[vchkpw] Newbie - vpopmail: ERR authorization failed
After install Qmail 1.3 is OK, using system account is very good (send receive), I continue installing vpopmail. I do: # groupadd -g 89 vchkpw # useradd -g vchkpw -u 89 vpopmail # mkdir -p /home/vpopmail # chown vpopmail.vchkpw /home/vpopmail # cd /usr/local/src/vpopmail-5.4.0 # ./configure # make # make install-strip # cd /home/vpopmail/bin # ./vadddomain test.com test # cd /home/vpopmail/bin # ./vadduser [EMAIL PROTECTED] test My /var/qmail/supervise/qmail-pop3d/run file looks like this: #!/bin/sh exec /usr/local/bin/softlimit -m 200 \ /usr/local/bin/tcpserver -v -R -H -l 0 0 110 \ /var/qmail/bin/qmail-popup test.com \ /home/vpopmail/bin/vchkpw \ /var/qmail/bin/qmail-pop3d Maildir 21 | /var/qmail/bin/splogger pop3d I stopped qmail started it ( I reboot server ) #telnet myserver.test.com 110 +OK [EMAIL PROTECTED] user [EMAIL PROTECTED] pass test -ERR authorization failed Connection closed by foreign host. I checkeck on /var/qmail/control/rpcthosts and virtualdomains that already contains test.com domain. Please anybody help me !!! best regards,
Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??
On Monday 06 February 2006 11:57, tonix (Antonio Nati) wrote: At 20.31 06/02/2006, you wrote: Thanks for your answer Tonino, i take that solution in account but i would prefer another solution if possible, that smtp server is being already used by lots of clients so running another server for them would imply that they have to change their mail server (its a little change, i know, but they are lots and the average user would need assistance for doing that simple change) so i would try to another solution first if someone has another idea.. or i get illuminated in between hehe Simplest solution is to put another VARIABLE disabling this check. Let me see how add something like what you ask. I'm just wondering if other checks could be excluded for authenticathed users. I would say the simplest solution would be to skip these checks when RELAYCLIENT is set. That way it works without modification with existing SMTP AUTH patches, as well as manually setting RELAYCLIENT in your tcprules file. or perhaps make the variable checked configurable, and default it to RELAYCLIENT. I agree. I'll study how to simplify this check, trying to keep it as simple as possible. In this moment, my main problem is the choice between: - a VARIABLE excluding chkuser when SET (it may default to RELAYCLIENT) - a VARIABLE excluding intrusion checks (as before it may default to RELAYCLIENT). At first look, I feel excluding chkuser may be more useful, as in an authenticated relaying system chkuser may be excluded. Tonino -Jeremy -- Jeremy Kitchen ++ [EMAIL PROTECTED] In the beginning was The Word and The Word was Content-type: text/plain -- The Word of Bob. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- La tua posta elettronica senza virus su UfficioPostale.IT Your virus free electronic mail on UfficioPostale.IT
Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??
On Monday 06 February 2006 09:36, Ibiltari wrote: Hi, i have a working qmail installation from netqmail and recently included chkuser (very nice!). I want to use the CHKUSER_RCPTLIMIT and CHKUSER_WRONGRCPTLIMIT variables to block spam because they work very nice in my system, but the problem is that i don't want to apply these limits to the authenticated clients, so they can send mail with lot of recipients and even whit wrong recipient so they receive a bounced message. (if they get an error when sending they just think, o! the server is not working, lets call the provider). So, i tried whit #define CHKUSER_SENDER_NOCHECK_VARIABLE RELAYCLIENT but it doesn't works. It only disables sender checking or also the limits? how i can disable the limits only for authenticated clients? any idea? just a guess (since I haven't looked at chkuser code in ages): try removing the quotes from RELAYCLIENT your define will look like this: #define CHKUSER_SENDER_NOCHECK_VARIABLE RELAYCLIENT This DEFINE will simple avoid any kind of controls (formal, DNS, etc) on sender. Will not have any effect on rcpt controls. Tonino if that won't work, it shouldn't compile, so you'll know immediately ;) -Jeremy -- Jeremy Kitchen ++ [EMAIL PROTECTED] In the beginning was The Word and The Word was Content-type: text/plain -- The Word of Bob. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- La tua posta elettronica senza virus su UfficioPostale.IT Your virus free electronic mail on UfficioPostale.IT
Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??
mmm but is not harder to mantain a server whit 2 smtp server runing together? i think i would prefer the other method anyway. And by the way, it could be a nice feature to add to chkuser? somthing like CHKUSER_NOCHECKS_VARIABLE RELAYCLIENT I think this is besides chkuser. Consider with two different qmail-servers you have more possibilities to simplify your management and give completely different behaviours to your servers. No SPAM control, no RBL, better error messages, no additional checks on relaying server, full controls on MX server. Tonino On 2/6/06, tonix (Antonio Nati) [EMAIL PROTECTED] wrote: At 20.57 06/02/2006, you wrote: Ibiltari wrote: Thanks for your answer Tonino, i take that solution in account but i would prefer another solution if possible, that smtp server is being already used by lots of clients so running another server for them would imply that they have to change their mail server (its a little change, i know, but they are lots and the average user would need assistance for doing that simple change) so i would try to another solution first if someone has another idea.. or i get illuminated in between hehe Change the MX record to a new ip and add an alias IP on the server. Current users still use mail.example.com but all outside mail comes in on mx.example.com. Much better than changing chkuser code :-) !!! Tonino Regards, Rick -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- La tua posta elettronica senza virus su UfficioPostale.IT Your virus free electronic mail on UfficioPostale.IT
Re: [vchkpw] Problem about qmail
Thanks Abel, but I dont have just one IP of spammer buts a lot of Kind, and have networks with the ip is Dynamic. Regards, Thiago On -1 xxx -1 [EMAIL PROTECTED] wrote: Hi I have one qmail with double-boucetrim.patch, bigconcurrency,rcptchecks with tarpit and tarpit palomine patches but I have a big problem, my server have 800 qmail-smtpd process if I compile qmail without rcptchecks my mail server stay in crash with a lot of process spamd and clamav but I would like to drop this connection of spammer if detected, not tarpiting this conect how the rcptcheck do. anybody have one idea? Hi Thiago, if you can identify your spammer ip/subnet watching your qmail-smtpd logs or directly with a netstat, just include one line in your ~vpopmail/etc/tcp.smtp file: ip_or_subnet_of_spammer:deny after that don't forget run: (cd ~vpopmail/etc ; tcprules tcp.smtp.cdb tcp.smtp.tmp tcp.smtp) to re-generate your ~vpopmail/etc/tcp.smtp.cdb file. regards __Abel Thiago Cesar de Oliveira Rodrigues ICQ 41369776 MSN [EMAIL PROTECTED] Yahoo Messeger [EMAIL PROTECTED] http://www.kionux.com.br br http://kionux.com.br
Re: [vchkpw] cram-md5 smtp auth failure.
