Re: [vchkpw] webmail option...
Matt Brookings wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/07/2010 01:14 AM, Den Arion wrote: courier authlib has not more support for vchkpw, what other option do I have for webmail? I install sqwebmail but I remembered too late the courier authlib doesn't have support for vchkpwd :( Thank you and have a good night (for those still awaken );-} Use Dovecot for IMAP, and SquirrelMail or Roundcube for webmail. dovecot + sieve/managesieve Horde + imp (webmail) + ingo (sieve filter rules) !DSPAM:4c348b2632713054116472!
Re: [vchkpw] vpopmail and smtp auth
On Tuesday, June 29, 2010 06:43 AM, Den Arion wrote: I was looking for a version or patch to work with authentication with vpopmail. Almost all patches I found need additional software that it’s not available.. Does somebody in the list have running smtp auth with vpopmail users authentication? If yes just check if additional software needed is available. Well, I use postfix + dovecot sasl to do vpopmail user authentication. Of course, dovecot serves my imap server needs too. !DSPAM:4c299c5932711394269804!
Re: [vchkpw] vpopmail and smtp auth
On 06/29/2010 03:00 AM, stea...@neotech-hk.com wrote: Dear Juraj Hantak technicky riaditel This user has been banned from the list. /me face palms The level of cluelessness in HK is just incredible. No doubt thanks to the dumb efforts of this lot: http://www.antispam.gov.hk/english/main.htm Analysis by Suresh: http://blog.outblaze.com/2007/06/02/the-new-hong-kong-antispam-law/ Happy banning Chinese ip blocks! Maybe they will see the light and fix the law. /me gets off soapbox. !DSPAM:4c2a108c32715894735071!
[vchkpw] pgsql fixes
Hi all, In case any of you want to use a postgresql backend, here is a patch that fixes some typos that get in the way of compilation and adds support for valias. I have not tried 5.5.0 but I suspect that it will apply to vpgsql.c if in the backends/postgresql dir and using 'patch -p1'. diff -urN vpopmail-5.4.30/vpgsql.c vpopmail-5.4.30-pgsqlfixed/vpgsql.c --- vpopmail-5.4.30/vpgsql.c2010-06-19 20:12:30.991542810 +0800 +++ vpopmail-5.4.30-pgsqlfixed/vpgsql.c 2010-06-19 20:15:34.056278658 +0800 @@ -392,10 +392,10 @@ #endif #ifdef ENABLE_SQL_LOGGING -qnprintf( sqlBufUpdate, SQL_BUF_SIZE, +qnprintf( SqlBufUpdate, SQL_BUF_SIZE, delete from vlog where domain = '%s', domain ); pgres=PQexec(pgc, SqlBufUpdate); -if( !pgres || PGresultStatus(pgres)!=PGRES_COMMAND_OK) { +if( !pgres || PQresultStatus(pgres)!=PGRES_COMMAND_OK) { return(-1); } #endif @@ -445,11 +445,11 @@ #endif #ifdef ENABLE_SQL_LOGGING -qnprintf( sqlBufUpdate, SQL_BUF_SIZE, +qnprintf( SqlBufUpdate, SQL_BUF_SIZE, delete from vlog where domain = '%s' and user='%s', domain, user ); pgres=PQexec(pgc, SqlBufUpdate); -if( !pgres || PGresultStatus(pgres)!=PGRES_COMMAND_OK) { +if( !pgres || PQresultStatus(pgres)!=PGRES_COMMAND_OK) { err = -1; } #endif @@ -1614,3 +1614,69 @@ return(strcmp(crypt(clear_pass,vpw-pw_passwd),vpw-pw_passwd)); } +char *valias_select_names( char *alias, char *domain ) +{ + PGresult *pgvalias; + int err, verrori; + unsigned ntuples, ctuple; + struct linklist *temp_entry = NULL; + + /* remove old entries as necessary */ + while (valias_current != NULL) + valias_current = linklist_del (valias_current); + + if ( (err=vauth_open(0)) != 0 ) { +verrori = err; +return(NULL); + } + + qnprintf( SqlBufRead, SQL_BUF_SIZE, +select distinct alias from valias where domain = '%s' order by alias, +domain ); + if ( ! (pgvalias=PQexec(pgc, SqlBufRead)) + || PQresultStatus(pgvalias) != PGRES_TUPLES_OK ) { +if(pgvalias) PQclear(pgvalias); +vcreate_valias_table(); +if ( ! (pgvalias=PQexec(pgc, SqlBufRead)) + || PQresultStatus(pgvalias) != PGRES_TUPLES_OK ) { + fprintf(stderr,vpgsql: sql error[j]: %s\n, + PQerrorMessage(pgc)); + if (pgvalias) PQclear(pgvalias); + return(NULL); +} + } + + ntuples = PQntuples (pgvalias); + for (ctuple = 0; ctuple ntuples; ctuple++) { +temp_entry = linklist_add (temp_entry, PQgetvalue (pgvalias, ctuple, 1), +PQgetvalue (pgvalias, ctuple, 0)); +if (valias_current == NULL) valias_current = temp_entry; + } + PQclear (pgvalias); + pgvalias = NULL; + + if (valias_current == NULL) return NULL; /* no results */ + else { + strcpy (alias, valias_current-d2); + return(valias_current-data); + } +} + +char *valias_select_names_next(char *alias) +{ + if (valias_current == NULL) return NULL; + + valias_current = linklist_del (valias_current); + + if (valias_current == NULL) return NULL; + else { + strcpy (alias, valias_current-d2); + return valias_current-data; + } +} + +void valias_select_names_end() { + +// not needed by pgsql + +} !DSPAM:4c1cc3c832711198718232!
Re: [vchkpw] pgsql fixes
BTW, I have also submitted this to sourceforge. !DSPAM:4c1cc46132711699539850!
Re: [vchkpw] pgsql fixes
In case any of you want to use a postgresql backend, here is a patch that fixes some typos that get in the way of compilation and adds support for valias. I wondered why I did not recall doing the code. This patch is against 5.4.30 but it is originally from Bruce McAlister. Been using it since October 2008 on an opensolaris box. (a hack to make it compile on opensolaris not included) !DSPAM:4c1cc6c032718704815129!
Re: [vchkpw] pgsql fixes
Sorry folks, Just noticed that the vpgsql.c's create index statement had extra brackets. Attached patch fixes the typos, removes extra brackets and adds valias and sql loggin support. !DSPAM:4c1cdcfe32715874013085! diff -urN vpopmail-5.4.30/vpgsql.c vpopmail-5.4.30-pgsqlfixed/vpgsql.c --- vpopmail-5.4.30/vpgsql.c2010-06-19 20:12:30.991542810 +0800 +++ vpopmail-5.4.30-pgsqlfixed/vpgsql.c 2010-06-19 21:59:41.951758993 +0800 @@ -392,10 +392,10 @@ #endif #ifdef ENABLE_SQL_LOGGING -qnprintf( sqlBufUpdate, SQL_BUF_SIZE, +qnprintf( SqlBufUpdate, SQL_BUF_SIZE, delete from vlog where domain = '%s', domain ); pgres=PQexec(pgc, SqlBufUpdate); -if( !pgres || PGresultStatus(pgres)!=PGRES_COMMAND_OK) { +if( !pgres || PQresultStatus(pgres)!=PGRES_COMMAND_OK) { return(-1); } #endif @@ -445,11 +445,11 @@ #endif #ifdef ENABLE_SQL_LOGGING -qnprintf( sqlBufUpdate, SQL_BUF_SIZE, +qnprintf( SqlBufUpdate, SQL_BUF_SIZE, delete from vlog where domain = '%s' and user='%s', domain, user ); pgres=PQexec(pgc, SqlBufUpdate); -if( !pgres || PGresultStatus(pgres)!=PGRES_COMMAND_OK) { +if( !pgres || PQresultStatus(pgres)!=PGRES_COMMAND_OK) { err = -1; } #endif @@ -1488,7 +1488,7 @@ vauth_create_table (valias, VALIAS_TABLE_LAYOUT, 1); snprintf( SqlBufCreate, SQL_BUF_SIZE, - create index valias_idx on valias ( %s ), VALIAS_INDEX_LAYOUT ); + create index valias_idx on valias %s , VALIAS_INDEX_LAYOUT ); pgres=PQexec( pgc, SqlBufCreate ); if( !pgres || PQresultStatus(pgres)!=PGRES_COMMAND_OK ) { @@ -1614,3 +1614,69 @@
Re: [vchkpw] Problem with vpopmail: deliver all mail to /var/spool/mail/vpopmail
Do you mind posting the output of pstree and 'netstat -tlpn |grep :25' !DSPAM:4acde3a132712627514502!
Re: [vchkpw] Vpopmail Postfix and SQL query for SMTP-Auth
Alessio Cecchi wrote: Hello, this is my situation, one qmail+vpopmail(MySQL)+dovecot server that works like an MX record and provide access on mailbox via POP3 or IMAP. Another server with postfix and SASL for SMTP-Auth only, with SASL that query the vpopmail DB for user authentication. My intention is to set a query into SASL for use the same flags for SMTP-Auth that read vpopmail and qmail. Do you run dovecot? If you do, just make use of dovecot's sasl provisions. That is supported by postfix. !DSPAM:4acc5f6032713644250262!
Re: [vchkpw] Vpopmail Postfix and SQL query for SMTP-Auth
Alessio Cecchi wrote: Christopher Chan ha scritto: Alessio Cecchi wrote: Hello, this is my situation, one qmail+vpopmail(MySQL)+dovecot server that works like an MX record and provide access on mailbox via POP3 or IMAP. Another server with postfix and SASL for SMTP-Auth only, with SASL that query the vpopmail DB for user authentication. My intention is to set a query into SASL for use the same flags for SMTP-Auth that read vpopmail and qmail. Do you run dovecot? If you do, just make use of dovecot's sasl provisions. That is supported by postfix. Thanks, yes I run dovecot and I know the SASL + Postfix features, but on the qmail server, postfix is on another server. Summary: server1 qmail + vpopmail with mysql backend + dovecot with vpopmail native authentication (passdb checkpassword and args = /home/vpopmail/bin/vchkpw) server2 postfix + SASL that read users from mysql on server1 How can postfix access to dovecot SASL auth mechanis? I could install dovecot on server2, but dovecot can check vpopmail flags on when run with passdb checkpassword and args = /home/vpopmail/bin/vchkpw and in the same server with vpopmail binary. Or not? Eh? What version of dovecot are you running? dovecot can directly link into vpopmail. Install vpopmail on server2, point it to the mysql server, compile and install a dovecot version above 1.0 (prefereably latest) and compile and install a version of postfix that can make use of dovecot's sasl provision. Quite a bit of fiddling I know... postfix main.cf smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth (under postfix spool directory - need to set this in dovecot.conf in the auth section under client subsection) smtpd_sasl_auth_enable = yes Read the SASL_README file for dovecot stuff: Building Postfix with Dovecot SASL support These instructions assume that you build Postfix from source code as described in the INSTALL document. Some modification may be required if you build Postfix from a vendor-specific source package. Support for the Dovecot version 1 SASL protocol is available in Postfix 2.3 and later. At the time of writing, only server-side SASL support is available, so you can't use it to authenticate to your network provider's server. Dovecot uses its own daemon process for authentication. This keeps the Postfix build process simple, because there is no need to link extra libraries into Postfix. To generate the necessary Makefiles, execute the following in the Postfix top- level directory: % make makefiles CCARGS='-DUSE_SASL_AUTH - DDEF_SERVER_SASL_TYPE=\dovecot\' After this, proceed with make as described in the INSTALL document. Notes: * The -DDEF_SERVER_SASL_TYPE stuff is not necessary; it just makes Postfix configuration a little more convenient because you don't have to specify the SASL plug-in type in the Postfix main.cf file. * If you also want support for LDAP or TLS, you will have to merge their CCARGS and AUXLIBS into the above command line. !DSPAM:4acd44cd32715512521434!
