Re: [vchkpw] Spam Protection with vpopmail and qmail

2003-06-27 Thread Lars Gustafson 
On Thu, 2003-06-26 at 22:08, Gonzo wrote:
 Hello.
 
 I have qmail with vpopmail installed.
 I don't know how to filter out spam mails.
 SpamAssassin seems to not support virtual domains and even if it would
 support them, how to tell procmail to filter mails for vpopmail?
 
 Gonzo

I have a setup that my users are happy with. 

In short, this is what it does...
It filter out spam to the users .spam directory with a sitewide ruleset
It lets the users toogle filtering on or off from qmailadmin
It doesn't use qmail-scanner   

Install spamassasssin, according to the manual, perform the tests to
make sure it is working.

Install a recent qmailadmin (= 1.0.21) , compile it with the following
options, among the other ones.

Install a recent version of promail (3.22 or later) or you will notice
that the files insade the maildirs looks sorta strange... erlier
procmail doesnt use the maildir name-style format of the files.

(watch out for lne wrapping here...)
--enable-modify-spam=y \
--enable-spam-command='|preline /usr/bin/spamc -e /usr/bin/procmail -mp
../procmailfilter'

The recent versions of qmailadmin has a detect-spam option which the
user can toogle on/off as they like. 

~vpopmail/domains/example.net/user/.qmail will look like this when
detect-spam is checked;

|preline /usr/bin/spamc -e /usr/bin/procmail -mp ../procmailfilter'


create a decent procmailrc file and put it in the path defined withteh
--enable-spam-command option. in this example it would be;

~vpopmail/domains/example.net/procmailfilter


# Example of a global procmailfilter for qmail-vpopmail 
# -
# 
# This file should be be named as stated below
# ~/vpopmail/domains/whatever.com/procmailfiler
#
# This procmailfilter is supposed to be invoked
# from ~vpopmail/domains/whatever.com/user/.qmail
#
# The .qmailfile should contain the following line
# |preline /usr/bin/procmail -mp ../procmailfilter
# 
# It is possible to make the line default for any
# .qmail files  created by users through qmailadmin 
# versions 1.0.21 or later.
#

# Shell to execute commands inside.
SHELL=/bin/bash

# Verbose mode (yes|no)
# If set to yes you qmail-send log
# will be full of verbose stuff.
#VERBOSE=yes
VERBOSE=no

# Make sure that we have a .SPAM folder to sort SPAM into.
# This will create a ~vpopmail/domains/domain/user/Maildir/.SPAM
# direcory. This directory will be created as soon as the user 
# recives any mail. Spam or ham doesn't matter.  It simply creates
# the .SPAM directory, as well as subscribes it to courier-imap 
:0wic
* ? test ! -d ./Maildir/.SPAM
|( /var/qmail/bin/maildirmake ./Maildir/.SPAM ; \
/bin/echo INBOX.SPAM  ./Maildir/courierimapsubscribed )

# Sort anything marked as SPAM into the users Maildir/.SPAM/ .
:0:
* ^X-Spam-Status: YES
./Maildir/.SPAM/

# Everything else goes to the users default Maildir/ .
:0:
*
./Maildir/

#EOF





 
-- 
i3 micro technology ab
Lars Gustafson
System Administrator
phone: +46(0)850638856
mobile:+46(0)708472037
[EMAIL PROTECTED]


signature.asc
Description: This is a digitally signed message part

Re: [vchkpw] qmail-smtpd-chkusr Patch Problem

2003-06-06 Thread Lars Gustafson 
On Fri, 2003-06-06 at 01:39, Tom Walsh wrote:
 I have patched my qmail to use the qmail-smtpd-chkusr functionality (on rcpt
 to: check to see if a user exists on the mail server and if the user doesn't
 send a 550).
 
 I have tested the functionality of qmail-smtpd (compiled with this patch and
 a couple others) and it works when I run it from the command line.
 
