Fw: vpopmail and qmail-smtpd-auth (2)
- Original Message - From: "Alberto Rodrguez" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 17, 2001 9:39 PM Subject: vpopmail and qmail-smtpd-auth According qmail-smtpd-auths FAQ "http://members.elysium.pl/brush/qmail-smtpd-auth/faq.html#a2" is possible to use qmail-smtpd-auth with vpopmail. There, you have a patch vpopmail.patch, and you must apply it to vpopmail source. Well... The problem is that I get the patch and inside /tmp/vpopmail/vpopmail-4.9.6-1 I make : patch -p0 vpopmail.patch and I get the following... -- |- cls--- vpopmail-3.4.11/vchkpw.c.smtpauth Fri Jun 9 22:20:39 2000 |+++ vpopmail-3.4.11/vchkpw.cFri Jun 9 22:22:16 2000 -- File to patch: Perhaps the problem is that this patch is only for 3.4.11 version and now you havent to patch vpopmail to work with qmail-smtp-auth... Coud anyone help me with this question? Thanks in advance.
Re: vchkpw lacking authentication security
Damon Muller wrote: On Wed, Jan 17, 2001 at 02:31:17PM -0600, Ken Jones wrote: Could you post a url to the fetchmail docs on ssh tunnel? http://www.tuxedo.org/~esr/fetchmail/fetchmail-FAQ.html#K3 Or better yet post the startup line for tcpserver/vpopmail/ssh tunnel. It's a per-user thing, not a change to the way the daemon is launched (unlike ssl tunnels). What you're essentially doing is opening an encrypted SSH shell connection to the mail server, and piggybacking a port-forwarding to the pop3 port, via a port on your local machine. Thanks. I'm reading the url now. I think I confused it with ssl tunnels. Does anyone have information on how to run vpopmail with ssl tunnels? So you poll, say, port 1100 on your machine, which is forwaded over the ssh connection to 110 on the remove machine. The catch is that you need shell access to the remote machine, and I have no idea how you'd go about doing it from a windows machine. However, it certainly does work with vpopmail. I can add it to the vpopmail FAQ file. Better add the URL rather than my explanation... It's 32 degrees, I don't have air-conditioning, so I'm probably not making much sense! :) Hehe. I hear yah. I'll add the url. Ken cheers, damon -- Damon Muller http://killfilter.com GPG Key: 0xA136E829
Re: Fw: vpopmail and qmail-smtpd-auth (2)
Alberto Rodrguez wrote: - Original Message - From: "Alberto Rodrguez" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 17, 2001 9:39 PM Subject: vpopmail and qmail-smtpd-auth According qmail-smtpd-auths FAQ "http://members.elysium.pl/brush/qmail-smtpd-auth/faq.html#a2" is possible to use qmail-smtpd-auth with vpopmail. There, you have a patch vpopmail.patch, and you must apply it to vpopmail source. Well... The problem is that I get the patch and inside /tmp/vpopmail/vpopmail-4.9.6-1 I make : patch -p0 vpopmail.patch and I get the following... -- |- cls--- vpopmail-3.4.11/vchkpw.c.smtpauth Fri Jun 9 22:20:39 2000 |+++ vpopmail-3.4.11/vchkpw.cFri Jun 9 22:22:16 2000 -- File to patch: Perhaps the problem is that this patch is only for 3.4.11 version and now you havent to patch vpopmail to work with qmail-smtp-auth... Coud anyone help me with this question? Thanks in advance. I think the patch changes to vpopmail have already been incorporated into the vpopmail standard release. At least in the 4.9.7 and 4.9.8 releases. Ken Jones
Re: User quota not working
Paulo wrote: Hi friends, I'm trying to enable user mailbox quota, but nothing is working here. I have installed everything that is possible, qmail, vpopmail, sqwebmail, qmailadmin, tcpserver, etc etc etc . It's ok, all the packages are working fine, less the vsetuserquota!!! I had issued a vsetuserquota [EMAIL PROTECTED] 100k, but I sent a 1M e-mail attachment and the quota settings not block this massage!! I look in the user test /Maildir/new folder and for my surprise, I found the big message there. Where's my mistake? ./configure ... --enable-hardquota=XXX If you didn't set the hardquota default on the configure line, it does not compile in quota support. Ken Jones
Re: HardQuota Bug in all Vpopmail versions
