Re: [vchkpw] When I updated user's quota, maildirsize file is not with correct quota
> Hi baby_moon, > > > A user's quota is 1M, and some mails are in its Inbox, and I was checked > > its directory, the maildirsize file is there. > > When I changed this user's quota to 3M, after a mail come in, the > > quota's total number is same as before. Who knows how to solve this > > problem? > > It's not a problem; you're simply mixing things up. The maildirsize file > doesn't show the quota setting of a user, but the _actual size_ of the > Maildir, so changing the quota doesn't affect the maildirsize file in > any way. > > The quota setting of each user is saved in the vpasswd file. > > Jonas > > One more note on this. vpopmail uses user quotas as specified in the vpopmail password entry, not the maildirsize file. courier and other maildir++ quota compliant code uses the quota as specified in the maildirsize file. So if you change the quota via qmailadmin or vpopmail utilities, it will update the quota in the password entry. This is what vpopmail uses to enforce the quota, not the one in maildirsize. If you just "remove" the maildirsize file, it will automatically be recreated (with the proper quota in it). So it may be worth a patch to update the utility that updates the quota to also remove the maildirsize file for that user. Brian
Re: [vchkpw] Domain quotas
> > Even the courier readme recommends using system quotas. > > But since all email files are "owned" by the vpopmail user that doesn't > give you much flexibility if you want to implement quotas on a > per-domain or per-user basis. When you create the account, use vadddomain -u username to specify the system username that you want the domain to be owned by. It will create a "domains" directory in the home directory of that user. You set the system quota for the username supplied. This would require one system account per domain. You could then impose domain quotas with system accounts and use the regular user quota for per user constraints. Brian
Re: [vchkpw] Domain quotas
> >I don't believe the "Sent" folder keeps track of any size. > >I looked and don't see any "maildirsize" files in "Sent" folders. > >So it doesn't look like it counts against either user or domain > >quotas. You'll have to take a look at the spec to be sure. > >I don't believe the Trash folder keeps track of size either. > > It does, I'm sure. You may disable it (for example in sqwebmail and likely > courier), but if you're a provider you're going to control all the space > customers are wasting (specially if they are webmail users), including > "Sent", "Trash" and additional folders. Take a look. I have IMAP customers and the "Sent" folders are full. No maildirsize files in there. > >In any case, you can use system quotas if you want to bypass > >any/all of this to make sure everything is accounted for. > > These problems must be highlighted much more, because people may think this > "vpopmail domain quota" feature could solve all problems transparently, and > this is not true. > > I think this feature may be a first step, but must be followed by coherent > changes in other packages, before it may be used in an integrated environment. > > Ciao, > > Tonino > I agree. For one, it doesn't take into account the overhead with directories, control files, and lots more. None of the "overhead" space is accounted for. As stated in the courier distribution, only "soft" quotas are implemented, meaning that the overhead space is ignored. Read the README.maildirquotas in the courier distribution. Anything in the Trash folder, as well as any messages "Marked" for deletion but not yet deleted do not count in the quota. Things in a "shared" folder also don't count (but if courier had a concept of "domain" quotas, that could come into play). The readme file doesn't mention the "Sent" folder, however from examining the contents, it doesn't appear to keep track of the size of that folder, nor impose quota constraints on that. I only did the domain quotas due to popular demand. I did the best I could with the available documentation and coding conventions out there implementing the maildir++ quotas. I personally recommend using system quotas, but that appears to be very difficult for some users. I tested the user/domain quotas using maildir++ quotas and it works fine, however if you have system quotas as well, they will kick in before the domain maildir++ quotas since system quotas take into account the "overhead", Trash'd, and deleted but not expunged space. Even the courier readme recommends using system quotas. Brian
Re: [vchkpw] Domain quotas
> >When a message arrives and is delivered by vdelivermail, > >the quotas are enforced. It also updates the maildirsize > >file (and uses the maildir++ naming conventions) thereby > >updating the maildir++ quota usage that is shared amongst > >all maildir++ compatible software. > > > > From what I understand of maildir++, all the programs like > >the POP, IMAP, and any maildir++ compatable software should > >maintain the maildirsize file(s) for each folder, including > >INBOX, so the usage should remain the same when moving messages > >between folders. The usage should be restored when deleting > >a message. > > It's all right when you receive messages because all the check is done in > the receiving phase (vedelivermail). All right the same if you move > messages between folders (sizes don't change). > > But what happens when you create messages with sqwebmail or squirrelmail & > courier, or copy them to a remote IMAP server from your local folder? > > When you create a message or upload an attach, and keep them inside your > "Sent" folder, vdelivermail is not used, so single users may create and > store messages until their personal ".maildirsize" let them do it. So they > may overflow domain quota. > > Tonino > I don't believe the "Sent" folder keeps track of any size. I looked and don't see any "maildirsize" files in "Sent" folders. So it doesn't look like it counts against either user or domain quotas. You'll have to take a look at the spec to be sure. I don't believe the Trash folder keeps track of size either. In any case, you can use system quotas if you want to bypass any/all of this to make sure everything is accounted for. Thanks, Brian
Re: [vchkpw] Domain quotas
When a message arrives and is delivered by vdelivermail, the quotas are enforced. It also updates the maildirsize file (and uses the maildir++ naming conventions) thereby updating the maildir++ quota usage that is shared amongst all maildir++ compatible software. >From what I understand of maildir++, all the programs like the POP, IMAP, and any maildir++ compatable software should maintain the maildirsize file(s) for each folder, including INBOX, so the usage should remain the same when moving messages between folders. The usage should be restored when deleting a message. So note that vpopmail uses maildir++ quota code (ported by Bill from courier's implementation). I just extended Bill's port to include domain support in addition to user support and made the code available in the libvpopmail.a library so it can be shared. The name clashes with courier were taken care of so you can still link with the courier code. So there shouldn't be any issues and should work well with other software. Thanks, Brian > Brian, > > when you store a message inside an imap server (like when using > squirrelmail & courier, and keeping your outgoing message in the "Sent" > folder), or when using sqwebmail just keep it in the "Sent" or upload an > attach, which quota computing is done: courier, sqwebmail or vpopmail? > > I think in such cases courier or sqwebmail quota code is used, not > vpopmail's quota code, so there could be strong computing differences. > > In such cases, users may overfill domain quota. > > Tonino > > At 26/03/03 26/03/03 -0500, Brian Kolaci wrote: > > >The domain quota code (as well as the user quota code) > >is enforced in the vdelivermail program. It should be > >compatible with courier-imap, but not maildrop. It also > >works within qmailadmin. I'm not familiar with sqwebmail > >internals. > > > >Brian > > > > > Please correct me if I'm wrong... > > > > > > As far as I understand, the domain quota code included in the last > > > development version of vpopmail is NOT 100% compatible with other > > programs > > > like sqwebmail, courier, ecc., so you may have some disalignments, > > > depending on the products you're using. > > > > > > Tonino > > > > > > At 26/03/03 26/03/03 +0100, Jonas Pasche wrote: > > > >Hi Rick, > > > > > > > > > Is it possible to set a quota for an entire domain using vpopmail? > > > > > > > >One of the top ten questions on the list. You didn't check the archives, > > > >didn't you? :) > > > > > > > >In short: > > > > > > > >For the stable version of vpopmail, there is no domain quota support, > > > >but you can create the domain under a dedicated system user and use > > > >system quotas for that user. > > > > > > > >In the latest development version of vpopmail, experimental domain quota > > > >support is included. > > > > > > > >Jonas > > > > > > > > > > > > [EMAIL PROTECTED]Interazioni di Antonio Nati > > > http://www.interazioni.it [EMAIL PROTECTED] > > > > > > > > > > > > [EMAIL PROTECTED]Interazioni di Antonio Nati > http://www.interazioni.it [EMAIL PROTECTED] > >
Re: [vchkpw] Domain quotas
The domain quota code (as well as the user quota code) is enforced in the vdelivermail program. It should be compatible with courier-imap, but not maildrop. It also works within qmailadmin. I'm not familiar with sqwebmail internals. Brian > Please correct me if I'm wrong... > > As far as I understand, the domain quota code included in the last > development version of vpopmail is NOT 100% compatible with other programs > like sqwebmail, courier, ecc., so you may have some disalignments, > depending on the products you're using. > > Tonino > > At 26/03/03 26/03/03 +0100, Jonas Pasche wrote: > >Hi Rick, > > > > > Is it possible to set a quota for an entire domain using vpopmail? > > > >One of the top ten questions on the list. You didn't check the archives, > >didn't you? :) > > > >In short: > > > >For the stable version of vpopmail, there is no domain quota support, > >but you can create the domain under a dedicated system user and use > >system quotas for that user. > > > >In the latest development version of vpopmail, experimental domain quota > >support is included. > > > >Jonas > > > > [EMAIL PROTECTED]Interazioni di Antonio Nati > http://www.interazioni.it [EMAIL PROTECTED] > >
[vchkpw] Re: some info about the various limits needed
Hi Justin, > hi.. > could you explain some of the vlimits to me? > i understand the disable_* > and i think i understand diskquota, maxmsgcount, defaultquota and > defaultmaxmsgcount plus the other max* stuff. > diskquota = a quota for the full domain, i.e > # du -sh ~vpopmail/domains/domain.com > while defaultquota just is the default setting for a useraccount, right? > (same for maxmsgcount/defaultmaxmsgcount) > > what is the "perm_*" all about? Permissions for non-postmaster admin's. > oh.. and i've made several changes for the better integration of vlimits. > e.g. vadddomain (), vdeldomain () are calling vset_limits/vdel_limits (with a > default set of limits) and i'm writing a vsetdomlimits commandline utility at > the moment. Thats a great thing. > furthermore i've removed disable_* and replaced it with > default_permissions_mask (altered vlimits.c/vmysql.c/vlimits.h). A No, don't do this, please. I understand the concept, but please don't do this. The disable_* fields would apply to the domain to disable services for all users of a domain and the new field would just set the default for new users added. It really doesn't use as much space as you think. Its about 0.4 Kb per domain (less than half a kilobyte). > the idea is: default_permissions_mask is the default gid mask for every user > of a domain. if it has the NO_IMAP flag set, and you want some user to get > imap support: set the V_USER0 flag for that user and make sure NO_IMAP is > unset in that user's gid. > > as soon as V_USER0 is set, it completly ignores the default_permissions_mask. This I don't understand. I understood that the field would contain the default permissions for new users. If you need to change the permissions of a single user, then you just update GID field on the password entry. > > > i'm going to post the diffs later.. > > -- > Mit internetten Grüßen / Best Regards > --- > Justin Heesemannionium Technologies > [EMAIL PROTECTED]www.ionium.org >
Re: [vchkpw] Domain quotas
> Is it possible to set a quota for an entire domain using vpopmail? > > - Rick > > Yes. You will need vpopmail 5.3.19 or up. You need to populate the mysql "diskquota" or the .qmailadmin-limits file attribute "quota" to the size (in bytes). Brian
Re: [vchkpw] vlimits patch [1/??]
> On Tuesday 25 March 2003 18:25, Brian Kolaci wrote: > > Do you think we need both domain permissions and > > default new user permissions for each type of permission? > > (This is the case for quotas, a domain limit and a default > > for new users). > > > > I like the idea of having both (which just generates more > > work...). But we didn't take that into account with the > > original design. > > > > I would say that we should do what you were intending > > by using the current values as "domain" permissions, and > > add a field for "default_user_permissions" that would > > populate the gid field of the user password entry. > > What I would also do is encapsulate the code you > > wrote into a function (you don't need the #ifdefs) > > and have it return the mask which can be AND'd with > > the gid field of the password entry. This masking > > function could go into vlimits.c and called in the > > vauth_getpw() functions. > > sounds good to me. I guess a single field added to the mysql table for > default_user_permissions is enough, as it only has to contain the mask. > (Well, we could have done this to the disable_* as well, it wouldn't bloat > the mysql table that much) There were discussions on this and we determined it would be best to keep them separated out for those that read directly from the table (and I happen to have java EJB's map the attributes to these columns). Another purpose of separating them out was to allow search conditions on the elements, which is difficult with masks. Since the new field would be just a default value for the GID field of the password entry, I don't see any problem for this field being an int. > something like enforced_domain_permissions and default_user_permissions .. but > if it's to late to change that now, i won't object :) I don't think it should change. I actually use it with the individual fields and find it useful. > i'm adding two functions now: > vget_limits_default_mask (const char *domain, int *mask) > vget_limits_enforced_mask (const char *domain, int *mask) Don't think you need to do this. The limits are stored in a structure. You would only need to add a single value (the mask) to the structure, then add the code to parse it out of the .qmailadmin-limits file (and write it), and add the field to the mysql table definition and queries. The API would remain the same (just a get/set of the structure). > but I thought about making some changes to vset_limits/vget_limits plus > changing the structure of .qmail-limits/mysql:vpopmail.limits > to drop all the disable_* and replace it with the masks. Please don't. > i'll also add an update script which makes the necessary changes to existing > .qmailadmin-limits/mysql:vpopmail.limits > > only someone would have to alter the qmailadmin for me (i've never touched > that thing :) ) > > (well .. i will only start with the altered tables/.qmailadmin-limits files if > you say it's ok.. I don't know how many out there are already using vlimits. > i think the masks help adding future disable flags without having to change > the table structure every time, so yes, we have a incompatible update this > time, but _only_ this time) Its not hard to add a single field, however I went and added several (pretty much everything that people suggested months ago) but haven't integrated all of it into qmailadmin or the other programs. I have some in an older version of qmailadmin that I'm still using (haven't submitted a patch yet). > > -- > Mit internetten Grüßen / Best Regards > --- > Justin Heesemannionium Technologies > [EMAIL PROTECTED]www.ionium.org > > Thanks. Brian
Re: [vchkpw] Courier-imap not setting open-relay in vpopmail/qmail
Works for me in 1.6.0. With the standard distribution, it won't work with authdaemond. I've patched mine to allow it to work with that. I don't see any problem if you use the raw authvchkpw way. Brian > Very strange. open_smtp_relay works for me in courier-imap > We have 1.5.1 version > > KenJones > > On Tuesday 25 March 2003 10:45 am, Rob Gridley wrote: > > I'm just going to steal your thread for a sec here. ;p > > > > I saw this in the Courier-IMAP 1.7.1 ChangeLog the other day. It has > > stopped me from upgrading. > > > > * authlib/preauthvchkpw.c (auth_vchkpw_pre): Disable open_smtp_relay() > > until fixed by authvchkpw devs. > > > > Does anyone have any clarification on this? > > > > > > Rob Gridley, System Administrator > > > > MHz Design Communications Inc. > > 10 Four Seasons Place, Suite 900 Toronto, ON M9B 6H7 > > email: [EMAIL PROTECTED] web: http://www.mhzdesign.com > > phone: 416.626.1777 x234 fax: 416.626.7227 > > > > > > On 3/25/03 11:35 AM, "David Hubbard" <[EMAIL PROTECTED]> > > > > confessed: > > > Hello Courier users, > > > just wondering if anyone could point > > > me in the right direction for what to look > > > at. I am building a new mail server with > > > qmail/vpopmail and courier-imap/pop3. I > > > set courier for authvchkpw auth type and > > > it works successfully for imap and pop3 > > > logins. vpopmail never sets the open-relay > > > for the host doing the Courier login. It > > > does set it correctly if I use qmail's pop3 > > > server and vchkpw to authorize the connection. > > > > > > Is this a courier or vpopmail issue? I'm > > > running the latest courier-imap devel > > > version courier-imap-1.7.1.20030319 and vpopmail > > > 5.3.19. > > > > > > Thanks, > > > > > > David > >
Re: [vchkpw] vlimits patch [1/??]
Ahh, I think we had different thoughts on that. When I originally sent out the request for comments for the vlimits, I thought the "disable_" routines were to be the defaults for new users. This was the original intent from the responses I got. This way you would be able to shut off certain services for users and you can make an exception for one or two users by using vmoduser and only enabling some of the permissions for some of the users. i.e. allow postmaster IMAP access, but no other users in the domain. I guess it could work both ways, however there's no easy way to set a default for new users (which is what the original intent was). Anyone have any comments on this? Do you think we need both domain permissions and default new user permissions for each type of permission? (This is the case for quotas, a domain limit and a default for new users). I like the idea of having both (which just generates more work...). But we didn't take that into account with the original design. I would say that we should do what you were intending by using the current values as "domain" permissions, and add a field for "default_user_permissions" that would populate the gid field of the user password entry. What I would also do is encapsulate the code you wrote into a function (you don't need the #ifdefs) and have it return the mask which can be AND'd with the gid field of the password entry. This masking function could go into vlimits.c and called in the vauth_getpw() functions. What do you think? Brian > On Tuesday 25 March 2003 17:34, Brian Kolaci wrote: > > > i'm going to post (a very similar one) tomorrow for .qmail-limits files. > :) > i think this should stay in the vauth_getpw function (which is in vauth.c). > this way, when you later decide to disable_imap=1 you won't have to change it > for all the users in that domain. also authvchkpw.c (from > courier-imap/authlib) directly calls vauth_getpw. > and as i said.. i'm posting a patch vor vcdb.c/vpgsql.c/vsybase.c tomorrow to > cover the other auth modules. > > anyways, i can see that the vpopmail.c:vadduser approach also has a good > point: vlimits would then only serve as a "default" for each domain. one > could still enable _single_ users to access their mail via imap/webmail/ ... > or disable smtp for others. maybe some others post their opinion on this? > > brian: is this what vlimits was originally indented to be? a default setting > for the users of a domain (well plus some generall max settings..)? > > -- > Mit internetten Grüßen / Best Regards > --- > Justin Heesemannionium Technologies > [EMAIL PROTECTED]www.ionium.org > >
Re: [vchkpw] vlimits patch [1/??]
This is very good, however you may want to move this
out of vmysql.c and put it directly in vpopmail.c
for the add_user routine.
vlimits isn't only for mysql. It also uses the
.qmailadmin-limits file for non-mysql implementations.
So the structure & function vget_limits() is valid
with or without mysql.
Thanks,
Brian
> this enforces the disable_* vlimits:
> e.g: if vlimits.disable_imap=1 it is the same as if every user has the
NO_IMAP
> gid flag set.
> i'm going to post (a very similar one) tomorrow for .qmail-limits files.
> is there vlimit support being added for postgres/sybase/oracle ?
>
>
> --- vpopmail-orig-5.3.19/vmysql.c 2003-03-05 18:09:47.0 +0100
> +++ vpopmail-new-5.3.19/vmysql.c2003-03-25 16:22:13.0 +0100
> @@ -327,6 +327,10 @@
> uid_t myuid;
> uid_t uid;
> gid_t gid;
> +#ifdef ENABLE_MYSQL_LIMITS
> + struct vlimits limits;
> +#endif
> +
>
> vget_assign(domain,NULL,156,&uid,&gid);
> myuid = geteuid();
> @@ -406,6 +410,35 @@
> return(NULL);
> }
> mysql_free_result(res_read);
> +#ifdef ENABLE_MYSQL_LIMITS
> +if (vget_limits (in_domain,&limits) == 0) {
> + int mask = 0;
> + if (limits.disable_pop) {
> +mask += NO_POP;
> + }
> + if (limits.disable_smtp) {
> +mask += NO_SMTP;
> + }
> + if (limits.disable_imap) {
> +mask += NO_IMAP;
> + }
> + if (limits.disable_passwordchanging) {
> +mask += NO_PASSWD_CHNG;
> + }
> + if (limits.disable_relay) {
> +mask += NO_RELAY;
> + }
> + if (limits.disable_webmail) {
> +mask += NO_WEBMAIL;
> + }
> + if (limits.disable_dialup) {
> +mask += NO_DIALUP;
> + }
> +
> + vpw.pw_gid = vpw.pw_gid | mask;
> +}
> +#endif
> +
> return(&vpw);
> }
>
>
Re: [vchkpw] About to release new devel version 5.3.20
> On Monday 24 March 2003 22:05, you wrote: > > > On Monday 24 March 2003 20:53, Ken Jones wrote: > > > > I'm about to release a new 5.3.20 devel version. > > > > > > > > Does anyone have any patches they would like to submit? > > > > > > > > > > > > Thta's about it. > > > > If no one submits patches by end of day Tuesday, I'll > > > > release 5.3.20 as is. The plan then is to let Bill > > > > Shupp finish up some things before we release a > > > > new 5.4.0 stable version in association with a new > > > > qmailadmin 1.2.0 release. > > > > > > Fine. I really think we should finish vlimits before 5.4.0. At least to > > > an extent where it actually is doing something. > > > > Its been working for me since mid last year. I've submitted > > the patches only this year, starting around January. > > It essentially wraps the .qmailadmin-limits file access > > to an API and also allows the information to be stored > > in MySQL. When I put together the API, I had asked for > > other "wishlist" items, which I put into the structures > > but haven't implemented such as "permissions". The quotas, > > limits, defaults limits, etc. all work fine and have been > > for quite some time. > > > > So I have no idea what you mean that it should "do something". > > > > The infrastructure is now there for people to implement the > > items they "wished" for. If I get spare cycles, I'll look > > at them, but the areas I use were done a year ago, except for > > domain quotas which was completed last month. > > > > Brian > > ok, sorry brian :) > it is just that i don't use qmailadmin and i don't want to. if i have some > option in my vlimits which denies imap, then why does vchkpw allow me to > login via imap ?? this is what i feel vlimit should do. for limiting some > userfrontend i actually don't need any feature of vpopmail, as i can easily > use my own mysql tables. > > furthermore there is no single ./vsetlimit utility. > this isn't meant to attack you in any way, brian, and i didn't say _you_ > should do all this. you did a great job adding the vlimits, which are able to > do more, than they are doing at the moment. Hi Justin, There are currently ways to limit IMAP. One thing you should remember is that the vlimits API is for full domain limits, not individual users. There are permission bits in the GID field in the password entry for the user. These I believe work. Before actually implementing the API, I sent out a request for all the additional items people wanted to see over and above what I wanted. This way the database schema would only have to be written once, and filled in later. Some limit the qmailadmin app, others go directly into vdelivermail. Others will go into other areas. Overall, I think we have a functional system as is, with placeholders for future features. The wishlist is high, but only so many things can make each release. If you've got the cycles and can crank out some of it tonight, send in a patch. Thanks, Brian
Re: [vchkpw] About to release new devel version 5.3.20
> On Monday 24 March 2003 20:53, Ken Jones wrote: > > I'm about to release a new 5.3.20 devel version. > > > > Does anyone have any patches they would like to submit? > > > > > Thta's about it. > > If no one submits patches by end of day Tuesday, I'll > > release 5.3.20 as is. The plan then is to let Bill > > Shupp finish up some things before we release a > > new 5.4.0 stable version in association with a new > > qmailadmin 1.2.0 release. > > > > Fine. I really think we should finish vlimits before 5.4.0. At least to an > extent where it actually is doing something. Its been working for me since mid last year. I've submitted the patches only this year, starting around January. It essentially wraps the .qmailadmin-limits file access to an API and also allows the information to be stored in MySQL. When I put together the API, I had asked for other "wishlist" items, which I put into the structures but haven't implemented such as "permissions". The quotas, limits, defaults limits, etc. all work fine and have been for quite some time. So I have no idea what you mean that it should "do something". The infrastructure is now there for people to implement the items they "wished" for. If I get spare cycles, I'll look at them, but the areas I use were done a year ago, except for domain quotas which was completed last month. Brian
[vchkpw] patch to set default quota in vadd_user()
This patch uses the vlimits() API to retrieve the
default user quota for their domain. This is for
cdb and mysql storage.