Re: [vchkpw] Vpopmail (links)
Remo Mattei wrote: Hi everyone not sure if this is related to vpopmail but maybe you can direct me to where to check. I have a client that when he gets email from a newsletter it changes the _ (underscore) into %20. I use simscan, spamassassin, qmail and vpopmail. I have now changed the spamassassin .local by adding the whitelist but need to see if that’s going to work. That is so wrong. %20 stands for space IIRC too. It is most likely NOT related to qmail or vpopmail as they do not modify body contents or existing headers. !DSPAM:4ac1533b32712067011173!
Re: [vchkpw] imap before smtp
Tom Collins wrote: Even if it's possible to set up imap-before-smtp, you'll be much better off if you have your clients use SMTP AUTH instead. More reliable, more predictable, and supported by almost every email client out there. If you really want to try it, consider Dovecot instead of Courier. I think dovecot uses vchkpw, and is probably going to be easier to configure. dovecot for smtp-auth. dovecot has vpopmail bindings AND sasl support. You won't need courier-auth or courier-imap anymore. postfix has support for dovecot-sasl. If you are using something else...I have not tried them. !DSPAM:4ab8227f32711201751689!
Re: [vchkpw] Re: Untie vpopmail from qmail
Rick Widmer wrote: Christopher Chan wrote: See my reply to your other post. If vpopmail can also handle multiple system user accounts instead of just virtual domain mailboxes under a single system user...we can integrate with samba and other stuff. It can. OTOH the main reason I chose vpopmail is because I don't want to use any more system accounts than I have to. I know. System accounts, however, is how security for samba and other stuff work. !DSPAM:4a9cfb4732711016853307!
Re: [vchkpw] Re: Untie vpopmail from qmail
One large factor for me deciding to migrate to dovecot's lda ('deliver') is to use SIEVE, which is under active development and is likely to become a standard (imho). I see no point in creating another lda. Yeah, with SIEVE support being found in Kmail and addons or plugins for thunderbird and probably others...it kinda paves the way for a standard eh? What I do see is a need for vpopmail to be able to give 'deliver' any data it needs to do its job (for instance maildir or mailbox, destination location, etc). At some point vpopmail might also include providing SIEVE filtering rules. The only problem I see at this point in time is how dependent vpopmail is on others to make use of it. vpopmail started out as something to fill out a need missing in the qmail toolchains. Even then, qmail did not have everything (eg: no imap) and it is really nice that dovecot added vpopmail support especially since Sam dropped vpopmail support from courier toolchains. If vpopmail can take things a bit beyond just say single system user and perhaps be able to handle 1) multi system user virtual domains and 2) massive multi system user management with an appropriate backend like pgsql, then I hope there is incentive for the dovecot guys to keep their relationship with vpopmail and not try to come up with their own management module. Right now, postfix + dovecot + vpopmail looks pretty neat without getting too many different libraries/frameworks involved. If this can be taken a step further... !DSPAM:4a9c998632711698363575!
Re: [vchkpw] Re: Untie vpopmail from qmail
Eric Shubert wrote: Christopher Chan wrote: I would like to see some discussion about this as well. I think that examining the role of vpopmail in today's email landscape has merit. I'm not intimately familiar with vpopmail's history, but I have used it a bit as part of the qmail-toaster (see http://www.qmailtoater.com). vpopmail has potential beyond just email. I agree. Would you care to elaborate some about this? See my reply to your other post. If vpopmail can also handle multiple system user accounts instead of just virtual domain mailboxes under a single system user...we can integrate with samba and other stuff. Funny that, some time ago I was thinking of the possibility of tying things into the mysql (or whatever database vpopmail handles like pgsql - pgsql support is as current as mysql support now right?) vpopmail database...like samba, apache...but yours is slightly different. I noticed all the columns that are passwd structure based that were not quite having their full potential being used. Tying these various authentication mechanisms together is a worthy objective, regardless of the implementation software (mysql vs pgsql vs ldap). The difficulty in any case is to merge the various schemas together. I believe that ldap has the best chance of accomplishing this, because of the 'standard' schemas that are available for it, and due to its nature as a directory vs a database. LDAP is simply a better fit for this type of application than a database (see http://www.openldap.org/doc/admin24/intro.html#LDAP%20vs%20RDBMS). I think the passwd based schema in place looks pretty good. I also think that FreeIPA has the potential to become the defacto standard in this area. Making vpopmail able to co-operate/interface with FreeIPA could very well extend the lifetime of applications that rely on the vpopmail authentication mechanism. It might be feasible to develop a vpopmail plugin for FreeIPA at some point (possibly even now). I know that FreeIPA has a modular architecture such as this, but haven't yet looked at it in any detail. I have not had a good look at FreeIPA yet so no comment. !DSPAM:4a9c9ad732711818917752!
Re: [vchkpw] Untie vpopmail from qmail
Matt Brookings wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christopher Chan wrote: Right now I can use either maildrop or dovecot's lda with postfix. No injecting into a qmail queue for final delivery into the vpopmail mail store. Are you saying you would like a vpopmail lda for postfix? Something that supports dot-qmail rather than whatever maildrop or dovecot provides? I'm not specifically saying anything. I was more interested in what others thought, and was paving the way by saying that we have no objections. Do you have any objections you'd like to discuss? Nope. I have no objections at all to vpopmail getting a lda for postfix and can do things dot-qmail like. After all, you won't get that with maildrop or dovecot's lda. I would just like to point out, however, that if one goes the dovecot lda route, they get to benefit from the SIEVE support that dovecot has as an addon. If you are going to create your own lda for postfix, you might want to also consider whether you want to keep things as they are with respects to rule generation (currently web-based only? been a while...) or whether you want to try to get SIEVE support by providing an interface for pop3/imap4 solutions or something... !DSPAM:4a9b3f2332719803867966!
Re: [vchkpw] Re: Untie vpopmail from qmail
I would like to see some discussion about this as well. I think that examining the role of vpopmail in today's email landscape has merit. I'm not intimately familiar with vpopmail's history, but I have used it a bit as part of the qmail-toaster (see http://www.qmailtoater.com). vpopmail has potential beyond just email. It might be useful to start with what vpopmail is not. It's not an MTA, an MDA, nor MSA (submission), although it interfaces with all of them. In my mind, vpopmail is an authentication store, which handles mail related data in support of virtual domains and users. Sort of a Mail Authentication Agent. It handles all of the data related to implementing virtual email services (domains and users), although it doesn't handle an email itself. It also provides APIs/interfaces for the various other Mail Agents (MTAs, MDAs, etc), so that they can obtain the data they need to operate according to the data stored in vpopmail. Perhaps vdommail or simply vmail would have been a more appropriate name. I kinda like the former as vdom rhymes with freedom. vmail is taken i believe...Bruce Guenter's multi system user virtual domain solution whereas vpopmail started out as a single system user virtual domain solution How's this for starters? In the future (months), I would like to see qmailadmin and vqadmin consolidated into a single package in support of vpopmail. I don't see any purpose in having 2 separate web applications. Longer term (years), I'd like to see vpopmail interface with a FreeIPA back end server. Funny that, some time ago I was thinking of the possibility of tying things into the mysql (or whatever database vpopmail handles like pgsql - pgsql support is as current as mysql support now right?) vpopmail database...like samba, apache...but yours is slightly different. I noticed all the columns that are passwd structure based that were not quite having their full potential being used. !DSPAM:4a9b414f32713689764762!
Re: [vchkpw] Untie vpopmail from qmail
Tren Blackburn wrote: This has been gone over a few times in the past. Search the archives for the technical reasons. But every time this question comes up it's been a no. Guess who asked? :-D Anyway, qmail is public domain now so fixing up a package ain't an issue anymore. I will just drop this. /var/qmail/control ain't a bad place to put configuration files anyway. :-D t - Original Message - From: Christopher Chan christop...@ias.com.hk To: vchkpw@inter7.com vchkpw@inter7.com Sent: Wed Aug 26 20:16:40 2009 Subject: [vchkpw] Untie vpopmail from qmail Hello all, Is this at all possible? Right now I use postfix and I only have a qmail queue just for vpopmail to install but qmail is otherwise not at all involved. cheers, Christopher !DSPAM:4a968d0032711969777587!
Re: [vchkpw] Untie vpopmail from qmail
Matt Brookings wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christopher Chan wrote: Hello all, Is this at all possible? Right now I use postfix and I only have a qmail queue just for vpopmail to install but qmail is otherwise not at all involved. We'd love to see vpopmail work with Postfix, but I just don't have enough experience with Postfix to do this. It would be nice for vpopmail to have a 'forward-end' module for working with different MTAs, but as I said, my Postfix experience is rather limited. Right now I can use either maildrop or dovecot's lda with postfix. No injecting into a qmail queue for final delivery into the vpopmail mail store. Are you saying you would like a vpopmail lda for postfix? Something that supports dot-qmail rather than whatever maildrop or dovecot provides? !DSPAM:4a971a9232713628818702!
[vchkpw] Untie vpopmail from qmail
Hello all, Is this at all possible? Right now I use postfix and I only have a qmail queue just for vpopmail to install but qmail is otherwise not at all involved. cheers, Christopher !DSPAM:4a95faa332711464897620!
Re: [vchkpw] rsync
Tariq Azad/OPS wrote: Did any body tried using rsync to replicate between backup and primary qmail servers. Is it recommended for a Qmail hosting multiple domains having more then 7000 users. Try nfs or whatever backend storage interface you fancy for your storage server and put /home/vpopmail/domains there. !DSPAM:47a32ca0310542069149568!
Re: [vchkpw] rsync
Tariq Azad/OPS wrote: Did any body tried using rsync to replicate between backup and primary qmail servers. Is it recommended for a Qmail hosting multiple domains having more then 7000 users. Sigh, I guess you meant qmail configuration and not the mail store. Don't post when you get back home late from work. You could try putting bits of qmail on a shared filesystem of some sort but /var/qmail/queue will be local to the box. Changes to /var/qmail/control/*, /var/qmail/users/* will then be effective immediately without affecting the queues. !DSPAM:47a32d9a310544057367207!
