Re: [vchkpw] chkuser 2.0.8 + syslog
tonix (Antonio Nati) wrote: At 17.59 17/05/2005, you wrote: On Tuesday 17 May 2005 11:47 am, tonix (Antonio Nati) wrote: Hi Jimmy, this does not look as a chkuser problem, but as a general qmail problem (as chkuser uses same logging routines of qmail). chkuser log goes whenever qmail logs go. Are your normal qmail-smtpd logs going to syslog? I currently have no problems with email logging. I have also got the rblsmtpd syslogd patch working its only the chkuser stuff that does not end up in syslog. however, qmail-smtpd doesn't actually log anything.. so you've had to add some additional logging code :) You are right! Around chkuser logging I have tcpserver logging (tcpserver starting qmail-smtpd). I consider it the same of qmail-smtpd (when existing :-)) in my previous comment. Tonino -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED]
Re: [vchkpw] chkuser 2.0.8 + syslog
At 08.52 18/05/2005, you wrote: tonix (Antonio Nati) wrote: At 17.59 17/05/2005, you wrote: On Tuesday 17 May 2005 11:47 am, tonix (Antonio Nati) wrote: Hi Jimmy, this does not look as a chkuser problem, but as a general qmail problem (as chkuser uses same logging routines of qmail). chkuser log goes whenever qmail logs go. Are your normal qmail-smtpd logs going to syslog? I currently have no problems with email logging. I have also got the rblsmtpd syslogd patch working its only the chkuser stuff that does not end up in syslog. This is my configuration for qmail-smtpd. It logs everything (chkuser included). I don't use supervise, so you must change something if you use it. /var/qmail/ucspi/tcpserver -l my.system.name \ -b 20 -c 40 -u 88 -g 83 \ -h -R -t 5 -v -p -x /vpopmail/etc/tcp.smtp.cdb my.system.address smtp \ /var/qmail/ucspi/rblsmtpd -r bl.spamcop.net -r sbl-xbl.spamhaus.org \ /var/qmail/bin/qmail-smtpd 21 | splogger mytag Tonino
Re: [vchkpw] chkuser 2.0.8 + syslog
Thanks that worked really well! tonix (Antonio Nati) wrote: At 08.52 18/05/2005, you wrote: tonix (Antonio Nati) wrote: At 17.59 17/05/2005, you wrote: On Tuesday 17 May 2005 11:47 am, tonix (Antonio Nati) wrote: Hi Jimmy, this does not look as a chkuser problem, but as a general qmail problem (as chkuser uses same logging routines of qmail). chkuser log goes whenever qmail logs go. Are your normal qmail-smtpd logs going to syslog? I currently have no problems with email logging. I have also got the rblsmtpd syslogd patch working its only the chkuser stuff that does not end up in syslog. This is my configuration for qmail-smtpd. It logs everything (chkuser included). I don't use supervise, so you must change something if you use it. /var/qmail/ucspi/tcpserver -l my.system.name \ -b 20 -c 40 -u 88 -g 83 \ -h -R -t 5 -v -p -x /vpopmail/etc/tcp.smtp.cdb my.system.address smtp \ /var/qmail/ucspi/rblsmtpd -r bl.spamcop.net -r sbl-xbl.spamhaus.org \ /var/qmail/bin/qmail-smtpd 21 | splogger mytag Tonino
Re: [vchkpw] chkuser 2.0.8 + syslog
tonix (Antonio Nati) wrote: At 08.52 18/05/2005, you wrote: tonix (Antonio Nati) wrote: At 17.59 17/05/2005, you wrote: On Tuesday 17 May 2005 11:47 am, tonix (Antonio Nati) wrote: Hi Jimmy, this does not look as a chkuser problem, but as a general qmail problem (as chkuser uses same logging routines of qmail). chkuser log goes whenever qmail logs go. Are your normal qmail-smtpd logs going to syslog? I currently have no problems with email logging. I have also got the rblsmtpd syslogd patch working its only the chkuser stuff that does not end up in syslog. This