[vchkpw] vadddomain postmaster and abuse account
Greetings, Would it be possible to have vadddomain auto-add a abuse account in addition to the postmaster account (or make a abuse account forward to the postmaster account?) looking at: http://www.rfc-ignorant.org/policy-abuse.php the following section is relevant: -- It is also widely believed, but again inaccurately so, that the [EMAIL PROTECTED] requirement is a suggestion and nothing more. Section 1 of RFC2142 explains very clearly that it is a must requirement: However, if a given service is offerred, then the associated mailbox name(es) must be supported, resulting in delivery to a recipient appropriate for the referenced service or role. -- anyway just something to think about, -Myron
[vchkpw] Limits
Hi, Is there a way to limit the size of messages one can send and receive and establish a maximum number of messages per mailbox. Any help would be appreciated. Warm Regards, Mário Gamito
Re: [vchkpw] chkuser patch
At 07/07/2004 07/07/2004 -0400, you wrote: There's some larger issue here that involves a moderately loaded machine running both mysql and qmail (and incidentally, vpopmail) having trouble getting some sql queries out in time. The mysql people (mostly Zawodny) don't think it's a bug/problem with mysql but that qmail can easily swamp a system to the point that mysql bogs down, even with all the tables cached in memory. For most vpopmail operations, it's not a big deal; an occasional login failure or mail being deferred. But on the chkusr side, a mysql burp leads to rejected mail. Personally, I feel MySQL unsafe for such operations, and I'll switch to OpenLDAP before or later. I'm really worried about MySQL reliability. When I used cdb I did not have a problem for years. Now the message MysQL server is gone terrifies me. This is a known problem, that will be resolved as vpopmail will integrate such checks (I've been told these checks on DB connects are going to be put inside vpopmail CVS). I hope that gets backported to 5.4.x, sounds like a good fix. I'm preparing chkuser 2.0, that will integrate all these changes, and will improve a lot of other things. Excellent. I also have a coworker looking at the patch to see if he can build a workaround. I'm also considering just changing the patch to return a temporary failure. Considering most of what chkusr blocks is spam, why not let it queue on the remote end? Nasty, but oddly appropriate. Charles, if you are willing to test, I'll send you a pre-release of chkuser 2.0, so your coworker may test new vpopmail vauth_open routines and new chkuser functionalities. Just I need one week to release a fully working and tested pre-release. Tonino [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
[vchkpw] qmail + vpopmail authentication (SMTPafterPOP)
Hi, I have a system with netqmail 1.05 + vpopmail 5.4.0 + sqwebmail 4.0.5 + qmailadmin 1.2.0 + clamav 0.73 + qmailscanner. Now, I'd like to do some kind of SMTP authetication using the idea of SMTPafterPOP, to use the vpopmail users (into vpasswd file) to authenticate the sending of emails. I found some patches for QMail, but I'm doubt about the functionality of its with vpopmail users database. I work in a school and there are other units of it that uses internet providers with dinamic IPs. Then, all the time I need to change /etc/tcp.smtp to add the actual IP address for the list of external users to do SMTP relay. But I think if I will have SMTP authentication, I may do a QMail OPEN RELAY and all will work fine. Is this TRUE or I'm CRAZY to think about OPEN RELAY? Is there some alternatives to do this without OPEN RELAY?
