Re: [vchkpw] Re: web based prefs for spamassassin
If you configure SpamAssassin to use a MySQL table, and update users
qmail files to call spamc with the -u [EMAIL PROTECTED], you could
possibly get some tight integration between SA, vpopmail and qmailadmin.
I've done this; it's dead simple.
I'm not sure how you'd set up spamc to store the message in the user's
directory though, if you were to add it to the .qmail file. Perhaps
someone could write a modified spamc, or a wrapper for it, that would
make sure the output of spamc was placed in the Maildir and then return
the proper exit code for qmail-local. I'm currently using qmail-spamc
as a replacement for qmail-queue to scan all incoming messages before
they're delivered, but it can't handle per-user prefs.
Procmail does it easily. Here's the snippet from my global .procmailrc:
:0fw
* 51200
| /usr/bin/spamc -u $EXT
:0e
{
EXITCODE=$?
}
# deliver only spam to the spam hold directory
:0
* ^X-Spam-Flag: YES
{
SPAMFOLDER=`/usr/local/scripts/putspam.sh`
:0
$SPAMFOLDER/
}
The putspan.sh script takes the USER environment variable and returns the
path to that user's 'spam' IMAP folder, creating it if necessary. The
magic is in vuserinfo:
USERMAIL=`$VPOPMAIL_BIN/vuserinfo $USER | awk -F ' +' '/^dir:/ { print $2 }'
| sed -e 's./\+./.g'`
SPAMDIR=${USERMAIL}/Maildir/.spam
(there's more in there than just that, but that's the meaty bits)
I then have another script that runs every day and erases all mail in the
SPAM imap folders that are older than about 2 weeks. Nice and simple and
works _very_ well. People can check what spam they have with any webmail
client.
Regards,
Andrew
Re: [vchkpw] How many inodes is enough?
Reifers is also a filesystem with dynamic Inode allocation, but in my stress tests it fails under heavy SMP-Load and it has problems with NFS. Last it was unusable to be a cluster FS, because the standby host didn't see any file the origin hosts sees. Hmm -- I am running a 15k-user ISP mail system on Reiserfs on SW RAID1, exporting the 'domains' directory via NFS to the actual SMTP/POP3/IMAP4 servers, all over IPSec. The edge servers handle all the virus/spam scanning and deliver directly into the NFS mounted Maildirs, and the users can contact any edge server (usually routed to the closest one via a little DNS magic) to pick up and send their mail. No SMP here, but no problems so far, either, even under heavy NFS load. I'd eventually like to have the mail spool server as a two or three node (geographically distant) cluster, but I may have to move to AFS for that. I was originally looking at various DFSs but CODA and Intermezzo are both way too immature at this point, and AFS had no decent documentation. I was also under the impression that XFS was not a suitable FS, but I have to admit I did not look too hard. Do you have some resources on XFS and what to look out for? Regards, Andrew
Re: [vchkpw] Toasters with POP-Before-SMTP
POP-Before-IMAP is possible, but for some reason Courier has disabled the feature for unexplained security reasons. I don't have the information handy, but I'm sure someone else on the list can provide the file and line you have to edit to get it to work. Yes, and it works just fine if you uncomment it. I am not sure what the security reason is either, perhaps with an older version of vpopmail or something the possibility of a buffer overflow? Regards, Andrew
Re: [vchkpw] Working towards vpopmail 5.4 stable
Does anyone have any code changes they would like to get into the next release? I want to put together a new stable version 5.4. Hopefully release it in the next few weeks. Yes... is it possible to give valias some better help? Existing: valias: usage: [options] email_address options: -v ( display the vpopmail version number ) -s ( show aliases, can use just domain ) -d ( delete alias ) -i alias_line (insert alias line) I would suggest: valias: usage: [options] alias_address [user_address] options: -v ( display the vpopmail version number ) -s [EMAIL PROTECTED] ( show aliases, can list entire domain ) -d alias_address ( delete alias ) -i new_alias_address existing_user_address (insert a new alias) I would also like to recommend that valias and vaddaliasdomain use the same type of syntax as ln -- as in valias existing_user new_alias... confusing as all get-out, especially without a better 'quick help' as indicated above. Regards, Andrew
Re: [vchkpw] feature request
It should be possible, with a change to vset_default_domain in vpopmail.c (and maybe some other locations). Either that, or make sure that other references to DEFAULT_DOMAIN are removed and vset_default_domain is used instead. Ok I will look into that, thank you. Note that vpopmail will use the environment variable VPOPMAIL_DOMAIN as the default domain, even if IP aliasing or a default domain are set up. Perhaps you could modify the scripts that call vchkpw to set VPOPMAIL_DOMAIN, which would allow you to release a vpopmail package without a domain name compiled in. That works quite well and is suitable for my purposes at the moment, but I will verify the above as well... Thank you! Regards, Andrew
Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
You'll be losing a lot more legit mail than just this list if you do that. Agreed. There is no rule that demands reverse DNS. It's a nicety and that's it. Regards, Andrew
Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
diversion. in short: the original claim was baseless. No mailserver is broken for refusing messages from sites that have no in-addr.arpa in place. Please. No mailserver is broken for refusing messages from sites run by [ethnic group]. No mailserver is broken for refusing messages from sites with an even IP address. No mailserver is broken for refusing messages delievered by air-mail. There is no guideline saying that servers MUST refuse mail from sites with no in-addr.arpa. Therefore your stance is on shaky ground -- you are going above and beyond the relevant RFCs that the protocol relies on to achieve a goal. Embrace and extend, anyone? You don't mind rejecting mail based on lack of in-addr.arpa. I do. Who cares? When your customers come to you and say that they aren't getting mail and you ask the other ISP to fix their problem and they won't, who's at fault? You are in this case, because you are going above and beyond what the RFC dictates as minimum requirements. There is nothing stating you can't have a nameserver without a valid reverse lookup, and if you are expecting the world to follow you, you have delusions of grandeur. Whether that is acceptable to you or not is your (and your customer's) worry, not mine. I am under no obligation to correct my mistake simply because you don't like it and have configured your servers not to like it. Regards, Andrew
Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
Would 208.32.76.233 pass the test? It has a revers ptr, but some mail servers block it claiming it does not have one. I dunno, I don't block mail from servers with no reverse DNS, or whose reverse DNS does not map to the same name as its forward DNS. :-) Regards, Andrew
Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
those are all true. the term in contention is broken. obviously, if a mailserver is refusing messages from sites with even IP addresses (whatever those are, how is an IP address even or odd?) *and the reason for that refusal is not known*, then it's broken. If it's been purposely configured that way, it's not broken, regardless of how bizarre it may seem. Agreed. Totally agreed. don't confuse me with the person who configured his mailserver that way. None of my mailservers - across three ISP currently - block mail based on lack of in-addr.arpa. I'm merely defending the choice of someone to do so, and pointing out that making that choice does not inherently make the mailserver broken. Noted, and I apologize. I think that we're actually arguing the same point. actually, the fault becomes excruciatingly fuzzy at that point. does an administrator have a right to run his mailserver in a way that protects it from large amounts of spam? for that matter, what about spam filtering not I have not seen any proof that spammers tend to spam from addresses which don't resolve. I mean the ISP I run has a reverse address for every IP in our IP ranges -- in theory anyone spamming from us would get through the filter, at least until we ToS'd them. For me, rejecting email before the data is accepted by my mail server is a holy grail. However I content-filter so I can't reject the mail based on content until I actually see the content. And with my servers, I deliver mail deemed spam into a 'spam' IMAP folder and the user is free to view it or ignore it at their discretion. All that the OP is doing is moving that up a level and actually telling the other server that a) it's not accepted and b) saving himself the bandwidth. Both, in my opinion, are noble causes. However, I also believe that if you are not adhereing to RFCs for inter-server communication that you are not being a good 'net citizen. My users don't get their spam, but I'm also following the RFC (much closer) to the letter than the OP, who rejects email if the server does not have a reverse IP mapping. Where is the line? That is a very good question. I agree that it's your server and you really can run it any way you please, but if you're going above and beyond the requirements of an RFC, you're no longer following that RFC and is (in my mind) the internet equivalent to driving in a residential area with a failed muffer or a stereo cranked to the max. You can _do_ it, but it's not _nice_. As the OP stated, it's for his personal mail server. He has no customers. I would not be able to get away with it with my ISP. If I _could_ get away with it, would I? I don't think so, as per the previous paragraph. based upon in-addr.arpa lookup that blocks messages inadvertently? no spam filter is 100% perfect, though some bayesian filters appear to be approaching that. what do you do when a customer runs a mailing list where they share with friends particularly funny examples of spam? the messages contain spam, but aren't spam themselves - yet virtually every spam filter out there would block them. Agreed, although that is what whitelists and learning filters are all about. Offhand, I woudl love to see a learning filter which filtered funny spam from not funny spam. :-) Whether that is acceptable to you or not is your (and your customer's) worry, not mine. I am under no obligation to correct my mistake simply because you don't like it and have configured your servers not to like it. and likewise, i hope you realize. Agreed. As I said earlier, it's your (as in the owner's) box, they can do with it as they please. But if he were to come to me and say YOUR DNS is broken, fix it! I would not be so kind, as he's brought it upon himself to extend the SMTP RFCs and for (in my experience) limited utility. Regards, Andrew ... trying to get back on topic... So... how's them vpopmails coming along? :-)
Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
others think about blocking based on DNS. I haven't done it in quite a few years. Haven't done what, started a flamewar? :-) (honestly, that is meant to be funny, not an attack) Regards, Andrew
Re: [vchkpw] Postgres support?
Yup, since I wrote that email (Jan 14th) Andrew Kohlsmith made some changes that made it into 5.3.17. He mentioned that there was some work that still needed to be done on it. Yup. I have backed down on that because we were running into some strange little probelms I didn't have time to get working so we're using vpasswd again but I hope to get these problems cleared up quickly. Obviously it won't make it into the 5.4.0 or whatever is ocming up but perhaps the one after. Regards, Andrew
Re: [vchkpw] delete old mails
i have the same idea with this kind problem where user can get email his latest email only all email that not filter nor move is automaticaly delete i think this need some changing on vpopmail code Can you elaborate? I'm not sure I understand what you are trying to say. I use a cron script with the 'find' command to find spam email older than 21 days and remove it automatically. It erases about 500 emails a day now. Regards, Andrew
Re: [vchkpw] vpopmail 5.3.19
I still think user expiry is one of the 'must-have' features. Personally I don't think it belongs in vpopmail. A shell script that runs once a week/month that queries the database for users older than x and runs vdeluser $user would be stupid-simple to implement. Unless you are asking for something else, I don't see how this belongs in vpopmail at all... Regards, Andrew
Re: [vchkpw] vpopmail 5.3.19
Complaining? Just asking a question. Not an unreasonable wish, either! You come across as if you're entitled to the feature in this release. Why not ask nicely instead of a half-sarcastic quip? I think that's what everyone's picking up on. Regards, Andrew
Re: [vchkpw] Qmail+vpopmail+PostgreSQL
I've read some previous messages in the archive, regarding the possibility of using PostgreSQL as a vpopmail backend. I hate to admit it, I haven't understood a thing. Is the vpgsql module active by default ? There's no ./configure argument for that, as in MySQL's case. I really can't find my way through this. Would anyone be so kind to provide me with a little howto on this matter ? Thanks in advance. You may want to check your computer's date, it's not 1969. Postgres support is still experimental. I have been contributing a few patches in the last week or so on the latest development builds in order to enable it. Postgres support's been in there for a long long time, but it was never finished nor was it fully functional. I _think_ I have everything but logging done now. 5.3.18 has my code, but you need to hack the makefile to get it to work. 5.3.19 should have it enable-able from ./configure. Regards, Andrew
Re: [vchkpw] Re: How to take back up
I know how take file system backup by useing dump , tar etc., but i want to know that there is a possiblity to excat data backup for all domain . pleae How is dump/afio/tar/etc not an exact backup? I suppose if you wanted to have the state such that it never changed (not really useful for Maildirs, but I digress) you could use LVM and take an LVM snapshot. Regards, Andrew
Re: [vchkpw] Postgres in 5.3.16 - I see it, how do I enable it?