This should be applied to 5.3.19
Thanks,
Brian
diff -c vpopmail-5.3.18/vcdb.c vpopmail-5.3.19/vcdb.c
*** vpopmail-5.3.18/vcdb.c Thu Feb 20 13:27:49 2003
--- vpopmail-5.3.19/vcdb.c Thu Mar 20 08:49:29 2003
***
*** 666,671
--- 666,673
uid_t uid;
gid_t gid;
char crypted[100];
+ char quota[30];
+ struct vlimits limits;
if ( vget_assign(domain, Dir, 156, &uid, &gid ) == NULL ) {
strcpy(Dir, VPOPMAILDIR);
***
*** 699,709
}
#ifdef HARD_QUOTA
! fprintf(fs1, "%s", HARD_QUOTA);
#else
! fprintf(fs1, "NOQUOTA");
#endif
#ifndef CLEAR_PASS
fprintf(fs1, "\n");
#else
--- 701,715
}
#ifdef HARD_QUOTA
! snprintf(quota, sizeof(quota), "%s", HARD_QUOTA);
#else
! strcpy(quota, "NOQUOTA");
#endif
+ if (!vget_limits(domain, &limits))
+ snprintf(quota, sizeof(quota), "%s", limits.defaultquota);
+ fprintf(fs1, quota);
+
#ifndef CLEAR_PASS
fprintf(fs1, "\n");
#else
diff -c vpopmail-5.3.18/vmysql.c vpopmail-5.3.19/vmysql.c
*** vpopmail-5.3.18/vmysql.cMon Jan 27 11:29:15 2003
--- vpopmail-5.3.19/vmysql.cThu Mar 20 08:45:53 2003
***
*** 250,255
--- 250,256
char quota[30];
char Crypted[100];
int err;
+ struct vlimits limits;
if ( (err=vauth_open_update()) != 0 ) return(err);
vset_default_domain( domain );
***
*** 260,265
--- 261,269
strncpy( quota, "NOQUOTA", 30 );
#endif
+ if (!vget_limits(domain, &limits))
+ snprintf(quota, sizeof(quota), "%s", limits.defaultquota);
+
#ifndef MANY_DOMAINS
domstr = vauth_munch_domain( domain );
#else
Re: [vchkpw] Change the default quota
> > Hi Luqman, > > > > > how do i change default quota in vpopmail ? > > > > Recompile. It's hard coded at compile time. > > > > Jonas > > As of vpopmail-5.3.19 you update the .qmailadmin-limits > file or the vlimits mysql table. The hard coded value > is used to initialize the default for the domain. My mistake, the limits API is used only if you have the latest patched version of qmailadmin that this was added in on. I'll patch vpopmail also... Brian
Re: [vchkpw] Change the default quota
> Hi Luqman, > > > how do i change default quota in vpopmail ? > > Recompile. It's hard coded at compile time. > > Jonas As of vpopmail-5.3.19 you update the .qmailadmin-limits file or the vlimits mysql table. The hard coded value is used to initialize the default for the domain. Brian
Re: [vchkpw] quotas
You need vpopmail-5.3.19 for domain quotas. It may be found at http://shupp.org Brian On Sat, 15 Mar 2003, Payal Rathod wrote: > Hi, > I have installed vpopmail-5.2.1 with just enable-roaming-users=y option. > After that I did make and make install. > > Now I added 2 domains test1 and test2? Do these domains have a default > quota? > > If no, how do I add that? If I am going to use ./configure again what > care must I take? Do i use make install clean or something like that? > > Also can I have domain test1 with say 40Mb quota and domain test2 with > 70Mb quota? How to achieve that? > I read README.quotas, INSTALL and FAQ but still I am unable to figure a > proper solution for different quotas for different domains. > > Can someone tell? > > With regards, > -Payal > > -- > "Visit GNU/Linux Success Stories" > www.geocities.com/rpayal99 > Guest-Book Section Updated. > >
RE: [vchkpw] domain quota
5.3.19 You can get it from http://shupp.org Brian > is it 5.3.19 or 5.3.16? > > -Original Message- > From: Brian Kolaci [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 13, 2003 8:59 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: [vchkpw] domain quota > > > > domain quotas were implemented in vpopmail 5.3.19. > > Brian > > > Hello, > > > > I've tried playing around with quotas on my qmail+vpopmail+qmailadmin > setup. > > User quota works. But when I try to set domain quota on > .qmailadmin-limits > > (default_quota X) in the ~vpopmail/domains/somedomain.com directory, > it > > doesn't work. I set the default_quota to 100, but I did not changed > the > > quota of the user which is 10MB. I assumed that the system looks first > on > > the domain quota. It seems my assumption was wrong. Is there something > I > > need to do to make it work? I just installed the programs as described > on > > the README/INSTALL files. By the way, I'm running qmail-1.03 + > > vpopmail-5.2.1 + qmailadmin 1.0.11. Anybody? > > > > TIA > > > > > >
Re: [vchkpw] domain quota
domain quotas were implemented in vpopmail 5.3.19. Brian > Hello, > > I've tried playing around with quotas on my qmail+vpopmail+qmailadmin setup. > User quota works. But when I try to set domain quota on .qmailadmin-limits > (default_quota X) in the ~vpopmail/domains/somedomain.com directory, it > doesn't work. I set the default_quota to 100, but I did not changed the > quota of the user which is 10MB. I assumed that the system looks first on > the domain quota. It seems my assumption was wrong. Is there something I > need to do to make it work? I just installed the programs as described on > the README/INSTALL files. By the way, I'm running qmail-1.03 + > vpopmail-5.2.1 + qmailadmin 1.0.11. Anybody? > > TIA > >
Re: [vchkpw] qmail-smtpd patch
Check the archives. There are a few, however they *only* take into account the vpopmail addresses, not system accounts or aliases or SMTP relaying. I've just patched mine to handle all cases however I don't have a patch. BTW, VRFY would be the correct place for this, however most spam programs ignore the return on the VRFY command and send it anyway. So in short, you'll have to write your own custom one to your situation. At least with the patch, I don't have 10,000 messages in the outbound queue each day for bounces. Now I rarely get bounces. Brian > Hi, > > Is anyone aware of a patch for qmail-smtpd that will return a 5xx code if the > rcpt to is a non-existent address/alias on a vpopmail system? > > Thanks, > > Abdul > -- > Tel: +27-31-566-8080 > Fax: +27-31-566-8010 > http://www.eastcoast.co.za > >
Re: [vchkpw] new quota support question
> OK OK. Brian had me thinking that the quota was stored in a database with all of that talk about pw_shell and limits API calls. > > I now see that (as I originally thought), the quota is actually stored in the 'maildirsize' file. (I opened it up and looked at it > in my maildir) It is used from the file *only* if you use maildrop. If you use vpopmail the info is stored either in the password file or the database. > SO: Would anyone be opposed to moving the 'domain' quota out of the qmailadmin limits file (I'm assuming it's stored there since > Brian said it was) and into a separate 'domainquota' file? Yes. Many people use other tools in addition to qmailadmin that manipulate the database directly to control these things. I know I'm not alone. There have been several other posts by others using the database that manipulate the db directly. Doing this would require *another* file to be opened and maintained by the admin tools and again puts a "limit" into the control of the end user. I use the limits from the db, and enforce them with system quotas. This is for both user quotas and domain quotas. Brian
Re: [vchkpw] new quota support question
> If vpopmail stores the actual user quota in a database, and the maildirsize > file just stores the current size of the maildir (which IS a file based > system, BTW), then doesn't that mean that Maildrop has NEVER been capable > of enforcing maildir++ with vpopmail? I guess I wasn't explicit enough. I assumed people already knew how the quota's are stored. The "user quota" for vpopmail is stored in the pw_shell attribute of the vqpasswd structure. Where this information is stored (db, cdb, file) doesn't matter. You use an API to get at it. In courier, a different place is used. The "domain quota" is now currently stored in the qmailadmin limits information, which is now retrieved using the vget_limits() function. Again, where it is actually stored doesn't matter. Now the "usage" of maildir++ quotas is stored in the filename. There is a cache file in the Maildir called maildirsize that caches all the file sizes in one file. > > All of the docs on the web seem to suggest that maildrop IS compatible with > maildir++. Does "compatible" in that sense only mean that maildrop can > manipulate the maildirsize file? But that it doesn't actually have a clue > when a user's quota is exceeded? I guess I never understood that properly. I'm sure it is "compatible" in that sense. I don't know the rules of how it enforces the quota nor where it gets the user quota from. I doubt it gets it from vpopmail and the vqpasswd file as vdelivermail does, but I may be wrong. > Also, I don't see why implementing "soft" quotas with another file inside > the maildir would be such a bad idea. The maildirsize file is already > vulnerable to user modification, so it ONLY works when the user doesn't > have shell access to their own maildir. Also, EMAIL is backed up from the > file system, so what's wrong with backing up the quota that applies to that > email with it? The maildirsize file is auto-recreated or re-evaluated when mail is deleted. I don't think putting the quotas within the grasp of the user is a good idea. > > I'd say we beat this topic to death though. Since you're using > > maildrop, then why not create a patch for it. Then the patch itself > > could be included in the vpopmail distribution, or kept separate as > > its own distribution. > > Sure, I could do that, but then I'd have to maintain a patch, and that's > messy. I'd much rather implement a standard that everyone can work with. What exactly is "everyone"? Its just vpopmail & courier. You just happen to have a specialized installation that is using both. It sounds like for you, the features of courier outweigh the features of vpopmail, so you should probably just convert to courier and not use vpopmail. If you think the features of vpopmail are more important, then think about putting what you like better in courier into vpopmail. You're trying to mix qmail/vpopmail and courier. > Please bare with me here. I'm starting to realize that I didn't really > understand how these quotas work, and that there is a great possibility > that maildrop was never really capable of enforcing maildir++ quotas > (because maildir++ doesn't really have much to do with the quota itself, > but rather the size of the maildir) True. It may enforce it, however I would say with its own user storage and rules. You can't just assume when user information is stored in one place that software developed for another project will use it. > I really need a way to filter email on the server side, so unless that > functionality makes it's way into vdelivermail in the near future, I'd > really like to discuss the possibility of expanding the maildir++ > specification to include user and domain quotas. I don't even want to touch that... > I'd be willing to write code for this too, so it's not like you're talking > to someone who's just mouthing off and whining for functionality. This > is how Open Source works: When a developer has an itch, he scratches it, > and everyone benefits, right? > > Lets talk. If you're willing to help me hammer out an idea that works, > then I'll pitch it to Mr. Sam. If we do a good job and it makes sense, > then I doubt he'll object as long as I do most of the coding and he > doesn't have to. Sorry, but I still don't think you should store limits information within control of end users. A quota is just another limit, as is the other information used by qmailadmin. Thanks, Brian
Re: [vchkpw] new quota support question
> So the domain quotas aren't stored in a file, but rather in whatever database > backend you happen to be using? They are stored in either the .qmailadmin-limits file, or MySQL, if enabled. The "user" quota is stored in the "pw_shell" attribute of the password entry for the user. > > I'd think that if the domain quotas could be stored in a file, that a ratification > could be made to the maildir++ standard. Perhaps the maildirsize file could contain > a reference to the location of the domain quota file. This would be quite flexible > I'd think. > > What do you think? > > Either way, I think this functionality needs to be implemented in a way > that Courier-IMAP and other programs can live with. It should be standardized, > otherwise vpopmail will be implementing a feature that no-one else can > realistically use without linking vpopmail's libraries into their code > (which I mentioned in another thread as being a bit of a pain sometimes). Yes, but I don't think that courier has a need or care for domain based quotas, just as Bill said. Most people use system quotas. If you use courier, then you'll wind up using its own SQL implementation (he doesn't use files either). BTW, maildir++ quotas isn't really a "standard". First, there was courier, where it started. Bill then updated vpopmail to also conform since there's no down-side to it, but you can get benefit from it. Good luck trying to get everyone to swap to a file based system. I personally like *everything* in the database rather than filesystem. All the information (other than message store & cache info) is in the database for easy backup/recovery. I'd say we beat this topic to death though. Since you're using maildrop, then why not create a patch for it. Then the patch itself could be included in the vpopmail distribution, or kept separate as its own distribution. Brian
Re: [vchkpw] new quota support question
> > I'd be curious to see if Mr. Sam accepts such patches. I personally > > think that this new non-system domain quota feature is unnecessary, > > when system quotas are available, easily implemented, and a better > > solution. But enough people seemed to want it for some reason, and > > Brian did a very nice job of implementing it cleanly with his other > > vlimits functions, so I included it in my devel version. Notice that > > Ken has not yet signed off on this, so there's no guarantee that it > > will make it in the official release, anyway. So you might hold off on > > patching anything else, unless you (or anyone else) are prepared to > > maintain it. > > Noted. I personally hope it makes production. Sounds like a good idea > to me, it just seems to require a ratification to the maildir++ standard. Seems unlikely. courier has no provision to store "domain" quotas, only user quotas. Like I said in my last email, it requires getting the domain quota from somewhere, and vdelivermail uses the vget_limits() API out of libvpopmail.a. Brian
Re: [vchkpw] vpopmail 5.3.19
> Wednesday March 05 2003 11:47, Bill Shupp wrote to All: > > > BS> I've posted a new devel version, 5.3.19. Please help test > > Still no user expiry feature? Have you written it yet? When you write it, then you should post the patch to the list. It would be reviewed, tested, then possibly/probably added to the release. Brian > > KS > >KARICO Business Services >Toronto, ON Canada >http://www.karico.ca > >
Re: [vchkpw] new quota support question
> > > Or are they implemented with system quotas? > > > > You can do that also if you wish, however you'll need to > > supply your own scripts for that. > > So, basically, no? What would I have to supply to use system > quotas? If you wish to use system quota's, you'll need to write a script to update the system quota. I'm on solaris, so I use a script that sends some commands to "edquota". On linux, it may be different. > > > Will I still be able to use maildrop to filter my mail? > > > > I'm unsure about maildrop. If it delivers the mail via > > vdelivermail, then yes, but if it writes directly to the > > file system, it needs to be patched to enforce the quotas. > > I've updated libvpopmail.a to include the quota code, so > > you should be able to patch it if needed. > > Maildrop is maildir++ compatible. I assume that this new code > deviates from the maildir++ standard? Yes, however only for "user" quotas. There's no concept of "domain" quotas in courier that I'm aware of. This code is maildir++ compliant, but now vdelivermail uses the "limits" API to retrieve the per-domain limits (disk quota & max msg count) and enforce it by making a check at the current usage (which calculates usage by summing up the usage for each mailbox within a domain). > > > When are the quotas recalculated? (If maildrop deletes a message, > > > will it throw the quotas off?) > > > > The domain quota code recalculates the quota each time on the fly. > > One big benefit now is its use of the maildirsize files, if they're > > there. This is a big performance gain. But if you don't have anything > > creating & maintaining these files (and they don't exist), then the > > performance would be pretty bad if people "leave mail on server", and > > you constantly have to sum up thousands of files. I haven't used maildrop, > > and I see the maildirsize files in each user's Maildir so I assume > > vdelivermail is maintaining them. You'll need to try it out and see > > what kind of performance you get. In my copy, I have syslog()'s > > logging the clock over these and I typically see about 0.001s > > when the cache files are there, and up to 7s when they're not (but > > then they suddenly appear, so it must be creating them by default). > > The 7 seconds was due to a user with a few thousand messages still in there > > and no maildirsize file. > > OK. So, when vdelivermail delivers a message to the maildir, it just > modify's the quota based on the email's size, correct? It doesn't > actually recalculate the entire quota? I believe it checks if the file is there and recalulates the entire maildir if its missiing. If its there, it just appends the quota information to the maildirsize file. > What happens when an IMAP or POP server deletes a message from the > maildir? Is the quota then incorrect? I use Courier-IMAP. I use courier-imap as well as the courier pop3 daemon. I believe the imap server recalculates the quota for the maildir. I'm not sure whether it recalculates the whole user maildir, or just removes one entry from the file. You'll have to check the code. > Is there a way to recalculate a user's maildir quota via command line? > (For instance, so that all of my user's quotas could be recalculated at > 4 AM from scratch via a shell script or Perl script?) Not that I'm aware of. I think you automatically get it if its not there during a delivery. Since maildrop is part of courier (I assume it is), then it probably manages the maildirsize files already as vdelivermail does. It probably enforces "user" quotas, but I'm not sure. It won't enforce domain quotas without patching it to retrieve & enforce a domain level quota. You'll need the vget_limits() function from the vpopmail library for that. > Thanks for all the info! No prob. Good luck. Brian
Re: [vchkpw] new quota support question
> Howdy list, > > I'm just wondering a few things about the new domain wide quotas: > > Are these quotas implemented in vdelivermail? Yes. > Or are they implemented with system quotas? You can do that also if you wish, however you'll need to supply your own scripts for that. > Will I still be able to use maildrop to filter my mail? I'm unsure about maildrop. If it delivers the mail via vdelivermail, then yes, but if it writes directly to the file system, it needs to be patched to enforce the quotas. I've updated libvpopmail.a to include the quota code, so you should be able to patch it if needed. > > When are the quotas recalculated? (If maildrop deletes a message, > will it throw the quotas off?) The domain quota code recalculates the quota each time on the fly. One big benefit now is its use of the maildirsize files, if they're there. This is a big performance gain. But if you don't have anything creating & maintaining these files (and they don't exist), then the performance would be pretty bad if people "leave mail on server", and you constantly have to sum up thousands of files. I haven't used maildrop, and I see the maildirsize files in each user's Maildir so I assume vdelivermail is maintaining them. You'll need to try it out and see what kind of performance you get. In my copy, I have syslog()'s logging the clock over these and I typically see about 0.001s when the cache files are there, and up to 7s when they're not (but then they suddenly appear, so it must be creating them by default). The 7 seconds was due to a user with a few thousand messages still in there and no maildirsize file. Thanks, Brian
Re: [vchkpw] Feature request: Usage of SSLREMOTEIP
> Hi Anders, > > > > Does anyone know a workaround until either vpopmail reads SSLREMOTEIP > > > or ucspi-ssl sets TCPREMOTEIP? > > > > How about something like (untested): > > "(env TCPREMOTEIP=$SSLREMOTEIP /home/vpopmail/bin/vchkpw)" > > in your startup script instead of just "/home/vpopmail/bin/vchkpw" ? > > I tested it, but it doesn't work that way. I have now patched sslserver > to set TCPREMOTEIP instead, according to Charles' idea, which works > fine. I recommend that you patch sslserver to set both environment variables, rather than just replacing it. Brian
Re: [vchkpw] vpopmail + mysql. Basic question.
> On Wednesday 26 February 2003 17:33, Brian Kolaci wrote: > > using vadduser not only adds the row to the table, but > > creates the directory structure for vdelivermail to put > > mail into. It also encrypts the password field. So > > you should either use the vadduser program or the vpopmail > > vadduser() API routine. > > well.. not really. vchkpw for example creates the maildir, if it's missing, > and so does vdelivermail. > so if you just want to _create_ users by adding them to the mysql table, this > is just fine. > > just if you want to delete the users thas way, it will keep their Maildirs in > place. Didn't know the recovery code was there. That's great. I've had instances in my old version where it wouldn't deliver mail because the maildir was missing, but now that I think about it, I haven't seen that problem for awhile. Thanks, Brian
[vchkpw] patch for vpopmail-5.3.18
# of blocks for all messages in
--- 40,59
time_t *, off_t *, unsigned *);
static int statcurnew(const char *, time_t *);
static int statsubdir(const char *, const char *, time_t *);
! static int doaddquota(const char *, int, const char *, long, int, int);
! static int docheckquota(const char *dir, int *maildirsize_fdptr,
! const char *quota_type, long xtra_size, int xtra_cnt, int *percentage);
static int docount(const char *, time_t *, off_t *, unsigned *);
! static int maildir_checkquota(const char *dir, int *maildirsize_fdptr,
! const char *quota_type, long xtra_size, int xtra_cnt);
! static int maildir_addquota(const char *dir, int maildirsize_fd,
! const char *quota_type, long maildirsize_size, int maildirsize_cnt);
! static int maildir_safeopen(const char *path, int mode, int perm);
! static char *str_pid_t(pid_t t, char *arg);
! static char *str_time_t(time_t t, char *arg);
! static int maildir_parsequota(const char *n, unsigned long *s);
+
#define NUMBUFSIZE 60
#define MDQUOTA_SIZE'S' /* Total size of all messages in maildir */
#define MDQUOTA_BLOCKS 'B' /* Total # of blocks for all messages in
***
*** 98,104
free(domdir);
return 0;
}
-
/* convert from MB to bytes */
maxsize = limits.diskquota * 1024 * 1024;
maxcnt = limits.maxmsgcount;
--- 101,106
***
*** 425,431
}
! int maildir_checkquota(const char *dir,
int *maildirsize_fdptr,
const char *quota_type,
long xtra_size,
--- 427,433
}
! static int maildir_checkquota(const char *dir,
int *maildirsize_fdptr,
const char *quota_type,
long xtra_size,
***
*** 437,443
xtra_size, xtra_cnt, &dummy));
}
! int maildir_readquota(const char *dir, const char *quota_type)
{
int percentage=0;
int fd=-1;
--- 439,445
xtra_size, xtra_cnt, &dummy));
}
! int vmaildir_readquota(const char *dir, const char *quota_type)
{
int percentage=0;
int fd=-1;
diff -c vpopmail-5.3.18/maildirquota.h vpopmail-5.3.18.new/maildirquota.h
*** vpopmail-5.3.18/maildirquota.h Sat Apr 6 09:30:35 2002
--- vpopmail-5.3.18.new/maildirquota.h Wed Feb 26 12:23:56 2003
***
*** 6,12
--- 6,26
+ /* I've removed pretty much the whole file execept for
+some public functions so as to not conflict with courier.
+I"ve made the courier functions static.
