Re: [vchkpw] Only Allowing SMTP AUTH
Relaying is usually controlled by the tcp.smtp file using the RELAYCLIENT variable. To only allow localhost to relay and require all other IPs to use smtp auth you could put this one line in your tcp.smtp file 127.0.0.1:allow,RELAYCLIENT= Then rebuild your tcp.smtp.cdb file using tcprules. And how about if I got separate mail hub to do the spam/vir check and I don't want to rely to locals from other than auth'd clients or mail hub. Other words, I want rely either my mail hub 1.2.3.4 or auth'd users on serve 1.2.3.5 MS !DSPAM:47f2bd50120501729168442!
Re: [vchkpw] How can I adapt my user databases to vpopmail ?
How can I migrate my system to vpopmail without change the username settings of my users ? use default domain and learn password options to vpopmail build. then just create accounts using just a shell script with -n option to vadduser. Same time you will have to create .qmail files with email address to username aliases. I asume that you have username like solt and email address like [EMAIL PROTECTED] right? For every user you will have to create a .qmail file for example .qmail-marcin:soltysiak with a single line: [EMAIL PROTECTED] in it. Then your users would not even know about transistion :) Solt
Re: [vchkpw] Difference between +OK and +OK+
- Original Message - From: Ken Jones [EMAIL PROTECTED] On Wednesday 07 April 2004 12:44 am, Rick Widmer wrote: So, is it safe to assume that +OK means a command was accepted, and no data will be returned, and +OK+ means a that data follows? Yes. What do you think about that idea. It should make it easier to parse the return. Currently it always returns either: +OK +OK+ -ERR always 4 characters long. For a +OK keep reading untill untill \r\n For +OK+ keep reading untill \r\n.\r\n A line with just a . on it like the pop3 protocol For -ERR keep reading untill \r\n For stream oriented readers like FILE * in C you can always read untill a newline \r\n\ I'll upload the code into cvs today so you can get the latest code from there. +1 Solt
Re: [vchkpw] Re: Domain with home!= ~vpopmail/domains
- Original Message - From: Peter Palmreuther [EMAIL PROTECTED] I got strange problem. I don;t know when (what version) but suddenly a domain that have different that ~vpopmail/domains home stopped authorizing using vchkpw. [...] Is this a bug in vchkpw? Probably not. What user is qmail-popup run as? Probably not a user (UID) that is allowed to chdir() to 'klub.olga.pl' domain directory or read vchkpw.cdb in there? I use mysql backend. qmail-popup runs as vpopmail and klub.olga.pl is 770 for apache.vchkpw what is corresponding to /var/qmail/users/assign. Solt Why does Hawaii have interstate highways? And why..?
Re: [vchkpw] Re: Domain with home!= ~vpopmail/domains
- Original Message - I got strange problem. I don;t know when (what version) but suddenly a domain that have different that ~vpopmail/domains home stopped authorizing using vchkpw. [...] Is this a bug in vchkpw? Probably not. What user is qmail-popup run as? Probably not a user (UID) that is allowed to chdir() to 'klub.olga.pl' domain directory or read vchkpw.cdb in there? Couier-IMAP still works... Solt
Re: [vchkpw] test copy of vpopmaild.c
- Original Message - From: Ken Jones [EMAIL PROTECTED] I think it works pretty nicely. A single . on a line by itself represents End of File when sending or receiving multiple lines of infomation. Nice idea. [cut] Any votes on which way of specifying directories would be easier from the client program's point of view? a) full paths b) relative based on user or command +1 for b) First, it would be a bit like chrooting, so potential exxploits would have harder way to get out of ~vpopmail/. Second, would be easier to user if there was no need for repeting full path everytime. Solt
Re: [vchkpw] test copy of vpopmaild.c
- Original Message - From: Ken Jones [EMAIL PROTECTED] On Monday 05 April 2004 8:08 pm, Charles Sprickman wrote: On Mon, 5 Apr 2004, Ken Jones wrote: I'd like any comments or votes on how this version is using a POP3 type protocol. Sounds good to me, this is getting exciting! One little question... What are you thinking of as far as encryption? I'm sure there's going to be some people running the client on a box seperate from the server. You looking at adding ssl support, or are you thinking of just letting something like stunnel handle that? My favorite is ucspi-tcp-ssl with a self signed certificate. It provides peer to peer encryption by just adding -s to the tcpserver options. Or use stunnel. It is similar to how email clients and mail servers encrypt pop3/smtp/imap communication. I thought so about ucspi. tcpserver is a good tool. Solt
