Re: [vchkpw] Qmailadmin -- on a Remote Machine
Using an NFS mount works just fine, but is really only practical if you're going to have the same machine handle email as well - not just web. Assuming, like Thibault said, you want to open up your entire userbase to a web vulnerability. If qmailadmin were re-written to use vpopmaild, I think it might be a good move. Rick Quoting Thibault Richard th...@thibs.com: Hello, I think the only way is to make a NFS mount (but it's a really bad idea to implement it in production) Best Regards Thibault -Original Message- From: Todor Petkov [mailto:z...@online.bg] Sent: mardi 19 février 2013 09:17 To: vchkpw@inter7.com Subject: Re: [vchkpw] Qmailadmin -- on a Remote Machine On 18/02/2013 11:37 PM, Remo Mattei wrote: Hello everyone, I have a qmail server running and for some reasons qmailadmin does not install, I have rebuild a new qmail server and the qmailadmin works fine same version of OS pretty much same configuration but does not want to listen about having qmailadmin running. So is there a way to use the new qmail server and run the qmailadmin from there to access the production qmail server? Thanks, Remo I don't think it's possible. qmailadmin reads the local qmail files to find the virtual domains. Not to mention, that you need to access the filesystem to create/delete users directories. Regards, !DSPAM:51236b4934149811816381!
[vchkpw] [SPAM] Re: [vchkpw] [SPAM] Dovecot-lda for vpopmail
Heres a patch for 5.4.17 - I've been running this for a while now. Basically, run the deliver command after the tempfile is created (to verify delivery and quota) then unlink the tempfile and return. I tried to make it all fancy with build options, then figured I was the only one who would do it this wacky way. :) This version passes the home directory to deliver, so you don't need to run the dovecot lookup service. I also had to specify the timezone to get the correct timestamp for some reason. Rick Quoting Alessio Cecchi ales...@skye.it: As many users of vpopmail we switched to dovecot for POP and IMAP. I would like to switch also from maildrop to dovecot-lda. Many configuration are possibile but the best way is to patch vdelivermail to use dovecot-lda directly. Has anyone solved the problem? If someone wants to write a patch for me, I am willing to make a bid. Thanks -- Alessio Cecchi is: @ ILS - http://www.linux.it/~alessice/ on LinkedIn - http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux - http://www.cecchi.biz/ @ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it --- vdelivermail.c 2009-05-18 19:13:17.0 -0500 +++ vdelivermail.c.dovecot 2010-12-10 08:34:33.444212000 -0600 @@ -411,7 +411,8 @@ size_t headerlen; int write_fd; char quota[80]; - + char home[150]; + //char *cmd[] = { |/usr/local/libexec/dovecot/deliver, , (char *)0 }; headerlen = strlen (extra_headers); msgsize += headerlen; @@ -426,7 +427,19 @@ maildir, tm, pid, hostname, (long unsigned) msgsize); read_quota_from_maildir (maildir, quota, sizeof(quota)); +// #ifdef DELIVER_STDOUT +/* export HOME environment variable - strip /Maildir/ */ + if ( putenv(home) == -1 ) { +printf( + putenv(HOME) failed errno %d %s@%s, + errno, TheUser, TheDomain); +return -1; + } +sprintf(home,|/usr/bin/env -i HOME=%s TZ=CST /usr/local/libexec/dovecot/deliver,vpw-pw_dir); + // run_command(home); + // return 0; +// #else /* open the new email file */ if ((write_fd=open(local_file_tmp, O_CREAT|O_RDWR, S_IRUSR|S_IWUSR)) == -1) { if (errno == EDQUOT) return -1; @@ -450,6 +463,12 @@ } /* completed write to tmp directory, now move it into the new directory */ +// Scratch that - pipe to Dovecot deliver and remove tmp file (quota check) + +close(write_fd); +unlink (local_file_tmp); +run_command(home); +return 0; /* sync the data to disk and close the file */ errno = 0; @@ -487,6 +506,7 @@ /* return failure (sync/close failed, message NOT delivered) */ return -2; +//#endif } /* !DSPAM:5060615234212177865488!
Re: [vchkpw] [SPAM] Re: [vchkpw] [SPAM] Dovecot-lda for vpopmail
Quoting Alessio Cecchi ales...@skye.it: Il 24/09/2012 15:34, Rick Romero ha scritto: Heres a patch for 5.4.17 - I've been running this for a while now. Basically, run the deliver command after the tempfile is created (to verify delivery and quota) then unlink the tempfile and return. I tried to make it all fancy with build options, then figured I was the only one who would do it this wacky way. :) This version passes the home directory to deliver, so you don't need to run the dovecot lookup service. I also had to specify the timezone to get the correct timestamp for some reason. Rick Thanks Rick! your patch is very helpful for me, also passes the HOME to deliver is a good idea. Another useful options, for delivery, will be to add the extension via -m mailbox so dovecot will deliver the email directly in this folder (if vpopmail is build with enable-qmail-ext). An email to alessio-vpopml@ will be delivery to the vpopml folder. In the enviroment, what is the variable for the extension (vpopml)? There is none at the point deliver is called - by the time it gets called, all the qmail-ext work has been done so the HOME directory is the correct user's Maildir directory. 'deliver' just needs to drop the email into that location and update the indexes. That's what I was shooting for. Besides using qmail-ext, I still have old vacation and forwards that I didn't want to worry about. vdelivermail still handles all of that. I just wanted deliver to update indexes on delivery. I hadn't thought about it - but the version of Dovecot on my front-end servers that do delivery is still in the 1.2 series. So there may be some slight differences if you're running 2.0 deliver. Rick !DSPAM:506074d134211000720019!
Re: [vchkpw] Dovecot-lda for vpopmail
Quoting Alessio Cecchi ales...@skye.it: Il 24/09/2012 16:57, Rick Romero ha scritto: Quoting Alessio Cecchi ales...@skye.it: Il 24/09/2012 15:34, Rick Romero ha scritto: Heres a patch for 5.4.17 - I've been running this for a while now. Basically, run the deliver command after the tempfile is created (to verify delivery and quota) then unlink the tempfile and return. I tried to make it all fancy with build options, then figured I was the only one who would do it this wacky way. :) This version passes the home directory to deliver, so you don't need to run the dovecot lookup service. I also had to specify the timezone to get the correct timestamp for some reason. Rick Thanks Rick! your patch is very helpful for me, also passes the HOME to deliver is a good idea. Another useful options, for delivery, will be to add the extension via -m mailbox so dovecot will deliver the email directly in this folder (if vpopmail is build with enable-qmail-ext). An email to alessio-vpopml@ will be delivery to the vpopml folder. In the enviroment, what is the variable for the extension (vpopml)? There is none at the point deliver is called - by the time it gets called, all the qmail-ext work has been done so the HOME directory is the correct user's Maildir directory. 'deliver' just needs to drop the email into that location and update the indexes. That's what I was shooting for. Besides using qmail-ext, I still have old vacation and forwards that I didn't want to worry about. vdelivermail still handles all of that. I just wanted deliver to update indexes on delivery. I hadn't thought about it - but the version of Dovecot on my front-end servers that do delivery is still in the 1.2 series. So there may be some slight differences if you're running 2.0 deliver. Rick I'm using dovecot 2.1 with native auth-vpopmail. With 1.2 native auth-vpopmail have some limits. My idea is to run dovecot-lda like: /usr/lib/dovecot/deliver -d $EXT@$HOST -m $Extension where if original recipient is alessio-li...@cecchi.it Extension is lists, but in vpopmail environment how is called Extension (if is present)? I don't think that's right - according to the Dovecot Wiki -m is Mailbox. Like INBOX or Trash, etc.. http://wiki2.dovecot.org/LDA If you wish to use Dovecot's mailbox lookup, you can just use: /usr/lib/dovecot/deliver -d $EXT@$HOST I don't use thatt, what's why I pass the HOME variable. Rick !DSPAM:5060803034217488412077!
Re: [vchkpw] Dovecot-lda for vpopmail
Quoting Alessio Cecchi ales...@skye.it: Il 24/09/2012 17:45, Rick Romero ha scritto: Quoting Alessio Cecchi ales...@skye.it: Il 24/09/2012 16:57, Rick Romero ha scritto: Quoting Alessio Cecchi ales...@skye.it: Il 24/09/2012 15:34, Rick Romero ha scritto: Heres a patch for 5.4.17 - I've been running this for a while now. Basically, run the deliver command after the tempfile is created (to verify delivery and quota) then unlink the tempfile and return. I tried to make it all fancy with build options, then figured I was the only one who would do it this wacky way. :) This version passes the home directory to deliver, so you don't need to run the dovecot lookup service. I also had to specify the timezone to get the correct timestamp for some reason. Rick Thanks Rick! your patch is very helpful for me, also passes the HOME to deliver is a good idea. Another useful options, for delivery, will be to add the extension via -m mailbox so dovecot will deliver the email directly in this folder (if vpopmail is build with enable-qmail-ext). An email to alessio-vpopml@ will be delivery to the vpopml folder. In the enviroment, what is the variable for the extension (vpopml)? There is none at the point deliver is called - by the time it gets called, all the qmail-ext work has been done so the HOME directory is the correct user's Maildir directory. 'deliver' just needs to drop the email into that location and update the indexes. That's what I was shooting for. Besides using qmail-ext, I still have old vacation and forwards that I didn't want to worry about. vdelivermail still handles all of that. I just wanted deliver to update indexes on delivery. I hadn't thought about it - but the version of Dovecot on my front-end servers that do delivery is still in the 1.2 series. So there may be some slight differences if you're running 2.0 deliver. Rick I'm using dovecot 2.1 with native auth-vpopmail. With 1.2 native auth-vpopmail have some limits. My idea is to run dovecot-lda like: /usr/lib/dovecot/deliver -d $EXT@$HOST -m $Extension where if original recipient is alessio-li...@cecchi.it Extension is lists, but in vpopmail environment how is called Extension (if is present)? I don't think that's right - according to the Dovecot Wiki -m is Mailbox. Like INBOX or Trash, etc.. http://wiki2.dovecot.org/LDA Yes but, with Postfix for example, you can set: /usr/lib/dovecot/deliver -d ${user}@${domain} -m ${extension} so if you receive an email to rick-vch...@domain.com (or rick+vch...@domain.com according to your recipient_delimiter) dovecot will delivery the email in the Mailbox vchkpw and this is very useful. I would like to reproduce this behavior with qmail. Ahh I see what you mean. In qmail the -ext doesn't have a specific destination, it's just a unique address. If you are going to assume that -blah will be a specific mailbox, you could use the EXT2 variable. Here's a list of variables: http://ipucu.enderunix.org/view.php?id=1929lang=en Rick !DSPAM:50608ffa34219032040418!
Re: [vchkpw] [SPAM] anti-OSX [was: qmail+vpopmail upgrade questions]
I don't disagree with any of your points :) I use FreeBSD, I don't know why anyone would run Linux for any real server load - I'M JUST KIDDING! :)) Have you taken a look at Matt Simerson's toaster script? It's targeted at FreeBSD, but I'm fairly confident the instructions are OSX friendly. At least in the past they were. http://www.tnpi.net/internet/mail/toaster/ Rick Quoting Kurt Bigler k...@breathsense.com: *** I would consider running QMT in a VM, but would rather avoid a VM. I've never touched CentOS. My distro of choice still would be Mac-native. I suppose I would try building from sources and see what happens. I really don't want my *entire* server in a VM (just qmail+vpopmail if really necessary) and also really don't want multiple IP's, and suspect sharing a single IP with host and mail VM would be problematic. I already have native Apache, SQL, PHP, etc. and figure it is a good thing to leave it that way if I want to try Mac for whatever it may be worth. But if the whole idea doesn't work maybe I will just install some linux on my Mac mini. But in that case I suppose I could put the whole thing in a linux VM under MacOSX and run SoftRAID in the Mac host. It is just not stuff I'd thought through since I naively didn't expect Mac to be such a problem. If it really is such a problem, then I guess the why Mac questions may be sensible. It just surprises me. -Kurt On 8/2/12 8:13 PM, Eric Shubert e...@shubes.net wrote: I wonder too, why OSX? The only thing I can think of is perhaps you have an older MacMini laying around that you'd like to use. That's certainly usable for something such as this, but I wouldn't recommend running a server w/out some sort of raid (I prefer the SW variety). Disclaimer: I've recently taken charge of the QMail-Toaster.com project, so I'm a bit biased. ;) If you're really bent on OSX, you could run a QMT mail server as a VM under whichever virtualization platform you prefer. Migrating your existing setup to QMT should be fairly easy, depending on your vpopmail settings. QMT has a slew of qmail patches applied, and I'm presently upgrading vpopmail to 5.4.33 (long awaited), which will bring all of the QMT packages current with upstream releases. There is a large community behind QMT, so you won't need to look far for helpful support. QMT is presently only available on CentOS/RHEL, so that might be a drawback to you. If you're familiar with packaging though, you might want to roll your own for whatever distro you choose. We hope to have the sources available on GitHub by the end of the year, and will be using OBS to build the packages. You're welcome to join us in our endeavors. !DSPAM:501bd15c34216285468036!
