver -v -R -H -l 0 0 995 /var/qmail/bin/qmail-popup \ nesys.it /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 2>&1 The vchkpw was compiled with --enable-roaming-users. Well, there's a problem with roaming: the auth is fine, but my open-smtp is blank, and I've some .tmp files in /home/vpopmail/etc, like open-smtp.tmp.. With the normal qmail-pop3d the vchkpw with roaming works correctly, without any problem. Then, question: have you ever been testing the vchkpw auth and roaming option with an ssl connection? I've tested courier-imap's pop3s too, with vchkpw+roaming or vchkpw+relay-ctrl. Courier 2.2.1 doens't work with roaming, but works correctly with vchkpw auth. Courier 2.2.2, in my opinion, has problems with vchkpw auth (where I put my PASS, the ssl session falls). Courier 2.2.1 with vchkpw and relay-ctrl has a security bug (the roaming is enabled for users with wrong pass too). Well, that's cool :) probably there's a strange problem between vchkpw/roaming/ssl connection? I need your feedbacks! Thanks for all Regards Andrea
RE: [vchkpw] vchkpw and courier 2.2.1 (long)
Michael Bowe wrote: > I will download, test, and will report back my findings soon (might > not be till tomorrow though sorry) Thanks Michael, Well, probably I don't understand the '-lcrypt' on lib_deps file. If I insert that on lib_deps before compile courier, I couldn't do gmake: gcc -DHAVE_CONFIG_H -I. -I. -I. -I/home/vpopmail/include -DHAVE_OPEN_SMTP_RELAY= -Wall -I.. -I./.. -c `test -f 'modauthvchkpw.c' || echo './'`modauthvchkpw.c gcc -I/home/vpopmail/include -DHAVE_OPEN_SMTP_RELAY= -Wall -I.. -I./.. -o authvchkpw modauthvchkpw.o libauthmod.a libauth.a ../numlib/libnumlib.a ../md5/libmd5.a ../sha1/libsha1.a -L/home/vpopmail/lib -lvpopmail -lcrypt -lm ld: -lcrypt: no match collect2: ld returned 1 exit status gmake[2]: *** [authvchkpw] Error 1 gmake[2]: Leaving directory `/src/courier-imap-2.2.2.20040110/authlib' gmake[1]: *** [all] Error 2 gmake[1]: Leaving directory `/src/courier-imap-2.2.2.20040110/authlib' gmake: *** [all-recursive] Error 1 If I don't insert '-lcrypt' before, I could do gmake. Why? What -lcrypt? It's important to the open-relay function? For my report, I could say what I've tryed: 1- with qmail-pop3d over ssl (with sslserver --> ucspi-ssl at http://www.superscript.com/ucspi-ssl/intro.html) I could make a 'openssl s_client -connect 127.0.0.1:995' and connect with a specific USER/PASS, that is the daemon and the authentication work, but the open-relay not (I've the open-smtp blank, and a tmp file (for example: open-smtp.tmp.1563) in /home/vpopmail/etc). 2- with courier-pop3s, if I don't use '-lcrypt' an I could gmake it, when I make an 'openssl s_client -connect 127.0.0.1:995', with USER/PASS right or wrong I've always the same prompt: --- +OK Hello there. USER [EMAIL PROTECTED] +OK Password required. PASS password closed I don't know if that's ok. I know that with courier-pop3s I couldn't connect to my server to download my emails. Thanks for all Michael, I'm waiting for you :) Regards Andrea
RE: [vchkpw] vchkpw and courier 2.2.1 (long)
Michael Bowe wrote: > Sam Varshavchik has accepted my patch. > > Therefore the modifications it contains will be part of the next > courier-imap release (v2.2.2) > > Michael. I've installed this version of courier (see the courier ml, there's a patch for imapd.c), but I've an auth problem with vpopmail My steps: vpopmail-5.4.0-rc1 -- ./configure --enable-tcpserver-file=/home/vpopmail/etc/tcp.smtp --enable-qmail-ext --enable-defaultquota=NOQUOTA make cp vchkpw /home/vpopmail/bin/vchkpw-noroaming (this is for mi pop3d daemon) make clean ./configure --enable-tcpserver-file=/home/vpopmail/etc/tcp.smtp --enable-qmail-ext --enable-defaultquota=NOQUOTA --enable-roaming-users make make install-strip courier-imap-2.2.2.20040110 --- setenv CFLAGS="-DHAVE_OPEN_SMTP_RELAY" ./configure --prefix=/usr/local/courier-imap --disable-root-check --without-authpam --without-authldap --without-authpwd --without-authmysql --without-authpgsql --without-authshadow --without-authuserdb --without-authcustom --without-authcram --without-authdaemon --with-authvchkpw --with-ssl --with-piddir=/var/run gmake && gmake install && gmake install-configure Well, this is my situation: observe# openssl s_client -connect 127.0.0.1:995 CONNECTED(0004) --- +OK Hello there. USER [EMAIL PROTECTED] +OK Password required. PASS passwordcorrect closed observe# I've that authentication problem. The authentication fails (PASS). My /var/log/qmail/pop3s/current is this: @40004001b58522de336c tcpserver: status: 0/40 @40004001b5ba0a61dc1c tcpserver: status: 1/40 @40004001b5ba0a7112a4 tcpserver: pid 29340 from 127.0.0.1 @40004001b5ba0a725eac tcpserver: ok 29340 nesys.it:127.0.0.1:995 :127.0.0.1::46934 @40004001b5ba0defecac INFO: Connection, ip=[127.0.0.1] @40004001b5e42301e80c tcpserver: end 29340 status 0 @40004001b5e423233f34 tcpserver: status: 0/40 Where is my problem? Have you got any suggestion for me? Thanks for all Regards Andrea
