[vchkpw] Restrict amount of vchkpw authentications
Hi I've got vpopmail 5.2.1 on top of qmail 1.03 on a Solaris 2.7 SPARC machine. Everything is going well. I've noticed, though, that several of my users are abusing my pop3 service, that is, that they are popping their email every minute, 24 hours a day. this has not become a problem for my mail server performance as of yet, but i'm being pro active. It is clearly stated in my aup that checking your mail more than once every 5 minutes is unacceptable, and that once (or less than) every 10 minutes is preferred. I'm wondering if anybody has implemented a method of making vchkpw only allow one authentication per user per 5 minutes.. I'm looking for something that will not silently deny their connection, but something that will actually make their mail client do something like pop up a message, or pop up a username and password window.. just so that the client knows that he's doing something wrong. ------- Jeremy Kister www.jeremykister.com PGP: http://www.jeremykister.com/jeremy/public_key.asc ---
Re: [vchkpw] Rename Postmaster account
*** On Sunday, September 01, 2002 11:47 PM, Clint Finnigan wrote: > and the optional > $ ./vdeluser [EMAIL PROTECTED] *** ...and kept on writing: > Having postmaster available on one domain is a good thing though, since > many people wish to contact a person on a domain through postmaster@. actually, this shouldnt be optional. Both RFC 822 and RFC 1123 _require_ a mailbox called postmaster, so that the user "can be guaranteed at least one valid address" I suppose vdeluser should allow this to be performed, though, because the system's mail administrator may choose to forward this account to another valid email box.. ------- Jeremy Kister www.jeremykister.com PGP: http://www.jeremykister.com/jeremy/public_key.asc ---
Re: [vchkpw] Working towards vpopmail 5.4 stable
> Does anyone have any code changes they would like to get into the > next release? I want to put together a new stable version 5.4. > Hopefully release it in the next few weeks. I dont have any code, but before you release a stable version, perhaps [at least] one issue should be fixed... I have seen a few threads (one titled "pipes in .qmail-files vpopmail 5.3.19" archived at http://bluedot.net/mail/archive/read.php?f=2&i=10863&t=10863 for example) where the seekable patch seems not to work on Solaris 2.8 vdelivermail core dumps if you try to pipe anything into it. Marcus Williams seemed to be helping out, but the thread ended abruptly after a request was made to go off-list :-/ I have ran into the same problem on Solaris 2.8. It is also replicable on Solaris 2.9. This issue doesnt seem to be resolved as of the latest code; I am assuming this may be because none of the vpopmail team have solaris 2.8/2.9? If this is the case, I can gladly set up a shell on a box with solaris 2.8/2.9 for testing. ------- Jeremy Kister www.jeremykister.com PGP: http://www.jeremykister.com/jeremy/public_key.asc --- >-Original Message- > From: Ken Jones [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 03, 2003 12:52 PM > To: [EMAIL PROTECTED] > Subject: [vchkpw] Working towards vpopmail 5.4 stable > > > Hi Folks, > [..]
Re: [vchkpw] Re: chkuser - rejects legit mail, when followed by bad e-mail
On 10/11/2010 4:46 PM, U. George wrote: It was not clear to me if chkuser should allow a legit e-mail addr, followed by some bad e-mail addr to be passed along smtpd. Following is a recordio session of one smtp session where there are 3 rcpt to. 2 are bogus, 1 is real. Message is spam. I'm not sure that it's chkuser that is getting in the way; I tested the old version (chkusr 1.0) and it works correctly. The error you pasted: > 451 See http://pobox.com/~djb/docs/smtplf.html implies that it's not the fault of chkuser at all; that the message is simply badly formatted and would have been rejected to a single good recipient as well. To accept these types of badly formatted messages, use fixcrio (which you'll have to check if your TLS patch patched). -- Jeremy Kister http://jeremy.kister.net./ !DSPAM:4cb37db632711767595573!
[vchkpw] [SPAM] odd problem after OS upgrade
I have qmail 1.03 with several patches including qmail-smtpd-auth-0.4.3 and vpopmail 5.4.33. After upgrading Debian 6 -> 7, I broke SMTP-AUTH *only* when using stunnel for SSL. When trying to auth over stunnel4, i see: 454 oops, problem with child and I can't auth (#4.3.0) syslog shows: Jun 21 23:19:29 s4 vpopmail[3080]: vchkpw-smtps: (PLAIN) login success u...@example.com:10.36.87.4 using smtp-auth on port 25 or 587 works fine. /service/qmail-smtpd-ssl/run: http://jeremy.kister.net/tmp/auth/qmail-smtpd-ssl-run /usr/local/etc/stunnel/smtps.conf: http://jeremy.kister.net/tmp/auth/smtps.conf i modified smtps.conf to use strace like: exec = /usr/bin/strace execargs = /usr/bin/strace -ff -o /tmp/vchkpw.dump /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true the dumps are at: http://jeremy.kister.net/tmp/auth/strace/ i tried increasing & just removing softlimit. i tried recompiling/reinstalling vpopmail I dont think the problem is with stunnel since the SSL layer is working fine. I'm out of ideas. More eyes please ? -- Jeremy Kister http://jeremy.kister.net./ !DSPAM:51c51fac34131129417734!
Re: [vchkpw] odd problem after OS upgrade (hey, Tom, Ken, jkitchen: around?)
On 6/22/2013 10:26 AM, Eric Shubert wrote: Have you found where in the code the "oops" messages is being issued? yes. it complains only here: if (wait_pid(&wstat,child) == -1) return err_child(); if (wait_crashed(wstat)) return err_child(); the wait_pid is when everything goes fubar. i'm not even sure it's a vpopmail problem, i suppose i may need a cross post on the qmail list. -- Jeremy Kister http://jeremy.kister.net./ !DSPAM:51c6407234139947713131!
Re: [vchkpw] odd problem after OS upgrade (hey, Tom, Ken, jkitchen: around?)
On 6/22/2013 8:26 PM, Jeremy Kister wrote: i'm not even sure it's a vpopmail problem, i suppose i may need a cross post on the qmail list. hrm. i replaced vchkpw with checkpasswd. still broken. -- Jeremy Kister http://jeremy.kister.net./ !DSPAM:51c64afa34132172261138!
Re: [vchkpw] odd problem after OS upgrade (hey, Tom, Ken, jkitchen: around?)
On 6/22/2013 9:11 PM, Jeremy Kister wrote: hrm. i replaced vchkpw with checkpasswd. still broken. ends up the problem was actually stunnel/openssl. who knows what it was doing that was causing the tunneled program to behave incorrectly. for reference: on debian 6 (squeeze): sed "s/squeeze/wheezy/g" /etc/apt/sources.list > /tmp/u.tmp mv /tmp/u.tmp /etc/apt/sources.list apt-get update apt-get upgrade apt-get dist-upgrade reboot gives you debian 7 (wheezy) this came both libssl 0.9.8, libssl 1.0.0, and stunnel 4.53 i ran 'apt-get autoremove libssl0.9.8', and then compiled/installed the latest stunnel (4.56), and the problem is no more. who knows. thanks for the replies. Greetings to all who are still here, -- Jeremy Kister http://jeremy.kister.net./ !DSPAM:51c68ea134131777546213!
[vchkpw] [SPAM] Re: [vchkpw] Patches for qmail suggestions and upgrade
On 4/17/2014 2:33 PM, Remo Mattei wrote: Hello all I have a qmail which is running now I want to up it to netqmail 1.06 so I plan to recomp it and I have vpopmail working so on the new one I want to add chkuser and tls but also few others like the channel since gmail and others have been really a pain does anyone suggest a set of patches or one that does it all in one? i still like and use my qmail-1.03.isp.patch it's named "isp" because i was working for an isp at the them and had nothing better to name it. it's used in lots of places that have nothing to do with an isp. http://jeremy.kister.net/code/qmail-1.03.isp.patch -- Jeremy Kister http://jeremy.kister.net./ !DSPAM:53501fe034262670412911!
Re: [vchkpw] Patches for qmail suggestions and upgrade
On 4/17/2014 2:52 PM, Remo Mattei wrote: Nice does it have tls? no TLS; i use all SSL. o well. :) -- Jeremy Kister http://jeremy.kister.net./ !DSPAM:5350261b34264808310748!
Re: [vchkpw] What would be the solution....