Re: [vchkpw] qmail + vpopmail authentication (SMTPafterPOP)
On Thursday 08 July 2004 08:47 am, Edilmar wrote: Hi, I have a system with netqmail 1.05 + vpopmail 5.4.0 + sqwebmail 4.0.5 + qmailadmin 1.2.0 + clamav 0.73 + qmailscanner. Now, I'd like to do some kind of SMTP authetication using the idea of SMTPafterPOP, to use the vpopmail users (into vpasswd file) to authenticate the sending of emails. I found some patches for QMail, but I'm doubt about the functionality of its with vpopmail users database. I work in a school and there are other units of it that uses internet providers with dinamic IPs. Then, all the time I need to change /etc/tcp.smtp to add the actual IP address for the list of external users to do SMTP relay. But I think if I will have SMTP authentication, I may do a QMail OPEN RELAY and all will work fine. Is this TRUE or I'm CRAZY to think about OPEN RELAY? Is there some alternatives to do this without OPEN RELAY? Use tonix's qmail-smtp/vpopmail auth patch. Smtp authentication is the cleanest way to go. Ken Jones
Re: [vchkpw] Docs on switching from vpopmail with mysql to vpopmail without mysql
On Thursday 08 July 2004 01:30 am, Charles M. Gerungan wrote: Is there any available on how to move accounts from a mysql vpopmail installation to a non-mysql vpopmail installation? Anyone maintaining docs.. please add this. How to convert a vpopmail installation from mysql to cdb a) go to your vpopmail source code directory. Note: look at config.log to save your current options. b) make sure vpopmail is configured / compiled for mysql You can skip this step if you already have the source code compiled for mysql make distclean ./configure --enable-auth-module=mysql make c) run vconvert to build the vpasswd clear text files ./vconvert -m -c d) reconfigure vpopmail for cdb make distclean ./configure (with your additional options) make e) build the vpasswd.cdb files for all domains with this shell script for i in `./vdominfo -n` ; do ./vmkpasswd $i; done f) test ./vuserinfo [EMAIL PROTECTED] Success should display the user and all their informaion g) install make install-strip Ken Jones
Re: [vchkpw] qmail + vpopmail authentication (SMTPafterPOP)
Ken Jones wrote: On Thursday 08 July 2004 08:47 am, Edilmar wrote: Hi, I have a system with netqmail 1.05 + vpopmail 5.4.0 + sqwebmail 4.0.5 + qmailadmin 1.2.0 + clamav 0.73 + qmailscanner. Now, I'd like to do some kind of SMTP authetication using the idea of SMTPafterPOP, to use the vpopmail users (into vpasswd file) to authenticate the sending of emails. I found some patches for QMail, but I'm doubt about the functionality of its with vpopmail users database. I work in a school and there are other units of it that uses internet providers with dinamic IPs. Then, all the time I need to change /etc/tcp.smtp to add the actual IP address for the list of external users to do SMTP relay. But I think if I will have SMTP authentication, I may do a QMail OPEN RELAY and all will work fine. Is this TRUE or I'm CRAZY to think about OPEN RELAY? Is there some alternatives to do this without OPEN RELAY? Use tonix's qmail-smtp/vpopmail auth patch. Smtp authentication is the cleanest way to go. Ken Jones But, with it, I will configure /etc/tcp.smtp for 0.0.0. = OPEN RELAY?
Re: [vchkpw] qmail + vpopmail authentication (SMTPafterPOP)
On Thursday 08 July 2004 11:12 am, Edilmar wrote: Ken Jones wrote: On Thursday 08 July 2004 08:47 am, Edilmar wrote: Hi, I have a system with netqmail 1.05 + vpopmail 5.4.0 + sqwebmail 4.0.5 + qmailadmin 1.2.0 + clamav 0.73 + qmailscanner. Now, I'd like to do some kind of SMTP authetication using the idea of SMTPafterPOP, to use the vpopmail users (into vpasswd file) to authenticate the sending of emails. I found some patches for QMail, but I'm doubt about the functionality of its with vpopmail users database. I work in a school and there are other units of it that uses internet providers with dinamic IPs. Then, all the time I need to change /etc/tcp.smtp to add the actual IP address for the list of external users to do SMTP relay. But I think if I will have SMTP authentication, I may do a QMail OPEN RELAY and all will work fine. Is this TRUE or I'm CRAZY to think about OPEN RELAY? Is there some alternatives to do this without OPEN RELAY? Use tonix's qmail-smtp/vpopmail auth patch. Smtp authentication is the cleanest way to go. Ken Jones But, with it, I will configure /etc/tcp.smtp for 0.0.0. = OPEN RELAY? No. Just configure tcp.smtp for all static IP's you want to allow to relay without authentication, like internal servers that need an outbound mail server. For example: 127.0.0.1:allow,RELAYCLIENT= 209.218.8.:allow,RELAYCLIENT= Ken