Tamer Hassan wrote: With all due respect, I did some of my own testing of vpopmail last year and found that then, the quota mechanism didn't work (I was able to send more than the quota's worth of messages using small messages (and a perl script to send it rapidly). With all due respect, this method sucks. You just overcome the "userless system" privelege of vpopmail. Secondly, linux filesystem quotas sucks (I know many may not agree with me) because: 1. You can only do UID/GID based quotas (You cannot do quotas on directories) 2. It is slow, Imagine having to do quotacheck every 30 minutes (if you have a big box hosting some hundreds of domains). I chose instead to use system quotas and multiple UID's (one per domain) which is a VERY effective limiter but it has made a couple new bugs appear. As you may already know, you are now unfortunately doing quotas per entire domain, and not per user, which is what vpopmail should be doing correctly. You missed the point. For example, when the system quota is reached and an admin attempts to add users to the system, it can nuke the vpasswd.cdb file due to the write error. :-( I haven't worked around that one yet... I have a better solution for you (that is if you don't want to use vpopmail's quota support): Say you wanted to limit each one domain to 200 megs quota: 1- make a data directory to serve our virtual domains quota files mkdir /home/vpopmail/data (don't forget to set appropriate uid and gid permissions) 2- create a 200 meg file as follows: dd if=/dev/zero of=/home/vpopmail/data/domainfile bs=1MB count=200 3- make a filesystem inside the file mke2fs -F /home/vpopmail/data/domainfile 4- Mount it under the appropriate domain directory (make sure it is empty) mount -o loop ~vpopmail/data/domainfile ~vpopmail/domains/domain.com (also set appropriate uid and gid permissions on domain.com directory) now proceed with ./vadddomain and so Would also be nice to put the mount command into your startup script in case you reboot. This should effectively limit the domain to 200 MB. No need to keep doing quotacheck which takes a while (Especially when you have lots of directorys and sub directories). This method assumes that your kernel was compiled with "loop" filesystem support (usually true for most distributions because it is often used to create ramdisks and such). Good Luck P.S. I still want to fix that bug in vdelivermail that doesn't check quotas right. What bug in vdelivermail quotas? Can you prove that it doesn't work with the 4.9.8 release and show me how to replicate it on my machine? Ken Jones
Re: A vpopmail + MySQL question
David Comeau wrote: Here's the situation. Set up vpopmail with mysql. Works like a charm, but in looking toward the future, we have come across a question. We set up our database using large option. That is fine, and it too works, but we are expecting to setup 200,000 clients. Once the initial database is done, we expect certain of those clients, to leave our services. I read in the vpopmail Administration Guide, that "Currently there is no code for garbage collection of deleted user accounts or for re-organizing the directory lay out". Is that document recent (as of 4.9.7a)? Is that staement still valid? If so, has anyone come across a way to do take care of the open sections of the database? Any help would be greatly appreciated. Sincerely, David Comeau Technical Support WiSOL, Inc. 1) ./vdeldomain will completely remove everything on your machine associated with their virtual domain email. 2) If you are supporting 1 or 2 domains, use the large site option, otherwise use the small site option. 3) ./vdeluser will completely remove everything on your machine associated with that users virtual domain email account. What doesn't happen is.. the dynamic directory allocation scheme doesn't do a re-organization of the file system layout. It would be possible to write a re-org program. I haven't needed one yet. Ken Jones
Re: HardQuota Bug in all Vpopmail versions
Tamer Hassan wrote: Hrm, Getting even weirded, I tried resetting a test user to 5000 bytes and he would seccessfully get any messages "with attachments" less than 5k. Then I set the quota to 500 (about 5 megs) and I am able to send him more than 10 megs of attachments in several messages. I am really confused. Example: Well, molions.com is running vpopmail and sqwebmail with a 2 Meg Hardquota (Stated in their FAQ). However, I was able to send many attachments which all sums up way more than 2 megs. Check it out: http://www.molions.com User:test9 password:test (Apologies to molions, no intention to abuse their server/bandwidth) Tamer Yes, please don't use the molions site. Proving a bug on the molions site is basicly worthless. Thier installation is not up to date. Perhaps it would be better to test things on your own box with the lastest versions? Ken Jones
Re: HardQuota Bug in all Vpopmail versions