On Monday, August 04, 2003 5:28 AM, VJ.Srinivasan (JINIS) mumbled: (B> My tcp.smtp file contains these lines... (B> 127.:allow,RELAYCLIENT="" (B> 10.190.1.40:allow,RELAYCLINET="" (B (B (BA question barely exists; if you are wondering why the machine at (B10.190.1.40 can not relay though your mail server, it is likely because you (Bhave misspelled RELAYCLIENT. (B (B (BJeremy Kister (Bwww.jeremykister.com (BArgus: The worlds most advanced monitoring system: http://argus.tcp4me.com
Fw: [vchkpw] *.COM -> 64.94.110.11
On Tuesday, September 16, 2003 11:46 AM, Eric Ziegast wrote: > dnscache. Here's a patch for people who use dnscache > to preserve the old (uninfected) behavior... not only for .com, but also .net. a similar patch exists for BIND v8, although I havent installed it yet. http://achurch.org/bind-verisign-patch.html I hope verisign (and anyone who had anything to do with that silly decision) looses the ability to manage the gtld servers for ever. Jeremy Kister www.jeremykister.com Argus: The World's Most Advanced Monitoring Software: http://argus.tcp4me.com
[vchkpw] disable quota support entirely
I need to disable vpopmail's quota support entirely -- can someone make a parameter for compile time ? the maildir++ support is not working correctly in my environment, so I do not want vpopmail to ever send a quota warning message to the user, nor ever bounce email, nor keep track of the maildir size. but I do want to have the "supposed-to-be" quota in the vpasswd file, because I want qmailadmin to read "2.00 / 15.00" instead of "2.00 / unlimited" (or such). I have written my own quota checking program, if anyone is interested, located at http://www.jeremykister.com/jeremy/code/perl/mailquota.pl Jeremy Kister www.jeremykister.com Argus: The World's Most Advanced Monitoring Software: http://argus.tcp4me.com
[vchkpw] vchkpw@inter7.com ezmlm warning
I received the below bounce from the [EMAIL PROTECTED] mailing list tonight, at about 10PM EST. please note i have obfuscated all email addresses slightly. also note that I have been receiving mail fine from vchkpw, and havnt modified my configuration recently. the bounce my system sent was: "user does not exist, but will deliver to /home/vpopmail/domains/jeremykister.co/jeremy/ message is looping /home/vpopmail/domains/jeremykister.co/jeremy/Maildir/ mail is looping" I am quite stumped on why my mailserver bounce this. I immediately sent an email to [EMAIL PROTECTED] from an outside account, and it was received perfectly -- the fact that I've received this double-bounce shows that my configuration is working. I keep 8 rotations of 1MB qmail-send logs, and I dont have any record of 'mail is looping' in any of them. the only [probable] record i have of this message is: max> grep 129277 /var/log/qmail/current | tai64nlocal 2003-10-18 21:58:08.502764500 starting delivery 129277: msg 30572 to local [EMAIL PROTECTED] 2003-10-18 21:58:09.792902500 delivery 129277: success: user_does_not_exist,_but_will_deliver_to_/home/vpopmail/domains/jeremykister .co/jeremy//did_0+0+1/ which seems to say that the delivery was successful. i have a .qmail-vpopmail file which places mail in my "jeremy" maildir. my .qmail-default also does this (among other things). I do not have a jeremy/.qmail file. max> ls -ld .qmail-vpopmail .qmail-default jeremy/.qmail jeremy/.qmail: No such file or directory -rw-r- 1 vpopmail vchkpw 133 Oct 1 03:58 .qmail-default -rw-r- 1 vpopmail vchkpw 107 Mar 26 2003 .qmail-vpopmail before receiving this bounce, the last message my MUA has received from the vpopmail list was 2003/10/18 4:18AM EST from Sigmund Gudvangen titled "Re: [vchkpw] Multi domain bounce message handling" the best working theory i had was that since qmail-02.nntx.net NFS mounts /home/vpopmail/domains, then perhaps the share was unavailable for some time, but that theory was quickly proven not to hold water because: 1] the system would have sat and waited until the share did come on-line before doing anything 2] not only would the .qmail-vpopmail not be available, but .qmail-default wouldnt have been either any ideas? this greatly worries me. Jeremy Kister www.jeremykister.com/jeremy/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Saturday, October 18, 2003 11:12 PM To: [EMAIL PROTECTED] Subject: ezmlm warning Return-Path: Delivered-To: [EMAIL PROTECTED] Received: (qmail 14139 invoked by uid 1010); 19 Oct 2003 01:58:07 - Received: from unknown (HELO ns1.inter7.com) (209.218.8.2) by max.nntx.net with SMTP; 19 Oct 2003 01:58:07 - Received: (qmail 7722 invoked by uid 511); 19 Oct 2003 03:12:06 - Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Date: 19 Oct 2003 03:12:06 - Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Content-type: text/plain; charset=us-ascii Subject: ezmlm warning Hi! This is the ezmlm program. I'm managing the [EMAIL PROTECTED] mailing list. I'm working for my owner, who can be reached at [EMAIL PROTECTED] Messages to you from the vchkpw mailing list seem to have been bouncing. I've attached a copy of the first bounce message I received. If this message bounces too, I will send you a probe. If the probe bounces, I will remove your address from the vchkpw mailing list, without further notice. I've kept a list of which messages from the vchkpw mailing list have bounced from your address. Here are the message numbers: 23631 --- Enclosed is a copy of the bounce message I received. Return-Path: <> Received: from unknown (HELO qmail-02.nntx.net) (64.115.47.41) by evanston.inter7.com with SMTP; 7 Oct 2003 09:27:59 - Received: (qmail 25216 invoked for bounce); 7 Oct 2003 08:13:56 - Date: 7 Oct 2003 08:13:56 - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: failure notice Hi. This is the qmail-send program at qmail-02.nntx.net. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <[EMAIL PROTECTED]>: user does not exist, but will deliver to /home/vpopmail/domains/jeremykister.co/jeremy/ message is looping /home/vpopmail/domains/jeremykister.co/jeremy/Maildir/ mail is looping --- Below this line is a copy of the message. [...]
Re: [vchkpw] vchkpw@inter7.com ezmlm warning
On Saturday, October 18, 2003 11:18 PM, X-Istence wrote: > So basically, its on their side, unless something is looping on my side, > of which i know nothing. It cannot be on their side; how would their MTA know my maildir is in /home/vpopmail/domains/jeremykister.co/jeremy/ ? they also clearly attach the bounce which my system sent to them: from qmail-02.nntx.net (which is mine) did you receive the message at the same time I did ? Jeremy Kister www.jeremykister.com Argus: The World's Most Advanced Monitoring Software: http://argus.tcp4me.com
Fw: [vchkpw] vchkpw@inter7.com ezmlm warning
Upon examining the original message that my MTA bounced, I know this is not a coincidence. I trimmed the original message because I thought it was non-relevant, but it clearly is. something in the original message confused some part of my MTA; This _is_ a bug; im just not sure if it's qmail or vpopmail below is the original email message that my system bounced due to "message is looping" Tom!? Ken!? :) Jeremy Kister www.jeremykister.com/jeremy Return-Path: <[EMAIL PROTECTED]> Received: (qmail 25209 invoked by uid 1010); 7 Oct 2003 08:13:55 - Received: from unknown (HELO ns1.inter7.com) (209.218.8.2) by max.nntx.net with SMTP; 7 Oct 2003 08:13:55 - Received: (qmail 27027 invoked by uid 511); 7 Oct 2003 09:27:02 - Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk List-Post: <mailto:[EMAIL PROTECTED]> List-Help: <mailto:[EMAIL PROTECTED]> List-Unsubscribe: <mailto:[EMAIL PROTECTED]> List-Subscribe: <mailto:[EMAIL PROTECTED]> Delivered-To: mailing list [EMAIL PROTECTED] Received: from unknown (HELO rous.redbarn.org) (204.152.188.41) by evanston.inter7.com with SMTP; 7 Oct 2003 09:27:01 - To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] (Eric Ziegast) In-reply-to: Your message of "Tue, 07 Oct 2003 00:55:40 PDT." <[EMAIL PROTECTED]> Date: Tue, 07 Oct 2003 01:12:40 -0700 Sender: [EMAIL PROTECTED] Message-Id: <[EMAIL PROTECTED]> Subject: Re: [vchkpw] unexpected Delivered-To > >> How can this happen? > > > > *Any* header can be forged. :^) > > Ok, but I'm not clear on one thing. qmail+vpopmail is going to route > locally based on the to field of the incoming message, right? So you are > saying this message was forged locally, meaning a hacked server? The envelope recipient ("RCPT TO:") is what qmail mostly cares about. The normal message headers are fluffy bits of superfluous information that could help it detect a mail loop. Your message appears to have had a "To:" header of "[EMAIL PROTECTED]" (forged) and an envelope recipient of "[EMAIL PROTECTED]" (not forged) or maybe even some other address that aliases itself to kurt. > Curiously your off-list reply cased my server to generate this message: > message is looping /var/vpopmail/domains/breathsense.com/kkb/Maildir/ Why would your server bounce it in the first place? Fix that! -- Eric Ziegast [EMAIL PROTECTED] (aka [EMAIL PROTECTED]) (aka [EMAIL PROTECTED])
Re: [vchkpw] vchkpw@inter7.com ezmlm warning
