Re: [vchkpw] Who can tell me exactly how dir_control works?
If your only problem is the user count (lucky you) you can manualy reset the cur_users and it will begin wirking again. Ok now you make me worried... What other things have you run in to because that was my fear anyways: I don't understand why this doesn't work (well it just seems unimplemented in vconvert), so what else will i run into ? I thought the mysql support was pretty stable in vpopmail ? This list is not maintained by any developers that can shed some light on this subject ? Thanx, Mark. On Thursday 05 August 2004 14:59, Dave Goodrich wrote: I found little on the subject in Google, and fewer answers anywhere else. I have resorted to reading source code ( I don't program C ). The closest thing I have found is this, http://www.mail-archive.com/[EMAIL PROTECTED]/msg18607.html Though that URL is not responding for me right now. In a nutshell, try changing the numbers, adding deleting, domains, and see what happens. I am currently counting the conf-splits in my domains and trying to understand what values I need to insert into dir_control. If your only problem is the user count (lucky you) you can manualy reset the cur_users and it will begin wirking again. DAve Mark Richardson wrote: Dave have you already found some more info on this subject ? I have the same problem here (see my post) Mark. On Wednesday 04 August 2004 18:21, Dave Goodrich wrote: qmail 1.03 vpopmail 5.4.0 mysql 3.23.58 We had been using cdb and switched to using mysql auth when we moved our users to a new server. We ran vconvert on the domains and everything appeared to work fine. vpopmail.curr_users loaded with enormous numbers, level_curr loaded as zero. Adding new domains, users changes nothing in the dir_control table. I can manually update the curr_users value and it will then begin to increment properly. I would be willing to manually update the other values, if I knew what they should be and what they did. I can whoop up a quick script to insert the proper values, but how do I determine what they should be? Is there any documentation that explains how this works? At this point I am thinking moving a vpopmail installation is a very bad idea. Thanks, DAve -- Dutch Web Services b.v. James Wattstraat 5 2809 PA Gouda Tel. +31 (0)182-69 40 00 (maandag t/m vrijdag van 09.00 uur t/m 17.30 uur) Fax. +31 (0)182-69 40 51
[vchkpw] setuid root vchkpw
Hello All, I've been trying to find a method to run qmail + smtpd-auth + vpopmail with support for system accounts without running any of it as root. Can anyone tell me if this is possible? I believe it is impossible to have system account support without some part of the system running as root. Is this correct? Do most people run qmail-pop3d + vpopmail as root? I used to do this but recently switched over to : qmail-pop3d runs as vpopmail - everything works except system account password checking qmail-smtpd runs as qmaild user, vchkpw (for smtp-auth) is set as setuid vpopmail.vchkpw Can anyone point me to a better method? A URL is fine. I've been unable to find anything. I've considered going back to running qmail-pop3d as root, any suggestions? Thanks! __ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail
[vchkpw] Matt Gregory is out of the office.
I will be out of the office starting 08/06/2004 and will not return until 08/08/2004. I will respond to your message when I return. NOTICE: This e-mail message and all attachments transmitted with it may contain legally privileged and confidential information intended solely for the use of the addressee. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments, hyperlinks, or any other files of any kind is strictly prohibited. If you have received this message in error, please notify the sender immediately by telephone (865-218-2000) or by a reply to this electronic mail message and delete this message and all copies and backups thereof.
