RE: [vchkpw] delete

2006-03-23 Thread Lee Evans 
Yes, it does this for me also

Simply adding /dev/null to a new line should have the desired result [I
think]

Regards
Lee
-- 
Lee Evans 

 -Original Message-
 From: Rob Genovesi [mailto:[EMAIL PROTECTED] 
 Sent: 23 March 2006 20:00
 To: vchkpw@inter7.com
 Subject: [vchkpw] delete
 
 Hi All,
 
 The delete option from Qmailadmin does not seem to be working on my 
 server.  It creates a .qmail file with a single line: # 
 delete , however 
 messages are still delivered to the Maildir.
 
 Any ideas as to what might be going on?
 
 vpopmail 5.4.10
 qmailadmin 1.2.9
 
 
 Thanks,
 
   Rob

RE: [vchkpw] FW: chkuser 2.0 doesn't appear to be working

2006-03-10 Thread Lee Evans 
 #ifndef TLS
 
 This means that it will only run chkuser if you didn't 
 compile it with TLS support, which you might have done.  If 
 TLS is defined, I don't see chkuser being included in the 
 executable.  You need the chkuser calls in the TLS/SSL 
 section as well.
 This is not an if structure as it would be in regular code.  
 This is a compiler direction, that tells it to completely 
 ignore those parts at COMPILE TIME.  Meaning, that those 
 parts may never get included... ever... in the executable.
 Of course I'm making an assumption that TLS is defined :)

Thanks - that makes sense. I *am* building with TLS support, so I guess that
explains it.

Should I include the same code after

#else
if (!addrallowed())

Or does it need to go somewhere else?

Thanks
Lee

[vchkpw] FW: chkuser 2.0 doesn't appear to be working

2006-03-09 Thread Lee Evans 
Hi,

I'm hoping somebody will be able to help me with a problem I appear to be
having with chkuser 2.0.

I built my qmail installation from the qmailrocks bundle, which I've done a
few times in the past so I haven't had any problems there.

I was looking for a suitalbe solution to block SMTP delivery to unknown
local recipients and I would prefer to use chkuser instead of the what
appears to be a suitalbe alternative, validrcptto, as I anticipate quite a
high number of users and regular updates to accounts  aliases. With
validrcppto I need to build  maintain another user database outside of the
vpopmail configuration.

I have downloded the latest tarball of chkuser and followed the installation
instructions. The patches would not apply to my qmailrocks source, so I
implemented the changes by hand.

Initially compilation failed due to repeated dns.o references, that was my
fault and was easily repaired.

The changes also seem to have affected the compliation of spfquery.c - I
managed to fix this though and compliation now appears to be successful.

However - if I run the new qmail-smtpd binary to check the funcationality as
recommended it does not appear to be doing any rcpt to: checks - an ok
result is returned no matter what username I supply before a valid rcpt
host.

Can anyone make any suggestions as to what I can do to try and locate the
problem?

Thanks
Lee

RE: [vchkpw] FW: chkuser 2.0 doesn't appear to be working

2006-03-09 Thread Lee Evans 
 You should give more informations...
 
 Have you tried what's suggested in 
 http://www.interazioni.it/opensource/chkuser/documentation/faq
 /enabling.html ?

Thank you for the response. Sorry about not providing enough information

I have followed the instructions at the above URL

I have two domains on my server at this time, one of which is setup with
bounce-no-mailbox and one which is not. For testing purposes I am trying to
send email to [EMAIL PROTECTED] where domain.com is configured with
bounce-no-mailbox. As shown:

[EMAIL PROTECTED] qmail-1.03]# cat 
/home/vpopmail/domains/domain.com/.qmail-default
| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox
[EMAIL PROTECTED] qmail-1.03]

This is confirmed as shortly after sending test email I receive an email at
the account I use for envelope from: saying:
[EMAIL PROTECTED]: Sorry, no mailbox here by that name. vpopmail (#5.1.1)
As would be expected without the chkuser package.

I also tried to recompile after setting the option CHKUSER_ALWAYS_ON to see
if this would make a difference, but there was no change to the behaviour

Regards
Lee

RE: [vchkpw] FW: chkuser 2.0 doesn't appear to be working

2006-03-09 Thread Lee Evans 
 Did you try what's suggested in 
 http://www.interazioni.it/opensource/chkuser/documentation/faq, 
 running manually qmail-smtpd?
 
 Did you check which is the user qmail-smtpd is running as?
 
 Tonino

My qmail-smtpd is running through TCP Server as usver vpopmail and group
vchkpw

If I run manually I have no evidence of chkuser:

[EMAIL PROTECTED] qmail-1.03]# ./qmail-smtpd
220 mail.leeevans.org ESMTP
mail from [EMAIL PROTECTED]
250 ok
rcpt to:[EMAIL PROTECTED]
250 ok
quit
221 mail.leeevans.org

Regards
Lee

RE: [vchkpw] FW: chkuser 2.0 doesn't appear to be working

2006-03-09 Thread Lee Evans 
mail.leeevans.org
 
 If you compiled it with standard chkuser_settings.h, you 
 should see some logs during this emulated session.
 
 I have doubts chkuser code is called.

I have the same doubts. I have CHKUSER_ENABLE_LOGGING CHKUSER_LOG_VALID_RCPT
and CHKUSER_LOG_VALID_SENDER all defined.

I don't see anything related to chkuser in
/var/log/qmail/qmail-smtpd/current when processing mail.