 My problem is when I run it from the tcpserver/supervise script the
 functionality doesn't work.
They need som changes, see below.
 
 I have managed to get it working by altering the -u and -g on the tcpserver
 command line to be root.
Don't!

 When I do that it works flawlessly. It also works
 if I set the uid to root and set the gid to qmaild.
Don't!

 My question (and I suppose directed at tonix):
 
 How can I get this to run with the proper user and group permissions of
 qmaild?

Read this carefully and you are set.
http://www.interazioni.it/qmail/#Installation


 Here are some of the details of my installation.
 
 /usr/bin/id -g qmaild
 81
 cat /etc/group |grep 81
 qnofiles:*:81:
 
 ./supervise/smtp/run
 
 #!/bin/sh
 PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
 export PATH
# Get rid of this four lines
 ##QMAILUID=0
 ###NOFILESGID=0
 ##QMAILUID=`/usr/bin/id -u qmaild`
 ##NOFILESGID=`/usr/bin/id -g qmaild`

# Use these ones instead to be able to access the vopmail databases.
# Run as the uid and gid of the vpopmail user.
QMAILUID=`/usr/bin/id -u vpopmail`
NOFILESGID=`/usr/bin/id -g vpopmail`

 exec softlimit -m 800 tcpserver -v -c 384 -p -R -x
 /usr/home/vpopmail/etc/tcp.smtp.cdb -u $QMAILUID -g $NOFILESGID 0 25
 rblsmtpd -b -r relays.osirusoft.com -r relays.ordb.org fixcrio qmail-smtpd
 mail.ala.net /usr/home/vpopmail/bin/vchkpw /usr/bin/true 21
 
 permissions on qmail-smtpd:
 -rwxr-xr-x  1 rootqmail  128528 Jun  5 16:26 qmail-smtpd
chown 6555 /var/qmail/bin/qmail-smtpd

 I am assuming it has something to do with the setuid that the patch does,
 but I am unsure.
 
 Any pointers?
follow the comments above and you should be set.

 Tom Walsh
 Network Admin
 http://www.ala.net/
 

-- 
Lars Gustafson [EMAIL PROTECTED]
i3 micro technology ab

Re: [vchkpw] qmail-smtpd-chkusr Patch Problem

2003-06-06 Thread Lars Gustafson 
sorry.. i made a typo in pmy prevoius post...

the line below should been saying.

chmod 6555 qmail-smtpd


sorry


On 06 Jun 2003 08:08:44 +0200
Lars Gustafson [EMAIL PROTECTED] wrote:


  permissions on qmail-smtpd:
  -rwxr-xr-x  1 rootqmail  128528 Jun  5 16:26 qmail-smtpd
Never mind the following line. the on on top is the one to use.
 chown 6555 /var/qmail/bin/qmail-smtpd
 
 -- 
 Lars Gustafson [EMAIL PROTECTED]
 i3 micro technology ab
 
 
 


--

Re: [vchkpw] roaming user for imap

2003-01-15 Thread Lars Gustafson 
I had the same problem, as a lots of people has according to this list..
the solution, or let's say workaround, i came up with is pretty ugly.
but hey! it works.

First, i got the relay-ctrl package from www.qmail.org somewhere,
installed it by reading the docs shipped with it. made the needed
changes to the imap.rc/imap-ssl.rc (see docs)

What is needed to be modified is the qmails rcscript, making the
tcpserver to use the envdir binary (from the daemontools package, if you
dont use daemontols, download and compile it, and snip the binary from
the compiled sorce tree and put it in some reasonable path).
made the changes to your qmail start script (see the docs).

restart qmail and courier. now you will have a relay that allows roaming
users to realy unitil whatever you set the RELAY_CTRL_EXPIRY variable
to, defaults is 900 seconds i think.

next, the tricky part... i made up a simple shells script looking like
this. I guess it could be possible to add the ipaddresses the script get
into a sql or cdb batabase. anyways, this does the job. 