On Monday 06 February 2006 08:45, Tom Collins wrote: On Feb 6, 2006, at 4:14 AM, N0K wrote: I have using vpopmail-5.4.13, qmail + smtp-auth (http://members.elysium.pl/brush/qmail-smtpd-auth/dist/qmail-smtpd- auth-0.31.tar.gz). Do i need to patch vchkpw or any similar things ? You're using an outdated SMTP AUTH patch. Try the one included in vpopmail's contrib directory. But, that reminds me, I could update vchkpw to try swapping the challenge and response parameter order (the underlying problem) if the correct way fails. This would allow it to continue working with the old patches that passed them in the wrong order. my two cents: the old patch should die. it's really, really, really bad. Leave vchkpw how it is :) -Jeremy Hello, and thanks for the reply, i have quit smtp auth old patch and i have patched with vpopmail/contrib patch, but now, i get the next error: tsuki:/var/qmail/supervise# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 tsuki.fujitsu.es ESMTP ehlo tsuki.fujitsu.es 250-tsuki.fujitsu.es 250-PIPELINING 250-8BITMIME 250-SIZE 0 250 AUTH LOGIN PLAIN CRAM-MD5 AUTH LOGIN 334 VXNlcm5hbWU6 YnJvZHJpasffZ3sVlemJAZnVqaXRzdS5l - username in base64 334 UGFzc3dvcmQ6 MTIzMDhA - pass in base64 454 oops, unable to write pipe and I can't auth (#4.3.0) Im going to past my qmail-smtpd/run too: tsuki:/var/qmail/supervise# cat qmail-smtpd/run #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` (this is 20) exec /usr/bin/softlimit -m 400 /usr/bin/tcpserver -H -R -l 0 -c $MAXSMTPD -x /etc/tcp.smtp.cdb -u $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd fujitsu.es /home/vpopmail/bin/vchkpw /bin/true 21 Regards, N0K.
Re: [vchkpw] cram-md5 smtp auth failure.
On 2006-02-07, at 0623, N0K wrote: Hello, and thanks for the reply, i have quit smtp auth old patch and i have patched with vpopmail/contrib patch, but now, i get the next error: tsuki:/var/qmail/supervise# telnet localhost 25 ... AUTH LOGIN 334 VXNlcm5hbWU6 YnJvZHJpasffZ3sVlemJAZnVqaXRzdS5l - username in base64 334 UGFzc3dvcmQ6 MTIzMDhA - pass in base64 454 oops, unable to write pipe and I can't auth (#4.3.0) qmail-smtpd is trying to run the checkpassword program, and can't. check the permissions on your checkpassword program (specified on your qmail-smtpd command line- if the example you sent is accurate, this will be /home/vpopmail/bin/vchkpw.) and here's the part a lot of people forget- also check the permissions of each directory which contains it. for example, if the program is /home/vpopmail/bin/ vchkpw, you need to make sure that /home, /home/vpopmail, and / home/vpopmail/bin all have AT LEAST x permission for group and other (i.e. chmod go+x /home /home/vpopmail /home/vpopmail/bin.) the next problem you're going to run into is that (according to the smtp run script you sent) qmail-smtpd is running as the userid qmaild, and in order for vchkpw to read the vpasswd.cdb files and do its job, it has to be run as either the vpopmail user, or as root. the easiest way to make this happen is to make the vchkpw binary setuid, like so: # chmod 6711 /home/vpopmail/bin/vchkpw however, this could potentially be dangerous if normal users have access to run commands on the machine- a user could run vchkpw over and over, for example, in an attempt to do brute-force guessing of other peoples' passwords. there are other options- a popular one is to make qmail-smtpd run as the vpopmail user, however if you're using qmail-scanner, simscan or any other QMAILQUEUE program, this will also cause those programs to run as the vpopmail user as well. i'm not saying this is a good or a bad thing, just something to be aware of- as long as you understand what's going on, it can be handled. -- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ [EMAIL PROTECTED] | -- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | -- PGP.sig Description: This is a digitally signed message part
Re: [vchkpw] qmailtap question
On 2006-02-07, at 0214, Adam Ossenford wrote: I was able to integrate your qmail-1.03-jms1.6c patch and the qmail tap patch successfully. did you do mine first and then qmailtap, or the other way around? did the patch apply cleanly or were there any rejects which had to be handled manually? It compiled and ran with the tap functionality. However, I could not give any testimonial about performance loss due to QUEUE_EXTRA because the test server never reached production. I understand you have released an updated version of your combined patch. I haven't had an opportunity to attempt combining the two once again. If the server isn't high volume would the functionality outweigh the performance loss due to the drawbacks with QUEUE_EXTRA? if the QUEUE_EXTRA recipient is local, and the .qmail file controlling it simply delivers to a maildir, then there shouldn't be much of a performance hit at all. however, my question isn't so much about performance as it is about whether or not it's safe to integrate the qmailtap patch into my combined patch, knowing that this will dump it on a lot of qmailrocks users. i know it's going to cause questions, i was hoping that somebody would tell me that it won't kill servers by setting up an endless loop when somebody sets up a tap whose target causes the tapped copy of the message to match the same rule again. there's also the fact that i haven't actually compiled the qmailtap stuff, i honestly don't know if it's a bigger badder QUEUE_EXTRA patch or if it's the same QUEUE_EXTRA idea, pointing to a .qmail file that runs an external qmailtap program which forwards the message if it finds a matching rule, or drops it if no match is found. i haven't had the time to play with it myself, i was hoping somebody here had used it and could answer the question without my having to build a test server and try to break it. thanks for letting me know it works with 6c... this was the first version to include the EXT_TODO patch. i had somebody on the qmailrocks list tell me that he had compiled it, but couldn't use it because it was apparently causing qmail-send to segfault. now i know that it should work, maybe he did something funky when combining the patches or something... -- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ [EMAIL PROTECTED] | -- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | -- PGP.sig Description: This is a digitally signed message part
Re: [vchkpw] cram-md5 smtp auth failure.