Re: [vchkpw] vpopmaild - errors on login
- Original Message - I see you have different error messages during login for: invalid email address user does not exist invalid password It might be better to return the same message for all so the hostile hacker can't learn as much about your users. Good point. I'd suggest - ERR XXX Login invalid to stdout and detailed info to syslog Solt
Re: [vchkpw] vpopmaild - return from login, and others
- Original Message - From: Rick Widmer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 06, 2004 6:09 AM Subject: [vchkpw] vpopmaild - return from login, and others When I login, the following information is returned: vpopmail_dir /mail uid 77 gid 72 name postmaster comment Postmaster quota NOQUOTA dir /mail/domains/test.com/postmaster encrypted_password $1$zkJe.3SH$7HOl1RbwfKcibL67iXjsh/ clear_text_password password domain_admin_privleges system_admin_privleges Everything except *_privleges is a name-value pair with a space separator. It might be handy to add space 1 to each of the bitmap fields that can appear here. Like this: domain_admin_privleges 1 system_admin_privleges 1 That way if I pass the whole list through a function that explodes on the space, then packs the name value pairs into an (associaive) array these entries will be 'true' to PHP. [1] Without the 1, I have to identify them and handle them as special cases. I don't know if this is a good idea or not, but it might be handy if you always listed all of the bitmap value names with a 0 or 1. That allows for the possibility of generating the PHP fields from the list of bitmap values returned. no_password_change 0 no_pop 0 no_webmail 0 no_imap 0 bounce_mail 0 no_relay 0 no_dialup 0 user_flag_0 0 user_flag_1 0 user_flag_2 0 user_flag_3 0 no_smpt 0 domain_admin_privleges 1 override_domain_limits 0 no_spamassasin 0 delete_spam 0 system_admin_privleges 0 Would anyone use that information? Rick -- - [1] This code: while( list( , $Line ) = each( $ReturnedLines )) { list( $Name, $Value ) = explode( ' ', $Line ); $LoginUser[ $Name ] = $Value; } turns the entry listed above into the following PHP array: LoginUser = array( 'vpopmail_dir' = '/mail', 'uid'= '77 'gid'= '72 'name' = 'postmaster 'comment'= 'Postmaster 'quota' = 'NOQUOTA 'dir'= '/mail/domains/test.com/postmaster 'encrypted_password' = '$1$zkJe.3SH$7HOl1RbwfKcibL67iXjsh/ 'clear_text_password'= 'password', 'domain_admin_privleges' = '', 'system_admin_privleges' = '', ); anyway if you check like: if($LoginUser['system_admin_privileges']) { . } it doesnt quote matter if it is set to 0 or not set. Solt
Re: [vchkpw] test copy of vpopmaild.c
- Original Message - From: Rick Widmer [EMAIL PROTECTED] Marcin Soltysiak wrote: - Original Message - From: Ken Jones [EMAIL PROTECTED] Any votes on which way of specifying directories would be easier from the client program's point of view? a) full paths b) relative based on user or command +1 for b) First, it would be a bit like chrooting, so potential exxploits would have harder way to get out of ~vpopmail/. Second, would be easier to user if there was no need for repeting full path everytime. I disagree. If he chooses b, then you have to worry about what the rights of the current user is when composing commands. If he uses full paths, it doesn't matter what kind of user is at the browser, you always send the same command. For example, using b to create a VacationMessage file for [EMAIL PROTECTED]: Sys Admin would send: write_file /test.com/user/VacationMessage The Domain admin would send: write_file /user/VacationMessage And the user would send: write_file /VacationMessage It would be much easier to write code for using the daemon if everyone always referenced that file using the System Admin example, and you don't have to do the same job three different ways depending on who happens to be logged in. Remember, there will be a whole bunch of PHP code on top of the daemon. Either I am missing something or... If we use full path then same operations would look like: Sys Admin would send same as The Domain admin would send same as And the user would send: write_file /path/to/vpopmail/home/domains/test.com/user/VacationMessage And this way we let the user know ~vpopmail. I know that in concepts, ordinary user should not use plain vpopmaild protocol but PHP application, but since we don't work in secret I can imagine that one day one of my customers that feels geek in programing would come and request Hey man, where is your ~vpopmail? I don't like your admin UI and I want to write my own. In case od b) I wouldn't have to tell him the path. He would just stick to write_file /VacationMessage when logging as [EMAIL PROTECTED] Solt
Re: [vchkpw] vpopmaild - PHP object
