Re: [vchkpw] vchkpw fails and then succeeds!
Charles Sprickman wrote: So I have to choose: using a cryptography authentication method that's not safe or having the password being save as plain (wich is not safe either)? No... You did not pointed how to do what I'm asking: is it possible to use CRAM-MD5 without clear passwords? They don't have to sniff your LAN, they can sniff at the end-users side. You're probably using smtp-auth to provide roaming to travelling users, and there's a decent chance some of those are on unfriendly networks like wireless... Exactly. There's a simple workaround; use standard auth and in your setup guides show your users how to click the Use SSL/TLS option in their mail program. Then your login (and the contents of the message they are sending/receiving) is encrypted, and you can use an auth mechanism that does not require clear-text passwords. It's not a workaround for me. I do not use TLS patch and I don't really want to encrypt messages. I just want to be sure that my users' password will not be acessible for anyone but themselves. I don't really care if some user has his mail sniffed (if he thinks it's confidential, he should be responsible for encrypting it, so even when it's written to the storage system the message would still be encrypted). But I do care if some spammer sniffs him and starts getting relay to do spam trough my smtpd (smtp-auth). -- Best regards, Eduardo M. Bragatto.
Re: [vchkpw] vchkpw fails and then succeeds!
Tom Collins wrote: If you stored a single encoded password, anyone sniffing the line could learn the encoded version and just re-use it. So I have to choose: using a cryptography authentication method that's not safe or having the password being save as plain (wich is not safe either)? Sure I can guarantee that getting access to my DB is more difficult than getting access to my LAN (in case of sniffing), so I would choose having the plain password stored, but it's still being a hole on the system (if some guy gains access to DB, he'll have access to ALL passwords, while sniffing would just compromise some users). Is there any plans for workaround this problem? Is there a way to do it? How does behavior other softwares that uses CRAM-MD5? They always kept the plain password? -- Best regards, Eduardo M. Bragatto.
Re: [vchkpw] Custom Maildir Structure
Tom Collins wrote: That also got me to thinking about how bigdir support means it's not possible to have one-letter email addresses/lists. By using @a, @b, @c, etc. as the directory names, any email address would be possible. I've already though about that and got concerned with it. Are you suggesting a modification to vpopmail's bigdir support? -- Regards, Eduardo M. Bragatto.
Re: [vchkpw] Clamd Scan
Rick Macdougall wrote: in the clamav.conf file set Logfile /dev/stdout The setup your multilog logging as normal. At qscanq's website I've found some tips (http://mysite.verizon.net/vze1ypud/software/qscanq/clamdscan.html) for those who use qscanq with clamd. From that document, I've found a patch to send logs to stderr (so multilog can capture them): (..) Building clamdscan You should use version 0.70 of clamav or higher. You must download and build clamdscan, using this patch. It modifies clamd so that it can be told to log its activities to standard error, which allows multilog to capture them. The following commands should suffice: wget http://www.pobox.com/~lbudney/software/qscanq/clamav-0.70-stderr.patch.gz gunzip -c clamav-0.70-stderr.patch.gz | patch -p0 Finally, build and install clamav as per the included instructions. Be sure to install clamd and clamdscan, and to install and configure the Internet update daemon, freshclam. (..) -- Best regards, Eduardo M. Bragatto.
[vchkpw] [OT] RBL dialups.services.net
Sorry for the OT, but I really don't know where to ask. Does anyone here know the website for the RBL dialups.services.net? I start using it sometime ago and it is really a great RBL, but sometimes some sysops calls me asking why they got listed, and I can't even say where they should look at. Best regards, Eduardo M. Bragatto.
Re: [vchkpw] What's the better Webmail for Vpopmail?