RE: [vchkpw] vchkpw and courier 2.2.1 (long)
Michael Bowe wrote: > Sam Varshavchik has accepted my patch. > > Therefore the modifications it contains will be part of the > next courier-imap release (v2.2.2) > > Michael. Well, I need to insert '-crypt' in my lib_deps file after or before the courier install? Thanks for all Regards Andrea
[vchkpw] vchkpw, roaming and qmail-pop3d with ucspi-ssl
Hi folks, Now I'm trying with qmail-pop3d over ssl (with ucspi-ssl). Instead of tcpserver, I use sslserver. Well, I've compiled vpopmail first without enable-roaming (vchkpw-noroaming), then I've compiled and installed vpopmail with enable roaming (vchkpw). My qmail-pop3d runscript has vchkpw-noroaming, qmail-pop3s vchkpw. But when I try to use the smtp relay, it doesn't work: my open-smtp hasn't the remote ip address from the dialup. It's possible that is a problem of permissions? My /home/vpopmail/etc: observe# ls -la total 10 drwxr-xr-x 2 root wheel512 Jan 10 18:54 . drwxr-xr-x 8 root wheel512 Jan 10 18:45 .. -rw-r--r-- 1 root wheel 25 Jan 10 18:45 inc_deps -rw-r--r-- 1 root wheel 34 Jan 10 18:45 lib_deps -rw-r--r-- 1 root wheel 0 Jan 10 18:54 open-smtp -rw-r--r-- 1 root wheel 0 Jan 10 18:54 open-smtp.lock -rw-r--r-- 1 root wheel 0 Jan 10 18:54 open-smtp.tmp.15038 -rw-r--r-- 1 vpopmail vchkpw 455 Jan 10 18:38 tcp.smtp -rw-r--r-- 1 root wheel 2352 Jan 10 18:47 tcp.smtp.cdb -rw-r--r-- 1 vpopmail vchkpw 1107 Jan 10 18:45 vlimits.default I've tried twice, now I've another .tmp: -rw-r--r-- 1 root wheel 0 Jan 11 04:10 open-smtp.tmp.1501 All's right? Or not? What the open-smtp.tmp.15038? And 1501? My /home/vpopmail/bin: observe# ls -la total 1754 drwxr-xr-x 2 vpopmail vchkpw1024 Jan 10 18:46 . drwxr-xr-x 8 root wheel 512 Jan 10 18:45 .. -rwx--x--x 1 vpopmail vchkpw 65536 Jan 10 18:45 clearopensmtp -rwx--x--x 1 vpopmail vchkpw 65536 Jan 10 18:45 vaddaliasdomain -rwx--x--x 1 vpopmail vchkpw 69632 Jan 10 18:45 vadddomain -rwx--x--x 1 vpopmail vchkpw 65536 Jan 10 18:45 vadduser -rwx--x--x 1 vpopmail vchkpw 69632 Jan 10 18:45 valias -rwx--x--x 1 vpopmail vchkpw 65536 Jan 10 18:45 vchangepw -rwx--x--x 1 vpopmail vchkpw 73728 Jan 10 18:45 vchkpw -rwx--x--x 1 vpopmail vchkpw 208734 Jan 10 18:41 vchkpw-noroaming -rwx--x--x 1 vpopmail vchkpw 69632 Jan 10 18:45 vconvert -rwx--x--x 1 vpopmail vchkpw 65536 Jan 10 18:45 vdeldomain -rwx--x--x 1 vpopmail vchkpw 73728 Jan 10 18:45 vdelivermail -rwx--x--x 1 vpopmail vchkpw 65536 Jan 10 18:45 vdeloldusers -rwx--x--x 1 vpopmail vchkpw 65536 Jan 10 18:45 vdeluser -rwx--x--x 1 vpopmail vchkpw 69632 Jan 10 18:45 vdominfo -rwx--x--x 1 vpopmail vchkpw 65536 Jan 10 18:45 vipmap -rwx--x--x 1 vpopmail vchkpw 65536 Jan 10 18:45 vkill -rwx--x--x 1 vpopmail vchkpw 65536 Jan 10 18:45 vmkpasswd -rwx--x--x 1 vpopmail vchkpw 77824 Jan 10 18:45 vmoddomlimits -rwx--x--x 1 vpopmail vchkpw 69632 Jan 10 18:45 vmoduser -rwx--x--x 1 vpopmail vchkpw 65536 Jan 10 18:45 vpasswd -rwx--x--x 1 vpopmail vchkpw 69632 Jan 10 18:45 vpopbull -rwx--x--x 1 vpopmail vchkpw 73728 Jan 10 18:45 vqmaillocal -rwx--x--x 1 vpopmail vchkpw 65536 Jan 10 18:45 vsetuserquota -rwx--x--x 1 vpopmail vchkpw 69632 Jan 10 18:45 vuserinfo The problem is another: if I try with qmail-pop3d, without ssl but with vchkpw (enable-roaming), the roaming works !! Why works with qmail-pop3d, and not with qmail-pop3d with ssl? The ssl connection works fine, I receive my emails through pop3s. Probably is a problem between the roaming option and the ssl connection? Possible? My qmail-pop3s runscript: #!/bin/sh CAFILE="/usr/local/ssl/certs/pop3s.cert" CERTFILE="/usr/local/ssl/certs/pop3s.cert" KEYFILE="/usr/local/ssl/certs/pop3s.key" DHFILE="/usr/local/ssl/certs/dh1024.pem" export CAFILE CERTFILE KEYFILE DHFILE exec /usr/local/bin/softlimit -m 380 \ /usr/local/bin/sslserver -v -R -H -l 0 0 995 /var/qmail/bin/qmail-popup \ nesys.it /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 2>&1 Have you got any ideas? Thanks for all Regards Andrea