Tamer Hassan wrote: On the vpopmail FAQ (http://www.inter7.com/vpopmail/FAQ), it mentioned:6. 6. How do hard quota's for users work? When mail is delivered to a virtual domain, vdelivermail will deliver it to the pop users directory. vdelivermail will enter the users Maildir and add up the sizes of all the files in these directories. If the size is greater than the HARD_QUOTA limit. The email is bounced back to the sender. However, attachments are not added up and thus do not calculate towards the total Hard Quota. I have tested this on several vpopmail installation up to version 4.9.6-1 most with a default quota of 5 megs and I was able to send the test user emails with more than 10 megs of attachments. (sqwebmail 1.0 through 1.2.0 were used on the vpopmail installations I tested). Best Regards, Tamer Hassan Aren't attachments kept in the same email body file? Or are you saying when qmail delivers an email with an attachment, that attachment is saved in a separate file? Ken Jones
Re: HardQuota Bug in all Vpopmail versions
What bug in vdelivermail quotas? Can you prove that it doesn't work with the 4.9.8 release and show me how to replicate it on my machine? Ken Jones Ok, here is what I have done (on vpopmail 4.9.6 and 4.9.7): 1. create a [EMAIL PROTECTED] with 5 meg quota (HAS TO BE 5 MEGS- If you want to duplicate the problem, do what I did. Quotas seemed to work when I set it very low, as low as 50 K) 2. Send an email with the Subject: test, and body message of "test" and attach a 1.5 meg file. 3. Send 3 emails, that sums up to 4.5 MB, when you send the fourth message, it should bounce back. However, I doubt it. Try even sending a fifth and a sixth. :/ Let me know what you get Best Regards Tamer Hassan
FreeBSD Cryptography 101 - WAS - RE: vchkpw lacking authentication security
For the record on FreeBSD systems!
The use of DES/MD5 is controlled entirely by the crypt libraries. Vpopmail
doesn't control the use of DES/MD5 passwords. If you dig through the source
you can see that it sends the entire crypted password as the crypt key. ie..
crypt( 'joeblow', 'hJPcq6ffTNHuI'); for DES
crypt( 'joeblow', '$1$qKMDvF5y$bcpzwp1mNbCQuTQYvkkeX.'); for MD5
The 'key' to understanding the whole mess is in the first 2 characters of
the 'crypted' password. $1 is MD5, $2 is Blowfish (I think), the othere
type is DES. On FreeBSD the DES libraries. libdescrypt is the DES+MD5
library. The other libscrypt is the "Export Controlled" MD5 only library.
Currently I have vpopmail+mysql authenticating successfully for BOTH MD5 and
DES passwords concurrently with no hitches. This is using the libdescrypt
library.
If you want to play with the functionality of the libraries I suggest using
perl in a script like this to see the effects.
#!/usr/bin/perl
if(!$ARGV[1]) {
print "USAGE: script password salt\n";
}
print "DES Pass: ".crypt($ARGV[0],"$ARGV[1]")."\n";
print "MD5 Pass: ".crypt($ARGV[0],"\$1\$$ARGV[1]\$")."\n";
vpopmail lacks authentication security
Sorry, I hate to do this. I later posted to the list about the fact that vpopmail only uses DES. Matt Simerson said "it is silly to say that DES is insecure" and I disagreed. He then sent me a hashed password string betting me to crack it, and it turned out to be a BSD MD5 (what an iodiot). Now, back to topic. IF ANYONE HAS SUCCESSFULLY USED MD5 WITH VPOPMAIL, POST TO THE FREAKING LIST. Excuse me! Matt, I know you are going to trip out again. But, you seriously lack security insight. You cannot protect a box by disallowing pings to it. Security by obscurity is old fashioned. Same thing with using an 8 character password for your postmaster accounts (assuming that you do use the full 8 characters that DES allows you). Want more details, here is a very nice article about DES INSECURITIES by the FreeS/WAN Fellows: http://www.freeswan.org/freeswan_trees/freeswan-1.5/doc/DES.html Please, stop talking about your great inventions ssh'ing your pop server connections. If you administered hotmail or yahoo, would you do that? Best Regards Tamer Hassan The only secure computer is one that's unplugged, locked in a safe, and buried 20 feet under the ground in a secret location... and i'm not even too sure about that one"--Dennis Huges, FBI.
Re: vchkpw lacking authentication security
Using stunnel: stunnel -d 995 -r localhost:pop3 -p /usr/local/etc/stunnel.pem Change the last argument to the path your private key/cert PEM file. Only downside is your pop3 logs now show the logins from 127.0.0.1. Ken Jones writes: Thanks. I'm reading the url now. I think I confused it with ssl tunnels. Does anyone have information on how to run vpopmail with ssl tunnels?
