Re: [vchkpw] SMTP AUTH with vchkpw
hello, l1:~ # find / -name true /bin/true and in /var/log/qmail/smtpd/current i don't have any error!! I don't understand why pop3d can authenticate with mysql while smtpd no! via squirrelmail i have this error: Server replied: 454 oops, unable to write pipe and I can't auth signo Erwin Hoffmann wrote: Hi, At 16:12 30.03.04 +0200, signo wrote: hello, i've problems with smtp-auth, when i try to send email from a client the server ask always for a password (but the passwd is ok) please help me!! thanks signo situation: qmail: qmail-1.03 vpopmail: 5.3.28 smtp-auth patch on qmail: qmail-smtpd-auth-0.4.2 (http://www.fehcom.de/qmail/auth/qmail-smtpd-auth-042_tgz.bin) qmail-smtpd/run: #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`head -1 /var/qmail/control/concurrencyincoming` if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD ]; then echo QMAILDUID, NOFILESGID or MAXSMTPD is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi exec /usr/local/bin/softlimit -m 2000 \ /usr/local/bin/tcpserver -v -R -u $QMAILDUID -x /etc/tcp.smtp.cdb -c $MAXSMTPD \ -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true 21 telnet on port 25: 220 ssigno_back.local ESMTP 250-ssigno_back.local 250-PIPELINING 250-8BITMIME 250 AUTH LOGIN PLAIN CRAM-MD5 Please read: http://www.fehcom.de/qmail/smtpauth.html Do you have an error messages; traces ? Do a which true ! Does /bin/true exist ? regards. --eh. Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/ Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24
[vchkpw] Re: Blackholing a sender
Hello Devendra, On Wednesday, March 31, 2004 at 6:52:31 AM you wrote (at least in part): I have a peculiar requirement of just trashing a particular Mail From: to any of the virtual domains hosted on a Server. echo SENDERADDRESS /var/qmail/control/badmailfrom Thanks for your solution. But, the badmailfrom would give a bounce from qmail-smtpd (MTA). No, it'd give a 5xx code from your qmail-smtpd and the bounce is created by somebody else. Your system does /NOT/ bounce the message, it just rejects it. If the other side bounces is not within your responsibility. I just wanted to blackhole it, without sending any intimation even if it violates any RFC. Than you have two options: 1) hacking qmail source to read a dev-null list and deliver all mails with sender address on this list to /dev/null (i.e. to drop the message) 2) manipulate all dot-qmail files that could be involved in a delivery and check if the message came from $BAD_SENDER. If so exit(99) from this check and no further delivery instructions in this dot-qmail file will be processed. Quite a lot of work to do, and you'd have to take care of all new created dot-qmail files in your setup. -- Best regards Peter Palmreuther COBOL: Crappy Obsolete Butthead Oriented Language.
[vchkpw] Re: SMTP-Auth question
Hello Erwin, On Wednesday, March 31, 2004 at 10:09:29 AM you wrote (at least in part): In case a client is accepted via pop-4-smtpd, the $RELAYCLIENT environment variable is set. It might be useful to define this variable explicitely, ie. RELAYCLIENT=PB4S. No. It will, for sure, not be useful. ,- [ man qmail-smtpd ] | [...] | Exception: If the environment variable RELAYCLIENT is | set, qmail-smtpd will ignore rcpthosts, and will | append the value of RELAYCLIENT to each incoming | recipient address. | [...] `- Setting RELAYCLIENT to something different than an empty string is only useful when one KNOWS what he/she does. The overwhelming majority only wants RELAYCLIENT unlocks relay restrictions and therefore has to set it empty. Check it and call qmail-smtpd without any arguments. In case the variable is not set or empty, call qmail-smtpd with the proper SMTP Auth args. This whole wrapper-stuff should not be necessary. If tcpserver sets RELAYCLIENT due to .cdb or SQL-lookup it'll be passed to qmail-smtpd. qmail-smtpd than will allow relaying even w/o SMTP-Auth. I'm running a SMTP which offers SMTP-Auth and POP3-b4-SMTP and it works w/o any wrappers at all. The SMTP-Auth patch simply sets RELAYCLIENT for qmail-smtpd /WHEN/ someone authenticated successful, if not the formerly set RELAYCLIENT (passed as ENV-var from tcpserver, when set) is not reset when authentication fails. @Joel: How about this: Copy your current qmail-smtpd invocation, remove all the 'qmail-smtpd foo bar bla' stuff and replace it with a simply '/usr/bin/env'. Make the tcpserver listen on port 26. Prepend an environment clearing 'env' call. Start the stuff on command line. It can be something similar to this: env -i PATH=/var/qmail/bin:/usr/local/bin tcpserver -vRX \ 0 26 /usr/bin/env (plus adding the stuff necessary for tcpserver reading the database for potentially set environment vars like RELAYCLIENT) Than connect to this server from a client-IP that should be set to relaying allowed (e.g. by formerly executed POP3 authentication): telnet $SERVER 26 You should see a line with PATH=... and some TCPREMOTExxx and TCPLOCALxxx lines. Additionally you should see a line 'RELAYCLIENT='. If this is there and your qmail-smtpd invocation looks up the same database for possible RELAYCLIENT settings try this: telnet $SERVER 35 EHLO _ MAIL FROM: RCPT TO:[EMAIL PROTECTED] QUIT If this fails: please post the error you get, your qmail-smtpd startup script and the result of above 'env'-test. -- Best regards Peter Palmreuther Boob's Law: You always find something in the last place you look.