RE: [vchkpw] vchkpw and courier 2.2.1 (long)
Oden Eriksson wrote: > torsdagen den 8 januari 2004 21.05 skrev Michael Bowe: >> - Original Message - >> From: "Andrea Riela" <[EMAIL PROTECTED]> >> >>> With your patch, I've already a security problem? Or removing the >>> open_smtp_relay() calls from the preauthvchmpw.c file to >>> authvchkpw.c, you've fixed that? >> >> Yes, with the patch, the security problem is resolved, because the >> relay isnt opened unless the user has successfully authenticated. >> >> As you say, the open_smtp_relay() calls are moved from the pre-auth >> stage, to post-auth > > I tried this patch but could not login. I'm running courier-imap as > per "http://jonaspasche.de/courier-imap-daemontools.txt";. I will > investigate some more this weekend, if I find the time. Thanks, that's the last solution. Courier with vpopmail don't work fine, and I don't know how to patch courier, I've a problem with installation. Then I've tried with courier and relay-ctrl [OT], but a pop3s user can open the smtp relay even if the password is wrong. Now I don't know what I've to do. Otherwise I'll try with your patch. Thanks ml for all, Regards Andrea
RE: [vchkpw] vchkpw and courier 2.2.1 (long)
Michael Bowe wrote: > You will need to use courier-imap-2.1.1 (rather than 2.2.1) with that > particular patch. Now I'm trying to compile the 2.1.1 version, but ... Compiling modauthvchkpw.c gcc -I/home/vpopmail/include -DHAVE_OPEN_SMTP_RELAY= -Wall -I.. -I./.. -o authvchkpw modauthvchkpw.o libauthmod.a libauth.a ../numlib/libnumlib.a ../md5/libmd5.a ../sha1/libsha1.a -L/home/vpopmail/lib -lvpopmail -lcrypt -lm ld: -lcrypt: no match collect2: ld returned 1 exit status *** Error code 1 Stop in /src/courier-imap-2.1.1/authlib (line 856 of Makefile). *** Error code 1 Stop in /src/courier-imap-2.1.1/authlib (line 701 of Makefile). *** Error code 1 Stop in /src/courier-imap-2.1.1 (line 459 of Makefile). Make or gmake, it's the same. My lib_deps: -L/home/vpopmail/lib -lvpopmail -lcrypt Thanks for your support Andrea
RE: [vchkpw] vchkpw and courier 2.2.1 (long)
Shane Chrisp wrote: > /usr/sbin/stunnel -f -p Ya Shane, But I wouldn't use stunnel for that. If it's possible, I would use courier. Thanks for all Andrea
RE: [vchkpw] vchkpw and courier 2.2.1 (long)
Tom Collins wrote: > On Jan 8, 2004, at 3:29 AM, Andrea Riela wrote: >> Then what I've to do? > > Try BINC-IMAP instead. Others have reported that it's a fine > replacement for Courier. I couldn't .. I need a pop3-ssl daemon. I hope the Michael's patch will help me :) But I've problems to compile that. Thanks Andrea
RE: [vchkpw] vchkpw and courier 2.2.1 (long)
Andrea Riela wrote: >> Probably my steps will be: >> >> cd into courier-imap-2.1.1/authlib >> patch -u < courier-imap-2[1].1.1-vchkpw-updates.diff.txt >> ./configure --prefix=/usr/local/courier-imap --disable-root-check >> --without-authpam --without-authldap --without-authpwd >> --without-authmysql --without-authpgsql --without-authshadow >> --without-authuserdb --without-authcustom --without-authcram >> --without-authdaemon --with-authvchkpw --with-ssl >> --with-piddir=/var/run setenv CFLAGS="-DHAVE_OPEN_SMTP_RELAY" gmake >> gmake install >> gmake install-configure >> >> With your patch, I've already a security problem? Or removing the >> open_smtp_relay() calls from the preauthvchmpw.c file to >> authvchkpw.c, you've fixed that? > > My lib_deps is: > -L/home/vpopmail/lib -lvpopmail > > I've to add the '-lcrypt' too? Ok Michael, I've tryed: I've added -lcrypt in my lib_deps: -L/home/vpopmail/lib -lvpopmail -lcrypt Then: bzip2 -cd courier-imap-2.2.1.tar.bz2 | tar xf - ... patch -u < courier-imap-2.1.1-vchkpw-updates.diff.txt ... setenv CFLAGS="-DHAVE_OPEN_SMTP_RELAY" ./configure --prefix=/usr/local/courier-imap --disable-root-check --without-authpam --without-authldap --without-authpwd --without-authmysql --without-authpgsql --without-authshadow --without-authuserdb --without-authcustom --without-authcram --without-authdaemon --with-authvchkpw --with-ssl --with-piddir=/var/run When try to compile with make, or gmake, I've the same error: cd . && /bin/sh /src/courier-imap-2.2.1/missing --run autoconf configure.in:21: error: possibly undefined macro: AC_PROG_SYSCONFTOOL If this token and others are legitimate, please use m4_pattern_allow. See the Autoconf documentation. gmake[1]: *** [configure] Error 1 gmake[1]: Leaving directory `/src/courier-imap-2.2.1/authlib' gmake: *** [all-recursive] Error 1 Mmm... Where's the mistake? Probably I've misunderstood your help :( Thanks for all Regards Andrea