1.) CVS I strongly agree. The development snapshots are nice and all but for those of us who are trying to hack on it CVS would be a real boon. Especially with the new website design that thends to hide what I'd call the CVS snapshot versions. 2.) Actually reading their own mailing lists. I do believe they do this currently, although I imagine that it is not a top priority for them as they, as pretty much all of us, are out to make money. If it is becoming inter7's policy to give these lists a (much?) lower priority, then it should be labelled as such -- a user-supported mailing list hosted by inter7, rather than what it comes across as now -- a user/devel mailing list in which the developers and mainters are active participants. I don't like to make a nuisance of myself by CC:ing people directly when I know that they're subscribed to the list -- if they're not responding, it's because they're either too busy or disinterested at the time. Either way though, it'd be nice to have some kind of indication of the level of maintainer interest/activity in the lists. Regards, Andrew
Re: [vchkpw] Postgres in 5.3.16 - I see it, how do I enable it?
Are you sure this diff is against 5.3.16? It does not apply to my copy, or the one on Inter7's devel page (which should be the same). bah... I looked at the diff and saw ^Ms at the end of all the lines so I stripped them out. Attached is a fixed version that *does* apply. Regards, Andrew vpopmail-5.3.16-postgreschanges.diff.gz Description: GNU Zip compressed data
Re: [vchkpw] 5.3.17
Thanks for the update! I'm running running vpopmail 5.2.1 and it's been running great for me! I know I need to upgrade to 5.3.x to be able to use SpamAssassin but outside of that is it safe or ok for me to stick with 5.2.1 for the time being? I'm running it with qmail 1.03. You don't need 5.3.x to run SpamAssassin -- I've been running 5.2.x with SA for quite some time now (a year?) by using Procmail -- actually the procmail option is better IMO since I can stuff the spam into a separate mailbox for the users, and use SquirrelMail to view the spam folder. Good for integration though, I will admit. Are there any compelling reasons for me to upgrade to the 5.3.x level from 5.2.1? I guess I'm scared of breaking something :) 5.3.x are developmental releases... they shouldn't be used on production servers without fair warning. :-) Regards, Andrew
Re: [vchkpw] Postgres in 5.3.16 - I see it, how do I enable it?
Anyone? There must be some developmental work going on with it or it wouldn't have been in the tarball. I am willing to help work on it but I need some help getting over this initial hurdle (cleanly). Nice, responsive list. :-/ Attached is a patch to 5.3.16 which will get vpgsql to actually work (seems to work right for auth and relay, have NOT extensively tested it yet) -- I have not included the configure script changes since they were really nasty and I'm sure there is a better way. ATM the database, user and password are all hardcoded, and I did not change the existing ability to create the database if it doesn't already exist. That seems like a really nasty thing to allow -- basically you are granting the vpopmail database user full access to the vpopmail table where it would seem more prudent to only allow inserts, updates and deletes. (not create/drop). Anyway. Another nasty is that the database notification daemon will spit its info out to the network (i.e. anyone accessing vchkpw) -- I will include a fix for that soon as well as some general cleanups and any other bus I find. I hope to do some more extensive testing, including clear passwords and open relay in the next few days. Adding domains/users and authenticating definately is working though, and the tables seem to be updating correctly for relay and lastauth. Regards, Andrew vpopmail-5.3.16-postgreschanges.diff.gz Description: GNU Zip compressed data
Re: [vchkpw] Moving qmail queue
I have a problem with qmail. Qmail qeue files are in /var/qmail but I need to move this files due to low space in my disk There are a couple ways to do this: set up a second instance of qmail in the new location and just let the old instance finish delivering its queue (i.e. not take any more emails in), then remove it. The second way would just be to move your queue over and then run queue-fix or queue-repair.py (I prefer the latter) -- the files in the queue are named according to their inode number, so if you just move it without correcting the filenames you will not get far. The files mentioned are available on any qmail.org mirror. Regards, Andrew