RE: vchkpw ssl addition
This is cool, and stunnel does work quite well (I use it elsewhere) but it's much easier to just install Courier IMAP which includes a qmail (Maildir) happy version of a POP3, POP3-SSL, IMAP, and IMAP-SSL server. What advantage is there to using qmail's POP3 daemon with stunnel over Courier IMAP's POP3-SSL? Matt -Original Message- From: James [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 11:21 AM To: [EMAIL PROTECTED] Subject: Re: vchkpw lacking authentication security Using stunnel: stunnel -d 995 -r localhost:pop3 -p /usr/local/etc/stunnel.pem Change the last argument to the path your private key/cert PEM file. Only downside is your pop3 logs now show the logins from 127.0.0.1. Ken Jones writes: Thanks. I'm reading the url now. I think I confused it with ssl tunnels. Does anyone have information on how to run vpopmail with ssl tunnels?
RE: vpopmail lacks authentication security
-Original Message- From: Tamer Hassan [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 11:46 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: vpopmail lacks authentication security Sorry, I hate to do this. If you didn't hate to do it, you wouldn't have. So, not only are you rude and inconsiderate, but now I know that you're a liar too. I later posted to the list about the fact that vpopmail only uses DES. Matt Simerson said "it is silly to say that DES is insecure" and I disagreed. He then sent me a hashed password string betting me to crack it, and it turned out to be a BSD MD5 (what an iodiot). The dispute was not whether DES encryption was secure or not but rather whether DES was insecure because it only crypts based on the first 8 characters of the password. You claimed it was insecure, I said it wasn't. I sent you a 8 character MD5 encrypted password, stating that it was an 8 char or less password. If you had half an ounce of intelligence or the ability to run crack (and friends) against the encrypted password, you'd know that when using brute force techniques, it make no difference which algorithm is used to encrypt the 8 character password. Furthermore I use both MD5 and DES passwords on my FreeBSD machine(s) due to legacy issues with BSDI (which only uses DES). I'd be surprised if you knew the difference. If you were as smart as you think you are, you'd know how crypt works on your system and you'd also know how to change it. Maybe that would change the crypt libraries that vpopmail uses? Hmmm? Did you ever think of that? Of course not. You don't almost nothing about encryption and how your system uses it. The fact that two days later you still haven't been able to crack a simple 8 character crypted password proves my original point that because a password is limited to 8 characters it's not necessarily insecure. I could feed that password into my computing cluster and have the answer back in a matter of hours. That doesn't make it insecure. I have DES passwords in use on a lot of machines but the passwords are protected from brute force attacks which removes the "insecure" nature of DES passwords. This all goes to prove my first point that your concepts of security are very primitive. By itself, pretty much every piece of a security program is insecure. Running around like chicken little screaming that DES is insecure is foolishness. When used as part of a well designed security program, DES will never be the weakest link. Now, back to topic. IF ANYONE HAS SUCCESSFULLY USED MD5 WITH VPOPMAIL, POST TO THE FREAKING LIST. Excuse me! There is no excuse for that. You need a father with a leather belt to warm up your back side. Matt, I know you are going to trip out again. But, you seriously lack security insight. You cannot protect a box by disallowing pings to it. Who said that? Does someone have little voices talking to him? Security by obscurity is old fashioned. Rhetoric is lame. Them little voices must have been talking again. Same thing with using an 8 character password for your postmaster accounts (assuming that you do use the full 8 characters that DES allows you). Please, stop talking about your great inventions ssh'ing your pop server connections. If you administered hotmail or yahoo, would you do that? What did I invent using SSH? Now I'm almost certain you've got little voices whispering in your head. Do you smoke crack? You're a 19 year old (and immature at that) kid that's all ornery because I don't agree with you about 8 character passwords being insecure. You claim to be smart enough to make such a claim yet you don't know how to teach your sytem to crypt using libraries other than the defaults. Grow up child. Matt
Re: FreeBSD Cryptography 101 - WAS - RE: vchkpw lacking authenticatio n security
