RE: [vchkpw] 5.3.26 error with chkusr patch + mysql
Title: Message Tonino, Thanks for the reply. That has fixed the problem. Compiles now, and it works still with the mysql backend. cheers Shane -Original Message-From: tonix (Antonio Nati) [mailto:[EMAIL PROTECTED] Sent: Monday, 1 September 2003 5:05 AMTo: [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: Re: [vchkpw] 5.3.26 error with chkusr patch + mysqlShane,I did not try the last versions of vpopmail.It looks like function vget_real_domain does not exists anymore.Try commenting out these lines of code, and please let me know./* Check if domain is a real domain */ /*if (!stralloc_0 (domain)) die_nomem();vget_real_domain(domain.s, domain.a);domain.len = strlen (domain.s);if (domain.len (domain.a - 1)) die_nomem();*//* Let's get domain's real path */ ToninoAt 01/09/03 01/09/03 +0800, Shane Chrisp wrote: Im setting up a new system and I found that there is an error whentrying to use the chkusr patch with the latest version. Below is theerror from qmail. I tried compiling again with 5.3.24 successfullyso I then tried 5.3.25 and that failed also, with the same error../load qmail-smtpd qregex.o rcpthosts.o commands.o timeoutread.o \timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o \received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \datetime.a getln.a open.a sig.a case.a env.a stralloc.a \alloc.a substdio.a error.a str.a fs.a auto_qmail.o base64.o `cat \socket.lib` -lssl -lcrypto dns.o `cat dns.lib` -lcrypt \`head -1 conf-vpopmail`/lib/libvpopmail.a \/usr/lib/mysql/libmysqlclient.a -lzqmail-smtpd.o: In function `realrcpt_check':qmail-smtpd.o(.text+0xf29): undefined reference to `vget_real_domain'collect2: ld returned 1 exit statusmake: *** [qmail-smtpd] Error 1RegardsShane [EMAIL PROTECTED] Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
RE: [vchkpw] /var/mail/vpopmail
What does your /var/qmail/rc file look like?
My qmail/rc file looks like this:
===START===
#!/bin/sh
# Using stdout for logging
# Using control/defaultdelivery from qmail-local to deliver messages by
default
exec env - PATH=/var/qmail/bin:$PATH \
qmail-start `cat /var/qmail/control/defaultdelivery`
===END===
/var/qmail/control/defaultdelivery looks like this:
===START===
|dot-forward .forward
|preline procmail
===END===
Any suggestions?
Jasper
-Original Message-
From: Jasper Metselaar [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 28, 2003 7:38 AM
To: [EMAIL PROTECTED]
Subject: [vchkpw] Re /var/mail/vpopmail
Doublebounce settings and .qmail files are ok.
Below is a header of a message dumped to /var/mail/vpopmail. As you can
see, this is not a bounce message... it's the original. When I sent
this message to a non existing address the message was dumped to
/var/mail/vpopmail and a non-delivery report was sent to the originator
(me).
START
From vpopmail Thu Aug 28 16:31:45 2003
Received: (qmail 4184 invoked from network); 28 Aug 2003 14:31:45 -
Received: from xxx.xxx.xxx (xxx.xxx.xxx.xx)
by 0 with SMTP; 28 Aug 2003 14:31:45 -
Received: from [xxx.xxx.xx.xxx] (helo=..xxx)
by xx.x.xxx with esmtp (Exim 3.36 #1)
id 19sNoN-0001mk-00
for [EMAIL PROTECTED]; Thu, 28 Aug 2003 16:31:43 +0200
Received: by wfwin3 with Internet Mail Service (5.5.2653.19)
id RYZB9G85; Thu, 28 Aug 2003 16:31:39 +0200
Message-ID: [EMAIL PROTECTED]
From: Metselaar, J.M. [EMAIL PROTECTED]
To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
Subject: This is a test
Date: Thu, 28 Aug 2003 16:30:29 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
END
For some reason I think the problem is in my maildrop script, but I
can't figure out where. The script is below:
START
import EXT
import HOST
VPOP=| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox
VHOME=`/home/vpopmail/bin/vuserinfo -d [EMAIL PROTECTED]
if ( $SIZE 262144 )
{
exception {
xfilter /usr/bin/spamc -f -u [EMAIL PROTECTED]
}
}
if (/^X-Spam-Flag: *YES/)
{
# try filtering it using user-defined rules
exception {
include $VHOME/Maildir/.mailfilter
}
# then try delivering it to a Spam folder
exception {
# to $VPOP
to $VHOME/Maildir/
}
# ah well, I guess they'll just have to live with disappointment
exception {
to $VPOP
}
}
else {
exception {
include $VHOME/Maildir/.mailfilter
}
exception {
to $VPOP
}
}
END
Any ideas?