Thanks for the answer qmail-smtpd is trying to run the checkpassword program, and can't. check the permissions on your checkpassword program (specified on your qmail-smtpd command line- if the example you sent is accurate, this will be /home/vpopmail/bin/vchkpw.) and here's the part a lot of people forget- also check the permissions of each directory which contains it. for example, if the program is /home/vpopmail/bin/ vchkpw, you need to make sure that /home, /home/vpopmail, and / home/vpopmail/bin all have AT LEAST x permission for group and other (i.e. chmod go+x /home /home/vpopmail /home/vpopmail/bin.) drwxrwsr-x 5 root staff 4096 2006-02-06 15:55 home drwxr-xr-x 8 vpopmail vchkpw 4096 2006-02-06 15:55 vpopmail drwxr-xr-x 2 vpopmail vchkpw 4096 2006-02-06 15:58 bin the next problem you're going to run into is that (according to the smtp run script you sent) qmail-smtpd is running as the userid qmaild, and in order for vchkpw to read the vpasswd.cdb files and do its job, it has to be run as either the vpopmail user, or as root. I already saw that error, and now this is the run file: tsuki:/var/qmail/supervise/qmail-smtpd# cat run #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/bin/softlimit -m 600 /usr/bin/tcpserver -H -R -l 0 -c $MAXSMTPD -x /etc/tcp.smtp.cdb -u $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd fujitsu.es /home/vpopmail/bin/vchkpw /bin/true 21 the easiest way to make this happen is to make the vchkpw binary setuid, like so: # chmod 6711 /home/vpopmail/bin/vchkpw -rws--s--x 1 vpopmail vchkpw 73124 2006-02-06 15:55 /home/vpopmail/bin/vchkpw however, this could potentially be dangerous if normal users have access to run commands on the machine- a user could run vchkpw over and over, for example, in an attempt to do brute-force guessing of other peoples' passwords. there are other options- a popular one is to make qmail-smtpd run as the vpopmail user, however if you're using qmail-scanner, simscan or any other QMAILQUEUE program, this will also cause those programs to run as the vpopmail user as well. i'm not saying this is a good or a bad thing, just something to be aware of- as long as you understand what's going on, it can be handled. For the moment only want see smtp auth run. But the result is the same: tsuki:/var/qmail/supervise/qmail-smtpd# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 tsuki.fujitsu.es ESMTP ehlo prueba 250-tsuki.fujitsu.es 250-PIPELINING 250-8BITMIME 250-SIZE 0 250 AUTH LOGIN PLAIN CRAM-MD5 auth login 334 VXNlcm5hbWU6 Cgp0b2xerylQHRlcF3QuY29t 334 UGFzc3dvcmQ6 CgasoxMaajMw 454 oops, unable to write pipe and I can't auth (#4.3.0) Regards.
Re: [vchkpw] cram-md5 smtp auth failure.
On 2006-02-07, at 0703, N0K wrote: For the moment only want see smtp auth run. But the result is the same: tsuki:/var/qmail/supervise/qmail-smtpd# telnet localhost 25 ... auth login 334 VXNlcm5hbWU6 Cgp0b2xerylQHRlcF3QuY29t 334 UGFzc3dvcmQ6 CgasoxMaajMw 454 oops, unable to write pipe and I can't auth (#4.3.0) specifically, this is happening not because the exec() is failing, but because qmail-smtpd is trying to send the userid, password, or CRAM challenge (which is null in this case of auth login) through the pipe to the checkpassword program, and the write operation is encountering some kind of error. the only thing i can think is that vchkpw may be crashing as soon as it runs- and i don't know of any reliable way to test whether this is the case, or if so, to isolate the reason that vchkpw is crashing. maybe you're running out of memory- if you're using some kind of ulimit or softlimit program, try raising the limit (or doing away with the program entirely.) the only other thing i can suggest is that it's morning here in the US, a lot of people will be coming into the office soon and presumably will be reading this thread. maybe one of them has an idea how to test this, or has some other idea what may be causing the problem. -- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ [EMAIL PROTECTED] | -- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | -- PGP.sig Description: This is a digitally signed message part
Re: [vchkpw] cram-md5 smtp auth failure.
John Simpson wrote: On 2006-02-07, at 0703, N0K wrote: For the moment only want see smtp auth run. But the result is the same: tsuki:/var/qmail/supervise/qmail-smtpd# telnet localhost 25 ... auth login 334 VXNlcm5hbWU6 Cgp0b2xerylQHRlcF3QuY29t 334 UGFzc3dvcmQ6 CgasoxMaajMw 454 oops, unable to write pipe and I can't auth (#4.3.0) Just an FYI to the original poster, the new patch does not require the host name in the run file of qmail-smtpd. If it is there, it will make you an open relay. It's not part of the problem above I believe but I thought you should be made aware of it. Regards, Rick
Re: [vchkpw] cram-md5 smtp auth failure.
On 2006-02-07, at 0759, Rick Macdougall wrote: Just an FYI to the original poster, the new patch does not require the host name in the run file of qmail-smtpd. If it is there, it will make you an open relay. It's not part of the problem above I believe but I thought you should be made aware of it. that's actually a good idea. does it use control/me to generate CRAM challenges? -- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ [EMAIL PROTECTED] | -- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | -- PGP.sig Description: This is a digitally signed message part
Re: [vchkpw] cram-md5 smtp auth failure.
John Simpson wrote: On 2006-02-07, at 0759, Rick Macdougall wrote: Just an FYI to the original poster, the new patch does not require the host name in the run file of qmail-smtpd. If it is there, it will make you an open relay. It's not part of the problem above I believe but I thought you should be made aware of it. that's actually a good idea. does it use control/me to generate CRAM challenges? No idea, I just know I got nailed by that one on an upgrade a few years ago. Rick
Re: [vchkpw] cram-md5 smtp auth failure.