+- Brian Kolaci
+ */
+ int readdomainquota(const char *dir, long *sizep, int *cntp);
+ int readuserquota(const char* dir, long *sizep, int *cntp);
+ int domain_over_maildirquota(const char *userdir);
+ int user_over_maildirquota(const char *dir, const char *quota);
+ void add_warningsize_to_quota( const char *dir, const char *quota);
+ int vmaildir_readquota(const char *dir, const char *quota);
+ /* skip the rest... */
+ #if 0
+
/* from maildirquota.h */
#ifndef maildirquota_h
***
*** 247,249
--- 261,264
}
#endif
#endif
+ #endif
Common subdirectories: vpopmail-5.3.18/oracle and vpopmail-5.3.18.new/oracle
diff -c vpopmail-5.3.18/vdelivermail.c vpopmail-5.3.18.new/vdelivermail.c
*** vpopmail-5.3.18/vdelivermail.c Thu Feb 20 16:30:19 2003
--- vpopmail-5.3.18.new/vdelivermail.c Wed Feb 26 12:24:48 2003
***
*** 89,101
void checkuser(void);
void usernotfound(void);
int is_loop_match( char *dt, char *address);
-
- /* functions in maildirquota.c */
int deliver_quota_warning(const char *dir, const char *q);
- int user_over_maildirquota(char *address, char *quota);
- int domain_over_maildirquota(char *userdir);
- void add_warningsize_to_quota( const char *dir, const char *q);
- char *format_maildirquota(const char *q);
static char local_file[156];
static char local_file_new[156];
--- 89,95
***
*** 488,494
return(-1);
}
if (QUOTA_WARN_PERCENT >= 0 &&
! maildir_readquota(address, format_maildirquota(quota))
>= QUOTA_WARN_PERCENT) {
deliver_quota_warning(address, format_maildirquota(quota));
}
--- 482,488
return(-1);
}
if (QUOTA_WARN_PERCENT >= 0 &&
! vmaildir_readquota(address, format_maildirquota(quota))
>= QUOTA_WARN_PERCENT) {
deliver_quota_warning(address, format_maildirquota(quota));
}
diff -c vpopmail-5.3.18/vmysql.c vpopmail-5.3.18.new/vmysql.c
*** vpopmail-5.3.18/vmysql.cMon Jan 27 11:29:15 2003
--- vpopmail-5.3.18.new/vmysql.cWed Feb 26 09:54:55 2003
***
*** 60,66
static MYSQL_ROW row;
st
Re: [vchkpw] vpopmail + mysql. Basic question.
using vadduser not only adds the row to the table, but creates the directory structure for vdelivermail to put mail into. It also encrypts the password field. So you should either use the vadduser program or the vpopmail vadduser() API routine. Brian > Sorry for the basic question but i can't figure how they work together. > > If i add a vpopmail user ( ~vpopmail/bin/vadduser [EMAIL PROTECTED] ), it will > saved in mysql db. All right. > > But if i add a mysql record will it added to vpopmail users? > What's about fields like pw_passwd? > > Tnx in advance. > > -- > cris >
Re: [vchkpw] How to handle the local domain as virtual.
qmail is probably not passing them on to vpopmail for delivery. Make sure you remove your domainname from the qmail control/locals file, and add it to your control/rcpthosts file. Brian > Hi. > I am running Qmail with vpopmail successfully right now, and qmail-smtpd is > able to recieve email from the various domains and route them to the correct > vpopmail mailboxes with no problem. > > Except for one domain. > > The real domain name of the server itself (webpunch.net) is set as the only > LOCAL domain in qmail, and even though I have done > > vadddomain webpunch.net **, > vadduser [EMAIL PROTECTED] * > etc. > > qmail bounces all messages sent to any user I have created in domain > webpunch.net, saying that there is no user by that name. > > (<[EMAIL PROTECTED]>: Sorry, no mailbox here by that name.) > > How do I make QMail treat incoming mail for webpunch.net as if it was > virtual? > > - For reference, here are some of the files I have - > (line numbers are not in file, only here for reference) > > /var/qmail/users/assign: > 1: +webpunch.net-:webpunch.net:89:89:/home/vpopmail/domains/webpunch.net:-:: > 2: +vdom1.com-:vdom1.com:89:89:/home/vpopmail/domains/vdom1.com:-:: > 3: +vdom2.com-:vdom2.com:89:89:/home/vpopmail/domains/vdom2.com:-:: > 4: +vdom3.net-:vdom3.net:89:89:/home/vpopmail/domains/vdom3.net:-:: > 5: +vdom4.net-:vdom4.net:89:89:/home/vpopmail/domains/vdom4.net:-:: > 6: . > > (of course, vdom* are actual domain names in the file) > > /var/qmail/control/me > (/var/qmail/control/defaultdomain and plusdoman have the same contents) > 1: webpunch.net > > > /var/qmail/control/virtualdomains > 1: webpunch.net:webpunch.net > 2: vdom1.com:vdom1.com > 3: vdom2.com:vdom2.com > 4: vdom3.net:vdom3.net > 5: vdom4.net:vdom4.net > > Thanks in advance. > Ben > >
Re: [vchkpw] vpopmail as a daemon
> > Well, I don't see the need. vpopmail was made for qmail. > > Qmail invokes vpopmail using vdelivermail. > > > > What exactly would you daemonize? > > Authentication and access to vpopmail control functions. Creating users, domains, aliases, etc... > > Of coarse parts of vpopmail wouldn't run as a daemon because qmail doesn't work that way. I suppose I wasn't clear about what I > thought might be a candidate for 'daemonization'. > Like I said before, we already have the daemons. That's qmail-smtpd, authdaemond, and the POP & IMAP daemons. The only thing left is the admin stuff, which is where I worry about security. > - > > OK. I get the feeling that the vpopmail daemon idea isn't very popular. As I mentioned before, I just threw it out there to get some > feed back, and now that I have, I realize that I haven't thought it through all the way yet. > > A protocol would have to be developed for external apps to talk with vpopmail, and while such a protocol could be designed 'for the > future', so that current apps wouldn't break with future versions of vpopmail, I'm not sure that it would be worth it in the end. > > As I mentioned before, I strongly dislike NFS. I think a vpopmail specific protocol could be engineered that would have a much > higher efficiency than vpopmail+NFS, but that's as far as I've thought it through. If you dislike NFS, then why did you go with qmail to begin with? That was the target for qmail. To use NFS without file locking. In any case, you still can easily get by without NFS, but replace it with a webserver and/or sshd. > > Also, I'll note here that I don't yet have need for a cluster, and have never implemented/used a vpopmail+NFS cluster. Therefore, I > realize that vpopmail+NFS may very well be an excellent solution, and that I may just have an incorrect idea in my head regarding > the speed and overhead that is required to run NFS. There have been *many* improvements to NFS. The latest is very feature rich, has hooks for security, etc. NFS is a good thing, especially if you start looking at the alternatives (i.e. NetBIOS). > > So... with that in mind, I'm going to conclude that I don't have enough experience or knowledge to really debate the pros and cons > of a vpopmail daemon. > > If everyone could shift their attention to the 'vpopmail extension modules' thread, I would still like to discuss some things about > that idea. (And I DO have enough experience and knowledge to have an intelligent discussion about it!) > > Thanks for the comments! > > And thanks for reading! > > Jesse > > > > You would only want to > > make a daemon for things that are used *very* frequently > > and you need the extra speed. The only thing I see is > > authentication, for which you can use authdaemond from > > courier. This works very well with vpopmail (and my patched > > code works with the IP mapping and open_smtp). > > > > I've included my comments below: > > > > > > > Greetings list, > > > > > > I'm sure people have considered this before, but I'd like to collect > > everyone's thoughts on the idea I'm about to present: > > > > > > VPopMail as a daemon > > > > > > What does everyone think about the possibility of turning vpopmail into a > > daemon? Complete with network ports and the like. It would > > > allow for a much more distributed architecture, IMHO. > > > > > > Currently, if someone wants to run qmailadmin on a separate web server, they > > have to create an NFS share, right? > > > > Thats one option, and at least its already secure. You can > > also run an additional webserver on the back-end system and have > > your main webserver proxy requests to it. Still secure. > > > > > > > > Wouldn't it make a lot of sense to provide a vpopmail network protocol that > > allows connections from remote administrative utilities? > > > > No. > > > > > > > > Possibly even implement support for vpopmail clusters (although I'm thinking > > you'd have to have a crazy amount of users to need a > > > cluster! Vpopmail is pretty darn efficient.) > > > > You can already do this. > > > > > > > > Administrative programs like qmailadmin and vqadmin would benefit by not > > having to be run on the primary mail server, but I highly > > > doubt that the majority of web traffic comes from the admin CGIs. > > > > They don't need to be run from the primary mailserver if you use NFS, > > but its better if you do run a secondary webserver on the mailserver > > just for qmailadmin. You can then proxy to it from your primary webserver. > > The admin programs may benefit, but I don't think you're buying much > > by moving the admin functions to a daemon. You would, however, be > > giving hackers yet another w
Re: [vchkpw] vpopmail as a daemon
Hi, Well, I don't see the need. vpopmail was made for qmail. Qmail invokes vpopmail using vdelivermail. What exactly would you daemonize? You would only want to make a daemon for things that are used *very* frequently and you need the extra speed. The only thing I see is authentication, for which you can use authdaemond from courier. This works very well with vpopmail (and my patched code works with the IP mapping and open_smtp). I've included my comments below: > Greetings list, > > I'm sure people have considered this before, but I'd like to collect everyone's thoughts on the idea I'm about to present: > > VPopMail as a daemon > > What does everyone think about the possibility of turning vpopmail into a daemon? Complete with network ports and the like. It would > allow for a much more distributed architecture, IMHO. > > Currently, if someone wants to run qmailadmin on a separate web server, they have to create an NFS share, right? Thats one option, and at least its already secure. You can also run an additional webserver on the back-end system and have your main webserver proxy requests to it. Still secure. > > Wouldn't it make a lot of sense to provide a vpopmail network protocol that allows connections from remote administrative utilities? No. > > Possibly even implement support for vpopmail clusters (although I'm thinking you'd have to have a crazy amount of users to need a > cluster! Vpopmail is pretty darn efficient.) You can already do this. > > Administrative programs like qmailadmin and vqadmin would benefit by not having to be run on the primary mail server, but I highly > doubt that the majority of web traffic comes from the admin CGIs. They don't need to be run from the primary mailserver if you use NFS, but its better if you do run a secondary webserver on the mailserver just for qmailadmin. You can then proxy to it from your primary webserver. The admin programs may benefit, but I don't think you're buying much by moving the admin functions to a daemon. You would, however, be giving hackers yet another way to cause havoc. > > Programs like sqwebmail would benefit by not having to be recompiled every time vpopmail is upgraded. The port protocol wouldn't > change much between versions, and developers could maintain backward compatibility. You typically don't need to update sqwebmail since not much would change to affect this program. Same thing for IMP (nothing would ever have to change as it uses IMAP). > > Sqwebmail WOULDN'T be able to run on a separate server, as it accesses maildirs directly, but at least administration, upgrades, and > general package stability would likely improve a bit. I don't see any improvement. > > Who knows. One might even be able to implement a maildir access protocol. But that would probably just duplicate the functionality > of the IMAP protocol. Right, that would be a waste of time. > > Can anyone else think of a good reason why vpopmail might benefit from being made into a daemon? No. > > Can anyone think of a really good reason why it shouldn't? (Other than the time it would take to code everything.) Sure. Security. You can implement the security into your webserver above and beyond the qmailadmin security. Another is that there would be another point of failure. If anything, this just adds more lines of code, and to what benefit? For the admin interfaces (which is the only place I can see the daemon doing anything)? > > I'm just thinking aloud here, but I'd like to hear everyone's ideas on the matter. Sorry, but I think its a pretty bad idea, at least for this piece of software. I'm typically for having daemons around, but for the places they're needed, they're already there. Vpopmail is currently just a set of API's in a library plus a delivery agent. There's some utility programs that come with it, but still its mainly a set of API's. Now what I'd like to see happen is integrate java API's and make qmailadmin and vqadmin into webapps. Its already on my list of "todo's", but pretty far down... Brian
Re: [vchkpw] vpopmail 5.3.18 with --enable-vlimits
Ahh, good catch. I increased limits table structure to about twice its original size, (more items added) and since my table already existed, I didn't encounter the buffer overflow. Since the original create failed, you'll need to delete and add the domain again to get the row added to the table. I guess another limit we can add would be Rick's request for a monthly bandwidth limitation per domain (or user?). Brian > solved. > > increasing vmysql.c: SQL_BUF_SIZE to 2000 fixed it. > > however i do get > delivery 6: success: > vnysql:_can't_find_limits_for_domain_'test.com'/did_0+0+1/ > > > (with a type in it too.. vnysql => vmysql) > > shouldn't it add some defaults when calling vadddomain ? > > -- > Best Regards, > Justin >
[vchkpw] domain quotas (updated)
I've made one change to the patch below, which is the
same one I posted yesterday.
This patch makes public the following two functions
in maildirquota.c:
int readdomainquota(const char *dir, long *sizep, int *cntp);
int readuserquota(const char* dir, long *sizep, int *cntp);
These two functions read the current Maildir++ quota usage
for a domain/user given the domain or user directory.
It *adds* to the current values pointed to by sizep & cntp
the size/msgcount used by the specified domain/user.
They return 0 on success, -1 on failure. errno would be
set to EAGAIN if the contents of the directory changed
during the calculation.
In short, the attached patch enforces the quota limits
specified in the qmailadmin-limits file/table in the vdelivermail
program. I figured it might be better to expose the above
two functions as well, therefore the updated patch.
Thanks,
Brian
- Begin Forwarded Message -
Since there's been alot of hype about domain quotas,
I've put my changes in the attached patch file. This
will patch vpopmail-5.3.16 (maildirquota.c and vdelivermail.c).
There's a new file vqmaillocal.c that apparently doesn't
use Maildir++ quotas, so I didn't touch that.
The CPU usage is negligible (I saw 0-20 ms). With this patch,
another function is added to maildirquota.c called
domain_over_maildirquota() that extracts the domain info from
the given end-user Maildir and returns 1 if the domain is already
at/over quota, or the new message would exceed the domains quota.
Note that this patch *only* enforces Maildir++ quotas (both
size and count), and not system quotas. The diskquota parameter
of the vlimits structure is in MB (NOT BYTES), and the maxmsgcount parameter
specifies the max messages for the whole domain. If either value
is less than or equal to 0, it is treated as unlimited.
Ken/Bill - I've been running this for about a month now with the
published vlimits API and it seems to work well with little CPU overhead.
All deliveries still seem to be under 1 second. I've stripped out the
system quotas implementation and made it simply Maildir++ quota compliant.
Thanks,
Brian
- End Forwarded Message -
Common subdirectories: vpopmail-5.3.16/attic and vpopmail-5.3.16.new/attic
Common subdirectories: vpopmail-5.3.16/cdb and vpopmail-5.3.16.new/cdb
Common subdirectories: vpopmail-5.3.16/contrib and vpopmail-5.3.16.new/contrib
Common subdirectories: vpopmail-5.3.16/convert and vpopmail-5.3.16.new/convert
Common subdirectories: vpopmail-5.3.16/doc and vpopmail-5.3.16.new/doc
Common subdirectories: vpopmail-5.3.16/ldap and vpopmail-5.3.16.new/ldap
diff -c vpopmail-5.3.16/maildirquota.c vpopmail-5.3.16.new/maildirquota.c
*** vpopmail-5.3.16/maildirquota.c Wed Oct 23 15:53:36 2002
--- vpopmail-5.3.16.new/maildirquota.c Wed Feb 19 17:55:36 2003
***
*** 29,34
--- 29,35
#include
#include
#include
+ #include "vlimits.h"
#include "maildirquota.h"
#include "config.h"
***
*** 46,51
--- 47,54
long xtra_size,
int xtra_cnt, int *percentage);
static int docount(const char *, time_t *, off_t *, unsigned *);
+ int readdomainquota(const char *dir, long *sizep, int *cntp);
+ int readuserquota(const char* dir, long *sizep, int *cntp);
int deliver_quota_warning(const char *dir);
#define NUMBUFSIZE 60
***
*** 55,60
--- 58,253
#define MDQUOTA_COUNT 'C' /* Total number of messages in maildir */
+ /* bk: add domain limits functionality */
+ int domain_over_maildirquota(const char *userdir)
+ {
+ struct statstat_buf;
+ int ret_value = 0;
+ char *domdir=(char *)malloc(strlen(userdir)+1);
+ char *p;
+ char domain[256];
+ unsigned long size = 0;
+ unsigned long maxsize = 0;
+ int cnt = 0;
+ int maxcnt = 0;
+ struct vlimits limits;
+
+ if (fstat(0, &stat_buf) == 0 && S_ISREG(stat_buf.st_mode) &&
+ stat_buf.st_size > 0)
+ {
+
+ /* locate the domain directory */
+ strcpy(domdir, userdir);
+ if ((p = strstr(domdir, "/Maildir/")) != NULL)
+ {
+ while (*(--p) != '/')
+ ;
+ *(p+1) = '\0';
+ }
+
+ /* locate the domainname */
+ while (*(--p) != '/')
+ ;
+ strncpy(domain, ++p, sizeof(domain));
+ if ((p = strchr(domain, '/')) != NULL)
+ *p = '\0';
+
+ /* get the domain quota */
+ if (vget_limits(domain, &limits))
+ {
+ free(domdir);
+ return 0;
+ }
+
+ /* convert from MB to bytes */
+ maxsize = limits.diskquota * 1024 * 1024;
+ maxcnt = limits.maxmsgcount;
+
+ /* get the domain usage */
+
Re: [vchkpw] no mysql tables after Vpopmail install
As long as the permissions are correct, and you allow CREATE permission to the id/password you put in vmysql.h, then the tables will auto-create when you run the system, i.e. create a domain. Thanks, Brian > I don't have any vpopmail related tables in my Mysql vpopmail database after installation. > I discovered that during the install of vpopmail I typo'd the vpopmail password I wanted to use in the mysql db. I assume that as a result of that error that the tables didn't created properly. > I've tried rerunning the `make install` and `make install-strip` with all my passwords aligned and db access verified, but no soup. > I can't find a schema dump for the vpopmail tables by Googling either. > > What should I do? (please be kind with that sort of question ;-) ) > THANKS! > Dave. >
Re: [vchkpw] Postgres in 5.3.16 - I see it, how do I enable it?
That's good. Haven't played with postgres lately. MySQL seemed easy and quick enough. I've added a patch that checks the return code from vopen_smtp_relay(). It used to be void. I changed the interpretation such that it needs to return non-zero if the given IP address wasn't already in the table, and zero on error or the IP was in the table and just the timestamp was updated. I don't know the syntax for postgres. Would you be able to make that modification? I also don't have an oracle Pro C compiler. I typically use OCI. So I don't know how to update the voracle.pc file. If you or anyone knows how to update that, please send an update. Also, you don't have to grant DROP privs, just give it CREATE and it has the auto-create feature built in. You only need to grant DROP if you disable the MANY_DOMAINS option, which you probably don't want to do anyway. Not sure which database notification daemon you're speaking of. Thanks, Brian > > Anyone? There must be some developmental work going on with it or it > > wouldn't have been in the tarball. I am willing to help work on it but I > > need some help getting over this initial hurdle (cleanly). > > Nice, responsive list. :-/ > > Attached is a patch to 5.3.16 which will get vpgsql to actually work (seems to > work right for auth and relay, have NOT extensively tested it yet) -- I have > not included the configure script changes since they were really nasty and > I'm sure there is a better way. > > ATM the database, user and password are all hardcoded, and I did not change > the existing ability to create the database if it doesn't already exist. > That seems like a really nasty thing to allow -- basically you are granting > the vpopmail database user full access to the vpopmail table where it would > seem more prudent to only allow inserts, updates and deletes. (not > create/drop). Anyway. > > Another nasty is that the database notification daemon will spit its info out > to the network (i.e. anyone accessing vchkpw) -- I will include a fix for > that soon as well as some general cleanups and any other bus I find. > > I hope to do some more extensive testing, including clear passwords and open > relay in the next few days. Adding domains/users and authenticating > definately is working though, and the tables seem to be updating correctly > for relay and lastauth. > > Regards, > Andrew
[vchkpw] domain quotas
Since there's been alot of hype about domain quotas,
I've put my changes in the attached patch file. This
will patch vpopmail-5.3.16 (maildirquota.c and vdelivermail.c).
There's a new file vqmaillocal.c that apparently doesn't
use Maildir++ quotas, so I didn't touch that.
The CPU usage is negligible (I saw 0-20 ms). With this patch,
another function is added to maildirquota.c called
domain_over_maildirquota() that extracts the domain info from
the given end-user Maildir and returns 1 if the domain is already
at/over quota, or the new message would exceed the domains quota.
Note that this patch *only* enforces Maildir++ quotas (both
size and count), and not system quotas. The diskquota parameter
of the vlimits structure is in MB (NOT BYTES), and the maxmsgcount parameter
specifies the max messages for the whole domain. If either value
is less than or equal to 0, it is treated as unlimited.
Ken/Bill - I've been running this for about a month now with the
published vlimits API and it seems to work well with little CPU overhead.
All deliveries still seem to be under 1 second. I've stripped out the
system quotas implementation and made it simply Maildir++ quota compliant.