Itamar Reis Peixoto wrote: try http://www.uebimiau.org Do not try it. I've being using it for two years and I'm now looking for another webmail. Uebimiau is easy to install/configure, do not depend on IMAP (it uses POP3) and brings Apache to 99% of CPU load when (even if it's just a few) users with large mailboxes log in. I think it happens because Uebimiau (like every pop3 client) after downloading the message, writes it to the disk. As a result, my webserver keeps thousands of small files on the disk and it has to scan every single file to get informations like subject when the user log in. If it were a IMAP client it shouldn't happen, because the message wouldn't have to be downloaded to give a list of messages to the user (am I right here?). Best regards, Eduardo M. Bragatto.
Re: [vchkpw] RBLs
Jeremy Kitchen wrote: On Monday 05 July 2004 08:44 pm, Eduardo M. Bragatto wrote: What happens in the case that more than one RBL has the same blocked address? Which one actually blocks the smtp session? The one that answers first, or rblsmtpd waits until one to respond, before asking to another one? In that case, it askes in the same order that the parameters are given? the first one. If rblsmtpd finds a match, it doesn't bother wasting any more bandwith on the fool, and sends them a nice FU :) So, in that case, I may think that the first list given is more effective than others, since it will always be checked first and because of that, may blocks more than others... Is it right? I'm asking it because, like Simon (who started this thread), I also noticied more lists blocking than others... Best regards, Eduardo M. Bragatto.
Re: [vchkpw] RBLs
[EMAIL PROTECTED] wrote: /usr/local/bin/rblsmtpd -t 10 -r relays.ordb.org -r bl.spamcop.net -r dnsbl.njabl.org \ -r opm.blitzed.org -r sbl-xbl.spamhaus.org -r blackholes.mail-abuse.org What happens in the case that more than one RBL has the same blocked address? Which one actually blocks the smtp session? The one that answers first, or rblsmtpd waits until one to respond, before asking to another one? In that case, it askes in the same order that the parameters are given? Best regards, Eduardo M. Bragatto.
Re: [vchkpw] vpopmail installation on a Client MySQL Server
Kirti S. Bajwa wrote: /home/vpopmail/bin/vadddomain: error while loading sharred libraries: libmysqlclient.so.12: cannot open shared object file: no such file or directory I've never used vpopmail with Mysql, but I've been following the thread and I think that I know what's going on. Your vpopmail is trying to use shared libraries that can't be found on the system. Search for the path of the files libmysqlclient.* (find / | grep libmysqlclient) and check if it's listed at /etc/ld.so.conf. It must be listed at your $PATH environment variable as well. You must find the file libmysqlclient.so.12. If you don't find it, you may try to create a symbolic link to other libmysqlclient.so.XX. Best regards, Eduardo M. Bragatto.
Re: [vchkpw] ldap + vpopmail 5.4.3
Márcio Luciano Donada wrote: Hi, Bernd #cd /usr/ports/mail/vpopmail #make -DWITH_ENABLE_AUTH_MODULE=ldap ??? []'s Márcio Hi Marcio! Well, it's maybe not the most comfortable way, but for me it works just fine on FreeBSD 5.2.1: Just add --enable-auth-module=ldap to the CONFIGURE_ARGS= of /usr/ports/mail/vpopmail/Makefile You must edit the file Makefile and add --enable-auth-module=ldap at the variable CONFIGURE_ARGS. Try: # cd /usr/ports/mail/vpopmail # vi Makefile ;) -- Since you seem to have some problems with english, here's the portuguese version: Você deve editar o arquivo Makefile e adcionar --enable-... à variável CONFIGURE_ARGS. Regards, Eduardo.
Re: [vchkpw] patch: using maildir++ with quota greater than 2GB
Michael Kefeder wrote: Our admin set up a new mailserver which should provide IMAP to our coworkers - problem: their current (local) mailboxes are already scratching the 2GB limit of their mailclients, therefore we needed higher quotas on the new server to suit the coworkers needs. When testing his qmail+vpopmail+courier setup there were crazy results when quota was set to 2GB and even more problems appeared when the maildir was filled with mails in total of 2GB. Michael, I don't think that's a good ideia to let users keep so much messages on the server. Specially if they are using all that space because of messages with large attachments (when you attach a file to an e-mail message the file size grows about 33%). In my opinion you're using the wrong protocol to transport and store messages. If they have to send/receive large files, give FTP accounts to them. If they want to keep all messages, they should save it on a CD or any other media, instead of asking you to increase the quota over and over again. Mailboxes were not created to store 2GB each. Well, that's my 2 cents ;) Regards, Eduardo M. Bragatto.