Joe Modjeski [EMAIL PROTECTED] writes: crypt( 'joeblow', '$1$qKMDvF5y$bcpzwp1mNbCQuTQYvkkeX.'); for MD5 On FreeBSD the DES libraries. libdescrypt is the DES+MD5 library. Currently I have vpopmail+mysql authenticating successfully for BOTH MD5 and DES passwords concurrently with no hitches. This is using the libdescrypt library. Thanks for pointing that out. Did you have to do mods to the code to get this to work, or tell it to link with libdescrypt instead of -- what, normal "libcrypt"? Again, thanks for your clear examples (and lack of flamebait :-)
Temporary Deactivation of Accounts
Are there any plans to create a way to temporarily deactivate accounts. For example... quite a few of our customer's only live here for the summer months. When they leave we deactivate thier dialup accounts, and suspend the billing for the period they are gone. Currently our provisioning just changes thier password. But these can be a pain with the older folks who save thier passwords in Outlook and forget what they are then we spend alot of time in suppport calls teaching them what their *new* password is. I was thinking of hacking a patch for this if there are no plans. Is there any other interest in a patch like this on the list? Joe Modjeski Network Administrator / Technical Manager
RE: FreeBSD Cryptography 101 - WAS - RE: vchkpw lackingauthentic atio n security
One of the coolest things FreeBSD has done is include a little intelligence in their DES crypt libraries. When checking a password (against the system password files or MySQL) the DES libraries determine whether they're checking a MD5 or DES password. Unfortanately, the reverse is not true. The MD5 libraries cannot check a DES password. FreeBSD's default behavior is to use MD5 passwords (excluding DES encryption) so in order to authenticate against both, you simply change the symlinks to the crypt libraries from the MD5 crypts to the DES ones. For more information, read up on FreeBSD web site. Just do a search on DES from their main page and you'll find it. Matt -Original Message- From: Chris Shenton [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 11:50 AM To: Joe Modjeski Cc: [EMAIL PROTECTED] Subject: Re: FreeBSD Cryptography 101 - WAS - RE: vchkpw lacking authenticatio n security Joe Modjeski [EMAIL PROTECTED] writes: crypt( 'joeblow', '$1$qKMDvF5y$bcpzwp1mNbCQuTQYvkkeX.'); for MD5 On FreeBSD the DES libraries. libdescrypt is the DES+MD5 library. Currently I have vpopmail+mysql authenticating successfully for BOTH MD5 and DES passwords concurrently with no hitches. This is using the libdescrypt library. Thanks for pointing that out. Did you have to do mods to the code to get this to work, or tell it to link with libdescrypt instead of -- what, normal "libcrypt"? Again, thanks for your clear examples (and lack of flamebait :-)
Re: Temporary Deactivation of Accounts
On Fri, 19 Jan 2001, Joe Modjeski wrote: I was thinking of hacking a patch for this if there are no plans. Is there any other interest in a patch like this on the list? I second that motion .. That would be very useful for my clients as well. Steve.
--enable-logging=v patch
This is a simple patch that adds the --enable-logging=v option. Since "p"
logged bad passwords but not successful connections, and "y" logged
successful connections but not bad passwords, I always had to edit the
source to log both. I finally made a formal patch (against 4.9.8, but
may work for earlier versions). It updates the FAQ, too, which didn't
mention the "p" option. Now it mentions the "p" and "v" options.
Hope someone else finds this useful.
-Bill Shupp
diff -c ../tar/vpopmail-4.9.8/FAQ ./FAQ
*** ../tar/vpopmail-4.9.8/FAQ Tue Jan 2 10:19:04 2001
--- ./FAQ Fri Jan 19 15:44:21 2001
***
*** 305,310
--- 305,312
y means log all successful and unsucessful attemps and fatal errors
n means don't log anything
e means only log errors and fatal errors
+ p means include passwords in errors
+ v means log everything, including passwords in errors
By default we set it up to only log errors and fatal errors.
Common subdirectories: ../tar/vpopmail-4.9.8/cdb and ./cdb
diff -c ../tar/vpopmail-4.9.8/configure ./configure
*** ../tar/vpopmail-4.9.8/configure Tue Jan 2 14:52:42 2001
--- ./configure Fri Jan 19 15:39:58 2001
***
*** 22,28
ac_help="$ac_help
--enable-relay-clear-minutes=180 expire time for roaming users after pop
authentication."
ac_help="$ac_help
! --enable-logging=e|y|n|p Turn on (y) or off (n) logging to syslog, (e) only log
errors, include passwords in errors (p) "
ac_help="$ac_help
--enable-sqwebmail-pass=y|n Turn off support for sqwebmail passwords (y) or off
(n) "
ac_help="$ac_help
--- 22,28
ac_help="$ac_help
--enable-relay-clear-minutes=180 expire time for roaming users after pop
authentication."
