Re: [vchkpw] Spam Protection with vpopmail and qmail
On Thu, 2003-06-26 at 22:08, Gonzo wrote: Hello. I have qmail with vpopmail installed. I don't know how to filter out spam mails. SpamAssassin seems to not support virtual domains and even if it would support them, how to tell procmail to filter mails for vpopmail? Gonzo I have a setup that my users are happy with. In short, this is what it does... It filter out spam to the users .spam directory with a sitewide ruleset It lets the users toogle filtering on or off from qmailadmin It doesn't use qmail-scanner Install spamassasssin, according to the manual, perform the tests to make sure it is working. Install a recent qmailadmin (= 1.0.21) , compile it with the following options, among the other ones. Install a recent version of promail (3.22 or later) or you will notice that the files insade the maildirs looks sorta strange... erlier procmail doesnt use the maildir name-style format of the files. (watch out for lne wrapping here...) --enable-modify-spam=y \ --enable-spam-command='|preline /usr/bin/spamc -e /usr/bin/procmail -mp ../procmailfilter' The recent versions of qmailadmin has a detect-spam option which the user can toogle on/off as they like. ~vpopmail/domains/example.net/user/.qmail will look like this when detect-spam is checked; |preline /usr/bin/spamc -e /usr/bin/procmail -mp ../procmailfilter' create a decent procmailrc file and put it in the path defined withteh --enable-spam-command option. in this example it would be; ~vpopmail/domains/example.net/procmailfilter # Example of a global procmailfilter for qmail-vpopmail # - # # This file should be be named as stated below # ~/vpopmail/domains/whatever.com/procmailfiler # # This procmailfilter is supposed to be invoked # from ~vpopmail/domains/whatever.com/user/.qmail # # The .qmailfile should contain the following line # |preline /usr/bin/procmail -mp ../procmailfilter # # It is possible to make the line default for any # .qmail files created by users through qmailadmin # versions 1.0.21 or later. # # Shell to execute commands inside. SHELL=/bin/bash # Verbose mode (yes|no) # If set to yes you qmail-send log # will be full of verbose stuff. #VERBOSE=yes VERBOSE=no # Make sure that we have a .SPAM folder to sort SPAM into. # This will create a ~vpopmail/domains/domain/user/Maildir/.SPAM # direcory. This directory will be created as soon as the user # recives any mail. Spam or ham doesn't matter. It simply creates # the .SPAM directory, as well as subscribes it to courier-imap :0wic * ? test ! -d ./Maildir/.SPAM |( /var/qmail/bin/maildirmake ./Maildir/.SPAM ; \ /bin/echo INBOX.SPAM ./Maildir/courierimapsubscribed ) # Sort anything marked as SPAM into the users Maildir/.SPAM/ . :0: * ^X-Spam-Status: YES ./Maildir/.SPAM/ # Everything else goes to the users default Maildir/ . :0: * ./Maildir/ #EOF -- i3 micro technology ab Lars Gustafson System Administrator phone: +46(0)850638856 mobile:+46(0)708472037 [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: [vchkpw] qmail-smtpd-chkusr Patch Problem
On Fri, 2003-06-06 at 01:39, Tom Walsh wrote: I have patched my qmail to use the qmail-smtpd-chkusr functionality (on rcpt to: check to see if a user exists on the mail server and if the user doesn't send a 550). I have tested the functionality of qmail-smtpd (compiled with this patch and a couple others) and it works when I run it from the command line. My problem is when I run it from the tcpserver/supervise script the functionality doesn't work. They need som changes, see below. I have managed to get it working by altering the -u and -g on the tcpserver command line to be root. Don't! When I do that it works flawlessly. It also works if I set the uid to root and set the gid to qmaild. Don't! My question (and I suppose directed at tonix): How can I get this to run with the proper user and group permissions of qmaild? Read this carefully and you are set. http://www.interazioni.it/qmail/#Installation Here are some of the details of my installation. /usr/bin/id -g qmaild 81 cat /etc/group |grep 81 qnofiles:*:81: ./supervise/smtp/run #!