RE: [vchkpw] delete
Yes, it does this for me also Simply adding /dev/null to a new line should have the desired result [I think] Regards Lee -- Lee Evans -Original Message- From: Rob Genovesi [mailto:[EMAIL PROTECTED] Sent: 23 March 2006 20:00 To: vchkpw@inter7.com Subject: [vchkpw] delete Hi All, The delete option from Qmailadmin does not seem to be working on my server. It creates a .qmail file with a single line: # delete , however messages are still delivered to the Maildir. Any ideas as to what might be going on? vpopmail 5.4.10 qmailadmin 1.2.9 Thanks, Rob
RE: [vchkpw] FW: chkuser 2.0 doesn't appear to be working
#ifndef TLS This means that it will only run chkuser if you didn't compile it with TLS support, which you might have done. If TLS is defined, I don't see chkuser being included in the executable. You need the chkuser calls in the TLS/SSL section as well. This is not an if structure as it would be in regular code. This is a compiler direction, that tells it to completely ignore those parts at COMPILE TIME. Meaning, that those parts may never get included... ever... in the executable. Of course I'm making an assumption that TLS is defined :) Thanks - that makes sense. I *am* building with TLS support, so I guess that explains it. Should I include the same code after #else if (!addrallowed()) Or does it need to go somewhere else? Thanks Lee
[vchkpw] FW: chkuser 2.0 doesn't appear to be working
Hi, I'm hoping somebody will be able to help me with a problem I appear to be having with chkuser 2.0. I built my qmail installation from the qmailrocks bundle, which I've done a few times in the past so I haven't had any problems there. I was looking for a suitalbe solution to block SMTP delivery to unknown local recipients and I would prefer to use chkuser instead of the what appears to be a suitalbe alternative, validrcptto, as I anticipate quite a high number of users and regular updates to accounts aliases. With validrcppto I need to build maintain another user database outside of the vpopmail configuration. I have downloded the latest tarball of chkuser and followed the installation instructions. The patches would not apply to my qmailrocks source, so I implemented the changes by hand. Initially compilation failed due to repeated dns.o references, that was my fault and was easily repaired. The changes also seem to have affected the compliation of spfquery.c - I managed to fix this though and compliation now appears to be successful. However - if I run the new qmail-smtpd binary to check the funcationality as recommended it does not appear to be doing any rcpt to: checks - an ok result is returned no matter what username I supply before a valid rcpt host. Can anyone make any suggestions as to what I can do to try and locate the problem? Thanks Lee
RE: [vchkpw] FW: chkuser 2.0 doesn't appear to be working
You should give more informations... Have you tried what's suggested in http://www.interazioni.it/opensource/chkuser/documentation/faq /enabling.html ? Thank you for the response. Sorry about not providing enough information I have followed the instructions at the above URL I have two domains on my server at this time, one of which is setup with bounce-no-mailbox and one which is not. For testing purposes I am trying to send email to [EMAIL PROTECTED] where domain.com is configured with bounce-no-mailbox. As shown: [EMAIL PROTECTED] qmail-1.03]# cat /home/vpopmail/domains/domain.com/.qmail-default | /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox [EMAIL PROTECTED] qmail-1.03] This is confirmed as shortly after sending test email I receive an email at the account I use for envelope from: saying: [EMAIL PROTECTED]: Sorry, no mailbox here by that name. vpopmail (#5.1.1) As would be expected without the chkuser package. I also tried to recompile after setting the option CHKUSER_ALWAYS_ON to see if this would make a difference, but there was no change to the behaviour Regards Lee
RE: [vchkpw] FW: chkuser 2.0 doesn't appear to be working
Did you try what's suggested in http://www.interazioni.it/opensource/chkuser/documentation/faq, running manually qmail-smtpd? Did you check which is the user qmail-smtpd is running as? Tonino My qmail-smtpd is running through TCP Server as usver vpopmail and group vchkpw If I run manually I have no evidence of chkuser: [EMAIL PROTECTED] qmail-1.03]# ./qmail-smtpd 220 mail.leeevans.org ESMTP mail from [EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 250 ok quit 221 mail.leeevans.org Regards Lee