[vchkpw] Backup of vpopmail account databases and mailstore was Re: [vchkpw] Re: rsync
Stephane Bouvard (ML) wrote: Hi, ,- - [ Le vendredi 1 février 2008 vers 15:28 Christopher Chan écrivait: ] - - | Did any body tried using rsync to replicate between backup and primary qmail servers. Is it recommended for a Qmail hosting multiple domains having more then 7000 users. Try nfs or whatever backend storage interface you fancy for your storage server and put /home/vpopmail/domains there. | `- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Storing mail accounts on any backend storage does not have anything to do with the need of backup... nfs or local, the mails must be backup at least every day... Heh, sorry for confusing you with my confused post. I doubt the OP was yapping about backup, as in in case you lose data, at all. Mail accounts != mailboxes...at least I consider mail accounts to be whatever is stuffed into the cdb|mysql|pgsql|whatever databases and contain username, password, home directory and what not information and can be be separately maintained from the mailstore. We are doing backup trough rsync, and when the mail accounts take more than 10GB (meaning a lot of mails !), the backup take really a lot of time, we needed to split the backup domain per domain... Do you use snapshots or separate your mailstore per domain? !DSPAM:47a3bbd7310541326559512!
Re: [vchkpw] rsync
Now if you only do a normal rsync backup, it's also lost for good, you can not recover, doing it my way means we can recover, might have lost a couple days but we can recover their mail (so long as they dont go away for over a week anyway hehehe) That is why I rsync to a backup server running zfs and use snapshots. I have been able to restore mails that a user deleted accidentally just before a rsync (rsync runs once an hour during working hours) thanks to snapshots. !DSPAM:47a3fc35310541048310599!
Re: [vchkpw] qmail + smtp-auth + chkuser + vpopmail = messed up pipes?
http://qmail.jms1.net/patches/combined.shtml Try the patch there. And take this up with Mr. Simpson if you have problems with his patch (you should not) !DSPAM:47a1341c310546330020416!
Re: [vchkpw] OT - Preferred File Systems
Patrick Ale wrote: On 12/23/07, Christopher Chan [EMAIL PROTECTED] wrote: Patrick Ale wrote: On 12/22/07, Christopher Chan [EMAIL PROTECTED] wrote: snip PSU = Power Supply Unit, and you need at least two of them when using XFS IMO (and according to SGI self). A UPS is also good but it only helps you against power delivery issues. It doesn't help against people working in your server racks and accidently yanking cables or a PSU blowing away. Now that is a good point. Okay, two redundant PSU plugged into an UPS. Battery-backed caches are caches (mostly on RAID controllers) that will hold the data for an X amount of minutes while the power delivery is interupted, allowing the disks to sync up. The OP was asking for a filesystem for a RAM-based drive for a qmail queue. No BBU cache involved. His RAID system will be used for the mail store and it most probably has BBU cache but then again that may or may not protect against data/metadata sitting in the kernel cache. !DSPAM:47710b3a310548132029000!
Re: [vchkpw] OT - Preferred File Systems
Ed McLain wrote: snip As for recoveries after a hardware failure, I've only had to do 3 or 4. On one of them we had a buggy version of xfs_repair, and that caused some weirdness, but we had done a full dd before the restore to a secondary disk.. After upgrading xfs_repair we got back everything with no corruption that we could find.. Now, that's not to say that a man page didn't have null's in it, but everything we wanted was there and in tact. snip Man pages? You had existing files corrupted? Now that is something I have not had with ext3. As for XFS, I did lose one filesystem but I cannot pin it down to XFS code with certainty because that happened after a crash although I have not lost any ext3 filesystem due to a crash yet. In any case, my previous mail was about files that were created just prior to a crash or a power cut, not existing files. Existing files should not get corrupted. If a filesystem cannot guarantee integrity of existing files both in a data and metadata sense, then I'd say that is a candidate for 'untouchable'. When you are dealing with a mail queue, as the OP was asking about, you do want data integrity because once the mail has been queued, the sending side will deleted its copy as you have now assumed responsibility for delivery. This really means that only filesystems that do full journaling can meet such a criteria. If you do not mind losing whatever was very recently queued in the event of a crash/power cut, then go for XFS. !DSPAM:476d1d36310541813613882!
Re: [vchkpw] OT - Preferred File Systems - I-RAM Drive
Jeff Koch wrote: By the way, to give you an idea of the speed of the i-ram drive with the XFS file system we tar-zipped the entire /usr directory into an 811MB archive. It took 54 seconds to untar-unzip it on a 4GB I-Ram drive and 141 seconds on a Seagate 750 GB SATA drive with the ext3 filesystem in the same machine. The CPU is a Core-Duo 6400 with 4GB RAM. ...how about apples to apples? Like when time it takes with the i-ram when it is formatted with xfs and when it is formatted with ext3? Straight file copies are even faster. Duplicating the same 811MB archive on the I-Ram took 13 seconds on the I-Ram drive and 43 seconds on the Seagate. My plan is to use the I-RAM for the following directories; var/qmail/queue var/qmail/simscan var/log Don't you want a more permanent record of logs? maybe /tmp let me know if you guys think of any other directories that would benefit from the speedup. Also, since the i-ram's battery backup only lasts a few hours we added some startup scripts to rc.local that try mounting the i-ram and then test for the existence of some key files. If they don't exist or the i-ram can't be mounted we then we assume the RAM got erased and use parted to re-create the partitions and mkfs to add the xfs filesystem. Then we mount the i-ram drive and copy over and untar the directories that we backed up upon shutdown (and also backup every few hours). That is assuming a complete power loss. The battery backup does not come into play if the server is turned off but still connected to the mains. The I-RAM will draw from power so long as the power supply is connected and not switched off. !DSPAM:476e0ebd310543618740901!
Re: [vchkpw] OT - Preferred File Systems
Patrick Ale wrote: On 12/22/07, Christopher Chan [EMAIL PROTECTED] wrote: snip I'd say XFS. But with the restriction you have battery-backed caches and redundant PSUs. XFS is so fast cause of it's caching mechanism. A power failure without battery-backed caches or redundant PSU will make you cry. And after you cry chances are very big you'll cry a lot more due to corruption. I think you meant having a UPS system. The I-RAM is a DRAM media drive and as such it has zero caches and we want to protect against the contents in main system RAM not making it. !DSPAM:476e0fa6310541573590211!
Re: [vchkpw] OT - Preferred File Systems
Jeff Koch wrote: We're setting up a new mailserver with a Gigabyte i-ram drive to handle the qmail queue, and qmail logs. The i-ram drive uses standard DDR modules, has a battery backup and is lightning fast - much faster than solid state drives. We'll use SATA RAID for the maildirs and remainder of the server. I'd like to get some input on the best filesystem for the i-ram drive. EXT3 is out because writes are slowed to the speed of a hard drive. I'm leaning towards reiserfs or xfs. However, I've read (wikipedia) that reiserfs is easily corrupted. xfs seems the best. You mean using ext3 on the i-ram gets you the speed of a hard drive? try running ext3 with data=journal (full journal mode) and with noatime. xfs may have the best performance but its data integrity is the worst of all the filesystems available for Linux besides being one of the buggiest. It is the filesystem with the largest codebase there is and it is a filesystem that was ported to Linux with lots of workarounds to work with the Linux kernel. xfs only journals metadata so you will have an intact filesystem but you will get in files after a crash or after power loss. No, the i-ram will not make a difference for xfs will use main memory for data caching. Data will not get a chance to hit the i-ram in the event of a crash or a power cut. reiserfs assumes perfect media which is why it is easily corrupted. The i-ram will probably not give you that problem and besides, this is the qmail queue you are talking about. It probably will not store that much mail at all. I am amazed that you feel comfortable with just 1GB. I would have thought that maybe using the i-ram as an external journal for an ext3 filesystem on SATA disks in full journal mode would have been better. You can also give jfs a shot. It is robust and comes second in most filesystem tests whether they are reads, writes or writing time at least according to Bruce Guenter's maildir suitability benchmark. (google fsbench) !DSPAM:476c50fd310541151219808!
Re: [vchkpw] OT - Preferred File Systems
Ed McLain wrote: XFS.. I'm addicted and will freely admit it. We ran some benchmarks a while back between EXT3, XFS, JFS, and ReiserFS with both qmail and mysql. While MySQL didn't care much, qmail was able to deliver between 10,000 and 20,000 messages per minute more on XFS than either other option. Also, having had to recover data from all filesystems listed due to hardware or other failures, XFS has been the most reliable and easiest to recover. Reiser and EXT3 were the worst. Just my .02. XFS has the most aggressive data caching schemes of all the filesystems available for Linux. Are you sure it is the most reliable and the most recoverable? I have always found files stuffed with nulls on a xfs filesystem after a crash or a power cut. Never a completely corrupt filesystem but definitely zero data recovery for freshly created files just prior to crashing. That is notwithstanding xfs shutting itself down for no apparent reason (the box did not crash, no disk errors in logs, etc) which may be resolved by remounting or a reboot but in some cases, a repair was needed. !DSPAM:476c52db310542446110226!
Re: [vchkpw] [OT] IMAP Servers: Dovecot or Binc?
Ed McLain wrote: The answer is a bit of yes and no. The code is there but Dovecot doesn't by default set the TCPLOCALPORT setting which is what allows vpopmail to limit users to webmail, pop3, or imap access. I've written a patch to add that and it is attached to this email. As an FYI, my configure string for Dovecot with vpopmail is as follows and the CFLAGS pass to configure is required to enable roaming users support: cd /dovecot/build/path/ patch -p1 dovecot-vpopmail.patch ./configure --with-pop3d --with-vpopmail --prefix=/opt/dovecot --with-ssl=openssl --without-passwd --without-passwd-file --without-shadow --without-static-userdb CFLAGS=-DHAVE_VPOPMAIL_OPEN_SMTP_RELAY What is that vpopmail patch? dovecot already supports vpopmail since 0.99 which is what comes with RHEL4/Centos4. !DSPAM:476a3263310541393811953!
Re: [vchkpw] [OT] IMAP Servers: Dovecot or Binc?
[EMAIL PROTECTED] wrote: Hi, Inspired by you discussion I moved from Courier to Dovecot yesterday. All took some 30 minutes and now it os waroking like a charm. That is good. So far customers are not complaining :) I got some 60-70 domains and some 4k accounts. What luck. Just follow Dovecot Wiki :) and do it on a test/staging box first. !DSPAM:476a3f5c310541700068068!
Re: [vchkpw] [OT] IMAP Servers: Dovecot or Binc?
[EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: Hi, Inspired by you discussion I moved from Courier to Dovecot yesterday. All took some 30 minutes and now it os waroking like a charm. That is good. First advantage I noticed is that login failure take less time. With courier it took some 15-2- seconds before it said access denied. Now it is immediate. Say...did you have to apply a vpopmail patch? !DSPAM:476a5dc7310544721810741!