On Sunday, October 19, 2003 12:42 AM, Gregory Kuhn wrote: > message_is_looping_/home/vpopmail/domains/ctch.net/gkuhn/Maildir// ah ha! :) this would explain why: grep 'is looping' /var/log/qmail/current bore no fruit :) s/\s+/_/g; sigh. after resolving the PEBKAC error, I do see the entries in my logs. since we're on the topic of guaranteed bouncing (since the Delivered-To: header can still easily be forged), is it worth investing some crypto into it ? or even appending some Site-Unique level string to the end of Delivered-To like the domain name -- instead of: Delivered-To: [EMAIL PROTECTED] it'd be: Delivered-To-nntx.net: [EMAIL PROTECTED] or some such. Whatever the annex is, it'd have to be static (at the site/domain level), because many people use the Delivered-To header for processing via procmail/etc. Forging the Delivered-To line could be to Mr. Spammer's advantage, because he could send millions+ of messages to addresses that use vpopmail, and could depend on the bouncing to deliver his mail; just spoof the envelope recipient/from and wala. Jeremy Kister www.jeremykister.com Argus: The World's Most Advanced Monitoring Software: http://argus.tcp4me.com
Re: [vchkpw] autorespond with a [dot] in the email address
On Saturday, February 21, 2004 7:16 AM, Darren Beale wrote: > it won't, simple as that. If I rename to .qmail-foo and set up a valias > for foo to foo.bar it works. try: mv .qmail-foo.bar .qmail-foo\:bar > Is this easy to fix? have I missed something obvious? think so.. qmail-local translates dot to colon. Jeremy Kister www.jeremykister.com/jeremy/ Argus: The World's Most Advanced Monitoring System: http://argus.tcp4me.com
[vchkpw] qmail address extensions
I recently had the need for qmail address extension support in vpopmail. Since i was running an oldish release of vpopmail (5.3.28) I upgraded to 5.4.3. I configured using: ./configure \ --enable-many-domains=y \ --enable-logging=v \ --enable-clear-passwd=n \ --enable-roaming-users=n \ --enable-rebuild-tcpserver-file=n \ --enable-qmail-ext I then started playing with sending emails to address extensions. when I had a plain-vanilla mailbox, it worked perfectly, However, when i had a forward/alias (or a .qmail-user for that mailbox), it did not work. This is important, because I am using a TMDA like system. I do: ~vpopmail/bin/vadduser [EMAIL PROTECTED] pass echo '|/usr/local/bin/program [EMAIL PROTECTED]' > ~vpopmail/domains/example.com/.qmail-user I'm not sure if this is a bug, or just not currently a feature, but can someone implement this? Jeremy Kister www.jeremykister.com/jeremy/ Argus: The World's Most Advanced Monitoring System: http://argus.tcp4me.com
[vchkpw] Re: qmail address extensions
On Friday, April 16, 2004 11:04 PM, I wrote: > I then started playing with sending emails to address extensions. when I > had a plain-vanilla mailbox, it worked perfectly, However, when i had a > forward/alias (or a .qmail-user for that mailbox), it did not work. Seems like this is qmail-local anyway -- right? Jeremy Kister www.jeremykister.com/jeremy/
RE: [vchkpw] Major SMTP AUTH Issues
On Sunday, April 25, 2004 9:17 PM, Chris Miller wrote: > I'm having major issues with SMTP AUTH. Currently, if a user authenticates they are allowed to relay. The problem is > even if the user authenticates incorrectly, they are allowed to relay. I'm sure it's something in my qmail-smtpd run script, > so I'm pasting it below: this has been discussed extensively, but... you are probably using Krzysztof Dabrowski's qmail-smtpd-auth-0.31 patch either patch your qmail with Erwin Hoffmann's http://www.fehcom.de/qmail/auth/qmail-smtpd-auth-043_tgz.bin or fix your run script: exec /usr/local/bin/softlimit -m 300 /usr/local/bin/tcpserver -v -R -l "$LOCAL" \ -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$VPOPUID" -g "$VPOPGID" 0 smtp \ /var/qmail/bin/qmail-smtpd "$LOCAL" /var/vpopmail/bin/vchkpw /bin/true 2>&1 I recommend Erwin's fixup, as it has bug fixes and updated functionality you may also want to investigate using the -H flag for tcpserver. Jeremy Kister http://jeremy.kister.net/
Re: [vchkpw] smtp auth
On Monday, April 26, 2004 3:31 AM, signo wrote: > i've tried the qmail-smtpd-auth-043_tgz.bin patch but the result is always the same: > > 454 oops, unable to write pipe and I can't auth (#4.3.0) your run script is incorrect for this patch. try: exec /usr/local/bin/softlimit -m 300 /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" -u "$VPOPUID" -g "$VPOPGID" 0 smtp /var/qmail/bin/qmail-smtpd /var/vpopmail/bin/vchkpw /bin/true 2>&1 or, you and Chris and just trade run files ;) Jeremy Kister http://jeremy.kister.net/
Re: [vchkpw] smtp auth
On Monday, April 26, 2004 3:22 AM, I wrote: > your run script is incorrect for this patch. try: also, if you really have: LOCAL=`` that's wrong too. LOCAL=`head -1 /var/qmail/control/me` Jeremy Kister http://jeremy.kister.net/
Re: [vchkpw] smtp auth
On Monday, April 26, 2004 4:00 AM, signo wrote: > i'm feel very stupid !!! it does not work!! > > VPOPUID=`id -g vpopmail` well, that should be VPOPUID=`id -u vpopmail` are you running Solaris? if so, change VPOPUID=`id -u vpopmail` to VPOPUID=`/usr/xpg4/bin/id -u vpopmail` VPOPGID=`id -g vpopmail` to VPOPGID=`/usr/xpg4/bin/id -g vpopmail` what is the output of ls -la /var/vpopmail/bin/vchkpw ? also, you might try increasing the softlimit -m to 500, just for testing. Jeremy Kister http://jeremy.kister.net/
Re: [vchkpw] SMTP Auth HOWTO?
On Friday, May 21, 2004 5:41 AM, DEBO Jurgen E. G. wrote: > In the OLD days, people were happy with SMTP-Auth. I consider it LESS > security as SMTP after POP, because with SMTP-Auth, You sent Your > e-mailadress and Your password of Your mailbox over the internet. Are you insinuating that this is not so with POP3 (or "SMTP after POP") ? LOL Jeremy Kister http://jeremy.kister.com/
RE: [vchkpw] finding over-quota users
On Thursday, July 08, 2004 6:48 PM, Charles Sprickman wrote: > Is there any simple way to run through a large number of users (3000 or > so) and find out who is over quota and when they last checked their mail? you can try http://jeremy.kister.net/code/perl/mailquota.pl mailquota.pl -v -e [EMAIL PROTECTED] will email the report to [EMAIL PROTECTED], and also show you stuff as it is gathering data. Jeremy Kister http://jeremy.kister.net/
Re: [vchkpw] chkuser patch
On Wednesday, July 07, 2004 5:32 AM, tonix (Antonio Nati) wrote: > I'm preparing chkuser 2.0, that will integrate all these changes, and will > improve a lot of other things. Hi, Antonio Could you make chkusr work with djb's serialmail (http://cr.yp.to/serialmail.html) ? instead of just having a .qmail-1:2:3:4-default, "bounce-no-mailbox" could be in the default, and have the rest of the .qmail-1:2:3:4-usernames, like normal.. Jeremy Kister http://jeremy.kister.net/
Re: [vchkpw] chkusr patch w/Vpopmail 5.4.5
On Monday, July 12, 2004 11:00 PM, Nick Berry wrote: > I am trying to implement the chkusr patch (which was good for vpopmail > 5.3), but I've come across the following error: [...] > *** Error code 1 after patching, did you modify the Makefile, as well ? edit the Makefile, look for qmail-smtpd:, and after `cat socket.lib`, add /home/vpopmail/lib/libvpopmail.a (adjusting for you're vpopmail's home, of course) you'll also need to look for qmail-smtpd.o:, and add /home/vpopmail/include/vpopmail.h /home/vpopmail/include/vauth.h before the ./compile qmail-smtpd.c > Any suggestions? if you're up for a bigger patch, and you see need for the functionality, you can try the qmail-1.03.isp.patch, available at http://jeremy.kister.net/code/qmail-1.03.isp.patch which includes chkusr. Jeremy Kister http://jeremy.kister.net/
[vchkpw] Crypt incompatibility
I have vpopmail 5.4.5 on an array of Solaris sparc machines. One of Solaris machines hosts the qmail control files, the assign file, and the vpopmail domains directory. All the client machines deliver mail via NFS. I recently added a FreeBSD 5.2.1-R i386 box to the mix. This box can deliver fine to the spool, but a problem comes when trying to authenticate credentials (via smtp auth). penny> telnet 0 25 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. 220 qmail-03.example.net ESMTP AUTH LOGIN 334 VXNlcm5hbWU6 dGVzdEBleGFtcGxlLmNvbQ== 334 UGFzc3dvcmQ6 YXNkZg== 535 authentication failed (#5.7.1) I wrote my own vchkpw in perl (inspectable at: http://jeremy.kister.net/code/perl/vchkpw.pl): >From the Solaris box: max> ./vchkpw.pl Email Address: [EMAIL PROTECTED] Password: asdf test: $1VUyx7YfKO2w - crypt: $1VUyx7YfKO2w Correct Password >From the FreeBSD box: penny> ./vchkpw.pl Email Address: [EMAIL PROTECTED] Password: asdf test: $125a08DVKgFI - crypt: $1VUyx7YfKO2w Incorrect Password Interestingly, if i test the credentials with qmail-popup, authentication works: penny> /var/qmail/bin/qmail-popup /home/vpopmail/bin/vchkpw id +OK <28456.1093625622@/home/vpopmail/bin/vchkpw> USER [EMAIL PROTECTED] +OK PASS asdf uid=0(root) gid=0(wheel) groups=0(wheel), 5(operator) It seems that the crypt function in Solaris and FreeBSD are making different crypts even though they're using the same salt. If that's the case, how is qmail-popup working correctly? Any ideas how to fix this? Jeremy Kister http://jeremy.kister.net/