Thanks,
Brian
Common subdirectories: vpopmail-5.3.16/attic and vpopmail-5.3.16.new/attic
Common subdirectories: vpopmail-5.3.16/cdb and vpopmail-5.3.16.new/cdb
Common subdirectories: vpopmail-5.3.16/contrib and vpopmail-5.3.16.new/contrib
Common subdirectories: vpopmail-5.3.16/convert and vpopmail-5.3.16.new/convert
Common subdirectories: vpopmail-5.3.16/doc and vpopmail-5.3.16.new/doc
Common subdirectories: vpopmail-5.3.16/ldap and vpopmail-5.3.16.new/ldap
diff -c vpopmail-5.3.16/maildirquota.c vpopmail-5.3.16.new/maildirquota.c
*** vpopmail-5.3.16/maildirquota.c Wed Oct 23 15:53:36 2002
--- vpopmail-5.3.16.new/maildirquota.c Wed Feb 19 17:55:36 2003
***
*** 29,34
--- 29,35
#include
#include
#include
+ #include "vlimits.h"
#include "maildirquota.h"
#include "config.h"
***
*** 46,51
--- 47,54
long xtra_size,
int xtra_cnt, int *percentage);
static int docount(const char *, time_t *, off_t *, unsigned *);
+ static int domreadquota(const char *dir, long *sizep, int *cntp);
+ static int readuserquota(const char* dir, long *sizep, int *cntp);
int deliver_quota_warning(const char *dir);
#define NUMBUFSIZE 60
***
*** 55,60
--- 58,253
#define MDQUOTA_COUNT 'C' /* Total number of messages in maildir */
+ /* bk: add domain limits functionality */
+ int domain_over_maildirquota(const char *userdir)
+ {
+ struct statstat_buf;
+ int ret_value = 0;
+ char *domdir=(char *)malloc(strlen(userdir)+1);
+ char *p;
+ char domain[256];
+ unsigned long size = 0;
+ unsigned long maxsize = 0;
+ int cnt = 0;
+ int maxcnt = 0;
+ struct vlimits limits;
+
+ if (fstat(0, &stat_buf) == 0 && S_ISREG(stat_buf.st_mode) &&
+ stat_buf.st_size > 0)
+ {
+
+ /* locate the domain directory */
+ strcpy(domdir, userdir);
+ if ((p = strstr(domdir, "/Maildir/")) != NULL)
+ {
+ while (*(--p) != '/')
+ ;
+ *(p+1) = '\0';
+ }
+
+ /* locate the domainname */
+ while (*(--p) != '/')
+ ;
+ strncpy(domain, ++p, sizeof(domain));
+ if ((p = strchr(domain, '/')) != NULL)
+ *p = '\0';
+
+ /* get the domain quota */
+ if (vget_limits(domain, &limits))
+ {
+ free(domdir);
+ return 0;
+ }
+
+ /* convert from MB to bytes */
+ maxsize = limits.diskquota * 1024 * 1024;
+ maxcnt = limits.maxmsgcount;
+
+ /* get the domain usage */
+ if (domreadquota(domdir, &size, &cnt))
+ {
+ free(domdir);
+ return -1;
+ }
+
+ /* check if either quota (size/count) would be exceeded */
+ if (maxsize > 0 && (size + stat_buf.st_size) > maxsize)
+ {
+ ret_value = 1;
+ }
+ else if (maxcnt > 0 && cnt >= maxcnt)
+ {
+ ret_value = 1;
+ }
+ }
+
+ free(domdir);
+
+ return(ret_value);
+ }
+
+ static int domreadquota(const char *dir, long *sizep, int *cntp)
+ {
+ int tries;
+ char checkdir[256];
+ DIR *dirp;
+ struct dirent *de;
+
+
+ if (dir == NULL || sizep == NULL || cntp == NULL)
+ return -1;
+
+ *sizep = 0;
+ *cntp = 0;
+
+ dirp=opendir(dir);
+ while (dirp && (de=readdir(dirp)) != 0)
+ {
+ if (!strcmp(de->d_name
Re: [vchkpw] question re faq
As far as I know, roaming users doesn't work with the courier-imap authlib, at least with authdaemond. I've patched my version and when I get cycles planned on submitting a patch to Mr. Sam to allow authdaemond to have it work. The problem is that vpopmail relies on environment variables that are set in the couriertcpd and aren't passed to the daemon. I've patched my version and have had it working for over a month now. Eliminating all those fork/exec's have reduced CPU dramatically (as well as my patch to vpopmail vipmap API to only fork/exec tcprules if a new IP is added to the table). I used to be at 99% CPU, now I'm at 98% idle... Brian > faq item 34 discusses getting courier-imap to use vpopmail's roaming users > functionality. i just noticed in the changelog for courier-imap, it states: > > > 2001-02-08 Chris Seawood <[EMAIL PROTECTED]> > > * authlib: Added check for open_smtp_relay in -lvpopmail > > > > so, does that mean that faq item 34 is obsolete? > > > Paul Theodoropoulos > http://www.anastrophe.com > http://folding.stanford.edu > The Nicest Misanthrope on the Net
Re: [vchkpw] mysql-limits
There currently is no conversion program. The latest rev (.16) enables the use of the new API to vset, vget and vdel the _limits functions. They allow either file or mysql tables depending on the compiled in version (with the --enable-mysql-limits=y/n). Currently the first (and only) program using the limits API is qmailadmin 1.0.9. The table and row are automatically created when a new domain is added. Rows are deleted when the domain is deleted. Want to write the conversion program? Should be simple. Just one source file that uses the "file" vget_limits() and the "mysql" vset_limits() and iterate over the current domains. Possibly remove the old .qmailadmin-limits file as well. Brian > i'm about to compile the latest rev (.16), and was wondering - if i select > --enable-mysql-limits=y in configuration, is there anything that needs to > be done to convert the existing .qmailadmin-limits? or does the system > automatically convert the data during/after installation? and are there any > distinct benefits to making this change in an existing mysql-backend > environment? > > > Paul Theodoropoulos > http://www.anastrophe.com > http://folding.stanford.edu > The Nicest Misanthrope on the Net > > >
Re: [vchkpw] mysql-vlimits
Hi, I've been using the mysql vlimits stuff for over 2 years. (I supplied the patch for it). Currently, I don't know of any migration script, but it couldn't be too difficult to make. You need the file version of vget_limits() and the database version of vset_limits(). I could help if you want to write the migration program. I just don't have any .qmailadmin-limits files around anymore. You just need a row per domain for the limits. Also, make sure you have the latest for vpopmail (5.3.16 I think). Thanks, Brian > I wanted to find out if anyone is using the "-mysql-vlimits" > successfully. If you are, could you > Please post your procedure of getting mysql setup and moving over your > qmail-limits files. > > My mysql/vpopmail setup has been working for 3 years now with no > problems, but I cant > seem to get mysql-vlimits setup. > > Thanks, > Clint Simmons > Network Administrator > KZ Universal
Re: [vchkpw] Re: feature request qmail-smtpd-chkusr
Hi, Its definitely a qmail patch, not vpopmail. You should contact the qmail list or homepage to have it listed there instead. I see from your page that it checks vpopmail users, but what about regular shell accounts? Also, does it do the .qmail file processing for normal accounts, maillists, aliases, etc. for ~user/.qmail and such? (This is obviously a basic requirement for almost anyone to be able to use it, but I figured I'd make sure its in there before trying it). I also assume that you're just filling in the VRFY SMTP command, which would be correct place to put this code. Thanks, Brian > Hi Eduardo, > > my patch basically modifies qmail-smtpd.c code, using vpopmail libraries. > So, it may be seen practically in the category "qmail patch", not "vpopmail > patch". > > As any patch, it may not work if someone applied other patches before, so I > don't think it may be right to include it in vpopmail package. vpopmail > configure must work 100%, and cannot rely on already patched qmail code. > > No problem if someone wants to make it, or Inter7 decides to include it in > vpopmail, but I see it troublesome (not because of my patch, but because > all the patches that are usually applied on qmail). > > All could be competely different if inter7 decides to distribute an > extended qmail+vpopmail package. That could help a lot of people, and a lot > of patches could be added easily. > > Let me know what you think. > > Ciao, > > Tonino > > P.S. Actually, the installation of the patch is extremely easy, and you may > install it also on patched version of qmail (a lot of people asked me and > did it). If you have a plain qmail installation, the patch will work in a > few minutes. > The patch has been written in a easy and compact way (with a semplified > version for Bill's megapatch or other complicated patches) just to help > people that use a deeply patched qmail. > > > At 30/01/03 30/01/03 +0100, Eduardo wrote: > >Hello, > >I want to know your opinion about including this patch like an option > >(selecting in configure) on vpopmail code. Spammers generate a lot of traffic > >of emails to unknown users and server could stop it with this. Performance > >seems to be normal. Opinions? > >http://www.interazioni.it/qmail/ > > > > Inter@zioniInterazioni di Antonio Nati > http://www.interazioni.it [EMAIL PROTECTED] > > >
RE: [vchkpw] disk quota per domain
There is already domain limits from the qmailadmin-limits file/table. I don't believe in the concept of sum(user limits) == domain limit Most users will need a small quota, however there are times when they'll need more just for a once in a blue time to get a large attachment through, but overall don't require a large quota. Making the postmaster rearrange quotas on a regular basis is not practical, especially when the quota extention is requested is typically too late. We already *have* a workable solution. Use system limits. For those that want domain limits compiled into vdelivermail, I already have it written in my 5.2 code. I just need to port it to the 5.3.16 code. The only change is to use the vget_limits() API. But due to performance, I believe 99% of the users should still use system quotas due to the heavy performance hit *on every message delivered*. I have over 700,000 messages delivered each day. I had to take out the extra hit on domain limits. System quotas work just fine, especially on systems with over a thousand domains. Brian > That actually sounds like it may work. > > Another solution may be this: > Since qmailadmin now allows postmaster to allocate quota per user, what > if we introduce a limit that restricts how much quota the postmaster has > to distribute. > > This would give us the flexibility to allocate quota per domain and the > postmaster for that domain can re-allocate to the user. > > So we can still see how much each user is using whereas your solution > will not. > > What do you say Ken/Bill ? > > Regards, > > Lu > > > -Original Message- > > From: tonix (Antonio Nati) [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, January 29, 2003 1:54 PM > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > Subject: RE: [vchkpw] disk quota per domain > > > > > > I'm thinking to a new solution, modifying qmailadmin as follows. > > > > A unique ".qmailmaildirsize" should be created in the domain, > > and every > > user should have his own "maildirsize" linked by an "ln -sf" to the > > domain's ".qmailmaildirsize". > > > > \domain > > \domain\.qmailmaildirsize > > [global] > > \domain\user1\Maildir\maildirsize --> > > ..\..\.maildirsize[-> global] > > \domain\user2\Maildir\maildirsize --> > > ..\..\.maildirsize[-> global] > > \domain\user3\Maildir\maildirsize --> > > ..\..\.maildirsize[-> global] > > \domain\user4\Maildir\maildirsize > > [alone] > > \domain\user5\Maildir\maildirsize > > [alone] > > > > Each user using the domain quota should have the same quota > > (equal to the > > domain quota itself). > > > > Users with own quota don't use this mechanism and have their private > > "maildirsize". > > > > The only major add should be a routine to recheck the > > "domain's global > > usage" when domain's ".qmailmaildirsize" is created (or > > recreated after > > deletion), counting only users working with global "maildirsize". > > > > Main problem I see could be the lock on the global > > ".maildirsize", domains > > (with global quota) with thousands of very active users could > > slow down on > > receiving messages. > > > > All that should work with a very few modifications (none in vdeliver, > > vpopmail, etc., only a few in qmailadmin). > > > > Tonino > > > > At 28/01/03 28/01/03 -0800, Lu wrote: > > >Unfortunately adding a unique user per domain is not a > > viable solution > > >for a lot of people especially when there are thousands of domains. > > > > > >I have implemented domain quota by tweaking old vpopmail code before > > >maildirquota was implemented. Basically disabling user quota and > > >recalculate quota for the entire domain when new mail arrives. Then > > >comparing this number to the value MaxQuota inside > > .qmailadmin-limits > > >to determine whether the entire domain is over quota or not. It is > > >rather inefficient but it mostly works. > > > > > >Now I want to do the same with new vpopmail but I don't understand > > >enough about the new way in which it calculates quota. > > > > > >If someone is more well verse and willing to do this, let me > > know and I > > >can help. Otherwise, I will still attempt it but it will > > take a looong > > >time to study the code. > > > > > >Thanks. > > > > > >Lu > > > > > > > > > > -Original Message- > > > > From: Claudio Nieder [mailto:[EMAIL PROTECTED]] > > > > Sent: Tuesday, January 28, 2003 1:53 AM > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: [vchkpw] disk quota per domain > > > > > > > > > > > > Hi, > > > > > > > > > Please give the workable answer... > > > > > > > > Use vaddoains -u option to assign to each domain a different user > >
RE: [vchkpw] disk quota per domain
I too had put in code to calculate real quota based on recursively doing stat's. This seems to chew up *alot* of resources. I have over a thousand domains and its hasn't been an issue to have a username per domain. In fact, it works well and better than when the quota code was in vdelivermail. I've since stopped adding my own patch. I'm seeing that the quota code in there now doesn't seem to return the correct information. For several users, vuserinfo seems to return 100% full all the time (when they used 1.25 Meg out of 100 Meg). I'd like to move the get_du() code from the qmailadmin code to the vpopmail library. Bill/Ken, is this OK? This is a platform independent routine that gets the disk usage for a directory tree. This can be called either on the user's directory or the domain's directory to get the corresponding values. We can then build a switch in vdelivermail to use this for the domain limits. I'm not sure how to get the maildir quotas working for per-domain, but in my case I'm seeing that they haven't been too reliable. I have customers complaining that sometimes mail is bouncing when they're only using 1Mb of space. > Unfortunately adding a unique user per domain is not a viable solution > for a lot of people especially when there are thousands of domains. > > I have implemented domain quota by tweaking old vpopmail code before > maildirquota was implemented. Basically disabling user quota and > recalculate quota for the entire domain when new mail arrives. Then > comparing this number to the value MaxQuota inside .qmailadmin-limits to > determine whether the entire domain is over quota or not. It is rather > inefficient but it mostly works. > > Now I want to do the same with new vpopmail but I don't understand > enough about the new way in which it calculates quota. > > If someone is more well verse and willing to do this, let me know and I > can help. Otherwise, I will still attempt it but it will take a looong > time to study the code. > > Thanks. > > Lu > > > > -Original Message- > > From: Claudio Nieder [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, January 28, 2003 1:53 AM > > To: [EMAIL PROTECTED] > > Subject: Re: [vchkpw] disk quota per domain > > > > > > Hi, > > > > > Please give the workable answer... > > > > Use vaddoains -u option to assign to each domain a different > > user and use your OS quota facility to assign each user the > > desired quota. > > > > claudio > > -- > > Claudio Nieder, Kanalweg 1, CH-8610 Uster, Tel +41 79 357 > > 6743 yahoo messenger: claudionieder aim: claudionieder icq:42315212 > > mailto:[EMAIL PROTECTED]http://www.claudio.ch > > > > Brian Galaxy Networks, Inc.
Re: [vchkpw] 5.3.15
The file I updated was vpgsql.c and voracle.pc These need the extra work done to ensure that it only returns 1 if a new IP was added to the table and not just replaced. Brian > > the proper values if the table was updated. I've updated oracle > > and pgsql to return 1 if the table was updated, 0 on error. So > > There's pgsql auth code available? Whereat? I thought pgsql on vpopmail was > tried once and abandoned. At the beginning of the year I revisited it and > Bill asked for Charles to send it to him... has it been integrated with > 5.3.15? > > Regards, > Andrew >
Re: [vchkpw] 5.3.15
Ken & Bill,
Here's a patch that's small but has a *big* performance
change in it. This patches the 5.3.15 distribution.
Over the last few months, I've been seeing my mailserver
incur 90-99% CPU utilization during peak loads. During
that time, I was seeing between 5 & 10 authentications
per second. Auth's were taking 2-3 seconds each.
I've updated the courier authdaemon to keep the connections
alive (removing the vclose() in preauthvchkpw) and passing
the environment over the auth socket. That helped alot,
however my cpu was still at 80-99% (both CPU's).
This patch changes vopen_smtp_relay() from a void to int.
The function should return non-zero only if the ip list changed
and tcprules should be run. Before, tcprules was fork/exec'd
on every authentication. With this patch, its only run if
a new IP address was inserted into the relay table. My cpu's
dramatically changed so that they're 99% idle !!! I don't
even see them at the top of the process list (ever). I used
to have 5-15 daemons at the top all the time before this patch.
(And I thought I was going to need more hardware...) Now
I can process 5 auth's per second with only one or two daemons
running. Each auth now only takes milliseconds, even at
peak times.
There is a catch... I've only patched the mysql code to return
the proper values if the table was updated. I've updated oracle
and pgsql to return 1 if the table was updated, 0 on error. So
we need someone to update the code for the other databases to
regognize when the replace did an insert vs. a replace (delete/insert).
Mysql returns 1 row affected on insert only, 2 rows affected if
there was a delete/insert (i.e. replace). We only need to update
tcprules if there was an insert only.
I'll be creating a patch for the courier authlib code so
you can run authdaemon as well soon.
Thanks,
Brian
> Ken, all:
>
> I've put together vpopmail 5.3.15 with a few minor fixes for
> vdeloldusers and vlimits (from Brian):
>
> ChangeLog:
> http://shupp.org/patches/vpopmail-ChangeLog
>
> Download:
> http://shupp.org/patches/vpopmail-5.3.15.tar.gz
>
> Cheers,
>
> Bill Shupp
>
>
diff -c vpopmail-5.3.15.orig/vmysql.c vpopmail-5.3.15/vmysql.c
*** vpopmail-5.3.15.orig/vmysql.c Fri Jan 24 03:30:33 2003
--- vpopmail-5.3.15/vmysql.cMon Jan 27 08:43:31 2003
***
*** 702,717
}
#ifdef POP_AUTH_OPEN_RELAY
! void vopen_smtp_relay()
{
char *ipaddr;
time_t mytime;
int err;
mytime = time(NULL);
ipaddr = getenv("TCPREMOTEIP");
if ( ipaddr == NULL ) {
! return;
}
if ( ipaddr != NULL && ipaddr[0] == ':') {
--- 702,718
}
#ifdef POP_AUTH_OPEN_RELAY
! int vopen_smtp_relay()
{
char *ipaddr;
time_t mytime;
int err;
+ int rows;
mytime = time(NULL);
ipaddr = getenv("TCPREMOTEIP");
if ( ipaddr == NULL ) {
! return 0;
}
if ( ipaddr != NULL && ipaddr[0] == ':') {
***
*** 720,726
++ipaddr;
}
! if ( (err=vauth_open_update()) != 0 ) return;
snprintf( SqlBufUpdate, SQL_BUF_SIZE,
"replace into relay ( ip_addr, timestamp ) values ( \"%s\", %d )",
--- 721,727
++ipaddr;
}
! if ( (err=vauth_open_update()) != 0 ) return 0;
snprintf( SqlBufUpdate, SQL_BUF_SIZE,
"replace into relay ( ip_addr, timestamp ) values ( \"%s\", %d )",
***
*** 731,739
printf("vmysql: sql error[7]: %s\n", mysql_error(&mysql_update));
}
}
res_update = mysql_store_result(&mysql_update);
mysql_free_result(res_update);
! return;
}
void vupdate_rules(int fdm)
--- 732,744
printf("vmysql: sql error[7]: %s\n", mysql_error(&mysql_update));
}
}
+ rows = mysql_affected_rows(&mysql_update);
res_update = mysql_store_result(&mysql_update);
mysql_free_result(res_update);
!
! /* return true if only INSERT (didn't exist) */
! /* would return 2 if replaced, or -1 if error */
! return rows == 1;
}
void vupdate_rules(int fdm)
***
*** 1493,1499
"disable_smtp, perm_account, perm_alias, perm_forward, "
"perm_autoresponder, perm_maillist, perm_quota, perm_defaultquota) \n"
"VALUES \n"
! "('%s', %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d)",
domain,
limits->maxpopaccounts,
limits->maxaliases,
--- 1498,1504
"disable_smtp, perm_account, perm_alias, perm_forward, "
"perm_autoresponder, perm_maillist, perm_quota, perm_defaultquota) \n"
"VALUES \n"
! "('%s', %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d,
%d, %d, %d, %d, %d, %d)",
domain,
limits->maxpopaccounts,
limits->maxaliases,
diff -c vpopmail-5.3.15.orig/voracle.pc vpopmail-5.3.15/voracle.pc
*** vpopmail-5.3.15.orig/voracle
Re: [vchkpw] vaddaliasdomain inconsistency ?
There's a feature in vget_alias...() that the domain parameter is a char *, not a const char * so the domain is overwritten to the "master" domain when you call it. The correct behaviour would probably be to return all the domains and specify whether they're master or an alias. Brian > Hi, > > when I vaddaliasdomain a domain to another (e.g. the-domain.com > as an alias to (main) the-domain.de domain), vdominfo shows two domains > with the-domain.de name. > > Yet, the aliasing works (mail sent to the-domain.com end > up in the user's the-domain.de inbox. > > Is this normal ? How would I make vdominfo return only those domains > that are not aliases and whose directories actually exist ? > Or would I need to pipe the results through something like uniq(1) ? > > > > cheers, > Rainer > -- > > Rainer Duffner Munich > [EMAIL PROTECTED] Germany > http://www.i-duffner.deFreising > > When shall we three meet again > In thunder, lightning, or in rain? > > Brian Galaxy Networks, Inc.
[vchkpw] vlimits patch
Hi Ken/Bill,
It appears that the last patch I sent through didn't
get applied. This one contains the several extra
fields as requested. I'm currently working on
qmailadmin to use the API. Shall I also update
vdelivermail to enforce the per-domain quotas?
My copy does this with real disk usage rather than
maildir quotas, so I'm not sure how to do this
with the maildir quotas on a per-domain basis.
Thanks,
Brian
diff -c vpopmail-5.3.14/vlimits.c vpopmail-5.3.14.old/vlimits.c
*** vpopmail-5.3.14/vlimits.c Sat Dec 7 20:19:03 2002
--- vpopmail-5.3.14.old/vlimits.c Thu Jan 23 11:38:43 2003
***
*** 38,52
limits->maxforwards = -1;
limits->maxautoresponders = -1;
limits->maxmailinglists = -1;
- limits->diskquota = 0;
- limits->defaultquota = 0;
- limits->disable_pop = 0;
- limits->disable_imap = 0;
- limits->disable_dialup = 0;
- limits->disable_passwordchanging = 0;
- limits->disable_relay = 0;
- limits->disable_smtp = 0;
- limits->disable_webmail = 0;
/* get filename */
vget_assign(domain, dir, sizeof(dir), &uid, &gid);
--- 38,43
***
*** 54,139
/* open file */
if ((fs = fopen(dir, "r")) != NULL) {
! while (fgets(buf, sizeof(buf), fs) != NULL) {
! if ((s1 = strtok(buf, TOKENS)) == NULL)
! continue;
! if (!strcmp(s1, "maxpopaccounts")) {
! if ((s2 = strtok(buf, TOKENS)) == NULL)
! continue;
! limits->maxpopaccounts = atoi(s2);
! }
! if (!strcmp(s1, "maxaliases")) {
! if ((s2 = strtok(buf, TOKENS)) == NULL)
! continue;
! limits->maxaliases = atoi(s2);
! }
! if (!strcmp(s1, "maxforwards")) {
! if ((s2 = strtok(buf, TOKENS)) == NULL)
! continue;
! limits->maxforwards = atoi(s2);
! }
! if (!strcmp(s1, "maxautoresponders")) {
! if ((s2 = strtok(buf, TOKENS)) == NULL)
! continue;
! limits->maxautoresponders = atoi(s2);
! }
! if (!strcmp(s1, "maxmailinglists")) {
! if ((s2 = strtok(buf, TOKENS)) == NULL)
! continue;
! limits->maxmailinglists = atoi(s2);
! }
! if (!strcmp(s1, "quota")) {
! if ((s2 = strtok(buf, TOKENS)) == NULL)
! continue;
! limits->diskquota = atoi(s2);
! }
! if (!strcmp(s1, "default_quota")) {
! if ((s2 = strtok(buf, TOKENS)) == NULL)
! continue;
! limits->defaultquota = format_maildirquota(s2);
! }
! if (!strcmp(s1, "disable_pop")) {
! limits->disable_pop = 1;
! }
! if (!strcmp(s1, "disable_imap")) {
! limits->disable_imap = 1;
! }
! if (!strcmp(s1, "disable_dialup")) {
! limits->disable_dialup = 1;
! }
! if (!strcmp(s1, "disable_password_changing")) {
! limits->disable_passwordchanging = 1;
! }
! if (!strcmp(s1, "disable_external_relay")) {
! limits->disable_relay = 1;
! }
! if (!strcmp(s1, "disable_smtp")) {
! limits->disable_smtp = 1;
! }
! if (!strcmp(s1, "disable_webmail")) {
! limits->disable_webmail = 1;
! }
! }
! fclose(fs);
! chown(dir,uid,gid);
! chmod(dir, S_IRUSR|S_IWUSR);
} else {
! fprintf(stderr, "vlimits: failed to open limits file (%d): %s\n", errno, dir);
! return -1;
}
return 0;
--- 45,190
/* open file */
if ((fs = fopen(dir, "r")) != NULL) {
! while (fgets(buf, sizeof(buf), fs) != NULL) {
! if ((s1 = strtok(buf, TOKENS)) == NULL)
! continue;
! if (!strcmp(s1, "maxpopaccounts")) {
! if ((s2 = strtok(buf, TOKENS)) == NULL)
! continue;
! limits->maxpopaccounts = atoi(s2);
! }
! if (!strcmp(s1, "maxaliases")) {
! if ((s2 = strtok(buf, TOKENS)) == NULL)
! continue;
! limits->maxaliases = atoi(s2);
! }
! if (!strcmp(s1, "maxforwards")) {
! if ((s2 = strtok(buf, TOKENS)) == NULL)
! continue;
! limits->maxforwards = atoi(s2);
! }
! if (!strcmp(s1, "maxautoresponders")) {
! if ((s2 = strtok(buf, TOKENS)) == NULL)
! continue;
! limits->maxautoresponders = atoi(s2);
! }
! if (!strcmp(s1, "maxmailinglists")) {
! if ((s2 = strtok(buf, TOKENS)) == NULL)
! continue;
! limits->maxmailinglists = atoi(s2);
! }
! if (!strcmp(s1, "quota")) {
! if ((s2 = strtok(buf, TOKENS)) == NULL)
! continue;
! limits->diskquota = atoi(s2);
! }
! if (!strcmp(s1, "maxmsgco
Re: [vchkpw] Quota per domain
Try using system quotas instead. This is what I use. Put each virtual domain under a separate unix user. Impose a system quota on that user. Then set per-user quotas from qmailadmin. There's a -u option to vadddomain to set it to the specified unix userid and setup the "domains" directory under that user's home directory. This is a workable approach (I've been using it for years), and I'm delaying patching vdelivermail to implement it so I can finish up on qmailadmin. Thanks, Brian > Hi Brian! > > I have installed Qmail+vpopmail+swwebmail on Redhat Linux 8.0 > Now, I want to implement disk quota per virtualdomain. > > when I add a virtualdomain ./vadddomain manish.com -q 200 > this option works as > -q quota_in_bytes (sets the quota for postmaster account) > > Sets the quota for postmaster account. > > But as I have 25 virtualdomains, I want to allocate specified disk quota > to each virtualdomain. > And the postmaster of that virtualdomain can use that disk space as per > his requirement with any number of users. > > Please give the workable answer... > > Manish Jain > System Admin > ERDCI Noida > > > > > > Brian Galaxy Networks, Inc.