Re: [vchkpw] setuid root vchkpw
Hugh Beaumont wrote: Hello All, I've been trying to find a method to run qmail + smtpd-auth + vpopmail with support for system accounts without running any of it as root. Can anyone tell me if this is possible? No. If any accounts are not owned by vpopmail:vchkpw it must be root so it can change to the user receiving mail. I believe it is impossible to have system account support without some part of the system running as root. Is this correct? Yes. Do most people run qmail-pop3d + vpopmail as root? I used to do this but recently switched over to : I would avoid it. I've considered going back to running qmail-pop3d as root, any suggestions? Don't use system accounts, and run 100% virtual. The only people with logins on my mail server are the mail administrators. I feel safer that way. Rick
[vchkpw] alias problem
Hi, I known that this isn't the right place for what i'm looking for, but I hope that someone can help me or redirect me to an howto. I have a mail server with qmail and vpopmail installed My mail account is insert in a lot of aliases so if someone send a mail to two or tree of this I receve the same mail a lot of time. Is there a way to avoid this? Thanks Francesco Messere
Re: [vchkpw] alias problem
On Fri, 6 Aug 2004 11:22:17 +0200, fmessere [EMAIL PROTECTED] wrote: My mail account is insert in a lot of aliases so if someone send a mail to two or tree of this I receve the same mail a lot of time. Is there a way to avoid this? google eliminate-dups -- Regards Manny Unix is simple, but it takes a genius to understand the simplicity. - Dennis Ritchie
[vchkpw] Alternative to qmail-autoresponder
Hi, I think i've posted here before about this, but i can't get qmail-autoresponder to work. It sends the vacation message to the original sender, alright, but it doesn't deliver the original messagem from him. qmail-send, logs shows that the message coming from the sender to [EMAIL PROTECTED] is to be delivered at [EMAIL PROTECTED] So, here is the trcky part: it's missing joe after the - and the message is obviously not delivered. Also, the original sender, besides the vacation message, gets another one saying his message could not be delivered at @domain.com. I got no answer from untroubled mailing list, nor qmail's. Does anyone knows the whys of this ? Or an alternative to qmail-autoresponder ? I'm using vpopmail with qmail. The vacation parameters set for qmail-autoresponer in joe's .qmail by qmailadmin, are a complete mess. They just don't work as it is supposed to. Any help would be appreciated. I'm completly boggled :( Following my signature is my joe's .qmail Warm Regards, Mário Gamito joe's .qmail: - | qmail-autoresponder -c -n 100 /home/vpopmail/domains/domain.com/joe - In /home/vpopmail/domains/domain.com/joe i have message.txt file.
[vchkpw] POP before SMTP doesn't bypass RBL check
I am thinking this is client based, but at a loss; Have a server (qmail, vchkpw, sqwebmail, mysql...), has about 2500 email accounts on it, roaming users enabled using POP before SMTP auth. Tweaked the vmysql.c(vupdate_rules) and rebuilt vpopmail to add a skip to RBL checks for all authed users. snprintf(SqlBufRead, SQL_BUF_SIZE, %s:allow,RELAYCLIENT=\\,RBLSMTPD=\\\n, row[0]); this is because we use -r combined.njabl.org in our smtp run which blocks dynamic IP address space (highly effective against virus and compromised machines acting as their own SMTP servers). We get a handful of users who end up getting blocked because outlook express sends before checking, but a subsequent attempt to send after the check is successful usually goes through. We are however getting a few (1-2%?) users who consistantly cannot send because they are hitting this RBL, users who are POPing and should be skipping the RBL checks all together. Any ideas or suggestions? Do other things need to be recompiled after that above change to vmysql.c in vpopmail? Is there a time delay that we are encountering? Appreciate any comments or suggestions. Dave
Re: [vchkpw] Who can tell me exactly how dir_control works?
Mark Richardson wrote: If your only problem is the user count (lucky you) you can manualy reset the cur_users and it will begin wirking again. Ok now you make me worried... What other things have you run in to because that was my fear anyways: I don't understand why this doesn't work (well it just seems unimplemented in vconvert), so what else will i run into ? My only problem has been with dir_control, everything else is working fine. There is a small tool in contrib called vcdir which is supposed to correct the problem and reload the dir_control data from the dir_control files in each domain. I have been unable to get it to compile. NetBSD/Sparc (my ecluster machines) does not have libnsl, and Solaris 8 (my MySQL host) is having problems finding libmysqlclient.a. Maybe if I were a C programmer I would be in better shape. Though, using it might solve my problem, it won't answer my questions about what each field's purpose is. I thought the mysql support was pretty stable in vpopmail ? The support for MySQL doesn't seem to be the issue here, just the conversion to using MySQL from cdb at this point. This list is not maintained by any developers that can shed some light on this subject ? Umm, maybe I am just asking the wrong questions. Does anyone know what each field in the dir_control table is supposed to contain? What is the purpose of level_startX, level_endX, level_modX, level_indexX, the_dir? Thanks, DAve Thanx, Mark. On Thursday 05 August 2004 14:59, Dave Goodrich wrote: I found little on the subject in Google, and fewer answers anywhere else. I have resorted to reading source code ( I don't program C ). The closest thing I have found is this, http://www.mail-archive.com/[EMAIL PROTECTED]/msg18607.html Though that URL is not responding for me right now. In a nutshell, try changing the numbers, adding deleting, domains, and see what happens. I am currently counting the conf-splits in my domains and trying to understand what values I need to insert into dir_control. If your only problem is the user count (lucky you) you can manualy reset the cur_users and it will begin wirking again. DAve Mark Richardson wrote: Dave have you already found some more info on this subject ? I have the same problem here (see my post) Mark. On Wednesday 04 August 2004 18:21, Dave Goodrich wrote: qmail 1.03 vpopmail 5.4.0 mysql 3.23.58 We had been using cdb and switched to using mysql auth when we moved our users to a new server. We ran vconvert on the domains and everything appeared to work fine. vpopmail.curr_users loaded with enormous numbers, level_curr loaded as zero. Adding new domains, users changes nothing in the dir_control table. I can manually update the curr_users value and it will then begin to increment properly. I would be willing to manually update the other values, if I knew what they should be and what they did. I can whoop up a quick script to insert the proper values, but how do I determine what they should be? Is there any documentation that explains how this works? At this point I am thinking moving a vpopmail installation is a very bad idea. Thanks, DAve
Re: [vchkpw] poppassd (in perl) for vpopmail+mysql
Japheth Cleaver wrote: Hello all, I've written a small poppassd service (port 106) that is usable with vpopmail when using a MySQL back-end. I specifically wrote it to use with the SquirrelMail change password plugin (http://www.squirrelmail.org/plugin_view.php?id=21) when I had problems getting the poppassd they recommend for courier to work. This daemon can be used by any client, though. It includes some code to reject easy-to-guess passwords, IP restrictions (must have already logged in from that IP), and a small tarpit. Requires xinetd, DBI, and Socket, and is most efficient with SpeedyCGI. If anyone's interested, it's at http://www-rohan.sdsu.edu/~cleaver/software/qmail/. I'd be interested in any feedback anyone has. :) -jc I know its kinda childish to say, but it'd be really nice if it ran under strict and with warnings on and since its listening on the network in a hostile environment if it ran perl -T rather than just /usr/bin/perl. Definitely looks like a useful utility. Cheers, Nick Harring Webley Systems
Re: [vchkpw] setuid root vchkpw
On Friday 06 August 2004 02:18 am, Hugh Beaumont wrote: qmail-pop3d runs as vpopmail - everything works except system account password checking ls -l /etc/shadow nuff said. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
Re: [vchkpw] setuid root vchkpw
--- Jeremy Kitchen [EMAIL PROTECTED] wrote: On Friday 06 August 2004 02:18 am, Hugh Beaumont wrote: qmail-pop3d runs as vpopmail - everything works except system account password checking ls -l /etc/shadow nuff said. -Jeremy Hi Jeremy, Thanks for the, um, help :) Obviously /etc/shadow is owned by root.root - this is why I assume there is know way to do this without running some part of the system as root or doing some funky group manipulations (all of which I would view as being a very bad idea). However I thought that there may have been a prefered way among the group members of handling this problem. I assume that most people just run vpopmail using only vpopmail owned accounts. However I also assume that if anyone is using system accounts that they aren't too thrilled with the idea of running it as root. I was hoping to hear of of any other possible ways to get around this. Sincerely, H. __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo
Re: [vchkpw] setuid root vchkpw
--- Rick Widmer [EMAIL PROTECTED] wrote: I believe it is impossible to have system account support without some part of the system running as root. Is this correct? Yes. Do most people run qmail-pop3d + vpopmail as root? I used to do this but recently switched over to : I would avoid it. I've considered going back to running qmail-pop3d as root, any suggestions? Don't use system accounts, and run 100% virtual. The only people with logins on my mail server are the mail administrators. I feel safer that way. Hi Rick, Thanks for your help. Just what I was looking for. I assumed there was no way to do this but was just looking for some confirmation. Sincerely, H. __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail
Re: [vchkpw] setuid root vchkpw
On Friday 06 August 2004 11:26 am, Hugh Beaumont wrote: qmail-pop3d runs as vpopmail - everything works except system account password checking ls -l /etc/shadow nuff said. Thanks for the, um, help :) more like a hint :) Obviously /etc/shadow is owned by root.root - this is why I assume there is know way to do this without running some part of the system as root or doing some funky group manipulations (all of which I would view as being a very bad idea). and if you did any group permissions on the /etc/shadow file, it would probably go away the second you added another user, unless you hacked your user modification programs, wrote your own, or did it manually, all of which are possible, but a complete waste of time in my opinion. However I thought that there may have been a prefered way among the group members of handling this problem. I assume that most people just run vpopmail using only vpopmail owned accounts. However I also assume that if anyone is using system accounts that they aren't too thrilled with the idea of running it as root. I was hoping to hear of of any other possible ways to get around this. well, even if /etc/shadow was readable by the vpopmail user, each individual user's mail store probably isn't (for the system users), so that creates a problem. It would take a whole lot of hacking, and it might work, but I doubt it's worth the time, and it may actually open up more security problems than it supposedly 'solves'. I don't understand why you're so concerned with having the pop3 server run as root. qmail-popup has no remote root holes (at least stock, which is what most people use, as I don't think there are any patches out there that directly affect qmail-popup other than maybe the errno patch) and unless your checkpassword replacement (in this case, vchkpw) has any (which, I've never heard of :), I don't see the need for concern. On my mail server, I've been using system accounts with vmailmgr for several years, and I have never been worried about the security of my pop3/imap servers. In fact, the thing I'd be worried the most about is clear text passwords, but I have SSL-enabled pop3, imap, and smtp services, so that problem is solved. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
Re: [vchkpw] setuid root vchkpw
--- Jeremy Kitchen [EMAIL PROTECTED] wrote: I don't understand why you're so concerned with having the pop3 server run as root. qmail-popup has no remote root holes (at least stock, which is what most people use, as I don't think there are any patches out there that directly affect qmail-popup other than maybe the errno patch) and unless your checkpassword replacement (in this case, vchkpw) has any (which, I've never heard of :), I don't see the need for concern. That's very good advice. I think I may eventually switch back. It always just bugged me a bit that it was running as root when I was able to run qmail-smtp as non-root. But you are right, any attempt to allow non-root system accounts would just cause even more secure issues due to all the non-standard changes I'd have to make. I guess I'm just paranoid :) Thanks! H. __ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail
Re: [vchkpw] setuid root vchkpw
On Friday 06 August 2004 11:53 am, Hugh Beaumont wrote: --- Jeremy Kitchen [EMAIL PROTECTED] wrote: I don't understand why you're so concerned with having the pop3 server run as root. qmail-popup has no remote root holes (at least stock, which is what most people use, as I don't think there are any patches out there that directly affect qmail-popup other than maybe the errno patch) and unless your checkpassword replacement (in this case, vchkpw) has any (which, I've never heard of :), I don't see the need for concern. That's very good advice. I think I may eventually switch back. It always just bugged me a bit that it was running as root when I was able to run qmail-smtp as non-root. But you are right, any attempt to allow non-root system accounts would just cause even more secure issues due to all the non-standard changes I'd have to make. I guess I'm just paranoid :) well, unpatched qmail-smtpd really has no reason to run as any specific user. qmail uses the qmaild user because the qmaild uid is hardcoded into qmail-queue, and if qmail-queue is invoked by that uid, it considers it to be coming 'from the network'. Any and all users should be able to use qmail-queue (unless you've modified the permissions on the binary, which, while not very common, isn't unreasonable). On the other hand, qmail-pop3d invokes an authenticator, which may need to read files owned by root, and may need to setuid to any arbitrary userid on the system. Therefore it MUST run as root, as non-root users can't setuid. This is similar to the reasoning behind qmail-lspawn needing to run as root. But I agree, I think you're just paranoid. (which is fine, and I'm trying to ease your paranoia :) I'd rather deal with a paranoid admin than one who doesn't think before doing things that could potentially be dangerous (like, a publicly accessible network service run as root). -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