Re: [vchkpw] [OT] IMAP Servers: Dovecot or Binc?
Shane Chrisp wrote: On Thu, 2007-12-20 at 20:19 +0800, Christopher Chan wrote: [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: Hi, Inspired by you discussion I moved from Courier to Dovecot yesterday. All took some 30 minutes and now it os waroking like a charm. That is good. First advantage I noticed is that login failure take less time. With courier it took some 15-2- seconds before it said access denied. Now it is immediate. Say...did you have to apply a vpopmail patch? I did apply the patch by hand, but its not really needed. Yeah, from what I gather, dovecot sasl in 1.x will do just fine for me. I must say that im totally impressed by the speed improvement on large Maildirs. Hmm...maybe I should upgrade my dovecot installation. !DSPAM:476b4e74310543555812734!
Re: [vchkpw] unable to read /etc/tcp.smtp.cdb: out of memory
Tariq Azad wrote: I am having following error in log tail -f /var/log/qmail/qmail-smtpd/current warning: dropping connection, unable to read /etc/tcp.smtp.cdb: out of memory on building the cdb file the error disappears for a while but comes up after 5 min or less. Try increasing the amount of memory allowed by tcpserver in your qmail-smtpd run file. !DSPAM:475cd73132002247739603!
Re: [vchkpw] After 7 years of neglect Qmail is now ours
Public Domain. That is a valid choice on SouceForge. :-) I hope you can garner more support. Me too... We'll see I'm about to reply to you on the qmail list and we'll see what happens... Well, now that Charles has responded... You did previously say that you would rather not have a qmail specifically for vpopmail. Are you going to stick to that? At the moment, I do not see netqmail adding support for user verification at rcpt to time in the near future... !DSPAM:4756b83c32001521588453!
Re: [vchkpw] After 7 years of neglect Qmail is now ours
Yes. As far as I am concerned, the project is not possible without the support of the major qmail players. I will probably see about shutting it down. none of the lads here interested? I doubt many of you use vpopmail with postfix like i do and now that qmail is public domain, i will probably try to lift some code for a postfix qmail lda...but surely there is interest in a proper qmail based smtp frontend? At the moment, I do not see netqmail adding support for user verification at rcpt to time in the near future... We'll see what happens. I haven't had a chance to look at netqmail-1.06 yet, but I see it is now out. Same as netqmail-1.04 plus the qmail-isoc patch for the qmail-smtpd signed integer bug. So no vpopmail user verification support. !DSPAM:4757611532006275313444!
Re: [vchkpw] After 7 years of neglect Qmail is now ours
I don't know if it'll be approved, but I got the qmail project name on SourceForge, minutes after I heard it was put in public domain. congrats on getting the qmail project name. !DSPAM:475646bf32001869215925!
Re: [vchkpw] After 7 years of neglect Qmail is now ours
Michael Johnson wrote: For those that don't mind Flash, there is also a video up on Google Videos (http://video.google.com/videoplay?docid=-3147768955127254412) where he announces it as well. I just can't help but wonder if his action is too little too late. Who cares? Those who hate DJB will consider it so no matter what and those who love his stuff will be the more merrier now. The thing I am interested in is that he did say something about future releases of software. What I would like to know is what does he have on his plate to give us?. !DSPAM:47548e0332001922415628!
Re: [vchkpw] After 7 years of neglect Qmail is now ours
The question in my mind is who will own the name qmail, and what product, if any, will bear that name. I don't know if it'll be approved, but I got the qmail project name on SourceForge, minutes after I heard it was put in public domain. What license? GPL or BSD? :-D I hope you can garner more support. !DSPAM:47549b5332001257442616!
Re: [vchkpw] can't make chkuser 2.09 work
[EMAIL PROTECTED] wrote: tonix (Antonio Nati) wrote: What does chkuser log say about passing messages? As I said in my initial message, I can't find any chukser logs anywhere. qmail and vpopmail write to /var/log/mail/info But that file contains no data for chkuser. Logging IS enabled, via chkuser_settings.h: http://sitefoundry.com/misc/chkuser_settings.h I don't understand why the new qmail-smtpd with chkuser seems to work fine from the command line but does not seem to work when called via SMTP. what user privileges are you running qmail-smtpd with? May it cannot read vpopmail owned files? Did you do your testing as root and not under the same user id set in the run file for qmail-smtpd? !DSPAM:474adc0832001797016279!
Re: [vchkpw] can't make chkuser 2.09 work
I think this is the right line of inquiry, but I don't know why what I've already tried hasn't worked. Part of the problem is that chkuser is not writing log files, so diagnosis is hindered. Summary: - When I test qmail-smtpd manually (from the command line) as root, chkuser rejects bad addresses. - When I run qmail-smtpd via tcpserver as UID qmaild, chkuser doesn't reject bad addresses -- regardless of the setting for CHKUSER_ENABLE_UIDGID - When I run qmail-smtpd via tcpserver as UID vpopmail, chkuser doesn't reject bad addresses Trying running as on the commandline as vpopmail or qmaild. Initially, my /var/qmail/supervise/qmail-smtpd/run script executed qmail-smtpd as UID qmaild, because that is what the LWQ docs recommend -- see section 2.8.2.2, the supervise scripts, here: http://lifewithqmail.org/lwq.html#start-qmail :-) First I tried recompiling qmail+chkuser with the CHKUSER_ENABLE_UIDGID switch enabled. qmail-smtpd ran fine but chkuser would not reject bad addresses. No comment. Then I commented out CHKUSER_ENABLE_UIDGID, recompiled qmail again, and changed the qmail-smtpd/run script to run qmail-smtpd as UID vpopmail. chkuser still does not reject bad addresses. Sorry I need to look at the patch before I can say more on this but there is one more thing to try. Here is the qmail-smtpd invocation from qmail-smtpd/run: exec /usr/local/bin/softlimit -m 25165824 \ /usr/local/bin/tcpserver -v -R -l $LOCAL \ -x /etc/tcp.smtp.cdb \ -c $MAXSMTPD \ -u $VPOPMAILUID -g $VPOPMAILGID 0 smtp \ /var/qmail/bin/qmail-smtpd 21 The two problems currently are: 1- chkuser does not reject any mail received by qmail 2- chkuser does not write to the mail log It is as if chkuser is not compiled in at all -- but it is, as a command-line test reveals. Run the command as vpopmail or qmaild and, if you wish, strace it too. !DSPAM:474ae0ce32001872855899!
Re: [vchkpw] Qmail errors
Matthew Moore wrote: Hi, Yup they all have .qmail files. Qmail-inject has been recompiled a fair few times and has never fixed this issue even with completely new sources from Inter 7 themselves, unless you are talking a different type of fix? What patches does Inter7 have for qmail? The qmail-inject code for parsing To/Cc: headers chokes on stuff that other mta software accept without trouble. That code will have to be modified. regards, Christopher Cheers Matt JPC InfoNet Limited Registered in England No.: 2983145 Registered Office: 2 St George's Works Silver Street Trowbridge Wiltshire BA14 8AA t: +44 (0)1225 776 555 f: +44 (0)1225 774 299 Find us on the web at www.jpci.net - A Head Start for your business == The information transmitted in and/or with this email is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Statements and opinions expressed in this e-mail may not represent those of the company. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender immediately and delete the material from any computer. == -Original Message- From: Christopher Chan [mailto:[EMAIL PROTECTED] Sent: 22 November 2007 02:34 To: vchkpw@inter7.com Subject: Re: [vchkpw] Qmail errors Matthew Moore wrote: Hi, I can see in my qmail send log - @4000474479971c31105c delivery 79455: deferral: qmail-inject:_fatal:_unable_to_parse_this_line:/To: XX Car/write_to_qmail-inject_failed:_32/system_error_calling_qmail-inject/ Now what seems strange is the email has already been accepted by one qmail server and passed on to this one thats throwing up the above error. qmail does not parse emails received via qmail-smtpd. In other words, qmail-inject tries to get addresses from headers whereas qmail-smtpd does not. Other emails seem to be going through ok. They do not have bad To: headers. I read somewhere a post from last year by Jeremy that VPOPMails vdelivermail should be calling qmail-queue and not qmail-inject. Maybe...does vdelivermail call qmail-local or does it handle dot-qmail files itself!?!? Somehow I do not think this has anything to do with vdelivermail... The emails for users stuck in the queue throwing up that error all have forwards on to outside domains. Any pointers? 'Fix' qmail-inject? These forwarding accounts all have their own dot-qmail file right? !DSPAM:4746392932003816917612!
Re: [vchkpw] Qmail errors
Matthew Moore wrote: Hi, I can see in my qmail send log – @4000474479971c31105c delivery 79455: deferral: qmail-inject:_fatal:_unable_to_parse_this_line:/To: XX Car/write_to_qmail-inject_failed:_32/system_error_calling_qmail-inject/ Now what seems strange is the email has already been accepted by one qmail server and passed on to this one thats throwing up the above error. qmail does not parse emails received via qmail-smtpd. In other words, qmail-inject tries to get addresses from headers whereas qmail-smtpd does not. Other emails seem to be going through ok. They do not have bad To: headers. I read somewhere a post from last year by Jeremy that VPOPMails vdelivermail should be calling qmail-queue and not qmail-inject. Maybe...does vdelivermail call qmail-local or does it handle dot-qmail files itself!?!? Somehow I do not think this has anything to do with vdelivermail... The emails for users stuck in the queue throwing up that error all have forwards on to outside domains. Any pointers? 'Fix' qmail-inject? These forwarding accounts all have their own dot-qmail file right? !DSPAM:4744eaba32008730539314!
Re: [vchkpw] Two qmails in same machine
All that is needed is identical assign, rcpthosts and virtualdomains files for mail delivery and acceptance. Patched qmails may or may not need a bit more. I am retracting this comment if the setup is for one qmail instance to pass the mail to another qmail instance instead of both delivering to vpopmail. !DSPAM:4737c92e32001657985750!
Re: [vchkpw] Two qmails in same machine
Both qmail-smtpd instances can share the tcp.smtp.cdb file without trouble. Now that you actually brought up routing...I see that I have made a mistake. You must do your scanning with the /var/qmail instance or which ever vpopmail does it changes on. The other qmail instance must be the one that faces the internet. That should share the same rcpthosts file with the vpopmail supported qmail. Then you setup smtproutes to point all the domains to the scanning instance (/var/qmail). I have not looked at John's patches but I suspect you might need something else for recipient verification on the Internet facing instance...does your vpopmail installation support mysql? John Simpson's validrcppto will handle user verification provided you build the cdb file with his mkvalidrcptto script for the Internet facing qmail instance if your vpopmail does not use mysql. Also, the scanner instance will then not need recipient verification support at all. !DSPAM:4737ce2132001692820061!