---

#!/bin/sh
#
# relay-ctrl-imap-tweek
#
# This script should be invoked from within roots crontab 
# instead of the relay-ctrl-age binary shipped with the 
# relay-ctrl package.
# 

# Where do we find the conf files for realy-ctrl?
$RLCDIR=/etc/relay­ctrl

# Enable _ONE_ of these
#PORT=143 # IMAP
PORT=993  # IMAPS

# Check what addreses are configured for relaying. 
# To end up in this list the client need to preform an
# authenticated login on the imap server.
for RELAY in `ls $RLCDIR/allow`; do

# First we need to find out what established conections we 
# have actually have.
# Let's sort them, and make sure we only get a single entry
# form each one, no matter how many connections we have from
# a single host, we just want it once.
NETS=`netstat --protocol=inet -n 2/dev/null \
| grep :$PORT | grep $RELAY \
| grep ESTABLISHED \
| awk '{print $5}' \
| awk -F: '{print $1}' \
| sort \
| uniq`

if [ $RELAY = $NETS ]; then
# _IF_ we have an establised connection on
# the right port, AND the address is configured 
# to allow realying, THEN we touches the file 
# in $RLCDIR/allow/, to increase the time the 
#client should be allowed to use our SMTP.
touch /var/qmail/relay-ctrl/allow/$NETS

# It might be handy to set some sane ownership
# and permissions on the file, making it possible 
# for the imap daemon to owerwrite them, if the 
# same ip conects again with another client. 
# Masquerading firewalls comes in mind here...
chown vpopmail.vchkpw /var/qmail/relay-ctrl/allow/$NETS
chmod 666 /var/qmail/relay-ctrl/allow/$NETS
fi

done

# Since this script is run every minute, it updates the 
# allowed relayhost just as often, we can safely set
# the value of $RLCDIR/RELAY_CTRL_EXPIRY to 300
# (seconds, 5 minutes). This will make it possible for
# the client host to send mails for 5 more minutes.
# You should not set this value to anything less,
# because some SMTP servers tries to preform auth/ident
# lookups of the sender (which most firewalls, as well 
# as mailservers reject nowadays anyway).
# Anyhow, i have been running this for about 5 mounts now,
# and there is no problem know with this settings, as long
# as the relay-ctrl is set up ok.

# Update the allowed relayhosts.
/usr/local/bin/envdir \
$RCLDIR/conf \
/usr/local/bin/relay-ctrl-age

#EOF
---







On Wed, 2003-01-15 at 00:29, Bill Shupp wrote:
 On Tuesday, January 14, 2003, at 03:25  PM, Andrew Kohlsmith wrote:
 
  That's a good point -- In my particular case authdaemon is not 
  updating the
  tcp.smtp.cdb file at all though.
 
 authdaemon does NOT pass the IP to vpopmail.  That's why you can't use 
 it if you want roaming IMAP users.
 
 Bill
 
 
-- 
i3 micro technology ab
Lars Gustafson
System Administrator
phone: +46(0)850638856
mobile:+46(0)708472037
[EMAIL PROTECTED]

Re: [vchkpw] courier-imap STILL stops authenticating after awhile

2002-11-26 Thread Lars Gustafson 
I dont know if this is what you need, according to previous posts. 
Oh, well...

I had a simular problem a while ago. I use qmail-1.03, vpopmail 5.2.1
with mysql as backend. I have --default-domain=domain1.com as option for
my configure script for vpopmail.
All users which were using the default domain, logging in with just 
username as username, never noticed any problems, _but_ user on my
virtual domains, loging in with [EMAIL PROTECTED] had problem
after a while, depending on the serverload.

After hours, spent on reading mailinglists and various google results, I
figured out that configuring courier-imap like this, skipping any other
autentication module, except from vchkpw, solved the problem;

./configure --enable-workarounds-for-imap-client-bugs \
--disable-root-check \
--without-authpam \
--without-authldap \
--without-authpwd \
--without-authmysql \
--without-authpgsql \
--without-authshadow \
--without-authuserdb \
--without-authcustom \
--without-authcram \
--without-authdaemon \
--with-authvchkpw \
--with-ssl

Good luck!