is my configuration for qmail-smtpd. It logs everything (chkuser included). I don't use supervise, so you must change something if you use it. /var/qmail/ucspi/tcpserver -l my.system.name \ -b 20 -c 40 -u 88 -g 83 \ -h -R -t 5 -v -p -x /vpopmail/etc/tcp.smtp.cdb my.system.address smtp \ /var/qmail/ucspi/rblsmtpd -r bl.spamcop.net -r sbl-xbl.spamhaus.org \ /var/qmail/bin/qmail-smtpd 21 | splogger mytag When I added a similar line where i had /var/qmail/bin/splogger tcpserver It appeared to actually accept all emails regardless if the user was on the system or not. When I remove that line it will reject email for invalid users using chkuser. Any ideas? Tonino
Re: [vchkpw] chkuser 2.0.8 + syslog
At 10.48 18/05/2005, you wrote: I currently have no problems with email logging. I have also got the rblsmtpd syslogd patch working its only the chkuser stuff that does not end up in syslog. This is my configuration for qmail-smtpd. It logs everything (chkuser included). I don't use supervise, so you must change something if you use it. /var/qmail/ucspi/tcpserver -l my.system.name \ -b 20 -c 40 -u 88 -g 83 \ -h -R -t 5 -v -p -x /vpopmail/etc/tcp.smtp.cdb my.system.address smtp \ /var/qmail/ucspi/rblsmtpd -r bl.spamcop.net -r sbl-xbl.spamhaus.org \ /var/qmail/bin/qmail-smtpd 21 | splogger mytag When I added a similar line where i had /var/qmail/bin/splogger tcpserver Please don't say similar, as similar means a lot of things: post the complete starting commands. It appeared to actually accept all emails regardless if the user was on the system or not. When I remove that line it will reject email for invalid users using chkuser. Probably in your configuration you have the variable CHKUSER_STARTING_VARIABLE that must be defined, or is is defined in a wrong way. Check that. Tonino
[vchkpw] smtp authentication
Hi, Can someone tell me which kind of SMTP-Auth patch (or qmail-smtpd replacement) integrates properly with vpopmail+qmail setup? I don't want to use mailfront for the same but I am open to other ideas where SMTP-Auth module can check the password from vpasswd files of vpopmail. Thanks for the replies in advance. With warm regards, -Payal
Re: [vchkpw] smtp authentication
Payal Rathod wrote: Hi, Can someone tell me which kind of SMTP-Auth patch (or qmail-smtpd replacement) integrates properly with vpopmail+qmail setup? I don't want to use mailfront for the same but I am open to other ideas where SMTP-Auth module can check the password from vpasswd files of vpopmail. Thanks for the replies in advance. With warm regards, -Payal We have been very happy with the smtp-auth that is included in the contrib directory of vpopmail. It uses vchkpw so checking against the system users, vpopmail users in cdb, vpopmail users in SQL, all work fine. DAve
Re: [vchkpw] smtp authentication
On Wednesday, May 18 at 09:12 AM, quoth Payal Rathod: Can someone tell me which kind of SMTP-Auth patch (or qmail-smtpd replacement) integrates properly with vpopmail+qmail setup? I don't want to use mailfront for the same but I am open to other ideas where SMTP-Auth module can check the password from vpasswd files of vpopmail. I've been using the patch available here: http://www.fehcom.de/qmail/smtpauth.html for about three years on a production machine with vpopmail without trouble. ~Kyle -- Our lives begin to end the day we become silent about things that matter. -- Martin Luther King Jr. signature.asc Description: Digital signature
[vchkpw] PATCH: Fix to vpopbull to multiple domains in the argument!