Rick Macdougall wrote: John Simpson wrote: On 2006-02-07, at 0759, Rick Macdougall wrote: Just an FYI to the original poster, the new patch does not require the host name in the run file of qmail-smtpd. If it is there, it will make you an open relay. It's not part of the problem above I believe but I thought you should be made aware of it. that's actually a good idea. does it use control/me to generate CRAM challenges? No idea, I just know I got nailed by that one on an upgrade a few years ago. Rick I have change the run smtp file: #!/bin/sh VPOPUID=`id -u vpopmail` VPOPGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` exec /usr/bin/tcpserver -v -R -x /etc/tcp.smtp.cdb -c $MAXSMTPD -u $VPOPUID -g $VPOPGID 0 smtp /var/qmail/bin/qmail-smtpd /var/vpopmail/bin/vchkpw /bin/true 21 Error is the same: tsuki:/var/qmail/supervise/qmail-smtpd# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. tcpserver: status: 1/20 tcpserver: pid 28975 from 127.0.0.1 tcpserver: ok 28975 localhost:127.0.0.1:25 localhost:127.0.0.1::54057 220 tsuki.fujitsu.es ESMTP ehlo tsuki.fujitsu.es 250-tsuki.fujitsu.es 250-PIPELINING 250-8BITMIME 250-SIZE 0 250 AUTH LOGIN PLAIN CRAM-MD5 AUTH LOGIN 334 VXNlcm5hbWU6 Cgp0ba2xlQHRlc3QwRuY29t 334 UGFzc3dvcmQ6 CgoxMaajMtw 454 oops, unable to write pipe and I can't auth (#4.3.0) quit 221 tsuki.fujitsu.es tcpserver: end 28975 status 0 tcpserver: status: 0/20 Connection closed by foreign host. But, at the begining i had install qmail+vpopmail+smtp auth in another server, and i get this error in smtp auth (454 oops, unable to write pipe and I can't auth (#4.3.0) ) then i install qmail+vpopmail+smtpauth in another server and i get the same problem, so i think this is a comun problem. Then i think when you install qmail+vpopmail+smtpauth, you always get unable to write pipe error. i have patch qmail with vpopmail/contrib smtp auth, qmail-103.patch (for dns) and errno.patch (for compile error with errno.h). Any other idea ? Regards, N0K.
Re: [vchkpw] Problem about qmail
On -1 xxx -1 [EMAIL PROTECTED] wrote: Thanks Abel, but I dont have just one IP of spammer buts a lot of Kind, a combination of spamassassin + simscan with rejection at smtp level could help you and have networks with the ip is Dynamic. use rblsmtpd with well functional DNSBL lists like cbl.abuseat.org relays.ordb.org dul.dnsbl.sorbs.net - for dynamic ip -not dialup- list.dsbl.org these filter a lot of UCE email from the wild regards, __Abel
Re: [vchkpw] cram-md5 smtp auth failure.
N0K wrote: Rick Macdougall wrote: John Simpson wrote: On 2006-02-07, at 0759, Rick Macdougall wrote: Just an FYI to the original poster, the new patch does not require the host name in the run file of qmail-smtpd. If it is there, it will make you an open relay. It's not part of the problem above I believe but I thought you should be made aware of it. that's actually a good idea. does it use control/me to generate CRAM challenges? No idea, I just know I got nailed by that one on an upgrade a few years ago. Rick I have change the run smtp file: #!/bin/sh VPOPUID=`id -u vpopmail` VPOPGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` exec /usr/bin/tcpserver -v -R -x /etc/tcp.smtp.cdb -c $MAXSMTPD -u $VPOPUID -g $VPOPGID 0 smtp /var/qmail/bin/qmail-smtpd /var/vpopmail/bin/vchkpw /bin/true 21 Error is the same: tsuki:/var/qmail/supervise/qmail-smtpd# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. tcpserver: status: 1/20 tcpserver: pid 28975 from 127.0.0.1 tcpserver: ok 28975 localhost:127.0.0.1:25 localhost:127.0.0.1::54057 220 tsuki.fujitsu.es ESMTP ehlo tsuki.fujitsu.es 250-tsuki.fujitsu.es 250-PIPELINING 250-8BITMIME 250-SIZE 0 250 AUTH LOGIN PLAIN CRAM-MD5 AUTH LOGIN 334 VXNlcm5hbWU6 Cgp0ba2xlQHRlc3QwRuY29t 334 UGFzc3dvcmQ6 CgoxMaajMtw 454 oops, unable to write pipe and I can't auth (#4.3.0) quit 221 tsuki.fujitsu.es tcpserver: end 28975 status 0 tcpserver: status: 0/20 Connection closed by foreign host. But, at the begining i had install qmail+vpopmail+smtp auth in another server, and i get this error in smtp auth (454 oops, unable to write pipe and I can't auth (#4.3.0) ) then i install qmail+vpopmail+smtpauth in another server and i get the same problem, so i think this is a comun problem. Then i think when you install qmail+vpopmail+smtpauth, you always get unable to write pipe error. i have patch qmail with vpopmail/contrib smtp auth, qmail-103.patch (for dns) and errno.patch (for compile error with errno.h). Any other idea ? Regards, N0K. Perhaps try Bill's toaster patch instead. http://www.shupp.org Rick
Re: [vchkpw] Newbie - vpopmail: ERR authorization failed
2006/2/7, 褚永锋 [EMAIL PROTECTED]: #!/bin/sh exec /usr/local/bin/softlimit -m 200 \ It seems you have your pop3d running with wrong user: # ps aux | grep pop3 and # ls -l ~vpopmail/domains/test.com/vpasswd* -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: [vchkpw] cram-md5 smtp auth failure.
Perhaps try Bill's toaster patch instead. http://www.shupp.org Rick u i was using qmail-1.03, now i have install netqmail-1.05 for toaster patch, i have patch with this patch and still!!! get the same error :( Any other idea ? Regards.