RE: [vchkpw] vchkpw and courier 2.2.1 (long)
> Probably my steps will be: > > cd into courier-imap-2.1.1/authlib > patch -u < courier-imap-2[1].1.1-vchkpw-updates.diff.txt > ./configure --prefix=/usr/local/courier-imap > --disable-root-check --without-authpam --without-authldap > --without-authpwd --without-authmysql --without-authpgsql > --without-authshadow --without-authuserdb > --without-authcustom --without-authcram --without-authdaemon > --with-authvchkpw --with-ssl --with-piddir=/var/run setenv > CFLAGS="-DHAVE_OPEN_SMTP_RELAY" > gmake > gmake install > gmake install-configure > > With your patch, I've already a security problem? Or removing the > open_smtp_relay() calls from the preauthvchmpw.c file to > authvchkpw.c, you've fixed that? My lib_deps is: -L/home/vpopmail/lib -lvpopmail I've to add the '-lcrypt' too? Thanks Andrea
RE: [vchkpw] vchkpw and courier 2.2.1 (long)
> It is my understanding that >setenv CFLAGS="-DHAVE_OPEN_SMTP_RELAY" > is not sufficient to enable the roaming user functionality in > courier-imap. > > Instead you need to edit the file > authlib/preauthvchkpw.c > and remove the line : > #undef HAVE_OPEN_SMTP_RELAY > and then recompile courier-imap > > This roaming user functionality was hardcoded off on purpose, > because there is a flaw in the current design. If you enable > roaming users in courier, then any user will be able to relay > after performing an auth attempt, regardless of whether the > auth contained a valid username/password. Thanks Michael, I think you have hit the problem! Then what I've to do? If I remove the line #undef HAVE_OPEN_SMTP_RELAY, I've the auth bug that you say. I've to apply your patch courier-imap-2[1].1.1-vchkpw-updates.diff.txt? Probably my steps will be: cd into courier-imap-2.1.1/authlib patch -u < courier-imap-2[1].1.1-vchkpw-updates.diff.txt ./configure --prefix=/usr/local/courier-imap --disable-root-check --without-authpam --without-authldap --without-authpwd --without-authmysql --without-authpgsql --without-authshadow --without-authuserdb --without-authcustom --without-authcram --without-authdaemon --with-authvchkpw --with-ssl --with-piddir=/var/run setenv CFLAGS="-DHAVE_OPEN_SMTP_RELAY" gmake gmake install gmake install-configure With your patch, I've already a security problem? Or removing the open_smtp_relay() calls from the preauthvchmpw.c file to authvchkpw.c, you've fixed that? Thanks for all Regards Andrea
RE: [vchkpw] vchkpw and courier 2.2.1 (long)
Tom Collins wrote: > On Jan 7, 2004, at 10:31 AM, Andrea Riela wrote: >> OK, it works, but ... When I try with courier (that uses >> libvpopmail.a, if I've undestood well), in my open-smtp, after >> pop3-ssl, there isn't my external IP with relay allowed. > > If I recall correctly, you need to do something special to courier to > get it to compile with roaming users enabled. Nothing special, I need to enable the smtp relay for pop3-ssl roaming users. I thought: if I compile vpopmail with enable-roaming-users, and courier with authvchkpw, I could do that. I don't know, I suppose that courier writes the open-smtp file, like qmail and qmail-pop3d ... I know that if I use the vchkpw (with roaming) with qmail-pop3d, all works fine, and in open-smtp I've my external IP allowed (and the tcp.smtp.cdb uses the Ips in open-smtp and tcp.smtp for working, right?) ... With courier nothing, it doesn't work (generic as consideration, I know, but I haven't ideas ...). With courier, when I try to use my smtp relay, I have nothing in my open-smtp, and the relay is disabled. Any suggestion? I've tried with tcpserver -u 89 -g 89 -v -R -H -l nesys.it 0 995 \ that is tcpserver as vpopmail:vchkpw, but nothing. My /home/vpopmail/etc: observe# ls -la total 11 drwxr-xr-x 2 vpopmail vchkpw 512 Jan 8 03:44 . drwxr-xr-x 8 root wheel512 Dec 23 18:56 .. -rw-r--r-- 1 vpopmail vchkpw25 Jan 7 17:24 inc_deps -rw-r--r-- 1 vpopmail vchkpw34 Jan 7 17:24 lib_deps -rw-r--r-- 1 root vchkpw59 Jan 7 18:02 open-smtp -rw-r--r-- 1 root vchkpw 0 Jan 7 18:02 open-smtp.lock -rw-r--r-- 1 vpopmail vchkpw 455 Dec 11 18:51 tcp.smtp -rw-r--r-- 1 root vchkpw 2352 Jan 7 18:04 tcp.smtp.cdb -rw-r--r-- 1 vpopmail vchkpw 1107 Nov 23 02:26 vlimits.default My /home/vpopmail/bin: observe# ls -la total 1754 drwxr-xr-x 2 vpopmail vchkpw1024 Jan 7 17:24 . drwxr-xr-x 8 root wheel 512 Dec 23 18:56 .. -rwx--x--x 1 vpopmail vchkpw 65536 Jan 7 17:24 clearopensmtp -rwx--x--x 1 vpopmail vchkpw 65536 Jan 7 17:24 vaddaliasdomain -rwx--x--x 1 vpopmail vchkpw 69632 Jan 7 17:24 vadddomain -rwx--x--x 1 vpopmail vchkpw 65536 Jan 7 17:24 vadduser -rwx--x--x 1 vpopmail vchkpw 69632 Jan 7 17:24 valias -rwx--x--x 1 vpopmail vchkpw 65536 Jan 7 17:24 vchangepw -rwx--x--x 1 vpopmail vchkpw 73728 Jan 7 17:24 vchkpw -rwxr-xr-x 1 vpopmail vchkpw 208734 Jan 7 17:22 vchkpw-no-roaming -rwx--x--x 1 vpopmail vchkpw 69632 Jan 7 17:24 vconvert -rwx--x--x 1 vpopmail vchkpw 65536 Jan 7 17:24 vdeldomain -rwx--x--x 1 vpopmail vchkpw 73728 Jan 7 17:24 vdelivermail -rwx--x--x 1 vpopmail vchkpw 65536 Jan 7 17:24 vdeloldusers -rwx--x--x 1 vpopmail vchkpw 65536 Jan 7 17:24 vdeluser -rwx--x--x 1 vpopmail vchkpw 69632 Jan 7 17:24 vdominfo -rwx--x--x 1 vpopmail vchkpw 65536 Jan 7 17:24 vipmap -rwx--x--x 1 vpopmail vchkpw 65536 Jan 7 17:24 vkill -rwx--x--x 1 vpopmail vchkpw 65536 Jan 7 17:24 vmkpasswd -rwx--x--x 1 vpopmail vchkpw 77824 Jan 7 17:24 vmoddomlimits -rwx--x--x 1 vpopmail vchkpw 69632 Jan 7 17:24 vmoduser -rwx--x--x 1 vpopmail vchkpw 65536 Jan 7 17:24 vpasswd -rwx--x--x 1 vpopmail vchkpw 69632 Jan 7 17:24 vpopbull -rwx--x--x 1 vpopmail vchkpw 73728 Jan 7 17:24 vqmaillocal -rwx--x--x 1 vpopmail vchkpw 65536 Jan 7 17:24 vsetuserquota -rwx--x--x 1 vpopmail vchkpw 69632 Jan 7 17:24 vuserinfo My /home/vpopmail/lib: observe# ls -la total 202 drwx-- 2 root wheel 512 Jan 7 17:24 . drwxr-xr-x 8 root wheel 512 Dec 23 18:56 .. -rw-r--r-- 1 root wheel 192264 Jan 7 17:24 libvpopmail.a Thanks for your support and patience. Regards Andrea
[vchkpw] vchkpw and courier 2.2.1 (long)
Hi folks, My problem is always the same. My steps: vpopmail-5.4.0-rc1 ./configure --enable-tcpserver-file=/home/vpopmail/etc/tcp.smtp --enable-qmail-ext --enable-defaultquota=NOQUOTA make cp vchkpw /home/vpopmail/bin/vchkpw-no-roaming make clean ./configure --enable-tcpserver-file=/home/vpopmail/etc/tcp.smtp --enable-qmail-ext --enable-defaultquota=NOQUOTA --enable-roaming-users make make install-strip I've recompiled courier-2.2.1 and qmailadmin-1.2.0-rc2 Steps for courier (as root): ./configure --prefix=/usr/local/courier-imap --disable-root-check --without-authpam --without-authldap --without-authpwd --without-authmysql --without-authpgsql --without-authshadow --without-authuserdb --without-authcustom --without-authcram --without-authdaemon --with-authvchkpw --with-ssl --with-piddir=/var/run setenv CFLAGS="-DHAVE_OPEN_SMTP_RELAY" gmake gmake install gmake install-configure The courier's run file: #!/bin/sh exec /command/envdir ./env/ \ tcpserver -v -R -H -l nesys.it 0 995 \ /usr/local/courier-imap/bin/couriertls -server -tcpd \ /usr/local/courier-imap/sbin/pop3login \ /usr/local/courier-imap/libexec/authlib/authvchkpw \ /usr/local/courier-imap/bin/pop3d Maildir 2>&1 Courier works, qmail works. When in the qmail-pop3d's run file I use vchkpw-no-roaming, my open-smtp file isn't written and I couldn't relay my emails through the smtp server; if I user vchkpw, in my open-smtp, after pop3, there's my external IP with relay allowed. OK, it works, but ... When I try with courier (that uses libvpopmail.a, if I've undestood well), in my open-smtp, after pop3-ssl, there isn't my external IP with relay allowed. Mmm ... Why? There's a mistake? Thanks for your kind support, and patience. Regards Andrea
RE: [vchkpw] Problem with qconfirm
Tom Collins wrote: > On Dec 28, 2003, at 1:56 PM, Andrea Riela wrote: > You'll have to compile vpopmail with the --enable-qmail-ext option. > I'm not sure if it is guaranteed to work at that point, but it's a > start... OK. Now I send a message from external account (andrea.rielaATposte.it) to [EMAIL PROTECTED]; I receive the qconfirm message "Please confirm your message; I send the answer to qconfirm, but: 1. I haven't error messages in current log or in maillog 2. I haven't my email in the postmaster maildir (and not user1) 3. I have nothing :) user1 don't receive the email In .qmail file created by qconfirm (in this case, .qmail-smartnet-qconfirm-6809bfbd19b1fc91f6954faefb89598e) I've the string: |qconfirm-accept 'poste:it=-andrea:riela' |'/home/vpopmail/domains/domain1.dom/user1/.qconfirm' Then I've tryed to type in console: qconfirm-accept 'poste:it=-andrea:riela' '/home/vpopmail/domains/nesys.it/smartnet/.qconfirm' I've received an error: observe# qconfirm-accept 'poste:it=-andrea:riela' '/home/vpopmail/domains/nesys.it/smartnet/.qconfirm' qconfirm-accept: fatal: environment variable EXT not set. Probably this is the way. Another suggestion? Thanks Andrea