[vchkpw] Re: Help - custom vpopmail
Quoting Rick Romero r...@havokmon.com: Quoting Timo Sirainen t...@iki.fi: On Tue, 2010-11-16 at 10:30 -0600, Rick Romero wrote: So I modified my vpopmail install to write an additional field into the lastauth table. My custom vpopmail writes the remote IP into remote_ip, and the auth type into a 'type' field. I tested with qmail's POP3 daemon to verify vchkpw would fill the table correcly. But I'm not sure how to get dovecot to do it: I know this is close, but there is something not right in src/auth/userdb-vpopmail.c line 99. vset_lastauth(vpop_user, vpop_domain, auth_request-remote_ip, t_strdup_noconst(auth_request-service)); 1) You need to modify vpopmail's vset_lastauth() function to actually support this. 2) Once you do have the extra field (const char *ip) added, you can use: vset_lastauth(vpop_user, vpop_domain, net_ip2addr(auth_request-remote_ip), t_strdup_noconst(auth_request-service)); I can't get dovecot to write to lastauth at all (vpopmail-5.4.32 dovecot-2.0.7) I can't even restore old functionality. lastauth IS populating for other users on these versions- right? I changed my vmysql.c in vpopmail-5.4.32 to the following and re-compiled a stock dovecot (I even removed the lib/dovecot/* and libexec/dovecot/* directories before reinstall). This SHOULD allow both 3 parameter and 4 parameter calls. I know it works for 4 args, because my vchkpw works as stated above using qmail-pop3d (on alt port) and vchkpw. int vset_lastauth(char *user, char *domain, char *remoteip , ...) { int err; char *authtype; if ( (err=vauth_open_update()) != 0 ) return(err); va_list ap; va_start(ap,remoteip); authtype = va_arg(ap, char *); if (authtype == NULL){authtype=unknown;} qnprintf( SqlBufUpdate, SQL_BUF_SIZE, replace into lastauth set user='%s', domain='%s', \ remote_ip='%s', timestamp=%lu, type='%s', user, domain, remoteip, time(NULL), authtype); if (mysql_query(mysql_update,SqlBufUpdate)) { vcreate_lastauth_table(); if (mysql_query(mysql_update,SqlBufUpdate)) { fprintf(stderr, vmysql: sql error[f]: %s\n, mysql_error(mysql_update)); } } return(0); } How should I change this to log all attempts. Rick !DSPAM:4ce49acb32712121752182!
[vchkpw] add AuthType to lastauth table
I'm interested in knowing not only what IP the user last auth'd, but also how they connected. That gives me more info right from the tables on how a particular is using the system, and how the system is utilized overall. I attached a patch and honestly I haven't even tested yet - just thought I'd throw it out there.. - It utilizes a new field 'type' char(10), and puts the text AuthType in there. I'm not sure if a table change is handled via README or automated.. - It also adjusts the vget_lastauth to grab the 'latest' record for that user from the lastauth table, no matter how they auth'd. - The new info is only accessible by direct query. Rick !DSPAM:4cd9a51632711680712101! diff -u vpopmail-5.4.32-orig/authvchkpw.c vpopmail-5.4.32/authvchkpw.c --- vpopmail-5.4.32-orig/authvchkpw.c 2010-11-08 09:02:52.0 -0600 +++ vpopmail-5.4.32/authvchkpw.c 2010-11-09 12:48:02.908186101 -0600 @@ -157,7 +157,7 @@ #endif if (!(ptr = getenv(TCPERMOTEIP))) ptr = 0.0.0.0; - vset_lastauth(pw-pw_name, domain, ptr); + vset_lastauth(pw-pw_name, domain, ptr, ServiceType ); #ifdef MIN_LOGIN_INTERVAL if(( vget_lastauth(vpw,TheDomain ) - last_time ) MIN_LOGIN_INTERVAL ) { vchkpw_exit(1); diff -u vpopmail-5.4.32-orig/vauth.c vpopmail-5.4.32/vauth.c --- vpopmail-5.4.32-orig/vauth.c 2010-11-08 09:02:52.0 -0600 +++ vpopmail-5.4.32/vauth.c 2010-11-09 13:21:04.353502283 -0600 @@ -1274,15 +1274,15 @@ // #ifdef ENABLE_AUTH_LOGGING -int vset_lastauth(char *user, char *domain, char *remoteip ) +int vset_lastauth(char *user, char *domain, char *remoteip , char *authtype ) { int err; if ( (err=vauth_open_update()) != 0 ) return(err); - + qnprintf( SqlBufUpdate, SQL_BUF_SIZE, replace into lastauth set user='%s', domain='%s', \ -remote_ip='%s', timestamp=%lu, user, domain, remoteip, time(NULL)); +remote_ip='%s', timestamp=%lu, type='%s', user, domain, remoteip, time(NULL), authtype); if (mysql_query(mysql_update,SqlBufUpdate)) { vcreate_lastauth_table(); if (mysql_query(mysql_update,SqlBufUpdate)) { @@ -1302,7 +1302,7 @@ if ( (err=vauth_open_read()) != 0 ) return(err); qnprintf( SqlBufRead, SQL_BUF_SIZE, -select timestamp from lastauth where user='%s' and domain='%s', +select timestamp from lastauth where user='%s' and domain='%s' order by timestamp LIMIT 1, pw-pw_name, domain); if (mysql_query(mysql_read,SqlBufRead)) { vcreate_lastauth_table(); diff -u vpopmail-5.4.32-orig/vauth.h vpopmail-5.4.32/vauth.h --- vpopmail-5.4.32-orig/vauth.h 2010-11-08 09:02:52.0 -0600 +++ vpopmail-5.4.32/vauth.h 2010-11-09 12:46:01.627550711 -0600 @@ -68,7 +68,7 @@ void vclose(); void vclose1(); -int vset_lastauth( char *user, char *domain, char *remoteip); +int vset_lastauth( char *user, char *domain, char *remoteip, char *authtype); time_t vget_lastauth( struct vqpasswd *pw, char *domain); char *vget_lastauthip( struct vqpasswd *pw, char *domain); diff -u vpopmail-5.4.32-orig/vchkpw.c vpopmail-5.4.32/vchkpw.c --- vpopmail-5.4.32-orig/vchkpw.c 2010-11-08 09:02:52.0 -0600 +++ vpopmail-5.4.32/vchkpw.c2010-11-09 13:16:33.795496514 -0600 @@ -579,7 +579,7 @@ #ifdef MIN_LOGIN_INTERVAL last_time = vget_lastauth(vpw, TheDomain ); #endif - vset_lastauth(TheUser,TheDomain,IpAddr); + vset_lastauth(TheUser,TheDomain,IpAddr, AuthType); #ifdef MIN_LOGIN_INTERVAL if(( vget_lastauth(vpw,TheDomain ) - last_time ) MIN_LOGIN_INTERVAL ) { vchkpw_exit(1); diff -u vpopmail-5.4.32-orig/vmysql.c vpopmail-5.4.32/vmysql.c --- vpopmail-5.4.32-orig/vmysql.c 2010-11-08 09:02:52.0 -0600 +++ vpopmail-5.4.32/vmysql.c2010-11-09 13:21:04.353502283 -0600 @@ -1274,15 +1274,15 @@ // #ifdef ENABLE_AUTH_LOGGING -int vset_lastauth(char *user, char *domain, char *remoteip ) +int vset_lastauth(char *user, char *domain, char *remoteip , char *authtype ) { int err; if ( (err=vauth_open_update()) != 0 ) return(err); - + qnprintf( SqlBufUpdate, SQL_BUF_SIZE, replace into lastauth set user='%s', domain='%s', \ -remote_ip='%s', timestamp=%lu, user, domain, remoteip, time(NULL)); +remote_ip='%s', timestamp=%lu, type='%s', user, domain, remoteip, time(NULL), authtype); if (mysql_query(mysql_update,SqlBufUpdate)) { vcreate_lastauth_table(); if (mysql_query(mysql_update,SqlBufUpdate)) { @@ -1302,7 +1302,7 @@ if ( (err=vauth_open_read()) != 0 ) return(err); qnprintf( SqlBufRead, SQL_BUF_SIZE, -select timestamp from lastauth where user='%s' and domain='%s', +select timestamp from lastauth where user='%s' and domain='%s' order by timestamp LIMIT 1, pw-pw_name, domain); if (mysql_query(mysql_read,SqlBufRead)) { vcreate_lastauth_table(); diff -u vpopmail-5.4.32-orig/vmysql.h
Re: [vchkpw] add AuthType to lastauth table
Quoting Matt Brookings m...@inter7.com: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/09/2010 01:45 PM, Rick Romero wrote: I'm interested in knowing not only what IP the user last auth'd, but also how they connected. That gives me more info right from the tables on how a particular is using the system, and how the system is utilized overall. I attached a patch and honestly I haven't even tested yet - just thought I'd throw it out there.. - It utilizes a new field 'type' char(10), and puts the text AuthType in there. I'm not sure if a table change is handled via README or automated.. - It also adjusts the vget_lastauth to grab the 'latest' record for that user from the lastauth table, no matter how they auth'd. - The new info is only accessible by direct query. 5.4 is feature-frozen. It only accepts bugfixes. If you would like to work on the patch for 5.5, it would be appreciated. How's this? I did change the fieldname from 'type' to 'authtype'. I also modified all the backends as described above, except for ldap, openldap and cdb. Those 3 will accept the 'authtype' parameter in the function for completeness, but will not use it. I've never done Oracle, but I tried to use the rank() function to get a single 'latest' result for the vget_lastauth function. Not sure about that one.. Rick !DSPAM:4cd9bdf632711223351550! diff -ru vpopmail-5.5.0-orig/backends/cdb/vcdb.c vpopmail-5.5.0/backends/cdb/vcdb.c --- vpopmail-5.5.0-orig/backends/cdb/vcdb.c 2010-11-05 13:37:23.0 -0500 +++ vpopmail-5.5.0/backends/cdb/vcdb.c 2010-11-09 14:56:12.0 -0600 @@ -1074,7 +1074,7 @@ return(unlink(dir_control_file)); } -int set_lastauth(char *user, char *domain, char *remoteip ) +int set_lastauth(char *user, char *domain, char *remoteip, char *authtype) { char *tmpbuf; FILE *fs; diff -ru vpopmail-5.5.0-orig/backends/ldap/vldap.c vpopmail-5.5.0/backends/ldap/vldap.c --- vpopmail-5.5.0-orig/backends/ldap/vldap.c 2010-11-05 13:37:24.0 -0500 +++ vpopmail-5.5.0/backends/ldap/vldap.c 2010-11-09 14:36:14.0 -0600 @@ -1235,7 +1235,7 @@ } -int set_lastauth(char *user, char *domain, char *remoteip ) { +int set_lastauth(char *user, char *domain, char *remoteip, char *authtype ) { return(vset_lastauth_time(user, domain, remoteip, time(NULL) )); } diff -ru vpopmail-5.5.0-orig/backends/mysql/vmysql.c vpopmail-5.5.0/backends/mysql/vmysql.c --- vpopmail-5.5.0-orig/backends/mysql/vmysql.c 2010-11-05 13:37:23.0 -0500 +++ vpopmail-5.5.0/backends/mysql/vmysql.c 2010-11-09 14:51:10.0 -0600 @@ -1298,7 +1298,7 @@ // #ifdef ENABLE_AUTH_LOGGING -int set_lastauth(char *user, char *domain, char *remoteip ) +int set_lastauth(char *user, char *domain, char *remoteip, char *authtype ) { int err; @@ -1307,11 +1307,11 @@ qnprintf( SqlBufUpdate, SQL_BUF_SIZE, INSERT INTO lastauth SET user = '%s', domain = '%s', -remote_ip = '%s', timestamp = %lu +remote_ip = '%s', timestamp = %lu, authtype = '%s' ON DUPLICATE KEY UPDATE user = '%s', domain = '%s', remote_ip = '%s', timestamp = %lu, -user, domain, remoteip, time(NULL), +user, domain, remoteip, time(NULL), authtype, user, domain, remoteip, time(NULL)); if (mysql_query(mysql_update,SqlBufUpdate)) { vcreate_lastauth_table(); @@ -1332,7 +1332,7 @@ if ( (err=vauth_open_read()) != 0 ) return(err); qnprintf( SqlBufRead, SQL_BUF_SIZE, -SELECT timestamp FROM lastauth WHERE user='%s' AND domain='%s', +SELECT timestamp FROM lastauth WHERE user='%s' AND domain='%s' order by timestamp LIMIT 1, pw-pw_name, domain); if (mysql_query(mysql_read,SqlBufRead)) { vcreate_lastauth_table(); @@ -1359,7 +1359,7 @@ if ( vauth_open_read() != 0 ) return(NULL); qnprintf( SqlBufRead, SQL_BUF_SIZE, -SELECT remote_ip FROM lastauth WHERE user='%s' AND domain='%s', +SELECT remote_ip FROM lastauth WHERE user='%s' AND domain='%s' order by timestamp LIMIT 1, pw-pw_name, domain); if (mysql_query(mysql_read,SqlBufRead)) { vcreate_lastauth_table(); diff -ru vpopmail-5.5.0-orig/backends/mysql/vmysql.h.in vpopmail-5.5.0/backends/mysql/vmysql.h.in --- vpopmail-5.5.0-orig/backends/mysql/vmysql.h.in 2010-11-05 13:37:23.0 -0500 +++ vpopmail-5.5.0/backends/mysql/vmysql.h.in 2010-11-09 14:52:02.0 -0600 @@ -96,6 +96,7 @@ domain char(96) NOT NULL,\ remote_ip char(18) not null, \ timestamp bigint default 0 NOT NULL, \ +authtype char(10) NOT NULL ,\ primary key (user, domain) char *vauth_munch_domain(char *); diff -ru vpopmail-5.5.0-orig/backends/openldap/vopenldap.c vpopmail-5.5.0/backends/openldap/vopenldap.c --- vpopmail-5.5.0-orig/backends/openldap/vopenldap.c 2010-11-05 13:37:23.0 -0500 +++ vpopmail
Re: [vchkpw] Courier IMAP or other IMAP serves...
