[vchkpw] 571 Errors
Hello, I am having some problems whenever people try to send to more than 15 people in the same email. They get back some variation of the 571 error, either "571 sorry, reached maximum number of recipients for one session (#5.7.1 - chkuser)\r\n"or "571 sorry, you are violating our security policies (#5.7.1 - chkuser)\r\n" is their any way to change the maximum number without re-compiling anything? Thanks, Chris Holloway Network Technician THUMBTECHS CORPORATION 8205 Camp Bowie West # 110 Fort Worth, TX 76116 (817) 923-2419
Re: [vchkpw] 571 Errors
Yes, the value is within an environment variable. See your chkuser_settings.h to see how you called the variable and change the variable's value. Tonino At 17.24 23/09/2005, you wrote: Hello, I am having some problems whenever people try to send to more than 15 people in the same email. They get back some variation of the 571 error, either 571 sorry, reached maximum number of recipients for one session (#5.7.1 - chkuser)\r\n or 571 sorry, you are violating our security policies (#5.7.1 - chkuser)\r\n is their any way to change the maximum number without re-compiling anything? Thanks, Chris Holloway Network Technician THUMBTECHS CORPORATION 8205 Camp Bowie West # 110 Fort Worth, TX 76116 (817) 923-2419
RE: [vchkpw] intermittent smtp auth errors
New development.. what's even more strange about this is that it is primarily happening on one server in the cluster and not the others. All of which have identical mysql configs, with the exception of their ID in the cluster, vpopmail and qmail installations. -Original Message- From: Ken Jones [mailto:[EMAIL PROTECTED] Sent: Thursday, September 22, 2005 10:09 AM To: vchkpw@inter7.com Subject: Re: [vchkpw] intermittent smtp auth errors Clayton Weise wrote: I've got an odd error that is coming up and I can't quite put my finger on it. I have 3 mail servers running qmail/vpopmail (5.4.10) and MySQL 3.23.58. I also have mysql replication running and vpopmail is configured in accordance with that (reads on localhost, writes on the db server). We've been receiving complaints from customers about intermittent smtp errors and when I tail the maillog I'm seeing errors like this: Sep 22 08:58:37 qmail1 vpopmail[64930]: vchkpw-smtp: vpopmail user not found [EMAIL PROTECTED]:1.2.3.4 Sep 22 08:58:39 qmail1 vpopmail[64995]: vchkpw-smtp: vpopmail user not found [EMAIL PROTECTED]:1.2.3.4 Sep 22 08:58:40 qmail1 vpopmail[65022]: vchkpw-smtp: vpopmail user not found [EMAIL PROTECTED]:1.2.3.4 In the interest of our users' privacy I have replaced the various email ip addresses with the [EMAIL PROTECTED] and 1.2.3.4. What's strange is that it's not happening with any other authentication method (pop3, imap, etc), only smtp. It fails out saying user not found and yet a 'vuserinfo' on that user reveals they actually do exist. I have qmail patched with the smtp auth patch from: http://members.elysium.pl/brush/qmail-smtpd-auth/ I'm happy to provide any other information that might be helpful in figuring this out. Any suggestions are, of course, welcomed. You might be running out of mysql connections. Check your my.cnf file for max_connections variable. The default value is 100 connections. You'll need the max_connections to cover your max smtp, imap, pop3 local concurrency and any other services that connect to the mysql database. Hope that helps, Ken Jones
[vchkpw] Cross-site scripting (XSS) vulnerability in QmailAdmin/vpopmail
A user recently brought to my attention that a cross-site scripting vulnerability still existed in QmailAdmin for sites using QmailAdmin version 1.2.3 or earlier, or vpopmail 5.4.9 or earlier. I realized that I was still running vpopmail 5.4.8 on one of my own servers, and thought that others might still be running older versions. So, I'm sending this out as a reminder to everyone. If you're running old versions, you should upgrade to either vpopmail 5.4.10 or 5.4.13 (which includes a rewritten vdelivermail) and QmailAdmin 1.2.4 (at least) or 1.2.9 (preferable, has better handling of .qmail files). I haven't had any reports of the vulnerability being exploited, but it is theoretically possible when running the old software. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/