Re: [vchkpw] Two qmails in same machine
Quey wrote: ed wrote: I think you should off load the processing work. Look into running a remote clamd/spamassing, or setup multiple mail hubs jms has a guide on that at http://qmail.jms1.net I agree he needs to offload, but the jms1 way seems very cumbersome. We have sendmail boxes as front line, that do all the pre-connect tests easily without adding in 35 patches like we have to make qmail modern-ish and then anti virus/spam/phishing/etc tests, one important factor is the milter smf-sav which asks the database server (we call) qmaster (a vpopmail/mysql db server) if user exists to avoid backchatter, if it does, then sendmail sends to qrouter which is a simple qmail/vpopmail install that accepts the mail and puts it into the users dir (which are NFS attached) all the nfs stuff and qmaster and qrouter all operate on pvt address space, on second gbit port for added protection, but of course could be run on live net interfaces if you dont have the option of dual ethernet. What do you use for recipient verification on sendmail? (we tried postfix with its remote recipient verification, but it cant handle the loads and even its author recommends not to use on very busy systems, we dont use qmail on the front line boxes because we dont have to fear breaking patches trying to incorporate RBL, SPF, SAV, DNS checks, badmx zone checks, bad helo, force helo, and milter-regex to stop all home users etc etc etc, sure we might end up geting qmail to do all these, but after how many hours, when with sendmail its just there and adding a milter after another milter cant break patching like with qmail :) ) That is odd. At Outblaze where I ripped out an inhouse custom sendmail (let's forget about the security holes that require immediate attention), I believe that, even if the sendmail mysql patch had some form of mysql pooling like postfix and thus not kill the mysql server with hundreds of connections (sendmail was configured to spawn up to 600 child processes but mysql connections are only opened after mails get past the filter rules), it would still not handle the load that postfix can (configured to handle 800-1000 connections depending on whether there is a flood of sorts, lower number when more ham is coming in) since 600 is the maximum we can configure for sendmail before the box starts swapping and load average was also higher when sendmail was running. Interesting that you find a complete opposite experience. Where does postfix fail? Large queues due to perhaps a larger ham to spam ratio in your environment? OB had something like minimum 90% spam so they managed with just dual PIII 800Mhz, 1G, dual scsi boxes on the frontends. Around 30 or so before I left. Wietse recommend that postfix not be used in very busy systems? That I find hard to believe. Perhaps you can post a link to his post. !DSPAM:4733cc7832001129620903!
Re: [vchkpw] Two qmails in same machine
So I have think that I could compile qmail one time and copy to two different locations for example /var/qmail and /var/qmail-scanning-server... is this possible? and is this possible without having two different vpopmails? two different databases for smtp auth... (Internet qmail scanner will be relay too) two differents tcp rules file... so could I share everything between them? What do you think about this idea have just had? You cannot compile qmail one time and install in two locations. You need to change conf-qmail for the second installation. After make setup check of the first install, do 'echo /var/qmail-scanning-server conf-qmail; make setup check' Nor do you need two different vpopmails. They can share the same databases...the problem really is keeping the configuration files in sync or just symlink /var/qmail-scanning-server/users/assign to /var/qmail/users/assign and other files that vpopmail touches. !DSPAM:4733ce4f32001150090198!
[vchkpw] vpopmail cdb backend
Hello, I have never used vpopmail with cdb. A script at inter7.com seems to indicate that user information is stored in a vpasswd cdb file for each domain. Is there any single cdb of all vpopmail users? regards, Christopher
Re: [vchkpw] Proper server backup
Howard Jones wrote: [EMAIL PROTECTED] wrote: Hi, If I had a server hardware failure... and my hardware breaks... so I need to set up a new one qmail server... what should I have backed up in my actual qmail server and how could I recover all data? I mean... I suppose I should compile, install and use the same vpopmail and qmail version. I suppose too I should have a backup of the mysql vpopmail database, /var/qmail directory and /home/vpopmail directory too, is enough having only this backed up? and later... I suppose I should overwrite /home/vpopmail and /var/qmail fully with my backed up version? but this couldn't cause later problems with courier-imap compiled binaries? because they're compiled with just have installed vpopmail libraries and not with backed ones? Thanks a lot mates Hope I have explained :) I'm pretty sure (someone will confirm?) that you *can't* backup the qmail queue and restore it elsewhere because it's designed around the inode numbers on the filesystem that you ran it on initially. For this reason, I would say don't backup /var/qmail/queue/* Pretty much flush or otherwise empty the qmail queue first, shut qmail services down and then backup. Or just backup /var/qmail/control /var/qmail/users /var/qmail/rc supervisescripts /var/qmail/alias and restore these over a fresh qmail installation.
Re: [vchkpw] vpopmail+courier-authdaemon problem on openbsd4.1
- courier-imap (4.1.2) with autentification via courier-authdaemon (0.59.1) against vpopmails vchkpw Sam has released courier-authlib-0.60.1. You may want to try that.
Re: [vchkpw] qmail high performance
The single best performance enhancer you could do would be the external todo patch, from my point of view. Depends on the filesystem. If the filesystem has indexed directory support, ext-todo should be sufficient. Otherwise, you need the big-ext-todo patch.
Re: [vchkpw] Vpopmail mysql and aborted clients
[EMAIL PROTECTED] wrote: sorry for insisting but this happens when courier enters, it's the same for pop, or imap or... in the moment courier enters in the play for imap only imagine because you use qmail-pop there in the way I told yesterday... after some time of inactivity happens this... sorry for insisting The problem does not really lie with courier. All qmail processes run under tcpserver and are only invoked when a connection appears. courier has this authdaemon that maintains persistent connections to mysql via the vpopmail library and so its behaviour is different from being run under tcpserver in qmail-smtpd or qmail-pop3d. This is why it appears that courier is the problem but it actually is not. It is just that courier has a different way of being run and this was not taken into account by vpopmail because none of the relevant qmail processes run persistently.
Re: [vchkpw] Vpopmail mysql and aborted clients
tonix (Antonio Nati) wrote: MysSQL has now an hardcoded timeout of eight hours. Courier uses it's authentication daemon with persistent attach to vpopmail/MySQL, it could be that during the night there are no requests, so MySQL connections are droppped (by MySQL). I thought this was addressed in a recent version of vpopmail?
Re: [vchkpw] vpopmail user/group
Have you created the vpopmail user and vchkpw group? If not you must. Yes, I will create they when installing the package in my destination host. This is the why I need to get these values into the package when building. The build host isn't my dest host. That is a tough nut to crack. IIRC, vpopmail default uid/gid conflicts with postfix on Redhat distros.
Re: [vchkpw] vpopmail user/group
Rick Widmer wrote: Christopher Chan wrote: Have you created the vpopmail user and vchkpw group? If not you must. Yes, I will create they when installing the package in my destination host. This is the why I need to get these values into the package when building. The build host isn't my dest host. That is a tough nut to crack. IIRC, vpopmail default uid/gid conflicts with postfix on Redhat distros. What is the problem? Just create the group and user with different values. It doesn't matter what the number is, it just has to exist when your run ./configure. Oh, the vpopmail uid and gid is not hardcoded into the binaries?
Re: [vchkpw] vpopmail user/group
Rick Widmer wrote: Christopher Chan wrote: Rick Widmer wrote: Christopher Chan wrote: Have you created the vpopmail user and vchkpw group? If not you must. Yes, I will create they when installing the package in my destination host. This is the why I need to get these values into the package when building. The build host isn't my dest host. That is a tough nut to crack. IIRC, vpopmail default uid/gid conflicts with postfix on Redhat distros. What is the problem? Just create the group and user with different values. It doesn't matter what the number is, it just has to exist when your run ./configure. Oh, the vpopmail uid and gid is not hardcoded into the binaries? The uid and gid are hard coded into the bianaries by ./configure. I cannot then use them on another host where they are different then.
Re: [vchkpw] vpopmail user/group
Rick Widmer wrote: Christopher Chan wrote: Rick Widmer wrote: Christopher Chan wrote: Rick Widmer wrote: Christopher Chan wrote: Have you created the vpopmail user and vchkpw group? If not you must. Yes, I will create they when installing the package in my destination host. This is the why I need to get these values into the package when building. The build host isn't my dest host. That is a tough nut to crack. IIRC, vpopmail default uid/gid conflicts with postfix on Redhat distros. What is the problem? Just create the group and user with different values. It doesn't matter what the number is, it just has to exist when your run ./configure. Oh, the vpopmail uid and gid is not hardcoded into the binaries? The uid and gid are hard coded into the bianaries by ./configure. I cannot then use them on another host where they are different then. No. Well, that was the whole point of OP's post and why I said it was a tough nut to crack. The OP wants to build a package that will be used on other hosts...
Re: [vchkpw] vpopmail user/group
Rick Widmer wrote: Christopher Chan wrote: Rick Widmer wrote: Christopher Chan wrote: Rick Widmer wrote: Christopher Chan wrote: Rick Widmer wrote: Christopher Chan wrote: Have you created the vpopmail user and vchkpw group? If not you must. Yes, I will create they when installing the package in my destination host. This is the why I need to get these values into the package when building. The build host isn't my dest host. That is a tough nut to crack. IIRC, vpopmail default uid/gid conflicts with postfix on Redhat distros. What is the problem? Just create the group and user with different values. It doesn't matter what the number is, it just has to exist when your run ./configure. Oh, the vpopmail uid and gid is not hardcoded into the binaries? The uid and gid are hard coded into the bianaries by ./configure. I cannot then use them on another host where they are different then. No. Well, that was the whole point of OP's post and why I said it was a tough nut to crack. The OP wants to build a package that will be used on other hosts... Then use the same numbers for the uid and gid values for all qmail and vpopmail users on all systems. Ah, but what can I do if those systems are not mine? I have been planning on make a package for Centos users and to have it included on one of the Centos repositories.
Re: [vchkpw] vpopmail user/group
Japheth J.C. Cleaver wrote: Christopher Chan wrote: Have you created the vpopmail user and vchkpw group? If not you must. Yes, I will create they when installing the package in my destination host. This is the why I need to get these values into the package when building. The build host isn't my dest host. That is a tough nut to crack. IIRC, vpopmail default uid/gid conflicts with postfix on Redhat distros. In vpopmail.spec... Conflicts: postfix :) I know you are joking but I use postfix with vpopmail. The thing that irks me is that Redhat chose to use the vpopmail uid/gid for postfix when other distributions like Debian had already used them as standard for vpopmail IIRC.
Re: [vchkpw] vpopmail or qmail problem?
Am I missing something obvious? I always thought -default was checked last and I can't see why its not using the exact match on .qmail-bob-clamav There was some discussion of enabling such support in vpopmail. If you look in your assign file, you will find that your address will become domain-bob and qmail-local will be told to look for dot files in /home/vpopmail/domains/domain. You are missing the effect of the virtual domains in qmail and vpopmail's assign entries.
Re: [vchkpw] vpopmail or qmail problem?