Fw: [vchkpw] Crypt incompatibility
On Friday, August 27, 2004 1:14 PM, Jeremy Kitchen wrote: > why? > > this question isn't related to vpopmail. You should ask your OS vendors, or > > some perl gurus. I'm not sure that you read my email. the vchkpw.pl was just debugging information. qmail-popup works fine, but smtp auth using vchkpw does not. Jeremy Kister http://jeremy.kister.net/
Fw: [vchkpw] Crypt incompatibility
On Friday, August 27, 2004 1:26 PM, Tom Collins wrote: > What was used to generate the $1 salt for the original crypted > passwords? your software. ~vpopmail/bin/vadduser [EMAIL PROTECTED] asdf, on Solaris 2.7 sparc vpopmail 5.4.6 Jeremy Kister http://jeremy.kister.net/
Re: [vchkpw] Crypt incompatibility
On Friday, August 27, 2004 1:33 PM, Tom Collins wrote: > > What was used to generate the $1 salt for the original crypted > > passwords? Interestingly, *all* the crypts in every vpasswd (192 of them) start with $1, and all have been created using some version of vadduser. i just asked a friend, who's running vpopmail 5.4.6 on slackware 2.4.26, and all of his crypts start with $1$ Jeremy Kister http://jeremy.kister.net/
Re: [vchkpw] Crypt incompatibility
On Friday, August 27, 2004 2:00 PM, Tom Collins wrote: > Your server's crypt() doesn't support MD5 passwords. You will need to > rebuild vpopmail with the --disable-md5-passwords option. You've solved my problem (after also recompiling/reinstalling qmail). > If you compiled with clear password support, you might want to use your > Perl skills to go through each vpasswd file and replace the current > encrypted password with a new one (using a valid salt). If you delete not tested too much, but it seems to have worked on my installation: http://jeremy.kister.net/code/perl/vchkpw.fixcrypt.pl > Here's a patch I'm adding to vpopmail to fall back to using a non-MD5 > salt if the host's crypt() doesn't handle MD5. [..] > + if (tmpstr[2] != '$') { I know less than nothing about C, but shouldnt that be: 'if (tmpstr[0] == '$') {' ? it might be good for this to get done at compile time (i.e. testing for MD5 support... failed! reconfigure using --disable-md5-passwords) this whole experience also raises an interesting question -- perhaps installations including the clear password shouldnt even use crypts. Thanks, Tom Jeremy Kister http://jeremy.kister.net/
[vchkpw] Fw: [Courier-imap] chdir "username": No such file or directory
Seems as if Sam was serious about any problems regarding vpopmail authentication being ignored on the Courier IMAP list :-/ Even though I'm not convinced it's a vchkpw problem, I'm forwarding here; sorry for the double post for those subscribed to both lists.. Please note i've upgraded gcc to 3.3.2, make to 3.8.0, and gdbm to 1.8.3. > I'm running qmail 1.03 (with a bunch of patches) and vpopmail 5.4.6 on > solaris sparc 2.7. > using gcc 3.2.1. > > I had courier-imap 1.7.0 installed and working perfectly. for some reason, > i decided i should upgrade. I downloaded, compiled, and installed 3.0.8. > > the new imap server closes the TCP connection immediately after my client > sends login information. > > my logs show: > INFO: Connection, ip=[127.0.0.1] > LOGIN: DEBUG: ip=[127.0.0.1], command=LOGIN > LOGIN: DEBUG: ip=[127.0.0.1], [EMAIL PROTECTED] > chdir "foobaz": No such file or directory > > i've configured with: > CPPFLAGS="-I/usr/local/ssl/include -I/home/vpopmail/include" \ > LDFLAGS="-L/usr/local/ssl/lib -L/home/vpopmail/lib" \ > CC=gcc ./configure \ > --prefix=/usr/local/courier-imap \ > --enable-workarounds-for-imap-client-bugs \ > --without-ipv6 --without-userdb \ > --with-syslog=MAIL --without-authpwd \ > --without-authshadow --without-authpam \ > --without-authuserdb --without-authcram \ > --with-authvchkpw --without-authldap \ > --without-authmysql --without-authpgsql \ > --without-authdaemon --without-authcustom > > > i've tried using different email addresses, i've tried using %s instead of > @s (and variations thereof). I've googled for hours (too much noise about > "chdir Maildir" getting in the way). I've even tried installing 2.2.1 and > 1.7.3. each of them is exhibiting the same behavior. > > i dont believe this problem is of vpopmail, as qmail-popup is authenticating > against vchkpw, and i can test vchkpw: > goofy# printf "%s\0%s\0%s\0" [EMAIL PROTECTED] asdf ABC123 | vchkpw pwd 3<&0 > /home/goofy/vpopmail/domains/jeremykister.com/foobaz > > I've clearly botched something, but since I did this overnight, and it's > turn into a sleepless night, I just cant figure out what's wrong. > > Any Ideas? Jeremy Kister http://jeremy.kister.net/
Re: [vchkpw] Fw: [Courier-imap] chdir "username": No such file or directory
On Saturday, September 25, 2004 8:08 PM, Tom Collins wrote: > an auth module. Make sure that you're configuring it to use authvchkpw > and nothing else. yep - my configure script was listed in my previous email - only authvchkpw is enabled. I've got a hunch that there is an incompatibility between the newer vpopmail and courier's authvchkpw I compiled courier-imap 2.2.0 on a Solaris 2.9 box, with vpopmail 5.2.1. All IMAP functions behaved as expected. I took the authvchkpw binary from the 2.9 box, and copied it over to my 2.7 box, with vpopmail 5.4.6 CourierIMAP now seems happy. I'm surprised no one else has run into this. Is there anyone out there running vpopmail 5.4.x and courier-imap with authvchkpw ? This will be cross-posted to the courier-imap list, just to let Sam (et al) know about the possible incompatibility. Jeremy Kister http://jeremy.kister.net/
Re: [vchkpw] Fw: [Courier-imap] chdir "username": No such file or directory
On Sun, 26 Sep 2004 22:31:49 +1000, Michael Bowe wrote: > DEBUG_LOGIN=2. Then restart your courier-imap daemon. Then look in your > /var/log/maillog. This is an example of an entry from my logs : [...] > Jeremy, how does this compare with your system? I have slightly obfuscated the email address and password. Connection, ip=[68.80.68.156] LOGIN: DEBUG: ip=[68.80.68.156], command=LOGIN LOGIN: DEBUG: ip=[68.80.68.156], [EMAIL PROTECTED] LOGIN: DEBUG: ip=[68.80.68.156], password=blah authvchkpw: starting client module authvchkpw: [EMAIL PROTECTED], sysuserid=1010, sysgroupid=1010, homedir=jeremy, [EMAIL PROTECTED], fullname=, maildir=, quota=, options= authvchkpw: clearpasswd=, passwd=zfhdrFE4797Xs password matches successfully chdir "jeremy": No such file or directory > And the corresponding vuserinfo shows : goofy> ~vpopmail/bin/vuserinfo [EMAIL PROTECTED] name: jeremy passwd: zfhdrFE4797Xs clear passwd: blah uid:1 gid:0 flags: 0 gecos: jeremy limits: No user limits set. dir: /home/vpopmail/domains/jeremykister.com/jeremy quota: 104857600S usage: 5% last auth: Tue Sep 28 15:18:05 2004 last auth ip: imap -- Jeremy Kister http://jeremy.kister.net/
[vchkpw] vpopmail >= 5.4.8 solaris install problem
I have identified an installation problem in the latest releases of vpopmail on Solaris 2.7 the install program used by the Makefile does not support installing multiple files in one run, and it does not error when told to install multiple files -- it simply installs the first in the list, and exits. this yields 'make install' not copying config.h, vauth.h, nor vlimits.h to ~vpopmail/include/ needless to say, this makes things _very_ confusing, when vuserinfo works, but when programs like qmailadmin dont work (because they are using include files from an older vpopmail series that were not overwritten) the following patch fixes the problem (use patch -d vpopmail-5.4.8 < vpopmail-5.4.8-kisterfix): --- Makefile.am.orig 2004-12-09 00:29:58.222616000 -0500 +++ Makefile.am 2004-12-09 00:31:00.863282000 -0500 @@ -151,9 +151,9 @@ $(INSTALL) -o root -m 0444 \ config.h $(DESTDIR)@vpopmaildir@/include/vpopmail_config.h - $(INSTALL) -o root -m 0444 \ -vpopmail.h config.h vauth.h vlimits.h \ -$(DESTDIR)@vpopmaildir@/include/ + for include in vpopmail.h config.h vauth.h vlimits.h ; do \ + $(INSTALL) -o root -m 0444 $$include $(DESTDIR)@vpopmaildir@/include/ ; \ + done $(INSTALL) -d $(DESTDIR)@vpopmaildir@/doc/man_html $(INSTALL) -d $(DESTDIR)@vpopmaildir@/doc/doc_html --- Makefile.in.orig 2004-12-09 00:30:02.552653000 -0500 +++ Makefile.in 2004-12-09 00:30:30.282952000 -0500 @@ -829,9 +829,9 @@ $(INSTALL) -o root -m 0444 \ config.h $(DESTDIR)@vpopmaildir@/include/vpopmail_config.h - $(INSTALL) -o root -m 0444 \ -vpopmail.h config.h vauth.h vlimits.h \ -$(DESTDIR)@vpopmaildir@/include/ + for include in vpopmail.h config.h vauth.h vlimits.h ; do \ + $(INSTALL) -o root -m 0444 $$include $(DESTDIR)@vpopmaildir@/include/ ; \ + done $(INSTALL) -d $(DESTDIR)@vpopmaildir@/doc/man_html $(INSTALL) -d $(DESTDIR)@vpopmaildir@/doc/doc_html -- Jeremy Kister http://jeremy.kister.net/
Re: [vchkpw] Error compiling qmail - chkuser - vpopmail
on 2/24/2005 1:22 AM D E said the following: > I am trying to compile qmail 1.03 - chkuser 2.08b - vpopmail 5.3.24 (no > mysql) on FreeBSD and am getting the following error. [...] > /usr/local/server-setup/mail-setup/vpopmail-5.3.24/vauth.c(.text+0x1d34): > undefined reference to `crypt' try 'echo gcc -lcrypt -s' > conf-ld ; make -- Jeremy Kister http://jeremy.kister.net/