Re: [vchkpw] Re: welcome message
I run an ISP also. It would be better to allow a command line option to the executable. The reason I say this is that sometimes you want the letter, sometimes you don't. We happen to put a default letter in the user's home directory Maildir to welcome them, however the hosting customers are the ones that got annoyed at getting the welcome letters. They didn't want each time they create an email account for their domain to get any welcome letter. So the welcome letter would be on a per domain basis. It would be nice if qmailadmin could get a setting that stated if new users get a message, and allow the postmaster to construct that message on a per-domain basis. We just put the letter into the /etc/skel default home directory so that all new unix users get the welcome letter. Brian > It could be a compile option (like --enable-welcomemsg). We are an ISP and > use it for new customers. We have a nice letter typed up that explains all > the cool things that we have to offer that they wouldn't know about > otherwise. Also, when we are setting up someone's email, it is nice to have > an email waiting to be received so that you know it worked. > > Trey > > - Original Message - > From: "Brian Kolaci" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, January 08, 2003 9:38 AM > Subject: Re: [vchkpw] Re: welcome message > > > > > > If you're going to put this in the distribution, make > > sure that you have to select an option to have the mail > > delivered. I'm sure many people would *not* want this > > message in their INBOX. We used to do this an about 85% > > of our customers complained, so it was removed. > > > > Brian > > > > > Hi Trey, > > > > > > On Wed, 8 Jan 2003 07:56:54 -0600 > > > "Trey Nolen" <[EMAIL PROTECTED]> wrote: > > > > > > >>> Is there a way to set a "welcome" message that is sent when a > > > >>> postmaster creates an e-mail account? > > > > > > >> Modify vpopmail sources for "vadddomain" not only creating > "Maildir" > > > >> but copying an e-mail to 'Maildir/new' too. > > > > > > > This sure is a pain to do every time you update vpopmail. I sure > hope > > > > this feature gets accepted into the distribution one day > > > > > > Write the code, write it good, stable and secure, and submit it. > > > Maybe it's merged with vpopmail-core and no "rewrite" will be > necessary. > > > -- > > > Peter > > > > >
Re: [vchkpw] Re: welcome message
If you're going to put this in the distribution, make sure that you have to select an option to have the mail delivered. I'm sure many people would *not* want this message in their INBOX. We used to do this an about 85% of our customers complained, so it was removed. Brian > Hi Trey, > > On Wed, 8 Jan 2003 07:56:54 -0600 > "Trey Nolen" <[EMAIL PROTECTED]> wrote: > > >>> Is there a way to set a "welcome" message that is sent when a > >>> postmaster creates an e-mail account? > > >> Modify vpopmail sources for "vadddomain" not only creating "Maildir" > >> but copying an e-mail to 'Maildir/new' too. > > > This sure is a pain to do every time you update vpopmail. I sure hope > > this feature gets accepted into the distribution one day > > Write the code, write it good, stable and secure, and submit it. > Maybe it's merged with vpopmail-core and no "rewrite" will be necessary. > -- > Peter >
Re: [vchkpw] Re: Per domain quota setting
My scripts are not even near any document root. There's a whole separate directory tree (for *all* CGI directories on the server) that is ScriptAlias'd. I don't allow CGI for any user within their doc root otherwise unsuspecting users would enable someone to break into the server. The system default CGI directory is secured that no local user can get there and even look, let alone make changes. Others can't even find out if there's a SUID script in there or not. Brian > Hello Brian, > > On Friday, December 13, 2002 at 2:46:28 PM you wrote: > > > I know about the per user quota settings. Is there anywhere to do a > > per domain quota capping? Eg. Cap the quota for the directory of the > > domain. > > Make use of system quota. > Create a dedicated user for each domain you want to have an overall > quota and make use of '-u' option in 'vadddomain'. > > >>> When I had tried a similar thing earlier, qmailadmin refused to work > >>> probably due to change of user/group which expects vchkpw:vpopmail > > >>> Is there any workaround for this problem, other than using a separate > >>> qmailadmin binary having identical permissions for every such domain > >>> group? > > >> A theoretically, absolutely untested possibility could be putting all > >> domains in different system groups, but with user vpopmail and using > >> system-group-quotas, instead of system-user-quotas. > > > If you use system quotas (as I do), then install qmailadmin setuid > > root and it all works fine. It will switch to the userid of the > > system account that is specified in the users/assign file. > > Make sure the access to /cgi-bin/qmailadmin (or whatever your location > is) is additionally secured by webserver HTACCESS. > Running a cgi suid() to root is a dangerous thing, you _NEVER_ know > what exploits are possible. > The attacker might not be able to log in into qmailadmin, but he > might, for whatever reasons, be able to exploit the CGI and gain > root-access this way, BEFORE qmailadmin switches the identity. > > Me personal would install separate qmailadmin-cgis or give the 'same > user, different groups and system group quotas' a try before setting > qmailadmin-cgi to SUID() root. > -- > Best regards > Peter Palmreuther > >
Re: [vchkpw] Re: Per domain quota setting
If you use system quotas (as I do), then install qmailadmin setuid root and it all works fine. It will switch to the userid of the system account that is specified in the users/assign file. Brian > Hello Ninad, > > On Friday, December 13, 2002 at 12:37:56 PM you wrote: > > >>> I know about the per user quota settings. Is there anywhere to do a > >>> per domain quota capping? Eg. Cap the quota for the directory of the > >>> domain. > > >> Make use of system quota. > >> Create a dedicated user for each domain you want to have an overall > >> quota and make use of '-u' option in 'vadddomain'. > > > When I had tried a similar thing earlier, qmailadmin refused to work > > probably due to change of user/group which expects vchkpw:vpopmail > > > Is there any workaround for this problem, other than using a separate > > qmailadmin binary having identical permissions for every such domain > > group? > > A theoretically, absolutely untested possibility could be putting all > domains in different system groups, but with user vpopmail and using > system-group-quotas, instead of system-user-quotas. > -- > Best regards > Peter Palmreuther > >
Re: [vchkpw] relaying not allowed
Well, it looks like in your case, the problem appears to be that the tcp.smtp.cdb file isn't being updated. This is the file that the server uses to allow relaying or not, and its timestamp is older than your tcp.smtp file. Brian > Okay but should the option Accepted local and relay domains be set to Any > Domain ? > > Regards /Tobias > > > - Original Message ----- > From: "Brian Kolaci" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Tuesday, December 10, 2002 9:14 PM > Subject: Re: [vchkpw] relaying not allowed > > > > Hi Tobias, > > I've seen a similar thing recently, however I'm using MySQL > rather than files and my users have received the same error > message. I checked and found their IP in the table, however > they were still not allowed to send/relay mail. > > I had to resort to manually configure static blocks of IP's in > the tcp.stmp file rather than let the roaming feature work. > > Its strange, it works for 99% of our customers, but then I > find that some people get stuck from certain areas. > > Brian > > > Hi! i´m back again : P > > > > Someone who has setup vpopmail with roaming users who have some > suggestions > > for a beginner > > > > I have succeded so far that the pop 3 server writes to the file > open-smtp > > with correct ip and timestamp but the smtp server > > do not read it or maybe the permisions have been setup wrong. I have > looked > > allover for info but havent found any solutions yet > > > > the smtp server says > > > > The message could not be sent because one of the recipients was rejected > by > > the server. The rejected e-mail address was x. Subject '', > Account: > > , Server: , Protocol: SMTP, Server Response: '553 sorry, > > that domain isn't in my list of allowed rcpthosts (#5.7.1)', Port: 25, > > Secure(SSL): No, Server Error: 553, Error Number: 0x800CCC79 > > > > maybe there is some file owner permision setup failure here´s a ls -la > on > > the etc dir of home/vpopmail > > > > drwxr-xr-x2 89 vchkpw 4096 Dec 10 21:01 ./ > > drwxr-xr-x8 89 vchkpw 4096 Dec 6 17:23 ../ > > -rw-r--r--1 89 vchkpw 25 Dec 6 17:22 inc_deps > > -rw-r--r--1 89 vchkpw 32 Dec 6 17:22 lib_deps > > -rw-r--r--1 root root 60 Dec 10 21:01 open-smtp > > -rw-r--r--1 root root0 Dec 10 21:01 open-smtp.lock > > -rw-r--r--1 root root0 Dec 9 12:52 > open-smtp.tmp.10753 > > -rw-r--r--1 root root0 Dec 8 19:06 > open-smtp.tmp.10766 > > -rw-r--r--1 root root0 Dec 9 16:16 > open-smtp.tmp.11173 > > -rw-r--r--1 root root0 Dec 7 16:03 > open-smtp.tmp.11200 > > -rw-r--r--1 root root0 Dec 9 18:46 > open-smtp.tmp.11281 > > -rw-r--r--1 root root0 Dec 9 14:46 > open-smtp.tmp.11880 > > -rw-r--r--1 root root0 Dec 9 15:05 > open-smtp.tmp.12481 > > -rw-r--r--1 root root0 Dec 9 13:42 > open-smtp.tmp.12500 > > -rw-r--r--1 root root0 Dec 9 21:46 > open-smtp.tmp.12663 > > -rw-r--r--1 root root0 Dec 7 21:14 > open-smtp.tmp.12861 > > -rw-r--r--1 root root0 Dec 9 15:42 > open-smtp.tmp.12869 > > -rw-r--r--1 root root0 Dec 8 01:45 > open-smtp.tmp.13274 > > -rw-r--r--1 root root0 Dec 8 21:27 > open-smtp.tmp.14119 > > -rw-r--r--1 root root0 Dec 8 00:45 > open-smtp.tmp.14307 > > -rw-r--r--1 root root0 Dec 8 14:31 > open-smtp.tmp.14327 > > -rw-r--r--1 root root0 Dec 7 16:03 > open-smtp.tmp.14825 > > -rw-r--r--1 root root0 Dec 9 17:46 > open-smtp.tmp.14895 > > -rw-r--r--1 root root0 Dec 7 18:35 > open-smtp.tmp.15191 > > -rw-r--r--1 root root0 Dec 9 19:16 > open-smtp.tmp.15331 > > -rw-r--r--1 root root0 Dec 7 22:14 > open-smtp.tmp.15618 > > -rw-r--r--1 root root0 Dec 9 16:46 > open-smtp.tmp.
Re: [vchkpw] relaying not allowed
Hi Tobias, I've seen a similar thing recently, however I'm using MySQL rather than files and my users have received the same error message. I checked and found their IP in the table, however they were still not allowed to send/relay mail. I had to resort to manually configure static blocks of IP's in the tcp.stmp file rather than let the roaming feature work. Its strange, it works for 99% of our customers, but then I find that some people get stuck from certain areas. Brian > Hi! i´m back again : P > > Someone who has setup vpopmail with roaming users who have some suggestions > for a beginner > > I have succeded so far that the pop 3 server writes to the file open-smtp > with correct ip and timestamp but the smtp server > do not read it or maybe the permisions have been setup wrong. I have looked > allover for info but havent found any solutions yet > > the smtp server says > > The message could not be sent because one of the recipients was rejected by > the server. The rejected e-mail address was x. Subject '', Account: > , Server: , Protocol: SMTP, Server Response: '553 sorry, > that domain isn't in my list of allowed rcpthosts (#5.7.1)', Port: 25, > Secure(SSL): No, Server Error: 553, Error Number: 0x800CCC79 > > maybe there is some file owner permision setup failure here´s a ls -la on > the etc dir of home/vpopmail > > drwxr-xr-x2 89 vchkpw 4096 Dec 10 21:01 ./ > drwxr-xr-x8 89 vchkpw 4096 Dec 6 17:23 ../ > -rw-r--r--1 89 vchkpw 25 Dec 6 17:22 inc_deps > -rw-r--r--1 89 vchkpw 32 Dec 6 17:22 lib_deps > -rw-r--r--1 root root 60 Dec 10 21:01 open-smtp > -rw-r--r--1 root root0 Dec 10 21:01 open-smtp.lock > -rw-r--r--1 root root0 Dec 9 12:52 open-smtp.tmp.10753 > -rw-r--r--1 root root0 Dec 8 19:06 open-smtp.tmp.10766 > -rw-r--r--1 root root0 Dec 9 16:16 open-smtp.tmp.11173 > -rw-r--r--1 root root0 Dec 7 16:03 open-smtp.tmp.11200 > -rw-r--r--1 root root0 Dec 9 18:46 open-smtp.tmp.11281 > -rw-r--r--1 root root0 Dec 9 14:46 open-smtp.tmp.11880 > -rw-r--r--1 root root0 Dec 9 15:05 open-smtp.tmp.12481 > -rw-r--r--1 root root0 Dec 9 13:42 open-smtp.tmp.12500 > -rw-r--r--1 root root0 Dec 9 21:46 open-smtp.tmp.12663 > -rw-r--r--1 root root0 Dec 7 21:14 open-smtp.tmp.12861 > -rw-r--r--1 root root0 Dec 9 15:42 open-smtp.tmp.12869 > -rw-r--r--1 root root0 Dec 8 01:45 open-smtp.tmp.13274 > -rw-r--r--1 root root0 Dec 8 21:27 open-smtp.tmp.14119 > -rw-r--r--1 root root0 Dec 8 00:45 open-smtp.tmp.14307 > -rw-r--r--1 root root0 Dec 8 14:31 open-smtp.tmp.14327 > -rw-r--r--1 root root0 Dec 7 16:03 open-smtp.tmp.14825 > -rw-r--r--1 root root0 Dec 9 17:46 open-smtp.tmp.14895 > -rw-r--r--1 root root0 Dec 7 18:35 open-smtp.tmp.15191 > -rw-r--r--1 root root0 Dec 9 19:16 open-smtp.tmp.15331 > -rw-r--r--1 root root0 Dec 7 22:14 open-smtp.tmp.15618 > -rw-r--r--1 root root0 Dec 9 16:46 open-smtp.tmp.15881 > -rw-r--r--1 root root0 Dec 9 20:16 open-smtp.tmp.16429 > -rw-r--r--1 root root0 Dec 7 18:36 open-smtp.tmp.16483 > -rw-r--r--1 root root0 Dec 8 02:16 open-smtp.tmp.1719 > -rw-r--r--1 root root0 Dec 8 01:15 open-smtp.tmp.17426 > -rw-r--r--1 root root0 Dec 9 13:23 open-smtp.tmp.18732 > -rw-r--r--1 root root0 Dec 8 14:28 open-smtp.tmp.19621 > -rw-r--r--1 root root0 Dec 9 19:46 open-smtp.tmp.19655 > -rw-r--r--1 root root0 Dec 8 23:03 open-smtp.tmp.1983 > -rw-r--r--1 root root0 Dec 8 17:46 open-smtp.tmp.20357 > -rw-r--r--1 root root0 Dec 8 04:54 open-smtp.tmp.20512 > -rw-r--r--1 root root0 Dec 9 13:49 open-smtp.tmp.21280 > -rw-r--r--1 root root0 Dec 7 17:04 open-smtp.tmp.21672 > -rw-r--r--1 root root0 Dec 7 23:45 open-smtp.tmp.21711 > -rw-r--r--1 root root0 Dec 8 22:14 open-smtp.tmp.21890 > -rw-r--r--1 root root0 Dec 7 18:39 open-smtp.tmp.22001 > -rw-r--r--1 root root0 Dec 9 13:29 open-smtp.tmp.22186 > -rw-r--r--1 root root0 Dec 7 18:57 open-smtp.tmp.22391 > -rw-r--r--1 root root0 Dec 9 14:01 open-smtp.tmp.22793 > -rw-r--r--1 root root0 D
Re: [vchkpw] courier-imap tends to stop authenticating after awhile
I have just under 2000 domains. Not sure of the number of users per domain. There's a few thousand local email addresses also (using pam). Note that the high load is only at peak times. During most of the day I see around 2-4 per second. Brian > Just out of curiosity, how many users does 20-25 > authentications per second equate to for you? > > Thanks. > > > On Monday 25 November 2002 12:58, Brian Kolaci > wrote: > > You can disable it at runtime also. > > Just specify it in the AUTHMODULES variable in > > the .../etc/*.config files (mine is at > > "authvchkpw authpam") rather than > > "authdaemond". You don't have to go back and > > do a fresh compile. > > > > I was trying to use courier-imap 1.6.0, but I'm > > stuck at version 1.4.2. > > > > Under high loads, you *need* to have a pool of > > authentication servers. I also use MySQL so > > the database authentication needs to take place > > for every request. So some work needs to be > > done there, however I don't think its high on > > Sam's list. I may have to tackle it in the not > > too distant future, but I don't think my work > > would get incorporated into his distribution... > > Ken & Bill have been willing to take patches. > > > > Thanks, > > > > Brian > > > > > Yeah. I ran into the same problem. They/we > > > should really include that in documentation > > > somewhere. In fact, I get that problem with > > > sqwebmail even if > > > > I > > > > > DO disable authdaemon I'm not sure it's > > > the same kind of issue though. > > > > > > But back to the reason I posted in the > > > first place: > > > > > > I've seen plenty of people complain on the > > > sqwebmail list that authdaemon croaks after > > > a short time under high load. Using only > > > the authvchkpw module and disabling > > > authdaemon at compile time always fixed the > > > problem. > > > > > > What versions are you running? > > > > > > On Monday 25 November 2002 12:24, Brian > Kolaci wrote: > > > > authdaemond works for me, however IP > > > > Alias doesn't work since the IP > > > > information is passed via environment > > > > variables. The authdaemon protocol > > > > doesn't take into account any of the > > > > environment variables set by couriertcpd, > > > > so your missing some of the critical > > > > information. I've mentioned this on the > > > > courier list as well, however it didn't > > > > appear anyone cared... > > > > > > > > If you disable authdaemond (and have it > > > > fork/exec each login request), then it > > > > works fine. Its just not scalable (and > > > > I'm getting into that problem now when I > > > > hit about 20-25 authentications per > > > > second). > > > > > > > > Thanks, > > > > > > > > Brian > > > > > > > > > Are you using authdaemon? I believe > > > > > disabling auth daemon at compile time > > > > > fixes the problem too. compile with: > > > > > > > > > > --without-authdaemon \ > > > > > --with-vchkpw > > > > > > > > > > when compiling courier-imap. > > > > > > > > > > I don't use authdaemon, and I don't > > > > > have any troubles. This is an > > > > > on-going list discussion. > > > > > > > > > > On Monday 25 November 2002 11:11, Dzuy > Nguyen wrote: > > > > > > There is a bug in vchkpwd in > > > > > > vpopmail 5.2.1. Version 5.3.x > > > > > > seems to fix it. > > > > > > > > > > > > [EMAIL PROTECTED] wrote: > > > > > > >I am using a > > > > > > > qmail/vpopmail/courier-imap mail > > > > > > > solution. After re-installing > > > > > > > courier-imap, the first few > > > > > > > times, imap sessions to work > > > > > > > > and > > > > > > > > > > >authenticate, but after awhile, > > > > > > > authentication fails and I get > > > > > > > nothing > > > > > > > > but > > > > > > > > > > >LOGIN FAILED messages in my > > > > > > > maillog. A reboot of the server > > > > > > > will fix it for a short time; > > > > > > > however, it keeps happening. Has > > > > > > > anyone had this occur before or > > > > > > > have a possible solution? > > > > > > > > > > > > > >I am running these versions: > > > > > > >FreeBSD 4.5-RELEASE > > > > > > >Qmail - 1.03_1 > > > > > > >vpopmail - 5.2 > > > > > > >Courier-Imap - 1.5.3 > > > > > > > > > > > > > >Any suggestions would be helpful. > > > > > > > > > > > > > >Thanks, > > > > > > > > > > > > > >Taylor Dondich > > > > > > > > Brian > > > > Galaxy Networks, Inc. > > > > Brian > > Galaxy Networks, Inc. > > Brian Galaxy Networks, Inc.
Re: [vchkpw] courier-imap tends to stop authenticating after awhile
You can disable it at runtime also. Just specify it in the AUTHMODULES variable in the .../etc/*.config files (mine is at "authvchkpw authpam") rather than "authdaemond". You don't have to go back and do a fresh compile. I was trying to use courier-imap 1.6.0, but I'm stuck at version 1.4.2. Under high loads, you *need* to have a pool of authentication servers. I also use MySQL so the database authentication needs to take place for every request. So some work needs to be done there, however I don't think its high on Sam's list. I may have to tackle it in the not too distant future, but I don't think my work would get incorporated into his distribution... Ken & Bill have been willing to take patches. Thanks, Brian > Yeah. I ran into the same problem. They/we should really include that in > documentation somewhere. In fact, I get that problem with sqwebmail even if I > DO disable authdaemon I'm not sure it's the same kind of issue though. > > But back to the reason I posted in the first place: > > I've seen plenty of people complain on the sqwebmail list that authdaemon > croaks after a short time under high load. Using only the authvchkpw module > and disabling authdaemon at compile time always fixed the problem. > > What versions are you running? > > > On Monday 25 November 2002 12:24, Brian Kolaci wrote: > > authdaemond works for me, however IP Alias doesn't work since > > the IP information is passed via environment variables. The > > authdaemon protocol doesn't take into account any of the > > environment variables set by couriertcpd, so your missing some > > of the critical information. I've mentioned this on the courier > > list as well, however it didn't appear anyone cared... > > > > If you disable authdaemond (and have it fork/exec each login > > request), then it works fine. Its just not scalable (and I'm > > getting into that problem now when I hit about 20-25 authentications > > per second). > > > > Thanks, > > > > Brian > > > > > Are you using authdaemon? I believe disabling auth daemon at compile > > > time fixes the problem too. compile with: > > > > > > --without-authdaemon \ > > > --with-vchkpw > > > > > > when compiling courier-imap. > > > > > > I don't use authdaemon, and I don't have any troubles. This is an > > > on-going list discussion. > > > > > > On Monday 25 November 2002 11:11, Dzuy Nguyen wrote: > > > > There is a bug in vchkpwd in vpopmail 5.2.1. Version 5.3.x seems to > > > > fix it. > > > > > > > > [EMAIL PROTECTED] wrote: > > > > >I am using a qmail/vpopmail/courier-imap mail solution. After > > > > >re-installing courier-imap, the first few times, imap sessions to > > > > > work > > > > and > > > > > > >authenticate, but after awhile, authentication fails and I get > > > > > nothing > > > > but > > > > > > >LOGIN FAILED messages in my maillog. A reboot of the server will > > > > > fix it for a short time; however, it keeps happening. Has anyone > > > > > had this occur before or have a possible solution? > > > > > > > > > >I am running these versions: > > > > >FreeBSD 4.5-RELEASE > > > > >Qmail - 1.03_1 > > > > >vpopmail - 5.2 > > > > >Courier-Imap - 1.5.3 > > > > > > > > > >Any suggestions would be helpful. > > > > > > > > > >Thanks, > > > > > > > > > >Taylor Dondich > > > > Brian > > Galaxy Networks, Inc. > > Brian Galaxy Networks, Inc.
Re: [vchkpw] courier-imap tends to stop authenticating after awhile
authdaemond works for me, however IP Alias doesn't work since the IP information is passed via environment variables. The authdaemon protocol doesn't take into account any of the environment variables set by couriertcpd, so your missing some of the critical information. I've mentioned this on the courier list as well, however it didn't appear anyone cared... If you disable authdaemond (and have it fork/exec each login request), then it works fine. Its just not scalable (and I'm getting into that problem now when I hit about 20-25 authentications per second). Thanks, Brian > Are you using authdaemon? I believe disabling auth daemon at compile time > fixes the problem too. compile with: > > --without-authdaemon \ > --with-vchkpw > > when compiling courier-imap. > > I don't use authdaemon, and I don't have any troubles. This is an on-going > list discussion. > > > On Monday 25 November 2002 11:11, Dzuy Nguyen wrote: > > There is a bug in vchkpwd in vpopmail 5.2.1. Version 5.3.x seems to fix > > it. > > > > [EMAIL PROTECTED] wrote: > > >I am using a qmail/vpopmail/courier-imap mail solution. After > > >re-installing courier-imap, the first few times, imap sessions to work and > > >authenticate, but after awhile, authentication fails and I get nothing but > > >LOGIN FAILED messages in my maillog. A reboot of the server will fix it > > >for a short time; however, it keeps happening. Has anyone had this occur > > >before or have a possible solution? > > > > > >I am running these versions: > > >FreeBSD 4.5-RELEASE > > >Qmail - 1.03_1 > > >vpopmail - 5.2 > > >Courier-Imap - 1.5.3 > > > > > >Any suggestions would be helpful. > > > > > >Thanks, > > > > > >Taylor Dondich > > Brian Galaxy Networks, Inc.
[vchkpw] domain maildir quotas
Hi, Bill, if your there, you'd probably know this one off the top of your head... Is there a maildir function to gather the current usage for a whole domain? I know its easy for disk based usage, but what about maildir quotas? If not, I'll put one together to go to the domain directory and loop over all the subdirectories with Maildirs in them and sum them up. Thanks, Brian
Re: [vchkpw] domain quotas
Currently I use a separate system user for each domain, and I bundle mail & web together with one quota. I have a patched vdelivermail that enforces both per-user and per-domain quotas, but not through maildir quotas. I just submitted the patch for the vlimits data structure and am currently updating the latest vdelivermail to use this API and enforce the quotas. The new data structure keeps track of the per-domain information. I'll put in support for maildir quotas, but I'm wondering if I should allow a switch or compile time option to enforce disk based quotas instead/as well. The only problem I forsee is what happens if files are written into the area by another program (i.e. qmail or procmail). What if they don't support the maildir quotas? Then we need the disk based quotas. Also, if there are .qmail files or other control/data files there, should they be included in the disk usage? Of course the maildir quotas don't include them, but the disk based does. Thanks, Brian > HI, > > I was just wondering if creating a separate system user for each domain is > still the only way of having a total quota for a domain rather than quotas > for each user? > > Is anyone working on adding support to vpopmail for domain based quotas under > the the vpopmail.vchkpw user? > > cheers, Iain. >
Re: [vchkpw] .cdb doesn't get compiled for roaming users
edit cdb/conf-* and change cc to gcc (assuming you're using gcc). Brian > Hello > > I'm running vpopmail-5.2.1 and courier-imap-1.5.3 with roaming support > enabled. > > /home/vpopmail/etc/open-smtp gets updated correctly with the ips > fetching mail, but /home/vpopmail/etc/tcp.smtp.cdb doesn't get compiled. > The error I get in my log is > > pop3d: tcprules: fatal: unable to create > ~vpopmail/etc/tcp.smtptmp.31382: file does not exist > > Any help would be appriciated. > > --niklas > >
Re: [vchkpw] How to leave a copy of email on the qmail server using pop3 ...