I think Dovecot (www.dovecot.org) is the more popular POP/IMAP server these days. Rick Quoting Den Arion den_ar...@hotmail.com: Hi to everyone...I just came back to work with linux server. In the past, many years I worked with linux and I installed vpopmail and courier-imap. The last week I downloaded/installed qmail/vpopmail/courier-auth/courier imap. I have problems login to the IMAP server and searching for information I found that the module vchkpw was not in the list or the documentation. I tried to use other IMAP servers recommended but I had problems compiling but any way... I questions are:Does it work the current version of courier imap (4.8.0)?If not, is there some way to patch it?What other options are for imap server and vpopmail? Regards __m___m__ ||(O O)|| ||(~)|| !DSPAM:4c1fd69132711506018438!
Re: [vchkpw] Re: dovecot LDA with vpopmail
I modified vdelivermail.c and added an IFDEF. The below needs help - it works on FreeBSD, but is not dyanmic. There needs to be ifdefs around specific variable declarations, a location variable for the deliver and env binaries, and configure support for both the defines and the binary locations.. just to start. Rick --- ../vpopmail-5.4.17/vdelivermail.c Thu Jun 29 14:36:43 2006 +++ vdelivermail.c Mon May 18 19:55:58 2009 @@ -409,9 +409,10 @@ char local_file_tmp[FILE_SIZE]; char local_file_new[FILE_SIZE]; size_t headerlen; - int write_fd; + //int write_fd; char quota[80]; - + char home[150]; + //char *cmd[] = { |/usr/local/libexec/dovecot/deliver, , (char *)0 }; headerlen = strlen (extra_headers); msgsize += headerlen; @@ -426,7 +427,40 @@ maildir, tm, pid, hostname, (long unsigned) msgsize); read_quota_from_maildir (maildir, quota, sizeof(quota)); +#ifdef DELIVER_STDOUT +/* export HOME environment variable - strip /Maildir/ */ + /* Now HOME */ +// snprintf (envbuf2, sizeof(envbuf2), %s%s, VCHKPW_HOME, pw_dir); +//putenv(home); + sprintf(home, HOME=%s, vpw-pw_dir); +// if ( putenv(envbuf2) == -1 ) { + if ( putenv(home) == -1 ) { +printf( + putenv(HOME) failed errno %d %...@%s, + errno, TheUser, TheDomain); +return -1; + } +sprintf(home,|/usr/bin/env -i HOME=%s /usr/local/libexec/dovecot/deliver,vpw-pw_dir); + +//execv(*dovecotargs,dovecotargs); +//run_command(|/usr/local/libexec/dovecot/deliver); +run_command(home); +//run_command(cmd); +return 0; + /* +// echo email +if (fdcopy (0, read_fd, extra_headers, headerlen) != 0) { + printf(echo to stdout failed\n); + return -2; +}else{ + // Email sent to STDOUT + execv(*cmd,cmd); +//run_command('/usr/local/libexec/dovecot/deliver'); + return 0; +} + */ +#else /* open the new email file */ if ((write_fd=open(local_file_tmp, O_CREAT|O_RDWR, S_IRUSR|S_IWUSR)) == -1) { if (errno == EDQUOT) return -1; @@ -487,6 +521,7 @@ /* return failure (sync/close failed, message NOT delivered) */ return -2; +#endif } /* Quoting Tren Blackburn t...@eotnetworks.com: I'd recommend looking into the onchange functionality of vpopmail rather than hacking vpopmail (modifying vadduser.c isn't sufficient. You'd have to dig out the library function that everything else uses...I did something similar to write a modified .qmail-default when a domain was added from any method available). It's been a while since I looked at the onchange stuff, but it's been there for quite a while and is well documented. HTH, Tren - Original Message - From: news n...@ger.gmane.org To: vchkpw@inter7.com vchkpw@inter7.com Sent: Fri Aug 14 03:42:21 2009 Subject: [vchkpw] Re: dovecot LDA with vpopmail Martin Kos wrote: hi i am using on my qmail/vpopmail installation dovecot as IMAP/POP3 server. at the moment i have only some of the users having their mail filtered through sieve/delivered to the mailbox by dovecot LDA. for this users i have added a line to their .qmail-default file file as written on http://wiki.dovecot.org/LDA/Qmail -- |/var/qmail/bin/preline -f /usr/lib/dovecot/deliver -d $...@$user this works like a charm. but i would like to have dovecots LDA used for ALL my users and i haven't found a way to activate it for EACH user without changing/creating every users .qmail-default file. as i understand, vdelivermail is delivering the mails to the users mailboxes? so i would have to say to vdelivermail that it should use dovecots deliver, or what is the right way to do that? or is it just not possible? greets thanks for help KoS It seems to me that it would be pretty simple to write a bash script that would change the appropriate .qmail-default files for you in one fell swoop. I suppose the problem then would be doing this for new users. I would think that it'd be easy enough to change vadduser.c (or whatever file/program contains the 'stock' file code) to use deliver instead. Let me know if you need a little help with this, and how you make out. I'm presently using dovecot imap, and would like migrate to dovecot's LDA at some point. -- -Eric 'shubes' !DSPAM:4a856eb432711133938977!
Re: [vchkpw] vdelivermail stdout to Dovecot deliver
On Thu, 2009-04-02 at 06:01 -0700, Tom Collins wrote: On Mar 30, 2009, at 7:32 PM, Rick Romero wrote: What I'm trying to work around with this method is to handle user-specific .qmail directives. Dovecot doesn't do that, and that is why I can't full out replace vdelivermail with deliver. What if vpopmail was updated to store a user's .qmail file as domain.com/.qmail-user instead of domain.com/user/.qmail? It seems whatever solution I want to implement has a lot of work involved. In this case it would involve migrating all the existing domain.com/user/.qmail files to domain.com/.qmail-user, and the applications which create/modify them. It's not done through vpopmaild. I think the simplest option is just calling deliver via vdelivermail's existing run_command function (which IMHO does exactly what is needed - it would be exactly the same as calling maildrop via domain.com/user/.qmail), I just have been too busy to really test it. Rick !DSPAM:49d699c132681621912481!
Re: [vchkpw] vdelivermail stdout to Dovecot deliver
Ok. This won't work. My test system had all the variables set in the shell, which is why it worked. :( The reason it won't work is that qmail-local is the parent process of both vdelivermail AND deliver. If vdelivermail sets HOME, it does not apply to deliver's environment. :( On the up side, with vdelivermail sending the mail to STDOUT, if you do |/usr/local/vpopmail/bin/vdelivermailstdout | /usr/local/libexec/dovecot/deliver -d $...@$host It should deliver.. I'll try and test this tonite - on my test system I received an error 'email' in my INBOX when $EXT and $HOST didn't exist on my commandline. The caveat being you need to run the dovecot Auth on each machine that does delivery. :/ The other option would be for vdelivermail to call Dovecot's deliver after setting the environment. Programming question - if I write to fd0 (STDOUT), and then exec() a process, will that child process see the data I put in fd0 from the parent? Maybe I'll just try that as well. Rick Quoting Rick Romero r...@havokmon.com: On Wed, 2009-03-11 at 14:19 -0500, Rick Romero wrote: I think it'll work just dandy if vdelivermail set's the HOME variable and writes the email to stdout. I attached a patch, but I think testing this is going to be a pita unless someone has some sort of shell 'vdelivermail' tester ? :O Holy crap it worked. Not only did it compile without error, but it actually worked as expected. The command: cat /home/vpopmail/domains/havokmon.com/rick/Maildir/cur/1236799820.50282.mx.vfemail.net,S=3365:2,S | env -v EXT=rick HOST=havokmon.com HOME=/home/vpopmail/domains/havokmon.com/rick /usr/local/vpopmail/bin/vdelivermailstdout '' r...@havokmon.com Causes the ./vdelivermail (which is compiled to send to STDOUT) to display the email in the terminal If I run: cat /home/vpopmail/domains/havokmon.com/rick/Maildir/cur/1236799820.50282.mx.vfemail.net,S=3365:2,S | env -v EXT=rick HOST=havokmon.com HOME=/home/vpopmail/domains/havokmon.com/rick /usr/local/vpopmail/bin/vdelivermail '' r...@havokmon.com The email will be delivered to my mailbox. So I've got a decent test environment. Now appending deliver to that first command line: cat /home/vpopmail/domains/havokmon.com/rick/Maildir/cur/1236751658.43485.mx.vfemail.net,S=3436:2,S | env EXT=rick HOST=havokmon.com HOME=/home/vpopmail/domains/havokmon.com/rick /usr/local/vpopmail/bin/vdelivermailstdout '' r...@havokmon.com | /usr/local/libexec/dovecot/deliver And it worked too! Wow. I'm blown away. I need a glass of champagne. Not that I didn't think it would work, but that it worked 'pefectly' without throwing an error on the first try. :) I think it took me longer to figure out how to test it in a shell. The only problem I see is the new message starts with a (null). (null)Delivered-To: r...@havokmon.com Now the null occurs whether I use deliver, the original vdelivermail, or the new vdelivermailstdout, so I think its part of the cat. I'll work on it a little more tomorrow, so I can go to bed happy tonite :) Rick !DSPAM:49d1032d32681689686421!