Hello , This patch makes vpopbull work with multiple domains in the argument The base 5.4.10 only processes the first domain due to nested use of strtok --- ../vpopmail-5.4.10-IPLNet-9/vpopbull.c 2004-01-11 09:16:53.0 + +++ vpopbull.c 2005-05-18 14:00:30.0 +0100 @@ -127,16 +127,16 @@ } if (( EmailFile[0] != 0 || DoNothing == 1) Domain[0] != 0 ) { - + char *idx; /* Process list of domains */ -domain = strtok(Domain, ); +domain = strtok_r(Domain, ,idx); while (domain != NULL ) { if((vget_assign(domain, domain_dir, sizeof(domain_dir), NULL, NULL)) != NULL) { process_domain(domain, fsi, fsx ); } else { fprintf(stderr, Error: domain %s does not exist\n, domain); } -domain = strtok(NULL, ); +domain = strtok_r(NULL, ,idx); } vexit(0); @@ -150,11 +150,12 @@ } while ( fgets(TmpBuf, sizeof(TmpBuf), fsassign) != NULL ) { - if ( (alias=strtok(TmpBuf, TOKENS)) == NULL ) continue; - if ( (domain=strtok(NULL, TOKENS)) == NULL ) continue; - if ( (tmpstr=strtok(NULL, TOKENS)) == NULL ) continue; - if ( (tmpstr=strtok(NULL, TOKENS)) == NULL ) continue; - if ( (domain_dir=strtok(NULL, TOKENS)) == NULL ) continue; + char *idx; + if ( (alias=strtok_r(TmpBuf, TOKENS,idx)) == NULL ) continue; + if ( (domain=strtok_r(NULL, TOKENS,idx)) == NULL ) continue; + if ( (tmpstr=strtok_r(NULL, TOKENS,idx)) == NULL ) continue; + if ( (tmpstr=strtok_r(NULL, TOKENS,idx)) == NULL ) continue; + if ( (domain_dir=strtok_r(NULL, TOKENS,idx)) == NULL ) continue; alias++; /* point past leading + */ alias[strlen(alias)-1] = '\0'; /* remove trailing - */ if (strcmp (alias, domain) != 0) { -- Best regards, Pedro mailto:[EMAIL PROTECTED]
Re: [vchkpw] smtp authentication
On Wed, May 18, 2005 at 08:54:15AM -0500, DAve wrote: Payal Rathod wrote: We have been very happy with the smtp-auth that is included in the contrib directory of vpopmail. It uses vchkpw so checking against the system users, vpopmail users in cdb, vpopmail users in SQL, all work fine. Great. Does it work with multiple domains too and is it easy to set up? With warm regards, -Payal
[vchkpw] many roaming users
Hi, The other day a friend showed interest in qmail server. He is running sendmail for many years and wants to shift to a better MTA (for his moderately loaded server of 3 thousand users) during hardware change. I have advised him qmail + vpopmail combo, but am scared of one thing only. Can cdb handle that lot of recompiling (he surely does not want any kind of sql) because almost all his users are roaming users? With warm regards, -Payal
Re: [vchkpw] many roaming users
On Wednesday 18 May 2005 12:45 pm, Payal Rathod wrote: Hi, The other day a friend showed interest in qmail server. He is running sendmail for many years and wants to shift to a better MTA (for his moderately loaded server of 3 thousand users) during hardware change. I have advised him qmail + vpopmail combo, but am scared of one thing only. Can cdb handle that lot of recompiling (he surely does not want any kind of sql) because almost all his users are roaming users? don't use vpopmail's roaming-users functionality if you want pop-before-smtp authentication, use Bruce Guenter's relay-ctrl package. However, I wouldn't even use pop-before-smtp.. I would set up SMTP authentication and require that. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgp84VSwqcz1d.pgp Description: PGP signature
Re: [vchkpw] many roaming users
On Wed, May 18, 2005 at 01:15:22PM -0500, Jeremy Kitchen wrote: don't use vpopmail's roaming-users functionality if you want pop-before-smtp authentication, use Bruce Guenter's relay-ctrl package. Any particular reason why? However, I wouldn't even use pop-before-smtp.. I would set up SMTP authentication and require that. His usersuMe too. But his users have grown used to it. I suggested starting SMTP-Auth on another port and slowly switching pop-before-smtp completely off. With warm regards, -Payal
Re[2]: [vchkpw] many roaming users
On Wednesday, May 18, 2005, 8:26:08 PM, Payal wrote: On Wed, May 18, 2005 at 01:15:22PM -0500, Jeremy Kitchen wrote: don't use vpopmail's roaming-users functionality if you want pop-before-smtp authentication, use Bruce Guenter's relay-ctrl package. Any particular reason why? because it's better? opening relay for specific ip for 120minutes (default AFAIR) is not a good idea. Authenticating each user during SMTP session is much more secure than that. However, I wouldn't even use pop-before-smtp.. I would set up SMTP authentication and require that. His usersuMe too. But his users have grown used to it. I suggested starting SMTP-Auth on another port and slowly switching pop-before-smtp completely off. what for ? You can use smtp auth and pop-before-smtp together and give your users one or two months time to reconfigure their MUAs, and then switch it off. -- regards, Sylwester Biernacki [EMAIL PROTECTED]
Re: [vchkpw] many roaming users
Payal Rathod ha scritto: Hi, The other day a friend showed interest in qmail server. He is running sendmail for many years and wants to shift to a better MTA (for his moderately loaded server of 3 thousand users) during hardware change. I have advised him qmail + vpopmail combo, but am scared of one thing only. Can cdb handle that lot of recompiling (he surely does not want any kind of sql) because almost all his users are roaming users? I use roaming user with a ~ 1600 server, the system is made by 2 frontend and an NFS server, i've used this patch to make the roaming users function work with mysql instead of cdb over NFS: http://www.tnpi.biz/internet/mail/toaster/patches/tcpserver-mysql.shtml The server works great since 3 years. Regards.