First of all, the server just does what the client tells it to do. If the client sends the DELE (delete) command, the server will delete the message. If the client doesn't send the DELE (delete) command, the server will *not* delete any message. In qmail, when a message is read, it is moved from the "new" folder to the "cur" folder. So as long as your mail client (Outlook Express) doesn't send the DELE command (i.e. the "leave a copy of messages on server" is checked), then it will remain on the server in the "cur" folder. Brian > Thank you all for the suggestions. > > I did do the client configuration as you described as below b4, > but no effects. really why ? > Outlook Express -> Tools -> Accounts -> Mail -> Properties -> Advanced > > and tick the box "Leave copy of message on server" > > If server can keep the copy where does qmail store still > /home/vpopmail/domains/peak-mobile.com/lucy.liu/Maildir/new/ > ? > > thanks again. > > > Lucy > - Original Message - > From: "Michael Bowe" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, November 21, 2002 10:56 AM > Subject: RE: [vchkpw] How to leave a copy of email on the qmail server using pop3 ... > > > > > -Original Message- > > > From: Lucy [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, 21 November 2002 1:38 PM > > > To: [EMAIL PROTECTED] > > > Subject: [vchkpw] How to leave a copy of email on the qmail > > > server using > > > pop3 ... > > > > > > > > > Hello all, > > > > > > I know this probably being asked b4, but I still havn't found > > > the answer ... > > > > > > I am using qmail + vpopmail once I pop3 my mails from the server > > > no matter what the configuration on the client side, the > > > server won't > > > leave a copy of those poped emails. > > > > That sounds a bit strange > > > > > Can POP3 surport leaving copies on server ? > > > > Yes > > > > > How can I backup ( or leave copies ) on server after I pop my mails? > > > > From the headers in your email it looks like you are using Outlook Express > > 6 > > > > So go to : > > Outlook Express -> Tools -> Accounts -> Mail -> Properties -> Advanced > > and tick the box "Leave copy of message on server" > > > > Michael. > > > > > > Brian Galaxy Networks, Inc.
[vchkpw] POP3 daemon comparison
I've been using both the imapd and pop3d from the courier package with my qmail/vpopmail service. Has anyone done a comparison between these packages? I know the courier package doesn't implement the LAST command, which I hacked in, but I wanted to see if there are any advantages of one over the other with regard to performance. I was hoping to use the authdaemon process to do authentications for both POP and IMAP, however due to the lack of support of passing the environment variables (TCPLOCALIP for instance), I cannot use the vipmap() functionality with it. Thats more hacking into the courier code, which I'd rather not have to support. Thanks, Brian
[vchkpw] qmailadmin-limits update
OK, I've finally found the time to work on the
qmailadmin-limits API's for file and MySQL based storage.
I've attached the patch for vpopmail 5.3.11, available
at shupp.org.
I've augmented the previous implementation to add the
extra features requested and pretty much implemented what
I stated in the email last month. All the feedback from
the last post was positive, so I went straight from that
email.
The API routines are as follows:
int vget_limits(char *domain, struct vlimits *limits);
int vset_limits(char *domain, struct vlimits *limits);
int vdel_limits(char *domain);
The data structure to manipulate is:
/*
* permissions for non-postmaster admins
*/
#define VLIMIT_DISABLE_CREATE 0x01
#define VLIMIT_DISABLE_MODIFY 0x02
#define VLIMIT_DISABLE_DELETE 0x04
#define VLIMIT_DISABLE_ALL
(VLIMIT_DISABLE_CREATE|VLIMIT_DISABLE_MODIFY|VLIMIT_DISABLE_DELETE)
#define VLIMIT_DISABLE_BITS 3
struct vlimits {
/* max service limits */
int maxpopaccounts;
int maxaliases;
int maxforwards;
int maxautoresponders;
int maxmailinglists;
/* quota & message count limits */
int diskquota;
int maxmsgcount;
int defaultquota;
int defaultmaxmsgcount;
/* the following are 0 (false) or 1 (true) */
short disable_pop;
short disable_imap;
short disable_dialup;
short disable_passwordchanging;
short disable_webmail;
short disable_relay;
short disable_smtp;
/* the following permissions are for non-postmaster admins */
short perm_account;
short perm_alias;
short perm_forward;
short perm_autoresponder;
short perm_maillist;
short perm_maillist_users;
short perm_maillist_moderators;
short perm_quota;
short perm_defaultquota;
};
The permissions are a bit field with create, modify and delete permissions.
This just provides the API routines. I personally have a modifed
vdelivermail and qmailadmin that impose per user and per domain
quotas that implement real disk based quotas, not maildir quotas,
therefore I did not include them.
The API's need to be incorporated into several programs. A new program
is needed to manipulate the values in this table/file.
Programs to be augmented are at least vqadmin, qmailadmin, vdelivermail
as well as the vpopmail library routines themselves to use the API
rather than hard coded values for quotas.
The API has the disk quota and the max message count values split apart
as two distinct values (for both the domain and the defaults for new
users). The reason behind this is to quickly use the value as needed
from the API. When a "new user" is added to the system, a maildir
compliant quota will be constructed into a string containing both numbers.
I felt it was easier to combine 2 numbers into a string rather than
split a string into 2 integers, so why not have it done for you already.
I'll be digging through the latest vdelivermail (my patched binary
is a 5.2 version) to see how to integrate the new API into that
next. I'll also take a look at qmailadmin right after that. It looks
like qmailadmin is going to be the biggest to change.
There will be work required to integrate the "disable..." flags into
the various programs such as imap-mail, webmail, pop access, etc.
Thanks,
Brian
Common subdirectories: vpopmail-5.3.11/attic and vpopmail-5.3.11.new/attic
Common subdirectories: vpopmail-5.3.11/cdb and vpopmail-5.3.11.new/cdb
Common subdirectories: vpopmail-5.3.11/contrib and vpopmail-5.3.11.new/contrib
Common subdirectories: vpopmail-5.3.11/convert and vpopmail-5.3.11.new/convert
Common subdirectories: vpopmail-5.3.11/doc and vpopmail-5.3.11.new/doc
Common subdirectories: vpopmail-5.3.11/ldap and vpopmail-5.3.11.new/ldap
Common subdirectories: vpopmail-5.3.11/oracle and vpopmail-5.3.11.new/oracle
diff -rc vpopmail-5.3.11/vlimits.c vpopmail-5.3.11.new/vlimits.c
*** vpopmail-5.3.11/vlimits.c Wed Oct 23 17:19:50 2002
--- vpopmail-5.3.11.new/vlimits.c Wed Nov 20 15:17:50 2002
***
*** 38,52
limits->maxforwards = -1;
limits->maxautoresponders = -1;
limits->maxmailinglists = -1;
limits->diskquota = 0;
! limits->defaultquota = "";
! limits->disablepop = 0;
! limits->disableimap = 0;
! limits->disabledialup = 0;
! limits->disablepasswordchanging = 0;
! limits->disablerelay = 0;
! limits->disablesmtp = 0;
! limits->disablewebmail = 0;
/* get filename */
vget_assign(domain, dir, sizeof(dir), &uid, &gid);
--- 38,66
limits->maxforwards = -1;
limits->maxautoresponders = -1;
limits->maxmailinglists = -1;
+ /*
+ already set to zero from memset()
limits->diskquota = 0;
! limits->maxmsgcount = 0;
! limits->defaultquota = 0;
! limits->defaultmaxmsgcount = 0;
! limits->disable_p
Re: [vchkpw] Re: qmailadmin-limits update
> > On Thu, 24 Oct 2002, John Johnson wrote: > > > I am not a programmer but from what I can see this > > looks like a clean and very efective way to do the > > qmailadmin-limits. If you try to bloat things down > > for something that MIGHT be added or changed then > > we really will not have things really planned, they > > will be half planned and still open waiting for the > > stuff people might want to add to the tables. I say > > we go with this, lock it down and make it happen and > > deal with tomarrow when tomarrow happens as far as the > > tables. > > > > -John > > > > Yeah. This sounds good. I just find out that I need qmailadmin-limits > myself too, and it would be nice to store this data in mysql. > > Brian, do you already have some patches for this? > > I'm willing to test and maybe spent some time coding this if needed.. > > > - Pasi Kärkkäinen I've had the basic table layouts done since January and have been running in production with a patched vdelivermail and qmailadmin since then. Mine supports the limits as given, and the quotas (not message counts) in vdelivermail. It should take more or less an hour to get this written - actually just change what I have to include the additional fields, however you're only the second person to reply to this. I was hoping to get a consensus from people as to what else is needed or required, or find out if its overkill and to strip some. Thanks, Brian > > > > Brian Kolaci writes: > > > > > > > > I've done some thinking about the many suggestions about handling > > > the limits and wanted to summarize some of the pros & cons. > > > > > > First was whether to use a generic approach that had a > > > table with domain, name, value which has a row for each > > > parameter, or to use a single row will all values per domain. > > > > > > The pros: > > > > > > - allows extensability - we can easily add new attributes with a new row > > > > > > The cons: > > > > > > - consumes more space - there's overhead of N-1 times the size of > > >the domainname, plus N times the size of the option name, plus > > >overhead for the value to be able to hold the largest possible value > > >even for smaller items. > > > - updates not atomic - there would have to be N update statements to > > >change a value. We would have to encapsulate the updates within a > > >transaction. > > > - performance - there would be more data going back and forth to/from > > >the sql server. We would also have to store all data as strings in > > >the database and do conversions. When we perform updates, there would > > >have to be N updates sent to the server, which is N round trips plus > > >the transaction overhead. > > > > > > At first when I saw the suggestion I thought it was a great idea, > > > however after thinking it over, I believe performance and reliability > > > would suffer just to save an "alter table" if/when the schema needs to > > > be extended. > > > > > > That being said, I'll continue down the path of a single row per domain, > > > however if others have arguments to the contrary, please speak up. > > > > > > The schema needs to be adjusted to accomodate all the requests I've seen. > > > Both the C structure and the database schema needs to change. > > > > > > I've read the Maildir++ quotas and understand that the concept of a > > > "Maildir quota" encapsulates both a maximum size and maximum message count. > > > It appears to be just a string that contains "#S,#C", which combines > > > the Size and the Count into one string, where the #C is optional. I > > > personally would want them separated as two values, since you can't do > > > much with the combined string but pass it around. To actually use it, > > > you need to split them up with a parser and convert them to numbers. > > > I think the API should keep them as numbers in the structure in C. Its > > > easy enough to combine them with a snprintf(), but more work to parse > > > them out to actually use/enforce them. How they're stored in the database > > > and/or file doesn't really matter (but should be discussed). I believe > > > they
[vchkpw] qmailadmin-limits update
I've done some thinking about the many suggestions about handling
the limits and wanted to summarize some of the pros & cons.
First was whether to use a generic approach that had a
table with domain, name, value which has a row for each
parameter, or to use a single row will all values per domain.
The pros:
- allows extensability - we can easily add new attributes with a new row
The cons:
- consumes more space - there's overhead of N-1 times the size of
the domainname, plus N times the size of the option name, plus
overhead for the value to be able to hold the largest possible value
even for smaller items.
- updates not atomic - there would have to be N update statements to
change a value. We would have to encapsulate the updates within a
transaction.
- performance - there would be more data going back and forth to/from
the sql server. We would also have to store all data as strings in
the database and do conversions. When we perform updates, there would
have to be N updates sent to the server, which is N round trips plus
the transaction overhead.
At first when I saw the suggestion I thought it was a great idea,
however after thinking it over, I believe performance and reliability
would suffer just to save an "alter table" if/when the schema needs to
be extended.
That being said, I'll continue down the path of a single row per domain,
however if others have arguments to the contrary, please speak up.
The schema needs to be adjusted to accomodate all the requests I've seen.
Both the C structure and the database schema needs to change.
I've read the Maildir++ quotas and understand that the concept of a
"Maildir quota" encapsulates both a maximum size and maximum message count.
It appears to be just a string that contains "#S,#C", which combines
the Size and the Count into one string, where the #C is optional. I
personally would want them separated as two values, since you can't do
much with the combined string but pass it around. To actually use it,
you need to split them up with a parser and convert them to numbers.
I think the API should keep them as numbers in the structure in C. Its
easy enough to combine them with a snprintf(), but more work to parse
them out to actually use/enforce them. How they're stored in the database
and/or file doesn't really matter (but should be discussed). I believe
they were combined due to the old hack to put the quota value into
the "shell" field of a password record. Being that we're in new
territory here, we don't even have the concept of message count in
.qmailadmin-limits files or the database, so adding a field/column
for the "default per-user message count" or "per-domain message count"
shouldn't be an issue, and would even keep the old fileformat backward
compatible. In fact, it appears the vqpasswd structure has already
been amended to add a "clear password", so why wasn't it just updated
to add fields for "storage quota" and "max message count" ? Wouldn't
that be cleaner? Sorry for going off topic... I'll stick to the subject
now.
So my suggestion would be to store 4 "quota type" fields to handle
storage/message count for per-domain/per-user. Any comments?
Here's what I would see as a new C structure:
/*
* permissions for non-postmaster admins
*/
#define VLIMIT_DISABLE_CREATE 0x01
#define VLIMIT_DISABLE_MODIFY 0x02
#define VLIMIT_DISABLE_DELETE 0x04
struct vlimits {
int maxpopaccounts;
int maxaliases;
int maxforwards;
int maxautoresponders;
int maxmailinglists;
int diskquota;
int maxmsgcount;
int defaultquota;
int defaultmaxmsgcount;
/* the following are 0 (false) or 1 (true) */
short disable_pop;
short disable_imap;
short disable_dialup;
short disable_passwordchanging;
short disable_webmail;
short disable_relay;
short disable_smtp;
/* the following permissions are for non-postmaster admins */
short perm_account;
short perm_alias;
short perm_forward;
short perm_autoresponder;
short perm_maillist;
short perm_maillist_users;
short perm_maillist_moderators;
short perm_quota;
short perm_defaultquota;
};
We need to patch qmailadmin to create another "AdminType"
to distinguish between "postmaster" and user admins. The
perm_??? items would have the VLIMIT_DISABLE_xxx masks
applied to them.
I'm sure there are other ways to handle this, such as
consolidate the maillist permissions to a single item
and add more bit flags to handle users & moderators.
But this can be done in the API function before it hits
the file or database.
And here's what I would see as a new database schema:
create table vlimits (
domain CHAR(64) PRIMARY KEY,
maxpopaccounts INT(10) NOT NULL DEFAULT -1,
maxaliases
Re: [vchkpw] Vpopmail and mysql limits
> On Wednesday, October 23, 2002, at 03:28 PM, John Johnson wrote: > > > ok to use mysql-limits is there a convert program to convert the > > limits > > I have > > Or do I have to start over with them and reset them.. I guess I will > > also have > > To recompile vqadmin and qmailadmin for this as well? > > Qmailadmin and vqadmin do not support the new vlimits functions yet. > vqadmin has its own code to modify the limits file only (not sql). > Brian, the author of this patch, does have his own patches for > qmailadmin I think. So you really can't do anything with them until > you have code to use them. Not sure if Brian is planning to publish > his qmailadmin patch... > > Regards, > > Bill > I see there's been alot of traffic on this today. I've been out (working) most of the day and haven't been able to keep up. It should be easy to put together a utility to convert the limits, not an issue. As for several of the other comments, I'd like to take tonight to think about several of the suggestions and post one myself. I've been running with the current patched API since vpopmail 4.9.6 and its been working well. I also have a patched qmailadmin-1.0.4 with quotas (I forgot who wrote the quota patch), and a patched version of vdelivermail. Both of these use a recursive stat() to determine usage & quota since it was before the Maildir++ quotas were in there, so I always had *regular* disk usage quotas enforced which I believe may differ from the Maildir++ quotas. My intent was to get the API into the library before updating the programs/utilities to actually use the API. I've been sitting on this for about 10 months now (with a working system), and now finally got it into the distribution. Now it seems (from all the traffic on it today) that nobody can wait for it... I think it would be best to get the base correct and sound before actually using it in the utilities and programs. I have some pros/cons (and I'd like to extend the list and send it out to everyone) about the current implementation and want to get some feedback before moving on it. (Its waited 10 months already, another day or two won't hurt). I'll compile and post some questions in a bit to see what people really want/need and make sure this gets done properly. Thanks, Brian
RE: [vchkpw] patch for vpopmail 5.3.8 for .qmailadmin-limits
The layout should have been in vmysql.h. I must have tested
the wrong directory when I thought I tested 5.3.9. I see
its missing.
This should be appended to vmysql.h:
#ifdef ENABLE_MYSQL_LIMITS
#define LIMITS_TABLE_LAYOUT "domain CHAR(64) PRIMARY KEY, \
maxpopaccounts INT(10) NOT NULL DEFAULT -1, \
maxaliases INT(10) NOT NULL DEFAULT -1, \
maxforwards INT(10) NOT NULL DEFAULT -1, \
maxautoresponders INT(10) NOT NULL DEFAULT -1, \
maxmailinglists INT(10) NOT NULL DEFAULT -1, \
diskquota INT(12) NOT NULL DEFAULT 0, \
defaultquotaINT(12) NOT NULL DEFAULT 0, \
disablepop TINYINT(1) NOT NULL DEFAULT 0, \
disableimap TINYINT(1) NOT NULL DEFAULT 0, \
disabledialup TINYINT(1) NOT NULL DEFAULT 0, \
disablepasswordchanging TINYINT(1) NOT NULL DEFAULT 0, \
disablewebmail TINYINT(1) NOT NULL DEFAULT 0, \
disablerelayTINYINT(1) NOT NULL DEFAULT 0"
#endif
There's also a potential problem reading the ascii file
and interpreting the "k" or "m" symbols for quotas. Bill said
he'd like it to use the format_maildirquota() function, however
I've updated my copy to parse out the symbols and multiply by 1024
or 1024*1024, but I'm not sure if this is the vpopmail standard.
Bill:
Shall I put a patch for these two items ?
I must have sent you the incorrect patch file (I had two, one with
the vmysql.h changes and one without).
Thanks,
Brian
> I can see the new 5.3.9 dev release has this functinality implemented.
> Only one problem, someone forgot to include the table layout.
>
> As I can see, then the patch isn't complete either.
> example. vmysql.h misses the LIMITS_TABLE_LAYOUT define and I think it goes
> for the rest of the "sql" files.
>
> Has anyone come around making a patch for this ?
> Or do I just wait for the next dev release ?
>
> Jakob Kruse
>
> > -Original Message-----
> > From: Ken Jones [mailto:kbo@;Inter7.com]
> > Sent: 17. oktober 2002 20:36
> > To: Brian Kolaci
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: [vchkpw] patch for vpopmail 5.3.8 for .qmailadmin-limits
> >
> >
> > Excellent! I've been wanting to add this functionality to vpopmail
> > for a long time. Nice work, clean api.
> >
> > I'll try to get them added to the next devel release.
> >
> > Ken Jones
> >
> > On Thursday 17 October 2002 01:19 pm, Brian Kolaci wrote:
> > > Hi,
> > >
> > > I mentioned this awhile back, but didn't have the
> > > cycles to create a diff file. I finally had the time
> > > so here it is... I've been using this in version 5.2
> > > and even back in 4.9.6.
> > >
> > > I've attached a diff file to add the functions
> > >
> > > int vget_limits( char *domain, struct vlimits *limits )
> > > int vset_limits( char *domain, struct vlimits *limits )
> > > int vdel_limits( char *domain )
> > >
> > > to the vpopmail library. These maintain either the
> > > raw file .qmailadmin-limits or will maintain the limits
> > > in a MySQL database. The items supported are:
> > >
> > > struct vlimits {
> > > int maxpopaccounts;
> > > int maxaliases;
> > > int maxforwards;
> > > int maxautoresponders;
> > > int maxmailinglists;
> > > int diskquota;
> > > int defaultquota;
> > > short disablepop;
> > > short disableimap;
> > > short disabledialup;
> > > short disablepasswordchanging;
> > > short disablewebmail;
> > > short disablerelay;
> > > };
> > >
> > > I haven't included the changes to qmailadmin that I use,
> > > nor the changes to vdelivermail (for domain quota).
> > >
> > > diskquota is the current quota for a domain.
> > > defaultquota is the default quota for new users of this domain.
> > >
> > > The other items I believe are self explanatory.
> > >
> > > The config is updated so you would call --enable-mysql-limits as
> > > an option to configure.
> > >
> > > Hopefully you'll find this useful.
> > >
> > > Thanks,
> > >
> > > Brian
> >
> >
>
>
Re: [vchkpw] vsetuserquota
I still force users to use their full email address as the account name rather than map the IP to the domain for them. It makes debugging easier, however more of a hassle for the end users. One day I'll dig into getting the IP->domain mapping to work. Just tell the users to use their "full email address" as the account name, unless of course you already have hundreds of domains going with the IP mapping. Thanks, Brian > Hi, > > Thanks, I figured as much but haven't been able to find the correct > configuration switch to do that. I'm running it via tcpserver because it > doesn't appear to work correctly when using it's own version of tcpserver > and ip domains (ie it's not passing the IP address to vpopmail). > > I'll take a closer look and see what I can find. > > Regards, > > Rick > > - Original Message - > From: "Brian Kolaci" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Tuesday, October 22, 2002 10:16 AM > Subject: Re: [vchkpw] vsetuserquota > > > > I run system quotas and use courier-imap. After a user authenticates, > courier switches ID to that user before execing imapd or pop3d. All new > folders created are that of the authenticated user. If they're created as > root (which imapd should *not* be running as root), then there's a > problem with your configuration somewhere. The only processes that run > as root are the auth daemons, logger, and couriertcpd. > > Brian > > > Hi, > > > > I've been trying to implement that myself and I've run into the problem > of > > running courier-imap as root. In a normal vpopmail setup, I run > > courier-imap as vpopmail so that new directories etc are created as the > > vpopmail user. If I have multiple domains under different users I must > run > > courier-imap as root so that it has access to read the different user > files. > > > > When new subfolders get created, they get created as root and then > cannot be > > deleted or moved and maildrop complains about permissions on the > subdirs. > > > > Any ideas? > > > > Rick > > > > - Original Message - > > From: "Ken Jones" <[EMAIL PROTECTED]> > > To: "tech" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > Sent: Tuesday, October 22, 2002 9:58 AM > > Subject: Re: [vchkpw] vsetuserquota > > > > > > Domain based quotas are not part of vpopmail. > > It is suggested you use file system quotas can > > keep each domain under a separate /etc/passwd user > > home directory. vadddomain -u username domainname. > > > > Ken Jones > > > > > > > > > >
Re: [vchkpw] vsetuserquota
I run system quotas and use courier-imap. After a user authenticates, courier switches ID to that user before execing imapd or pop3d. All new folders created are that of the authenticated user. If they're created as root (which imapd should *not* be running as root), then there's a problem with your configuration somewhere. The only processes that run as root are the auth daemons, logger, and couriertcpd. Brian > Hi, > > I've been trying to implement that myself and I've run into the problem of > running courier-imap as root. In a normal vpopmail setup, I run > courier-imap as vpopmail so that new directories etc are created as the > vpopmail user. If I have multiple domains under different users I must run > courier-imap as root so that it has access to read the different user files. > > When new subfolders get created, they get created as root and then cannot be > deleted or moved and maildrop complains about permissions on the subdirs. > > Any ideas? > > Rick > > - Original Message - > From: "Ken Jones" <[EMAIL PROTECTED]> > To: "tech" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Tuesday, October 22, 2002 9:58 AM > Subject: Re: [vchkpw] vsetuserquota > > > Domain based quotas are not part of vpopmail. > It is suggested you use file system quotas can > keep each domain under a separate /etc/passwd user > home directory. vadddomain -u username domainname. > > Ken Jones > > >
Re: [vchkpw] patch for vpopmail 5.3.8 for .qmailadmin-limits
I didn't know they added a "boolean" type to the C language.
When they do, we can easily make the change.
Brian
> Hi Brian Kolaci,
> you wrote.