[vchkpw] List ettiquite (was Re: [vchkpw] Moving qmail queue)
This is strictly a qmail problem. it has zippo to do with vpopmail. Answering this question only encourages further abuse of the list. Agreed, but disagreed at the same time. :-) sorry, i'm not directly flaming Andrew, i'm flaming the concept of indiscriminate 'help', which is not help, it's a crutch. are there really that many people online who don't know how to spell g-o-o-g-l-e? I do agree on this point. Google is always my first line of defense and, interestingly enough, the first hit off of qmail move queue is relavent, although not detailled. At least to me, qmail and vpopmail are inseparable. I don't remember the last time I've run qmail without vpopmail running right on beside it, even in single-domain systems where mail user also has a unix account. As far as list abuse goes -- lists are here to facilitate people helping people. Period. qmail is directly related to vpopmail (or vice-versa) so throwing out a quick help for something not directly vpopmail but very likely been solved by someone using vpopmail is not list abuse, IMO. Why should I be subscribed to the (higher traffic) qmail list when everyone on vpopmail is also running qmail and it a quick answer does not significantely lower the signal-to-noise ratio? When the thread carries on (how can I hide my IP, anyone?) and it's clearly nowhere related to the official list subject or even to qmail now, _then_ it should be gently moved offlist. Hell I'm not getting any feedback on my vpopmail-postgres in 5.3.16 questions so why not help someone else out while waiting? :-) Indiscriminately telling people go there and try is a little cold in my opinion, especially since it's so closely related to the list subject and you already know the answer. My father used to do something similar to me -- What's [insert word here] mean? Go look it up. -- He knew the answer, and it would have taken less energy and effort to just tell me in a single sentence or two, but instead he made me go look it up -- what did it teach me? Virtually nothing. His theory was that by looking it up I'd remember it but that's got no basis in reality. I already knew how to do research (and was quite good at it) and how to operate a dictionary, but if I was in the middle of a good book or something it was more of a waste of time and laziness on both our parts to have to go look it up. I have three children of my own now and that's one thing I am certainly not going to do to them. Now if you replied with the answer and said the resources are over here and there, and this really isn't on-topic -- that's different. You've given the answer, provided links and it's now in the archives so that anyone else who comes and searches (which the OP apparently didn't do, and I didn't realize) will find the answer. The end result: The list helps not only the OP but anyone coming afterward who practices a it of ettiquite before indiscriminately asking questions. Yeah it's more work on the answerer's part but really the point is moot -- if you're going to spend a minute to reply, why not spend two and reply with an answer that will help more than just the one person? So no flame from this side -- just another side to what we both see as a (potential) problem. :-) Regards, Andrew
Re: [vchkpw] SpamAssassin + vpopmail
I use SpamAssassin for whole domains as the following: | preline /usr/bin/spamc -f -u $EXT@$HOST | /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox Whenever a user changes his settings for bounce/whatever, the qmail-default is changed into normal settings, missing the spamc-tag. What can I do to always let qmailadmin add | preline /usr/bin/spamc -f -u $EXT@$HOST when it changes .qmail-default? Any suggestions? Yeah -- use procmail. :-) Seriously that is what we are doing. A couple things I did learn in the process: - you cannot make .qmail-default immutable (chattr +i) -- vpopmail/qmailadmin goes ballistic (can't remember which, probably the latter) - you *can* set up a 5 minute cron job that cp -f .qmail-default.WHAT_I_WANT .qmail-default - use procmail. I was doing #2 for a while but settled on #3 since it lets me do some further magic like tossing the spam mail into the user's .spam IMAP folder. Regards, Andrew
Re: [vchkpw] Postgres in 5.3.16 - I see it, how do I enable it?