John Simpson wrote: On 2007-10-02, at 1928, Christopher Chan wrote: Am I missing something obvious? I always thought -default was checked last and I can't see why its not using the exact match on .qmail-bob-clamav There was some discussion of enabling such support in vpopmail. i'm not sure, but i suspect the discussion you're thinking of had to do with .qmail files within the MAILBOX (i.e. siblings of the Maildir folder) rather than in the domain's directory (i.e. one level up from the mailbox.) those would have to be processed by vdelivermail, while the .qmail files in the domain directory itself are processed by qmail-local, before vdelivermail is ever executed. I believe that is the one yes so it appears I have the details wrong and mixed up what is wrong with Andy's setup :-P
Re: [vchkpw] Shared libvpopmail thoughts
Also, just a supposition on my part, but if you're running (e.g.) courier-authdaemon linked against libvpopmail.so all the time, wouldn't that (theoretically) mean that other dynamically linked vpopmail programs would run faster than the static version since the library would already be loaded in memory? If so, perhaps the speed solution for a dynamic (e.g.) vdelivermail would be to run something that was dynamically linked all the time, so libvpopmail stayed in memory... Yes and no. If a third party program is statically linked the vpopmail calls are native to its memory space. So if the program is a long running process, it is actually faster than calling out to a shared vpopmail library. If the program is not a long running program, then it might take a bit longer due to the larger size of the binary. The static library is a megabyte in size so it would be nice to have a shared version in case one has a program that is run on the order of hundreds concurrently.
Re: [vchkpw] vpopmail and postfix
Quey wrote: Rick, I did not bother to read the guys second post once I got as far as outblaze as that said enough, however, how can anything to do with vpopmail be OT ? I had a private email from Wietse overnight showing me a work around, my only concern about postfix using mysql to auth user and get the dir for maildir how was it knowing/creating the users dir if not using any vpopmails utils adding users, since we do by direct INSERT into mysql where initially P/F would have no clue to its name where to put the mail, I have my answer so I don't need to carry on with this thread, however the point is vpopmail is a powerful pop3d, therefor getting any MTA to co-operate with it, I would have thought would be on topic, are you saying we can only discuss vpopmail and qmail related issues? Not being sarcastic, just inquiring as why you are limiting discussions, I am fully aware of your alliances with qmail, is this the reason? As I would have thought the wider available usage the better, perhaps this is why google shows no help. Authenticating the user should be the least of your problems. The real problem is trying to get postfix provided delivery agents to work. I do not bother. it is either hand off to qmail or use maildrop. Setup 1) postfix + maildrop + courier-auth + vpopmail + mysql (no qmail local delivery therefore no dot-qmail) point virtual_mailbox_domains to /var/qmail/control/rcpthosts use virtual_mailbox_maps to look up users in mysql set virtual_transport to maildrop (entry must be in master.cf) limit maildrop transport to one recipient only. The challenge will be getting courier-auth to compile against vpopmail and then getting maildrop to compile against courier-auth. Setup 2) postfix + mysql + qmail + vpopmail + vdelivermail trick as listed on vpopmail postfix.txt file. I did this differently but the above should work and is better for setup 1 is a refinement over my first version of setup 2. the only changes will be the virtual_transport = vdelivermail and you get to keep dot-qmail capability. I have not looked at a vpopmail + cdb backend but you are smart and should have no problems figuring that out. Have fun.
Re: [vchkpw] vpopmail and postfix
has anyone actually got postfix to work with vpopmail using the current stable release? I have and it would have been documented here if I had actually got round to completing it. http://wiki.centos.org/HowTos/vpopmail Not that I know of. Vpopmail is tightly integrated with qmail, and making it work with another mail server is probably easiest if you just start from scratch. Certainly if you want to keep the qmail way of doing things. This thread looks more like a sendmail vs. postfix rant to me... It does not belong here. If he had just keep his trap shut about sendmail versus postfix I would not have felt necessary to say anything about it since I know sendmail, postfix and qmail and I do not like people jammering about this is the best and the rest are crap when they all have their strengths and weaknesses.
Re: [vchkpw] vpopmail and postfix
Quey wrote: Christopher Chan wrote: I think it is your subconscious dislike of postfix that is preventing you from exploring postfix and really make full use of its capabilities. possibly, it may have a lot to do with all the postfix spammers, oh why use sendmail piss it off use postfix its better, kind of like the rest of the spam we all been getting for years mines bigger than yours ... well sorry, I disagree I have run it before and i find sendmail just as or more flexible, but I admit it is each to our own, I only wish sendmail natively supported maildir without messy use of maildrop. You are free to hit Spam-L and call Outblaze spammers. I do not work for them any more but I dare say you will be run of the list. It is really strange that you start off with 'postfix spammers'. In my over three years of fighting bounce floods from joe-jobs, fighting scripters and 419 scammers, I have never seen postfix as part of the problem. There has not been one remotely exploitable root hole in postfix but as for sendmail, I have had to patch, recompile and reinstall sendmail at least 4 occasions in my first year with Outblaze before I had to rip it out and replace it with postfix. I ripped sendmail out, not because of the need to patch security holes, but because the mysql patch was hammering our mysql servers into the ground so I guess I cannot blame sendmail itself on that score but I do believe I can lay part of the spam blame at sendmail for its insecure code since not all 'admins' out there maintain their servers properly. Just recently I had to tell one 'admin' to seriously reconsider not using Redhat 9 and the sendmail that comes on disk. Unless you use milter, there is no way sendmail is more flexible than postfix. As an example, if you can come up with a sendmail ruleset that incorporates both sender and recipient into its consideration, I take that back. I will accept and I did say that sendmail gives you more control due to its rulesets but I disagree on flexibility. Of course, one would now just pass on all this stuff to a milter and forget about driving yourself crazy with sendmail rulesets. procmail supports maildir...but yes, it is hard to get a virtual mail solution ala vpopmail. incidently I also have manage large networks, one recently a top 5 national telco in my country so your 30 million email blah blah doesnt astound me or shock me, it is however rather typical of the snotty nosed postfix spammers. I'll use cyrus with sendmail over postfix anyday, and since you have contributed nothing of consequence to this thread your opinion means as much to me as the kid who lives next door that runs his works 3 person exchange server. OH, you do not want to know how to get postfix to check for mailbox existence at smtp time? Okay. My interest was in not having to change the current setup where I am now, which as I said is fed by bunch of sendmail servers that handle the job well, I was just exploring other possibilities, where I am now we certainly will not move from vpopmail because all that data on those FAS6000's would be a nightmare if something went wrong, and I'm very happy with vpopmail, its very effcient and fast. No way did I imply moving away from vpopmail. Why build your own when vpopmail does such an excellent job of it? In both setups, use of vpopmail tools is basically all that needs running to configure postfix after the main postfix configuration is done. If vpopmail does not have that domain or that user, it is get lost at RCPT TO. What are you using for your backend? mysql or cdb? Did your sendmail bigot of a mind prevent you from seeing that postfix can directly use vpopmail user databases for user existence checking? I have done a cdb patch for sendmail if you want to continue to use sendmail but it was done for sendmail 8.12.7 so I guess it probably needs updating...
Re: [vchkpw] vpopmail and postfix
Quey wrote: Hi All, Currently we have a large setup of domains and users, we have a couple of qmail boxes, which are fed by front line sendmail boxes, since its a sinch to have all todays modern anti-spam and whatever else, this way qmail machines only ever see real email (apart from answering a sendmail milter question for users existence, as much as I detest postfix, it has close to the same capabilites as our sendmails, and is apprently capable of working with vpopmail, I have followed the postfix.txt file, however it does not work, it does not deliver mail to the user, it blindly accepts mail for non existent users (who knows what it does with it anyway since it doesn't deliver to users that do exist) so has anyone actually got postfix to work with vpopmail using the current stable release? If so did you run into this problem, any hints? or is it my subconcious dislike of postfix that made me overlook something :)? Detest sendmail? I frigging got rid of the custom mysql table enabled sendmail when it started killing the system due to a minimum three month long bounce flood and replaced it with postfix in 2003 when I work for a service provider that manages over 30 million mailboxes and handles 200 million email transactions on average daily. postfix has far more flexibility in its rules although less power/control than sendmail rulesets. As for integrating postfix with vpopmail, I have setup two different systems. In the first one, qmail will do the final delivery and so dot-qmail is in effect. In the second system, qmail is all but eliminated. Local delivery is handled by postfix but dot-qmail capabilities were lost. I think it is your subconscious dislike of postfix that is preventing you from exploring postfix and really make full use of its capabilities.
Re: [vchkpw] Rethinking qmail : was Re: [vchkpw] how use chkuser on dmz
People has not the courage to say that Bernstein design and coding is horrible. ??? QMAIL was a secure product and a good academic programming model, ten years ago. Now, a modern MTA facing millions of emails has completely different problems from the ones Bernstein faced. But he made a closed architecture, not a modular one, adding a no-sense license. Hmm...qmail is STILL a secure and a good programming model. I don't see how it has become unsecure. Perhaps you can enlighten us on that. As for programming model, I don't see a problem. The only problem I see is the lack of certain capabilities and qmail's current architecture. Actually, not a problem with the design of the architecture but the state of it. postfix uses the same architecture with certain improvements like persistent daemons in the manner of httpd and a more advanced queue manager. If postfix had dot-qmail support, it would become rather complete. postfix code is however harder to follow than qmail's. Plugin is slow, and does not let do anything important, just side checks. The core is untouched, and here the problem is the core. Yes, the core can do with some improvements for certain scenarios. QMAIL has a lot of problems; the mail world has changed but QMAIL is designed to be impossible to change because of the presunction of Bernstein of being a perfect designer. qmail does not have a lot of problems. Quite bug free and secure :D. DJB is a perfect designer. The fact that Wietse uses the same basic design speaks for itself. We are only complaining that he has stopped and not continued. QMAIL is no more mantained because Bernstein is prisoner of his wrong architecture. He cannot improve it, because he should change all the architecture, and none would follow him today on the same licensing scheme. I am sorry but I really doubt you can do any better. Do you plan to show us by writing your own MTA? No one follows him on the licensing because corporations have made sure that things have become so muddied that no one would risk not specifying a license...but others have taken it a step further and made licenses to 'fight' back like the GPL. I find it ludicrous that software is 'licensed and not sold'. I can very do anything I like with a book I bought and that goes for software. Qmail is only an academic example of programming, that in real life should never be used by expert programmers. ROTFL. When you manage a software project that has as clean a record as qmail with respects to bugs, come back and let us know. Not even postfix can claim anything near qmail's record. Just my 1 eurocent. Soon I will have my 1 plastic HK Dollar.