- Original Message - From: Rick Widmer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 06, 2004 12:49 PM Subject: [vchkpw] vpopmaild - PHP object I just uploaded a new PHP object to interface to the vpopmaild daemon. http://kimberly.developersdesk.com/vpopmaild-php.tar.gz vpopmail.pobj is the source code for the actual object. README lists all available methods in the object. example.php is a command line PHP program that tests the object, and gives examples of how to use it. Did I miss something: User info for logged in user: Array ( [vpopmail_dir] = /home/vpopmail [uid] = 399 [gid] = 399 [name] = office [comment] = office [quota] = NOQUOTA [dir] = /home/vpopmail/domains/imedia.com.pl/office [encrypted_password] = $1$L6UBr$.EzXzXSDy1PZiCiNT6Erm. [clear_text_password] = [domain_admin_privileges] = 1 [system_admin_privileges] = 1 ) Domain List: (64) Array ( ) Command string: list_users dom1.pl socket_write returned: 24 read returned: -ERR XXX not authorized for domain User List: (0) Command string: list_users dom2.pl socket_write returned: 24 read returned: -ERR XXX not authorized for domain User List: (0) Command string: list_users imedia.com.pl socket_write returned: 25 read returned: OK extra read returned: demo:$1$yUVUM$i4xHyCMsahaaOAAYViuQ81:0:0:0:demo:/home/vpopmail/domains/imedi a.com.pl/demo:1048576.00: User List: (12) Array ( ... ) Although I am sysadmin I cannot list users in other domains. What is funny, [EMAIL PROTECTED] does not appear in UserList array amd it is only account that had quota set. Solt
Re: [vchkpw] vpopmaild - errors on login
- Original Message - From: X-Istence [EMAIL PROTECTED] Marcin Soltysiak wrote: - Original Message - I see you have different error messages during login for: invalid email address user does not exist invalid password It might be better to return the same message for all so the hostile hacker can't learn as much about your users. Good point. I'd suggest - ERR XXX Login invalid to stdout and detailed info to syslog Its using tcpserver, so why not to multilog. I personally try to limit as much as possible the use of syslog. Sure. I meant (syslog|multilog|anylog) facility on server side. :-) Solt
Re: [vchkpw] vpopmaild development
- Original Message - From: Tom Collins [EMAIL PROTECTED] On Apr 6, 2004, at 10:57 AM, Marcin So³tysiak wrote: BTW. Since vpopmaild is very young it will need a heavy develoopment. It would be resonable to create a separate category in bugtraq. I'll put my vote in for initial development to take place in a separate CVS repository from the main vpopmail release, with discussion taking place on its own list. +1 Solt
Re: [vchkpw] vpopmaild - PHP object
Marcin Soltysiak wrote: Although I am sysadmin I cannot list users in other domains. I have already reported this to Ken. What is funny, [EMAIL PROTECTED] does not appear in UserList array amd it is only account that had quota set. This may be a new bug. It seems to be the firt entry on list_users..I've check od few domains and everyoan behaved same way. Solt
Re: [vchkpw] vpopmaild - PHP object
- Original Message - From: Marcin Soltysiak [EMAIL PROTECTED] Marcin Soltysiak wrote: Although I am sysadmin I cannot list users in other domains. I have already reported this to Ken. What is funny, [EMAIL PROTECTED] does not appear in UserList array amd it is only account that had quota set. This may be a new bug. It seems to be the firt entry on list_users..I've check od few domains and everyoan behaved same way. Ok, I've found... the class make unnecessary read from socket between reading +OK and first entry from list. Same as for list_domains. Solt
Re: [vchkpw] proposed vpopmaild commands/usage
Here is what I've come up with so far for the vpopmaild daemon. Comments? One more. Prototypes you sent don't include options to vaddusers etc. Options should be passed along in this protocol so that we could use for example vaddduser -n :-) Solt
Re: [vchkpw] test copy of vpopmaild.c
Anyone want a test copy of vpopmaild before it gets posted? It could use another set of eyes. Show me the money :-) Solt
Re: [vchkpw] test copy of vpopmaild.c
- Original Message - From: Ken Jones [EMAIL PROTECTED] Here ya go. Look at README.vpopmaild Short test procedure: ./configure (your options) make ./vpopmaild login [EMAIL PROTECTED] user help ./configure with option PASSED make PASSED ./vpopmaild ./vpopmaild +OK login [EMAIL PROTECTED] password +OK domain_dir /home/vpopmail/domains/imedia.com.pl name office comment office quota NOQUOTA dir /home/vpopmail/domains/imedia.com.pl/office encrypted_password $1$L6UBr$.EzXzXSDy1PZiCiNT6Erm. clear_text_password password domain_admin_privileges . list_dir imedia.com.pl -ERR XXX unauthorized directory list_dir /home/vpopmail/domains/imedia.com.pl +OK .qmail-default postmaster office magda I think /home/vpopmail/domains should be ommited. list_dir domain.tld should do the job However, now as Ken introduced the daemon we cat have a boost :-) Great job, Ken! Solt