Thanks in advance!
- Jasper
I don't think it's vpopmail that's dropping it into that file. It
sounds more like mail is being delivered to the vpopmail user on your
local system. What does qmail have for it's double bounce account
(run /var/qmail/bin/qmail-showctl to see) and also what does your
/var/qmail/alias directory look like.. more specifically the .qmail
files inside it.
-Original Message-
From: Jasper Metselaar [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 27, 2003 3:04 AM
To: [EMAIL PROTECTED]
Subject: [vchkpw] /var/mail/vpopmail
Hi,
Vpopmail is running fine on my server, but there is on thing that's
strange (in my opinion, anyway ;-)):There is a very fast growing
file: /var/mail/vpopmail
It looks like vpopmail is dumping undeliverable mail into this file.
Is this normal or is there a misconfiguration somewhere?
Thanks!
- Jasper
Re: [vchkpw] 5.3.26 error with chkusr patch + mysql
Title: Message Speaking of this patch. I think there is a potential of people being able to harvest e-mail accounts using a dictionary, etc. They can connect up and just validate e-mail addresses with this patch to determine if they are valid or not. This could be a spammers dream come true. I have seen this occur on sendmail servers. Brad - Original Message - From: Shane Chrisp Tonino, Thanks for the reply. That has fixed the problem. Compiles now, and it works still with the mysql backend. cheers Shane
RE: [vchkpw] 5.3.26 error with chkusr patch + mysql
Title: Message Yes, you should be using some form of tarpitting as well with this patch. There is no need for someone to be connecting xx number of times per minute. Shane -Original Message-From: Brad Dameron [mailto:[EMAIL PROTECTED] Sent: Monday, 1 September 2003 7:38 PMTo: [EMAIL PROTECTED]Subject: Re: [vchkpw] 5.3.26 error with chkusr patch + mysql Speaking of this patch. I think there is a potential of people being able to harvest e-mail accounts using a dictionary, etc. They can connect up and just validate e-mail addresses with this patch to determine if they are valid or not. This could be a spammers dream come true. I have seen this occur on sendmail servers. Brad - Original Message - From: Shane Chrisp Tonino, Thanks for the reply. That has fixed the problem. Compiles now, and it works still with the mysql backend. cheers Shane
[vchkpw] Re: courier pop3d
Tom Collins writes: I'd love to hear from someone who's tried with a recent version, and whether it worked or failed (and if it did fail, where/how did it fail). I tried it with 5.3.24 and authdaemon authentication worked fine. I then had to switch to 5.3.26 because of a bug in 5.3.24 and it still works fine with authdaemon. -- Paul Allen Softflare Support
Re: [vchkpw] 5.3.26 error with chkusr patch + mysql
Just thinking out loud. The approach of tarpitting is to slow down the attacker without impacting your network or requiring additional resources on your end to deal with the cracker. I *think* it does this by analyzing the volume of incoming SMTP requests from the same host. The approach of chkuser is to reduce the amount of incoming messages by denying unknown recipients before the message Data is transmitted. I would hate to see an expanded chkuser that requires extensive database activity to log/monitor/tarpit the username requests. That's throwing more resources at a problem I think its entirely appropriate to respond VERY slowly to an unknown username request. HOWEVER, if I suddenly have a shortage of SMTPD daemons because they are left open to service the chkuser tarpit, and that hurts my email service quality, then I haven't gained anything. I would rather be fast at dumping chkuser denials and let them guess. I guess if there was a child daemon that could handle ALL of the chkuser tarpits (instead of keeping an SMTPD open) then we might have something really great. Sorry if I'm being too utopian, or too vague. Just trying to contribute. D. I thought of this initially, but then I forgot because of the general gain this patch gives. We could introduce a delay for each not existing user, or a limit for the maximum number of rcpt to. But for a massive hacker, that could not be a problem. I'm thinking of a more sophisticated code, but I surely would need of a database where to record every attempt. Let me know general opinions, Tonino At 01/09/03 01/09/03 -0700, Brad Dameron wrote: Speaking of this patch. I think there is a potential of people being able to harvest e-mail accounts using a dictionary, etc. They can connect up and just validate e-mail addresses with this patch to determine if they are valid or not. This could be a spammers dream come true. I have seen this occur on sendmail servers. Brad - Original Message - From: mailto:[EMAIL PROTECTED]Shane Chrisp Tonino, Thanks for the reply. That has fixed the problem. Compiles now, and it works still with the mysql backend. cheers Shane [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