Re: [vchkpw] Error compiling qmail - chkuser - vpopmail
on 2/24/2005 1:51 AM Jeremy Kister said the following: > on 2/24/2005 1:22 AM D E said the following: >> I am trying to compile qmail 1.03 - chkuser 2.08b - vpopmail 5.3.24 (no >> mysql) on FreeBSD and am getting the following error. > [...] >> /usr/local/server-setup/mail-setup/vpopmail-5.3.24/vauth.c(.text+0x1d34): >> undefined reference to `crypt' > > > try 'echo gcc -lcrypt -s' > conf-ld ; make <2am tiredness> doh! that's 'echo gcc -lcrypt -s > conf-ld ; make' (without the exterior quoting, of course) -- Jeremy Kister http://jeremy.kister.net/
Re: [vchkpw] Change default domain admin
On 4/15/2005 2:55 PM, Tom Collins wrote: > Should we make some updates to vadddomain to automatically create an > alias from abuse to postmaster? We could make that the default and > have an option to override it with a particular address... this in itself is not a good idea. I appreciate that RFC822 #6.3 requires the 'postmaster' localpart, however it in no way even hints that this account should be a mailbox (rather than a forward). as well, RFC2142 #2 states the 'abuse' localpart must be valid, but again makes no recommendation on how it should be valid, nor who should read the mail. I (et al) run qmail servers with a bit over 2,000 vpopmail-managed domains. All of these domains are managed by the end-user via qmailadmin. In my experience, almost all of these users do not check the existing "postmaster" mailbox, and instead, let mail fill up the box until it's at quota. My suggestion is that qmailadmin should not force users to follow best current practices, but it should only warn them if they are not following them. For example, if there is no abuse mailbox/forward, perhaps some warning message can be displayed directly after an administrative user logging in. I think this method should also exist for the postmaster localpart, but that'd clearly require a big change in qmailadmin's behavior. Because qmailadmin automatically assumes that someone will be checking the "postmaster" mailbox, most end-users dont even realize they should be checking it. If setting up the 'postmaster' account were a manual process for the end-user, it'd be more intuitive to the end-user that he'd need to be checking it on a regular basis, or should forward it somewhere. automatically creating an abuse localpart that forwards to the postmaster mailbox will only further hurt my servers, as currently the chkusr patch would simply reject "abuse" at smtp time. -- Jeremy Kister http://jeremy.kister.net/
Re: [vchkpw] Change default domain admin
On 4/15/2005 4:06 PM, Jeremy Kister wrote: > My suggestion is that qmailadmin should not force users to follow best > current practices, but it should only warn them if they are not > following them. forgive all my references to 'qmailadmin' - i realize we're taking about vadddomain, but see no way to fix the problem in vadddomain - vadddomain should simply add the domain, with minimal interference. vadduser and qmailadmin is where the user accounts should continue to be managed. -- Jeremy Kister http://jeremy.kister.net/
Re: [vchkpw] Per user .qmail patch
On Fri, 16 Dec 2005 16:03:07 + (GMT), Drew Wells wrote: > I have patched VpopMail 5.4.13 so that each user in a domain can have > there E-Mail handled by there own set of .qmail files (in > /var/vpopmail/domains/{domain}/{user}), this is a patch to > 'int check_forward_deliver(char *dir)' in vdelivermail.c. good idea > Is this patch of any interest to anyone or is this meant to be done > another way ? since we're talking about revamping code, we should change the name of the files. It's hard for some people to understand what qmail-local does and what vdelivermail does; calling files ".qmail" which are actually handled by vdelivermail is misleading. As suggested by Charles Cazabon (archived at http://msgs.securepoint.com/cgi-bin/get/qmail0510/86/1/1/1/1/1.html), we should call these files .vpopmail and/or .vpopmail-user this will clearly differentiate qmail-local and vdelivermail's responsibilities and will natively point newbies in the right direction. both vpopmail and qmailadmin could be updated trivially, and a couple of lines of perl could upgrade everyone's vpopmail/domains directory tree. I'd be happy to write the upgrade script. whether or not we decide to change the name of the files, we'll have to ask Antonio to update chkusr and checkuser before the release, or at least note the possible incompatibility with existing installations. -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] Per user .qmail patch
On 12/16/2005 3:00 PM, Charles J. Boening wrote: > Don't really need a perl script. This should work. > > find /home/vpopmail/domains -name .qmail* | xargs -i rename qmail > vpopmail '{}' from your suggestion, I think you're one of the people who are confused. :) renaming all .qmail* files in ~vpopmail/domains will break your installation horribly. -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] Per user .qmail patch
On 12/16/2005 4:41 PM, Charles J. Boening wrote: > Details, details :) > > I'm sure you could filter those out. > > find /home/vpopmail/domains -mindepth 3 -name .qmail* | xargs -i rename > qmail vpopmail '{}' now you've broken those with large numbers of domains and domain hashing.. # grep example.com /var/qmail/users/assign +example.com-:example.com:1010:1010:/home/vpopmail/domains/1/a/example.com:-:: or, perl... ;p http://jeremy.kister.net/code/perl/change-vpopmail-files.pl -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] Per user .qmail patch
On 12/16/2005 5:21 PM, Charles J. Boening wrote: > I thought that was the proposal. To call the files .vpopamil files > since vdelivermail was actually doing the delivery. You'd still have > .qmail files in the ~vpopmail/domains/ directory but the > ~vpopmail/domains// directory would have > .vpopamail files. > Guess I'll have to go back and read again. no, that's entirely correct. just that the original posted code didnt leave qmail-local's .qmail-user files inside // alone. -- Jeremy Kister http://jeremy.kister.net./
[vchkpw] Re: domain/.qmail-user vs user/.qmail [was: Per user .qmail patch]
On 12/16/2005 6:43 PM, Rick Macdougall wrote: > What's the advantage of this over .qmail-user-list in the main domain > directory ? Which spawns an equally interesting question -- why have user/.qmail at all? I cant think of any scenarios where user/.qmail is needed.. user/.qmail hurts performance, as qmail-local has to call vdelivermail instead of just dealing with the mail itself. i think you're right -- neither user/.qmail, user/.qmail-ext nor user/.vpopmail are needed. -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] Vpopmail and domain literals
On 1/9/2006 8:57 PM, Simon Comeau Martel wrote: I am trying to figure out how does vpopmail handle domain literals. it doesn't, really. I saw nothing about that topic in the doc, and google doesn't return anything useful. My Qmail+Vpopmail installation do accept mails sent in that format ie: rcpt to: <[EMAIL PROTECTED]>, but I have no idea in witch mailbox the message is going. dotted decimal domains in brackets are handled by /var/qmail/alias/.qmail-whatever it's mentioned in addresses.5 -- not sure if its more specifically documented elsewhere. -- Jeremy Kister http://jeremy.kister.net./
[vchkpw] compiling vpopmail 5.4.13 on Solaris 7
looks like vpopmail is looking for an "err.h" make[2]: Leaving directory `/export/home/src/sparc-sun-solaris2.7/vpopmail-5.4.13/cdb' make[2]: Entering directory `/export/home/src/sparc-sun-solaris2.7/vpopmail-5.4.13' gcc -I. -Icdb -I. -I. -I.-fPIC -g -O2 -Wall -c -o libvpopmail_a-vpopmail.o `test -f 'vpopmail.c' || echo './'`vpopmail.c vpopmail.c:35: err.h: No such file or directory make[2]: *** [libvpopmail_a-vpopmail.o] Error 1 the only place I have an err.h is in /usr/include/sys/ If I muck with the Makefile, -DEFAULT_INCLUDES = -I. -I$(srcdir) -I. +DEFAULT_INCLUDES = -I. -I$(srcdir) -I/usr/include/sys/ and then try to make, i still get errors: In file included from vpopmail.c:35: /usr/include/sys/err.h:32: field `e_map' has incomplete type vpopmail.c: In function `vadddomain': vpopmail.c:130: warning: implicit declaration of function `chdir' [...] vpopmail.c:3096: dereferencing pointer to incomplete type make[2]: *** [libvpopmail_a-vpopmail.o] Error 1 What's the solution to this problem ? -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] compiling vpopmail 5.4.13 on Solaris 7
On 1/19/2006 3:59 PM, Jorge Valdes wrote: I am still using an older version, but the problem is with the use of "warn" in the "r_mkdir" routine more or less lines 1822 & 1830. It will compile if you change the format from "warn ('xxx')" to "fprintf (stderr, 'xxx');" a format also used in line 1833. I checked, and err.h is available for Linux, but not for Solaris. Thanks, Jorge. all compiled fine after the changes. -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] 5.4.14 - any news?