Re: [vchkpw] Limits
On Thursday 08 July 2004 02:48 am, Mario Gamito wrote: Hi, Is there a way to limit the size of messages one can send and receive and establish a maximum number of messages per mailbox. You can limit the size of all messages being received with the /var/qmail/control/databytes file You can limit the number of messages any user can keep with user based quotas. The syntax is something like xS,yC where x is the maximum total size of all messages and y is the maximum count of messages. I don't think you can limit the size of any individual email except globally with the databytes file. Ken Jones Any help would be appreciated. Warm Regards, Mário Gamito
Re: [vchkpw] chkuser patch
On Thu, 8 Jul 2004, tonix (Antonio Nati) wrote: For most vpopmail operations, it's not a big deal; an occasional login failure or mail being deferred. But on the chkusr side, a mysql burp leads to rejected mail. Personally, I feel MySQL unsafe for such operations, and I'll switch to OpenLDAP before or later. Yeah, I'd been away from mysql for quite some time, and I'd assumed the reliability issues had been taken care of. I'm going to have to take a stab at PostgreSQL. It's not as whiz-bang fast, but it's rock solid. I think replication is a reality there now as well. I'm really worried about MySQL reliability. When I used cdb I did not have a problem for years. Now the message MysQL server is gone terrifies me. Heh. Mine isn't gone, but it does seem to take a nap a few times a day. if you are willing to test, I'll send you a pre-release of chkuser 2.0, so your coworker may test new vpopmail vauth_open routines and new chkuser functionalities. Sure. I have to fast-track my upgrade from 5.3.30 to 5.4.whatever. I was hoping to have some more prep time. Hopefully I can find some tips on what's changed in the archives. Thanks, Charles Just I need one week to release a fully working and tested pre-release. Tonino [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [vchkpw] chkuser patch
On Wed, 7 Jul 2004, Tom Collins wrote: On Jul 7, 2004, at 7:22 PM, Rick Widmer wrote: Should I make a patch with just this feature against 5.4.5? Will someone merge it - or can I? If you can isolate that change, I'll make sure it gets into the 5.4 series. Yeah! We can make it available for testing first, and then roll it into a release. I'm going to try and get off of 5.3.30 shortly, so I'd be more than happy to do some testing. Thanks, Charles -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] Failing logins - mysql issue?
Just following up to myself with a related question... If I have a seperate update server, and the read-only server is working fine, does any failure on the update server (doing relay and lastauth) cause pop/imap/smtp-auth logins to fail? I've temporarily offloaded the read-only stuff to a seperate box, but I saw a re-occurence today of database hiccups on the update server, and also saw a string of login failures, so I'm wondering if the problem has followed me to the new db box or if the updates bogging down can hang the password checking routines. Thanks, Charles On Thu, 1 Jul 2004, Charles Sprickman wrote: Hi, I read with some interest the thread about 5.4.5 that mentions this particular error: Jul 1 19:11:41 blah pop3d: vmysql: sql error[1]: Can't create database 'vpopmail'. Database exists Today we've been getting a ton of complaints about users needing to enter their passwords multiple times. This is pop, imap, and smtp-auth. Additionally it looks like the chkusr patch is having issues as well; I've seen a few bounces (my C-coding buddy is hopefully going to get that patch to act a bit more nicely if it can't hit mysql). This is vpopmail 5.3.30, mysql 4.0.17 on FreeBSD 4.8. Seeing as I'm getting failures across the board, I have to assume there's some issue with accessing mysql. The box is working hard, but not struggling. I've seen the above errors when the load is as low as .40. MySQL is set to a max-connections of 2000. MySQL does not log anything interesting when I enable logging except for the expected Aborted connection messages from the vpopmail stuff not calling mysql_close(). I'm stumped here. MySQL seems to be fine, the load isn't insane, the vpopmail user has no cpu/file limits, nor does MySQL's user, yet all vpopmail stuff that hits the db fails periodically. Any ideas what to look at? I know I should get on 5.4.x, but I have to test that elsewhere for any surprises first.