[vchkpw] Re: qmail-send is eating all availible cpu time
I have the same problem i check the file permission and they are ok, and i also check that qmail-send don't restart very often. I'm using qmail, with vpopmail 5.2.1 and spamcontrol2.09 [EMAIL PROTECTED] /root]# svstat /service/* /service/qmail-pop3d: up (pid 1129) 7392 seconds /service/qmail-send: up (pid 1121) 7393 seconds /service/qmail-smtpd: up (pid 1122) 7393 seconds [EMAIL PROTECTED] /root]# svstat /service/*/log /service/qmail-pop3d/log: up (pid 1128) 7406 seconds /service/qmail-send/log: up (pid 1127) 7406 seconds /service/qmail-smtpd/log: up (pid 1130) 7406 seconds the log dir owner is qmaill drwxr-xr-x4 qmaill root 4096 Aug 29 11:50 qmai drwxr-xr-x2 qmaill root 4096 Aug 29 11:28 pop3d drwxr-xr-x2 qmaill root 4096 Aug 29 10:10 smtpd the supervise scripts are like this [EMAIL PROTECTED] /root]# ls -la /var/qmail/supervise/qmail-smtpd/ drwxr-xr-t4 root root 4096 Aug 25 13:06 . drwxr-xr-x5 root root 4096 Aug 28 2001 .. drwxr-xr-x3 root root 4096 Aug 25 11:01 log -rwxr-xr-x1 root root 334 Aug 25 13:06 run -rwxr-xr-x1 root root 347 Jan 14 2003 run.20030114 -rwxr-xr-x1 root root 336 Jun 12 2002 run.bak drwx--2 root root 4096 Aug 29 10:02 supervise [EMAIL PROTECTED] /root]# ls -la /var/qmail/supervise/qmail-send/ drwxr-xr-t4 root root 4096 Jul 29 15:53 . drwxr-xr-x5 root root 4096 Aug 28 2001 .. drwxr-xr-x3 root root 4096 Jul 29 15:53 log -rwxr-xr-x1 root root 29 Aug 27 2001 run drwx--2 root root 4096 Aug 29 10:02 supervise [EMAIL PROTECTED] /root]# ls -la /var/qmail/supervise/qmail-pop3d/ drwxr-xr-t4 root root 4096 Aug 28 18:13 . drwxr-xr-x5 root root 4096 Aug 28 2001 .. drwxr-xr-x3 root root 4096 Jul 31 08:57 log -rwxr-xr-x1 root root 198 Aug 28 18:13 run drwx--2 root root 4096 Aug 29 10:02 supervise At 06:38 PM 25/08/2003 +0200, [EMAIL PROTECTED] wrote: That solved it! Thanks now i´m happy : ) Although i have stunbled in to another problem but i´ll do a new post for that one if i don´t solve it //Tobias - Original Message - From: Kurt Hansen [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, August 25, 2003 6:11 PM Subject: Re: qmail-send is eating all availible cpu time [EMAIL PROTECTED] wrote: Okay so this cd /var/qmail/supervise/qmail-send/supervise -rw-r--r--1 root root2 Aug 25 17:36 control -rw---1 root root0 Aug 12 13:30 lock -rw-r--r--1 root root0 Jul 16 14:56 ok -rw-r--r--1 root root 18 Aug 25 13:44 status Could be a problem ? how do i make them named pipes ? I just deleted the control file, and it was recreated as a named pipe almost immediately. I'm guessing the same would be true with ok. Take care, Kurt Hansen __ NOD32 1.492 (20030825) Information __ This message was checked by NOD32 Antivirus System. http://www.nod32.com
[vchkpw] warning: trouble injecting bounce message, will try later
i'm using qmail with vpopmail 5.2.1, and in my qmail log files this message continues to appear warning: trouble injecting bounce message, will try later I have plenty of disk space, and i don't know where to look for the problem. Thanks in advance, Jesus
Re: [vchkpw] warning: trouble injecting bounce message, will trylater
Hi Jesus, i'm using qmail with vpopmail 5.2.1, and in my qmail log files this message continues to appear warning: trouble injecting bounce message, will try later I have plenty of disk space, and i don't know where to look for the problem. You already posted exactly this question on last thursday. I posted an answer, and you didn't provide anything new since then. Please don't repost questions; read the answers instead. Jonas
Re: [vchkpw] RE:(2) [vchkpw] Script for users to delete their own account
On Saturday, August 30, 2003, at 10:52 AM, Evren Yurtesen wrote: 1. Auth the user against the database using their email/passwd 2. Change the last auth value to a year ago. 3. Display a message that they have until the next quarter hour to change their mind about deleting their account, and if they decide to keep it, to pop into their mailbox. 4. cron the vdeloldusers to run at */15. How about a suid program that you could pass an email address and password to and it would outright delete the account? It could be run as any user, and would take care of authentication and deletion in one shot. -- Tom Collins [EMAIL PROTECTED] http://sniffter.com/ - info on the Sniffter hand-held Network Tester
[vchkpw] no such user. URGENT!