Re: [vchkpw] qmailtap question
did you do mine first and then qmailtap, or the other way around? did the patch apply cleanly or were there any rejects which had to be handled manually? Actually, I had tried do install both patches one after the other and was not able to ever get it to work. The two patches had a couple files in common, one of which was qregex.c. The combined patch touched so many files that it seemed to throw the line count for the qmailtap patch off just enough to cause compile errors. Unfortunately, I am not a C or C++ programmer and did things here the hard way. I now have a much better understanding of the patchfile syntax due to the fact that I integrated the qmailtap patch into your combined patch 1.6c one line at a time. The qmailtap patch modifies qmailqueue under the makefile section and your combine patch did not. The tap patch also modifies qmail-queue.8 which your combined patch did not alter. One of my biggest concerns with using both of these patches was when I combine the modifications that both files performed on error.h. Within your combined patch it seems to comment out the errno by moving it to /* extern int errno; */ The tap patch seems to need this to be declared for it to run correctly. I added that line back into the patch for qmailtaps functionality to not be broken. My concern had risen out of the fact that I now had extern int error_intr, extern int error_nomem, extern int errno. Since I only have enough C/C++ knowledge to follow general program structure, trying to track down the functions and files that use these integers would be a tail chasing nightmare. Personally, I don't think running one patch and then the other is possible due to the changes in line counts within the files being patched. Having said that, there is probably an easier way to accomplish what I had without reading line for line and modifying the @@ 's.To get both patches applied correctly one has to understand the changes that these files perform. Due to this fact, releasing something like this onto the qmailrocks list would be an absolute nightmare. I am amazed at some of the questions that are asked by some members of that list. They should just put I have absolutely no actual understanding of what's going on here... is there some kind of wizard I could click on inside thier signatures. As I stated previously, the server I performed these actions on was never put into production so I only tested the supercombined tappatch using local accounts. I was able to $personal_knowledge++ by working on these two patches and making them into one file. That is a much larger benefit to me than being able to block spam tap accounts. That is one of the biggest problems with qmr the lack of understanding the lack of wanting to understand. I've started to ramble now but that was the way I accomplished applying both patches. Sincerely, Adam Ossenford
Re: [vchkpw] cram-md5 smtp auth failure.
N0K wrote: Perhaps try Bill's toaster patch instead. http://www.shupp.org Rick u i was using qmail-1.03, now i have install netqmail-1.05 for toaster patch, i have patch with this patch and still!!! get the same error :( Any other idea ? No, sorry. I use Bill's patch all the time and smtp-auth works just fine here, with or with cram-md5 Rick
[vchkpw] Issues in vpopmail maildrop integration
Hi, I've been using vpopmail for quite some time now and worked fine all this time. I'm using vpopmail version 5.4.13 and maildrop version 1.6.3. However, recently I modified the virtual domains .qmail-default file and added this : | /var/qmail/bin/preline /usr/local/bin/maildrop It is since this point that I'm facing problems in delivery. I've setup a virtual domain kr.ps.co.in as follows : /var/vpopmail/bin/vadddomain -d /home/madhur/test_vpopmail_domains kr.ps.co.in /var/vpopmail/bin/vadduser [EMAIL PROTECTED] My control files in /var/qmail/control are : (no entry in /var/qmail/control/locals) /var/qmail/control/rcpthosts : kr.ps.co.in /var/qmail/control/virtualdomains kr.ps.co.in:kr.ps.co.in Prior to my changes the .qmail-defauilt file in /home/madhur/test_vpopmail_domains/domains/kr.ps.co.in was | /var/vpopmail/bin/vdelivermail '' bounce-no-mailbox While the new file that is now, | /var/qmail/bin/preline /usr/local/bin/maildrop Also, I've a global maildroprc file at /etc/maildroprc : if ( /^From:.*/ ) { LFROM = $MATCH } to |/var/qmail/delivery_scripts/delivery_script.sh All mails coming to [EMAIL PROTECTED], when seen in the qmail-send's current file are seen as delivery 1: msg 1946121 to local [EMAIL PROTECTED] However, though the message used to be delivered successfully before, the error that I get now is : delivery 1: deferral: This_account_is_currently_not_available./maildrop:_error_writing_to_mailbox.//usr/local/bin/maildrop:_Unable_to_deliver_to_mailbox./ I've been searching for quite sometime and have not much data on the net hinting the problem here. The site http://www.thesafebox.com/; indicates that the seekable patch be installed into vpopmail and I've verified that the file created by the patch are already present in the version of vpopmail i use (5.4.13). I'm sure that many of us would be requiring to perform maildrop filtering over mails received for virtual users and maybe the best method for applying to all virtual users is to use the .qmail-default file (as above). Hence I'm sure many of us here may have used some approach here. Hence, please could anyone explain what the problem is or best indicate what the solution for the same is?? Maybe my approach is wrong somewhere and I'll be glad if you could point that out, Thanks in advance, Eagerly waiting for a discussion on this problem, -- __ Madhur Kumar Tanwani
Re: [vchkpw] cram-md5 smtp auth failure.
Rick Macdougall wrote: N0K wrote: Perhaps try Bill's toaster patch instead. http://www.shupp.org Rick u i was using qmail-1.03, now i have install netqmail-1.05 for toaster patch, i have patch with this patch and still!!! get the same error :( Any other idea ? No, sorry. I use Bill's patch all the time and smtp-auth works just fine here, with or with cram-md5 Rick I have done this manual http://shupp.org/toaster/ and now all run fine, i have to compare with my old installation for see my mistake. Thanks to all for the help. Regards, N0K.
Re: [vchkpw] Newbie - vpopmail: ERR authorization failed
On Feb 7, 2006, at 12:25 AM, 褚永锋 wrote: exec /usr/local/bin/softlimit -m 200 \ /usr/local/bin/tcpserver -v -R -H -l 0 0 110 \ For starters, try a higher softlimit (like 1000). You should also include the user and group to run as (add -u89 -g89 to your tcpserver parameters) -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] maildirquota.c bug in 5.4.12
On 2/5/06, Tom Collins [EMAIL PROTECTED] wrote: There's probably a problem elsewhere in the maildirquota code, where we use an unsigned long instead of a long. Sounds good to me, I'll be back in there today as... When you made the change, did the problem go away? It seems to have made it occur less frequently, but definately has not fixed it. A sample maildirsize file that was pointed out to me this morning contained: # cat maildirsize 1S,3000C 6944656590839403888 102 So my patch has just made the issue a lot more visible. --- maildirquota.c.orig Tue Jan 24 11:24:36 2006 +++ maildirquota.c Tue Jan 24 11:24:58 2006 @@ -283,5 +283,5 @@ char *p; unsigned l; - int n; + long n; int first; -- Jon Simola Systems Administrator ABC Communications
[vchkpw] How do I unsubscribe...