[vchkpw] Migrating from crypt /etc/shadow to md5 vpasswd
I am moving customers over from a non-vpopmail setup authenticating off /etc/shadow with crypt passwords, to a vpopmail setup (same box) which uses md5. Is there any way to do this easier than: 1. getting the cleartext passwords and re-encrypting into md5 2. or turning on a password learning mode of the pop/imap server Alternately is there anyway to tell vpopmail to use crypt instead of md5 on a per domain basis. I realize I can build vpopmail to disable md5 support (in favor of crypt), but was wondering if this is possible on a per domain basis. Brian -- Brian Feeny, CCIE #8036 e: [EMAIL PROTECTED] Network Engineerp: 318.213.4709 ShreveNet Inc. f: 318.221.6612
[vchkpw] vpopmail md5/crypt behavior
I have my vpopmail configured as default so that it uses md5 passwords. It seems to authenticate correctly whether I have the password in md5 or crypt format. Is this correct behavior? It seems it will take either format and work correctly. Brian -- Brian Feeny, CCIE #8036 e: [EMAIL PROTECTED] Network Engineerp: 318.213.4709 ShreveNet Inc. f: 318.221.6612
[vchkpw] Vpopmail 5.4.5
staff necessary of one he helps of you, good I I installed the vpopmail qmail and and mysql 3.23.54 in red hat 9,0, the problem that I am having I am in the compilation of vpopmail 5.4.5 and I do not know as to make it to function, I go to pass as I am compiling and the error that this giving Waiting a brief return. ./configure \ --enable-learn-passwords=y \ --enable-auth-logging=y \ --enable-clear-passwd=n \ --enable-valias=y\ --enable-mysql-logging=y \ --enable-auth-module=mysql \ --enable-qmail-ext=y \ --enable-vpopuser=vpopmail \ --enable-vpopgroup=vchkpw vpopmail 5.4.5 Current settings--- vpopmail directory = /home/vpopmail uid = 508 gid = 503 roaming users = OFF --disable-roaming-users (default)password learning = ON --enable-learn-passwords md5 passwords = ON --enable-md5-passwords (default) file locking = ON --enable-file-locking (default)vdelivermail fsync = OFF --disable-file-sync (default) make seekable = ON --enable-make-seekable (default) clear passwd = OFF --disable-clear-passwduser dir hashing = ON --enable-users-big-dir (default)address extensions = ON --enable-qmail-ext ip alias = OFF --disable-ip-alias-domains (default) domain quotas = OFF --disable-domainquotas (default) auth module = mysql --enable-auth-module=mysqlmysql replication = OFF --disable-mysql-replication (default) mysql logging = ON --enable-mysql-logging mysql limits = OFF --disable-mysql-limits (default) MySQL valias = ON --enable-valias auth inc = -I/usr/include/mysql auth lib = -L/usr/lib/mysql -lmysqlclient -lz -lm system passwords = OFF --disable-passwd (default) pop syslog = show only failed attempts --enable-logging=e (default) auth logging = ON --enable-auth-logging (default)all domains in one SQL table = --enable-many-domains (default) make Erro: gcc -g -O2 -Wall -o vchkpw vchkpw.o md5.o hmac_md5.o libvpopmail.a -L/usr/lib/mysql -lmysqlclient -lz -lm -lcrypt/usr/bin/ld: cannot find -lzcollect2: ld returned 1 exit statusmake[2]: *** [vchkpw] Error 1make[2]: Leaving directory `/usr/src/qmailrocks/vpopmail-5.4.5'make[1]: *** [all-recursive] Error 1make[1]: Leaving directory `/usr/src/qmailrocks/vpopmail-5.4.5'make: *** [all] Error 2 Waiting a brief return _Alexandre Ricardo S.SilvaNetwork Administrator Security AnalistCentral On Line ( Tornero Cia )Componentizar ( Componentizar )Fone: 11-5070-6796
RE: [vchkpw] Vpopmail 5.4.5