Re: [vchkpw] proposed vpopmaild commands/usage
Hi, Here is what I've come up with so far for the vpopmaild daemon. Comments? addaliasdomain (and derivatives) auth: SA - no restrictions auth: DA - depends on privileges usage: adddomain domain name alias domain returns: OK - on success ERROR error code error message example: client - adddomain example.com test vpopmaild - OK or vpopmaild - ERROR XXX alias domains not allowed setdomainquota setadminuser - to set other than postmater domain admin I have a working vpopmaild now. If we can work out the details then I can probably have a version for testing by Monday. Great! I added file/directory commands so we can manage .qmail files or create autoresponder directories/files etc. Will need extending vpopmail PHP class but ... I'm thinking we should keep the vpopmaild as simple as possible, and place most of the intelligence for formating these simple commands into the php module. ... that is good as well. Solt
Re: [vchkpw] php extension or daemon
From: Iavor Raytchev [EMAIL PROTECTED] I posted here a couple of days ago a note about the php vpopmail extension and I got in touch with Rick Widmer who has done some progress on it. As I wrote then - we want to write high level php/Smarty GUI for vpopmail management module. The main stumbling block seems the need to run Apache as vpopmail user. I have not investigated deep enough, but this seems to be one of the main reasons why the extension is somehow dead. In our company we had a discussion on the issue and the prevailing opinion is that we should not waste time with the extension, but write a daemon. This weekend we will experiment with that. Today, searching more in depth on the issue - I found some postings on this list by people who are in favour of daemon. Hi, On the server side I'd suggest either daemon or (simplier one) triggering. By triggering I mean, that applying changes from UI would cause a creation of special trigger file with some instructions for a cron job started every minute. In other project we widely use triggering for publishing data from staging CMS to live one. Besides we crate new virtual hosts etc using same way. Triggering could only do things tha require running dedicated to vpopmail programs that need to have an RW access to ~vpopmail/ The rest could be done at the level of PHP extension as it only requires MySQL access. Ok, I know there are other auth modules that MySQL but AFAIK the latter is most widespreaded. On the other hand, a daemon would give an opprotunity to have a centralized management since many vpopmailinstallations could be managed from one client. That I'd like also since I got many vpopmails installed on my customers servers. Anyway we choose I can give my 0,03EUR to PHP coding :-) Solt
Re: [vchkpw] php vpopmail daemon etc. - developing story
Ken Jones wrote: I've been thinking about this and I think the daemon is definitly the way to go. If Rick can't release the code I can write one. I think the protocol could be like this: I found the code and although it is not as pretty as I remember it is available for release. It's in php with a tcpserver front end. It currently lacks user authentication though. From then on we could pass commands like: For admin accounts: vadduser [EMAIL PROTECTED] pass vdeluser [EMAIL PROTECTED] vadddomain domain postmaster-pass vdeldomain domain Very easy to add modules to the server, just add a case statement. I already have server code to handle this kind of daemon in both single threaded and multithreaded modes. Since it's written in php, and uses tcpserver as the socket connector, it should scale quite well. How about security? If we got it secures by SSL we coiuld use it on multiple servers from one console. Rick, could you post a URL to the code? That sounds good. Of course as a C programmer I'd prefer it be written in C linking in the vpopmail API. I'd like to take a swing at building it in C over the weekend. vmailmgr has something like this already, including a php module to talk to it. Perhaps we can re-use some of that code. That woudl be the best way. However, then we'd need a PHP API to use in web-apps Solt
Re: [vchkpw] php vpopmail daemon etc. - developing story
