Re: Very high CPU Usage!!
BCheck the list archive. There was a thread on this a few weeks ago. The Bapparent cause was compiler shipped with RH7.0, I believe. -Bill Actually, I am not running RH7.0. I am running debian 2.2 r2(glibc21+egcs). Now I had to kill the processes manually. I have only seen this problem once. It has been four days since I killed the processes and the problem has not reoccured. I am not running tcpserver with the -p option (reverse dns) and the dns's in /etc/resolv.conf are ok (local djb dnscaches). The mysterious processes where a total of three, each consuming 33.3%. I am only running 10 domains on that box, and using cdb. Some hints, at the moment I ran top and saw these crazy processes, they were running under command "domainname" which was one of the 10 domains hosted on that box. This is also the only domain that has roaming users popping in. All other 9 domains' users access their mail through sqwebmail. One of my local dnscache's was down a while before I noticed this because of a power surge, if that could be related (maybe the user popped in at the moment the dns was down). But again, I do not have the -p option to tcpserver in my rc.pop init script. I just hope to unveil this mysterious behavior before it burns me a cpu. TH
Very high CPU Usage!!
Hi, I have been running vpopmail for a long while and it was very smooth. Now I recently upgraded to 4.9.8 (still using cdb) and i am hosting only 10 domains on that box. After a while, I was logging on to the box and noticed it is slow (P-III 650 Mhz., 128MB PC133 Ram) so i wondered why! I ran top and I saw three vpopmail processes running, each consuming CPU 33.2%-33.3%. That is 99.9% cpu usage! Email in both directions works ok with no slowdowns, but I just wonder WHY vpopmail is consuming resources this high? --Tamer
Replication
What are good approaches for setting up mail server replication? Which is more recommended in such environment: mysql or cdb? How stable is it with mysql? I read about an approach using NFS but also warned about MySQL file locking and NFS problems nuking the tables. Could this be avoided, i.e. Are there better alternatives than NFS? --Tamer
Re: virtual user quota
Correction, .current_size is generated the user's home directory by the "deliverquota" program that is also bundled with sam varschak's sqwebmail. It is not associated with vdelivermail (vpopmail's vdelivermail) as I earlier said. But an example of current user qutota usage is already incorporated in vpopmail's vdelivermail.c. It calculates the mail size before delivering a message to the user's Maildir. The part where it calculates the mail could be used as an example in the new program that would parse that information to STDOUT -- CGI -- custom html template code --- user's custom webmail. :D
mysql+vpopmail question
Is it possible to get vpopmail/vchkpw (with mysql support) to store passwords in clear text? The reason why I am asking this is would like a "password retrieval feature" using a hint question (like in hotmail), using a php script I wrote (cracking the hashes would be silly). :P Thanks, Tamer
Re: mysql+vpopmail question
Daniel Hardaker writes: Is it possible to get vpopmail/vchkpw (with mysql support) to store passwords in clear text? The reason why I am asking this is would like a "password retrieval feature" using a hint question (like in hotmail), using a php script I wrote (cracking the hashes would be silly). :P Daniel Wrote: Hmm...im sure it is, but its extremely unsafe especially using mySQL... Why would it be exteremly unsafe if I am the only local user on that box. No one else has local access to the server and I limit access to the mysql server only from localhost. Besides, all the user's and passwords in the mysql database are virtual (Thanks to vpopmail.) surely it would be much better to have the hint question and then get your script to reset the password and allow the user to change it to whatever thet like? Just my opinion.. :) Now, Your suggesstion is very good, except for the fact that "changing it" is not so easy because as far as I know the mysql encryption funtions are not compatible with unix crypt functions so I guess I cannot do it from php if the password has to be checked against a hash. also discussed earlier on the list: http://www.mail-archive.com/vchkpw@inter7.com/msg01882.html Am I correct? Let me know! Tamer
vqsignup.cgi