On Tue, 2002-11-26 at 02:46, Taylor Dondich wrote:
 Well, I attempted to correct the issue; however, courier-imap still 
 tends to muck up authentication after awhile (about an hour or so).  Is 
 there any way to have courier-imap give a bit more verbose error 
 messaging.  All I see is LOGIN FAILED.  I don't know whhy.  Also, people 
 keep saying that there's supposed to be a 
 /usr/local/libexec/courier-imap/authlib/authvchkpw file or something, I 
 don't have that, but authentication works for AWHILE.  Then it takes a dump.
 
 Anyone have any suggestions?  :(
 
 Taylor

Re: [vchkpw] Logging in to virtual domain only successfull sometimes

2002-10-21 Thread Lars Gustafson 


Ok, Recompiled courier-imap 20 minutes ago. With a dozen clients testing
virtual domains. Seems to work this far...

Thanks a lot for the advice.





On Mon, 2002-10-21 at 13:31, Michael Bowe wrote:
 Yeah, courier-imap has terrible logging You get almost no detail...
 
 I believe that to get the recent versions of courier-imap and vpopmail to
 together work reliably, you need to use the --without-authdaemon configure
 option for courier-imap.
 
 Without this setting, you could typically authenticate for a short period
 and then all further auths would fail. Not sure if that is related to your
 problem though...
 
 Michael.
 
 - Original Message -
 From: Lars Gustafson [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Monday, October 21, 2002 9:17 PM
 Subject: Re: [vchkpw] Logging in to virtual domain only successfull
 sometimes
 
 
  Thanks for quick answers.
 
 
 
  What my logs say is simply. when trying to use my IMP webmail client.
  with a virtual domain user.
 
  Oct 21 13:03:41 greyhound imapd-ssl: Connection, ip=[:::127.0.0.1]
  Oct 21 13:03:46 greyhound imapd-ssl: LOGIN FAILED, ip=[:::127.0.0.1]
  Oct 21 13:03:56 greyhound imapd-ssl: LOGOUT, ip=[:::127.0.0.1]
 
  When useing the default domain
  Oct 21 13:06:34 greyhound imapd-ssl: Connection, ip=[:::127.0.0.1]
  Oct 21 13:06:34 greyhound imapd-ssl: LOGIN, user=lars.gustafson,
  ip=[:::127.0.0.1]
  Oct 21 13:06:34 greyhound imapd-ssl: LOGOUT, user=lars.gustafson,
  ip=[:::127.0.0.1], headers=0, body=0
  Oct 21 13:06:34 greyhound imapd-ssl: Connection, ip=[:::127.0.0.1]
  Oct 21 13:06:34 greyhound imapd-ssl: LOGIN, user=lars.gustafson,
  ip=[:::127.0.0.1]
  Oct 21 13:06:35 greyhound imapd-ssl: LOGOUT, user=lars.gustafson,
  ip=[:::127.0.0.1], headers=2419, body=0
 
 
  I have compiled vpopmail-5.2.1 as:
 
 
  ./configure  --prefix=/var/vpopmail \
--enable-qmaildir=/var/qmail \
--enable-qmail-newu=/var/qmail/bin/qmail-newu \
--enable-qmail-inject=/var/qmail/bin/qmail-inject \
--enable-qmail-newmrh=/var/qmail/bin/qmail-newmrh \
--enable-vpopuser=vpopmail \
--enable-vpopgroup=vchkpw \
--enable-clear-passwd=y \
--enable-logging=y \
--enable-log-name=vpopmail \
--enable-domains-dir=domains \
--enable-default-domain=i3micro.com \
--enable-incdir=/usr/include/mysql \
--enable-libdir=/usr/lib/mysql \
--enable-libs=mysqlclient \
--enable-mysql=y \
--enable-valias=y \
--enable-ip-alias-domains=n
 
  and courier-imap just plain and simply
  ./configure  --enable-workarounds-for-imap-client-bugs
 
  i tried to recompile both vpopmail and courer-imap as well as qmailadmin
  and so on, without success. Main reason for this was just to make sure
  it all was correctly set and to get better, more verbose, logging.
  Summary, problem still resisted and i didnt get anything more out of the
  logs. Finaly i restored backups of it all.
 