/bin/sh PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin export PATH # Get rid of this four lines ##QMAILUID=0 ###NOFILESGID=0 ##QMAILUID=`/usr/bin/id -u qmaild` ##NOFILESGID=`/usr/bin/id -g qmaild` # Use these ones instead to be able to access the vopmail databases. # Run as the uid and gid of the vpopmail user. QMAILUID=`/usr/bin/id -u vpopmail` NOFILESGID=`/usr/bin/id -g vpopmail` exec softlimit -m 800 tcpserver -v -c 384 -p -R -x /usr/home/vpopmail/etc/tcp.smtp.cdb -u $QMAILUID -g $NOFILESGID 0 25 rblsmtpd -b -r relays.osirusoft.com -r relays.ordb.org fixcrio qmail-smtpd mail.ala.net /usr/home/vpopmail/bin/vchkpw /usr/bin/true 21 permissions on qmail-smtpd: -rwxr-xr-x 1 rootqmail 128528 Jun 5 16:26 qmail-smtpd chown 6555 /var/qmail/bin/qmail-smtpd I am assuming it has something to do with the setuid that the patch does, but I am unsure. Any pointers? follow the comments above and you should be set. Tom Walsh Network Admin http://www.ala.net/ -- Lars Gustafson [EMAIL PROTECTED] i3 micro technology ab
Re: [vchkpw] qmail-smtpd-chkusr Patch Problem
sorry.. i made a typo in pmy prevoius post... the line below should been saying. chmod 6555 qmail-smtpd sorry On 06 Jun 2003 08:08:44 +0200 Lars Gustafson [EMAIL PROTECTED] wrote: permissions on qmail-smtpd: -rwxr-xr-x 1 rootqmail 128528 Jun 5 16:26 qmail-smtpd Never mind the following line. the on on top is the one to use. chown 6555 /var/qmail/bin/qmail-smtpd -- Lars Gustafson [EMAIL PROTECTED] i3 micro technology ab --
Re: [vchkpw] roaming user for imap
I had the same problem, as a lots of people has according to this list.. the solution, or let's say workaround, i came up with is pretty ugly. but hey! it works. First, i got the relay-ctrl package from www.qmail.org somewhere, installed it by reading the docs shipped with it. made the needed changes to the imap.rc/imap-ssl.rc (see docs) What is needed to be modified is the qmails rcscript, making the tcpserver to use the envdir binary (from the daemontools package, if you dont use daemontols, download and compile it, and snip the binary from the compiled sorce tree and put it in some reasonable path). made the changes to your qmail start script (see the docs). restart qmail and courier. now you will have a relay that allows roaming users to realy unitil whatever you set the RELAY_CTRL_EXPIRY variable to, defaults is 900 seconds i think. next, the tricky part... i made up a simple shells script looking like this. I guess it could be possible to add the ipaddresses the script get into a sql or cdb batabase. anyways, this does the job. --- #!/bin/sh # # relay-ctrl-imap-tweek # # This script should be invoked from within roots crontab # instead of the relay-ctrl-age binary shipped with the # relay-ctrl package. # # Where do we find the conf files for realy-ctrl? $RLCDIR=/etc/relayctrl # Enable _ONE_ of these #PORT=143 # IMAP PORT=993 # IMAPS # Check what addreses are configured for relaying. # To end up in this list the client need to preform an # authenticated login on the imap server. for RELAY in `ls $RLCDIR/allow`; do # First we need to find out what established conections we # have actually have. # Let's sort them, and make sure we only get a single entry # form each one, no matter how many connections we have from # a single host, we just want it once. NETS=`netstat --protocol=inet -n 2/dev/null \ | grep :$PORT | grep $RELAY \ | grep ESTABLISHED \ | awk '{print $5}' \ | awk -F: '{print $1}' \ | sort \ | uniq` if [ $RELAY = $NETS ]; then # _IF_ we have an establised connection on # the right port, AND the address is configured # to allow realying, THEN we touches the file # in $RLCDIR/allow/, to increase the time the #client should be allowed to use our SMTP. touch /var/qmail/relay-ctrl/allow/$NETS # It might be handy to set some sane ownership # and permissions on the file, making it possible # for the imap daemon to owerwrite them, if the # same ip conects again with another client. # Masquerading firewalls comes in mind here... chown vpopmail.vchkpw /var/qmail/relay-ctrl/allow/$NETS chmod 666 /var/qmail/relay-ctrl/allow/$NETS fi done # Since this script is run every minute, it updates the # allowed relayhost just as often, we can safely set # the value of $RLCDIR/RELAY_CTRL_EXPIRY to 300 # (seconds, 5 minutes). This will make it possible for # the client host to send mails for 5 more minutes. # You should not set this value to anything less, # because