>
> BK> to the vpopmail library. These maintain either the
> BK> raw file .qmailadmin-limits or will maintain the limits
> BK> in a MySQL database. The items supported are:
>
> BK> struct vlimits {
> BK> int maxpopaccounts;
> BK> int maxaliases;
> BK> int maxforwards;
> BK> int maxautoresponders;
> BK> int maxmailinglists;
> BK> int diskquota;
> BK> int defaultquota;
> BK> short disablepop;
> BK> short disableimap;
> BK> short disabledialup;
> BK> short disablepasswordchanging;
> BK> short disablewebmail;
> BK> short disablerelay;
> BK> };
>
> Shouldn't the shorts rather be booleans? Or is there something
> inbetween disabled and enabled?
>
>
>
>
> Regards,
> Gabriel
>
[vchkpw] patch for vpopmail 5.3.8 for .qmailadmin-limits
"
+ ac_help="$ac_help
--enable-clear-passwd=n|y Turn on (y) or off (y, default) storing clear text
passwords"
ac_help="$ac_help
--enable-users-big-dir=n|y Turn on (y) or off (y, default) using big dirs for
users"
***
*** 1778,1783
--- 1780,1807
;;
esac
+ # Check whether --enable-mysql-limits or --disable-mysql-limits was given.
+ if test "${enable_mysql_limits+set}" = set; then
+ enableval="$enable_mysql_limits"
+ ENABLE_MYSQL_LIMITS=$enableval
+ else
+
+ ENABLE_MYSQL_LIMITS=n
+
+ fi;
+
+ case $ENABLE_MYSQL_LIMITS in
+ 1*|y*|Y*)
+ ENABLE_MYSQL_LIMITS=1
+ cat >>confdefs.h <> vpopmail.config.sh
+ ;;
+ *)
+ echo " mysql limits = OFF --enable-mysql-limits=n default"
+ ;;
+ esac
case $CLEAR_PASS in
1*|y*|Y*)
diff -c vpopmail-5.3.8.orig/configure.in vpopmail-5.3.8/configure.in
*** vpopmail-5.3.8.orig/configure.inTue Jul 16 16:57:44 2002
--- vpopmail-5.3.8/configure.in Thu Oct 17 10:50:29 2002
***
*** 388,393
--- 388,409
;;
esac
+ AC_ARG_ENABLE(mysql-limits,
+ [ --enable-mysql-limits=y|n Turn on (y) or off (n, default) mysql
+handling of .qmailadmin-limits ],
+ ENABLE_MYSQL_LIMITS=$enableval,
+ [
+ ENABLE_MYSQL_LIMITS=n
+ ])
+
+ case $ENABLE_MYSQL_LIMITS in
+ 1*|y*|Y*)
+ ENABLE_MYSQL_LIMITS=1
+ AC_DEFINE_UNQUOTED(ENABLE_MYSQL_LIMITS,$ENABLE_MYSQL_LIMITS)
+ ;;
+ *)
+ ;;
+ esac
+
AC_ARG_ENABLE(clear-passwd,
[ --enable-clear-passwd=n|y Turn on (y) or off (y, default) storing clear
text passwords],
CLEAR_PASS=$enableval,
Common subdirectories: vpopmail-5.3.8.orig/contrib and vpopmail-5.3.8/contrib
Common subdirectories: vpopmail-5.3.8.orig/convert and vpopmail-5.3.8/convert
Common subdirectories: vpopmail-5.3.8.orig/doc and vpopmail-5.3.8/doc
Common subdirectories: vpopmail-5.3.8.orig/ldap and vpopmail-5.3.8/ldap
Common subdirectories: vpopmail-5.3.8.orig/oracle and vpopmail-5.3.8/oracle
diff -c vpopmail-5.3.8.orig/vlimits.c vpopmail-5.3.8/vlimits.c
*** vpopmail-5.3.8.orig/vlimits.c Thu Oct 17 12:54:30 2002
--- vpopmail-5.3.8/vlimits.cThu Oct 17 12:54:03 2002
*******
*** 0
--- 1,189
+ /*
+ * vlimits.c
+ * handle domain limits in both file format
+ * Brian Kolaci <[EMAIL PROTECTED]>
+ */
+ #include
+ #include
+ #include
+ #include
+ #include
+ #include
+ #include "config.h"
+ #include "vlimits.h"
+ #include "vpopmail.h"
+
+
+ #ifndef ENABLE_MYSQL_LIMITS
+
+ #define TOKENS " :\t\n\r"
+
+ /* find/read the .qmailadmin-limits file */
+ int vget_limits( char *domain, struct vlimits *limits )
+ {
+ char buf[256];
+ char dir[MAXPATHLEN];
+ uid_t uid;
+ gid_t gid;
+ char * s1;
+ char * s2;
+ FILE * fs;
+
+ /* initialize structure */
+ memset(limits, 0, sizeof(*limits));
+ limits->maxpopaccounts = -1;
+ limits->maxaliases = -1;
+ limits->maxforwards = -1;
+ limits->maxautoresponders = -1;
+ limits->maxmailinglists = -1;
+ limits->diskquota = 0;
+ limits->defaultquota =0;
+ limits->disablepop = 0;
+ limits->disableimap = 0;
+ limits->disabledialup = 0;
+ limits->disablepasswordchanging = 0;
+ limits->disablerelay = 0;
+ limits->disablewebmail = 0;
+ x
+ /* get filename */
+ vget_assign(domain, dir, sizeof(dir), &uid, &gid);
+ strncat(dir, "/.qmailadmin-limits", sizeof(dir));
+
+ /* open file */
+ if ((fs = fopen(dir, "r")) != NULL) {
+ while (fgets(buf, sizeof(buf), fs) != NULL) {
+ if ((s1 = strtok(buf, TOKENS)) == NULL)
+ continue;
+
+ if (!strcmp(s1, "maxpopaccounts")) {
+ if ((s2 = strtok(buf, TOKENS)) == NULL)
+ continue;
+ limits->maxpopaccounts = atoi(s2);
+ }
+
+ if (!strcmp(s1, "maxaliases")) {
+ if ((s2 = strtok(buf, TOKENS)) == NULL)
+ continue;
+ limits->maxaliases = atoi(s2);
+ }
+
+ if (!strcmp(s1, "maxforwards")) {
+ if ((s2 = strtok(buf, TOKENS)) == NULL)
+ continue;
+ limits->maxforwards = atoi(s2);
+ }
+
+ if (!strcmp(s1, "maxautoresponders")) {
+ if ((s2 = strtok(buf, TOKENS)) == NULL)
+ continue;
+ limits->maxautoresponders = atoi(s2);
+ }
+
+ if (!strcmp(s1, "maxmailinglists")) {
+ if ((s2 = strtok(buf, TOKENS)) == NULL)
+ continue;
+ limits->maxmailinglists = atoi(s2);
+
procmail with vdelivermail
Hi, I'm using procmail to filter SPAM in qmail and am using it as my delivery agent. Has anyone used procmail with vpopmail? Thanks, Brian
Re: 4.9.9 (16/03 version) core dump. URGENT.
Yes, appears to be during delivery. Take a look at the "default" catch-all mailbox specified for the domain. I recall that you would get a core dump if the catch-all mailbox didn't exist or was deleted. Brian > Please let me know what info i have to post. how about the 2xxKB core file? > > the following is several lines of the "current" log file. note the domain > abc.com. > I think it's core dump during delivery. > > @40003abab76a1a7fa354 status: local 1/10 remote 1/20 > @40003abab76b3920c75c starting delivery 5834: msg 26835 to local > [EMAIL PROTECTED];[EMAIL PROTECTED] > @40003abab76b39217b0c status: local 2/10 remote 1/20 > @40003abab76b3af67d74 new msg 27077 > @40003abab76b3af938ac info msg 27077: bytes 52118 from <[EMAIL PROTECTED]> > qp 29561 uid 804 > @40003abab76c0b2fd694 delivery 5834: deferral: > Segmentation_Fault_-_core_dumped/ > @40003abab76c0b306334 status: local 1/10 remote 1/20 > @40003abab76c0b34d004 starting delivery 5835: msg 27077 to local > [EMAIL PROTECTED] > @40003abab76c0b355ca4 status: local 2/10 remote 1/20 > @40003abab76c0e384434 delivery 5833: success: did_1+1+0/qp_29548/ > > > > Chris > > > > - Original Message - > From: "Bill Shupp" <[EMAIL PROTECTED]> > To: "Chris Chan" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Friday, March 23, 2001 10:35 AM > Subject: Re: 4.9.9 (16/03 version) core dump. URGENT. > > > > On Thursday, March 22, 2001, at 08:30 PM, Chris Chan wrote: > > > > > we have many domains on the same mail server. only one domain will core > dump > > every few minutes. and about 30% incoming email to this domain will lost. > > This domain have about 150 users. but the other domains are work fine. > some > > of them have more than 500 pop uses. > > > > anyone know what problem will core dump. > > > > -rw--- 1 vpopmail vchkpw219256 Mar 23 09:59 core > > Please provide more information. When does it core dump? During delivery, > or authentication? Is there any useful information in the logs? > > Regards, > > Bill >
Re: e-mail size
Forgive me. I may have misunderstood myself... Brian > on 3/15/01 4:45 PM, Brian Kolaci at [EMAIL PROTECTED] wrote: > > > I implemented a patch (not sure if its in the current > > distribution), but it looks for the file ".domainquota" > > and reads it in (which is in bytes) which specifies > > a per-domain quota. Look for the string ".domainquota" > > in the vdelivermail.c file. If you see it, then its > > in there. It would also forward a notification of bounced > > emails to the postmaster. > > > > Another approach (which I now use) is to put quota's on > > unix ID's and put each domain on a specific unix account. > > Its much more reliable and takes up less CPU in vdelivermail. > > > Perhaps I misunderstood. I thought the issue was limiting the size of > outgoing mail, not user/domain quotas. > > -Bill >
Re: e-mail size
> > Other doubt, can i set the e-mail size per domain? > > > > Because when i send a big e-mail to someone it is delivered back to me and i > > have the same quota as the first user so i don't get the message error, is > > there a way to qmail send only an error message instead of delivering all > > the big mail? > > I don't think this is possible. But as this really is a qmail topic and not > vpopmail specific, you might try for more information on the qmail list. I implemented a patch (not sure if its in the current distribution), but it looks for the file ".domainquota" and reads it in (which is in bytes) which specifies a per-domain quota. Look for the string ".domainquota" in the vdelivermail.c file. If you see it, then its in there. It would also forward a notification of bounced emails to the postmaster. Another approach (which I now use) is to put quota's on unix ID's and put each domain on a specific unix account. Its much more reliable and takes up less CPU in vdelivermail. Brian
Re: Re[2]: function to list domains under vpopmail control
Yes, but I happen to use scripts that manipulate and maintain all of the control files, so there is no one file or table in the stock vpopmail distribution you can look at to find the domains used by vpopmail. I have a non-standard install that uses a "limits" table in the MySQL database (for qmailadmin limits), and I create a "control/vpopdomains" with the list owned by vpopmail. So I already have this file. I use it by my scripts to populate the morercpthosts and virtualdomains files, since I also support the old "alias" approach to qmail, which is easier to setup to forward all mail for a domain into a single unix account's mailbox. Thanks, Brian > Date: Wed, 14 Mar 2001 20:31:55 +0100 > From: Gabriel Ambuehl <[EMAIL PROTECTED]> > To: Brian Kolaci <[EMAIL PROTECTED]> > CC: [EMAIL PROTECTED], [EMAIL PROTECTED] > Subject: Re[2]: function to list domains under vpopmail control > > -BEGIN PGP SIGNED MESSAGE- > > Hello Brian, > > Wednesday, March 14, 2001, 8:20:12 PM, you wrote: > > > > Better bet: > > > look in /var/qmail/users/assign > > and look at the lines in the format > > +domain.com-: ... > > otherwise you'll miss any that are set > > to use a specific username (for quota purposes). > > Those aren't necessarily all controlled by vpopmail (although it in > general, it is rather improbable that one would use vpopmail and still > mess in the config files by hand, but there are odd reasons for > everything)... > > > Best regards, > Gabriel > > -BEGIN PGP SIGNATURE- > Version: PGP 6.0.2i > > iQEVAwUBOq+5HMZa2WpymlDxAQErnQgAsSikIoG5Pzb57tWhqPMRw2Kai1f56S9Z > lwX55knzs2/tee0pboVHnZm+pboV/I5gIT07BH6lpFgDTKnQAUU4knmGiCKvL6XJ > KscA0xtEsBDwLGhOW+D/cE/CC8x/N8BfLJqICZrgVASoJHFNiJE6CpkjbiRe4Nyi > edoDY2bsLmxMzFLqJuAt7uhbUskVTe+OVizH8M06iZ4AcVQbxjbxkh3dPtAo62AF > ZPmkGlRkqVkvYC9S8SuM7pXHzpmdc4ocg+uSCfAMNBNBvvMpb9rRNXwxndlCkgRq > /qyI2BdwaGPyu7g8TsSVwxuna/7kKgf3S/fHLe2nmElQRm8ZcYk6mQ== > =J4fh > -END PGP SIGNATURE- > >
Re: function to list domains under vpopmail control
Better bet: look in /var/qmail/users/assign and look at the lines in the format +domain.com-: ... otherwise you'll miss any that are set to use a specific username (for quota purposes). Brian > -BEGIN PGP SIGNED MESSAGE- > > Hello Sean, > > Wednesday, March 14, 2001, 7:42:23 PM, you wrote: > > > is there an un-documented function that > > will return a list of domains that are under vpopmail control? > > > i looked thru vpopmail.h but saw nothing like this > > > if there is none, could it be done? I suppose reading thru > > qmail/control/virtualdomains might be a good place to start. > > > I would be willing to write something like, but am not sure there is > > a reliable central source of this information. > > What about just looking at ~/vpopmail/domains (every directory in > therein relates to the respective domain and every link to the > respective alias to the target domain). Or am I overlooking something? > > > > > Best regards, > Gabriel > > -BEGIN PGP SIGNATURE- > Version: PGP 6.0.2i > > iQEVAwUBOq+188Za2WpymlDxAQGwOAf/ZIWBCo47jZcSdb6MM7GP8nuZ+et6aocC > 08yv8Y9x1uMrSv8B6MX60Rwi1EBjIEW6bjA9vlti1LXPTa2OJit4hZ9Bfg5Xh63p > mJqphMenRJ7hjBgmcSkgiTsEfLqXqSU0iqsHYWnKe2T4+PCPpUqb4ptdFjNHA/4D > Eik59+5ZsNnLKrQqrntPIQvGZyNaKsn/2gXRZfEFLdQ4RflK4gUY4yZjj2crSU5b > sviQlYzAS+471Id5e8mVGdj7g/hbBNUtOd5wEhhDkBIldNb6qSmi2OeNt//uIoUg > egDYtDzmTdA8zUB7RtfgPSRHDH5gwp93M6++p1AeaWkuGb0X2857Vg== > =8ai2 > -END PGP SIGNATURE- > >
Re: vpopmail fucntions?
> i see someone out there has rewritten the vpopmail functions for > php(ie; vadduser,vdeluser,and so on.) this got me to thinking, has > anyone done the same in a perl module? or is thinking about it? How about java? I have a java webapp that administers & does accounting for ISP's and currently call out to perl scripts to do manual updates (which call the vpopmail executables). It'd be nice to have a EJB Session bean that implements the vpopmail functions. brian
Re: Inter7 introduces new software: vQregister
With the perl module, its parsed/compiled *once*, and the executable is cached. So yes, the first one will be slower, however all subsequent requests just run the same pre-compiled, in ram executable, which is why the perl module is so popular, and why almost all *real* production sites stopped running CGI. The best of all worlds would be to implement this on an application server and allow the webserver to just serve pages and pass the POST parameters off to an application. CGI is good for a quick hack tho... I can't vouch for PHP, but it has worked well enough in the past, but I wouldn't want to use that in production system anyway. Thats why we have app servers. > Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm > Delivered-To: mailing list [EMAIL PROTECTED] > Date: Mon, 26 Feb 2001 06:24:13 -0600 > From: [EMAIL PROTECTED] > To: Brian Kolaci <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > Subject: Re: Inter7 introduces new software: vQregister > > Bzzt. Incorrect once again. I can guaruntee you > that the parsing of a scripted language, and > subsequent call to many functions to handle bundled > together scripting functions makes up for the > execution of a single external CGI program. > On top of the fact that all scripting languages > contain these efficiency flaws, PHP is just written > poorly. > > Brian Kolaci wrote: > > > > > On Fri, Feb 23, 2001 at 11:30:53AM -0600, [EMAIL PROTECTED] wrote: > > > > Maybe what I said wasn't as clear as it could > > > > have been. Exactly what you requested below, > > > > is the feature we will be adding. > > > > > > > > PHP is inefficient BTW. :) > > > > I can't believe anyone in web development could > > ever be so dim to think that a CGI would be more > > efficient than a loadable module. Wake up... > > -- > [EMAIL PROTECTED] > Inter7 Internet Technologies, Inc. > www.inter7.com - 847-492-0470 > New prices! http://www.inter7.com/prices.html
Re: Inter7 introduces new software: vQregister
PHP is much more efficient than doing a fork/exec on any box, no matter what language its written in. It would be most efficient to write an apache module in C, or use mod_perl (with caching) or PHP. For simplicity, PHP is probably the best bet. > Port qmailadmin to PHP? Why? > > Oden Eriksson wrote: > > > > [EMAIL PROTECTED] writes: > > > > > vQregister is new web-based signup CGI that > > > > Very neat! > > > > What about to port qmailadmin to php? > > > > -- > > Kindest regards // Oden Eriksson > > -- > [EMAIL PROTECTED] > Inter7 Internet Technologies, Inc. > www.inter7.com - 847-492-0470 > New prices! http://www.inter7.com/prices.html
Re: Inter7 introduces new software: vQregister
> On Fri, Feb 23, 2001 at 11:30:53AM -0600, [EMAIL PROTECTED] wrote: > > Maybe what I said wasn't as clear as it could > > have been. Exactly what you requested below, > > is the feature we will be adding. > > > > PHP is inefficient BTW. :) I can't believe anyone in web development could ever be so dim to think that a CGI would be more efficient than a loadable module. Wake up...
Re: Next 5.0 features
I'd recommend going one further and allowing and "admin" admin tool that can be further protected by the webserver and executed to administer what the postmaster can do (such as limits on each domain). Brian > How about being able to add virtual domains through the mail admin tool?? > > Also, include documentation on upgrading to the newer versions.. > > Thanks > > > >From: Ken Jones <[EMAIL PROTECTED]> > >To: [EMAIL PROTECTED] > >Subject: Next 5.0 features > >Date: Thu, 01 Feb 2001 22:26:51 -0600 > > > > > >We are looking at the features to add to the vpopmail 5.0 release. > > > >Here are the current major changes we are thinking about > > > >1. vqmail-local support. This means, a new vpopmail program that can > >be used to replace qmail-local for sites which are primarily running > >vpopmail users/domains. For large volume sites this means one less > >fork/exec for email deliveries. > > > >What this means: > >a) Kris's additions to vpopmail for qmail-local type processing. > >Integrating his work into the current vpopmail archecture. > > > >b) new API's to support add/del/modify of dot-qmail type files. > > > >c) modifications to each authentication module to support dot-qmail > >file tile processing > > > >d) backward compatibility to support standard dot-qmail file > >setups on current machines. > > > >2. qmailadmin support for new vpopmail api's > >a) backward compatibility to read the current dot-qmail files > >for mailing lists, forwards, aliases and autoresponders > > > >b) support for the new vpopmail api to get/set dot-qmail information. > > > >3. Code review for efficency > > > >These are the things that are important to me. If anyone here > >has things that are important to them, please speak up. Perhaps > >what you have to say will solve problems that other people are seeing. > > > >Ken Jones > > > >PS: I think I've got an idea for modifications to sqwebmail/courier-imap > >makefiles to support the ~vpopmail/etc/lib-deps and lib-inc file. > > > >I would be interested to hear real world experiences from folks > >who are running vpopmail(etc). Perhaps we can figure out what > >needs to be changed to make it a better package. > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com >
Re: Next 5.0 features
I've attached the limits.c file. It should be more
robust and "create" the table if its not there.
Brian
>
> Hi Brian
>
> > I've updated my copy of qmailadmin that loads
> > the limits from mysql already, if interested...
> Yes, I'm, can you send me the source ?
>
> > > - I was looking the code to add this feature, too
>
> Pablo Murillo
> [EMAIL PROTECTED]
> ==
> RED NET ARGENTINA
> Internet Solutions
> ==
> Paraguay 419 Piso 2 Of.5
> (C1057AAC) - Capital
> Buenos Aires - Argentina
> Tel & Fax:(011)4315-3269
> http://rednet.com.ar
> ==
>
>
>
/*
* QmailAdmin
* Copyright (C) 1999 Inter7 Internet Technologies, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include "config.h"
#include "qmailadmin.h"
#include "qmailadminx.h"
/* bk: */
#include
#define USE_MYSQL
#define MYSQL_SERVER"localhost"
#define MYSQL_USER "mysqluser"
#define MYSQL_PASSWD"mysqlpass"
#define MYSQL_DATABASE "vpopmail"
#define DEFAULT_MAX_DISKQUOTA 50
int MaxDiskQuota = DEFAULT_MAX_DISKQUOTA;
static MYSQL mysql;
static MYSQL_RES * res;
static MYSQL_ROW row;
#ifdef USE_MYSQL
int
load_limits()
{
FILE *fs;
char *tmpstr;
char buf[1024];
MaxPopAccounts = DEFAULT_MAX_POP_USERS;
MaxAliases = DEFAULT_MAX_ALIASES;
MaxForwards = DEFAULT_MAX_FORWARDS;
MaxAutoResponders = DEFAULT_MAX_AUTORESPONDERS;
MaxMailingLists = DEFAULT_MAX_MAILINGLISTS;
MaxDiskQuota = DEFAULT_MAX_DISKQUOTA;
/* use database */
mysql_init(&mysql);
if (!(mysql_real_connect(&mysql,MYSQL_SERVER,MYSQL_USER,MYSQL_PASSWD, MYSQL_DATABASE, 0,NULL,0))) {
if (!(mysql_real_connect(&mysql,MYSQL_SERVER,MYSQL_USER,MYSQL_PASSWD, NULL, 0,NULL,0))) {
fprintf(stderr, "could not connect to mysql server\n");
return -1;
}
sprintf(buf, "create database %s", MYSQL_DATABASE);
if (mysql_query(&mysql, buf)) {
fprintf(stderr, "could not create %s database\n", MYSQL_DATABASE);
return -1;
}
res = mysql_store_result(&mysql);
mysql_free_result(res);
if (mysql_select_db(&mysql,MYSQL_DATABASE)) {
fprintf(stderr, "could not enter %s database\n", MYSQL_DATABASE);
return -1;
}
}
sprintf(buf, "SELECT maxpopaccounts, maxaliases, maxforwards, "
"maxautoresponders, maxmailinglists, diskquota\n"
"FROM limits\n"
"WHERE domain = '%s'", Domain);
if (mysql_query(&mysql, buf)) {
fprintf(stderr, "mysql query failed for domain %s\n", Domain);
fprintf(stderr, "query: %s\n", buf);
return -1;
}
if (!(res = mysql_store_result(&mysql))) {
fprintf(stderr, "mysql store result failed\n");
return -1;
}
if (mysql_num_rows(res) == 0) {
fprintf(stderr, "mysql can't find limits for domain %s\n", Domain);
return -1;
}
if ((row = mysql_fetch_row(res)) != NULL) {
MaxPopAccounts = atoi(row[0]);
MaxAliases = atoi(row[1]);
MaxForwards = atoi(row[2]);
MaxAutoResponders = atoi(row[3]);
MaxMailingLists = atoi(row[4]);
MaxDiskQuota = atoi(row[5]);
}
mysql_free_result(res);
return 0;
}
#else
int
load_limits()
{
FILE *fs;
char *tmpstr;
MaxPopAccounts = DEFAULT_MAX_POP_USERS;
MaxAliases = DEFAULT_MAX_ALIASES;
MaxForwards = DEFAULT_MAX_FORWARDS;
MaxAutoResponders = DEFAULT_MAX_AUTORESPONDERS;
MaxMailingLists = DEFAULT_MAX_MAILINGLISTS;
if ( (fs=fopen(".qmailadmin-limits","r"))==NULL) {
return(0);
}
while( fgets(TmpBuf, MAX_BUFF, fs) != NULL ) {
tmpstr = strtok(TmpBuf," :\t\n");
if ( tmpstr == NULL ) continue;
if ( strncmp(tmpstr, "maxpopaccounts", 14 ) == 0 ) {
tmpstr = strtok(NULL," :\t\n");
if (tmpstr==NULL) continue;
MaxPopAccounts = atoi(tmpstr);
} else if ( strncmp(tmpstr, "maxaliases", 10 ) == 0 ) {
tmpstr = strtok(NULL," :\t\n");
if (tmpstr==NULL) continue;
MaxAliases = atoi(tmpstr);
} else if ( strncmp(tmpstr, "maxforwards", 11 ) == 0 ) {
tmpstr = strtok(NULL," :\t\n");
if (tmpstr==NULL) continue;
MaxForwards = atoi(tmpstr);
} else if ( strncmp(tmpstr, "maxautoresponders", 17 ) == 0 ) {
tmpstr = strtok(NULL," :\t\n");
if (tmpstr==NULL) continue;
MaxAutoResponders = atoi(tmpstr);
} else if ( strncmp(tmpstr, "maxmailinglists", 15 ) == 0 ) {
tmpstr = strtok(NULL,"
Re: Next 5.0 features
I've updated my copy of qmailadmin that loads the limits from mysql already, if interested... Thanks, Brian > > I recommend updating the "load_limits()" function of qmailadmin > > to load/maintain the "limits" from a mysql table rather than > > a file. Also, an interface to maintain this table would > > be nice. > I think the same > > > While in the limits, maybe add a domain quota to > > the limits table too... > I'm on this too > > - I was looking the code to add this feature, too > - I'm making the translation of qmailadmin to spanish, when I finish the > translation I will send it to Inter7 > > Pablo Murillo > [EMAIL PROTECTED] > == > RED NET ARGENTINA > Internet Solutions > == > Paraguay 419 Piso 2 Of.5 > (C1057AAC) - Capital > Buenos Aires - Argentina > Tel & Fax:(011)4315-3269 > http://rednet.com.ar > == > >
Re: Next 5.0 features
How about online documentation on how to use qmailadmin for end-users? The current way for people to learn is trial & error. > > We are looking at the features to add to the vpopmail 5.0 release. > > Here are the current major changes we are thinking about > > 1. vqmail-local support. This means, a new vpopmail program that can > be used to replace qmail-local for sites which are primarily running > vpopmail users/domains. For large volume sites this means one less > fork/exec for email deliveries. > > What this means: > a) Kris's additions to vpopmail for qmail-local type processing. > Integrating his work into the current vpopmail archecture. > > b) new API's to support add/del/modify of dot-qmail type files. > > c) modifications to each authentication module to support dot-qmail > file tile processing > > d) backward compatibility to support standard dot-qmail file > setups on current machines. > > 2. qmailadmin support for new vpopmail api's > a) backward compatibility to read the current dot-qmail files > for mailing lists, forwards, aliases and autoresponders > > b) support for the new vpopmail api to get/set dot-qmail information. > > 3. Code review for efficency > > These are the things that are important to me. If anyone here > has things that are important to them, please speak up. Perhaps > what you have to say will solve problems that other people are seeing. > > Ken Jones > > PS: I think I've got an idea for modifications to sqwebmail/courier-imap > makefiles to support the ~vpopmail/etc/lib-deps and lib-inc file. > > I would be interested to hear real world experiences from folks > who are running vpopmail(etc). Perhaps we can figure out what > needs to be changed to make it a better package.