did u try to add the libmysql for vpopmail to your ldconfig? Remo From: Alexandre Ricardo Souza Silva [mailto:[EMAIL PROTECTED] Sent: Thursday, July 08, 2004 4:27 PMTo: [EMAIL PROTECTED]Subject: [vchkpw] Vpopmail 5.4.5 staff necessary of one he helps of you, good I I installed the vpopmail qmail and and mysql 3.23.54 in red hat 9,0, the problem that I am having I am in the compilation of vpopmail 5.4.5 and I do not know as to make it to function, I go to pass as I am compiling and the error that this giving Waiting a brief return. ./configure \ --enable-learn-passwords=y \ --enable-auth-logging=y \ --enable-clear-passwd=n \ --enable-valias=y\ --enable-mysql-logging=y \ --enable-auth-module=mysql \ --enable-qmail-ext=y \ --enable-vpopuser=vpopmail \ --enable-vpopgroup=vchkpw vpopmail 5.4.5 Current settings--- vpopmail directory = /home/vpopmail uid = 508 gid = 503 roaming users = OFF --disable-roaming-users (default)password learning = ON --enable-learn-passwords md5 passwords = ON --enable-md5-passwords (default) file locking = ON --enable-file-locking (default)vdelivermail fsync = OFF --disable-file-sync (default) make seekable = ON --enable-make-seekable (default) clear passwd = OFF --disable-clear-passwduser dir hashing = ON --enable-users-big-dir (default)address extensions = ON --enable-qmail-ext ip alias = OFF --disable-ip-alias-domains (default) domain quotas = OFF --disable-domainquotas (default) auth module = mysql --enable-auth-module=mysqlmysql replication = OFF --disable-mysql-replication (default) mysql logging = ON --enable-mysql-logging mysql limits = OFF --disable-mysql-limits (default) MySQL valias = ON --enable-valias auth inc = -I/usr/include/mysql auth lib = -L/usr/lib/mysql -lmysqlclient -lz -lm system passwords = OFF --disable-passwd (default) pop syslog = show only failed attempts --enable-logging=e (default) auth logging = ON --enable-auth-logging (default)all domains in one SQL table = --enable-many-domains (default) make Erro: gcc -g -O2 -Wall -o vchkpw vchkpw.o md5.o hmac_md5.o libvpopmail.a -L/usr/lib/mysql -lmysqlclient -lz -lm -lcrypt/usr/bin/ld: cannot find -lzcollect2: ld returned 1 exit statusmake[2]: *** [vchkpw] Error 1make[2]: Leaving directory `/usr/src/qmailrocks/vpopmail-5.4.5'make[1]: *** [all-recursive] Error 1make[1]: Leaving directory `/usr/src/qmailrocks/vpopmail-5.4.5'make: *** [all] Error 2 Waiting a brief return _Alexandre Ricardo S.SilvaNetwork Administrator Security AnalistCentral On Line ( Tornero Cia )Componentizar ( Componentizar )Fone: 11-5070-6796
Re: [vchkpw] Migrating from crypt /etc/shadow to md5 vpasswd
On Thu, 8 Jul 2004, Brian Feeny wrote: I am moving customers over from a non-vpopmail setup authenticating off /etc/shadow with crypt passwords, to a vpopmail setup (same box) which uses md5. Brian, I haven't seen you since the usr-tch days... This should just work; vpopmail uses the system crypt library, so if you bring your existing passwords in, they should work. As people change their passwords on the new setup, they should end up as md5 (unless your crypt library is configured to do otherwise, not sure how that's handled on linux). Charles Is there any way to do this easier than: 1. getting the cleartext passwords and re-encrypting into md5 2. or turning on a password learning mode of the pop/imap server Alternately is there anyway to tell vpopmail to use crypt instead of md5 on a per domain basis. I realize I can build vpopmail to disable md5 support (in favor of crypt), but was wondering if this is possible on a per domain basis. Brian -- Brian Feeny, CCIE #8036 e: [EMAIL PROTECTED] Network Engineer p: 318.213.4709 ShreveNet Inc.f: 318.221.6612
[vchkpw] finding over-quota users
howdy, Is there any simple way to run through a large number of users (3000 or so) and find out who is over quota and when they last checked their mail? I see vuserinfo with no arguments doesn't iterate through all users like vdominfo does. I suppose the easiest (but somewhat intensive) method of doing this without any v* tools would be to do a find on all maildirsize files and see if the second line is larger than the first. If it is, then I'd have to call vuserinfo to get the last login time. Any better ideas? Thanks, Charles
RE: [vchkpw] finding over-quota users
On Thursday, July 08, 2004 6:48 PM, Charles Sprickman wrote: Is there any simple way to run through a large number of users (3000 or so) and find out who is over quota and when they last checked their mail? you can try http://jeremy.kister.net/code/perl/mailquota.pl mailquota.pl -v -e [EMAIL PROTECTED] will email the report to [EMAIL PROTECTED], and also show you stuff as it is gathering data. Jeremy Kister http://jeremy.kister.net/