hi, i accidently deleted my /var/qmail, and now my vpopmail didnot recognize the virtual domains. i have a backup of my /var/qmail (not the recent one). and now some of my domains can't be recognize. how can i fix this ? OR is there a way i can rebuild my assign file ?
Re: [vchkpw] no such user. URGENT!
On Monday, September 1, 2003, at 11:34 AM, T. Albert wrote: i accidently deleted my /var/qmail, and now my vpopmail didnot recognize the virtual domains. i have a backup of my /var/qmail (not the recent one). and now some of my domains can't be recognize. how can i fix this ? OR is there a way i can rebuild my assign file ? You can manually add domains to /var/qmail/users/assign (just follow the format of the domains that are in there) and then run qmail-newu to create users/cdb. -- Tom Collins [EMAIL PROTECTED] http://sniffter.com/ - info on the Sniffter hand-held Network Tester
Re: [vchkpw] no such user. URGENT!
don't forget the files in /var/qmail/control also... btw, what in between heaven and earth made you accidently delete /var/qmail :-) - Original Message - From: Tom Collins [EMAIL PROTECTED] To: vpopmail list [EMAIL PROTECTED] Sent: Monday, September 01, 2003 9:11 PM Subject: Re: [vchkpw] no such user. URGENT! On Monday, September 1, 2003, at 11:34 AM, T. Albert wrote: i accidently deleted my /var/qmail, and now my vpopmail didnot recognize the virtual domains. i have a backup of my /var/qmail (not the recent one). and now some of my domains can't be recognize. how can i fix this ? OR is there a way i can rebuild my assign file ? You can manually add domains to /var/qmail/users/assign (just follow the format of the domains that are in there) and then run qmail-newu to create users/cdb. -- Tom Collins [EMAIL PROTECTED] http://sniffter.com/ - info on the Sniffter hand-held Network Tester
Re: [vchkpw] 5.3.26 error with chkusr patch + mysql
- Original Message - From: [EMAIL PROTECTED] Just thinking out loud. The approach of tarpitting is to slow down the attacker without impacting your network or requiring additional resources on your end to deal with the cracker. I *think* it does this by analyzing the volume of incoming SMTP requests from the same host. The approach of chkuser is to reduce the amount of incoming messages by denying unknown recipients before the message Data is transmitted. I would hate to see an expanded chkuser that requires extensive database activity to log/monitor/tarpit the username requests. That's throwing more resources at a problem I think its entirely appropriate to respond VERY slowly to an unknown username request. HOWEVER, if I suddenly have a shortage of SMTPD daemons because they are left open to service the chkuser tarpit, and that hurts my email service quality, then I haven't gained anything. I would rather be fast at dumping chkuser denials and let them guess. I guess if there was a child daemon that could handle ALL of the chkuser tarpits (instead of keeping an SMTPD open) then we might have something really great. Sorry if I'm being too utopian, or too vague. Just trying to contribute. D. I thought on this whole ordeal for several hours and the best way I could come up with is the following: If so many invalid addresses in one connection then enter ip in tcpserver's tcp.smtp file with a deny of IP. This will be removed every so many minutes by a cron job. This way you could add a dely on how fast they could get the addressess. Thi seems to be the least overhead way that I have come up with. Any thoughts on this? Brad