On 2/20/2006 8:10 PM, Robin Bowes wrote: I'm just doing a new install for a client. Any news on whether v5.4.14 is ready yet? Don't think so, but here's an important patch to 5.4.13 http://jeremy.kister.net/code/vpopmail-5.4.13-pound-and-err.patch -- Jeremy Kister http://jeremy.kister.net./
[vchkpw] vadddomain -> Error: Could not open qmail default
when i use vadddomain, i get an error: Error: Could not open qmail default vdeldomain, vadduser, and vdeluser all work correctly. I made a small change to vpopmail.c to see what's going on: --- ../vpopmail-5.4.13/vpopmail.c 2006-02-22 16:05:34.612401000 -0500 +++ vpopmail.c 2006-02-22 15:58:12.998402000 -0500 @@ -198,6 +198,7 @@ /* create the .qmail-default file */ snprintf(tmpbuf, sizeof(tmpbuf), "%s/%s/%s/.qmail-default", dir, DOMAINS_DIR, DomainSubDir); + fprintf(stderr, "%s/%s/%s/.qmail-default\n", dir, DOMAINS_DIR, DomainSubDir); if ( (fs = fopen(tmpbuf, "w+"))==NULL) { /* back out of changes made so far */ chdir(dir); chdir(DOMAINS_DIR); this yields the following output: /export/home/vpopmail//export/home/vpopmail/domains/ff.com/.qmail-default Error: Could not open qmail default my configure: ./configure \ --prefix=/export/home/vpopmail/arch/SunOS-5-sun4u \ --enable-domains-dir=/export/home/vpopmail/domains \ --disable-md5-passwords \ --disable-roaming-users \ --enable-logging=v \ --disable-rebuild-tcpserver-file \ --enable-learn-passwords \ --enable-qmail-ext \ --enable-ip-alias-domains if I symlink /export/home/vpopmail/export/home/vpopmail/domains to /export/home/vpopmail/domains, all works fine. Anyone know why this is happening ? -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] vadddomain -> Error: Could not open qmail default
On 2/22/2006 5:51 PM, Stoyan Marinov wrote: As far as I know --enable-domains-dir sets the domains directory, relative to vpopmail's home dir. If you set vpopmail's home dir to /export/home/vpopmail, /export/home/vpopmail/domains will be set by default as DOMAINS_DIR. Funny, I was just testing that as your message came in. I changed the path to /export/home/vpopmail/./ in my passwd file, and recompiled. sure enough, the error was referencing /export/home/vpopmail/./export/home/vpopmail/domains so --enable-domains-dir is relative to the vpopmail user's path. I think it's more intuitive to think that --enable-domains-dir overrides --prefix. but that's fine. it should be noted in ./configure --help. recompiling and simply leaving out --enable-domains-dir fixed the problem. Thanks, -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] Why not disconnect after rejection/limit ?
On 3/3/2006 10:28 AM, Michael Krieger wrote: An SMTP server MUST NOT intentionally close the connection except: - After receiving a QUIT command and responding with a 221 reply. - After detecting the need to shut down the SMTP service and returning a 421 response code. This response code can be issued after the server receives any command or, if necessary, asynchronously from command receipt (on the assumption that the client will receive it after the next command is issued). Not to turn this into a RFC contest on the wrong mailing list, but we must be interpreting that differently -- my qmail-1.03.isp.patch will close a connection after a defined number of errors. I claim RFC 2821 #3.9 compatibility, because before closing the connection, I send a 400 error. I have the 'need' to close the connection, because I no longer want to hear from this abuser, and he is automatically entered into tcp.smtp.cdb for rejection. -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] delete
On 3/23/2006 2:59 PM, Rob Genovesi wrote: The "delete" option from Qmailadmin does not seem to be working on my server. It creates a .qmail file with a single line: "# delete" , however messages are still delivered to the Maildir. Any ideas as to what might be going on? vpopmail 5.4.10 qmailadmin 1.2.9 Your version of vpopmail is broken. try to upgrade. vpopmail 5.4.13 + vpopmail-5.4.13-pound-and-err.patch is the latest stable version that I know of. -- Jeremy Kister http://jeremy.kister.net./
[vchkpw] qmail-inject deferrals
I'm using qmail and vpopmail in a rather large environment. I've always got several hundred messages in my queues because of unparsable header fields. delivery 50391: deferral: qmail-inject:_fatal:_unable_to_parse_this_line:/Return-Path:_Received:_from_wctc.net.airstream.mail8.psmtp.com_(wctc.net.airstream.mail8.psmtp.com_[63.240.161.100])_by_mx1.extreme-hosting.net_with_smtp;_mrt,_24_2006_3:13:50_-0100/system_error/ I do not want to fixup broken messages with new-inject, and I because qmail-inject is giving a fatal error, vdelivermail should also. Is this patch correct? --- vdelivermail.c.orig Fri Mar 24 16:15:12 2006 +++ vdelivermail.c Fri Mar 24 16:34:20 2006 @@ -667,13 +667,13 @@ printf ("write to qmail-inject failed: %d\n", errno); close(fdm); waitpid(inject_pid,&child,0); - vexiterr (EXIT_DEFER, "system error"); + vexiterr (child, "system error"); } close(fdm); waitpid(inject_pid,&child,0); if (wait_exitcode(child) == 0) return; - vexiterr (EXIT_DEFER, "system error"); + vexiterr (child, "system error"); } } -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] qmail-inject deferrals
On 3/24/2006 4:40 PM, Michael Krieger wrote: > Note return-path is blank, and fails to contain a newline. I'd > fix the problem- being whatever is accepting this mail message into > your queue in the first place. I cannot fix millions of people's spamware. I honestly wish i could. :) We sometimes get these when people try to inject into php scripts > by making a from address contain newlines and the programmer is an > idiot and doesn't check this. In theory, qmail-smtpd should turn > down the message when it comes in. So I guess the question is where > is it coming from? spammers send my servers spam; folks on my server have email addresses forwarded to other email addresses. spammer -> qmail-smtpd qmail-smtpd -> qmail-queue qmail-queue -> qmail-send qmail-send -> qmail-lspawn qmail-lspawn -> qmail-local qmail-local -> vdelivermail vdelivermail -> qmail-inject vdelivermail needs to respect qmail-inject's exit code, hence the proposed patch. I wouldn't 'fix' this header, as it's malformed to start with. I am also opposed to fixing up the header, as previously stated. Thanks, -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] qmail-inject deferrals
On 3/24/2006 5:06 PM, Jeremy Kitchen wrote: >> vdelivermail needs to respect qmail-inject's exit code, hence the >> proposed patch. > > no, the real question is why is vpopmail even using qmail-inject to re-queue > forwarded messages. Instead, qmail-queue should be used directly. While I'm sure you could argue that point, I'm perfectly willing to accept qmail-inject's tainting. there'd be a lot of code plucked from qmail-inject (or new-inject) to go into vdelivermail, which i'm not sure is quite the right thing to do. In the interim, I'm still looking for opinion on whether or not the proposed patch makes everyone happy. I tested it briefly, and it seems to deal with fatal, deferral, and successful qmail-inject codes correctly. -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] qmail-inject deferrals
On 3/25/2006 12:25 PM, Jeremy Kitchen wrote: In the interim, I'm still looking for opinion on whether or not the proposed patch makes everyone happy. I tested it briefly, and it seems to deal with fatal, deferral, and successful qmail-inject codes correctly. looks good to me, but it's still a bandaid imo. Tom, Can you tell me if you're going to accept the given patch for the next release? -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] qmail-inject deferrals