some SMTP servers tries to preform auth/ident # lookups of the sender (which most firewalls, as well # as mailservers reject nowadays anyway). # Anyhow, i have been running this for about 5 mounts now, # and there is no problem know with this settings, as long # as the relay-ctrl is set up ok. # Update the allowed relayhosts. /usr/local/bin/envdir \ $RCLDIR/conf \ /usr/local/bin/relay-ctrl-age #EOF --- On Wed, 2003-01-15 at 00:29, Bill Shupp wrote: On Tuesday, January 14, 2003, at 03:25 PM, Andrew Kohlsmith wrote: That's a good point -- In my particular case authdaemon is not updating the tcp.smtp.cdb file at all though. authdaemon does NOT pass the IP to vpopmail. That's why you can't use it if you want roaming IMAP users. Bill -- i3 micro technology ab Lars Gustafson System Administrator phone: +46(0)850638856 mobile:+46(0)708472037 [EMAIL PROTECTED]
Re: [vchkpw] courier-imap STILL stops authenticating after awhile
I dont know if this is what you need, according to previous posts. Oh, well... I had a simular problem a while ago. I use qmail-1.03, vpopmail 5.2.1 with mysql as backend. I have --default-domain=domain1.com as option for my configure script for vpopmail. All users which were using the default domain, logging in with just username as username, never noticed any problems, _but_ user on my virtual domains, loging in with [EMAIL PROTECTED] had problem after a while, depending on the serverload. After hours, spent on reading mailinglists and various google results, I figured out that configuring courier-imap like this, skipping any other autentication module, except from vchkpw, solved the problem; ./configure --enable-workarounds-for-imap-client-bugs \ --disable-root-check \ --without-authpam \ --without-authldap \ --without-authpwd \ --without-authmysql \ --without-authpgsql \ --without-authshadow \ --without-authuserdb \ --without-authcustom \ --without-authcram \ --without-authdaemon \ --with-authvchkpw \ --with-ssl Good luck! On Tue, 2002-11-26 at 02:46, Taylor Dondich wrote: Well, I attempted to correct the issue; however, courier-imap still tends to muck up authentication after awhile (about an hour or so). Is there any way to have courier-imap give a bit more verbose error messaging. All I see is LOGIN FAILED. I don't know whhy. Also, people keep saying that there's supposed to be a /usr/local/libexec/courier-imap/authlib/authvchkpw file or something, I don't have that, but authentication works for AWHILE. Then it takes a dump. Anyone have any suggestions? :( Taylor
Re: [vchkpw] Logging in to virtual domain only successfull sometimes
Ok, Recompiled courier-imap 20 minutes ago. With a dozen clients testing virtual domains. Seems to work this far... Thanks a lot for the advice. On Mon, 2002-10-21 at 13:31, Michael Bowe wrote: Yeah, courier-imap has terrible logging You get almost no detail... I believe that to get the recent versions of courier-imap and vpopmail to together work reliably, you need to use the --without-authdaemon configure option for courier-imap. Without this setting, you could typically authenticate for a short period and then all further auths would fail. Not sure if that is related to your problem though... Michael. - Original Message - From: Lars Gustafson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, October 21, 2002 9:17 PM Subject: Re: [vchkpw] Logging in to virtual domain only successfull sometimes Thanks for quick answers. What my logs say is simply. when trying to use my IMP webmail client. with a virtual domain user. Oct 21 13:03:41 greyhound imapd-ssl: Connection, ip=[:::127.0.0.1] Oct 21 13:03:46 greyhound imapd-ssl: LOGIN FAILED, ip=[:::127.0.0.1] Oct 21 13:03:56 greyhound imapd-ssl: LOGOUT, ip=[:::127.0.0.1] When useing the default domain Oct 21 13:06:34 greyhound imapd-ssl: Connection, ip=[:::127.0.0.1] Oct 21 13:06:34 greyhound imapd-ssl: LOGIN, user=lars.gustafson, ip=[:::127.0.0.1] Oct 21 13:06:34 greyhound imapd-ssl: LOGOUT, user=lars.gustafson, ip=[:::127.0.0.1], headers=0, body=0 Oct 21 13:06:34 greyhound imapd-ssl: Connection, ip=[:::127.0.0.1] Oct 21 13:06:34 greyhound imapd-ssl: LOGIN, user=lars.gustafson, ip=[:::127.0.0.1] Oct 21 13:06:35 greyhound imapd-ssl: LOGOUT, user=lars.gustafson, ip=[:::127.0.0.1], headers=2419, body=0 