Re: [vchkpw] Rethinking qmail : was Re: [vchkpw] how use chkuser on dmz
QMAIL was a secure product and a good academic programming model, ten years ago. Now, a modern MTA facing millions of emails has completely different problems from the ones Bernstein faced. But he made a closed architecture, not a modular one, adding a no-sense license. Hmm...qmail is STILL a secure and a good programming model. I don't see how it has become unsecure. I said it was because at that time it was the unique one to be so safe. Now that other products give good security, the lack of features outperforms the need of security. I do not see how that makes it a 'was secure'. Even you make the point that its problem is the lack of features and not that it has somehow become insecure. Features is not the same as security. Anyway, programming model is horrible, despite of other considerations. You have not made any qualifying statements on this other than your insistence on your opinion. Saying the programming model is horrible does not make it so. I have pointed out that the code is readable. Let me explain that a bit more. The flow is readily discernible and I doubt that is a mark of a poor programming model. Perhaps you can enlighten us on that. As for programming model, I don't see a problem. The only problem I see is the lack of certain capabilities and qmail's current architecture. Actually, not a problem with the design of the architecture but the state of it. postfix uses the same architecture with certain improvements like persistent daemons in the manner of httpd and a more advanced queue manager. If postfix had dot-qmail support, it would become rather complete. You call that same architecture? I don't see why not. One can always swap out the tcpserver and qmail-smtpd combination with something else similar to postfix's master + smtpd combination. So it becomes a matter of the components. If that does not show that it is the same architecture then I do not know what you mean by architecture. One can do the same for qmail-send qmail-lspawn qmail-rspawn qmail-local qmail-remote. QMAIL has a lot of problems; the mail world has changed but QMAIL is designed to be impossible to change because of the presunction of Bernstein of being a perfect designer. qmail does not have a lot of problems. Quite bug free and secure :D. DJB is a perfect designer. The fact that Wietse uses the same basic design speaks for itself. We are only complaining that he has stopped and not continued. If the architecture cannot grow, designer wasn't that good. Bah! You claim that the architecture cannot grow. I call nonsense on your assertion. postfix uses the same basic design, the difference only being the components and postfix has demonstrated quite clearly that the design is good and efficient one. Just because qmail's components are lacking in certain behaviours and features does not mean that the architecture design was bad. QMAIL is no more mantained because Bernstein is prisoner of his wrong architecture. He cannot improve it, because he should change all the architecture, and none would follow him today on the same licensing scheme. I am sorry but I really doubt you can do any better. Do you plan to show us by writing your own MTA? I've not fear of that. I'll have spare time (I have to work, I'm not that rich) I will do. Funny that. DJB too had to work when he wrote qmail and I believe he is still working. ROTFL. When you manage a software project that has as clean a record as qmail with respects to bugs, come back and let us know. Are you speaking of Open Source or professional projects? I can tell you about projects I worked on: transactional systems, telex switching systems, and so on. Millions/hundreds thousand lines of code, zero final bug (and very few during development) because of a very good design of systems. Great. I await your qmail replacement. Bug free does not mean anything, when software is hard to change and makes easy to add new errors. And difficult code does not mean good code, as in this case. You find qmail code to be difficult? Now that is a laugh...I find it rather readable compared to other stuff I have looked at. Not even postfix can claim anything near qmail's record. Postfix takes the risk to grow, while qmail is perfect (according to you) and dead. Since when did I say it was perfect. I have quite clearly pointed out that I am complaining of DJB's lack of continued development of qmail. I have gone so far as to advocate postfix in replacement of qmail in a wide variety of environments but not a lot on this list. You however have called to question not its lack of features/development of features but its architecture and programming model without any case for such criticisms other than your opinion.
Re: [vchkpw] vpopmail sans qmail.
... You apparently do the way it was formerly done too at the outfit; generate cdb and then scp the cdb file across to relevant boxes. What did you do to ensure that it is an atomic operation on the push/copy out to mailhub? the mailbox server sends the file using a command line this: cat file | ssh -I id_dsa_blah [EMAIL PROTECTED] filename the SSH key is in the authorized_keys file on the mailhub, with a forced command which uses the original command as a filename... it makes sure the filename is one of a small number it recognizes, and then runs a specific handler for each file. for validrcptto.cdb it does this: case validrcptto.cdb ) cat validrcptto.new chmod 644 validrcptto.new mv validrcptto.new validrcptto.cdb ;; and /var/qmail/control/validrcptto.cdb is a symlink to the file in this non-root user's home directory. other files which need to be atomically updated work the same way. Interesting. Thank you. for my needs and my clients' needs, my patches are the best solution. they may not be for everybody, which is why i'll explain the differences between validrcptto.cdb and chkusr, but i don't claim either one to be better than the other. different people have different needs. Yes, so long as you do not need the 'instant' creation of accounts or what not, your system will do fine for those who have a controlled generation of the cdb files. i've never had anybody get upset over a ten-second delay (which is actually why i wrote the onchange patch, to kick off this whole distribution process... the delay was previously up to one minute, and even that i never heard any complaints about.) If only we could build a cdb file in ten seconds...we have too many records do to it in that space of time. For your traffic patterns, cdb will probably do. The outfit I worked for handled on a daily average, 200 million SMTP connections or over 8 million connections hourly. It was not acceptable to spend minutes pushing the cdb file across for the mailhubs and probably still is. (Please don't give me the get proper hardware. If I could have gotten more servers or replacements that had better disk i/o...) actually, once the process started, the new cdb files were active on the mailhubs in under five seconds. i'm not running a system the size of gmail, and i doubt anybody else on this list is either. :D I am sure that the outfit would be very pleased to be compared to Gmail. ROTFL. I have done sendmail, postfix and qmail. qmail is the best in that it is simple and elegant. I had colleagues who would not touch qmail with a ten foot pole. They did not care to delve into the internals of qmail and qmail is a pain if you have to go in the clear out spam. sendmail and postfix are much better in the queue management area. after i wrote the validrcptto.cdb patch and stopped accepting messages for non-existent mailboxes to start with, it's rare for my queue to have more than five messages in it. i saw the same results with my clients' servers, when i upgraded them to use the validrcptto.cdb feature. This is fine for low trafic sites. When I was still working for that outfit, the problem was to keep the spam away from existing mailboxes and preferably not even allowing it into the queues. Stopping qmail-send to scrounge out spam and then making sure you delete the stuff properly and do not end up with a corrupt queue is not their cup of tea since it is something they have to do regularly (yes...partly free webmail provider). if they can identify the messages they don't want (using grep or whatever) then instead of DELETING them, they can simply touch the mess/*/___ files with an old timestamp (i use 1998-01-01 00:00:00 for this) and then kick the queue by sending an ALRM signal to qmail-send. what happens is that qmail-send will try each message exactly one more time, and then delete it through the normal timeout mechanism. which means that, for individual spam-deletion cases, qmail-queue never needs to be stopped at all. the only time i ever stop a queue is if the filesystem has filled up and caused real corruption. When a scripter manages to stuff your queues with over 500k messages of rubbish, the last thing you want to do is to let any of it out let alone wait for it to disappear. The queues need to be cleared right away before you get even more bogged down. Don't give tell me about qmHandle. That script is broken and will leave you with corrupt bounce messages under certain conditions besides being awfully slow. i've never used qmhandle. i wrote my own qfixq script years ago, and tested the living daylights out of it. and since releasing it, whenever somebody reports a problem with it, i fix it and release a new version immediately. the version on my web site has been free of any reported bugs since 2005-08-30, and the only change since then was to add an empty option to
Re: [vchkpw] vpopmail sans qmail.
John Simpson wrote: On 2006-12-22, at 1006, Christopher Chan wrote: John Simpson wrote: http://qmail.jms1.net/patches/validrcptto.cdb.shtml There is a better patch for vpopmail support in qmail. A mysql patch that goes straight the vpopmail mysql database but I am not sure of its location. The writer even rebuffed one of Inter7's developers when someone floated the idea of qmail supporting vpopmail's mysql tables and the developer said he would write it since he was not aware of the patch's existence. So I believe the Inter7 guy drop it right then and there or maybe not. I believe it is this one here and the writer was Italian: http://www.interazioni.it/opensource/chkusr/ that's all well and good, IF your incoming mail always arrives on the same machine where vpopmail is running, IF you don't mind re-compiling qmail everytime vpopmail is upgraded, and IF you keep your user information in a mysql database. If it ain't broke...I don't see why people would want to upgrade vpopmail unless there is a security fix or a feature that they need. Realistically, it cannot be as bad as you make it. most ISPs handle a large enough volume of email that they have several internet-facing servers which handle the flood of incoming mail, and forward the legitimate messages to an internal machine which contains the mailboxes. the one mailbox machine will be running vpopmail, but the other internet-facing servers (i call them mailhubs) are generally not running vpopmail, which means they are not able to check recipients or process AUTH commands against the vpopmail information. i've seen people get around this using mysql, both by having the mailhubs connect across the network to a database server, and by setting up mysql servers on the mailhubs and replicating the data. but what if the company isn't using mysql in the first place? (i spent eight years building and running ISPs with this exact scenario- multiple mailhubs, no mysql. yes, we had a customer database- but that was for billing, and it wasn't directly involved with the mechanics of the systems themselves.) my validrcptto.cdb and auth.cdb patches get around these problems by storing the list of valid recipient addresses and the list of valid userid/password pairs in cdb files, and just copying those files from the mailbox server out to the mailhubs whenever they change. PLUS, the fact that they're cdb files means that the lookups happen without the added overhead of having to open a connection to a mysql server (whose connection pool might become overloaded in case of a spam flood.) I will pit my four years in my previous job as a MTA admin in a SME email service provider that handles in total over 40 million mailboxes against your eight years running and building ISPs. The same two stage delivery system is used too. I have dealt with both types of environments. An older system built cdb files for deployment to the frontline mailhubs. The newer systems had mysql servers for the frontline mailhubs. I get the impression you have not seen mysql connection pooling in acton. When I joined, they used sendmail frontline hubs patched to support mysql databases with cdb support being later added by me for the older system. The sendmail patch had no connection pooling support and so it would open a new mysql connection to the mysql server and yes, this meant that the mysql server would become overloaded in the case of a spam flood. There was, for example, one set of 5 frontline servers handling up to 600 connections each using one mysql server and another set of 4 frontline servers also doing 600 connections using another mysql server. I did a trial with postfix with its mysql and mysql connection pooling support because I got tired of manually taking care of the queues due to the mysql servers being overloaded and due to the many security holes that were being discovered in sendmail 8.12.x. postfix replaced sendmail very soon after the first trial run. mysql connection pooling makes a huge difference. Those two mysql servers under the sendmail system would be pushed till they had only 10% cpu idle resources being reported and they were still not delivering because mysql just cannot handle a large number of connections that are being set up and torn down at the same time. With the postfix system using postfix's builtin connection pooling support, just ONE mysql server is enough to the mysql query load for all eleven boxes at full load (all connections available taken and a tcp syn queue backlog of over 1024 per box) without breaking a sweat. Lowest cpu idle registered on the mysql server is 80%. Connection pooling is king. The bottleneck now is not the mysql server but the mailhubs themselves. So it appears to me that your comment (whose connection pool might become overloaded) indicates you have no idea what I meant by 'connection pooling'. This is software on the mailhub side
Re: [vchkpw] vpopmail sans qmail.