Hey, I love you people, but I need to move it to another account -- James McMillan, CIO The NetMark Consulting Group www.thenetmark.com 888.767.8750 x106
Re: [vchkpw] How do I unsubscribe...
On 2/7/2006 8:36 PM +0200, James McMillan wrote: Hey, I love you people, but I need to move it to another account Take a look at the headers of the mails this list sents. Niek Baakman
Re: [vchkpw] How do I unsubscribe...
I tried that... :( Niek wrote: On 2/7/2006 8:36 PM +0200, James McMillan wrote: Hey, I love you people, but I need to move it to another account Take a look at the headers of the mails this list sents. Niek Baakman -- James McMillan, CIO The NetMark Consulting Group www.thenetmark.com 888.767.8750 x106
Re: [vchkpw] How do I unsubscribe...
James McMillan wrote: Hey, I love you people, but I need to move it to another account Use the headers Luke! List-Post: mailto:vchkpw@inter7.com List-Help: mailto:[EMAIL PROTECTED] List-Unsubscribe: mailto:[EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED] Reply-To: vchkpw@inter7.com
Re: [vchkpw] How do I unsubscribe...
Hey Rick, Thanks, but I've sent an email to List-Unsubscribe: mailto:[EMAIL PROTECTED] 3 times now... me thinks ezmlm is borked? Or something. Jimmy Rick Macdougall wrote: James McMillan wrote: Hey, I love you people, but I need to move it to another account Use the headers Luke! List-Post: mailto:vchkpw@inter7.com List-Help: mailto:[EMAIL PROTECTED] List-Unsubscribe: mailto:[EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED] Reply-To: vchkpw@inter7.com -- James McMillan, CIO The NetMark Consulting Group www.thenetmark.com 888.767.8750 x106
Re: [vchkpw] How do I unsubscribe...
On 2/7/2006 9:08 PM +0100, James McMillan wrote: Hey Rick, Thanks, but I've sent an email to List-Unsubscribe: mailto:[EMAIL PROTECTED] 3 times now... me thinks ezmlm is borked? Or something. Jimmy You have to send to [EMAIL PROTECTED] using the email address you used when you signed up for this list. Niek Baakman
Re: [vchkpw] cram-md5 smtp auth failure.
Hi, (if your Q has not been answered ...). At 12:23 07.02.2006 +0100, you wrote: On Monday 06 February 2006 08:45, Tom Collins wrote: On Feb 6, 2006, at 4:14 AM, N0K wrote: I have using vpopmail-5.4.13, qmail + smtp-auth (http://members.elysium.pl/brush/qmail-smtpd-auth/dist/qmail-smtpd- auth-0.31.tar.gz). Do i need to patch vchkpw or any similar things ? You're using an outdated SMTP AUTH patch. Try the one included in vpopmail's contrib directory. But, that reminds me, I could update vchkpw to try swapping the challenge and response parameter order (the underlying problem) if the correct way fails. This would allow it to continue working with the old patches that passed them in the wrong order. my two cents: the old patch should die. it's really, really, really bad. Leave vchkpw how it is :) -Jeremy Hello, and thanks for the reply, i have quit smtp auth old patch and i have patched with vpopmail/contrib patch, but now, i get the next error: tsuki:/var/qmail/supervise# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 tsuki.fujitsu.es ESMTP ehlo tsuki.fujitsu.es 250-tsuki.fujitsu.es 250-PIPELINING 250-8BITMIME 250-SIZE 0 250 AUTH LOGIN PLAIN CRAM-MD5 AUTH LOGIN 334 VXNlcm5hbWU6 YnJvZHJpasffZ3sVlemJAZnVqaXRzdS5l - username in base64 334 UGFzc3dvcmQ6 MTIzMDhA - pass in base64 454 oops, unable to write pipe and I can't auth (#4.3.0) Im going to past my qmail-smtpd/run too: tsuki:/var/qmail/supervise# cat qmail-smtpd/run #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` (this is 20) exec /usr/bin/softlimit -m 400 /usr/bin/tcpserver -H -R -l 0 -c $MAXSMTPD -x /etc/tcp.smtp.cdb -u $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd fujitsu.es /home/vpopmail/bin/vchkpw /bin/true Remove the hostname fujitso.es from the call to qmail-smtpd. It will work at a glacne. regards. --eh. Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/ Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24
Re: [vchkpw] How do I unsubscribe...
Ah ha, that was it... I've been using an alias address for the past year and I forgot what the original address was. LOL, thanks Sorry for rotting up the mailinglist. Niek wrote: On 2/7/2006 9:08 PM +0100, James McMillan wrote: Hey Rick, Thanks, but I've sent an email to List-Unsubscribe: mailto:[EMAIL PROTECTED] 3 times now... me thinks ezmlm is borked? Or something. Jimmy You have to send to [EMAIL PROTECTED] using the email address you used when you signed up for this list. Niek Baakman -- James McMillan, CIO The NetMark Consulting Group www.thenetmark.com 888.767.8750 x106
Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??