That sounds good. Of course as a C programmer I'd prefer it be written in C linking in the vpopmail API. I'd like to take a swing at building it in C over the weekend. vmailmgr has something like this already, including a php module to talk to it. Perhaps we can re-use some of that code. That woudl be the best way. However, then we'd need a PHP API to use in web-apps Solt why? We could talk to it using normal sockets. I dont see why it would require a special API to talk to a normal deamon on a TCP/IP. Even Unix sockets. Yeah, but why waste time and efficiency? Currently I am involved in Midgard CMD project and at the very begining we choosed ows PHP API as well as DB layer and we gained a boost that lets our CMS run on heavily loaded sites. I'd suggest a vpopmail PHP extension with deamon communication layer. So that operations would be performed on lower level and would be free from lazy programmer faults. Most of PHP apps are non-efficient because of bad implementation of basic procedures like SQL calls, file handling etc. Solt
Re: [vchkpw] php vpopmail daemon etc. - developing story
The daemon MUST require all connections to be authenticated, preferably against the vpopmail user base. user rwidmer ok password mypassword ok This is only slightly related to Rick's comments (which I think are very good by the way), but when he says against the vpopmail user base exactly what user base is he referring to? In his example, where is the rwidmer user information stored? Is this something related to how qmailadmin (which I know the least about re: vpopmail) does authentication? Well..does it matter? Daemon can do vchkpw so user DB can by any through vpopomail API call. Solt
Re: [vchkpw] php vpopmail daemon etc. - developing story
The daemon MUST require all connections to be authenticated, preferably against the vpopmail user base. user rwidmer ok password mypassword ok This is only slightly related to Rick's comments (which I think are very good by the way), but when he says against the vpopmail user base exactly what user base is he referring to? In his example, where is the rwidmer user information stored? Is this something related to how qmailadmin (which I know the least about re: vpopmail) does authentication? By 'against the vpopmail user base', I mean the mail users in vpopmail. There should also be a group of users that don't get email, but have rights to every domain on the system. This could be accomplished by having a 'domain' that is not legal, like 'system.admins'. I am pretty sure vpopmail will allow you to create such a domain, but DNS won't allow it to receive mail. A proper system admin login would look like this: user [EMAIL PROTECTED] password mypassword +1 That is very good idea. Any user within vopomail should be able to login and do actions appropriate to assigned capabilities. Other than the system.admins domain the rules are already built into vpopmail. If you are a member of the system.admins domain, you have the right to create and delete domains, and full access to manage any domain on the system. It might be good to create system.admins domain and [EMAIL PROTECTED] user when the vpopmail daemon is installed. This user would be similar to root in the operating system. You could then use the daemon to create the rest of your mail system. A step forward: using pw_gid [EMAIL PROTECTED] could have different level of access to system administration. Solt
Re: [vchkpw] PHP extension for vpopmail
o Start a separate instance of Apache on its own port or IP address, running as the mail user. This instance should only serve mail related pages. This is very easy to do. o Don't allow any web sites on the mail server. Only run QmailAdmin and sqWebmail on the mail server, and don't allow anyone but mail system administrators to login on the machine. (This is the one I use.) Didn't you ever heard about sudo? Using sudo you may allow the apache's user to run commands (that you specify) as the vpopmail's user. I did it once, it isn't hard. I also believe that's more secure, since the vpopmail's user will be used only weh necessary (to run some commands) and not all the time (to run apache). sudo with PHP extension? When PHP is a module? How? Solt Via PHP's CGI module. Ok. I meant shared apache module, not CGI. Personally I dislike CGI modules Solt
Re: [vchkpw] PHP extension for vpopmail
Another problem, if you allow the www user access to the vpopmail programs - how do you keep every web site on the server from having full access to mail system? The vpopmail library functions don't provide authentication. (They do provide functions for doing authentication, but the calling program has to manage it.) Perhaps it would be nice to have some authorization method like: $vid=vpopmail_auth_module(vpopmail-user, vpopmail-pass-perhaps-in-crypted-md5-form); Solt
Re: [vchkpw] PHP extension for vpopmail