On 3/27/2006 3:12 PM, Tom Collins wrote: > I haven't had a chance to look closely at it, but I will probably > include it in the next release. > > Regardless of whether using qmail-inject over qmail-queue is a > band-aid, we should be looking at the exit code and behaving properly. Here's [what seems to be] the correct way to fix the problem: --- vdelivermail.c.orig 2006-03-27 21:58:21.810949000 -0500 +++ vdelivermail.c 2006-03-27 21:58:52.741031000 -0500 @@ -672,8 +672,9 @@ close(fdm); waitpid(inject_pid,&child,0); - if (wait_exitcode(child) == 0) return; - vexiterr (EXIT_DEFER, "system error"); + unsigned int xcode = wait_exitcode(child); + if (xcode == 0) return; + vexiterr (xcode, "system error"); } } -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] vpopmail 5.4.16 released (finally)
On 5/7/2006 3:48 PM, Tom Collins wrote: 5.4.16 - released 7-May-06 http://vpopmail.sf.net/ Release Notes: More fixes to 5.4.14/5.4.15, hopefully leading to a useable, stable release incorporating vpopmaild from the 5.5 branch. i just realized there was no bug report for vdelivermail not watching qmail-inject's exit code on SF, so i added one. http://sourceforge.net/tracker/index.php?func=detail&aid=1484105&group_id=85937&atid=577798 in addition, solaris fails to complile 5.4.16 (no err.h): http://sourceforge.net/tracker/index.php?func=detail&aid=1484110&group_id=85937&atid=577798 -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] NFS and vpopmail
On 5/11/2006 5:55 PM, MT wrote: sends hup signal to qmail-send to accept new domain So I have /home/vpopmail/domains, /var/qmail/control/, /var/qmail/ users on my NFS. [...] I have to delete / add the domain on 10.0.0.2 to get it to work - but then 10.0.0.1 will give me the same error. Do you have something on 10.0.0.2 that will hup qmail-send when the /var/qmail/users/assign file changes ? I use this code every hour in cron: #!/bin/sh PATH=/usr/local/bin:/usr/bin:/bin if [ -s "/var/tmp/last.var-qmail-users-assign" ] ; then cmp /var/qmail/users/assign /var/tmp/last.var-qmail-users-assign >/dev/null 2>&1 if [ $? -gt 0 ] ; then svc -h /service/qmail-send cp /var/qmail/users/assign /var/tmp/last.var-qmail-users-assign fi else echo "no valid /var/tmp/last.var-qmail-users-assign" mkdir -p /var/tmp/ cp /var/qmail/users/assign /var/tmp/last.var-qmail-users-assign fi -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] NFS and vpopmail
On 5/11/2006 7:18 PM, MT wrote: I thought that was it too so I did a kill -HUP qmail-send but still nothing. I also stopped/started the entire qmail service (going along with what Rick was saying) and still nothing. by the phrase "entire qmail service", I take it you did not install via LifeWithQmail ? In either case, are you using "vpopmaild"? I know little about it more than how to spell it, but if you're using it I could imagine it's part of your problem. Could it be an invalid/missing option in my NFS exports or the way I'm trying to mount the NFS share? unlikely. -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] NFS and vpopmail
On 5/12/2006 3:01 PM, John Simpson wrote: you don't need to HUP qmail-send when users/assign changes, you need to run "qmail-newu". qmail-lspawn reads users/cdb, users/assign is just a text file which is used to build users/cdb. I simply infer that the control files have changed when the assign file has changed. -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] Unable to authenticate local user via pop3
On 9/7/2006 6:51 AM, Federico wrote: It seems like it was not able to check user against /etc/passwd… But why? vchckpw should do automatically… Did you configure vpopmail with --enable-passwd ? -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] .vpopmail-* instead of .qmail-*
On 12/15/2006 1:05 PM, John Simpson wrote: i think the ones created within a mailbox's directory should be called ".vpopmail-*", while the ones in the domain's directory (which ARE processed by qmail-local) should be left the way they are. I couldn't agree more. in general i think the idea of using .qmail-{user} files at the domain level is better, simply because it makes for one less process involved in getting the message to the maildir. basically, if qmail-local CAN do the delivery properly, we should allow it to do so. i think the "vdelivermail" program should only be used to handle cases where qmail-local can't work (i.e. mailbox or alias information stored in a database.) absolutely. On high volume mail servers, like the set I run, forking vdelivermail for no reason will certainly impact performance. better to simply let qmail-local run with the ball. i think a safer way to do it would be to have a script which finds and renames the files as needed, and tell the users to only run the script while qmail-send is stopped. if they're upgrading the vpopmail binaries anyway, they will probably be in some kind of maintenance window to start with, and stopping qmail-send won't be a major deal. I don't know why my post on wednesday got lost, but I wrote: > On 12/13/2006 12:36 AM, Rick Widmer wrote: >> One of the biggest complaints against vpopmail heard on the qmail >> mailing list is the fact that it uses files kind of like .qmail >> files, that are not interpreted by qmail-local, yet it names them >> .qmail*. Drew-vpopmail has submitted a patch to vdelivermail that >> follows the .qmail-ext file resolution process just like qmail-local >> except that at each level it looks for both a .qmail* and .vpopmail* >> file. [...] >> What do you think? > > Why keep username/.qmail files at all? > > I whipped up code many moons ago (2005.12.16) to convert > username/.qmail files to username/.vpopmail files -- > http://jeremy.kister.net/code/perl/change-vpopmail-files.pl > > Then changing qmailadmin and vpopmail would be trivial. Maybe there needs to be a ./configure option to disable the new file name. something like "--old-dot-qmail-files" maybe? sounds good to me. Great idea! -- Jeremy Kister http://jeremy.kister.net./
[vchkpw] admin forwards via email
In case anyone finds this useful: I advocate giving separate email addresses to everyone possible. Meaning if you're signing up for an account with a new site called BigFancySite.tld, i'd give them the email address [EMAIL PROTECTED] Then I'd create a forward called bigfancysite.tld and send it to my main mailbox. This is useful because it's an instant way to see who's given out your email address as well as being able to turn off the address with ease. Due to slight demand from customers I've told this to, I have created an email way to create and delete vpopmail forwards. wget http://jeremy.kister.net/code/perl/eadmin.pl chmod ugo+x eadmin.pl echo "|/usr/local/script/eadmin.pl" > ~vpopmail/domains/example.com/.qmail-someaddress it requires Mail::vpopmail, so you might have to set that up too: wget http://search.cpan.org/CPAN/authors/id/J/JK/JKISTER/Mail-vpopmail-0.54.tgz tar -zxf Mail-vpopmail-0.54.tgz cd Mail-vpopmail-0.54 perl Makefile.PL ; make ; make install you can then email [EMAIL PROTECTED] with a subject like CREATE VerySeCreT [EMAIL PROTECTED] [EMAIL PROTECTED] which will forward "[EMAIL PROTECTED]" to the "[EMAIL PROTECTED]" mailbox. be sure to put your domain and secret crypt in the %secrets section of eadmin.pl. -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] admin forwards via email
On 4/15/2007 12:33 PM, Tom Collins wrote: > I've just advised users to use extended addresses. I was originally doing that for myself, but found it was more difficult to turn off the compromised address at SMTP time (using the chkusr patch). > Either way, your script looks like a cool way to add a forward. > Should I add it to vpopmai's contrib directory? Do you want to wait > a few weeks for feedback, make updates, and then have it added? Feel free to add it to contrib. Between it being relatively simple and already using it for a couple of weeks myself, I think it's good to go. I've just updated the notes at the top to help folks with installation. -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] chkuser wrongly accept emails for default@