Re: [vchkpw] many roaming users
On Wednesday 18 May 2005 01:26 pm, Payal Rathod wrote: On Wed, May 18, 2005 at 01:15:22PM -0500, Jeremy Kitchen wrote: don't use vpopmail's roaming-users functionality if you want pop-before-smtp authentication, use Bruce Guenter's relay-ctrl package. Any particular reason why? vpopmail's roaming-users support is poorly designed, slow, and prone to failure. relay-ctrl is not, and is even, in fact, safe to use over NFS (I've done it) However, I wouldn't even use pop-before-smtp.. I would set up SMTP authentication and require that. His usersuMe too. But his users have grown used to it. I suggested starting SMTP-Auth on another port and slowly switching pop-before-smtp completely off. that's what email is so handy for. You send your users an email telling them they have to change in their mail clients, and give them a URL with some pictures and instructions, and notify your support staff about the change, and train them how to handle the situation.. then send that email every week for 3 months. After the 3 months is up, shut pop-before-smtp off. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgpg9RvvDmhFP.pgp Description: PGP signature
Re: [vchkpw] many roaming users
On Wednesday 18 May 2005 01:50 pm, Davide Giunchi wrote: Payal Rathod ha scritto: Hi, The other day a friend showed interest in qmail server. He is running sendmail for many years and wants to shift to a better MTA (for his moderately loaded server of 3 thousand users) during hardware change. I have advised him qmail + vpopmail combo, but am scared of one thing only. Can cdb handle that lot of recompiling (he surely does not want any kind of sql) because almost all his users are roaming users? I use roaming user with a ~ 1600 server, the system is made by 2 frontend and an NFS server, i've used this patch to make the roaming users function work with mysql instead of cdb over NFS: http://www.tnpi.biz/internet/mail/toaster/patches/tcpserver-mysql.shtml that's a hack, and I would not recommend using it. it's not tcpserver's job to handle specific functions such as this. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgp76NuGenJaX.pgp Description: PGP signature
Re[2]: [vchkpw] many roaming users
On Wednesday, May 18, 2005, 9:46:30 PM, Jeremy wrote: http://www.tnpi.biz/internet/mail/toaster/patches/tcpserver-mysql.shtml that's a hack, and I would not recommend using it. it's not tcpserver's job to handle specific functions such as this. However sometimes you have to do sth even if it looks bad and is not scalable ;) I also use such config and waiting for my customers to change their muas to use smtpauth. -- regards, Sylwester Biernacki [EMAIL PROTECTED]
Re: [vchkpw] many roaming users
On Wednesday 18 May 2005 02:57 pm, Sylwester S. Biernacki wrote: On Wednesday, May 18, 2005, 9:46:30 PM, Jeremy wrote: http://www.tnpi.biz/internet/mail/toaster/patches/tcpserver-mysql.shtml that's a hack, and I would not recommend using it. it's not tcpserver's job to handle specific functions such as this. However sometimes you have to do sth even if it looks bad and is not scalable ;) why, when there are such better alternatives? http://untroubled.org/relay-ctrl/ It's simple, easy to use, easy to set up, and fits in with the UNIX mindset of doing things. Simple tools with specific functions that interact with each other. 6 of one half dozen of the other, I suppose. I guess I'm just a purist and don't patch anything unless I absolutely have to. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgpbgQebHPf1Q.pgp Description: PGP signature