RE: [vchkpw] vdelivermail stdout to Dovecot deliver
What I'm trying to work around with this method is to handle user-specific .qmail directives. Dovecot doesn't do that, and that is why I can't full out replace vdelivermail with deliver. As for pipes, I see where you're coming from, and it's probably best to not chain pipes, but instead exec the deliver process from within vdelivermail just as it would a user-specific .qmail directive. I was having problems with that, but you've just given me another avenue to try - vdelivermail will exec piped commands, so I may be able to re-use that code. Then your 'piped program failed' action should be no different than when maildrop or procmail is called from .qmail. The problem with the environments is that piping doesn't appear to be creating a child process of the previous command (within .qmail-default). fd1 (I think that's STDOUT) is a persistent file descriptor which each piped process can read, but qmail-local is the actual parent process of everything that runs from .qmail-default - vdelivermail is the parent of everything that runs from ~user/.qmail. I also discovered that I have an .inbox under my domain folder after testing dovecot deliver because $home was set to my domain, which qmail-local does. Unfortuantely it's tried and true :/ Rick On Mon, 2009-03-30 at 11:55 -0700, Tren Blackburn wrote: I have a question about this. When I first implemented dSPAM I used the same method of nested pipes to handle delivery through .qmail-default. However the problem I ran into was if there was a problem in the first pipe that caused an error mail was lost due to the broken pipe. Is that something that could happen here? Is the pipe intelligent enough to see a failure and notify the previous process? And with regards to the environment variables, if you export them in the parent process shouldn't they be part of the environments of the child processes? Another possibility is piping through maildrop. That's the solution I ended up moving to for dSPAM since it was able to handle errors properly through an exception and xfilter clause. Based on the error codes dspamc sent I could re-queue or do other things. And to ensure that chkuser still functioned properly for bounce-no-mailbox you just setup the .qmail-default like this: | /usr/local/bin/maildrop /etc/maildroprc # bounce-no-mailbox Because chkuser only checks for the existence of bounce-no-mailbox in .qmail-default. It doesn't care about vdelivermail so adding it as a comment works perfectly. I'm not sure if this method would be worth doing in the case of dovecot, but it helped me get around some of the same issues with dSPAM, and ensure that mail was never lost. Regards, Tren -Original Message- From: Rick Romero [mailto:r...@havokmon.com] Sent: Monday, March 30, 2009 10:37 AM To: vchkpw@inter7.com Subject: Re: [vchkpw] vdelivermail stdout to Dovecot deliver Ok. This won't work. My test system had all the variables set in the shell, which is why it worked. :( The reason it won't work is that qmail-local is the parent process of both vdelivermail AND deliver. If vdelivermail sets HOME, it does not apply to deliver's environment. :( On the up side, with vdelivermail sending the mail to STDOUT, if you do |/usr/local/vpopmail/bin/vdelivermailstdout | /usr/local/libexec/dovecot/deliver -d $...@$host It should deliver.. I'll try and test this tonite - on my test system I received an error 'email' in my INBOX when $EXT and $HOST didn't exist on my commandline. The caveat being you need to run the dovecot Auth on each machine that does delivery. :/ The other option would be for vdelivermail to call Dovecot's deliver after setting the environment. Programming question - if I write to fd0 (STDOUT), and then exec() a process, will that child process see the data I put in fd0 from the parent? Maybe I'll just try that as well. Rick Quoting Rick Romero r...@havokmon.com: On Wed, 2009-03-11 at 14:19 -0500, Rick Romero wrote: I think it'll work just dandy if vdelivermail set's the HOME variable and writes the email to stdout. I attached a patch, but I think testing this is going to be a pita unless someone has some sort of shell 'vdelivermail' tester ? :O Holy crap it worked. Not only did it compile without error, but it actually worked as expected. The command: cat /home/vpopmail/domains/havokmon.com/rick/Maildir/cur/1236799820.50282.m x.vfemail.net,S=3365:2,S | env -v EXT=rick HOST=havokmon.com HOME=/home/vpopmail/domains/havokmon.com/rick /usr/local/vpopmail/bin/vdelivermailstdout '' r...@havokmon.com Causes the ./vdelivermail (which is compiled to send to STDOUT) to display the email in the terminal If I run: cat /home/vpopmail/domains/havokmon.com/rick/Maildir/cur/1236799820.50282.m x.vfemail.net,S=3365:2,S | env -v EXT=rick HOST
Re: [vchkpw] vpopmail now has vusage daemon support
On Wed, 2009-03-11 at 11:27 -0500, Matt Brookings wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rick Widmer wrote: Rick Romero wrote: I was considering changing vdelivermail to have a stdout option, where you could pipe from vdelivermail to Dovecot's deliver for 'final' delivery instead of direct to Maildir within your .qmail-default file. That 'should' allow everything else to occur normally, but get those indexes updated as well. I think just 'HOME' needs to be exported, but I haven't tested it yet. I know there are a few people around who would like to see that happen. I'm not really familiar with Dovecot's delivery processes. Does anyone have links to documentation they can provide that would indicate how vdelivermail should execute a Dovecot delivery process? According to the Wiki, it's supposed to be implemented as such: http://wiki.dovecot.org/LDA/Qmail Add the -d parameter to specify the destination username: |/var/qmail/bin/preline -f /usr/local/libexec/dovecot/deliver -d $...@$user But the 'core' LDA Wiki shows that to deliver WITHOUT doing a lookup (because we already know where it will be delivered), you can do: HOME=/path/to/user/homedir deliver -f $FROM_ENVELOPE What I was going to test (and just haven't gotten around to it) is what '-f' is for. If it's for bounces, then we can essentially ignore it as long as deliver doesn't complain. Then all vdelivermail would need to do is set the HOME environment variable, and pipe the message to deliver. Rick !DSPAM:49b7fbd732685638620574!
Re: [vchkpw] vpopmail now has vusage daemon support
On Wed, 2009-03-11 at 14:19 -0500, Rick Romero wrote: Oh - and I'm not sure what the best way is to 'chomp' /Maildir off the maildir variable.. I'm just a hacker. scratch that, looks like vpw-pw_dir can probably be used instead of maildir... still have to test though.. Rick !DSPAM:49b8113632681552171626!
Re: [vchkpw] vpopmail now has vusage daemon support
On Wed, 2009-03-11 at 13:04 -0500, Matt Brookings wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rick Romero wrote: According to the Wiki, it's supposed to be implemented as such: http://wiki.dovecot.org/LDA/Qmail Add the -d parameter to specify the destination username: |/var/qmail/bin/preline -f /usr/local/libexec/dovecot/deliver -d $...@$user But the 'core' LDA Wiki shows that to deliver WITHOUT doing a lookup (because we already know where it will be delivered), you can do: HOME=/path/to/user/homedir deliver -f $FROM_ENVELOPE What I was going to test (and just haven't gotten around to it) is what '-f' is for. If it's for bounces, then we can essentially ignore it as long as deliver doesn't complain. Then all vdelivermail would need to do is set the HOME environment variable, and pipe the message to deliver. Sounds easy enough. I'll look further into this once I get a chance. Probably sometime early next week. ..but, if someone has time now, be my guest :) Ok. #1. deliver won't run as root. This is fine for us I belive, unless you want to test from the command line as root :/ #2. Once I figured out how to become vpopmail and run commands, simply doing (I was running csh on FreeBSD): %set home = /home/vpopmail/domains/havokmon.com/rick/ % cat /home/vpopmail/domains/havokmon.com/rick/Maildir/cur/1236788062.63198.mx.vfemail.net,S=2092:2,S | /usr/local/libexec/dovecot/deliver Delivered a brand new copy of an existing email into my Inbox. I think it'll work just dandy if vdelivermail set's the HOME variable and writes the email to stdout. I assume this would be a compile time option? Or how about one of those fancy, if the program is called as 'x' do x, otherwise do y filename checks? I attached a patch, but I think testing this is going to be a pita unless someone has some sort of shell 'vdelivermail' tester ? Oh - and I'm not sure what the best way is to 'chomp' /Maildir off the maildir variable.. I'm just a hacker. Rick !DSPAM:49b80efb32682044720806! --- vpopmail-5.4.17/vdelivermail.c Thu Jun 29 14:36:43 2006 +++ vpopmail-5.4.17-vfe/vdelivermail.c Wed Mar 11 14:14:11 2009 @@ -411,6 +411,7 @@ size_t headerlen; int write_fd; char quota[80]; + char home[150]; headerlen = strlen (extra_headers); msgsize += headerlen; @@ -426,7 +427,19 @@ maildir, tm, pid, hostname, (long unsigned) msgsize); read_quota_from_maildir (maildir, quota, sizeof(quota)); - +#ifdef DELIVER_STDOUT +/* export HOME environment variable - strip /Maildir/ */ +sprintf(home, HOME=%s, maildir); +putenv(home); +/* echo email */ +if (fdcopy (1, read_fd, extra_headers, headerlen) != 0) { + printf(echo to stdout failed\n); + return -2; +}else{ + /* Email sent to STDOUT */ + return 0; +} +#else /* open the new email file */ if ((write_fd=open(local_file_tmp, O_CREAT|O_RDWR, S_IRUSR|S_IWUSR)) == -1) { if (errno == EDQUOT) return -1; @@ -487,6 +500,7 @@ /* return failure (sync/close failed, message NOT delivered) */ return -2; +#endif } /*
Re: [vchkpw] vpopmail now has vusage daemon support
On Wed, 2009-03-11 at 14:19 -0500, Rick Romero wrote: I think it'll work just dandy if vdelivermail set's the HOME variable and writes the email to stdout. I attached a patch, but I think testing this is going to be a pita unless someone has some sort of shell 'vdelivermail' tester ? :O Holy crap it worked. Not only did it compile without error, but it actually worked as expected. The command: cat /home/vpopmail/domains/havokmon.com/rick/Maildir/cur/1236799820.50282.mx.vfemail.net,S=3365:2,S | env -v EXT=rick HOST=havokmon.com HOME=/home/vpopmail/domains/havokmon.com/rick /usr/local/vpopmail/bin/vdelivermailstdout '' r...@havokmon.com Causes the ./vdelivermail (which is compiled to send to STDOUT) to display the email in the terminal If I run: cat /home/vpopmail/domains/havokmon.com/rick/Maildir/cur/1236799820.50282.mx.vfemail.net,S=3365:2,S | env -v EXT=rick HOST=havokmon.com HOME=/home/vpopmail/domains/havokmon.com/rick /usr/local/vpopmail/bin/vdelivermail '' r...@havokmon.com The email will be delivered to my mailbox. So I've got a decent test environment. Now appending deliver to that first command line: cat /home/vpopmail/domains/havokmon.com/rick/Maildir/cur/1236751658.43485.mx.vfemail.net,S=3436:2,S | env EXT=rick HOST=havokmon.com HOME=/home/vpopmail/domains/havokmon.com/rick /usr/local/vpopmail/bin/vdelivermailstdout '' r...@havokmon.com | /usr/local/libexec/dovecot/deliver And it worked too! Wow. I'm blown away. I need a glass of champagne. Not that I didn't think it would work, but that it worked 'pefectly' without throwing an error on the first try. :) I think it took me longer to figure out how to test it in a shell. The only problem I see is the new message starts with a (null). (null)Delivered-To: r...@havokmon.com Now the null occurs whether I use deliver, the original vdelivermail, or the new vdelivermailstdout, so I think its part of the cat. I'll work on it a little more tomorrow, so I can go to bed happy tonite :) Rick !DSPAM:49b8293132681656476147!
Re: [vchkpw] Courier support
I may be a little out of date, but since I assume altering quota support would mean altering vdelivermail as well - can we 'add dovecot support' into vdelivermail? I have slow large POP mailboxes - due to Dovecot's indexes/uid gathering. I can't replace vdelivermail with dovecot's deliver to fix that because of how I've done some things. As I understand it, another possible way to speed POP up is to add the ,W=vsize to Maildir filenames which I don't currently have done. It seems the vsize option could be a quick fix/implementation, but updating indexes in the long run would be great. I wonder if the index part of Dovecot is modular... I wouldn't want to cross post - at least not at this point. Rick On Tue, 2009-03-10 at 10:06 -0500, Matt Brookings wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It's a sad tale, but a true one. We're all probably aware that Courier-MTA has dropped support for vpopmail. This has forced many of us to move to the speedier, and in my opinion, overall better, Dovecot package --An easy move indeed. While working on implementation of the updated quota code, which involved wading through hundreds of lines of code hacked and slashed out of Courier-MTA's libraries to provide support for Courier-IMAP, I realized what a good thing this could be. Dovecot's quota system does not require Maildir++ support inherently. The vpopmail library, now compiled in with vusage support, can provide a quick plugin to Dovecot that totally removes the requirement of writing and reading the maildirsize files. My question is this: Courier-IMAP has dropped us, should we drop Courier-IMAP? - -- /* Matt Brookings m...@inter7.com GnuPG Key D9414F70 Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkm2gg0ACgkQ6QgvSNlBT3BcGQCgltzL1FHw/LJp9UYxzYOpzprq v6QAoI7wbajsyCLsJoDXv1Ra2OYP+Bmq =7GK2 -END PGP SIGNATURE- !DSPAM:49b6878c32681343319618!