[vchkpw] OT: Radius server
Hi all, This is somewhat OT, but I'm curious what people here are using for radius authentication against the vpopmail mysql db? There are a number that support SQL auth, but the whole pw_gid thing in vpopmail is giving me some pains. I wish to use the dialup y/n flags that end up in the pw_gid field, but I'm also looking to use the user defined flags to also denote if a given user should be able to auth via radius for news or roaming dialup. So far this doesn't look possible (or let's say easy). FreeRadius, gnu-radius, openradius all lack the ability to alter the sql query based on which client NAS connects. How are other people solving this problem? I'd love to keep the vpopmail db as the master reference for all radius-authenticated services. Also, does anyone have some info on what exactly the values in pw_gid are? It's numeric, and it varies is about all I can gather from poking around. Thanks, Charles
Re: [vchkpw] OT: Radius server
Radiator (open.com.au) rules. You can do virtually anything, including custom SQL queries. --Doug - Original Message - From: Charles Sprickman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 5:42 PM Subject: [vchkpw] OT: Radius server Hi all, This is somewhat OT, but I'm curious what people here are using for radius authentication against the vpopmail mysql db? There are a number that support SQL auth, but the whole pw_gid thing in vpopmail is giving me some pains. I wish to use the dialup y/n flags that end up in the pw_gid field, but I'm also looking to use the user defined flags to also denote if a given user should be able to auth via radius for news or roaming dialup. So far this doesn't look possible (or let's say easy). FreeRadius, gnu-radius, openradius all lack the ability to alter the sql query based on which client NAS connects. How are other people solving this problem? I'd love to keep the vpopmail db as the master reference for all radius-authenticated services. Also, does anyone have some info on what exactly the values in pw_gid are? It's numeric, and it varies is about all I can gather from poking around. Thanks, Charles
Re: [vchkpw] Re: Blackholing a sender
At 31/03/04 20:34 (), you wrote: Hello Devendra, On Wednesday, March 31, 2004 at 6:52:31 AM you wrote (at least in part): I have a peculiar requirement of just trashing a particular Mail From: to any of the virtual domains hosted on a Server. echo SENDERADDRESS /var/qmail/control/badmailfrom Thanks for your solution. But, the badmailfrom would give a bounce from qmail-smtpd (MTA). No, it'd give a 5xx code from your qmail-smtpd and the bounce is created by somebody else. Your system does /NOT/ bounce the message, it just rejects it. If the other side bounces is not within your responsibility. I just wanted to blackhole it, without sending any intimation even if it violates any RFC. Than you have two options: 1) hacking qmail source to read a dev-null list and deliver all mails with sender address on this list to /dev/null (i.e. to drop the message) 2) manipulate all dot-qmail files that could be involved in a delivery and check if the message came from $BAD_SENDER. If so exit(99) from this check and no further delivery instructions in this dot-qmail file will be processed. Quite a lot of work to do, and you'd have to take care of all new created dot-qmail files in your setup. -- Best regards Peter Palmreuther COBOL: Crappy Obsolete Butthead Oriented Language. My God !, Lot of work to do, fiddling with the source would be my last resort. In the meanwhile I tried the BLACKHOLED Sender for the notorious option of http://www.fehcom.de/qmail/spamcontrol.html. But, this option too sends back a bounce after a couple of days. The deferral is generated from the sending server not my server. I wished not to give the sender any clue as why his mail is disappearing -- blackholed. I would wait for more comments from fellow list members. Thanks. Devendra Singh
Re: [vchkpw] Re: Blackholing a sender
At 31/03/04 22:01 (), David H. Wolfskill wrote: On Wed, Mar 31, 2004 at 10:22:31AM +0530, Devendra Singh wrote: Thanks for your solution. But, the badmailfrom would give a bounce from qmail-smtpd (MTA). I just wanted to blackhole it, without sending any intimation even if it violates any RFC. Any other pointers !!! Why not alias it to /dev/null? Peace, david (who is much more familiar with sendmail than with qmail) -- David H. Wolfskill [EMAIL PROTECTED] That's my wish too. But, I think we are able to alias a TO: but not FROM:. Devendra Singh