Pedro Vega Wrote: Hi all. Is it possible to Apache handle the output of vqsignup.cgi as php instead of html ? Thanks. Pedro Vega Sure, not so difficult. Just edit vqsignup.conf and edit the paths to the default html's and change them to the path to your php scripts. Make sure that "submit" and action in your php scripts posts what is required (username, domain, and password) to the vqsignup.cgi binary. I know why you ask this, it is probably because most people want to archive stuff like "First" and "Last" name, etc. and save em in a mysql database. Good Luck, Tamer Hassan [EMAIL PROTECTED]
vpopmail quota suggestions
Has anyone read about maildir++ ? I would like to see that implemented in vpopmail but don't have the time/skill to do so. Sqwebmail has a neat feature integrated in it's interface that shows the user their current maildir++ quota usage (as in yahoo, etc.) Mr.Sam has already written a temp hack "deliverquota" that would deliver mail to local Maildir with support for maildir++ and it works with his sqwebmail. However, this requires all system wide domains and accounts to use the same quota. (Instead of instructing your mail server to deliver the message to a maildir, you instruct the mail server to deliver the message to the deliverquota program, and specify the location of the maildir and its corresponding quota, as the arguments.) example: deliverquota ./Maildir 200,500C This delivers to ./Maildir with a quota set to 2MB or 500 messages, whichever comes first. THe message limit could also be ommited. By the way, this works better than the HARDQUOTA feature in vpopmail, just a personal opinion. Best Regards, Tamer Hassan [EMAIL PROTECTED]
RE: vpopmail lacks authentication security
By itself, pretty much every piece of a security program is insecure. Hrm, is that a joke? You claim to be smart enough to make such a claim yet you don't know how to teach your sytem to crypt using libraries other than the defaults. My system uses MD5 (blowfish) and 3DES (Triple DES). Do not say that vpopmail would use DES by Default because 3DES is wrapped around DES, it sounds gay (And so do you). Now I really have a good reason to ignore your emails. Words like "Anal Retentive", "Little voices in your head" and "Lame" make you sound even more gay. "Lame", sounds like a word from the 80's or even 70's. Well, what do you expect from a fag who brags all about his mighty BSDI and criticizes "Linux IP Stack". Don't bother replying to me, if as you say I am: "a 19 year old child", unless you are "a 60 year old fag with nothing to do". The O'Reilly sendmail book is now all I need to SMACK you. Shmuck!
Re: HardQuota Bug in all Vpopmail versions
What bug in vdelivermail quotas? Can you prove that it doesn't work with the 4.9.8 release and show me how to replicate it on my machine? Ken Jones Ok, here is what I have done (on vpopmail 4.9.6 and 4.9.7): 1. create a [EMAIL PROTECTED] with 5 meg quota (HAS TO BE 5 MEGS- If you want to duplicate the problem, do what I did. Quotas seemed to work when I set it very low, as low as 50 K) 2. Send an email with the Subject: test, and body message of "test" and attach a 1.5 meg file. 3. Send 3 emails, that sums up to 4.5 MB, when you send the fourth message, it should bounce back. However, I doubt it. Try even sending a fifth and a sixth. :/ Let me know what you get Best Regards Tamer Hassan
vpopmail lacks authentication security
Sorry, I hate to do this. I later posted to the list about the fact that vpopmail only uses DES. Matt Simerson said "it is silly to say that DES is insecure" and I disagreed. He then sent me a hashed password string betting me to crack it, and it turned out to be a BSD MD5 (what an iodiot). Now, back to topic. IF ANYONE HAS SUCCESSFULLY USED MD5 WITH VPOPMAIL, POST TO THE FREAKING LIST. Excuse me! Matt, I know you are going to trip out again. But, you seriously lack security insight. You cannot protect a box by disallowing pings to it. Security by obscurity is old fashioned. Same thing with using an 8 character password for your postmaster accounts (assuming that you do use the full 8 characters that DES allows you). Want more details, here is a very nice article about DES INSECURITIES by the FreeS/WAN Fellows: http://www.freeswan.org/freeswan_trees/freeswan-1.5/doc/DES.html Please, stop talking about your great inventions ssh'ing your pop server connections. If you administered hotmail or yahoo, would you do that? Best Regards Tamer Hassan The only secure computer is one that's unplugged, locked in a safe, and buried 20 feet under the ground in a secret location... and i'm not even too sure about that one"--Dennis Huges, FBI.