It's a very crude test, I know, but if I do 'strings qmail-smtpd | grep
chkuser' it returns the various SMTP error codes/messages chkuser would
produce so I know the code is at least in there somewhere

Thanks
Lee

RE: [vchkpw] FW: chkuser 2.0 doesn't appear to be working

2006-03-09 Thread Lee Evans 
 You could post here (or send me) the routine where chkuser is 
 called (both for sender and recipients), just to see what to change.

I have attached snippets from qmail-smtpd.c showing the send  rcpt routines
and chkuser code I hope this is what you meant.

 
 [Is chkuser.h included in a valid point within qmail-smtpd.c?]

I have:
snip
#include fd.h
#include dns.h
#include spf.h
/*chkuser*/
#include chkuser.h

Thanks
Lee
void smtp_mail(arg) char *arg;
{
  int r;
  rcptcounter = 0 ;
  if (!addrparse(arg)) { err_syntax(); return; }
  /*chkuser*/
  if (chkuser_sender (addr) != CHKUSER_OK) { return; }
  /*chkuser end*/
  flagbarf = bmfcheck();
  switch(mfcheck()) {
case DNS_HARD: err_hmf(); return;
case DNS_SOFT: err_smf(); return;
case DNS_MEM: die_nomem();
  }
  flagbarfspf = 0;
  if (spfbehavior  !relayclient)
  {
switch (r = spfcheck())
{
  case SPF_OK: env_put2(SPFRESULT,pass); break;
  case SPF_NONE: env_put2(SPFRESULT,none); break;
  case SPF_UNKNOWN: env_put2(SPFRESULT,unknown); break;
  case SPF_NEUTRAL: env_put2(SPFRESULT,neutral); break;
  case SPF_SOFTFAIL: env_put2(SPFRESULT,softfail); break;
  case SPF_FAIL: env_put2(SPFRESULT,fail); break;
  case SPF_ERROR: env_put2(SPFRESULT,error); break;
}
switch (r)
{
  case SPF_NOMEM:
die_nomem();
  case SPF_ERROR:
if (spfbehavior  2) break ;
out (451 SPF lookup failure (#4.3.0)\r\n);
return;
  case SPF_NONE:
  case SPF_UNKNOWN:
if (spfbehavior  6) break ;
  case SPF_NEUTRAL:
if (spfbehavior  5) break ;
  case SPF_SOFTFAIL:
if (spfbehavior  4) break ;
  case SPF_FAIL:
if (spfbehavior  3) break ;
if (!spfexplanation(spfbarfmsg)) die_nomem();
if (!stralloc_0(spfbarfmsg)) die_nomem();
flagbarfspf = 1;
}
  }
  else
env_unset(SPFRESULT);
  seenmail = 1;
  if (!stralloc_copys(rcptto,)) die_nomem();
  if (!stralloc_copys(mailfrom,addr.s)) die_nomem();
  if (!stralloc_0(mailfrom)) die_nomem();
  out(250 ok\r\n);
}
void smtp_rcpt(arg) char *arg; {
  rcptcounter++;
  if (!seenmail) { err_wantmail(); return; }
  if (checkrcptcount() == 1) { err_syntax(); return; }
  if (!addrparse(arg)) { err_syntax(); return; }
  if (flagbarf) { err_bmf(); return; }
  if (flagbarfspf) { err_spf(); return; }
  if (relayclient) {
--addr.len;
if (!stralloc_cats(addr,relayclient)) die_nomem();
if (!stralloc_0(addr)) die_nomem();
  }
  else
#ifndef TLS
if (!addrallowed()) { err_nogateway(); return; }
/*chkuser*/
switch (chkuser_realrcpt (mailfrom, addr)) {
case CHKUSER_KO:
  return;
  break;
case CHKUSER_RELAYING:
  --addr.len;
  if (!stralloc_cats(addr,relayclient)) die_nomem();
  if (!stralloc_0(addr)) die_nomem();
  break;
}
/*end chkuser*/
#else
if (!addrallowed())
 {
  if (ssl)
  { STACK_OF(X509_NAME) *sk;
X509 *peercert;
stralloc tlsclients = {0};
struct constmap maptlsclients;
int r;

SSL_set_verify(ssl,
   SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
   verify_cb);
if ((sk = SSL_load_client_CA_file(control/clientca.pem)) == NULL)
 { err_nogateway(); return; }
SSL_set_client_CA_list(ssl, sk);
if((control_readfile(tlsclients,control/tlsclients,0) != 1) ||
   !constmap_init(maptlsclients,tlsclients.s,tlsclients.len,0))
  { err_nogateway(); return; }

SSL_renegotiate(ssl);
SSL_do_handshake(ssl);
ssl-state = SSL_ST_ACCEPT;
SSL_do_handshake(ssl);
if ((r = SSL_get_verify_result(ssl)) != X509_V_OK)
 {out(553 no valid cert for gatewaying: );
  out(X509_verify_cert_error_string(r));
  out( (#5.7.1)\r\n);
  return;
 }

if (peercert = SSL_get_peer_certificate(ssl))
 {char emailAddress[256];

  X509_NAME_get_text_by_NID(X509_get_subject_name(
 SSL_get_peer_certificate(ssl)),
 NID_pkcs9_emailAddress, emailAddress, 
256);  if (!stralloc_copys(clientcert, emailAddress)) die_nomem();
  if (!constmap(maptlsclients,clientcert.s,clientcert.len))
{ err_nogwcert(); return; }
  relayclient = ;
 }
  else { err_nogwcert(); return; }
   }
  else { err_nogateway(); return; }
 }
#endif
  if (!stralloc_cats(rcptto,T)) die_nomem();
  if (!stralloc_cats(rcptto,addr.s)) die_nomem();
  if (!stralloc_0(rcptto)) die_nomem();
  out(250 ok\r\n);
}