ac_help="$ac_help
! --enable-logging=e|y|n|p|v Turn on (y) or off (n) logging to syslog, (e) only
log errors, include passwords in errors (p), (v) log everything (including passwords
in errors) "
ac_help="$ac_help
--enable-sqwebmail-pass=y|n Turn off support for sqwebmail passwords (y) or off
(n) "
ac_help="$ac_help
diff -c ../tar/vpopmail-4.9.8/configure.in ./configure.in
*** ../tar/vpopmail-4.9.8/configure.in Tue Jan 2 14:50:33 2001
--- ./configure.in Fri Jan 19 15:41:38 2001
***
*** 82,88
AC_ARG_ENABLE(logging,
! [ --enable-logging=e|y|n|p Turn on (y) or off (n) logging to syslog, (e)
only log errors, include passwords in errors (p) ],
ENABLE_LOGGING=$enableval,
[
ENABLE_LOGGING=e
--- 82,88
AC_ARG_ENABLE(logging,
! [ --enable-logging=e|y|n|p|v Turn on (y) or off (n) logging to syslog,
(e) only log errors, include passwords in errors (p), (v) log everything (including
passwords in errors) ],
ENABLE_LOGGING=$enableval,
[
ENABLE_LOGGING=e
***
*** 99,104
--- 99,108
;;
p*|P*)
ENABLE_LOGGING=3
+ AC_DEFINE_UNQUOTED(ENABLE_LOGGING,$ENABLE_LOGGING)
+ ;;
+ v*|V*)
+ ENABLE_LOGGING=4
AC_DEFINE_UNQUOTED(ENABLE_LOGGING,$ENABLE_LOGGING)
;;
*)
Common subdirectories: ../tar/vpopmail-4.9.8/contrib and ./contrib
Common subdirectories: ../tar/vpopmail-4.9.8/doc and ./doc
diff -c ../tar/vpopmail-4.9.8/vchkpw.c ./vchkpw.c
*** ../tar/vpopmail-4.9.8/vchkpw.c Wed Jan 3 14:59:55 2001
--- ./vchkpw.c Fri Jan 19 15:42:52 2001
***
*** 139,145
log_pass_exit(LOG_NOTICE, 53, "pop access denied",
GLuser, GLhost, IpAddr, passwd);
! if ( ENABLE_LOGGING == 1 )
log_info(LOG_INFO, "vchkpw login", GLuser, GLhost, IpAddr);
tmpstr = vget_assign(GLhost, Dir, 156, uid, gid );
--- 139,145
log_pass_exit(LOG_NOTICE, 53, "pop access denied",
GLuser, GLhost, IpAddr, passwd);
! if ( ENABLE_LOGGING == 1 || ENABLE_LOGGING == 4 )
log_info(LOG_INFO, "vchkpw login", GLuser, GLhost, IpAddr);
tmpstr = vget_assign(GLhost, Dir, 156, uid, gid );
***
*** 203,209
GLuser, GLhost, IpAddr, passwd);
}
! if ( ENABLE_LOGGING == 1 ) {
switch (x) {
case 1: scopy(buf,"APOP",sizeof(buf)); break;
case 2: scopy(buf,"POP",sizeof(buf)); break;
--- 203,209
GLuser, GLhost, IpAddr, passwd);
}
! if ( ENABLE_LOGGING == 1 || ENABLE_LOGGING == 4 ) {
switch (x) {
case 1: scopy(buf,"APOP",sizeof(buf)); break;
case 2: scopy(buf,"POP",sizeof(buf)); break;
***
*** 435,441
if ( ENABLE_LOGGING == 2 || ENABLE_LOGGING == 1 ) {
sprintf(tmpstr,"%s %s@%s:%s", mess, user, host, ip);
! } else if (
RE: Temporary Deactivation of Accounts
interested :-) m@ |-Original Message- |From: Steve Fulton [mailto:[EMAIL PROTECTED]] |Sent: Friday, January 19, 2001 1:03 PM |To: Joe Modjeski |Cc: '[EMAIL PROTECTED]' |Subject: Re: Temporary Deactivation of Accounts | | |On Fri, 19 Jan 2001, Joe Modjeski wrote: | | I was thinking of hacking a patch for this if there are no |plans. Is there | any other interest in a patch like this on the list? | | I second that motion .. That would be very useful for my clients as |well. | | Steve. | | |
Re: Temporary Deactivation of Accounts
I believe support for this already exists... i.e. the gid field in the vpasswd file (or equiv for SQL). The only catch is, the software you use to interact with vpopmail has to honor that field. I'm pretty sure the vchkpw program honors disabling pop3 access. Run the vmoduser program without any arguments to see how to limit access. Steve Fulton writes: On Fri, 19 Jan 2001, Joe Modjeski wrote: I was thinking of hacking a patch for this if there are no plans. Is there any other interest in a patch like this on the list? I second that motion .. That would be very useful for my clients as well. Steve.