On 2/7/06, Tonix [EMAIL PROTECTED] wrote: On Monday 06 February 2006 11:57, tonix (Antonio Nati) wrote: At 20.31 06/02/2006, you wrote: Thanks for your answer Tonino, i take that solution in account but i would prefer another solution if possible, that smtp server is being already used by lots of clients so running another server for them would imply that they have to change their mail server (its a little change, i know, but they are lots and the average user would need assistance for doing that simple change) so i would try to another solution first if someone has another idea.. or i get illuminated in between hehe Simplest solution is to put another VARIABLE disabling this check. Let me see how add something like what you ask. I'm just wondering if other checks could be excluded for authenticathed users. I would say the simplest solution would be to skip these checks when RELAYCLIENT is set. That way it works without modification with existing SMTP AUTH patches, as well as manually setting RELAYCLIENT in your tcprules file. or perhaps make the variable checked configurable, and default it to RELAYCLIENT. I agree. I'll study how to simplify this check, trying to keep it as simple as possible. In this moment, my main problem is the choice between: - a VARIABLE excluding chkuser when SET (it may default to RELAYCLIENT) - a VARIABLE excluding intrusion checks (as before it may default to RELAYCLIENT). At first look, I feel excluding chkuser may be more useful, as in an authenticated relaying system chkuser may be excluded. I agree whit that, since for authenticated clients its better a bounced message than a short smpt error that lots of email clients dont even show up. chkuser could be diseabled for them. Tonino -Jeremy -- Jeremy Kitchen ++ [EMAIL PROTECTED] In the beginning was The Word and The Word was Content-type: text/plain -- The Word of Bob. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- La tua posta elettronica senza virus su UfficioPostale.IT Your virus free electronic mail on UfficioPostale.IT
Re: [vchkpw] qmailtap question
On Monday 06 February 2006 19:22, John Simpson wrote: On 2006-02-06, at 1620, Jeremy Kitchen wrote: i'm thinking about possibly including the qmailtap patch in my combined patch file. however, the biggest problem i've seen from people using QUEUE_EXTRA is that they set up loops when they try to send the copies to a remote address, and because the copy has to traverse the queue, it gets logged and sent to the monitor address... and THAT copy gets logged, and so forth... that's not a problem with QUEUE_EXTRA, that's a problem with the person not reading how to properly use QUEUE_EXTRA. Adding 'loop detection' code into this drastically complicates the process and doesn't add any real value. that's what i was afraid of. i understand the problem, you understand the problem, and i'm sure anybody who thinks about it for more than ten seconds will understand it as well... but because my combined patch has been adopted by qmailrocks, if i were to add inter7's qmailtap patch (or any other QUEUE_EXTRA patch) i would be flooded with question from typical qmailrocks users about why their server is sending multiple copies of every message and killing their server. So, instead of telling people to RTFM (which is what they should be doing anyways) we continue down the qmailrocks path and give the user even more stuff they have no clue about. i'm sure you of all people know that qmailrocks has a reputation for being qmail for dummies. the only reason i joined their list is because they're using my combined patch- before i joined their list i was getting several messages per day from qmailrocks users who couldn't figure something-or-other out, and emailed me directly because i wrote the patch so i must be an expert who's willing to offer free consulting services to every random person on the internet... I would have directed them either to the qmailrocks mailing list or to a webpage that outlines my support fees. the question came up on the qmailrocks list, from a user in europe somewhere, who is legally required to keep copies of every message sent or received by every employee at their company. you and i know that QUEUE_EXTRA is the core of how to make this happen, but trying to explain all of the details to somebody who has no idea what a queue is, let alone how to tell if a given delivery instruction will result in another message being added to it... i'm sure you can imagine the aggravation waiting along that road. that person isn't competent to run a mail server then, in my opinion. They should hire a consultant to set it up for them. my hope was that inter7's qmailtap patch would have some kind of loop detection built in, so that this doesn't happen and i can add it to my combined patch, knowing that i'm not going to have people setting up server-killing loops. if it does, then fine, but I don't think it's a useful feature. These are loops that the user should be avoiding from the beginning, it's not like we're talking about cross-server loop detection. my answer to this question is usually i'm not going to add it to my combined patch- if you can add it, more power to you but i figured in the interest of fairness i would at least ask the inter7 guys about it... the qmailtap web page lists this as one of the places to discuss qmailtap, and i know several of the inter7 guys are on this list. maybe one of them will have better news... I can't speak for Inter7, but I'm against it, personally. -Jeremy -- Jeremy Kitchen ++ [EMAIL PROTECTED] In the beginning was The Word and The Word was Content-type: text/plain -- The Word of Bob. pgpgBldi0DEpM.pgp Description: PGP signature
Re: [vchkpw] cram-md5 smtp auth failure.
On Tuesday 07 February 2006 03:23, N0K wrote: 454 oops, unable to write pipe and I can't auth (#4.3.0) exec /usr/bin/softlimit -m 400 /usr/bin/tcpserver -H -R -l 0 -c $MAXSMTPD -x /etc/tcp.smtp.cdb -u $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd fujitsu.es /home/vpopmail/bin/vchkpw ^^-- remove that /bin/true 21 the 'underlined' portion of the above script is a remnant from your old patch. The elysium.pl patch requires the hostname between qmail-smtpd and the checkpassword program. This caused issues as many people either forgot to put it in, or didn't RTFM enough, and ended up creating an open relay. -Jeremy -- Jeremy Kitchen ++ [EMAIL PROTECTED] In the beginning was The Word and The Word was Content-type: text/plain -- The Word of Bob. pgpKYKie0hhHM.pgp Description: PGP signature
Re: [vchkpw] cram-md5 smtp auth failure.
On Tuesday 07 February 2006 04:59, Rick Macdougall wrote: John Simpson wrote: On 2006-02-07, at 0703, N0K wrote: For the moment only want see smtp auth run. But the result is the same: tsuki:/var/qmail/supervise/qmail-smtpd# telnet localhost 25 ... auth login 334 VXNlcm5hbWU6 Cgp0b2xerylQHRlcF3QuY29t 334 UGFzc3dvcmQ6 CgasoxMaajMw 454 oops, unable to write pipe and I can't auth (#4.3.0) Just an FYI to the original poster, the new patch does not require the host name in the run file of qmail-smtpd. If it is there, it will make you an open relay. It's not part of the problem above I believe but I thought you should be made aware of it. actually, this is incorrect. the OLD patch required the hostname, and if it was absent, you were an open relay. The new patch does not require the hostname, and if present, authentication will simply fail, as is the case here. -Jeremy -- Jeremy Kitchen ++ [EMAIL PROTECTED] In the beginning was The Word and The Word was Content-type: text/plain -- The Word of Bob. pgpHCYgoGjlq3.pgp Description: PGP signature
Re: [vchkpw] Vchkpw pass word policy
On Monday 06 February 2006 21:09, Rizwan Iqbal Malik wrote: Dear All, We wish to enforce pass word policy on the users of our mail system . Can it be done using Vpopmail. Common policy include changing password on first logon etc... I've actually considered doing this in the past. I never got around to it, but check out cracklib: http://www.users.dircon.co.uk/~crypto/download/cracklib,2.7.txt basically you would place a call to fascist_check() before you actually make the password change (assuming we're talking about doing this when they change their passwords) and if that fails, yell at them, tell them why you're yelling at them, and let them try again. If it doesn't fail, the password is 'secure' and to go ahead and change it. -Jeremy -- Jeremy Kitchen ++ [EMAIL PROTECTED] In the beginning was The Word and The Word was Content-type: text/plain -- The Word of Bob. pgpY92kDoD1bF.pgp Description: PGP signature
Re: [vchkpw] Newbie - vpopmail: ERR authorization failed
On Tuesday 07 February 2006 09:39, Tom Collins wrote: On Feb 7, 2006, at 12:25 AM, 褚永锋 wrote: exec /usr/local/bin/softlimit -m 200 \ /usr/local/bin/tcpserver -v -R -H -l 0 0 110 \ For starters, try a higher softlimit (like 1000). You should also include the user and group to run as (add -u89 -g89 to your tcpserver parameters) even for pop3? doesn't vchkpw setuid() to the vpopmail user after authenticating? -Jeremy -- Jeremy Kitchen ++ [EMAIL PROTECTED] In the beginning was The Word and The Word was Content-type: text/plain -- The Word of Bob. pgpoMv5YZuGTj.pgp Description: PGP signature
Re: [vchkpw] How do I unsubscribe...