Re: [vchkpw] Vpopmail 5.4.5
Remo Still nao I made this, you could order an example to me of as I make to add I twirled comnado ldconfig - v and vi configurations Waiting a brief return /usr/lib/mysql: libmysqlclient_r.so.10 - libmysqlclient_r.so.10.0.0 libmysqlclient.so.10 - libmysqlclient.so.10.0.0 _Alexandre Ricardo S.SilvaNetwork Administrator Security AnalistCentral On Line ( Tornero Cia )Componentizar ( Componentizar )Fone: 11-5070-6796 - Original Message - From: Remo Mattei To: [EMAIL PROTECTED] Sent: Thursday, July 08, 2004 7:29 PM Subject: RE: [vchkpw] Vpopmail 5.4.5 did u try to add the libmysql for vpopmail to your ldconfig? Remo From: Alexandre Ricardo Souza Silva [mailto:[EMAIL PROTECTED] Sent: Thursday, July 08, 2004 4:27 PMTo: [EMAIL PROTECTED]Subject: [vchkpw] Vpopmail 5.4.5 staff necessary of one he helps of you, good I I installed the vpopmail qmail and and mysql 3.23.54 in red hat 9,0, the problem that I am having I am in the compilation of vpopmail 5.4.5 and I do not know as to make it to function, I go to pass as I am compiling and the error that this giving Waiting a brief return. ./configure \ --enable-learn-passwords=y \ --enable-auth-logging=y \ --enable-clear-passwd=n \ --enable-valias=y\ --enable-mysql-logging=y \ --enable-auth-module=mysql \ --enable-qmail-ext=y \ --enable-vpopuser=vpopmail \ --enable-vpopgroup=vchkpw vpopmail 5.4.5 Current settings--- vpopmail directory = /home/vpopmail uid = 508 gid = 503 roaming users = OFF --disable-roaming-users (default)password learning = ON --enable-learn-passwords md5 passwords = ON --enable-md5-passwords (default) file locking = ON --enable-file-locking (default)vdelivermail fsync = OFF --disable-file-sync (default) make seekable = ON --enable-make-seekable (default) clear passwd = OFF --disable-clear-passwduser dir hashing = ON --enable-users-big-dir (default)address extensions = ON --enable-qmail-ext ip alias = OFF --disable-ip-alias-domains (default) domain quotas = OFF --disable-domainquotas (default) auth module = mysql --enable-auth-module=mysqlmysql replication = OFF --disable-mysql-replication (default) mysql logging = ON --enable-mysql-logging mysql limits = OFF --disable-mysql-limits (default) MySQL valias = ON --enable-valias auth inc = -I/usr/include/mysql auth lib = -L/usr/lib/mysql -lmysqlclient -lz -lm system passwords = OFF --disable-passwd (default) pop syslog = show only failed attempts --enable-logging=e (default) auth logging = ON --enable-auth-logging (default)all domains in one SQL table = --enable-many-domains (default) make Erro: gcc -g -O2 -Wall -o vchkpw vchkpw.o md5.o hmac_md5.o libvpopmail.a -L/usr/lib/mysql -lmysqlclient -lz -lm -lcrypt/usr/bin/ld: cannot find -lzcollect2: ld returned 1 exit statusmake[2]: *** [vchkpw] Error 1make[2]: Leaving directory `/usr/src/qmailrocks/vpopmail-5.4.5'make[1]: *** [all-recursive] Error 1make[1]: Leaving directory `/usr/src/qmailrocks/vpopmail-5.4.5'make: *** [all] Error 2 Waiting a brief return _Alexandre Ricardo S.SilvaNetwork Administrator Security AnalistCentral On Line ( Tornero Cia )Componentizar ( Componentizar )Fone: 11-5070-6796
Re: [vchkpw] vpopmail md5/crypt behavior
On Thursday 08 July 2004 05:12 pm, Brian Feeny wrote: I have my vpopmail configured as default so that it uses md5 passwords. It seems to authenticate correctly whether I have the password in md5 or crypt format. Is this correct behavior? It seems it will take either format and work correctly. yes, the crypt() call should support both md5 and crypt format. Any new passwords will be in md5, so if they change it or something, it'll be md5. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
Re: [vchkpw] Vpopmail 5.4.5