[vchkpw] Problem with qconfirm
Hi folks, There's someone that uses qconfirm with vpopmail? I've a strange problem, and I don't know if a delivery problem (that is vpopmail) or not (that is qconfirm). Example. I send an email to user1 (account configured with qconfirm) I receive a message "Please confirm your message" from qconfirm, where qconfirm = [EMAIL PROTECTED] I send a reply (empty or not), and ... ? The email doesn't arrive in the user1 maildir, but in the postmaster mailbox, because the user "qconfirm <[EMAIL PROTECTED]>" doesn't exist @40003fe8717c037f58fc delivery 10: success: user_does_not_exist,_but_will_deliver_to_/home/vpopmail/domains/nesys.it/pos tmaster//did_0+0+1/ Now in /home/vpopmail/domains/nesys.it/user1 I've another file, .qmail-user1-qconfirm-a06c72f7063044f1657eb89f627d9057, with this text: |qconfirm-accept 'poste:it=-andrea:riela''/home/vpopmail/domains/nesys.it/user1/.qconfirm' Probably this is the information that may match with my replay, but it doesn't. Have you got any suggestion for me? Thanks for patience and support Regards Andrea
RE: [vchkpw] Smtp relay with pop3s (was: Enable-roaming-tests) - Summary
I've tryed with setenv CFLAGS="-DHAVE_OPEN_SMTP_RELAY" too just before compiling courier. Nothing. I've finished my ideas. A bug? My system: openbsd 3.3 My versions: vpopmail 5.3.30, courier-imap 2.2.1 Thanks for any eventual suggestion Regards Andrea
[vchkpw] Smtp relay with pop3s (was: Enable-roaming-tests) - Summary
Hi folks, This is a summary of my situation. Now qmail works, courier with pop3s works, I could receive the emails with pop3-ssl, but couldn't send with my smtp relay. 1. I've created one vpopmail binary with --enable-roaming-users=n, called /home/vpopmail/bin/vchkpw-no-roaming Then, after a make clean, I've installed the vpopmail with --enable-roaming-users=y The qmail-pop3d run file is like that: !/bin/sh exec /usr/local/bin/softlimit -m 380 \ /usr/local/bin/tcpserver -v -R -H -l 0 0 110 /var/qmail/bin/qmail-popup \ nesys.it /home/vpopmail/bin/vchkpw-no-roaming /var/qmail/bin/qmail-pop3d Maildir 2>&1 The pop3d works fine without roaming (if I change 'vchkpw-no-roaming' with 'vchkpw', I could use my smtp relay with pop3d, that is vpopmail is ok ... But I've to use the relay only with users pop3s!). Then I've installed the courier-imap, following the steps in attachment. My test was that: I've configured an account only with pop3s and my provider's smtp; then I've sended an email to that account, to activate the POP before smtp. The pop3s works fine, I've received the email. Then I've changed the provider's smtp with my smtp server, to try the smtp relay. Nothing, it doesn't work. I've seen the /home/vpopmail/etc/open-smtp: I've aspected the remote IP allowed, but nothing, the file is blank. That is, there is a problem between vpopmail and courier, better courier doesn't use correctly the libvpopmail (right?). What is wrong in my courier configuration (in attach)? Thanks for your patience and support Regards Andrea steps.rar Description: application/rar-compressed
[vchkpw] R: [vchkpw] Enable-roaming-users tests
> After the POP connection, you should be able to send the email. Ya, thanks, now it works fine. Just one question: the best configuration of clearopensmtp and --enable-relay-clear-minutes? Could you send me an advice? Now, if I've to check the system with the binary without roaming, I need to clear the external-IP allowed: I could delete all entries on open-smtp file, and use the command clearopensmtp to update the tcp.smtp.cdb, or what? Thanks for all, Merry Xmas!!! Regards Andrea
[vchkpw] R: [vchkpw] Enable-roaming-users tests