John Simpson wrote: On 2006-12-18, at 0444, Christopher Chan wrote: Darrel O'Pry wrote: I'm currently considering replacing qmail in my mail systems. I was wondering if anyone had tried vpopmail with postfix or exim and what their experiences were. Yeah, I use vpopmail with postfix. Love it. postfix user existence checks mean I don't have large queues. funny, i've been doing the same thing using qmail (making sure recipient email addresses exist before accepting a RCPT command in the SMTP conversation) for over a year now. Yes. with a patch. I know patches exist. I have nothing against qmail. I will recommend qmail where it is most suitable...as the mta for outgoing mails for a mailing list or as the second stage in the inbound system due to dot-qmail which is a delivery system that is second to none. http://qmail.jms1.net/patches/validrcptto.cdb.shtml There is a better patch for vpopmail support in qmail. A mysql patch that goes straight the vpopmail mysql database but I am not sure of its location. The writer even rebuffed one of Inter7's developers when someone floated the idea of qmail supporting vpopmail's mysql tables and the developer said he would write it since he was not aware of the patch's existence. So I believe the Inter7 guy drop it right then and there or maybe not. I believe it is this one here and the writer was Italian: http://www.interazioni.it/opensource/chkusr/ postfix trumps chkusr/chkuser just as chkusr/chkuser trumps the cdb check. First, chkusr vs rcptto.cdb. tcpserver + qmail-smtpd means a fresh fork for each new connection. The cdb rcptto means a disk access for each rcpt to check and regular rebuilds of the cdb database. chkusr/chkuser helps by keeping I/O of disk (okay we can contest whether looking up cdbs is better than looking up mysql tables or not but I think it is fair game to say that mysql lookups are more likely to be disk I/O free) and by not needing regular rebuilds of a cdb file. In fact, it offers instant/real-time user existence checks. postfix improves on this by 1) no new fork for each connection (except perhaps initially if handling hundreds or thousands of connections right after startup of postfix) and 2) by using mysql connection pooling which means you don't hammer the mysql server into the ground with the constant setting up and breaking down of connections. This is without including all the great anti-spam features that postfix provides too. IM2000 does not appear to be happening, DJB apparently will not make any more improvements to qmail to deal with today's Internet and I do not fancy mixing a bunch of patches to get similar functionality on tcpserver's less efficient architecture (one fork per new connection). One of these days I am going to try to make dot-qmail/qmail-users support for postfix and see how much more fanatic some qmail guys are about qmail than I was. I can boast the ability to install qmail without even looking at the documentation and the ability to split a qmail queue's directory structure across different disks to get better delivery performance besides using the multiple qmail queue method. And having qmail patched and tuned to be able to push over a thousand qmail-remotes while under constant injections via qmail-smtpd and qmail-qmtpd non-stop. I probably know/understand qmail better than you do. So if you are running a site with low traffic, by all means, continue using your patched qmail that requires you to stop the queue (and sometimes even the tcpserver for qmail-smtpd) before you can do any clean up of the queue and that might get you blocked for being 'abusive' because it opened up 120 connections to the same mx for whatever reason you got that composition of emails in the queue. I, for my part, cannot recommend qmail except for cases where it does not need an uber number of patches to be acceptable and does not require queue clean up and its delivery behaviour is tolerable. Sigh. But I am more inclined to teach others how to use qmail since it is so SIMPLE. When will spammers disappear?
Re: [vchkpw] vpopmail sans qmail.
In addition, I believe Matt Simerson authored a tcpserver mysql patch to allow the removal of cdb files altogether. http://www.tnpi.biz - it's great for heavily loaded servers, because constantly recompiling that damn file with multiple processes tends to corrupt it. Eh? Rebuilding it while multiple processes are accessing it corrupts it?!? Or multiple processes trying to rebuild the same file? I love qmail too, but I'm with ya on all the 'unapproved' patches and it's concurrency limitations. The mysql side of things could be alleviated by using sqlrelay. Don't hammer mysql. Hammer sqlrelay instead :) Christopher
Re: [vchkpw] vpopmail sans qmail.
Rick Romero wrote: Christopher Chan wrote: In addition, I believe Matt Simerson authored a tcpserver mysql patch to allow the removal of cdb files altogether. http://www.tnpi.biz - it's great for heavily loaded servers, because constantly recompiling that damn file with multiple processes tends to corrupt it. Eh? Rebuilding it while multiple processes are accessing it corrupts it?!? Or multiple processes trying to rebuild the same file? I believe it's multiple processes trying to rebuild the same file. I've had a corrupted cdb for a long time - from courier POP auths. I've never fixed it because I also have the mysql patches, and SMTP Auth in place. Everything works, so I'm not touching it until I completely rebuild that system :) Heh. I do the same with postfix. SMTP-AUTH against vpopmail tables is a no brainer. I love qmail too, but I'm with ya on all the 'unapproved' patches and it's concurrency limitations. The mysql side of things could be alleviated by using sqlrelay. Don't hammer mysql. Hammer sqlrelay instead :) Oh EXCELLENT tip. I thought replicating the database to each server was the best solution, sqlrelay looks like it'll make things even better. Thanks Christopher You are welcome Rick. I would still keep a slave or two around :). Don't let the sudden huge decrease in load make you do drastic reductions in mysql server instances :D.
Re: [vchkpw] vpopmail sans qmail.
I'm less concerned about the smtp end of the equation. I'm more interested in the deliver half of the equation. After all that is what vpopmail plays a part in, and that is the part of the system I hope to keep. I do radius and ftp authentication against it. Currently I use vpopmail with mysql. I'm thinking I can use the vpopmail table for delivery from postfix. I was wondering if anyone else had attempted it yet. It seems like it would be an easy thing to do... Here is how I do it. It is not pretty if you depend on dot-qmail. courier-authlib 0.58 + maildrop is my tool for local delivery. You have to patch courier-authlib to get full vpopmail support (figures...there seems to be animosity between Sam and vpopmail?) which is a simple patch: http://wiki.centos.org/HowTos/vpopmail?action=AttachFiledo=gettarget=courier-authlib-vpopmail.patch You then have to compile maildrop 2.0.2 against courier-authlib so that it can use courier-authlib to pick up its settings from vpopmail. So your lda is basically maildrop. The entire dot-qmail/qmail-users mechanism is completely bypassed :(. master.cf: maildrop unix - n n - - pipe flags=DRhu user=vpopmail argv=/usr/local/bin/maildrop -d ${recipient} main.cf: virtual_transport = maildrop maildrop_destination_recipient_limit = 1 virtual_alias_domains = /var/qmail/control/rcpthosts virtual_mailbox_maps = proxy:mysql:/etc/postfix/rrm_static virtual_alias_maps = proxy:mysql:/etc/postfix/valias # if needed rrm_static: domain = /var/qmail/control/rcpthosts hosts = localhost user = vpopmail password = vpopmailpass dbname = vpopmail query = select concat(pw_name, '@', pw_domain) from vpopmail where pw_name = '%u' and pw_domain = '%d' result_format = [EMAIL PROTECTED] valias: domain = /var/qmail/control/rcpthosts hosts = localhost user = vpopmail password = vpopmailpass dbname = vpopmail query = select valias_line from valias where alias = '%u' and domain = '%d'
Re: [vchkpw] vpopmail sans qmail.
DAve wrote: Christopher Chan wrote: John Simpson wrote: On 2006-12-18, at 0444, Christopher Chan wrote: Darrel O'Pry wrote: I'm currently considering replacing qmail in my mail systems. I was wondering if anyone had tried vpopmail with postfix or exim and what their experiences were. Yeah, I use vpopmail with postfix. Love it. postfix user existence checks mean I don't have large queues. How? I have looked for this several times in the past few years and not seen it. Other than the postfix.txt on the inter7 website, but nothing substantial about how it is done, caveats, etc. Please see my post to Darrel. The caveat for the way I do it currently is you lose qmail-users and dot-qmail. Until someone writes a qmail-lspawn for postfix...you can only use maildrop + courier-authlib. funny, i've been doing the same thing using qmail (making sure recipient email addresses exist before accepting a RCPT command in the SMTP conversation) for over a year now. Yes. with a patch. I know patches exist. I have nothing against qmail. I will recommend qmail where it is most suitable...as the mta for outgoing mails for a mailing list or as the second stage in the inbound system due to dot-qmail which is a delivery system that is second to none. Uh oh, I feel it coming :) soapbox Patch smatch, if it's a patch everyone gets to beat qmail up and scream at each other about what a wasted never updated POS qmail is. So patches are bad bad bad. Only software that is poor and decrepit uses patches. But, let someone add that patch to the source code and bundle up a new package and suddenly every new user who posts a question is told You need the latest version. I have seen this many many times on many many maillists. We have not had to make a security update to our qmail installs in the 5 years we have been running them. All it took was running patch somediff a few times ONCE during the initial install. Lets be honest here, most minor version upgrades in OSS are the result of contributed patches (developer or user). Yet no one is claiming that vpopmail/postfix/perl/ruby/python is a patchy POS after we see the developers accepting patches from users and rolling out an upgrade. 'I' don't mind patches. I, however, would rather point new ones to postfix than go through the whole patched qmail thing because after patching, qmail ceases to be simple. Might as well have them wrap their heads around postfix.
Re: [vchkpw] vpopmail sans qmail.
Darrel O'Pry wrote: I'm currently considering replacing qmail in my mail systems. I was wondering if anyone had tried vpopmail with postfix or exim and what their experiences were. Yeah, I use vpopmail with postfix. Love it. postfix user existence checks mean I don't have large queues. vpopmail + mysql + postfix in my configuration. I'd like to make the mail server change without changing my user management tool set. I've got too much tied to vpopmail. You can inject mails from postfix one at a time into qmail and then qmail will send it the normal way. Or you get yourself a delivery agent that understands vpopmail or dot-qmail... It would be nice if there was an option for vpopmail to manage the /var/qmail/control/* files without qmail actually installed...for postfix I just need the contents of locals and rcpthosts...really just rcpthosts
Re: [vchkpw] vdelivermail patch in order to handle maildrop filtering capabilities
that's what i was thinking- at some point in the future, somebody (maybe myself, if i ever get some free time) (yeah, right) will want to write a web interface which gives individual mailbox owners the ability to either edit their own .mailfilter file, or choose from a list of options which will cause the web back-end to create or modify a per-mailbox .mailfilter file, maybe using some kind of templates to support each available option. sqwebmail provides some ability to generate .mailfilter files although the interface isn't the greatest. There is also a module for squirrelmail too that generates .mailfilter files. However I had to make some changes before it would work properly.
[vchkpw] relationship with Sam/Double Precision
Hello, I wonder how things are between courier tools and vpopmail? regards, Christopher
[vchkpw] vpopmail 5.4.13 vs 5.4.17
Hello, What are the major differences between these versions? What is so special about the 5.5 server code? Stability and security wise, which one is more mature? regards, Christopher