Ok I see that vpgsql is there... how the hell do I turn it on? The configure script has no clue about it, and I don't see a reference in Makefile.in at all Anyone? There must be some developmental work going on with it or it wouldn't have been in the tarball. I am willing to help work on it but I need some help getting over this initial hurdle (cleanly). Regards, Andrew
Re: [vchkpw] switching database servers
5 min * 60 sec/min = 300 sec 300 sec / .02 sec/delivery = 15000 deliveries Why on earth would you shut down delivery for the compile? time to make install: 30 seconds 30 sec / .02 sec/delivery = 1500 deliveries that's one order of magnitude, assuming that you need the full 30 seconds to do a shutdown/make install/startup. I would believe you could get this down by another order of magnitude with a simple script -- making your total deliveries on the order of 150-250. Speaking from experience on a mid-volume mail server (about a thousand deliveries per hour) -- qmail compensates perfectly. In my case I'm also running every message though spamc and procmail *and* an antivirus scan (Rav antivirus) -- You get a 1min load spike of about 22-30 which goes away within a minute and you're back down to normal levels. What about all POP/IMAP connections ? Many users gets maybe less than 10 emails a day but they do POP their mailbox every 5 (or less) minutes !!! You schedule it during a normal maintenance window. Not many people are up and about at 4am. And also speaking from experience, people will get an error, go hmm and try again. By that time you're back up and nothing happens. And if you really needed to look like you were always up, you'd have already written a very quick and dirty pop/imap server which just replied yup, password good, no messages to any query. Regards, Andrew
[vchkpw] Postgres in 5.3.16
Ok I see that vpgsql is there... how the hell do I turn it on? The configure script has no clue about it, and I don't see a reference in Makefile.in at all Regards, Andrew
Re: [vchkpw] Re: Qmailadmin feature request
Hey, one of my clients bought a domain which was previously held by someone else. This of course meant that lots and lots of spammers were sending mails to a couple addresses on that domain, and he'd like to be able to mark certain explicit addresses for bouncing, while retaining the functionality of having all other misdirected mails sent to the postmaster. In short, while he'd like to be receiving the folks who misspell his name, he'd very much like not to be getting the spam sent consistently to a certain pair of addresses which no longer exist at his domain. What I would like to see is a update made to the qmail smtp daemon so it will look up the email account and return a failure 500 message. Then by default, the email addresses that don't match would be failed and hopefully cleaned from the bulk mail lists. There already is a badrcptto patch for qmail. I have it in my mail server, along with TLS, some mime bounce fixes and so on. I believe it is located at http://patch.be/qmail/badrcptto.html. Regards, Andrew
Re: [vchkpw] Re: Qmailadmin feature request
And secondly, I don't like patches. I believe you're using the wrong MTA if you don't like patches. :-) Qmail is the a patchy mail server of mail servers. Regards, Andrew
Re: [vchkpw] Re: Qmailadmin feature request
yes, patch upon patches... the same thing that other's qmail administrator has done. For this reaseon i've proposed the project described in my previous mail about this thread. Exactly. I'm saying I've _got_ a master patch that does this, and none of the patches in the master list are esoteric or goofy (IMO) -- it might be a good starting point. Regards, Andrew
Re: [vchkpw] Re: Qmailadmin feature request
Just out of genuine curiosity, were you actually seeing problems that required each of those patches? I've been running a qmail/vpopmail/sqwebmail/qmailadmin setup for the past year now and have yet to actually find need for a patch. Not problems per se, but rather features I would like to have in the MTA. Things like badrcptto and properly bouncing MIME messages are important, and TLS is always good to have. The patches like ext-todo and qmtpc help with scalability, while badrcptto, tarpit, nullenvsender, qmail-queue and so on help with antispam/antivirus. qmail is a damned fine MTA, as I am sure everyone on this list already knows. As most on this list also know, it does have several shortcomings with its operation in the real world. DJB isn't interested in further maintaining a perfect MTA, hence the need for the patches. Regards, Andrew
Re: [vchkpw] Re: Qmailadmin feature request
- smtp-auth-relaying: useful for big lan with some external users - smtp-after-pop: vpopmail feature that do this is good for small traffic network, but when you have 100 or more concurrent connection to the pop3 you cannot use binary file but you must use a database. I just use vpopmail and tcpserver here. Was that insufficient for your needs or does the method you describe offer something more/different? I have quite a few concurrent pop3 users (maybe 50-70, not 100 [yet]) and maybe half of that in IMAP sessions but haven't run into any problems with tcprules. Mind you I'm using courier-pop3d and courier-imapd instead of qmail-pop3d. Regards, Andrew
Re: [vchkpw] 5.3.15
the proper values if the table was updated. I've updated oracle and pgsql to return 1 if the table was updated, 0 on error. So There's pgsql auth code available? Whereat? I thought pgsql on vpopmail was tried once and abandoned. At the beginning of the year I revisited it and Bill asked for Charles to send it to him... has it been integrated with 5.3.15? Regards, Andrew
Re: [vchkpw] ldap support
On 20 January 2003 10:38 pm, Remo Mattei wrote: I would to know if there is anyone that has successfully configure vpopmail with ldap for a global address book. If yes please contact me. No, don't take it offlist, please! Regards, Andrew
Re: [vchkpw] Integration of SpamAssassin
Have you looked at maildrop? It's a configurable/scriptable mail delivery agent you can use to call vdelivermail or spamassassin. I'm using procmailrc and a bash script to deliver spam to imap .spam mailboxes, and then we've written a squirrelmail plugin to allow users to adjust their threshhold and add to white/blacklists on their own. A cron script erases any spam older than 14 days to keep our server from exploding. :-) Regards, Andrew
[vchkpw] get a can't read controls only when denying relaying??