 
 
 
  On Mon, 2002-10-21 at 12:39, Michael Bowe wrote:
   Have you looked in the logs to see if it gives a reason why the
   authentication failed?
  
   eg if you compiled vpopmail with --enable-logging=p, then you could try
   looking in your syslog files (commonly /var/log/maillog) for more info
  
   and/or if you compiled vpopmail with the --enable-mysql-logging option,
 then
   look you could also look at the logs in the vpopmail.vlog mysql table
  
   And finally I would suggest you check your tcpserver options for your
 pop3d
   script, cause maybe you have the -c option (max num of simultaneous
   connections) set to low or something like that...
  
   Michael.
  
   - Original Message -
   From: Lars Gustafson [EMAIL PROTECTED]
   To: [EMAIL PROTECTED]
   Sent: Monday, October 21, 2002 8:16 PM
   Subject: [vchkpw] Logging in to virtual domain only successfull
 sometimes
  
  
   
I have some real strange problems.
   
I use qmail, vpopmail with a mysql backend, courier-imap, qmailadmin,
vqadamin, ezmlm and ezmalm-idx.. I currently have 2 domains up where
domain1 is compiled into vpopmail as default domain.
   
When logging in as lars.gustafson for the default domain, with no
@domain1.com as appendix, there is no problem. Everything works fine
both trough courer-imap, with a bunch of diffrent clients.
Curretly i have tested various ms outlooks, evolution, sylpheed,
netscape and mozilla clients,as well as IMP webmail. None had any
problems when logging in as a user with no apednix such as
 @domain.com.
   
When i try to logg in on a virtual domain as
 [EMAIL PROTECTED],
the authentication fails about 50-100% of the times i have tried,
 which
are a lot=).
I have read any newsgroup posts and documentation i can find regarding
this issue, which weren't too much. I have been trying to solve thsi
problem for about 2 weeks now, and I am stuck as well as out of
 ideas...
   
I can also tell that the mysql tables are not corrupted according

[vchkpw] Logging in to virtual domain only successfull sometimes

2002-10-21 Thread Lars Gustafson 

I have some real strange problems.

I use qmail, vpopmail with a mysql backend, courier-imap, qmailadmin,
vqadamin, ezmlm and ezmalm-idx.. I currently have 2 domains up where
domain1 is compiled into vpopmail as default domain.

When logging in as lars.gustafson for the default domain, with no
@domain1.com as appendix, there is no problem. Everything works fine
both trough courer-imap, with a bunch of diffrent clients.
Curretly i have tested various ms outlooks, evolution, sylpheed,
netscape and mozilla clients,as well as IMP webmail. None had any
problems when logging in as a user with no apednix such as @domain.com.

When i try to logg in on a virtual domain as [EMAIL PROTECTED],
the authentication fails about 50-100% of the times i have tried, which
are a lot=). 
I have read any newsgroup posts and documentation i can find regarding
this issue, which weren't too much. I have been trying to solve thsi
problem for about 2 weeks now, and I am stuck as well as out of ideas...

I can also tell that the mysql tables are not corrupted according to
myisamchk -e /var/lib/mysql/*.MYI

Any ideas of how to solve this issue is truley welcome. thanks in
advance.



-- 
i3 micro technology ab
Lars Gustafson
System Administrator
phone: +46(0)850638856
mobile:+46(0)708472037
[EMAIL PROTECTED]