[vchkpw] Making vpopmail recognize # as @
I need to make vpopmail recognize user#domain.com as the same way it recognizes [EMAIL PROTECTED]. Is there a way to do it changing configuration files or I'll have to edit the source code/include files and recompile? [[]]'s Eduardo M. Bragatto.
Re: [vchkpw] Making vpopmail recognize # as @
Eduardo M. Bragatto wrote: I need to make vpopmail recognize user#domain.com as the same way it recognizes [EMAIL PROTECTED]. A little explanation: It's needed only when RECEIVING messages via SMTP. [[]]'s Eduardo M. Bragatto.
Re: [vchkpw] Re: Making vpopmail recognize # as @
Peter Palmreuther wrote: Hello Eduardo, On Tuesday, April 6, 2004 at 8:58:28 PM you wrote (at least in part): I need to make vpopmail recognize user#domain.com as the same way it recognizes [EMAIL PROTECTED]. It's needed only when RECEIVING messages via SMTP. Sorry, Peter... your anwser has already solved my problem. My previous e-mail is wrong. I meant POP3 instead of SMTP. Thank you very much for your attention and time spent. ;) [[]]'s Eduardo M. Bragatto.
[vchkpw] Vpopmail 5.4.4
I'm rebuilding my pop toaster and I would like to include the new vpopmail with spamassassin native support. But the current stable version doesn't include it. Only the source code from CVS has what I want. I would like to know if the next version (5.4.4) will take a long time to arrive. I don't want to build my server with a cvs version for obvious reasons ;) [[]]'s Eduardo M. Bragatto.
[vchkpw] MySQL vs CDB
Hi, I've been using vpopmail with cdb authentication system on many servers about 2 years and I don't have any complains about it. Looking the README.mysql from vpopmail 5.4.0 it says: Using vpopmail with MySQL is becoming increasingly popular. The code is well tested and can be considered to be just as stable as the default CDB authentication system. Is there any special reason to use MySQL instead of CDB? I'm not an expert on database systems, but CDB just seems more stable and faster to me (I'm not saying it is, it's just my impression about it and as I said: I'm NOT an expert). I'm asking it because since vp+mysql is becoming so popular, should be a good reason for that. So, I'd like to hear from you the advantages and cons about it compared with CDB. Regrads, Eduardo M. Bragatto.
[vchkpw] QMAILQUEUE and Vpopmail
From Qmail-Scanner FAQ (http://qmail-scanner.sourceforge.net/FAQ.php): Q-S doesn't work with Vpopmail Vpopmail basically strips out environment variables set within the tcpserver SMTP rules file - specifically the QMAILQUEUE environment variable. As it is responsible for starting qmail-smtpd, that means Qmail-Scanner never gets called. This is really a bug with Vpopmail, but a workaround is to set QMAILQUEUE within /service/smtpd/run instead.(..) This bug has been fixed in some recent version of vpopmail? [[]]'s Eduardo M. Bragatto.
[vchkpw] Bounce messages
Does anyone know how to remove attachments from bounce messages on qmail? When my AV bounce a message with virus, the message sent back still with the virus on it. [[]]'s Eduardo M. Bragatto.
Re: [vchkpw] pop3 login frequency patch
Jake S wrote: Hi ! Is there any patch for blocking too frequent pop3-logins (bruteforce attacks) ?? If not, is anyone interested in some ? I'm doing this right at the moment ! I'm looking for the same thing, but I want to stop bruteforce on qmail-smtpd. I've tried to do it with tcpserver, but I had no success. I think that would be better if this patch was made for tcpserver (since I use tcpserver to set up both pop3 and smtpd). [[]]'s Eduardo M. Bragatto.