Re: [vchkpw] Courier support
On Tue, 2009-03-10 at 10:34 -0500, Matt Brookings wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rick Romero wrote: I may be a little out of date, but since I assume altering quota support would mean altering vdelivermail as well - can we 'add dovecot support' into vdelivermail? Actually, no. Altering quota support is done in maildirquota.c. None of the binary sources associated with vpopmail are expected to change, just the vpopmail library they link in. Gotcha. I'll have to look at the latest version. My 5.4.17 has a read_quota_from_maildir() function that does a little with that file. I have slow large POP mailboxes - due to Dovecot's indexes/uid gathering. I can't replace vdelivermail with dovecot's deliver to fix that because of how I've done some things. As I understand it, another possible way to speed POP up is to add the ,W=vsize to Maildir filenames which I don't currently have done. I'm not familiar with the W part since it's not part of the Maildir++ specification. What is the W setting and what is vsize? I don't see why adding it would be a huge deal. According to the Dovecot wiki, W= size including CR/LFs(?). From my old vdelivermail source, it looks like: snprintf(local_file_tmp, sizeof(local_file_tmp), %stmp/%lu.%lu.%.32s,S= %lu, maildir, tm, pid, hostname, (long unsigned) msgsize); snprintf(local_file_new, sizeof(local_file_new), %snew/%lu.%lu.%.32s,S= %lu, maildir, tm, pid, hostname, (long unsigned) msgsize); Could be changed to: snprintf(local_file_tmp, sizeof(local_file_tmp), %stmp/%lu.%lu.%.32s,S= %lu,W=%lu, maildir, tm, pid, hostname, (long unsigned) msgsize,(long unsigned) msgsize); snprintf(local_file_new, sizeof(local_file_new), %snew/%lu.%lu.%.32s,S= %lu,W=%lu, maildir, tm, pid, hostname, (long unsigned) msgsize, (long unsigned) msgsize); Right? I don't know if any real performace would be had from that, but it seems like a harmless change on the surface :) Rick !DSPAM:49b68d0e32681885610133!
Re: [vchkpw] vpopmail now has vusage daemon support
On Tue, 2009-03-10 at 12:32 -0500, Matt Brookings wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tonix (Antonio Nati) wrote: Actually IMAP o POP daemons which extract from, subject, date and size size must open every message to get those informations. While I understand where you're coming from, it's just not the path the daemon is currently taking. In the future, once all the base features are working, we can consider adding other features such as the ones you're describing. The daemon was designed with query structure in mind, for future versions where queries might cause query branching (eg, Commands). This is what Dovecot does, and where my slowness is for POP. Dovecot's indexes are great, except when you're not updating them on delivery and a POP user has a ton of email. This is kinda where I was going with 'adding Dovecot support' in my first email. I was considering changing vdelivermail to have a stdout option, where you could pipe from vdelivermail to Dovecot's deliver for 'final' delivery instead of direct to Maildir within your .qmail-default file. That 'should' allow everything else to occur normally, but get those indexes updated as well. I think just 'HOME' needs to be exported, but I haven't tested it yet. Also, an update of a db record could be faster than opening, reading and rewriting a maildirsize file (and this cannot be done by two sessions simultaneosly). A centralized daemon working on quota updates also could give an anourmous advantage, keeping in cache most used domains and users and updating 'custom' mysql records (where domain quota could be used). That is what this daemon does. It replaces the 'maildirsize' functionality, which is slow and inefficiently designed, and requires that multiple processes work on a single file. The only thing it does NOT do, because it is also inefficient, is to keep a networked database updated. The daemon itself is the networked database, but because it does not need to parse complicated SQL statements and provide complicated database locking schemes, it can provide much faster access to information. The one thing it cannot do currently, is keep information saved if the daemon goes down. This will be remedied later once the current codebase is deemed stable. Maybe make it a hook to store that info in a 'database' - where by default the 'database' is memory, and add memcache and Xsql as options.. (possibly with a timestamp - older mem entries could be saved to sql after x minutes) Here I am hijacking threads again :) Rick !DSPAM:49b6ae4f32681084099638!
Re: [vchkpw] vpopmail now has vusage daemon support
On Tue, 2009-03-10 at 13:17 -0500, Matt Brookings wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rick Romero wrote: I was considering changing vdelivermail to have a stdout option, where you could pipe from vdelivermail to Dovecot's deliver for 'final' delivery instead of direct to Maildir within your .qmail-default file. That 'should' allow everything else to occur normally, but get those indexes updated as well. I think just 'HOME' needs to be exported, but I haven't tested it yet. Is there a way to update Dovecot's indexes without having it handle delivery? In that case, we could easily add support for this into vpopmail. Not very easily from the the reply I got, and what I know of it. Just determining where the indexes are kept (local/NFS) affects what happens with file opens in the background. It's all really quite intertwined, and at this time there isn't an easy API call to 'update indexes'. :/ Rick !DSPAM:49b6b65f32681893721643!
Re: [vchkpw] Opinions needed
I personally don't require it. It also seems to me with disk space costing what it does, and compression being readily available (via plugins, ZFS, or what have you) it shouldn't really be an issue. Are there any applications that display the actual quota amount that do NOT round to the megabyte? It seems to me that most show percentage used, and round to the megabyte if they do display the actual number - maybe that's where the problem will lie.. Applications that convert the actual quota from bytes to megabytes will break. Rick Matt Brookings wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Some of you may be aware I'm working on changes and additions to the quota system in vpopmail. Part of the aim of the updated system is to provide future-proofing against the problems we're having now, where quota sizes and usage counts are overflowing in various circumstances, either in vpopmail, or in applications utilizing vpopmail. My question is this; would anyone ever require a quota below a megabyte, or, would any application ever really need to know about specific usage counts below a megabyte? When calculating usage, I'm thinking about making the smallest measure of unit a megabyte storing the result in a 64bit unsigned integer. The 64bit value is almost a requirement, but making the smallest unit of measure a megabyte, should future-proof for quite a bit longer. - -- /* Matt Brookings m...@inter7.com GnuPG Key D9414F70 Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJdzVU6QgvSNlBT3ARAiFnAKCeHYx2gywPskZk5S//QBAud2VjrACfTynz 7ASJaP8uqjghUBvwbWi/SxQ= =iOoj -END PGP SIGNATURE- -- Rick Romero Need IT assistance? VF IT Services / VFEmail.net www.vfit.biz / www.vfemail.net !DSPAM:49773dc432683754956235!
Re: [vchkpw] OpenSolaris 8gb quota displays wrong
Rick Romero wrote: Jukka Kurkela wrote: Rick Romero wrote: Ok, I have an odd problem. I tried both vpopmail 5.4.17 and 5.4.25. This is functioning on multiple FreeBSD machines, but failing on OpenSolaris. I've removed my maildirsize file multiple times. If I look at my account with an 8gb quota, and 923Mb of data (du -h) with vuserinfo, it reports 100% full. snip When I set percentage to 105, that's what my output now says instead of 100. If I multiple i by 100 instead of 10. It says I have 84% used. So for some reason it seems 932M of 8Gb is calculating to 840%. I assume it' some kind of compiler issue, but I don't know where to look. Rick i would guess it fails at 2147483648 and off_t ends up being signed 32bit, so it overflows. i have no idea why that would happen, or should it happen always with 32 bit kernel. That was my thought too, but a couple of my FreeBSD boxes which are working properly are not running a 64bit kernel and the Solaris box is. I'm kinda lost at this point, other than the kernel I'm not sure what else would set 32bit vs 64bit in the build... Interestingly enough, someone just posted a similar issue with maildrop and quotas, and a followup to a patch was posted. This patch just changes off_t to int64_t. I did the same to vpopmail's maildirquota.c and we're good to go. Rick !DSPAM:4947a8ce32311815710463!
[vchkpw] OpenSolaris 8gb quota displays wrong
Ok, I have an odd problem. I tried both vpopmail 5.4.17 and 5.4.25. This is functioning on multiple FreeBSD machines, but failing on OpenSolaris. I've removed my maildirsize file multiple times. If I look at my account with an 8gb quota, and 923Mb of data (du -h) with vuserinfo, it reports 100% full. /usr/local/vpopmail/bin/vuserinfo r...@havokmon.com name: rick dir: /usr/home/vpopmail/domains/havokmon.com/rick quota: 80 usage: 100% :/usr/home/vpopmail/domains/havokmon.com/rick/Maildir# cat maildirsize 80S 848908105 29941 So that's obviously wrong. Now, if I check my wife's account it's fine: :/usr/home/vpopmail/domains/havokmon.com/rick/Maildir# /usr/local/vpopmail/bin/vuserinfo she...@havokmon.com name: shelby dir: /usr/home/vpopmail/domains/havokmon.com/shelby quota: 2 usage: 49% cat /usr/home/vpopmail/domains/havokmon.com/shelby/Maildir/maildirsize 2S 98759830 1339 If I reduce my quota from 8GB to 900Mb, I get: quota: 9S usage: 94% I've played with my quota a bit, and somewhere around 2.2GB (22) is where the math starts to fail. So obviously something is not working right on OpenSolaris. This works fine on FreeBSD machines, I'm building a new OpenSolaris server and am using the same MySQL backend, but a copy of the mailbox data. #uname -a SunOS sysvolOne 5.11 snv_101b i86pc i386 i86pc Solaris It seems to be failing in maildirquota.c in qcalc: while (*quota = '0' *quota = '9') i=i*10 + (*quota++ - '0'); switch (*quota) { default: if (i s) { *percentage=105; return (-1); } When I set percentage to 105, that's what my output now says instead of 100. If I multiple i by 100 instead of 10. It says I have 84% used. So for some reason it seems 932M of 8Gb is calculating to 840%. I assume it' some kind of compiler issue, but I don't know where to look. Rick -- Rick Romero Need IT assistance? VF IT Services / VFEmail.net www.vfit.biz / www.vfemail.net !DSPAM:4945801332318963516665!
Re: [vchkpw] OpenSolaris 8gb quota displays wrong
Jukka Kurkela wrote: Rick Romero wrote: Ok, I have an odd problem. I tried both vpopmail 5.4.17 and 5.4.25. This is functioning on multiple FreeBSD machines, but failing on OpenSolaris. I've removed my maildirsize file multiple times. If I look at my account with an 8gb quota, and 923Mb of data (du -h) with vuserinfo, it reports 100% full. snip When I set percentage to 105, that's what my output now says instead of 100. If I multiple i by 100 instead of 10. It says I have 84% used. So for some reason it seems 932M of 8Gb is calculating to 840%. I assume it' some kind of compiler issue, but I don't know where to look. Rick i would guess it fails at 2147483648 and off_t ends up being signed 32bit, so it overflows. i have no idea why that would happen, or should it happen always with 32 bit kernel. That was my thought too, but a couple of my FreeBSD boxes which are working properly are not running a 64bit kernel and the Solaris box is. I'm kinda lost at this point, other than the kernel I'm not sure what else would set 32bit vs 64bit in the build... Rick !DSPAM:4945a71a32316363810759!
Re: [vchkpw] Ezmlm web interface OT
Other than what qmailadmin provides? What else were you looking for? Rick Remo Mattei wrote: Hello guys I wonder if there are any ezmlm web interface with vpopmail/ezmlm configuration and which one should be consider to look into. Thanks Remo !DSPAM:491725b832312579312187!
Re: [vchkpw] incoming mails from vpopmail to exchange
Thats your smtproutes file Yourdomain:pixexternalip Tells the mailserver where to deliver mail for Yourdomain, which the pix is forwarding to Exchange. Rick On Oct 2, 2008, at 11:31 AM, [EMAIL PROTECTED] wrote: Hi maybe stupid question, but : how mailserver to know where is internal mailserver (exchange)?? situation, for example : mail server ip : 20.20.20.20 pix external ip : 20.20.20.40 pix internal ip : 30.30.30.1 internal mail server ( exchange ) :30.30.30.10 what i need to configure in mailserver ?? p.s pix accept incoming smtp connection from 20.20.20.20 (external mail server) to 30.30.30.10 (internal exchange) valts Citējot: Rick Macdougall [EMAIL PROTECTED]: Shane Chrisp wrote: On Wed, 2008-10-01 at 10:21 -0400, Rick Macdougall wrote: Shane Chrisp wrote: On Wed, 2008-10-01 at 16:52 +0300, [EMAIL PROTECTED] wrote: Try putting the IP address in square brackets like domain1.com:[10.10.10.10] Hi, No, there is no need to do that. I manage 50 or more external domains (for anti-virus/anti-spam applications) and you do not need the square brackets. Regards, Rick Hi, If there is no dns available, not using the brackets can cause issues I have found. I just use the brackets by default when using private IP space in particular. Taken directly from man qmail-remote The remote host is qmail-remote's first argument, host. qmail-remote sends the message to host, or to a mail exchanger for host listed in the Domain Name System, via the Simple Mail Transfer Protocol (SMTP). host can be either a fully-qualified domain name: silverton.berkeley.edu or an IP address enclosed in brackets: [128.32.183.163] Cool, learn something new every day. Guess I never got bitten by it as all the IPs I use are public. Regards, Rick - TVNET - Zinu adresse :: http://www.tvnet.lv !DSPAM:48e50e5332315858623171!
Re: [vchkpw] How does the vpopmail supply a reset password tool over the webmail page?
On Sun, 2008-07-20 at 19:00 +0300, Bulent Kolay wrote: Well, my vqregister works but when it could not write to user_store database. As vqregister didn't create database, I have to created user_store manually. But I don't know how I make table and fields into user_store. Could you give a script about that ? I use php5.2.6, mysql5.0 vpopmail5.4.6 I am able to add any user with vqregister. Off the top of my head, make sure your db.c points to db_mysql.cI haven't messed with the innards of vqregister for a long time.. It would be best to check the archives first, vqregister isn't as 'hands off' as some other software. Rick !DSPAM:4884fe8532317380113785!