RE: FreeBSD Cryptography 101 - WAS - RE: vchkpw lacking authenticatio n security
From this ls output you can see I am linked to the DES crypt libraries. This is the Standard FBSD install IF you choose to use "Export Controlled" crypto. The libscrypt libraries are MD5 ONLY. If you want to use MD5 only on your FreeBSD system You would need to change the symlinks from the libdescrypt to libscrypt. BEWARE THOUGH. Changing the symlinks from DES to MD5 on a production system is crazy. Any users with DES passwords will no longer be able to access the box. This makes things UGLY. Please learn from my experience as I had to learn this one the hard way :( lrwxr-xr-x 1 root wheel 13 Dec 18 22:20 libcrypt.a - libdescrypt.a lrwxr-xr-x 1 root wheel 14 Dec 18 22:20 libcrypt.so - libdescrypt.so lrwxr-xr-x 1 root wheel 16 Dec 18 22:20 libcrypt.so.2 - libdescrypt.so.2 lrwxr-xr-x 1 root wheel 15 Dec 18 22:20 libcrypt_p.a - libdescrypt_p.a -r--r--r-- 1 root wheel15724 Jul 26 20:06 libdescrypt.a -r--r--r-- 1 root wheel11028 Jul 26 20:06 libdescrypt.so -r--r--r-- 1 root wheel11028 Jul 26 20:06 libdescrypt.so.2 -r--r--r-- 1 root wheel17658 Jul 26 20:06 libdescrypt_p.a -r--r--r-- 1 root wheel 8896 Jul 26 20:06 libscrypt.a -r--r--r-- 1 root wheel 5808 Jul 26 20:06 libscrypt.so -r--r--r-- 1 root wheel 5808 Jul 26 20:06 libscrypt.so.2 -r--r--r-- 1 root wheel 9542 Jul 26 20:06 libscrypt_p.a Now getting vpopmail to compile without using the descrypt libraries is the tricky part. So far I have been unsuccessfull at getting it to compile with both MD5 and DES support but to use MD5 by default. I modified the vpopmail makefile to tell it to link to the scrypt libraries ( changed -lcrypt to -lscrypt ), but it still compiles using the standard crypt libraries. So for now at least, it looks like if you are already using DES you are stuck using it. At the bottom of the crypt page in the FBSD Handbook there is a little section that says you can control the format of the passwords in login.conf, but I haven't gotten it to work. Here is the link any way: http://www.freebsd.org/handbook/crypt.html I planned on using DES passwords for portability between standard UNICES (UNIXES?). So I just needed to authenticate the MD5 passwords unill the user decided to change their passwords and then it would convert them to MD5. If anyone get's the ability to control password formats to work in FreeBSD please let me know. That would be very usefull to know. Joe -Original Message- From: Chris Shenton [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 12:50 PM To: Joe Modjeski Cc: [EMAIL PROTECTED] Subject: Re: FreeBSD Cryptography 101 - WAS - RE: vchkpw lacking authenticatio n security Joe Modjeski [EMAIL PROTECTED] writes: crypt( 'joeblow', '$1$qKMDvF5y$bcpzwp1mNbCQuTQYvkkeX.'); for MD5 On FreeBSD the DES libraries. libdescrypt is the DES+MD5 library. Currently I have vpopmail+mysql authenticating successfully for BOTH MD5 and DES passwords concurrently with no hitches. This is using the libdescrypt library. Thanks for pointing that out. Did you have to do mods to the code to get this to work, or tell it to link with libdescrypt instead of -- what, normal "libcrypt"? Again, thanks for your clear examples (and lack of flamebait :-)
RE: Temporary Deactivation of Accounts
Very cool!!! :) The option is -p so: vmoduser -p [EMAIL PROTECTED] disables my account from POP access. I have to say you guys did great with this whole vpopmail package. Before I was using a major kludge of patches to make my setup work. If only I had found this before wasting all my time with the other patches and junk. It was definatly well thought out. Thanks, Joe -Original Message- From: James [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 3:06 PM To: '[EMAIL PROTECTED]' Subject: Re: Temporary Deactivation of Accounts I believe support for this already exists... i.e. the gid field in the vpasswd file (or equiv for SQL). The only catch is, the software you use to interact with vpopmail has to honor that field. I'm pretty sure the vchkpw program honors disabling pop3 access. Run the vmoduser program without any arguments to see how to limit access. Steve Fulton writes: On Fri, 19 Jan 2001, Joe Modjeski wrote: I was thinking of hacking a patch for this if there are no plans. Is there any other interest in a patch like this on the list? I second that motion .. That would be very useful for my clients as well. Steve.