I have an interesting problem. My qmail installation seems to work great. Local deliveries are fine, remote deliveries are fine, receiving email for local deliveries is fine. I am using vpopmail (latest stable) with roaming users and I'm using courier's IMAP4 and POP3 daemons (NOT qmail-pop3d). When I log in successfully via pop3 or imap4, tcp.smtp.cdb is updated correctly. If I try to send email before checking my pop3 or imap4 account and I'm outside my normally-allowed-to-relay IP ranges, I get an SMTP error from qmail-smtpd saying it can't read its control files. Googleing I can see that that means that qmail cannot read one or more of its control files. That does not appear to be the case here, because if I am accepted for relaying the send works perfectly fine. I looked at my /var/qmail/control and /var/qmail/users and /var/qmail/assign directories and both the directories and the files within seem to have proper ownership and permissions. I've included the list at the end of this email in case I'm missing something, but has anyone else run across this before? Regards, Andrew # ls -la control total 108 drwxr-xr-x4 root qmail4096 Jan 11 22:47 ./ drwxr-xr-x9 root qmail4096 Jan 11 15:08 ../ -rw-r--r--1 root qmail1346 Mar 12 2002 badmailfrom-unknown -rw-r--r--1 root qmail 0 Jan 4 14:48 badrcptto -rw-r--r--1 root qmail 18 Jan 4 15:20 bouncehost -rw-r--r--1 root qmail 242 Jan 4 15:07 bouncemessage -rw-r--r--1 root qmail 25 Jan 4 15:07 bouncesubject lrwxrwxrwx1 root qmail 41 Jan 11 22:47 clientcert.pem - /etc/ssl/certs/gate-way.net-emailcert.pem -rw-r--r--1 root qmail 13 Jan 4 15:20 defaultdomain -rw-r--r--1 root qmail 18 Jan 4 15:20 doublebouncehost -rw-r--r--1 root qmail 351 Jan 4 15:08 doublebouncemessage -rw-r--r--1 root qmail 32 Jan 4 15:07 doublebouncesubject -rw-r--r--1 root qmail 13 Jan 4 15:20 doublebounceto -rw-r--r--1 root qmail 18 Jan 4 15:20 envnoathost -rw-r--r--1 root qmail 18 Jan 4 15:20 helohost -rw-r--r--1 root qmail 18 Jan 4 15:20 idhost -rw-r--r--1 root qmail 21 Jan 11 16:26 locals -rw---1 root qmail 0 Jan 11 16:26 locals.lock -rw-r--r--1 root qmail 21 Jan 4 15:20 me -rw-r--r--1 root qmail 1 Jan 4 14:59 mfcheck -rw-r--r--1 root qmail 13 Jan 4 15:20 plusdomain -rw-r--r--1 root qmail 52 Jan 11 16:26 rcpthosts -rw---1 root qmail 0 Jan 11 16:26 rcpthosts.lock lrwxrwxrwx1 root qmail 41 Jan 11 22:47 servercert.pem - /etc/ssl/certs/gate-way.net-emailcert.pem -rw-r--r--1 root qmail 73 Jan 4 18:54 smtproutes -rw-r--r--1 root qmail 2 Jan 4 14:59 tarpitcount -rw-r--r--1 root qmail 2 Jan 4 14:59 tarpitdelay -rw-r--r--1 root qmail 7 Jan 4 15:15 tlsclientciphers drwxr-xr-x2 root qmail4096 Jan 4 15:13 tlsclients/ drwxr-xr-x2 root qmail4096 Jan 4 15:13 tlshosts/ -rw-r--r--1 root qmail 7 Jan 4 15:15 tlsserverciphers -rw-r--r--1 root qmail 27 Jan 11 16:26 virtualdomains -rw---1 root qmail 0 Jan 11 16:26 virtualdomains.lock # ls -la users total 16 drwxr-xr-x2 root qmail4096 Jan 11 16:26 ./ drwxr-xr-x9 root qmail4096 Jan 11 15:08 ../ -rw-r--r--1 root root 75 Jan 11 16:26 assign -rw---1 root root0 Jan 11 16:26 assign.lock -rw-r--r--1 root root 2167 Jan 11 16:26 cdb # ls -la alias total 24 drwxr-sr-x2 aliasqmail4096 Jan 4 19:09 ./ drwxr-xr-x9 root qmail4096 Jan 11 15:08 ../ -rw-r--r--1 aliasqmail 19 Jan 4 19:09 .qmail-admin -rw-r--r--1 aliasqmail 27 Jan 4 19:08 .qmail-mailer-daemon -rw-r--r--1 aliasqmail 24 Jan 4 19:07 .qmail-postmaster -rw-r--r--1 aliasqmail 18 Jan 4 19:09 .qmail-root