Re: [vchkpw] How does the vpopmail supply a reset password tool over the webmail page?
On Sat, 2008-07-19 at 00:48 +0300, Bulent Kolay wrote: I use vpopmail5.4.x on qmail. I also use squirrelmail for webmail. My users sometime may forget their email passwords. So I want my mail server to supply a reset password tool on the webmail page. How can I do that? is there any tool about that? I don't know how others do it, but I use vqregister with email verification for signups, and I store plaintext passwords. I then wrote a php script which accepts a local email address as input, and emails the current password to both the signup address and local address. It's more of a notification than a reset. Here's mine.. the actual notification script has specific errors commented out in preference of generic errors to help prevent email harvesting. Rick Web Page: reset.php ?php global $email; if ($argv[0] || $email || $_POST[email]){ if (!$email){ if (!$argv[0]){ $email = $_POST[email]; }else{ $email = $argv[0]; } } include '/usr/local/www/cgi-bin/getpass.php'; } else{ // Print Form print FORM method=\post\ action=/reset.php\n; print INPUT type=\text\ name=\email\ size=\20\; print input type=\submit\ value=\Submit\; print /FORM/center; } ? --- getpass.php: ?php /* Vpopmail/Vqregister password request thingy This program accepts an email address as input, gets the original signup address from the vqregister table, and the password from the vpopmail table. The current password for the local user is then emailed to the original signup address. I install this under /cgi-bin, and call it with a: ?php include '/usr/local/www/cgi-bin/getpass.php'; ? from a stripped .php file in /data A little 'different', but I feel a little safer :) 7/29/04 Rick Romero [EMAIL PROTECTED] 1.0 */ global $email; /* Set vars */ // mysql_user needs read access to both the vqregister table, and vpopmail table. $mysql_user = 'login'; $mysql_pass = 'password'; if ($argv[0]){ $email = $argv[0]; } else { if (!$argv[0] !$email){ echo Please enter a valid email address.; exit; } } /* Connect to SQL Server */ $link = mysql_connect('localhost', $mysql_user, $mysql_pass); if (!$link) { die('Could not connect: ' . mysql_error() . '\n'); } /* Verify Username is valid, and only has characters in it (except 1 @) */ //Verify each char is allowed: 0-9,a-z,@A-Z,.,_ // Or see example at: http://us4.php.net/manual/en/ref.mail.php // ASCII Codes 49-57, 97-122, 64-90, 46, 95 $ascii_array = array(46,95); for ($i=0;$istrlen($var);$i++){ $ascii_code=ord($var[$i]); //if ($ascii_code =49 $asci_code =57) if ( ($ascii_code =49 $asci_code =57) || ($ascii_code =97 $asci_code =122) || ($ascii_code =64 $asci_code =90) || in_array($ascii_code,$ascii_array) ){ continue; } else{ return false; } } list($user, $dom) = split('@',$email); /* Get original signup email address */ $emailquery=mysql_query(SELECT cemail from user_store.user_info where dom LIKE '$dom' AND user LIKE '$user' order by rowno desc LIMIT 1); // Always dump mysql_error(), just in case if (mysql_num_rows($emailquery) == 0){ //die('Error 1. Invalid email address ' . mysql_error()); die('1 Script Complete'); } $emailresult = mysql_result($emailquery, 0, 0); if (!$emailresult) { //die('Could not query:' . mysql_error()); die('2 Script Complete'); } /* Get user's current password */ $passquery=mysql_query(SELECT pw_clear_passwd from vpopmail.vpopmail where pw_domain LIKE '$dom' AND pw_name LIKE '$user' LIMIT 1); if (mysql_num_rows($passquery) == 0){ //die('Error 2. Invalid email address' . mysql_error() ); die('Script Complete'); } $passresult = mysql_result($passquery, 0, 0); if (!$passresult) { die('Script Complete'); } /* Send email to user */ ini_set('sendmail_path','/var/qmail3/bin/qmail-inject'); $to = $emailresult . ,.$user.@.$dom ; $headers = From: \Admin\ [EMAIL PROTECTED] \n; $subject = Password request for your account.; $body = Hi,\n\nThe password you requested is:\n . $passresult . \n Please make sure your secret word and\n your signup email address are up to date.\n \nThanks, Management; if (mail($to, $subject, $body, $headers)) { //echo(pcenterScript Complete/center/p); } else { //echo(pMessage delivery failed.../p); } echo Script Complete; ? !DSPAM:4881135132353896316474!
Re: [vchkpw] Files belong to vpop?
Those look like MySQL binary files. Run this and see if some go away: /usr/local/bin/mysql -uroot -p -ePURGE MASTER LOGS BEFORE DATE_SUB( NOW( ), INTERVAL 10 day); Rick On Tue, 2008-06-03 at 14:59 -0400, m c wrote: Hello. I am dealing with a FreeBSD box that I inherited from another admin. The box is used for vpopmail and some tftp services. I'm trying to relive some space issues on /var. I've run come across several large files (see below) that seem to be used by vpopmail but I haven't been able to find any information about their use. The files are: tftp-bin.index tftp-bin.001 tftp-bin.002 tftp-bin.003 tftp-bin.004 tftp-bin.005 tftp-bin.006 tftp-bin.007 The content looks like this: E8EA9A[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@replace into dir_control ( domain, cur_users, level_cur, level_max, level_start0, level_start1, level_start2, level_end0, level_end1, level_end2, level_mod0, level_mod1, level_mod2, level_index0, level_index1, level_index2, the_dir ) values ( 'wxyz.com', 286, 0, 3, 0, 0, 0, 61, 61, 61, 0, 2, 4, 1, 0, 0, '1') There is only one file currently updating (tftp-bin.007). The others have last update dates that are older than 1yr, yet some of the files are 20M+. For this reason I was hoping to clean some of these up but I'm unsure if I can do that without effecting the system. Thanks. !DSPAM:484595d332351275215509!
Re: [vchkpw] Qmail Tap tap only incoming mail
Maybe just rsync at regular intervals after initial replication? You could also create a second local qmail install with an smtproutes entry for the local domain to point to the new server. Then add a forward within a global maildrop filter using /var/qmail2/bin/forward (which will use your 2nd install's smtproutes to hit the new box) Either should get all incoming mail replicated. Rick On Thu, 2008-04-24 at 09:22 -0600, Andrew Niemantsverdriet wrote: That will not work for this particular migration. They need two separate systems for 6months as they test the new and be able to use the old one at any time. That is why qmail tap looked ideal. On Thu, Apr 24, 2008 at 8:57 AM, Wouter van der Schagt [EMAIL PROTECTED] wrote: What i did was... old server - Change TTL values in zonefile to 5 minutes and wait till it is propagated (normally 1 day) - Create domain and popboxes on new server - Copy contents from old server to new server with scp (popboxes) - remove domain and popboxes from old server - Disable pop access on old server (with vmoduser -p domain.com) - change DNS settings and MX records for domains to point to new server - place domainname in /var/qmail/control/morercptshosts on old server so qmail will still accept incoming mail - place domainname:ip_address_of_new server in /var/qmail/control/smtproutes on old server to forward incoming mail to the new server - after dns has propagated remove entries on old server from /var/qmail/control/morercptshosts and /var/qmail/control/smtproutes files. - Change TTL back to normal During a window of 5 minutes its possible clients (users) will try to connect using pop to the old server, just tell them to try again later. - Original Message - From: Andrew Niemantsverdriet [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Thursday, April 24, 2008 10:48 PM Subject: [vchkpw] Qmail Tap tap only incoming mail Is it possible to make Qmail tap only tap the incoming mail? My problem is that I am trying to get mail to deliver to two places to ease the transition to a new mail server. Qmail tap allows that functionality but breaks down on inter-domain email. The person who sends it typically gets the mail in the new mail box and the person receiving it does not get a copy depending on where the names are in the qmail tap control file. Is there a way to make qmail tap do what I want it to do or is there a better solution? Thanks, _ /-\ ndrew !DSPAM:4810b2c6120501403623091!
Re: [vchkpw] Off Topic: I had a good day
DAve wrote: Sorry for the off topic post but I just have to tell someone. I have a house full of teenagers twice a week. I let my sons band practice downstairs, full drum kit and amps, the whole shootin match. I give them a place to practice, make them dinner, fix their guitars, tell them to drive careful when they leave. This has been Thursday and Sunday nights for almost a year. Funny thing happened tonight after practice. My wife called me downstairs and all the kids were in the kitchen. In the middle of the floor was a new hardcase with a New Haven made Ovation six string guitar. They had saved their money since November and pooled it together to get me something they said I wouldn't spend the money on for myself. It was their way of saying thanks. I nearly cried. The next generation is going to be just fine. DAve That's awesome Dave. It almost makes me want to put these TVs back in the kid's rooms :/ It'll come.. thanks for the words of encouragement :) !DSPAM:47c78411120509944712167!
Re: [vchkpw] OT: Webmail trends for vpopmail/qmail/IMAP
On Thu, 2008-01-03 at 15:12 -0600, ISP Lists wrote: ISP Lists wrote: Off-topic, perhaps respond off-list? What are the hot applications in F/OSS webmail that start to move towards AJAX clients (yahoo! mail beta, gmail) that might function well on a vpopmail/qmail/IMAP infrastructure? I looked at Sourceforge and didn't see much that would leap past squirrelmail. We use RoundCube in addition to Squirell. http://roundcube.net/ Regards, Rick Thanks Rick, good stuff! Any other ideas are most appreciated. I'm using Roundcube and Horde.. Horde's Dynamic IMP is currently at RC1... Rick !DSPAM:477d5254310541108132268!
Re: [vchkpw] [OT] IMAP Servers: Dovecot or Binc?
On Wed, 2007-12-19 at 11:11 -0800, Tom Collins wrote: Courier-IMAP seems to be putting a heavy load on my server when someone accesses a mailbox with a large number of messages in it. What's the preferred IMAP server for a machine that will have 100-200 connections (plan for growth...) but may have an occasional mailbox with 1000+ messages in it. I've searched the archives and tried to google for imap server performance and imap server comparison but haven't come up with much after an hour. My impression is that Dovecot performs well, better than courier, but I'm wondering if anyone can offer up some real-world numbers to help me make my decision. Dovecot has really come out in the past year or so. I started with .99, I upgraded from Courier, but honestly it wasn't really up to date. Dovecot's indexing showed an immediate improvement on large mailboxes. With 1.0.5, the only issue I have is with a few older Mac clients. For me this affects about 4 out of 450 clients total. I don't have any numbers, but I've had at least 1500 messages in my INBOX, not including subfolders, with great performance. The change was so dramatic I didn't need any numbers. Rick !DSPAM:4769887432008721369393!
Re: [vchkpw] Qmail rejection of overquota messages instead of bouncing
On Mon, 2007-12-10 at 09:56 -0800, Tom Collins wrote: On Dec 9, 2007, at 6:03 AM, [EMAIL PROTECTED] wrote: I'm using John Simpsons last combined patch... I'm trying to know if I could any way... cause qmail to reject messages at smtp dialogue if users we're trying to deliver is overquota instead of bouncing it... black lists are nowadays becoming quite crazy IMHO but they're know blacklisting this servers who bounce overquota... well infact now all servers that bounce directly... it would be a nice idea to reject messages for overquoted mailboxes... I've proposed the following solution, a few times over the years, and I still think it's a good one. It would fit your needs (and most people's needs) well. Someone needs to make a qmail-smtpd patch that calls an external program to verify an account. That way, there's a single qmail-smtpd patch and you can come up with whatever program (chkuser, validrcptto, etc.) you want to verify an account. You'd pass in the sender's address and the attempted recipient address. The program can have different exit codes for different conditions, and can even output a custom reject message. This would allow for handling lots of conditions: * Temporary failure, user is over quota * Permanent failure, user is over quote * Permanent failure, account does not exist * Permanent failure, account closed, please use [EMAIL PROTECTED] instead * Accepted * Accepted (by catchall) * Rejected, this account does not accept mail from [EMAIL PROTECTED] Hopefully someone with some time on their hands will take this on. I went looking into this thinking chkuser would be a perfect place for the basic quota check. Of course that would be sort of vpopmail specific, but lo and behold, it's already in there. 'chkuser.c' v.2.0.8 if (vmaildir_readquota(tmp_path.s,format_maildirquota \ (user_passwd-pw_shell)) \ = maxmbxquota_limit) { retstat = CHKUSER_ERR_MBXFULL; } It's not as encompassing as Tom was envisioning, but it does do what the parent is looking for.. Rick -- Tom Collins - [EMAIL PROTECTED] Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/ QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/ !DSPAM:475d9b3732008013718122!