Thank you very much, Tom > When you enable-roaming-users, you're enabling a "POP before SMTP" > feature. That means you need to authenticate via POP and > pick up email > before attempting to send. With a properly configured system, you'll > be able to send from your IP address for 30 minutes after you > establish > a POP connection. Ya, ok, that's clear. > Keep in mind that if you're using courier-imap you need to > recompile it > after building vpopmail with enable-roaming-users since it links > directly to libvpopmail instead of calling vchkpw. That's not clear. I use qmail for pop3, and I will use Courier only for pop3 with ssl. Now I'm testing the enable-roaming-users only with qmail and vpopmail (vchkpw). The problem is: when I use --enable-roaming-users=no, I haven't possibilities to send an email from no-LAN ip to no-LAN ip. And that's right. But when I use --enable-roaming-users=yes, nothing, and I don't undestand why. My steps: 1- ./configure ... --enable-roaming-users=n && make && make install That works fine 2- qmailctl stop (rm /home/vpopmail/bin/vchkpw) make clean ./configure ... --enable-roaming-users=y && make && make install qmailctl cdb /home/vpopmail/bin/clearopensmtp qmailctl start Send email from [EMAIL PROTECTED] (internal account) to other external account via different connection (dialup) --> 553, not allowed rcphost I've forgotten something? Thanks Andrea
[vchkpw] Enable-roaming-users tests
Hi folks, Probably there's a mistake. SITUATION - Domain1.dom is an internal domain, IP: no server LAN Domain2.dom is an internal domain, IP: same LAN as server Domain3.dom is an external domain Domain4.dom is another external domain My tcp.smtp: # No Qmail-Scanner at all for mail from 127.0.0.1 127.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue " # Use Qmail-Scanner without SpamAssassin on any mail from the LAN 192.168.:allow,RELAYCLIENT="",RBLSMTPD="",TCPREMOTEIP="Protected",QMAILQUEUE ="/var/qmail/bin/qmail-queue" # Use Qmail-Scanner with SpamAssassin on any mail from the rest of the world :allow,DENYMAIL="DNSCHECK",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl " TESTS - With --enable-roaming-users=n: Domain1.dom --> domain3.dom NO (right, 553 not allowed rcphost) Domain2.dom --> domain3.dom YES (right, for tcp.smtp) Domain3.dom --> domain4.dom NO (right, isn't an open relay) With --enable-roaming-users=y: Domain2.dom --> domain3.dom YES (right, for tcp.smtp) Domain3.dom --> domain4.dom NO (right, isn't an open relay) The problem is: Domain1.dom --> domain3.dom NO (553 not allowed rcphost) why? In /home/vpopmail/bin I've tcp.smtp, but open-smtp too. In open-smtp I can see one entry: 192.168.10.13:allow,RELAYCLIENT="",RBLSMTPD="" 1072273753 (ip from LAN) In open-smtp we have the communications permitted from tcp.smtp? Where's the db that I could clean with the command /home/vpopmail/bin/clearopensmtp? I don't understand exactly the mechanism of --enable-roaming-users, could you figure it out? Where's probably my mistake? Thanks for patience and support Regards Andrea
[vchkpw] [semi-OT] Problem with qconfirm
Hi folks, I post my problem here, because probably it's a wrong delivery. I've configured qconfirm for [EMAIL PROTECTED], where domain1.dom is a domain in my vpopmail system (exactly the main domain). In .qconfirm/conf there's the QCONFIRM_PREPEND configured for 'domain1.dom-' When I send a message to [EMAIL PROTECTED], receive a response from qconfirm (request confirm). Example: >From qconfirm ([EMAIL PROTECTED]) To Me ([EMAIL PROTECTED]) That's ok, but ... When I respond, the message with sender Me from qconfirm ([EMAIL PROTECTED]) arrives in my qmail-vpopmail system. In /home/vpopmail/domains/domain1.dom/user1 there's a special .qmail file created by qconfirm: .qmail-user1-qconfirm-5e9ba6a4fd25f57f97d2d6c0f74b43f4 that obviously may check the message and accept that (|qconfirm-accept 'domain2:dom=-user2' '/home/vpopmail/domains/domain1.dom/user1/.qconfirm'). The problem is that user1-qconfirm-5e9ba6a4fd25f57f97d2d6c0f74b43f4 isn't a domain1.dom account, then the message is forwarded to [EMAIL PROTECTED] Where is my mistake? Could you help me? Have you ever been using qconfirm with vpopmail? Thanks for your patience and support Regards Andrea
Re: [vchkpw] [not-OT] Pop3 auth
> If you're using courier, it will be harder to accomplish your goals. > Courier-IMAP links libvpopmail in instead of using vchkpw. So, like > Jeremy explained in another email, you'll have to do the following: Ok, I reconside my policy. I've to do this: users pop3 with ssl auth could relay their emails with my smtp server, users pop3 without ssl auth no. I've created two vchkpw binaries, but I need two daemons, pop3d and pop3ds. The pop3d daemon that I use is the qmail pop3d; as pop3ds, I suppose Courier-Imap pop3d-ssl is the solution. It's a wrong policy? Thanks for your patience and support Regards Andrea