Re: [vchkpw] Vpopmail installation
My question is how do I start up Qmail to just run the queue and not have it try and bind to port 25. I want Postfix to remain bound to port 25 and act as my SMTP server. I just need Qmail to deliver mail to the vpopmail/domains/whatever Maildir's so people can get their mail. Just don't run qmail-smtpd. I get around this just by not running tcpserver, which listens on port 25 and passes requests off to qmail-smtpd. Regards, Andrew
Re: [vchkpw] roaming user for imap
I think the problem has most likely to do with IMAP clients using persistent connections. When they first login successfully vpopmail updates tcp.smtp.cdb file and the user has open relay for one hour or whatever it is for timeout. But since the IMAP client uses persistant connection a new login procedure never takes place and the old RELAYCLIENT flag times out. That's a good point -- In my particular case authdaemon is not updating the tcp.smtp.cdb file at all though. Maybe this is not the case in Davids problem but I want to give a hint anyway... I know there is solution for this problem but I do not remember the webaddress. A solution could be to revalidate the IP on any IMAP access, instead of just the initial login. Regards, Andrew
[vchkpw] Postgres support?
Back in April of last year I'd asked about Postgres support in vpopmail and Bill had mentioned that it was in the development version. Has that been abandoned altogether? I didn't see it in the current stable release, and there's been a few releases between 04/02 and now. :-) Regards, Andrew
[vchkpw] not updating tcp.smtp.cdb??
I'm running 5.2.1 with roaming users enabled, but upon successful POP3 or IMAP4 logins the tcp.smtp.cdb file is not being updated. I've checked file permissions (going as far as to set mode 666 on both tcp.smtp and tcp.smtp.cdb) and verified that the ones I'm looking at are the ones that vpopmail is supposed to know about. My configure line looks like this: ./configure --enable-roaming-users=y --enable-learn-passwords=y --enable-clea r-passwd=y --enable-logging=p --enable-default-domain=gate-way.net --enable-qmail-ext=y --enable-defaultquota=500 --enable-valias=y I have vpopmail's home directory to be /usr/local, which puts tcp.smtp[.cdb] in /usr/local/etc, and all of the utilities in /usr/local/bin. $ ls -l /usr/local/etc/tcp.smtp* -rw-r--r--1 vpopmail vchkpw315 Jan 11 22:53 /usr/local/etc/tcp.smtp -rw-r--r--1 vpopmail vchkpw 2523 Jan 11 22:53 /usr/local/etc/tcp.smtp.cdb I am using courier-imap's POP3 and IMAP4 servers, and authdaemon is set to use vchkpw, as shown here: authmodulelist=authvchkpw Any ideas? tcpserver is using the file just fine, but I just can't get roaming users to work. :-( Regards, Andrew
Re: [vchkpw] not updating tcp.smtp.cdb??
Not sure if this is related, but I had a problem with courier and vipmap domains. It appears that courier was passing an IPv6 IP address and not an IPv4 ip address. That would seem to indicate that it was still trying to update the tcp.smtp[.cdb] files, but that is not the case here -- the timestamps on these files never change from when I manually run tcprules. I will check the changelogs and see if I can't find a courier option to disable ipv6, just in case. Regards, Andrew