Re: [vchkpw] Two qmails in same machine
On Thu, 2007-11-08 at 14:47 +, ed wrote: On Thu, 8 Nov 2007 15:47:53 +0100 (CET) [EMAIL PROTECTED] wrote: Thanks a lot Ed! here it sais how to setup a mail system in wich you can have one scanning machine and a mailbox server.. this is what I'm trying to do... but this won't be very helpful for me in this time because the mailbox server it's not qmail.. so there is no sense on passing him rcptto.cdb or other control files... and when I have a mail hub I have this document does but other way... my problem is not... how to share info between qmails to work... my main problem is how to handle the max incomming traffic as possible and with minimum machine... and I have thought that idea... thanks a lot anyway mate :) If you have just one box then you're screwed because you cant magic the processor time. Not entirely, If the main issue is timeouts during SMTP, he can move his scanning to '127.0.0.1', and remove it from his external IP. That will ensure he can receive an email from the outside in its entirety. He can throttle connections to 127.0.0.1 to prevent overload, and he won't bounce mail due to SMTP timeouts. You don't want to lose a/v scanning on your external IP, so another qmail install, with spam-only qmail-scanner, would be the cheapest solution. If you have greater than one box the think of ways to get virus processing away form the box that receives the mail, perhaps if you're in an office lan, then deploy a virtual IP address protocol, so that one of the workstations can handle the virus scanning process at that time... might be interesting. I'd try simscan as well, it's a bit faster than qmail-scanner. But Ed really is right - the ultimate solution is more hardware. I now have a machine dedicated to only doing SpamAssassin scans... Rick !DSPAM:4733248632007426914367!
Re: [vchkpw] Two qmails in same machine
On Thu, 2007-11-08 at 17:20 +0100, [EMAIL PROTECTED] wrote: On Thu, 08 Nov 2007 08:52:57 -0600 Rick Romero [EMAIL PROTECTED] wrote: Not entirely, If the main issue is timeouts during SMTP, he can move his scanning to '127.0.0.1', and remove it from his external IP. That will ensure he can receive an email from the outside in its entirety. He can throttle connections to 127.0.0.1 to prevent overload, and he won't bounce mail due to SMTP timeouts. You don't want to lose a/v scanning on your external IP, so another qmail install, with spam-only qmail-scanner, would be the cheapest solution. Why not? Moving it to a pool of AV scanning boxes would be a good idea. I'm not suggesting that the caller be moved, but the work is moved. So the MX gets the mail, but uses the clam client to talk to a clam server that's in a pool... somewhere. That would seem to be a good use of resources to me. The resource pool could be a loadbalancer for example, if one works with an office LAN that would be a good use of boxes that are doing nothing more than running a xscreensaver. -- The SCSI Controller to Toshi Station is sending 11 because of the newbie thinking 'halt' means 'exit'. Valve Software is RNA. :: http://www.s5h.net/ :: http://www.s5h.net/gpg Hi! Perhaps I should have said that this server will be housed and that I can't set more than one server because of the cost... so I needed to do something as this... but don't know if it would work or could have problems... I assume not.. because is the same way than setting a ssl smtp on port 465.. it shares everything with qmails 25 port server... but I needed to know if any of you have tested if this works... Yes, basically: Do an alternate qmail install (qmail2) Install your qmail-scanner on qmail2 with only antivirus scanning. Assuming you're running supervised: create a /service/smtp2/run that only binds to your external IP (correct the paths) create a /service/send2/ like /service/send, but with correct paths change/add /var/qmail2/control/smtproutes to contain only: :127.0.0.1 modify your /service/smtp/run so it only binds to 127.0.0.1 What you did was install a blank qmail (make sure the basics are there so you don't have an open relay, etc) into qmail2. All it does is bind to your external IP, recieve email, a/v scan it, and forward it to 127.0.0.1. Since 127.0.0.1 is your original qmail install, it will handle everything as it did before. It can get confusing - so make sure you backup everything before you accidentally edit/delete something in /var/qmail instead of /var/qmail2 :) Rick !DSPAM:4733438c32001116414286!
Re: [vchkpw] Two qmails in same machine
On Thu, 2007-11-08 at 18:50 +0100, tonix (Antonio Nati) wrote: Rick Romero ha scritto: On Thu, 2007-11-08 at 17:20 +0100, [EMAIL PROTECTED] wrote: On Thu, 08 Nov 2007 08:52:57 -0600 Rick Romero [EMAIL PROTECTED] wrote: Not entirely, If the main issue is timeouts during SMTP, he can move his scanning to '127.0.0.1', and remove it from his external IP. That will ensure he can receive an email from the outside in its entirety. He can throttle connections to 127.0.0.1 to prevent overload, and he won't bounce mail due to SMTP timeouts. You don't want to lose a/v scanning on your external IP, so another qmail install, with spam-only qmail-scanner, would be the cheapest solution. Why not? Moving it to a pool of AV scanning boxes would be a good idea. I'm not suggesting that the caller be moved, but the work is moved. So the MX gets the mail, but uses the clam client to talk to a clam server that's in a pool... somewhere. That would seem to be a good use of resources to me. The resource pool could be a loadbalancer for example, if one works with an office LAN that would be a good use of boxes that are doing nothing more than running a xscreensaver. -- The SCSI Controller to Toshi Station is sending 11 because of the newbie thinking 'halt' means 'exit'. Valve Software is RNA. :: http://www.s5h.net/ :: http://www.s5h.net/gpg Hi! Perhaps I should have said that this server will be housed and that I can't set more than one server because of the cost... so I needed to do something as this... but don't know if it would work or could have problems... I assume not.. because is the same way than setting a ssl smtp on port 465.. it shares everything with qmails 25 port server... but I needed to know if any of you have tested if this works... Yes, basically: Do an alternate qmail install (qmail2) Install your qmail-scanner on qmail2 with only antivirus scanning. Assuming you're running supervised: create a /service/smtp2/run that only binds to your external IP (correct the paths) create a /service/send2/ like /service/send, but with correct paths change/add /var/qmail2/control/smtproutes to contain only: :127.0.0.1 modify your /service/smtp/run so it only binds to 127.0.0.1 What you did was install a blank qmail (make sure the basics are there so you don't have an open relay, etc) into qmail2. All it does is bind to your external IP, recieve email, a/v scan it, and forward it to 127.0.0.1. Since 127.0.0.1 is your original qmail install, it will handle everything as it did before. It can get confusing - so make sure you backup everything before you accidentally edit/delete something in /var/qmail instead of /var/qmail2 :) What about qmail users? Usually qmail cd according to user's home directory. If everything is smtproute forwarded to 127.0.0.1 your qmail2 need not know about any users - as long as it's not using chkuser. All he should need is qmail2/control/rcpthosts to contain the domains he's receiving for. /var/qmail would do the actual user check (either with chkuser during smtp or during the actual delivery) and bouce it back to /var/qmail2, which should send bounce back out through /var/qmail :P So if there are a ton of 'fake' user deliveries, qmail2 should be setup using chkuser... but I moved /var/qmail onto only 127.0.0.1 for the example so he wouldn't have to worry about duplicating individual user info... Rick !DSPAM:473350d232002423038714!
Re: [vchkpw] Off Topic: Virtual FTP Server or web-based file manager?
On Wed, 2007-08-15 at 05:11 -0700, Bert JW Regeer wrote: On Aug 14, 2007, at 11:08 PM, Tom Collins wrote: OK, so it's off-topic, but can anyone recommend an FTP server or web-based file manager that I can deploy on my hosting server that either integrates with vpopmail (like maybe Pure-FTPd) and has a nice interface for managing accounts? I only have two IPs for my server, so multiple clients would share the same FTP server. I'm considering having usernames that include domain names for logging in, and thought that QmailAdmin might be a good interface for managing the FTP accounts. Web may be a better way to go, because FTP is already in use by clients for managing their web content. If I use Pure-FTPd or vsftpd, it will need to be configured for both system users and virtual users. A well-designed, web-based file manager would be a great replacement for FTP. A search on SourceForge didn't turn up many promising leads. Lots of stuff that hasn't been maintained since 2004, or has less than 1000 downloads. Any recommendations? -- Tom Collins - [EMAIL PROTECTED] Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/ QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/ For Pure-FTPD you can write your own authentication plugin and use it, so you could write it to auth against vpopmail. http://linux.die.net/man/8/pure-authd I believe someone already did. I was chatting with Claus here: http://lists.horde.org/archives/sork/Week-of-Mon-20070618/002718.html About using Horde vacation with vpopmail, and at one point he posted a link to his pureftp config that used vpopmail auth properly. Where mine just used MySQL, and didn't account for a table-per-domain, his would work for any situation. I can't seem to find that post in the thread, nor is it in the Horde Wiki :( But I don't think Claus would mind getting an email Rick Bert JW Regeer
Re: [vchkpw] [OT] spamhaus down?