Best method for delivering mail to two users
I need mail sent to [EMAIL PROTECTED] be sent to both user1 and user2. This isn't a mailing list, just a temporary (while I'm out) kind of thing. I put an alias in ~qmail/alias, but it didn't take, the mail still went to user1 only (so at least it didn't break). What's the best method for accomplishing this (wouldn't it be nice if you could do it through the qmail-admin web pages too) ?
qmailadmin doesn't change sqwebmail passwd
Hi! I upgraded to the newest version of vpopmail (4.9.8) sqwebmail (1.2.1) and qmailadmin (0.42) Everything fine, except for qmailadmin which doesn't change the sqwebmail-pass file if I change a password. Can someone try those (very) new version and shed some light on it? Thanks! J.M. Roth
vdelivermail fatal error
Hi guys, I have configured vpopmail on a solaris sparc machine (ver 8) and the compilation went off without any hitch. Iam also able to add,delete users and domains and send messages too but iam not able to receive mails. The error in syslog says -- Jan 20 00:40:13 mybox qmail: [ID 748625 mail.info] 979972813.252059 info msg 35705: bytes 885 from [EMAIL PROTECTED] qp 15771 uid 110 Jan 20 00:40:13 mybox qmail: [ID 748625 mail.info] 979972813.284650 starting delivery 407: msg 35705 to local [EMAIL PROTECTED] Jan 20 00:40:13 mybox qmail: [ID 748625 mail.info] 979972813.285180 status: local 1/10 remote 0/20 Jan 20 00:40:13 mybox qmail: [ID 748625 mail.info] 979972813.324734 delivery 407: deferral: ld.so.1:_/export/vpopmail/bin/vdelivermail:_fatal:_libmysqlclient.so.6:_open_failed:_No_such_file_or_directory/Killed/ Jan 20 00:40:13 mybox qmail: [ID 748625 mail.info] 979972813.325338 status: local 0/10 remote 0/20 -- i have set the env variable LD_LIBRARY_PATH=/usr/local/lib/mysql/lib/mysql and the libmysqlclient.so.6 library is existind there. i have changed the compiler to gcc in compile and load file in the vpopmail/cdb directory as i dint have cc and compiled the code. any hints best regards dushyanth -- Dushyanth Harinath Programmer Archean Infotech Limited http://www.archeanit.com
Cannot setup a default domain.
Hello, I was trying to setup default domain for vpopmail. I want that users supply only user name without domain for POP. I could do it with vpopmail-4.9.4 but I can't do it with vpopmail-4.9.6.1. System: FreeBSD-4.2-STABLE, qmail-1.03, vpopmail-4.9.6.1 For vpopmail-4.9.4 I did "ln -s domailn/test.com users". It does not work for vpopmail-4.9.6.1. I have an error: Jan 19 23:43:11 fbsd vpopmail[49287]: vchkpw login [EMAIL PROTECTED]:10.0.0.100 Jan 19 23:43:11 fbsd vpopmail[49289]: vchkpw login user_test@:10.0.0.100 Jan 19 23:43:11 fbsd vpopmail[49289]: vchkpw: setgid() failed The FAQ saying that I have to compile vpopmail with --enable-roaming-users=test.com. But I end up having an error: Jan 19 23:47:10 fbsd vpopmail[49297]: vchkpw login [EMAIL PROTECTED]:10.0.0.100 Jan 19 23:47:10 fbsd vpopmail[49299]: vchkpw: No user found user_test@:10.0.0.100 What I did wrong? Thanks for you help. Konstantin
Re: Relay problems with vpopmail + qmail
I have a problem with vpopmail it was working fine until I changed the Server IP address.. Since then pop3 is very slow (like 30 sec) Jan 18 23:41:42 web vpopmail[1269]: vchkpw: password fail [EMAIL PROTECTED]:216.32.181.26 #POP AND SMTP SERVER /bin/csh -cf '/var/qmail/rc ' /usr/local/bin/tcpserver -H -R -x /home/vpopmail/etc/tcp.smtp.cdb -c20 -u520 -g519 0 smtp /var/qmail/bin/qmail-smtpd 21 /dev/null /usr/local/bin/tcpserver -H -R 0 pop-3 /var/qmail/bin/qmail-popup web.aandmtech.com /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir Thanks Andras