Re: [vchkpw] pop3 login frequency patch
Jeremy Kitchen wrote: that could only be done in tcpserver by rate limiting connections by IP address, and would also affect legitimate connections made by valid users using proper authentication credentials. I'd be mighty upset if anyone rate limited my pop3 connections ;) Of course, special provisions could be made, but I don't want it at the pop3, I want it on smtpd. Spammers are hammering my server, sending messages to lots of domains that I'm hosting. If I could set a limit like 5 simultaneously connections for each IP address, no one would be able to use all my slots. [[]]'s Eduardo M. Bragatto.
Re: [vchkpw] Vpopmail script
On Monday 29 December 2003 16:06, Tom Tu wrote: Does anyone have a script that will add or delete email accounts in vpopmail given a static file with the email address of each user we want to add or delete? Written for the first time at this e-mail, I've never run this before: --- cut here --- #!/bin/bash if [ $1 == ]; then echo -n Filename: read FILE else FILE=$1 fi for LINE in `cat $FILE`; do PROC=`echo $LINE | cut -d: -f1` EMAIL=`echo $LINE | cut -d: -f2` PASS=`echo $LINE | cut -d: -f3` if [ $PROC == ADD ]; then vadduser $EMAIL $PASS elif [ $PROC == DEL ]; then vdeluser $EMAIL fi echo $EMAIL done done --- cut here --- File input format: ADD|DEL:EMAIL:PASSWORD Each account should be written on an empty line. You can select this file as a parameter at the command line or wait for the script asks you. ;) [[]]'s Eduardo M. Bragatto PS: any corrections in case of errors are welcome.
[vchkpw] Upgrading from 5.3.20 to 5.3.28
What do I need to know before upgrading from this version to that one?! Is there any changes that I need to do about? I'm using CDB to store users/passes. Eduardo M. Bragatto
Re: [vchkpw] A new tools for vpopmail
I´ve already made a set of tools for my users like a script to them change their passwords needing only to know the old password of their accounts. At the time, I had the same problem that you´re talking now. The first thought that occurs is chmod +s tool_that_i_want_to_use like you´re saying. I´ve solved the problem using sudo. It allows me to run some programs as others (like setuid), but I can make only one or some users have this kind of permission. It made my solution much more security than allowing all users to run a command with vpopmail´s user id. If this kind of tool really became part of vpopmail, it will be a big step to lots of other people (like me), to develop their own specific solutions. - Mensagem Original De: Gerald Villemure [EMAIL PROTECTED] Para: [EMAIL PROTECTED] [EMAIL PROTECTED], [EMAIL PROTECTED] [EMAIL PROTECTED] Assunto: [vchkpw] A new tools for vpopmail Data: 23/07/03 05:10 The problem is, how to you get a web server that is running as nobody to run commands as vpopmail? The answer has been to set qmailadmin SETUID vpopmail. The problem with that is. What if you want to develop your own front-end in PHP for example? One answer is to introduce a new command in the base distribution of vpopmail which would run SETUID vpopmail which could then be called by whatever front-end you care to design. COMMAND SUMMARY You must authenticate with a valid user/pass for any commands to be executed. Some commands will only execute if the user/pass has admin rights on the domain in question. Webmail - 99one Internet Provider
[vchkpw] Copying /domains/
I already have a qmail+vpopmail running... I've installed it about one year ago, but now, I need to save all the users (and their messages) and put into another qmail+vpopmail server. To avoid problems, I've renamed all message files (because they have the hostname of the machine on it), and using 'cdbdump' and 'cdbmake' I've changed the path of each user. But now, when I try to log on with some account, I found this error: +OK [EMAIL PROTECTED] domain] USER [EMAIL PROTECTED] +OK PASS * -ERR authorization failed I was using vpopmail 5.2.1 and now I'm using vpopmail 5.3.20.. I've already check the users database, and it seems to be the same between the versions. I've read lots of papers about vpopmail but I haven't found anything about it.. Please, is there someone who can help me out?! ;) -- [[]]s Eduardo M. Bragatto Webmail 99one Internet Provider