RE: [vchkpw] FW: chkuser 2.0 doesn't appear to be working
mail.leeevans.org If you compiled it with standard chkuser_settings.h, you should see some logs during this emulated session. I have doubts chkuser code is called. I have the same doubts. I have CHKUSER_ENABLE_LOGGING CHKUSER_LOG_VALID_RCPT and CHKUSER_LOG_VALID_SENDER all defined. I don't see anything related to chkuser in /var/log/qmail/qmail-smtpd/current when processing mail. It's a very crude test, I know, but if I do 'strings qmail-smtpd | grep chkuser' it returns the various SMTP error codes/messages chkuser would produce so I know the code is at least in there somewhere Thanks Lee
RE: [vchkpw] FW: chkuser 2.0 doesn't appear to be working
You could post here (or send me) the routine where chkuser is called (both for sender and recipients), just to see what to change. I have attached snippets from qmail-smtpd.c showing the send rcpt routines and chkuser code I hope this is what you meant. [Is chkuser.h included in a valid point within qmail-smtpd.c?] I have: snip #include fd.h #include dns.h #include spf.h /*chkuser*/ #include chkuser.h Thanks Lee void smtp_mail(arg) char *arg; { int r; rcptcounter = 0 ; if (!addrparse(arg)) { err_syntax(); return; } /*chkuser*/ if (chkuser_sender (addr) != CHKUSER_OK) { return; } /*chkuser end*/ flagbarf = bmfcheck(); switch(mfcheck()) { case DNS_HARD: err_hmf(); return; case DNS_SOFT: err_smf(); return; case DNS_MEM: die_nomem(); } flagbarfspf = 0; if (spfbehavior !relayclient) { switch (r = spfcheck()) { case SPF_OK: env_put2(SPFRESULT,pass); break; case SPF_NONE: env_put2(SPFRESULT,none); break; case SPF_UNKNOWN: env_put2(SPFRESULT,unknown); break; case SPF_NEUTRAL: env_put2(SPFRESULT,neutral); break; case SPF_SOFTFAIL: env_put2(SPFRESULT,softfail); break; case SPF_FAIL: env_put2(SPFRESULT,fail); break; case SPF_ERROR: env_put2(SPFRESULT,error); break; } switch (r) { case SPF_NOMEM: die_nomem(); case SPF_ERROR: if (spfbehavior 2) break ; out (451 SPF lookup failure (#4.3.0)\r\n); return; case SPF_NONE: case SPF_UNKNOWN: if (spfbehavior 6) break ; case SPF_NEUTRAL: if (spfbehavior 5) break ; case SPF_SOFTFAIL: if (spfbehavior 4) break ; case SPF_FAIL: if (spfbehavior 3) break ; if (!spfexplanation(spfbarfmsg)) die_nomem(); if (!stralloc_0(spfbarfmsg)) die_nomem(); flagbarfspf = 1; } } else env_unset(SPFRESULT); seenmail = 1; if (!stralloc_copys(rcptto,)) die_nomem(); if (!stralloc_copys(mailfrom,addr.s)) die_nomem(); if (!stralloc_0(mailfrom)) die_nomem(); out(250 ok\r\n); } void smtp_rcpt(arg) char *arg; { rcptcounter++; if (!seenmail) { err_wantmail(); return; } if (checkrcptcount() == 1) { err_syntax(); return; } if (!addrparse(arg)) { err_syntax(); return; } if (flagbarf) { err_bmf(); return; } if (flagbarfspf) { err_spf(); return; } if (relayclient) { --addr.len; if (!stralloc_cats(addr,relayclient)) die_nomem(); if (!stralloc_0(addr)) die_nomem(); } else #ifndef TLS if (!addrallowed()) { err_nogateway(); return; } /*chkuser*/ switch (chkuser_realrcpt (mailfrom, addr)) { case CHKUSER_KO: return; break; case CHKUSER_RELAYING: --addr.len; if (!stralloc_cats(addr,relayclient)) die_nomem(); if (!stralloc_0(addr)) die_nomem(); break; } /*end chkuser*/ #else if (!addrallowed()) { if (ssl) { STACK_OF(X509_NAME) *sk; X509 *peercert; stralloc tlsclients = {0}; struct constmap maptlsclients; int r; SSL_set_verify(ssl, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, verify_cb); if ((sk = SSL_load_client_CA_file(control/clientca.pem)) == NULL) { err_nogateway(); return; } SSL_set_client_CA_list(ssl, sk); if((control_readfile(tlsclients,control/tlsclients,0) != 1) || !constmap_init(maptlsclients,tlsclients.s,tlsclients.len,0)) { err_nogateway(); return; } SSL_renegotiate(ssl); SSL_do_handshake(ssl); ssl-state = SSL_ST_ACCEPT; SSL_do_handshake(ssl); if ((r = SSL_get_verify_result(ssl)) != X509_V_OK) {out(553 no valid cert for gatewaying: ); out(X509_verify_cert_error_string(r)); out( (#5.7.1)\r\n); return; } if (peercert = SSL_get_peer_certificate(ssl)) {char emailAddress[256]; X509_NAME_get_text_by_NID(X509_get_subject_name( SSL_get_peer_certificate(ssl)), NID_pkcs9_emailAddress, emailAddress, 256); if (!stralloc_copys(clientcert, emailAddress)) die_nomem(); if (!constmap(maptlsclients,clientcert.s,clientcert.len)) { err_nogwcert(); return; } relayclient = ; } else { err_nogwcert(); return; } } else { err_nogateway(); return; } } #endif if (!stralloc_cats(rcptto,T)) die_nomem(); if (!stralloc_cats(rcptto,addr.s)) die_nomem(); if (!stralloc_0(rcptto)) die_nomem(); out(250 ok\r\n); }