[vchkpw] [not-OT] Pop3 auth and Courier-Imap (pop3s)
> I'm trying to compile that, but I've a problem: SOLVED. My steps: curl -O http://aleron.dl.sourceforge.net/sourceforge/courier/courier-imap-2.2.1.tar. bz2 bzip2 -cd courier-imap-2.2.1.tar.bz2 | tar xf - cd courier-imap-2.2.1/ ./configure --prefix=/usr/local/courier-imap --disable-root-check --without-authpam --without-authldap --without-authpwd --without-authmysql --without-authpgsql --without-authshadow --without-authuserdb --without-authcustom --without-authcram --without-authdaemon --with-authvchkpw --with-ssl --with-piddir=/var/run gmake gmake install gmake install-configure QUESTION My question now is: how could I say "Courier, use vchkpw_ssl and not vchkpw"? It's possible to change the path to vchkpw in the Courier-Imap config, or I've to change the vchkpw in vchkpw_nossl and my /var/qmail/supervise/qmail-pop3d/run script? Thanks for your patience and support Regards Andrea
[vchkpw] R: [vchkpw] [not-OT] Pop3 auth (and Courier-Imap)
> you run your ./configure once... with the > --enable-roaming-users=y option, then make the binaries using 'make' Ok Jeremy, thanks for your help. I've created two binaries, like your suggestions. Now I've to install a pop3d-ssl daemon, I think Courier-Imap pop3ds (correct?) I'm trying to compile that, but I've a problem: $ ./configure --with-piddir=/var/run $ gmake (I've an OpenBSD system, but make it's the same) <...> ld: -lvpopmail: no match collect2: ld returned 1 exit status gmake[2]: *** [authvchkpw] Error 1 gmake[2]: Leaving directory `/src/courier-imap-2.2.1/authlib' gmake[1]: *** [all] Error 2 gmake[1]: Leaving directory `/src/courier-imap-2.2.1/authlib' gmake: *** [all-recursive] Error 1 Mmm ... Where is my mistake? I've posted my question here, because NOTE All questions regarding ANY vpopmail-related problems, such as compiling/building failures, or login errors should be referred to the vpopmail mailing list. Vpopmail questions sent to the sqwebmail or Courier mailing lists will be IGNORED. Thanks for your patience and support Regards Andrea
[vchkpw] R: [vchkpw] [not-OT] Pop3 auth
> yes, two vchkpw binaries, one with and one without > --enable-roaming-users=y Hi Jeremy, Thanks for your help. What I've to do exactly? Sorry, I'm a newbie, I think :) How I could create a second binary? There's sybchrony between the two vchkpw? I don't undestand, could you figure it out? Thanks for patience and support Regards Andrea
[vchkpw] [semi-OT] Pop3 auth
Hi folks, I need your suggestions. I've to do that: I would open my smtp relay for pop3 users with ssl auth. That is, the pop3 users couldn't use my smtp relay, pop3-ssl users ya. I've to implement two vchkpw binaries? Or wich type of solution? Could you send me your advices? Thanks for patience and support Regards Andrea
[vchkpw] Problem with account (dialup)
Hi folks, I've a problem with my vpopmail (now is 5.3.30, but I had the same problem on 5.3.20). When a specific user (ex:lsiro) of domain1.dom connects himself via dialup on my pop3 server, I receive a message error in console: user [EMAIL PROTECTED] (when IP is the dialup IP) not found. But the user donwloads his mails correctly. The problem is: I've [EMAIL PROTECTED] instead of [EMAIL PROTECTED] Why? Misconfiguration? Mistake? Thanks for all Regards Andrea
[vchkpw] Vpopmail 5.3.30
Hi, My version is 5.3.20, I would upgrade my system (OpenBSD 3.3) with the new 5.3.30. My steps: ./configure --enable-roaming-users=n --enable-mysql=n --enable-defaultquota=NOQUOTA --enable-tcpserver-file=/home/vpopmail/etc/tcp.smtp Make Make install-strip But if I look my qmailadmin web interface, I read "vpopmail 5.3.20". Why? Where is my mistake? Thanks for all Regards Andrea
[vchkpw] Smtp auth: pop3d and pop3d-ssl users
Hi folks, I would do that: my pop3d-ssl users could use my smtp relay (pop3 auth first)., but NOT my pop3d users (pass in clear text). I'm thinking about stunnel, Courier-IMAP (imap imap-ssl, but pop3d = pop3d-ssl too) ... But the problem is the vchkpw: how could I say "enable-roaming = only for pop3d-ssl users, and not for pop3d users"? There is another way to = do that? Any suggestions? Thanks for all Best Regards Andrea