On 4/17/2007 2:43 PM, Stephane Bouvard (ML) wrote: > Here's a little fix to verify if the alias is not bounce-no-mailbox... [...] > +if (fd_file != -1) { > +read_char = read (fd_file, read_buf, > sizeof(read_buf) - 1); > +close (fd_file); > +if (read_char < 0) read_char = 0; > +} > +read_buf[read_char] = 0; > + > +if ( strstr(read_buf, CHKUSER_BOUNCE_STRING) == NULL ) { > +retstat = CHKUSER_OK; > +break; > +} > + Great idea. I'm no C guy, but shouldn't that second conditinal be inside the first? +if (fd_file != -1) { +read_char = read (fd_file, read_buf, sizeof(read_buf) - 1); +close (fd_file); +if (read_char < 0) read_char = 0; +read_buf[read_char] = 0; + +if ( strstr(read_buf, CHKUSER_BOUNCE_STRING) == NULL ) { + retstat = CHKUSER_OK; + break; +} +} Otherwise if the .qmail-user does not exist, retstat = 1 or am I being silly ? -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] Re: chkuser wrongly accept emails for default@
On 4/18/2007 11:34 AM, Tom Collins wrote: Please be aware that vdelivermail should ONLY be in a domain's .qmail-default file. Putting it into a .qmail-alias file or a user's .qmail file can introduce a mail loop (which vdelivermail should detect and stop looping) and probably won't accomplish what you want it to. Good reminder. I've integrated my flavor of Stephane's changes into my code and it's working great. I can now `echo "# bounce-no-mailbox" > .qmail-username` and it will be rejected at smtp time. Thanks Stephane. -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] smtp-auth and rblsmtpd
On 8/17/2007 9:13 PM, Trey Nolen wrote: being affected by the rblmtpd? For instance, is there a way to pass a variable to tcpserver if the connection is authenticated via smtp-auth? Not without patching. the process goes like this: user -> tcpserver -> rblsmtpd -> qmail-smtpd (with smtp-auth) so, rblsmtpd has already intercepted your user before he's had the change to talk to qmail-smtpd and auth. there is at least one patch that puts rblsmtpd functionality inside qmail-smtpd for this purpose, but i'm having a hard time finding it. Based on http://lists.ziobudda.net/pipermail/qmail-it/2007-April/001698.html, I'm making an educated guess that the patch is at: http://lists.ziobudda.net/pipermail/qmail-it/attachments/20070410/7d59066d/qmail-dnsbl.bin -- Jeremy Kister http://jeremy.kister.net./
[vchkpw] [paging Inter7]
Looks like my mail server got a message from 75.8.19.6... but the public SPF RR says only 75.8.19.3 is permitted. # dig txt inter7.com ; <<>> DiG 8.3 <<>> txt inter7.com ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION: ;; inter7.com, type = TXT, class = IN ;; ANSWER SECTION: inter7.com. 1D IN TXT "v=spf1 ip4:75.8.19.3 -all" Original Message Subject: ezmlm warning Date: 28 Aug 2007 12:14:01 - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Hi! This is the ezmlm program. I'm managing the vchkpw@inter7.com mailing list. I'm working for my owner, who can be reached at [EMAIL PROTECTED] Messages to you from the vchkpw mailing list seem to have been bouncing. I've attached a copy of the first bounce message I received. If this message bounces too, I will send you a probe. If the probe bounces, I will remove your address from the vchkpw mailing list, without further notice. I've kept a list of which messages from the vchkpw mailing list have bounced from your address. Here are the message numbers: 31238 --- Enclosed is a copy of the bounce message I received. Return-Path: <> Received: (qmail 32353 invoked for bounce); 16 Aug 2007 18:09:24 - Date: 16 Aug 2007 18:09:24 - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: failure notice Hi. This is the qmail-send program at mail.inter7.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <[EMAIL PROTECTED]>: 204.9.96.41 does not like recipient. Remote host said: 550 See http://spf.pobox.com/why.html?sender=vchkpw-return-31238-vpopmail-01%3djeremykister.com%40inter7.com&ip=75.8.19.6&receiver=qmail-02.nntx.net (#5.7.1) Giving up on 204.9.96.41.
Re: [vchkpw] vpopmail 5.4.22 breaks qmailadmin 1.2.X
On 9/17/2007 5:28 PM, John Simpson wrote: which reminds me... how about a patch to change the maximum password length to a more realistic limit? i've been doing this for several years, after applying patches but before running "./configure"... Also, since only the first eight characters of a password matter on Solaris < 10 (or any DES vs MD5), perhaps there should be a maximum limit of 8 when using --disable-md5-passwords. This way, users who think [EMAIL PROTECTED]:: is a secure password are enlightened. -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] Disable clear password
On 9/20/2007 2:28 AM, Kenny Lee wrote: What i have tried ... i go back to the installation folder, re-run again "./configure --disable-clear-passwd", then "make" and "make install-strip" ... but the result also same, when i used "vuserinfo" to view user's detail, the command still can show up the clear password of the user. You did the right thing recompiling. That should make new passwords not contain the clear text. But you've got to go through all the vpasswd files manually to remove the clear passwords from existing mailboxes. I actually did the same thing years ago and published the code: http://jeremy.kister.net/code/perl/vchkpw.remove_clearpw.pl -- Jeremy Kister http://jeremy.kister.net./
[vchkpw] compiling 5.4.2[56] on solaris fails
when trying to compile either 5.4.25 or 5.4.26 with: ./configure \ --disable-md5-passwords \ --disable-roaming-users \ --enable-logging=v \ --disable-rebuild-tcpserver-file \ --enable-qmail-ext \ --disable-clear-passwd on Solaris 9, i see: gcc -I. -Icdb -I. -I. -I. -g -O2 -Wall -c vdelivermail.c vdelivermail.c: In function `run_command': vdelivermail.c:910: warning: implicit declaration of function `setenv' gcc -I. -Icdb -I. -I. -I. -g -O2 -Wall -c maildirquota.c gcc -g -O2 -Wall -o vdelivermail vdelivermail.o maildirquota.o libvpopmail.a -lcrypt Undefined first referenced symbol in file setenv vdelivermail.o ld: fatal: Symbol referencing errors. No output written to vdelivermail collect2: ld returned 1 exit status make[2]: *** [vdelivermail] Error 1 make[2]: Leaving directory `/usr/local/src/vpopmail-5.4.25' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/local/src/vpopmail-5.4.25' make: *** [all] Error 2 vpopmail 5.4.10 compiles correctly. I didnt try anything in between. besides the obvious, what's setenv? Who has this and where? Is there a clear way around this ? Thanks, -- Jeremy Kister http://jeremy.kister.net./ !DSPAM:4734ccc232002518212355!
Re: [vchkpw] compiling 5.4.2[56] on solaris fails
On 11/9/2007 4:10 PM, Jeremy Kister wrote: on Solaris 9, i see: [...] vdelivermail.c:910: warning: implicit declaration of function `setenv' [...] besides the obvious, what's setenv? Who has this and where? Is there a clear way around this ? apparently, setenv isn't near as portable as it should be. http://gcc.gnu.org/ml/libstdc++/2002-03/msg00379.html looks like we need to test for setenv vs putenv at configure time. reading the code, is either necessary? setenv("SHELL", "/bin/sh", 1); args[0] = "/bin/sh"; args[1] = "-c"; args[2] = prog; args[3] = 0; sig_catch(SIGPIPE,SIG_DFL); execv(*args,args); why does the environment variable "SHELL" have to be set for in this case? -- Jeremy Kister http://jeremy.kister.net./ !DSPAM:4739364d32008721212671!
Re: [vchkpw] Upgrade to Vpopmail 5.4.26 and .qmail-default issues [ATTN maintainers]
On 1/2/2008 11:18 AM, Tom Collins wrote: >On Jan 2, 2008, at 1:29 AM, Matthew Goodman wrote: |/var/vpopmail/bin/vdelivermail /var/vpopmail/domains/%d/%u/Maildir No! You don't want to do this. Reminder to everyone in the world -- vdelivermail should only be in your .qmail-default file. Never anywhere else. When you think you want to use vdelivermail somewhere besides .qmail-default, you actually probably want to use maildirdeliver: http://www.din.or.jp/~ushijima/maildirdeliver.html . I've been using the code for years - it's quite stable. It does not support maildir++. Tom/Rick/Mike/Ken: Since Tetsu asserts copyright, I think we/you should ask him if we can include maildirdeliver in the vpopmail distribution, and install it just as any other program in ~vpopmail/bin/. If he declines, we could always rip out the relevant parts of the qmail code ourselves and include it as our own version of maildirdeliver. -- Jeremy Kister http://jeremy.kister.net./ !DSPAM:477bbe7e310546079645503!