On Tuesday 07 February 2006 12:51, James McMillan wrote: Ah ha, that was it... I've been using an alias address for the past year and I forgot what the original address was. LOL, thanks if you look at the Return-Path header (assuming your MTA has set it for you) it will tell you what the envelope sender of the message is. Ezmlm encodes your email address into the envelope sender. This way, you can tell what address you are subscribed as if it is not the same as your mailbox address. -Jeremy -- Jeremy Kitchen ++ [EMAIL PROTECTED] In the beginning was The Word and The Word was Content-type: text/plain -- The Word of Bob. pgpemMDroKUpG.pgp Description: PGP signature
Re: [vchkpw] cram-md5 smtp auth failure.
Jeremy Kitchen wrote: On Tuesday 07 February 2006 04:59, Rick Macdougall wrote: John Simpson wrote: On 2006-02-07, at 0703, N0K wrote: For the moment only want see smtp auth run. But the result is the same: tsuki:/var/qmail/supervise/qmail-smtpd# telnet localhost 25 ... auth login 334 VXNlcm5hbWU6 Cgp0b2xerylQHRlcF3QuY29t 334 UGFzc3dvcmQ6 CgasoxMaajMw 454 oops, unable to write pipe and I can't auth (#4.3.0) Just an FYI to the original poster, the new patch does not require the host name in the run file of qmail-smtpd. If it is there, it will make you an open relay. It's not part of the problem above I believe but I thought you should be made aware of it. actually, this is incorrect. the OLD patch required the hostname, and if it was absent, you were an open relay. The new patch does not require the hostname, and if present, authentication will simply fail, as is the case here. Uhh, no. Try it yourself and check the cert.org lists. Having the host name with the new patch makes you an open relay. I'll admit I'm wrong sometimes but I was listed on a whack of rbls for just this case a few years ago. Any signature will match and mail will be relayed. Regards, Rick
Re: [vchkpw] Vchkpw pass word policy
On Feb 7, 2006, at 4:59 PM, Jeremy Kitchen wrote: On Monday 06 February 2006 21:09, Rizwan Iqbal Malik wrote: Dear All, We wish to enforce pass word policy on the users of our mail system . Can it be done using Vpopmail. Common policy include changing password on first logon etc... I've actually considered doing this in the past. I never got around to it, but check out cracklib: http://www.users.dircon.co.uk/~crypto/download/cracklib,2.7.txt John Peacock posted a patch to qmailadmin-devel on January 3, 2005 to integrate cracklib with QmailAdmin. http://sourceforge.net/mailarchive/forum.php? thread_id=6272932forum_id=34241 [scroll to the end of the thread] No idea whether it will apply to the current versions or not. It might give you what you need though, still allowing an admin to use vchkpw to set the password to anything they'd like. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] cram-md5 smtp auth failure.
On Tuesday 07 February 2006 17:42, Rick Macdougall wrote: Jeremy Kitchen wrote: On Tuesday 07 February 2006 04:59, Rick Macdougall wrote: John Simpson wrote: On 2006-02-07, at 0703, N0K wrote: For the moment only want see smtp auth run. But the result is the same: tsuki:/var/qmail/supervise/qmail-smtpd# telnet localhost 25 ... auth login 334 VXNlcm5hbWU6 Cgp0b2xerylQHRlcF3QuY29t 334 UGFzc3dvcmQ6 CgasoxMaajMw 454 oops, unable to write pipe and I can't auth (#4.3.0) Just an FYI to the original poster, the new patch does not require the host name in the run file of qmail-smtpd. If it is there, it will make you an open relay. It's not part of the problem above I believe but I thought you should be made aware of it. actually, this is incorrect. the OLD patch required the hostname, and if it was absent, you were an open relay. The new patch does not require the hostname, and if present, authentication will simply fail, as is the case here. Uhh, no. Try it yourself and check the cert.org lists. Having the host name with the new patch makes you an open relay. I'll admit I'm wrong sometimes but I was listed on a whack of rbls for just this case a few years ago. Any signature will match and mail will be relayed. perhaps then, we are talking about different patches. I'm referring to the one from Dr. Hoffman at http://fehcom.de/qmail/smtpauth.html. I can assure you that Dr. Hoffman's patch is NOT an open relay if you supply the hostname. Either that or you're thinking about the OLD patch where if you do NOT supply the hostname, you become an open relay. With Dr. Hoffman's patch, if you supply the hostname, you get the behavior described earlier in this thread (454 oops, unable to write pipe and I can't auth (#4.3.0)) If you can show me a URL that contradicts this, please do, and I will stand corrected :) -Jeremy -- Jeremy Kitchen ++ [EMAIL PROTECTED] In the beginning was The Word and The Word was Content-type: text/plain -- The Word of Bob. pgpDBRZbNJWyb.pgp Description: PGP signature
Re: [vchkpw] maildirquota.c bug in 5.4.12
DH Jon, Wednesday, January 25, 2006, 2:48:41 AM, you wrote: JS Tracked down a bug that was causing our users to exceed their quota JS without any mail in their boxes. --- hi Jon, i'm facing the same problem too here, some of users always exceeded their quota without any email in their mail boxes :/ i've tried to track the problem but didn't find the solution yet, mail become like normal after refreshing the quota. please let me know if you succeed to solve this problem. -- Best regards, -avd will work for food :-)