I have compiled vpopmail-5.2.1 as: ./configure --prefix=/var/vpopmail \ --enable-qmaildir=/var/qmail \ --enable-qmail-newu=/var/qmail/bin/qmail-newu \ --enable-qmail-inject=/var/qmail/bin/qmail-inject \ --enable-qmail-newmrh=/var/qmail/bin/qmail-newmrh \ --enable-vpopuser=vpopmail \ --enable-vpopgroup=vchkpw \ --enable-clear-passwd=y \ --enable-logging=y \ --enable-log-name=vpopmail \ --enable-domains-dir=domains \ --enable-default-domain=i3micro.com \ --enable-incdir=/usr/include/mysql \ --enable-libdir=/usr/lib/mysql \ --enable-libs=mysqlclient \ --enable-mysql=y \ --enable-valias=y \ --enable-ip-alias-domains=n and courier-imap just plain and simply ./configure --enable-workarounds-for-imap-client-bugs i tried to recompile both vpopmail and courer-imap as well as qmailadmin and so on, without success. Main reason for this was just to make sure it all was correctly set and to get better, more verbose, logging. Summary, problem still resisted and i didnt get anything more out of the logs. Finaly i restored backups of it all. On Mon, 2002-10-21 at 12:39, Michael Bowe wrote: Have you looked in the logs to see if it gives a reason why the authentication failed? eg if you compiled vpopmail with --enable-logging=p, then you could try looking in your syslog files (commonly /var/log/maillog) for more info and/or if you compiled vpopmail with the --enable-mysql-logging option, then look you could also look at the logs in the vpopmail.vlog mysql table And finally I would suggest you check your tcpserver options for your pop3d script, cause maybe you have the -c option (max num of simultaneous connections) set to low or something like that... Michael. - Original Message - From: Lars Gustafson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, October 21, 2002 8:16 PM Subject: [vchkpw] Logging in to virtual domain only successfull sometimes I have some real strange problems. I use qmail, vpopmail with a mysql backend, courier-imap, qmailadmin, vqadamin, ezmlm and ezmalm-idx.. I currently have 2 domains up where domain1 is compiled into vpopmail as default domain. When logging in as lars.gustafson for the default domain, with no @domain1.com as appendix, there is no problem. Everything works fine both trough courer-imap, with a bunch of diffrent clients. Curretly i have tested various ms outlooks, evolution, sylpheed, netscape and mozilla clients,as well as IMP webmail. None had any problems when logging in as a user with no apednix such as @domain.com. When i try to logg in on a virtual domain as [EMAIL PROTECTED], the authentication fails about 50-100% of the times i have tried, which are a lot=). I have read any newsgroup posts and documentation i can find regarding this issue, which weren't too much. I have been trying to solve thsi problem for about 2 weeks now, and I am stuck as well as out of ideas... I can also tell that the mysql tables are not corrupted according
[vchkpw] Logging in to virtual domain only successfull sometimes
I have some real strange problems. I use qmail, vpopmail with a mysql backend, courier-imap, qmailadmin, vqadamin, ezmlm and ezmalm-idx.. I currently have 2 domains up where domain1 is compiled into vpopmail as default domain. When logging in as lars.gustafson for the default domain, with no @domain1.com as appendix, there is no problem. Everything works fine both trough courer-imap, with a bunch of diffrent clients. Curretly i have tested various ms outlooks, evolution, sylpheed, netscape and mozilla clients,as well as IMP webmail. None had any problems when logging in as a user with no apednix such as @domain.com. When i try to logg in on a virtual domain as [EMAIL PROTECTED], the authentication fails about 50-100% of the times i have tried, which are a lot=). I have read any newsgroup posts and documentation i can find regarding this issue, which weren't too much. I have been trying to solve thsi problem for about 2 weeks now, and I am stuck as well as out of ideas... I can also tell that the mysql tables are not corrupted according to myisamchk -e /var/lib/mysql/*.MYI Any ideas of how to solve this issue is truley welcome. thanks in advance. -- i3 micro technology ab Lars Gustafson System Administrator phone: +46(0)850638856 mobile:+46(0)708472037 [EMAIL PROTECTED]