Hello, Rick. I have installed zlip-1.1.4.8-i3386.rpm, this pocota I cannot be installed? waiting a brief return. _ Alexandre Ricardo S.Silva Network Administrator Security Analist Central On Line ( Tornero Cia ) Componentizar ( Componentizar ) Fone: 11-5070-6796 - Original Message - From: Rick Macdougall [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, July 08, 2004 8:13 PM Subject: Re: [vchkpw] Vpopmail 5.4.5 Alexandre Ricardo Souza Silva wrote: gcc -g -O2 -Wall -o vchkpw vchkpw.o md5.o hmac_md5.o libvpopmail.a -L/usr/lib/mysql -lmysqlclient -lz -lm -lcrypt /usr/bin/ld: cannot find -lz collect2: ld returned 1 exit status Hello, I believe (but could be mistaken) that -lz is going to look for zlib. Did you install the rpm package for zlib ? Regards, Rick
Re: [vchkpw] Vpopmail 5.4.5
On Thursday 08 July 2004 07:01 pm, Alexandre Ricardo Souza Silva wrote: Hello, Rick. I have installed zlip-1.1.4.8-i3386.rpm, this pocota I cannot be installed? waiting a brief return. try zlib-devel -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
Re: [vchkpw] Failing logins - mysql issue?
On Thursday 08 July 2004 04:39 pm, Charles Sprickman wrote: Just following up to myself with a related question... If I have a seperate update server, and the read-only server is working fine, does any failure on the update server (doing relay and lastauth) cause pop/imap/smtp-auth logins to fail? I believe it may if you're using auth logging and roaming users, because it has to update that information in the proper tables on the database server. I always turn auth logging and roaming users off on replicated setups anyways, so I'm not 100% sure, but it's logical enough. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
Re: [vchkpw] Vpopmail 5.4.5
Alexandre Ricardo Souza Silva wrote: Hello, Rick. I have installed zlip-1.1.4.8-i3386.rpm, this pocota I cannot be installed? waiting a brief return. - Original Message - From: Rick Macdougall [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, July 08, 2004 8:13 PM Subject: Re: [vchkpw] Vpopmail 5.4.5 gcc -g -O2 -Wall -o vchkpw vchkpw.o md5.o hmac_md5.o libvpopmail.a -L/usr/lib/mysql -lmysqlclient -lz -lm -lcrypt /usr/bin/ld: cannot find -lz collect2: ld returned 1 exit status Hi, A little googling found that zlib-devel should also be installed (Sorry, I don't/won't run RedHat) Regards, Rick
Re: [vchkpw] vpopmail md5/crypt behavior
On Thu, 8 Jul 2004, Jeremy Kitchen wrote: yes, the crypt() call should support both md5 and crypt format. Any new passwords will be in md5, so if they change it or something, it'll be md5. And on *BSD, it also supports blowfish or anything else the MCF (modular crypt format) supports. vpopmail kind of breaks the blowfish support in that it truncates the encrypted password field; that always bites me when I upgrade. Charles -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
Re: [vchkpw] Migrating from crypt /etc/shadow to md5 vpasswd
Thanks Charles, These days instead of battling usr-tc's i am battling mail server stuff, but things are going smooth with vpopmail so far, this list is a great help. Brian On Jul 8, 2004, at 5:35 PM, Charles Sprickman wrote: On Thu, 8 Jul 2004, Brian Feeny wrote: I am moving customers over from a non-vpopmail setup authenticating off /etc/shadow with crypt passwords, to a vpopmail setup (same box) which uses md5. Brian, I haven't seen you since the usr-tch days... This should just work; vpopmail uses the system crypt library, so if you bring your existing passwords in, they should work. As people change their passwords on the new setup, they should end up as md5 (unless your crypt library is configured to do otherwise, not sure how that's handled on linux). Charles Is there any way to do this easier than: 1. getting the cleartext passwords and re-encrypting into md5 2. or turning on a password learning mode of the pop/imap server Alternately is there anyway to tell vpopmail to use crypt instead of md5 on a per domain basis. I realize I can build vpopmail to disable md5 support (in favor of crypt), but was wondering if this is possible on a per domain basis. Brian -- Brian Feeny, CCIE #8036 e: [EMAIL PROTECTED] Network Engineerp: 318.213.4709 ShreveNet Inc. f: 318.221.6612
Re: [vchkpw] Failing logins - mysql issue?