Another problem, if you allow the www user access to the vpopmail programs - how do you keep every web site on the server from having full access to mail system? The vpopmail library functions don't provide authentication. (They do provide functions for doing authentication, but the calling program has to manage it.) Perhaps it would be nice to have some authorization method like: $vid=vpopmail_auth_module(vpopmail-user, vpopmail-pass-perhaps-in-crypted-md5-form); The function is already there. struct vpasswd *vauth_user( char *user, char *domain, char *password ); All it does is return the password file data for the user if the password is valid, or NULL for an authentication error. The problem is you can call vdeldomain() or anything else, even you haven't authenticated yet. The only security checks in the vpopmail library are done at the system level. Does the user running the process have rights to change the files it needs to affect? Notice that I called the function .._auth_module(). If you want to separate websites from accessing vpopmail on your box you need a fundamental authorization that allow you to perform vdeldomain(). More descriptive example follows: $vid=vpopmail_auth_module(vpopmail-user-like-unix-vpopmail-user-that-can-ad d-and-delete-and-so-on, vpopmail-pass-perhaps-in-crypted-md5-form); if($vid){ //Your'e a super admin and can manipulate domains and users $rst=vadddomain(myname.tld,postmaster_pass); //or whatever is the syntax if($rst){ echo domain created; }else{ echo vpopmail_errstr(); } }else{ //your regular user that can only auth himself via $auth=vauth_user(user,domain,password); } on vpopmail_auth_module() level there would be a something like sudo mechanism performed so that all functions that require phisycal access to vpopmail dir structure were run as authorized super user (or any other user that has some limited permissions. Personally I feel, that could be an extension to vpopmail itself. A module for PHP operations that would introduce some levels of admins etc...Imagine that you can assign a user rigths to create 5 doimains... Bad thing is I am no coder. All of above is just my imagination and theoretical issues. Perhaps someone of vpopmail users is quite a PHP geek and could verify if it has chance for a success. Solt
Re: [vchkpw] enable-file-sync
Could someone please explain the purpose of the following configure option in vpopmail: --enable-file-sync Enable file sync after each message is delivered We're having file system corruption problems with qmail/vpopmail (IDE hard disk, ext3 file system) and are wondering if this might help. Is there a downside to using this option? That might help. I put the option in for exactly this type of reason. Instead of calling fsync after the delivery it lets the OS manage the disk buffering. You might also want to comment out the fsync's in the qmail source code. These two changes will let the OS manage the disk buffers instead of flushing them all the time. You'll get much better disk performance. Ok. But when it is up to OS? when the option is enabled or disabled? I've just upgraded to current RC and got quite a load (about 9-10) caused by vdelivermai and vmstat suggests that I got IO bottleneck now. Besides I see lots of vdelivermail running and every mail spends now lots of time in a queue, even when it is local. Any ideas, please? Solt PS Ken, sorry about two copies of this mail. BTW: Could you set default Reply-To: to list address? It would be easier when replying.
Re: [vchkpw] About to release new devel version 5.3.20
Brian Kolaski sent in a new patch today for qmailadmin that probably fixes the problem. Execllent! I spent couple of hours hunting for it :-) Myabe it could be good for future releases but I miss one feature: My users wnat to be informed on their mobiles about new mail, so I wrote wrapper script that could be put into .qmail taking a phone number as a parameter but qmailadmin lacks of chance for user to put his number into account details form. I thought it would be nice if during configure run admin could set smtn like --with-wrapper-scripts=/usr/bin/one|/usr/bin/two --with-wrapper-label=Featur e one|Feature two so that in moduser page there were additiona fields labelled corresponding. If filled, qmailadmin would put |/usr/bin/one parameter_from_field_one |/usr/bin/two parameter_from_field_two /home/vpopmail/domains/... This way users could also implement some customized filtering action on their mailboxes. Solt
[vchkpw] IMAP and OE issue
Hi all, I got problem with Outlook Express and qmail+vpopmail+courier-imap. Ocasionally it happens that new message is marked as Message is no longer available and then the on;ly way to read it is to get via other reader. Any hints? Thx Solt