Re: Next 5.0 features
I recommend updating the "load_limits()" function of qmailadmin to load/maintain the "limits" from a mysql table rather than a file. Also, an interface to maintain this table would be nice. While in the limits, maybe add a domain quota to the limits table too... Thanks, Brian On Thu, 1 Feb 2001, Ken Jones wrote: > > We are looking at the features to add to the vpopmail 5.0 release. > > Here are the current major changes we are thinking about > > 1. vqmail-local support. This means, a new vpopmail program that can > be used to replace qmail-local for sites which are primarily running > vpopmail users/domains. For large volume sites this means one less > fork/exec for email deliveries. > > What this means: > a) Kris's additions to vpopmail for qmail-local type processing. > Integrating his work into the current vpopmail archecture. > > b) new API's to support add/del/modify of dot-qmail type files. > > c) modifications to each authentication module to support dot-qmail > file tile processing > > d) backward compatibility to support standard dot-qmail file > setups on current machines. > > 2. qmailadmin support for new vpopmail api's > a) backward compatibility to read the current dot-qmail files > for mailing lists, forwards, aliases and autoresponders > > b) support for the new vpopmail api to get/set dot-qmail information. > > 3. Code review for efficency > > These are the things that are important to me. If anyone here > has things that are important to them, please speak up. Perhaps > what you have to say will solve problems that other people are seeing. > > Ken Jones > > PS: I think I've got an idea for modifications to sqwebmail/courier-imap > makefiles to support the ~vpopmail/etc/lib-deps and lib-inc file. > > I would be interested to hear real world experiences from folks > who are running vpopmail(etc). Perhaps we can figure out what > needs to be changed to make it a better package. >
qmailadmin
Hi, A feature missing from qmailadmin is the ability to set the "catch all" box to an alias or forward rather than just the pop accounts. Many customers want their catch all to go to an external account like aol. Thanks, Brian
Re: vpopmail system user feature breaks mail users ability to change passwords
I fixed this in my copy last week...
in vmysql.c and vcdb.c, you'll need
to look for the lines:
myuid = geteuid();
if ( myuid != VPOPMAILUID && myuid != 0 ) {
and change them to:
vget_assign(domain, NULL, 156, &uid, &gid );
myuid = geteuid();
if ( myuid != VPOPMAILUID && myuid != 0 && myuid != uid) {
In one of the functions, you'll also need
to declare uid & gid.
I just haven't gotten around to submitting the patch...
Thanks,
Brian
> Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
> Delivered-To: mailing list [EMAIL PROTECTED]
> X-Server-Uuid: 6b1d535a-5b27-11d3-bf09-00902786a6a3
> From: "Matt Simerson" <[EMAIL PROTECTED]>
> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> Subject: vpopmail system user feature breaks mail users ability to change
passwords
> Date: Thu, 30 Nov 2000 20:01:49 -0700
> X-WSS-ID: 1639CB3D204190-01-01
>
> Using vpopmail 4.9.6, qmailadmin 0.39, sqwebmail 1.0.3, and courier-imap
> 1.2.2.
>
> Sqwebmail and Courier-IMAP are both compiled using the new preauthvchkpw.c
> file.
>
> I'm using vpopmail's feature so that each domain is created under a unique
> system user name. So, domain.com is owned by sytem user "domain" and
> domain2.com is owned by the system user "domain2", etc...
>
> Nearly everything works just great with just one notable exception. Nobody
> whose account exists under an account other than vpopmail.vchkpw is able to
> change their passwords. :-( They authenticate just fine, everything works,
> but when they log in via the qmailadmin interface or the sqwebmail interface
> and attempt to change the password for mailboxes, it fails.
>
> Sqwebmail fails silently, qmailadmin produces a -22 error.
>
> Matt
>
Re: problem with mysqlclient
To get around this (in both courier & vpopmail) you should preceed your "configure" command with LIBS="-R/usr/local/mysql/lib/mysql -L/usr/local/mysql/lib/mysql" ./configure ... (or substitute the path to your mysql libraries). Thanks, Brian > Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm > Delivered-To: mailing list [EMAIL PROTECTED] > From: "Arman Fitrawan" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: problem with mysqlclient > Date: Wed, 22 Nov 2000 11:36:57 +0700 > > Dear All, > > I have problem with mysqlclient, when I try to adddomain like below : > /home/vpopmail/bin/vadddomain: error in loading shared libraries: > libmysqlclient.so.6: cannot open shared object file: No such file or > directory > > the configure that i have like this > ./configure --enable-tcpserver-file=/home/vpopmail/etc/tcp.smtp --enable-ip > -ali > as-domains=y --enable-roaming-users=y --enable-mysql=y --enable-sqllibs=/hom > e/mysql/lib/mysql/ --enable-sqllibdir=/home/mysql/lib/mysql/ --enable-sqlinc > dir=/home/mysql/include/mysql --enable-large-site=y --enable-large-site=y -- > enable-default-domain=asconn.com --enable-logging=y > > Can you help me ?. > > regards, > Arman >
Re: quota question on 4.9.5
>
> Sounds good. I was hoping to stay away from domain based
> quotas outside of the file system controls, and just let
> the file system handle that for us.
>
> I like the bounce message idea of coming from the virtual
> domain. That's a good one ;)
>
> When it's ready, send it over and I'll start the process
> of adding it into the next development version, 4.9.7
>
> Ken
>
> PS: good work man!
There's a problem with quota handling in courier-IMAP.
If you've gone over quota, courier will not allow you
in to cleanup or delete your mail. It wants to create
a cache file. This is a problem with uid/filesystem
based quotas, if you use courier-imap.
I've been running with this for about 2 weeks now
so it appears to be OK. I've labeled where my
changes are with a "/* bk */" right next to the change.
You just need to put the file ".domainquota" in the
domains/domain.com directory. If it doesn't exist,
the domain quotas are unlimited.
There's more stuff that should be cleaned up, such as
the filter code, and more. I just didn't have a chance
to do this yet, since I don't use or plan to use filters
implemented this way.
Another suggestion: the information that is domain
related should actually go into a database table. This
would include things like domain quota, bounce message,
and limits (such as those in .qmailadmin-limits).
I've implemented a patch to courier-imap so I can use
filesystem quotas, but I don't know if Sam is going to
take it. I essentially made cache file creation a "soft"
error and its ignored. Bad for performance (if your over
quota), but it doesn't fail, which is what I consider to
be more critical.
Thanks,
Brian
/*
**
** $Id: vdelivermail.c,v 1.1 1998/06/16 21:00:49 chris Exp $
** Deliver a mail to a virtual POP user - called from the .qmail-default file
** pointed to by users/assign
**
** Chris Johnson, Copyright (C) Jan '98
** Email: [EMAIL PROTECTED]
**
**This program is free software; you can redistribute it and/or modify
**it under the terms of the GNU General Public License as published by
**the Free Software Foundation; either version 2 of the License, or
**(at your option) any later version.
**
**This program is distributed in the hope that it will be useful,
**but WITHOUT ANY WARRANTY; without even the implied warranty of
**MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
**GNU General Public License for more details.
**
**You should have received a copy of the GNU General Public License
**along with this program; if not, write to the Free Software
**Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
**
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include "config.h"
#include "vdelivermail.h"
#include "safestring.h"
#include "vpopmail.h"
#include "vauth.h"
#include
#define BOUNCE_ALL "bounce-no-mailbox"
#define DELETE_ALL "delete"
#define TMP_BUF_SIZE 1024
#define MAX_SMALL_BUF 100
#define MAX_BUFF 512
char curdir[256];
char tmp_file[256];
char tmp_buf[TMP_BUF_SIZE];
char msgbuf[32768];
off_t msg_size;
#ifdef HARD_QUOTA
off_t cur_msg_bytes;
off_t per_user_limit;
/* bk */
off_t cur_domain_bytes;
off_t per_domain_limit = 0;
int CurrentDomainQuotaSizeFd = -1;
#endif
/* bk */
int bounce_mail(char* message);
int bounce_quota(char* filename);
int bounce_nouser();
int bounce_writefail(int mailfile, size_t wrote, char* msgbuf, off_t size);
int notify_postmaster();
char *return_path_field = "Return-Path: ";
char *from_field = "From: ";
char *subject_field = "Subject: ";
char TheUser[MAX_BUFF];
char TheDomain[MAX_BUFF];
int CurrentQuotaSizeFd;
#ifdef USE_DELIVER_FILTER
void do_filter_delivery( char *tmp_file );
/* filter vaiables */
char tmp_file_f[256];
#define MAX_LOCATION_LEN 12
#define MAX_SSTRING_LEN 256
#define MAX_TARGET_LEN 256
#define MAX_FBUFF_SIZE (MAX_LOCATION_LEN+MAX_SSTRING_LEN+MAX_TARGET_LEN+7)
#define MAX_FOLDER_SIZE 512
#define FLOC_T 1
#define FLOC_F 2
#define FLOC_S 3
#define FLOC_C 4
#define FLOC_R 5
#define FLOC_AH 6
#define FLOC_AR 7
#define FLOC_B 8
#define FLOC_UNDEF 999
typedef struct _flc {
char *loc;
int tag;
} flc;
static flc filter_locs[] = {
{"To", FLOC_T },
{"From", FLOC_F },
{"Subject", FLOC_S },
{"Cc", FLOC_C },
{"Reply-To", FLOC_R },
{"AnyHeaders", FLOC_AH },
{"AnyRecipents", FLOC_AR },
{"Body", FLOC_B },
{0, 0 }
};
typedef struct _filter_rule {
char operator;
char location[MAX_LOCATION_LEN];
char loctag;
char sstring[MAX_SSTRING_LEN];
char target[MAX_TARGET_LEN];
char action;
char hit;
struct _filter_rule *next;
} filter_rule;
filter_rule *filter_chain = (filter_rule *)NULL;
int run_filter = 0, hit_filter
Re: RBL, ORBs etc filtering
> > I use it -- I know how it works. However, I only block RBL hosts this > > way -- I allow the other messages through because of poor listings on > > the RSS, etc. and would appreciate a tool that just added such a mail > > header as I suggested. > > I don't want to start one of the infamous NANOG-like blackhole list wars > here, so, everyone, please set all flames to stun. I am legitimately > curious about why you chose RBL over RSS. You mentioned 'poor > listings'. Would you mind elaborating a bit? > > I ask only because I wish to obtain more information about the relative > quality of the various lists. I am currently using DUL and RSS and am > quite pleased but would be very open to other logical, reasoned > suggestions. Again, I'm a bit paranoid about this because when it was > mentioned on NANOG, the flames lasted for eons. I have to agree that RBL is much better than RSS. RBL is typically hosts that generate spam. RSS lists hosts that are open relays, and spam has gotten through. The problem (which hopefully mail-abuse.org will get around to fixing) is that the servers that get listed on RSS don't even get informed that they've been put on the list. In a matter of 2 weeks, I had hundreds of complaints that legitimate email wasn't getting through. The people that were getting blocked didn't even know it. I was able to get a few of them fixed so they can send email to my customers, but I got tired of being the "email police", so I dropped the RSS. The DUL list is good and bad. I have several dialup customers, some ISDN, that run mailservers and have static IP's, which are listed in the DUL. Granted they can just forward their mail through me, but they don't like that. They're pretty pissed about it. So they do things direct except in a few cases where they need to get somewhere that they're blocked from. So its unfortunate that the DUL doesn't just take the dynamic allocation pools, but they take all dialups, including ISDN, even with static addressing. Thanks, Brian
Re: RBL, ORBs etc filtering
> > It appears you assume that there is mail received > > to attach headers to. > > There is mail, if you use rblcheck instead (which is what I suggested). Ahh, but I would like to stop the spammers before they even get the mail through and chew up resources (memory, disk, etc.). > > rblsmtpd uses the lists which contain IP addresses > > of SMTP servers. It rejects them before *anything* > > happens. This is the intended behaviour of most > > of this spam prevention, to limit the amount of > > resources used. > > I use it -- I know how it works. However, I only block RBL hosts this > way -- I allow the other messages through because of poor listings on > the RSS, etc. and would appreciate a tool that just added such a mail > header as I suggested. I agree. Most if not all of my users don't know or want to know about putting in filters. Its typically a yes/no thing, either they want all mail or have it filtered. > > I was only thinking of allowing a recipient check > > also to see if a user and/or virtual domain would > > like to allow SPAM to be recieved also. If not, > > drop the connection right then & there. > > This requires maintaining the list of virtual domains / users that want > specific options. Exactly. For me, I just wanted to set a default, and list the exceptions to the rule. More complicated rules can be setup, but I don't need it. Thanks, Brian
Re: RBL, ORBs etc filtering
It appears you assume that there is mail received to attache headers to. rblsmtpd uses the lists which contain IP addresses of SMTP servers. It rejects them before *anything* happens. This is the intended behaviour of most of this spam prevention, to limit the amount of resources used. I was only thinking of allowing a recipient check also to see if a user and/or virtual domain would like to allow SPAM to be recieved also. If not, drop the connection right then & there. Thanks, brian > > Why not set a header value instead, like: > > x-spamcheck: rbl,rss > > ... that the user can filter on ... > > Brian Kolaci wrote: > > > I've had the request to allow on a per-user, per-domain > > basis to either bounce or allow spam through. This may > > be an underlying request he had. > > > > I've started this, but found that I just dumped the RSS & ORBS > > list and only went for RBL. That was simpler. > > > > My approach was to update rblsmtbd.c to instead of bounce > > the mail, set an environment variable. Then in qmail-smtpd, > > you can check the envelope and selectivly bounce it or not, > > depending on the contents in a new control file. > > -- > Michael T. Babcock, C.T.O. FibreSpeed > http://www.fibrespeed.net/~mbabcock > >
Re: RBL, ORBs etc filtering
Hi, I've had the request to allow on a per-user, per-domain basis to either bounce or allow spam through. This may be an underlying request he had. I've started this, but found that I just dumped the RSS & ORBS list and only went for RBL. That was simpler. My approach was to update rblsmtbd.c to instead of bounce the mail, set an environment variable. Then in qmail-smtpd, you can check the envelope and selectivly bounce it or not, depending on the contents in a new control file. Thanks, Brian - Original Message - From: "Brian Clare" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, November 06, 2000 11:37 AM Subject: Re: RBL, ORBs etc filtering > That would be a great addition I guess, but once setup in qmail, isn't > it working for all domains? > > Robert J Adams wrote: > > > > Hello all, > > > > I was thinking about hacking in the ability to bounce spam based on RBL, > > ORBs etc into vpopmail.. Is anyone working on this? The idea is to have it > > user selectable.. anyone else interested in this? > > > > -Jason > > -- > Brian Clare > 312-961-2401 >
Re: Bug in vchkpw
make it static to be safe... > Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm > Delivered-To: mailing list [EMAIL PROTECTED] > Date: Thu, 02 Nov 2000 18:25:16 -0600 > From: Ken Jones <[EMAIL PROTECTED]> > To: Rick Morris <[EMAIL PROTECTED]> > CC: [EMAIL PROTECTED] > Subject: Re: Bug in vchkpw > > > I wonder if the memory needs to be malloc'd or if the stack variables > in main() are okay. > > Ken Jones > > Rick Morris wrote: > > > > Hello all. > > > > I've found a bug in vchkpw. It tries to add 3 new environment > > variables, but uses the same buf for each one, which overwrites the > > previous values. > > > > >From the putenv() man page: > > > >The string pointed to by string becomes > >part of the environment, so altering the string changes > >the environment. > > > > Here's a small quick & dirty diff for a fix. > > Yes, I know, not optimal, but it works. I'm using the mysql version, so > > I also added a line to get the host name into the USER environment variable, > > for when I log client's new/cur directory spool sizes when they check their > > mail. > > > > diff ../../vpopmail-4.9.4/vchkpw.c vchkpw.c > > 240,242d239 > > < char envbuf1[128]; > > < char envbuf2[128]; > > < char envbuf3[128]; > > 352,356c349,351 > > < scopy(envbuf1,"USER=",sizeof(envbuf1)); > > < scat(envbuf1,pwent->pw_name,sizeof(envbuf1)); > > < scat(envbuf1,"@",sizeof(envbuf1)); > > < scat(envbuf1,GLhost,sizeof(envbuf1)); > > < if (putenv(envbuf1) == -1) > > --- > > > scopy(buf,"USER=",sizeof(buf)); > > > scat(buf,pwent->pw_name,sizeof(buf)); > > > if (putenv(buf) == -1) > > 360,362c355,357 > > < scopy(envbuf2,"HOME=",sizeof(envbuf2)); > > < scat(envbuf2,pwent->pw_dir,sizeof(envbuf2)); > > < if (putenv(envbuf2) == -1) > > --- > > > scopy(buf,"HOME=",sizeof(buf)); > > > scat(buf,pwent->pw_dir,sizeof(buf)); > > > if (putenv(buf) == -1) > > 366,367c361,362 > > < scopy(envbuf3,"SHELL=NOLOGIN",sizeof(envbuf3)); > > < if (putenv(envbuf3) == -1) > > --- > > > scopy(buf,"SHELL=NOLOGIN",sizeof(buf)); > > > if (putenv(buf) == -1) > > > > -- > > Rick Morris > > VP Network Administration > > Wamco Technologies Group > > > > Phone: (250) 386-5535 > > Fax: (250) 386-5520
leaks in vchkpw.c
In the file vchkpw.c:
around line 386, in the function "host_in_locals(domain)"
There's a memory and file pointer leak.
OLD:
int host_in_locals(domain)
char *domain;
{
int i;
char *tmpbuf;
FILE *fs;
tmpbuf = malloc(slen(QMAILDIR) + 18 );
sprintf(tmpbuf, "%s/control/locals", QMAILDIR);
fs = fopen(tmpbuf,"r");
if ( fs == NULL ) {
return(0);
}
while( fgets(tmpbuf,200,fs) != NULL ) {
for(i=0;tmpbuf[i]!=0;++i) if (tmpbuf[i]=='\n') tmpbuf[i]=0;
if ( sstrcmp( domain, tmpbuf ) == 0 ) {
return(1);
}
if ( sstrcmp(domain, "localhost") == 0 &&
strstr(domain,"localhost") != NULL ) {
return(1);
}
}
fclose(fs);
return(0);
}
NEW:
int host_in_locals(domain)
char *domain;
{
int i;
char *tmpbuf;
FILE *fs;
tmpbuf = malloc(slen(QMAILDIR) + 18 );
sprintf(tmpbuf, "%s/control/locals", QMAILDIR);
fs = fopen(tmpbuf,"r");
if ( fs == NULL ) {
free(tmpbuf);
return(0);
}
while( fgets(tmpbuf,200,fs) != NULL ) {
for(i=0;tmpbuf[i]!=0;++i) if (tmpbuf[i]=='\n') tmpbuf[i]=0;
if ( sstrcmp( domain, tmpbuf ) == 0 ) {
free(tmpbuf);
fclose(fs);
return(1);
}
if ( sstrcmp(domain, "localhost") == 0 &&
strstr(domain,"localhost") != NULL ) {
free(tmpbuf);
fclose(fs);
return(1);
}
}
free(tmpbuf);
fclose(fs);
return(0);
}
Re: quota question on 4.9.5
I don't mind doing some coding, but there seems to be more missing. I'll need to dig through the code some more. It would be nice if we can have the postmaster get an unlimited quota so they can be informed that their domain is over quota and that they should get the quota increased or have their people start cleaning up their mail. The postmaster may need to get mail on each bounce (not the message, but that a message from so-and-so bounced), and possibly which ID's are using up the space so it can be cleaned properly. Before putting some code together, we may want to put together a real design first and try to think it through. The domain per unix ID is good, but we may want to put the postmaster in a different place so they can still get notifications. What are your thoughts? What else did I miss? (I'm sure I've missed alot). Thanks, Brian > Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm > Delivered-To: mailing list [EMAIL PROTECTED] > Date: Fri, 13 Oct 2000 17:08:08 -0500 > From: Ken Jones <[EMAIL PROTECTED]> > To: Brian Kolaci <[EMAIL PROTECTED]> > CC: [EMAIL PROTECTED] > Subject: Re: quota question on 4.9.5 > > Brian Kolaci wrote: > > > > Hi, > > > > I have a quota question... > > I'd like to put "per domain" quotas using > > the O/S disk quotas, and use a separate uid/gid. > > I noticed in vdelivermail.c that each of > > the write() calls check for failure and return > > a temporary failure. Shouldn't there be a check > > for EDQUOT and bounce the message if the user > > exceeded their quota? > > > > Thanks, > > > > Brian > > Good point. Feel like putting together some code for that? > > Ken Jones