On Thu, 8 Jul 2004, Jeremy Kitchen wrote: On Thursday 08 July 2004 04:39 pm, Charles Sprickman wrote: Just following up to myself with a related question... If I have a seperate update server, and the read-only server is working fine, does any failure on the update server (doing relay and lastauth) cause pop/imap/smtp-auth logins to fail? I believe it may if you're using auth logging and roaming users, because it has to update that information in the proper tables on the database server. If anyone can definitively give me a yes/no on this one, it would be a huge help in my troubleshooting. Neither answer is really good news, but that's OK. I always turn auth logging and roaming users off on replicated setups anyways, so I'm not 100% sure, but it's logical enough. I think I'll rebuild tonight and kill the authinfo logging. Still need the roaming stuff, but might be able to push the few laggers to smtp-auth. I've always hated the idea of pop-before-smtp anyway. C -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
Re: [vchkpw] Failing logins - mysql issue?
On Thursday 08 July 2004 09:11 pm, Charles Sprickman wrote: I always turn auth logging and roaming users off on replicated setups anyways, so I'm not 100% sure, but it's logical enough. I think I'll rebuild tonight and kill the authinfo logging. Still need the roaming stuff, but might be able to push the few laggers to smtp-auth. I've always hated the idea of pop-before-smtp anyway. http://untroubled.org/relay-ctrl safe over nfs doesn't require rebuilding a cdb file every authentication easy to install -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
Re: [vchkpw] Failing logins - mysql issue?
On Thu, 8 Jul 2004, Jeremy Kitchen wrote: http://untroubled.org/relay-ctrl safe over nfs doesn't require rebuilding a cdb file every authentication easy to install I know, I saw you mention this the other day, but I'm not using qmail-pop3d, I'm running courier. If I switch pop3 servers again, people will go nuts (Why am I getting my WHOLE inbox again??, blah blah blah). I may try it on my own box though. I just finished setting up Bruce's smtpfront for someone else. Pretty nifty stuff. Charles -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
Re: [vchkpw] Failing logins - mysql issue?
You should be able to use relay-ctrl with courier-pop. I'm using it successfully with courier-imap and the courier-imap and courier-pop daemons use the same backend auth stuff which is what you need (relay-ctrl only needs the authenticated POP or IMAP login to open SMTP). -Bill On Thu, 8 Jul 2004, Jeremy Kitchen wrote: http://untroubled.org/relay-ctrl safe over nfs doesn't require rebuilding a cdb file every authentication easy to install I know, I saw you mention this the other day, but I'm not using qmail-pop3d, I'm running courier. If I switch pop3 servers again, people will go nuts (Why am I getting my WHOLE inbox again??, blah blah blah). I may try it on my own box though. I just finished setting up Bruce's smtpfront for someone else. Pretty nifty stuff. Charles -Jeremy * Waveform Technology UNIX Systems Administrator
Re: [vchkpw] Failing logins - mysql issue?
On Thursday 08 July 2004 10:20 pm, Charles Sprickman wrote: On Thu, 8 Jul 2004, Jeremy Kitchen wrote: http://untroubled.org/relay-ctrl safe over nfs doesn't require rebuilding a cdb file every authentication easy to install I know, I saw you mention this the other day, but I'm not using qmail-pop3d, I'm running courier. If I switch pop3 servers again, people will go nuts (Why am I getting my WHOLE inbox again??, blah blah blah). as far as I know, it works with courier-{pop3,imap} as well, or at least it says it does : I may try it on my own box though. I just finished setting up Bruce's smtpfront for someone else. Pretty nifty stuff. yea, I've been running smtpfront for a while now. I really like the smtp-auth interface :) Now just to make it use TLS :) -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail