Re: [vchkpw] Silly Qmail (Queue) Syndrome and Spamcontrol Patch
Hi Dr Erwin, At 07/09/04 13:23 (), you wrote: Hi, At 11:15 07.09.04 +0530, you wrote: At 06/09/04 22:15 (), Erwin Hoffmann wrote: Hi, At 20:11 06.09.04 +0530, you wrote: Dear Erwin, Sorry for question not really related to Vpopmail. It seems that I am hit by Silly Qmail (Queue) Syndrome. I am using the Spamcontrol Patch v2.2.12 along with vpopmail-5.4.6, but have not used the experimental bigtodo. Wished to apply the bigtodo. I would like to get clarified that whether you bigtodo is based on ext_todo patch or big-todo patch or both. I had not initially compiled the bigtodo thinking that it is experimental. What do you suggest. Well. At first you have to tell why you think you are hit by the Silly Qmail Syndrom. Any hints ? Second. Apart from the big-todo enhencement, my implementation of Andre Oppermann's performance enhancements dont work well. After investigation a look of time and testing I didn't find any significant performance improvement. Note: The code in SPAMCONTROL is not the ext-big-todo; however it is based of Andre's first suggestion to influence qmail's scheduler for mail processing; which was buggy by itself. Third. The best thing is to avoid bounces to non-existing accounts. Use my RECIPIENTS extension as part of Qmail or perhaps the real-rcptto patch. The forthcoming SPAMCONTROL version will include verion 0.42 of the RECIPIENTS extension; check my Qmail page (http://www.fehcom.de/qmail.html). regards. --eh. Hi Erwin, Thanks for nice reply. I am attaching Queue Size graph (5 Minute Average) updated Tuesday, 7 September 2004 at 0:50 (EDT). You can notice between 0400 - 1000 hrs (EDT) a quite high Mail Queue. During that time period the smtpd is running to the tune of 100/100. But the send is running to the tune of local 3/15 remote 5/40. The messages in queue but not yet preprocessed goes on increasing in wild. When the smtpd runs to the tune of 85/100 its all okay. This has started happening on almost every start of the week, when huge volume of genuine + virus infected customers mails start pouring in. Ok. Until now, you did not tell us what hardware and network connection you have. Anyway. My experience using a 2*1G PIII and fast SCSI Disks on FreeBSD show some similar behavior. Its Linux slsp-da4p21 2.4.18-18.7.x #1 [Red Hat Linux release 7.3 (Valhalla)] Intel(R) Pentium(R) CPU 2.40GHz cache size : 512 KB RAM:1GB SWAP: 2GB HDD: Barracuda 7200.7 (It's an IDE Drive) Model Number:ST380011A Capacity:80 GB Speed:7200 rpm Seek time:8.5 ms avg Interface:Ultra ATA/100 df -m Filesystem 1M-blocks Used Available Use% Mounted on /dev/hda373990 16422 53810 24% / /dev/hda1 114 9 999% /boot none 441 0 4400% /dev/shm fdisk -l Disk /dev/hda: 255 heads, 63 sectors, 9729 cylinders Units = cylinders of 16065 * 512 bytes Device BootStart EndBlocks Id System /dev/hda1 * 115120456 83 Linux /dev/hda216 146 1052257+ 82 Linux swap /dev/hda3 147 9729 76975447+ 83 Linux The /home/vpopmail/domains and /var/qmail/queue both are on /dev/hda3 Network Card: Realtek|RTL-8139/8139C The Server is connected to a 100 MBPS Network Port limited to 10 MBPS (10 M/s is equal to over 3 terabytes of traffic per month). mii-tool -v eth0: negotiated 10baseT-FD, link ok product info: vendor 00:00:00, model 0 rev 0 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD link partner: 10baseT-FD 10baseT-HD I have not yet noticed any signs of Network Bottleneck. I am not using RECIPIENTS extension, but using badrcptto for whitelisting mechanism, which works very well (might be a bit slow due to the reason that lookup is being done into txt database). Ok. Good choice. I am also using http://linux.voyager.hr/ucspi-tcp/tcpserver-limits-2004-07-25.diff patch to limit concurrent connection from single IP. This helps identifying Virus trodden computers and denying them connection (it's a boon). Good. I also have Caching-DNS on this Server (djbdns). Excellent. About the todo patches the comments of Dave Sill (of Qmail Handbook fame) are interesting to note in the thread: Outbound email rate slows when inbound rate is high http://groups.google.com/groups?hl=enlr=ie=UTF-8c2coff=1threadm=e6c47de 7.0310091325.147cade4%40posting.google.comrnum=2prev=/groups%3Fq%3Dext-tod o%26hl%3Den%26lr%3D%26ie%3DUTF-8%26c2coff%3D1%26selm%3De6c47de7.0310091325.1 47cade4%2540posting.google.com%26rnum%3D2 Dave is right. No doubt. Also one can have a look at the thread ext-todo and big-todo patches http://groups.google.com/groups?hl=enlr=ie=UTF-8c2coff=1threadm=wx0lm56 pfo0.fsf%40sws5.ctd.ornl.govrnum=1prev=/groups%3Fhl%3Den%26lr%3D%26ie%3DUT
[vchkpw] Old mailboxes
Hi. I was wondering if there is a way to set the vpopmail in order to erase the mailboxes that haven't been used for a long time. Any idea ?
Re: [vchkpw] Old mailboxes
Lucas G. Obredor wrote: Hi. I was wondering if there is a way to set the vpopmail in order to erase the mailboxes that haven't been used for a long time. Any idea ? find /home/vpopmail/domains/yourdomain/*/Maildir/new -type f -ctime +90|awk -F/ '{print $6}' stupid and quick.. but that will tell you accounts that have mail in their Maildir/new dir (not checked) for 90 days or older..
Re: [vchkpw] Old mailboxes
Lucas G. Obredor wrote: Hi. I was wondering if there is a way to set the vpopmail in order to erase the mailboxes that haven't been used for a long time. Any idea ? Hi, vdeloldusers Regards, Rick
Re: [vchkpw] Old mailboxes
thank you a lot Rick ! - Original Message - From: Rick Macdougall [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 08, 2004 10:32 AM Subject: Re: [vchkpw] Old mailboxes Lucas G. Obredor wrote: Hi. I was wondering if there is a way to set the vpopmail in order to erase the mailboxes that haven't been used for a long time. Any idea ? Hi, vdeloldusers Regards, Rick
[vchkpw] vpopmail + billing server integration
Hello, I have a vpopmail server that I would like to integrate with my billing server. The billing server is behind a firewall, and the mail server is not. I'd like to connect via an encrypted shell, like SSH, but I'd also like the connection to be persistent, to avoid connection costs for batch operations. I'd also like to provide a FIFO queue mechanism so that if the mail server reboots, anyone working on the billing server won't get error messages when they attempt to provision services. Then, when the mail server comes back up, the SSH tunnel is re-established and the queued operations begin to execute. However, so far in my google searches I haven't seen anything that would help me implement a persistent SSH connection with a FIFO queue. Can anyone give me tips? Thanks! -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net
Re: [vchkpw] Silly Qmail (Queue) Syndrome and Spamcontrol Patch
On Sep 7, 2004, at 11:54 PM, Devendra Singh wrote: c) what Anti-Virus and Anti-Spam tools are you using AntiVirus is clamav-0.75.1 and AntiSpam is SpamAssassin-2.63 with patched version of qmail-scanner Qmail-Scanner-1.23st (st patch) from http://xoomer.virgilio.it/j.toribio/qmail-scanner/. This patched version of qmail-scanner has been used to selectively enable only 20% of the domains to have AntiVirus/AntiSpam enabled. I am also using the --sa-reject option to have spam messages with a score higher than sa-delete (score of 16 in my case) to be rejected before the smtp session is closed. I'd probably point the finger at qmail-scanner. It's a major resource hog and starts a perl instance every time a message comes in. I use clamav and SpamAssassin as well, but use qscanq (google for it) and qmail-spamc (included with SpamAssassin) to block viruses and score spam on messages at the qmail-queue stage. Unfortunately, without patching, you won't be able to selectively enable it per domain or have an sa-reject option. You could look at some of the patches Ken Jones of Inter7 has put together to add SpamAssassin integration to vdelivermail. This would offload the spam processing from qmail-smptd, and can be enabled on a per-domain basis. You could then replace qmail-scanner with qscanq to block viruses (for all domains) at the smtpd level. Some hints: - It might me worthwilhe to reduce the incoming-concurrency. Drop it to 30. Any figures less than 80 would cause lot many Servers not to get smtp connect to our Server during peak time of 0100 to 0500 hrs EDT. Maybe not. You need to determine whether a lower concurrency will reduce the amount of time spent on each message and ultimately allow more connections per hour. Once you start hitting virtual memory, all of the current connections will get bogged down. Take a look at how many messages are processed per hour at 100, and then at 80. If the queue is growing and messages aren't getting delivered, there's not much benefit to queueing the message instead of just not accepting the connection. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] vpopmail + billing server integration
I'd like to connect via an encrypted shell, like SSH, but I'd also like the connection to be persistent, to avoid connection costs for batch operations. I'd also like to provide a FIFO queue mechanism so that if the mail server reboots, anyone working on the billing server won't get error messages when they attempt to provision services. Then, when the mail server comes back up, the SSH tunnel is re-established and the queued operations begin to execute. However, so far in my google searches I haven't seen anything that would help me implement a persistent SSH connection with a FIFO queue. Can anyone give me tips? Have you considered 1. A VPN between the two? 2. Using an on-demand connection method rather than a persistent method? 3. Just connecting to a dedicated socket or service rather than SSH? 4. The security issues inherent in connecting your billing server to your mailserver? To keep this topic vaguely vpopmail-related, have you considered keeping all of the necessary vpopmail information (or at least most of it) in a MySQL database or some other separate data repository and having something on your billing server update that? (Or, alternatively, why not run the MySQL database on your billing server if you go that route? That gets around the connection issues mentioned above although it does not fix any possible security issues.) Sincerely, Chris Ess System Administrator / CDTT (Certified Duct Tape Technician)
Re: [vchkpw] vpopmail/qmail doublebounce issue
On Tuesday 07 September 2004 07:11 pm, Tom Harrison wrote: In short, if the domain is handled by vpopmail, you don't want it in locals. OK, agreed. Just curious, why did you suggest it the first time? Please forgive me if I somehow unconsciously misled you in my first posting, though I thought I disclosed everything needed I suggested you put mail.ts5.com (which is NOT ts5.com) into locals, or to set it as an alias to ts5.com. You could optionally create another completely separate virtualdomain for the domain.. I was just mentioning what I would do. Putting mail.ts5.com into locals would not affect the functionality of the ts5.com virtualdomain. So, the problem persists, though it has changed slightly, which I think means that the virtualdomains entry mail.ts5.com:ts5.com is at least directing the mail to the local processing. Error messages now are of the form: @4000413e45e20f52c484 new msg 3794192 @4000413e45e20f52dbf4 info msg 3794192: bytes 3104 from [EMAIL PROTECTED] qp 24395 uid507 @4000413e45e210eeb58c starting delivery 1277: msg 3794192 to local [EMAIL PROTECTED] @4000413e45e210eed0e4 status: local 1/10 remote 3/20 @4000413e45e2116de80c delivery 1277: success: user_does_not_exist,_but_will_deliver_to_/home/vpopmail/domains/ts5.com/oth er/Maildir//did_0+0+1/ @4000413e45e2116e074c status: local 0/10 remote 3/20 @4000413e45e2116e0b34 end msg 3794192 postmaster does indeed exist as a user folder in the domain ts5.com, of course. try sending mail to [EMAIL PROTECTED] I bet it will give you the same message. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
Re: [vchkpw] vpopmail + billing server integration
Would you consider using IPSec? As far as I know, IPSec encrypts packets at IP level so you'll avoid batch operations. - Original Message - From: Jesse Guardiani [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 08, 2004 6:10 PM Subject: [vchkpw] vpopmail + billing server integration Hello, I have a vpopmail server that I would like to integrate with my billing server. The billing server is behind a firewall, and the mail server is not. I'd like to connect via an encrypted shell, like SSH, but I'd also like the connection to be persistent, to avoid connection costs for batch operations. I'd also like to provide a FIFO queue mechanism so that if the mail server reboots, anyone working on the billing server won't get error messages when they attempt to provision services. Then, when the mail server comes back up, the SSH tunnel is re-established and the queued operations begin to execute. However, so far in my google searches I haven't seen anything that would help me implement a persistent SSH connection with a FIFO queue. Can anyone give me tips? Thanks! -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net
Re: [vchkpw] Old mailboxes
while i see the program in my vpopmail bin dir, i see no documentation anywhere. running with a '-h' gives a far too terse usage. i'm curious why this isn't openly documented. At 06:32 AM 9/8/2004, you wrote: Hi, vdeloldusers Regards, Rick Paul Theodoropoulos http://www.anastrophe.com http://www.smileglobal.com
Re: [vchkpw] Old mailboxes
Paul Theodoropoulos wrote: while i see the program in my vpopmail bin dir, i see no documentation anywhere. running with a '-h' gives a far too terse usage. i'm curious why this isn't openly documented. Hi, vdeloldusers vdeloldusers: usage: [options] options: -a age_in_days (will delete accounts older than this date) (default is 6 months or 180 days) -v (print version number and exit) -d [domain] (process only [domain]) -e (process every domain) -D (actually delete users. no users are deleted without this option) -V (verbose -- print old users that will be deleted) Regards, Rick
Re: [vchkpw] vpopmail + billing server integration
Hi, Here is something we built into vpopmail for sites like yours. Use mysql on the email server. Have the billing system insert an entry in the vpopmail table, leaving the directory field blank. vpopmail will automatically create the users directory and update the database when any program tries to deliver mail to the user, or authenticate as the user. If the mysql connection fails, write the user information to a flat file. Then have a cron job check for updates to the file and send them over to the mysql server when it becomes available. Hope that helps, Ken Jones On Wednesday 08 September 2004 10:10 am, you wrote: Hello, I have a vpopmail server that I would like to integrate with my billing server. The billing server is behind a firewall, and the mail server is not. I'd like to connect via an encrypted shell, like SSH, but I'd also like the connection to be persistent, to avoid connection costs for batch operations. I'd also like to provide a FIFO queue mechanism so that if the mail server reboots, anyone working on the billing server won't get error messages when they attempt to provision services. Then, when the mail server comes back up, the SSH tunnel is re-established and the queued operations begin to execute. However, so far in my google searches I haven't seen anything that would help me implement a persistent SSH connection with a FIFO queue. Can anyone give me tips? Thanks! ---
Re: [vchkpw] Old mailboxes
thanks. i see that the command doesn't symmetrically provide the help text, that was my error: root-POP /% vdeloldusers -h vdeloldusers: invalid option -- h error: you must supply either the -e or -d [domain] options root-POP /% vdeloldusers vdeloldusers: usage: [options] options: -a age_in_days (will delete accounts older than this date) (default is 6 months or 180 days) -v (print version number and exit) -d [domain] (process only [domain]) -e (process every domain) -D (actually delete users. no users are deleted without this option) -V (verbose -- print old users that will be deleted) it appears it bases deletion upon last auth. unfortunately, if someone has set up the account to forward elsewhere, the last auth may be old, but the address may still be in use. oh well. At 09:35 AM 9/8/2004, you wrote: Paul Theodoropoulos wrote: while i see the program in my vpopmail bin dir, i see no documentation anywhere. running with a '-h' gives a far too terse usage. i'm curious why this isn't openly documented. Hi, vdeloldusers vdeloldusers: usage: [options] options: -a age_in_days (will delete accounts older than this date) (default is 6 months or 180 days) -v (print version number and exit) -d [domain] (process only [domain]) -e (process every domain) -D (actually delete users. no users are deleted without this option) -V (verbose -- print old users that will be deleted) Regards, Rick Paul Theodoropoulos http://www.anastrophe.com http://www.smileglobal.com
Re: [vchkpw] vpopmail + billing server integration
On Wednesday 08 September 2004 11:19 am, Chris Ess wrote: I'd like to connect via an encrypted shell, like SSH, but I'd also like the connection to be persistent, to avoid connection costs for batch operations. I'd also like to provide a FIFO queue mechanism so that if the mail server reboots, anyone working on the billing server won't get error messages when they attempt to provision services. Then, when the mail server comes back up, the SSH tunnel is re-established and the queued operations begin to execute. However, so far in my google searches I haven't seen anything that would help me implement a persistent SSH connection with a FIFO queue. Can anyone give me tips? Have you considered 1. A VPN between the two? solves encryption, but not persistence. Also, that's a rather heavy-weight solution. 2. Using an on-demand connection method rather than a persistent method? Trying to avoid it. Our CSRs see the billing server pause while the hook executes to provision a service. I want to keep that pause time to a minimum. 3. Just connecting to a dedicated socket or service rather than SSH? Not secure, and how would that work? I thought vpopmail's only manipulation system is either SQL or command line based... 4. The security issues inherent in connecting your billing server to your mailserver? Sure. People do it all the time, right? To keep this topic vaguely vpopmail-related, have you considered keeping all of the necessary vpopmail information (or at least most of it) in a MySQL database or some other separate data repository and having something on your billing server update that? It's been suggested. I'm not happy with that solution though. I'd rather keep it command line based. (Or, alternatively, why not run the MySQL database on your billing server if you go that route? Kills scalability. Bad solution. -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net
Re: [vchkpw] vpopmail + billing server integration
On Wednesday 08 September 2004 12:18 pm, Daniel Ciulinaru wrote: Would you consider using IPSec? As far as I know, IPSec encrypts packets at IP level so you'll avoid batch operations. If it's the only way to go, then yes, I would consider it. How would that work? Would I run an NFS client on the billing server? Or would I log in via rsh from the billing server to the mail server? That last choice solves the overhead of starting an encrypted connection, but you've still got the overhead of starting a remote shell. I'd rather just have a dedicated remote shell. - Original Message - From: Jesse Guardiani [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 08, 2004 6:10 PM Subject: [vchkpw] vpopmail + billing server integration Hello, I have a vpopmail server that I would like to integrate with my billing server. The billing server is behind a firewall, and the mail server is not. I'd like to connect via an encrypted shell, like SSH, but I'd also like the connection to be persistent, to avoid connection costs for batch operations. I'd also like to provide a FIFO queue mechanism so that if the mail server reboots, anyone working on the billing server won't get error messages when they attempt to provision services. Then, when the mail server comes back up, the SSH tunnel is re-established and the queued operations begin to execute. However, so far in my google searches I haven't seen anything that would help me implement a persistent SSH connection with a FIFO queue. Can anyone give me tips? Thanks! -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net
Re: [vchkpw] vpopmail + billing server integration
On Wednesday 08 September 2004 12:42 pm, Ken Jones wrote: Hi, Here is something we built into vpopmail for sites like yours. Use mysql on the email server. Have the billing system insert an entry in the vpopmail table, leaving the directory field blank. vpopmail will automatically create the users directory and update the database when any program tries to deliver mail to the user, or authenticate as the user. If the mysql connection fails, write the user information to a flat file. Then have a cron job check for updates to the file and send them over to the mysql server when it becomes available. That's neat. In which version was this feature added? -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net
Re: [vchkpw] vpopmail + billing server integration
On Wed, 8 Sep 2004, Jesse Guardiani wrote: On Wednesday 08 September 2004 11:19 am, Chris Ess wrote: [behold, the power of mail scissors! snip snip] Have you considered 1. A VPN between the two? solves encryption, but not persistence. Also, that's a rather heavy-weight solution. I didn't say it was a clean or nice solution, did I? ^_^ This was to deal with connecting the two servers in my mind. I realized afterwards that this wouldn't be necessary. It's been a long week already (and I had Monday off too). 2. Using an on-demand connection method rather than a persistent method? Trying to avoid it. Our CSRs see the billing server pause while the hook executes to provision a service. I want to keep that pause time to a minimum. That depends on if a scripted SSH connection or whatever you use takes a long time to execute. When I used it, the Net::SSH perl module is pretty fast and added negligible time. 3. Just connecting to a dedicated socket or service rather than SSH? Not secure, and how would that work? I thought vpopmail's only manipulation system is either SQL or command line based... It would work however you want it to. This suggestion would require building your own methods (or finding something someone else has done). You could make it as secure or as insecure as you like. You might also want to look at the vpopmail daemon in development. (Which reminds me that I need to subscribe to that list.) 4. The security issues inherent in connecting your billing server to your mailserver? Sure. People do it all the time, right? It's not my favorite idea and not one I would implement myself if I had a choice -- but, then again, I'm very used to the idea of the accounting and technical departments being separate and us techs not getting access to the accounting systems or data. To keep this topic vaguely vpopmail-related, have you considered keeping all of the necessary vpopmail information (or at least most of it) in a MySQL database or some other separate data repository and having something on your billing server update that? It's been suggested. I'm not happy with that solution though. I'd rather keep it command line based. Okay. Then you're pretty much chained to the SSH solution unless you want to craft another one. (Or, alternatively, why not run the MySQL database on your billing server if you go that route? Kills scalability. Bad solution. I suggested this because this would create the illusion of persistence. I'd much rather run it on a different server altogether. I don't know if I'd say it kills scalability though. You can run a qmail/vpopmail server cluster based around a MySQL database without too much of a problem. Sincerely, Chris Ess System Administrator / CDTT (Certified Duct Tape Technician)
Re: [vchkpw] vpopmail/qmail doublebounce issue
At 9/8/2004 08:38 AM, you wrote: on tuesday 07 september 2004 07:11 pm, tom harrison wrote: in short, if the domain is handled by vpopmail, you don't want it in locals. ok, agreed. just curious, why did you suggest it the first time? please forgive me if i somehow unconsciously misled you in my first posting, though i thought i disclosed everything needed i suggested you put mail.ts5.com (which is not ts5.com) into locals, or to set it as an alias to ts5.com. That's what I did. If you recall from my earlier post, the following part of qmail-showctl's output: * locals: Messages for mail.ts5.com are delivered locally. * That resulted in error messages of the form: * @4000413decc0152edbf4 starting delivery 24: msg 3794106 to local [EMAIL PROTECTED] @4000413decc015300ca4 status: local 1/10 remote 1/20 @4000413decc015d08a94 delivery 24: failure: user_does_not_exist,_but_will_deliver_to_/home/vpopmail/domains/ts5.com/postmaster/Maildir//can_not_open_new_email_file_errno=13_file=/home/vpopmail/domains/ts5.com/postmaster/Maildir/tmp/1094577334.16404.mail.ts5.com,S=3103/system_error/ @4000413decc015d0b1a4 status: local 0/10 remote 1/20 @4000413decc015d0b974 triple bounce: discarding bounce/3794106 * So, I removed the entry in locals, and depended instead on the entry in virtualdomains, and now I get messages of the form: * @4000413f3cc3253fed44 new msg 3794133 @4000413f3cc3254000cc info msg 3794133: bytes 9559 from [EMAIL PROTECTED] qp 13638 uid507 @4000413f3cc326d99074 starting delivery 9721: msg 3794133 to local [EMAIL PROTECTED] @4000413f3cc326d9abcc status: local 1/10 remote 5/20 @4000413f3cc3275aa36c delivery 9721: success: user_does_not_exist,_but_will_deliver_to_/home/vpopmail/domains/ts5.com/other/Maildir//did_0+0+1/ @4000413f3cc3275ac694 status: local 0/10 remote 5/20 @4000413f3cc3275aca7c end msg 3794133 * you could optionally create another completely separate virtualdomain for the domain.. i was just mentioning what i would do. putting mail.ts5.com into locals would not affect the functionality of the ts5.com virtualdomain. Correct. It did not affect the delivery of mail addressed to [EMAIL PROTECTED] ...snip... try sending mail to [EMAIL PROTECTED] i bet it will give you the same message. -jeremy OK, I did that. Mail sent from one user in the TS4.Com domain also hosted on the same server yields a correct delivery to the mailbox for [EMAIL PROTECTED]: * X-Persona: TS5 Postmaster Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 10291 invoked from network); 8 Sep 2004 16:29:24 - Received: from unknown (HELO tomivxp.TS4.Com) (192.168.1.51) by 0 with SMTP; 8 Sep 2004 16:29:24 - Message-Id: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED]@mail.ts4.com X-Mailer: QUALCOMM Windows Eudora Version 5.2.1 Date: Wed, 08 Sep 2004 09:28:05 -0700 To: [EMAIL PROTECTED] From: Tom Harrison [EMAIL PROTECTED] Subject: test virtual domain Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed * And mail sent from outside the system to [EMAIL PROTECTED] also results in a correct delivery to the mailbox for [EMAIL PROTECTED]: * X-Persona: TS5 Postmaster Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 11767 invoked from network); 8 Sep 2004 16:38:10 - Received: from webmail-outgoing.us4.outblaze.com (205.158.62.67) by 0 with SMTP; 8 Sep 2004 16:38:10 - Received: from wfilter.us4.outblaze.com (wfilter.us4.outblaze.com [205.158.62.180]) by webmail-outgoing.us4.outblaze.com (Postfix) with QMQP id AA4251801935 for [EMAIL PROTECTED]; Wed, 8 Sep 2004 16:37:04 + (GMT) X-OB-Received: from unknown (208.36.123.31) by wfilter.us4.outblaze.com; 8 Sep 2004 16:33:17 - Received: by ws7-2.us4.outblaze.com (Postfix, from userid 1001) id 40F63E5BCA; Wed, 8 Sep 2004 16:33:11 + (GMT) Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 X-Mailer: MIME-tools 5.41 (Entity 5.404) Received: from [24.20.77.41] by ws7-2.us4.outblaze.com with http for [EMAIL PROTECTED]; Wed, 08 Sep 2004 11:33:11 -0500 From: Tom Harrison [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Wed, 08 Sep 2004 11:33:11 -0500 Subject: test from the outside X-Originating-Ip: 24.20.77.41 X-Originating-Server: ws7-2.us4.outblaze.com Message-Id: [EMAIL PROTECTED] * So, delivery of normal mail still works just fine. It is only the internal mail generated as a double-bounce that fails. I stand confused, still. Thanks in advance for helping me see the light on this. By the way, I still have the open question regarding a recommendation for a construct similar to the realrcptto patch, to operate with vpopmail and bounce all this crud BEFORE it crawls into the sytem. Tom Harrison -- jeremy kitchen ++ systems administrator ++ inter7 internet technologies,
Re: [vchkpw] vpopmail + billing server integration
On Wednesday 08 September 2004 12:03 pm, Jesse Guardiani wrote: On Wednesday 08 September 2004 12:42 pm, Ken Jones wrote: Hi, Here is something we built into vpopmail for sites like yours. Use mysql on the email server. Have the billing system insert an entry in the vpopmail table, leaving the directory field blank. vpopmail will automatically create the users directory and update the database when any program tries to deliver mail to the user, or authenticate as the user. If the mysql connection fails, write the user information to a flat file. Then have a cron job check for updates to the file and send them over to the mysql server when it becomes available. That's neat. In which version was this feature added? I'm not sure. A couple years ago at least. Another alternative is to use the new vpopmail daemon running under tcpserver. It uses simple text commands. Authenticate, then add/delete users, or whatever. Ken
Re: [vchkpw] vpopmail + billing server integration
On Wed, 8 Sep 2004, Ken Jones wrote: Hi, Here is something we built into vpopmail for sites like yours. Use mysql on the email server. Have the billing system insert an entry in the vpopmail table, leaving the directory field blank. vpopmail will automatically create the users directory and update the database when any program tries to deliver mail to the user, or authenticate as the user. That's really neat! I didn't realize you could do this. (Now someone will tell me that it's in the documentation that I seem to've not read recently.) (I know this is getting offtopic...) So I could use an INSERT statement in SQL instead of vadduser? Or am I not understanding this correctly? Sincerely, Chris Ess System Administrator / CDTT (Certified Duct Tape Technician)
Re: [vchkpw] vpopmail + billing server integration
On Wednesday 08 September 2004 12:25 pm, Chris Ess wrote: On Wed, 8 Sep 2004, Ken Jones wrote: Hi, Here is something we built into vpopmail for sites like yours. Use mysql on the email server. Have the billing system insert an entry in the vpopmail table, leaving the directory field blank. vpopmail will automatically create the users directory and update the database when any program tries to deliver mail to the user, or authenticate as the user. That's really neat! I didn't realize you could do this. (Now someone will tell me that it's in the documentation that I seem to've not read recently.) It is probably in the mailing list archives. I'm not sure if anyone has updated the documentation. (I know this is getting offtopic...) So I could use an INSERT statement in SQL instead of vadduser? Or am I not understanding this correctly? That is the idea. A while back some folks wanted to hook up their billing systems to vpopmail. Basicly they would insert into the vpopmail sql table. The only thing they couldn't do easily was create the hashed directory path. So we put in vpopmail code to check if the path is blank and automatically create the new path and update the database. You will also need to set the encrypted password using mysql's CRYPT function. Mysql's standard encryption functions are not compatible with unix/linux. Ken
Re: [vchkpw] vpopmail + billing server integration
On Wednesday 08 September 2004 1:25 pm, Ken Jones wrote: On Wednesday 08 September 2004 12:03 pm, Jesse Guardiani wrote: On Wednesday 08 September 2004 12:42 pm, Ken Jones wrote: Hi, Here is something we built into vpopmail for sites like yours. Use mysql on the email server. Have the billing system insert an entry in the vpopmail table, leaving the directory field blank. vpopmail will automatically create the users directory and update the database when any program tries to deliver mail to the user, or authenticate as the user. If the mysql connection fails, write the user information to a flat file. Then have a cron job check for updates to the file and send them over to the mysql server when it becomes available. That's neat. In which version was this feature added? I'm not sure. A couple years ago at least. Another alternative is to use the new vpopmail daemon running under tcpserver. It uses simple text commands. Authenticate, then add/delete users, or whatever. Wow. That sounds ideal. The last time I RTFM was in 2002 or 2003, I think. I haven't upgraded since then, so I guess it's time to read about the new features. So, vpopmail is a sourceforge project now? Is inter7 still a heavy developer, or are you guys getting more attached to the bottom line these days? I think going with sourceforge was a great idea, BTW. Thanks Ken! -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net
[vchkpw] QMail + Vpopmail vs. Postfix + Cyrus IMAP
Howdy folks, Sorry for the flame bait, but I'm just curious what all you seasoned vpopmail veterans have to say about Postfix + Cyrus. Back in 2002 when my company chose to go with QMail + Vpopmail I thought it was the Right Choice, but these days I'm hearing a lot about Postfix + Cyrus. For a while there, it seemed like vpopmail development was grinding to a halt, but these days it seems to be picking back up again. Even QMail seems to be at least partially back under development with the Netqmail package. It's giving me hope for the platform that I've invested so much of my personal time into. For those of you who have had the opportunity to work with BOTH systems, which do you prefer and why? BTW, I currently run QMail + vpopmail friends + courier-imap + sqwebmail. Thanks! -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net
[vchkpw] Re: vpopmail + billing server integration
On Wed, 8 Sep 2004, Ken Jones wrote: On Wednesday 08 September 2004 12:25 pm, Chris Ess wrote: [snip] It is probably in the mailing list archives. I'm not sure if anyone has updated the documentation. I wonder if a group of us should get together and update the documentation with all of the neat things mentioned on the mailing list. (Alternatively, I wonder if we'd ever have the time...) (I know this is getting offtopic...) So I could use an INSERT statement in SQL instead of vadduser? Or am I not understanding this correctly? That is the idea. A while back some folks wanted to hook up their billing systems to vpopmail. Basicly they would insert into the vpopmail sql table. The only thing they couldn't do easily was create the hashed directory path. So we put in vpopmail code to check if the path is blank and automatically create the new path and update the database. Okay. Makes sense. You will also need to set the encrypted password using mysql's CRYPT function. Mysql's standard encryption functions are not compatible with unix/linux. Yep. I'm not sure how far I trust MySQL's ENCRYPT() function since I've had issues with MD5 passwords and the crypt() function in Perl. The 'Change MySQL Password' plugin for squirrelmail at http://www.squirrelmail.org/plugin_view.php?id=25 includes an MD5 password algorithm in PHP which works pretty nicely. I'll have to test out the functionality of the INSERT. I have a vpopmail admin plugin for squirrelmail (have to ask my boss if I can distribute it so don't ask me for a copy yet) that uses a set-uid vadduser to handle adding users. I'd love to get rid of that. While I'm thinking about it, I can use a DELETE query to remove the row for a user and then queue a job (I'll worry about how to set this up) to archive/delete the user's mail, right? Sincerely, Chris Ess System Administrator / CDTT (Certified Duct Tape Technician)
Re: [vchkpw] vpopmail/qmail doublebounce issue
On Sep 8, 2004, at 10:24 AM, Tom Harrison wrote: * locals: Messages for mail.ts5.com are delivered locally. * That resulted in error messages of the form: * @4000413decc0152edbf4 starting delivery 24: msg 3794106 to local [EMAIL PROTECTED] @4000413decc015300ca4 status: local 1/10 remote 1/20 @4000413decc015d08a94 delivery 24: failure: user_does_not_exist,_but_will_deliver_to_/home/vpopmail/domains/ ts5.com/postmaster/Maildir// can_not_open_new_email_file_errno=13_file=/home/vpopmail/domains/ ts5.com/postmaster/Maildir/tmp/1094577334.16404.mail.ts5.com,S=3103/ system_error/ @4000413decc015d0b1a4 status: local 0/10 remote 1/20 @4000413decc015d0b974 triple bounce: discarding bounce/3794106 * What does /var/qmail/alias/.qmail-postmaster (or .qmail-default) look like? If mail.ts5.com is in locals, then qmail looks at the files in /var/qmail/alias if there isn't a system account with the name 'postmaster'. You could avoid a lot of this mess by putting ts5.com in /var/qmail/control/doublebouncehost. Or, do what I do and set doublebounceto to 'doublebounce' and set /var/qmail/alias/.qmail-doublebounce to '#'. In other words, ignore double bounces. IMHO, they are 99.999% spam-related and not worth reading. So, delivery of normal mail still works just fine. It is only the internal mail generated as a double-bounce that fails. I stand confused, still. Thanks in advance for helping me see the light on this. Remove mail.ts5.com from virtualdomains (and /var/qmail/users/assign if it's in there). Run ~vpopmail/bin/vaddaliasdomain ts5.com mail.ts5.com. I think that vdelivermail has trouble decoding [EMAIL PROTECTED]. Having mail.ts5.com as an alias domain to ts5.com should solve that problem (making it [EMAIL PROTECTED]). In a typical vpopmail installation, all of the pairs in virtualdomains are identical. By the way, I still have the open question regarding a recommendation for a construct similar to the realrcptto patch, to operate with vpopmail and bounce all this crud BEFORE it crawls into the sytem. Take a look at the chkusr patch http://www.interazioni.it/qmail/. It only works with domains that have catchall set to bounce, but it will block messages at the smtpd level. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] QMail + Vpopmail vs. Postfix + Cyrus IMAP
Il mer, 2004-09-08 alle 19:55, Jesse Guardiani ha scritto: Howdy folks, Sorry for the flame bait, but I'm just curious what all you seasoned vpopmail veterans have to say about Postfix + Cyrus. Back in 2002 when my company chose to go with QMail + Vpopmail I thought it was the Right Choice, but these days I'm hearing a lot about Postfix + Cyrus. For a while there, it seemed like vpopmail development was grinding to a halt, but these days it seems to No, i don't think that the vpopmail development is on a halt, i think that it's the opposite: vpopmail dev was stopped on v5.2.x version when was developed only by inter7, since Tom Collins has joined (or better: maintaned) the development vpopmail has get a big sprint. I don't think that the problem is vpopmail, the problem is qmail: after 6 years since 1.03 version there's no modific to the original version, now you always need addictional feature like antivirus integration, more spam filters, a lot of other things... this lead to a patch-over-patch phenomenon that is an headace for the qmail administrator. So you need a toaster like netqmail-1.05 + bill shupp patches, but sometimes this is not enoght. On the other hand postfix is active developed even on the core. So i think that the problem of qmail is its license and it's author's ego. be picking back up again. Even QMail seems to be at least partially back under development with the Netqmail package. It's giving me hope for the platform that I've invested so much of my personal time into. For those of you who have had the opportunity to work with BOTH systems, which do you prefer and why? BTW, I currently run QMail + vpopmail friends + courier-imap + sqwebmail. Don't use sqwebmail, use squirrel. Regards. -- Davide Giunchi
[vchkpw] RE:un-subscribe
Un-subscribe
[vchkpw] Re: un-subscribe
Kirti S. Bajwa writes: Un-subscribe Kirti- Try mailing to this address from the email account you're subscribed with
[vchkpw] un-subscribe
Re: [vchkpw] QMail + Vpopmail vs. Postfix + Cyrus IMAP
- Original Message - From: Davide Giunchi [EMAIL PROTECTED] Il mer, 2004-09-08 alle 19:55, Jesse Guardiani ha scritto: Howdy folks, Sorry for the flame bait, but I'm just curious what all you seasoned vpopmail veterans have to say about Postfix + Cyrus. Back in 2002 when my company chose to go with QMail + Vpopmail I thought it was the Right Choice, but these days I'm hearing a lot about Postfix + Cyrus. For a while there, it seemed like vpopmail development was grinding to a halt, but these days it seems to I don't think that the problem is vpopmail, the problem is qmail: after 6 years since 1.03 version there's no modific to the original version, now you always need addictional feature like antivirus integration, more spam filters, a lot of other things... this lead to a patch-over-patch phenomenon that is an headace for the qmail administrator. Yes I agree I extensively used qmail/vpopmail at the ISP I used to own. However, I sold the business to a larger ISP last year, and now I work for them. They use postfix as their standard mail server. Since being exposed to this software I marvel at all the fabulous features compared with qmail. In particular the ease that you can perform a vast array of checks / filtering on incoming mail. The more I see of postfix, the more I understand just how out-of-date that qmail really is. But! whenever I demonstrate the vpopmail software to any of the guys at my new place of employment, they are the ones who are marvelling at the ease of use and features of vpopmail. The perfect world would be a vpopmail mailbox management combined with postfix MTA :-) Michael.
Re: [vchkpw] vpopmail + billing server integration
- Original Message - From: Chris Ess [EMAIL PROTECTED] On Wed, 8 Sep 2004, Ken Jones wrote: Use mysql on the email server. Have the billing system insert an entry in the vpopmail table, leaving the directory field blank. vpopmail will automatically create the users directory and update the database when any program tries to deliver mail to the user, or authenticate as the user. That's really neat! I didn't realize you could do this. (Now someone will tell me that it's in the documentation that I seem to've not read recently.) (I know this is getting offtopic...) So I could use an INSERT statement in SQL instead of vadduser? Or am I not understanding this correctly? Yes that feature has been around for a while It has definitely been discussed in the archives of this list, but I would agree that I don't remember seeing it mentioned in the docs. I use this feature to allow an IIS webserver to create mailboxes on my vpopmail server. This is achieved by using an ASP script that creates an appropriate record and inserts it into the vpopmail MySQL. Of course the same sort of thing could be achieved using Apache/PHP. I have some more information and some example code here : http://www.pipeline.com.au/staff/mbowe/isp/webmail-server.htm#Example_scripts ps. one catch with inserting users directly... The mailbox on the disk isnt created until the 1st POP/IMAP login is done, or the 1st mailbox message is received. This can cause a glitch with qmailadmin, because if the user tries to login to qmailadmin before their mailbox on the disk exists, qmailadmin will barf because it cant write a lockfile to the user's dir. So when I insert users directly, the same script also sends the user a welcome message to ensure that the mailbox is created immediately. Michael.
RE: [vchkpw] Re: un-subscribe
[EMAIL PROTECTED]
Re: [vchkpw] Re: un-subscribe
On Wednesday 08 September 2004 04:44 pm, Kirti S. Bajwa wrote: [EMAIL PROTECTED] please stop this madness. read the headers of every message sent to you by the mailing list to figure out how to unsubscribe. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
Re: [vchkpw] vpopmail + billing server integration
- Original Message - From: Michael Bowe [EMAIL PROTECTED] - Original Message - From: Chris Ess [EMAIL PROTECTED] (I know this is getting offtopic...) So I could use an INSERT statement in SQL instead of vadduser? Or am I not understanding this correctly? Yes that feature has been around for a while It has definitely been discussed in the archives of this list, but I would agree that I don't remember seeing it mentioned in the docs. I will take a stab at updating the README.mysql with this info Also I will include a note that points out that with the mysql backend, you can add your own columns to the table. This allows you to store other information per user, and it doesn't affect vpopmail's operation in any way. It my ISP we added an additional column mailbox_owner so that when we provisioned additional mailboxes for a dialup customer, we could store the owners account details in this column. This made it easy for us to locate and zap these extra mailboxes should that dialup customer ever close their account Michael.
Re: [vchkpw] QMail + Vpopmail vs. Postfix + Cyrus IMAP
Am Mi, den 08.09.2004 schrieb Michael Bowe um 23:20: But! whenever I demonstrate the vpopmail software to any of the guys at my new place of employment, they are the ones who are marvelling at the ease of use and features of vpopmail. Indeed. Postfix _is_ nice (cyrus is debatable, IMO), but what use is a mailserver without any webinterface for customers to add/modify/delete their users? There are lots of bits and pieces around, but no complete package. Just compare what is available to postfix with qmail+patches^3+vpopmail+qmailadmin and see which one you want to start with. cheers, Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
[vchkpw] warning: dropping connection, unable to read /home/vpopmail/etc/tcp.smtp.cdb: access denied
Can You help me ? what´s wrong ? tcpserver: warning: dropping connection, unable to read /home/vpopmail/etc/tcp.smtp.cdb: access denied Itamar Reis PeixotoAnalista ConsultorTreyNet Consultoria - UberlândiaTel : + 55 34 3231 0598Cel: +55 38 9107 1250http://www.treynet.com.br
Re: [vchkpw] warning: dropping connection, unable to read /home/vpopmail/etc/tcp.smtp.cdb: access denied
On Wednesday 08 September 2004 06:46 pm, Itamar Reis Peixoto wrote: Can You help me ? perhaps. what´s wrong ? permissions. tcpserver: warning: dropping connection, unable to read /home/vpopmail/etc/tcp.smtp.cdb: access denied ls -ld /home /home/vpopmail /home/vpopmail/etc /home/vpopmail/etc/tcp.smtp.cdb if the problem isn't blatantly apparent, post the output of that back to here, or grab yourself a unix for newbies book. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
Re: [vchkpw] Re: un-subscribe
Am Do, den 09.09.2004 schrieb Jeremy Kitchen um 0:50: On Wednesday 08 September 2004 04:44 pm, Kirti S. Bajwa wrote: [EMAIL PROTECTED] please stop this madness. read the headers of every message sent to you by the mailing list to figure out how to unsubscribe. You'd think that people subscribing to a list about a mailserver-management software would know how to read (let alone find) a header. But the last time someone posted the above advice, the person in question promptly asked how to find the header... It scares me to think that these people might actually run a mailserver. Gives a whole new meaning to the joke about on the internet, nobody knows you're a dog, doesn't it ? Perhaps you could implement a filter that directs people wanting subscribe with Outlook-clients to a web-page describing how to view the header in various Outlook-variants. Then, before the subscription is approved, they have to fill out a little multiple choice test Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
RE: [vchkpw] warning: dropping connection, unable to read /home/vpopmail/etc/tcp.smtp.cdb: access denied
Title: Message -Original Message-From: Itamar Reis Peixoto [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 08, 2004 4:46 PMTo: [EMAIL PROTECTED]Subject: [vchkpw] warning: dropping connection, unable to read /home/vpopmail/etc/tcp.smtp.cdb: access denied tcpserver: warning: dropping connection, unable to read /home/vpopmail/etc/tcp.smtp.cdb: access denied Itamar Reis PeixotoAnalista ConsultorTreyNet Consultoria - UberlândiaTel : + 55 34 3231 0598Cel: +55 38 9107 1250http://www.treynet.com.br check your permissionsfrom /home/vpopmail down to /home/vpopmail/etc/tcp.smtp.cdb... making sure its ownership vpopmail:vchkpw and one thing i've noticed is you need permissions 755 down to /home/vpopmail/etc/ and 644 on tcp.smtp.cdb. --joey
[vchkpw] chaning passwords
Hello folks, I'm running qmail(smtpd+pop3d)+vpopmail in my FreeBSD 4.10-STABLE system and I wanted to know if there is any possible way to give the mail users the power to change theyr virtual account password. My clients are arguing because they have to send an email to the sysadmin to change passwords and that is not convenient. thanks alot!
Re: [vchkpw] warning: dropping connection, unable to read /home/vpopmail/etc/tcp.smtp.cdb: access denied
Title: Message thank you. - Original Message - From: Joseph Schmitt II To: [EMAIL PROTECTED] Sent: Wednesday, September 08, 2004 9:45 PM Subject: RE: [vchkpw] warning: dropping connection, unable to read /home/vpopmail/etc/tcp.smtp.cdb: access denied -Original Message-From: Itamar Reis Peixoto [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 08, 2004 4:46 PMTo: [EMAIL PROTECTED]Subject: [vchkpw] warning: dropping connection, unable to read /home/vpopmail/etc/tcp.smtp.cdb: access denied tcpserver: warning: dropping connection, unable to read /home/vpopmail/etc/tcp.smtp.cdb: access denied Itamar Reis PeixotoAnalista ConsultorTreyNet Consultoria - UberlândiaTel : + 55 34 3231 0598Cel: +55 38 9107 1250http://www.treynet.com.br check your permissionsfrom /home/vpopmail down to /home/vpopmail/etc/tcp.smtp.cdb... making sure its ownership vpopmail:vchkpw and one thing i've noticed is you need permissions 755 down to /home/vpopmail/etc/ and 644 on tcp.smtp.cdb. --joey
Re: [vchkpw] chaning passwords
qmailadmin is what you're looking for. On Thu, 09 Sep 2004 02:02:10 +, Alexandre Vieira [EMAIL PROTECTED] wrote: Hello folks, I'm running qmail(smtpd+pop3d)+vpopmail in my FreeBSD 4.10-STABLE system and I wanted to know if there is any possible way to give the mail users the power to change theyr virtual account password. My clients are arguing because they have to send an email to the sysadmin to change passwords and that is not convenient. thanks alot!
RE: [vchkpw] chaning passwords
-Original Message- From: Alexandre Vieira [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 08, 2004 7:02 PM To: [EMAIL PROTECTED] Subject: [vchkpw] chaning passwords Hello folks, I'm running qmail(smtpd+pop3d)+vpopmail in my FreeBSD 4.10-STABLE system and I wanted to know if there is any possible way to give the mail users the power to change theyr virtual account password. My clients are arguing because they have to send an email to the sysadmin to change passwords and that is not convenient. thanks alot! http://www.mail-archive.com/vchkpw%40inter7.com/msg19253.html This was *JUST* discussed But an alternative that I use: squirrelmail+vpopmail plugin: http://www.squirrelmail.org/plugin_view.php?id=103
Re: [vchkpw] chaning passwords
Joseph Schmitt II wrote: -Original Message- From: Alexandre Vieira [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 08, 2004 7:02 PM To: [EMAIL PROTECTED] Subject: [vchkpw] chaning passwords Hello folks, I'm running qmail(smtpd+pop3d)+vpopmail in my FreeBSD 4.10-STABLE system and I wanted to know if there is any possible way to give the mail users the power to change theyr virtual account password. My clients are arguing because they have to send an email to the sysadmin to change passwords and that is not convenient. thanks alot! http://www.mail-archive.com/vchkpw%40inter7.com/msg19253.html This was *JUST* discussed But an alternative that I use: squirrelmail+vpopmail plugin: http://www.squirrelmail.org/plugin_view.php?id=103 Hello, Thanks for your input but I wasn't explicit enough. We use a non-browsing services, it's just simple smtp/pop3 with no panels. However, this users have shell access to the server and I was thinking that maybe there were a way to modify passwords with the bin/vchangepw but when i use it as a regular user it gives me the following error (and yes the user exists): %/usr/local/vpopmail/bin/vchangepw Please enter the email address: [EMAIL PROTECTED] [EMAIL PROTECTED] Enter old password: Please enter password for [EMAIL PROTECTED]: enter password again: Error: Illegal username % [EMAIL PROTECTED]:/usr/local/vpopmail]# bin/vuserinfo [EMAIL PROTECTED] name: user passwd: $1$zAJePsFq$.1xA6YSFPeqanov4WvqRQ0 clear passwd: uid:1 gid:0 flags: 0 gecos: Username limits: No user limits set. dir: /usr/local/vpopmail/domains/domain.tld/user quota: NOQUOTA usage: NOQUOTA last auth: Thu Sep 9 01:25:36 2004 last auth ip: 127.0.0.1 [EMAIL PROTECTED]:/usr/local/vpopmail]# If anyone has any light on this one i would apreciate. Thanks alot!
RE: [vchkpw] chaning passwords
-Original Message- From: Alexandre Vieira [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 08, 2004 9:01 PM To: [EMAIL PROTECTED] Subject: Re: [vchkpw] chaning passwords Joseph Schmitt II wrote: -Original Message- From: Alexandre Vieira [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 08, 2004 7:02 PM To: [EMAIL PROTECTED] Subject: [vchkpw] chaning passwords Hello folks, I'm running qmail(smtpd+pop3d)+vpopmail in my FreeBSD 4.10-STABLE system and I wanted to know if there is any possible way to give the mail users the power to change theyr virtual account password. My clients are arguing because they have to send an email to the sysadmin to change passwords and that is not convenient. thanks alot! http://www.mail-archive.com/vchkpw%40inter7.com/msg19253.html This was *JUST* discussed But an alternative that I use: squirrelmail+vpopmail plugin: http://www.squirrelmail.org/plugin_view.php?id=103 Hello, Thanks for your input but I wasn't explicit enough. We use a non-browsing services, it's just simple smtp/pop3 with no panels. However, this users have shell access to the server and I was thinking that maybe there were a way to modify passwords with the bin/vchangepw but when i use it as a regular user it gives me the following error (and yes the user exists): %/usr/local/vpopmail/bin/vchangepw Please enter the email address: [EMAIL PROTECTED] [EMAIL PROTECTED] Enter old password: Please enter password for [EMAIL PROTECTED]: enter password again: Error: Illegal username % [EMAIL PROTECTED]:/usr/local/vpopmail]# bin/vuserinfo [EMAIL PROTECTED] name: user passwd: $1$zAJePsFq$.1xA6YSFPeqanov4WvqRQ0 clear passwd: uid:1 gid:0 flags: 0 gecos: Username limits: No user limits set. dir: /usr/local/vpopmail/domains/domain.tld/user quota: NOQUOTA usage: NOQUOTA last auth: Thu Sep 9 01:25:36 2004 last auth ip: 127.0.0.1 [EMAIL PROTECTED]:/usr/local/vpopmail]# If anyone has any light on this one i would apreciate. Thanks alot! Ownership of vchangepw probably wont allow normal users to run, and you most likely wouldn't want that for security reasons. You could make your own perl script (suid vpopmail:vchkpw), and when run, prompt for the full email addres, prompt the old password to check, and upon success, accept the new password that you could then pass to the vpopmail perl module (below), system the vchangepw, or just make the changes to mysql (if you're using) with perl DBI. There is a really old perl module that might still work here: http://bluedot.net/projects/vpopmail.html --joey
Re: [vchkpw] chaning passwords
Am Do, den 09.09.2004 schrieb Alexandre Vieira um 6:01: Thanks for your input but I wasn't explicit enough. We use a non-browsing services, it's just simple smtp/pop3 with no panels. Granted - but what's the problem directing users to a webpage with qmailadmin ? Or do your users not have browsers installed ? However, this users have shell access to the server That's not an ideal situation, from a security point of view. From my understanding, vpopmail (or just about any mail-server software) is not really suited for a multi-user environment where users have local access to the mailserver itself. and I was thinking that maybe there were a way to modify passwords with the bin/vchangepw but when i use it as a regular user it gives me the following error (and yes the user exists): It's not designed to be run by other users than root. cheers, Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] chaning passwords
On Sep 8, 2004, at 9:01 PM, Alexandre Vieira wrote: Thanks for your input but I wasn't explicit enough. We use a non-browsing services, it's just simple smtp/pop3 with no panels. However, this users have shell access to the server and I was thinking that maybe there were a way to modify passwords with the bin/vchangepw but when i use it as a regular user it gives me the following error (and yes the user exists): Read the notes in the source to the program to learn how to set it up correctly: * Usage Note: * The binary vchangepw is added. I set up another * user account with this binary as shell and uid/gid * identical to vpopmail. Now users can ssh to the box * as this user and change the password remote without * asking me. It's as secure as everything else when the * login is only allowed with ssh, so everything is * crypted. * * If you don't create an account as above, you will need to change * permissions and ownership on vchangepw to suid vpopmail. It should be safe to use -- setuid doesn't work when run under strace, so there's no chance that a user could trace the process to learn a user's password (or, worse yet, the MySQL user/pass). -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/