RE: HardQuota Bug in all Vpopmail versions
With all due respect, I did some of my own testing of vpopmail last year and found that then, the quota mechanism didn't work (I was able to send more than the quota's worth of messages using small messages (and a perl script to send it rapidly). With all due respect, this method sucks. You just overcome the "userless system" privelege of vpopmail. Secondly, linux filesystem quotas sucks (I know many may not agree with me) because: 1. You can only do UID/GID based quotas (You cannot do quotas on directories) 2. It is slow, Imagine having to do quotacheck every 30 minutes (if you have a big box hosting some hundreds of domains). I chose instead to use system quotas and multiple UID's (one per domain) which is a VERY effective limiter but it has made a couple new bugs appear. As you may already know, you are now unfortunately doing quotas per entire domain, and not per user, which is what vpopmail should be doing correctly. You missed the point. For example, when the system quota is reached and an admin attempts to add users to the system, it can nuke the vpasswd.cdb file due to the write error. :-( I haven't worked around that one yet... I have a better solution for you (that is if you don't want to use vpopmail's quota support): Say you wanted to limit each one domain to 200 megs quota: 1- make a data directory to serve our virtual domains quota files mkdir /home/vpopmail/data (don't forget to set appropriate uid and gid permissions) 2- create a 200 meg file as follows: dd if=/dev/zero of=/home/vpopmail/data/domainfile bs=1MB count=200 3- make a filesystem inside the file mke2fs -F /home/vpopmail/data/domainfile 4- Mount it under the appropriate domain directory (make sure it is empty) mount -o loop ~vpopmail/data/domainfile ~vpopmail/domains/domain.com (also set appropriate uid and gid permissions on domain.com directory) now proceed with ./vadddomain and so Would also be nice to put the mount command into your startup script in case you reboot. This should effectively limit the domain to 200 MB. No need to keep doing quotacheck which takes a while (Especially when you have lots of directorys and sub directories). This method assumes that your kernel was compiled with "loop" filesystem support (usually true for most distributions because it is often used to create ramdisks and such). Good Luck P.S. I still want to fix that bug in vdelivermail that doesn't check quotas right.
vchkpw lacking authentication security
To everyone on the vchkpw mailing list: If anyone knows of a way to force vpopmail to use MD5, please let me know.
HardQuota Bug in all Vpopmail versions
On the vpopmail FAQ (http://www.inter7.com/vpopmail/FAQ), it mentioned:6. 6. How do hard quota's for users work? When mail is delivered to a virtual domain, vdelivermail will deliver it to the pop users directory. vdelivermail will enter the users Maildir and add up the sizes of all the files in these directories. If the size is greater than the HARD_QUOTA limit. The email is bounced back to the sender. However, attachments are not added up and thus do not calculate towards the total Hard Quota. I have tested this on several vpopmail installation up to version 4.9.6-1 most with a default quota of 5 megs and I was able to send the test user emails with more than 10 megs of attachments. (sqwebmail 1.0 through 1.2.0 were used on the vpopmail installations I tested). Best Regards, Tamer Hassan
Re: HardQuota Bug in all Vpopmail versions
Hrm, Getting even weirded, I tried resetting a test user to 5000 bytes and he would seccessfully get any messages "with attachments" less than 5k. Then I set the quota to 500 (about 5 megs) and I am able to send him more than 10 megs of attachments in several messages. I am really confused. Example: Well, molions.com is running vpopmail and sqwebmail with a 2 Meg Hardquota (Stated in their FAQ). However, I was able to send many attachments which all sums up way more than 2 megs. Check it out: http://www.molions.com User:test9 password:test (Apologies to molions, no intention to abuse their server/bandwidth) Tamer