I use Matt Simerson's toaster-watcher.pl script to keep my rbl server list 'live', and I still have sbl-xbl.spamhaus.org in my active list. Rick On Wed, 2007-08-15 at 15:28 -0500, Ken Jones wrote: I'm sorry. I didn't mean a dns lookup on the hostnames. I meant using rblsmtpd to do the query against their database. It might be related to a network issue since queries seem to be working fine on other email servers I checked. Paul Norland wrote: I too cannot resolve their names. Ken Jones wrote: Has anyone else noticed spamhaus is down? None of their rbl host names are resolving. I've tried: zen.spamhaus.org sbl.spamhaus.org xbl.spamhaus.org sbl-xbl.spamhaus.org pbl.spamhaus.org We noticed a delay in accepting email and tracked it down to rblsmtpd checks on any of those lists. Ken Jones
Re: [vchkpw] vacation messages / robots / copy and forward and MySQL
On Fri, 2007-07-27 at 13:04 -0400, Ron Culler wrote: What we would like to be able to do is take the remaining features in qmailadmin and push them to MySQL as well by getting rid of .qmail files in the users mail dir. Copy and Forward - example .qmail [EMAIL PROTECTED] /home/vpopmail/domains/mydomain.com/bob/Maildir/ Vacation Message - example .qmail /home/vpopmail/domains/mydomain.com/bob/Maildir/ | /usr/local/bin/autorespond 86400 3 /home/vpopmail/domains/mydomain.com/bob/vacation/message /home/vpopmail/domains/mydomain.com/bob/vacation Robot - example .qmail |/usr/local/bin/autorespond 1 5 /home/vpopmail/domains/mydomain.com/ROBOT/message /home/vpopmail/domains/mydomain.com/ROBOT[EMAIL PROTECTED] It doesn't solve your 'remove .qmail' problem - but Horde's Sork vacation module has a qmail library that uses FTPto write the .qmail file into the user's home directory. I just recently put some wiki info up on how to modify the 1.0 version to work with vpopmail using PureFTP and MySQL. My modification does not account for multiple tables per domain - but if you check the list we pretty much hashed that out. http://wiki.horde.org/SorkVacationWithVpopmail Horde is, IMHO, rather complicated to just 'dive' into, but all you would essentially need to utilize is the driver file (vpopmailsql.php), as that does all the backend work. Rick
RE: [vchkpw] Using vdelivermail
On Fri, 2007-07-13 at 11:48 -0700, Jeremiah Gowdy wrote: Yeah, I was trying to describe that unfortunately I can't use qmail's standard forwarding system with QUEUE_EXTRA, because the forwarded message passes through the queue, and is then duplicated again back to the log account. This creates an infinite loop of emails that crushes the server pretty quickly. I need a way to deliver the email to the box in question without going back through qmail-queue. I was hoping to use vdelivermail to provide that path. Your log 'account' shouldn't be an account, just an alias... mail# cat /var/qmail/alias/.qmail-log # Keep a copy of all incoming and outgoing messages # in the /home/archive/.070713_Fri/ folder: /home/archive/.070713_Fri/ mail# ls /var/qmail/alias .qmail-log .qmail-mailer-daemon.qmail-postmaster .qmail-root Where /home/archive/.070713_Fri is a Maildir folder... Rick
Re: [vchkpw] Alternate routing for failed send
On Thu, 2007-07-12 at 08:54 -0500, ISP Lists wrote: I had a case where a single destination SMTP MX server was denying my send request from what appeared to be an IP range-based RBL blacklist. Nobody elses MXs levered that blacklist, so I only had the one problem delivery. I was able to mockup a gateway on another server of mine in another IP block and I temporarily used 'smtproutes' to clear my queue for that issue. Q: What solutions are being used in the wild to deal with this kind of case? I could see an 'smtproutes' file that uses a :farm.of.hostnames.tld in order to send your outbound email through a farm of servers in diverse netblocks, but that implies a bit more scale than I can offer/afford. I don't believe there's any available logic that says something like after a message is SMTP-connect-refused XX times, please try alternate send path via 'othersmtproutes' That's probably more overhead than value, but it occurred to me... Feedback is most welcome. (Please let me know if this is more appropriate for the qmail list than vpopmail.) That sounds like a great idea, having had that problem myself, but unfortunately RBL rejectios don't have their own error code. A 5xx for RBL could just as likely be a 5xx for INBOX Full, and you wouldn't know which one to resend. I suppose you could come up with another file that listed 'rblwords' to search the 5xx string for - but IMHO this is a solution for an 'after' problem. It's best to do whatever you can to prevent getting on the blacklists in the first place. Personally, I run a free email service, and I have 3 queues that mail flows though before it leaves me. Every minute I run qmail-qstat on the last two queues. If the number of messages 'jumps' past a pre-defined number, I set concurrencyremote to 0, and use yet another queue to email myself that there's trouble. It could be more advanced, creating some sort of moving scale because valid retries waiting in queue can increase the current number of email to go out - but just setting a number works pretty well for me because I'm not that big ;) I'm sure there's one or two blacklist-listers out there that you can probably poll on a regular basis and email yourself if you show up on ANY list. I was just recently considering doing that... Rick
Re: [vchkpw] Vpopmail smtp-auth
On Thu, 2007-03-08 at 08:55 -0500, DAve wrote: Rainer Duffner wrote: DAve wrote: Good morning, No errors when building, seems to work, bash-2.05b# /home/vpopmail/bin/vuserinfo [EMAIL PROTECTED] Error. Domain pixelhammer.com was not found in the assign file That should not happen. What happens when you add a domain? Does it get added to the assign file? I do not want to add a domain to this server. I do not think you understand what this server is doing. See below, this server is doing *outbound* service only, there will be no local deliveries. I have a similar setup - but locked down to an IP and a separate qmail install. That IP/qmail install is only for auth'd outgoing email - nothing gets delivered to hosted domains. Even if you're not doing 'local' delivery, you still need to be able to resolve a username with vuserinfo. Otherwise vchkpw won't be able to auth for you either. So yes, you need a complete install as if it's a complete server. Now, what I did for my 'local' domains, since delivery is not happening locally, is create a smtproutes file for those domains and point them to the MX. Rick
RE: [vchkpw] FQDN
On Tue, 2007-02-13 at 20:30 +0100, Peter Normann wrote: M... wrote: Usually, in qmail, with a single domain, you would have in locals, your domain and FQDN for which you accept/deliver email, but when you decide to have many domains and only use virtual domains in vpopmail, the locals is empty. If your main domain = mydomain.com your mail server FQDN = alpha.mydomain.com How do you make sure that bounces to alpha.mydomain.com gets delievered to mydomain.com ? I'm seeing a few rejections to bounces in my log as alpha.mydomain.com isn't recognized. Sorry, I didn't use qmail and multiple domains before but jumped straight to vpopmailso don't know how that part works. Try reading the docs on domain aliases. http://www.inter7.com/vpopmail/doc/vaddaliasdomain.html http://www.inter7.com/vpopmail/FAQ.txt (#12) Or, more useful, just put your domain name in /var/qmail/control/me Rick Regards Peter
[vchkpw] vdelivermail(?) QUEUE_EXTRA problem
Hey all, I'm setting up an additional MX for my domains, and while normal delivery works fine, my queue_extra doesn't work. I have the same setup as on another server (also 5.4.17), and that server works fine. extra.h: #define QUEUE_EXTRA Tlog\0 #define QUEUE_EXTRALEN 5 mx# cat /var/qmail/alias/.qmail-log # Keep a copy of all incoming and outgoing messages # in the /home/archive/mail/.070212_Mon/ folder: /home/archive/mail/.070212_Mon/ mx# ls -la /home/archive/mail/.070212_Mon/ total 14 drwxrwxrwx5 vpopmail vchkpw 512 Feb 12 00:01 . drwxr-xr-x 222 root wheel 4608 Feb 12 00:01 .. drwxrwxrwx2 vpopmail vchkpw 512 Feb 12 00:01 cur drwxrwxrwx2 vpopmail vchkpw 512 Feb 12 00:01 new drwxrwxrwx2 vpopmail vchkpw 512 Feb 12 00:01 tmp When I send an email to myself, the send log shows: 2007-02-12 11:46:40.150406500 new msg 7961560 2007-02-12 11:46:40.150426500 info msg 7961560: bytes 197 from [EMAIL PROTECTED] qp 43854 uid 89 2007-02-12 11:46:40.150484500 starting delivery 569: msg 7961560 to local [EMAIL PROTECTED] 2007-02-12 11:46:40.150539500 status: local 1/10 remote 0/100 2007-02-12 11:46:40.150623500 starting delivery 570: msg 7961560 to local [EMAIL PROTECTED] 2007-02-12 11:46:40.151853500 status: local 2/10 remote 0/100 2007-02-12 11:46:40.536058500 delivery 569: failure: maildirmake:_No_such_file_or_directory/Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/ mx# cat /var/qmail/control/me vfemail.net I can send email to everyone that I host, except the log alias doesn't work. If I put the alias in the valias table, I get: 2007-02-12 11:54:35.703769500 delivery 604: success: maildirmake:_No_such_file_or_directory/vdelivermail:_valiases_processed/did_0+0+2/ So it'll work with valias - but spawn an error. The aliases/.qmail-log method doesn't work at all. Rights should be fine, it's all global for the moment, and I'm delivering across NFS without an issue. My setup is based on Matt Simerson's scripts, so it's already pretty consistant. Any ideas? Thanks, Rick
Re: [vchkpw] Qmail with Simscan, SA and ClamAv
On Wed, 2007-01-31 at 11:22 -0500, Darrel O'Pry wrote: On Tue, 2007-01-30 at 19:14 -0600, Max Esquivel wrote: I have also posted this to vchkpw list: I have a server with qmail running some 600 email accounts over some 30 domains. I recently installed simscan, Spamassassin and ClamAv. It all works really well, but during peak hours (say 300 to 500k per sec inbound traffic) Thee server starts to bog down and progressively gets slower and slower until 120 connections are maxed out and the server starts rejecting smtp connections first and then pop connections. This is a new AMD 64 bit with 1Gig Ram running on Debian and running also Apache with php, mysql, and Horde webmail (with very very few hits per day). If I turn off simscan, situation returns to normal after a while. I have tried finding some documentation about how many users and traffic qmail with simscan, SA and Clam may handle, but it seems there is nothing out there other than very general stuff like many users, thousands of users Perhaps the problem is in my setup and some configuration for simscan, SA or clam that I have set/not set incorrectly, ot I have not realized this number of users and trafffic is just too much for one server. Any suggestions or links to appropriate docs will be most appreciated. Thanks! Max Esquivel I was having a similar issue. For my environment it was being caused by large attachments. I ended up only using simscan to call clamav and set some basic attachment blocking policy. I was also having that issue, about 2000 regular users. I have multiple servers, but the 'last' thing I did might help you the most. I used to share SpamAssassin with my secondary MX, and data store, but I now have a Core2Duo server dedicated to SpamAssassin. It was just eating up way too many resources - even on that low usage box. My primary MX averages about 300k per sec, 1000 msgs/hour and is only a Duron 1400. Looks like it peaked at 2800 msgs yesterday at 3pm CST on the dot ;) No more slow scanning issues. There are also some SA optimizations to speed up scans. Put: dns_available yes rbl_timeout 10 razor_timeout 5 pyzor_timeout 5 check_mx_attempts 1 in your SpamAssassin local.cf and run dnscache locally. And make sure the SpamAssassin logs don't have 'Unable to read bayes_seen' errors - that's a killer too. Rick
Re: [vchkpw] Qmail with Simscan, SA and ClamAv
On Wed, 2007-01-31 at 13:11 -0500, Rick Macdougall wrote: Max Esquivel wrote: Thanks all for the suggestions. Been looking at things in more detail: 1) Im not sure how many sessions we are handling. I do now we were maxing out at 120 connections per sec at peak times. 2) we do have spamc and spamd running. spamd --max-children 25 -x -v -d --pidfile=/var/run/spamd.pid 25 childs enough? max children 25 and 1 gig of memory is not going to work. Once you start swapping every thing is going to slow to a halt. Just to elaborate on that - I figure 50MB per child (mine currently vary from 12 - 40), so 25 children would require at least a gig. Honestly, mine is set to 32, and I only have 1 gb - but it's a dedicated server, and it was a pain to tweak it to where it is now. I definitely need more Ram. I'd increase the amount of ram (we run 4 gig on all our SA servers) and see if it would be possible to get a separate machine to just run spamd on. Regards, Rick
Re: [vchkpw] Re: vchpw/onauth connection types
On Thu, 2007-01-11 at 21:30 -0700, Rick Widmer wrote: Joshua Megerman wrote: For example, vchkpw-imap would set the type to imap. vchkpw-smtp would set it to smtp, etc. This seems like a trivial change, and would only require a softlink back to vchkpw to enable. Am I thinking straight, or am I way offbase? It's not an unreasonable way of doing things, although vchkpw will try to figure out what the connection type is based on argv[1] if the port is unknown. Maybe the best solution is to eliminate the default setting of LocalPort to 110 if TCPLOCALPORT isn't set, allowing vchkpw to look for true (smtp) or imap (imap) in argv[1]. I would think that if the local port variable isn't set, we should leave it as an unknown, and not force it to 110 (thus forcing a pop connection down the line). Anyone else? I'd be very nervous about changing the default action. I've already learned my lesson (the hard way) about making tiny changes to existing functionality - even when you think it shouldn't matter to anyone else... it probably does. That would be my feeling as well - I would prefer to just add functionality that does not interfere with anything existing, and especially not change anything existing. It seems to me that since vchkpw uses TCPLOCALPORT to determine how it is called, and Dovecot wants to use vchkpw for password checking, then Dovecot should handle setting the environment variables properly. Possibly it is a matter of the way Dovecot is being started that is hiding the environment variable. Maybe you can set the environment variable before calling vchkpw. You are running on a standard imap port, right? Yep - Dovecot (which also provides POP, though I'm not sure if it's a seperate binary like Courier) has some sort of 'native' vpopmail auth built in. I found that while it does work to authenticate, at minimum the lastauth data isn't updated. So it doesn't appear to be complete. If Dovecot has a constant value passed into argv[1] I would be willing to add that to the guessing code in vchkpw, but I don't like the idea of adding _another_ block of testing for argv[0]. I believe the best answer is to have the right port in TCPLOCALPORT when you call vchkpw. I agree - I didn't realize there was a TCPLOCALPORT variable to set that would specify that - that seems like an easy fix. I'll check with the dovecot list. Thanks for your help! Rick Rick
Re: [vchkpw] Re: vchpw/onauth connection types
On Fri, 2007-01-12 at 09:32 -0700, Rick Widmer wrote: Joshua Megerman wrote: Well, changing the default LocalPort value won't necessarily cause a change in functionality, as this is what the code does: Get the value of the TCPLOCALPORT environment variable. If it's not set (getenv returns NULL), set LocalPort to 110, otherwise use atoi to convert the string to an integer and use that. Then, it does a case check on the value of Localport, and here's why changing the default won't necessarily break anything: If the port is anything other than {25|110|143|465|587|993|995}, it checks the value of argv[1] for specific substrings, and sets the connection type based on that: a) if argv[1] has true, it sets it to SMTP b) if argv[1] has imap, it sets it to IMAP c) if neither a) or b) are true, it sets it to POP. The biggest change that setting the default LocalPort to 0 rather than 110 would do is that it would allow for argv[1] to override the default setting of POP, and it would set the VchkpwLogName to vchkpw-0 instead of vchkpw-pop3. Since you cannot guarantee that an unset TCPLOCALPORT is going to mean a pop3 connection on port 110, this seems like a logical change. For users who are expecting things to work the same way, the only difference will be the VchkpwLogName string will be different, and if they are using SMTP or IMAP that doesn't set TCPLOCALPORT, it may well work as documented. Good catch! I agree LocalPort should be set to 0 instead of 110 in line 117 (5.4.17) of vchkpw.c because the current value blocks the default case from ever happening. I'm not so sure it will fix Rick's problem - it depends on what Dovecot's imap program is called. Still it is the first step in allowing the name to be recognized in the default case. Vchkpw will still default to pop if it doesn't find anything else that identifies how it is being called. I just made the change in cvs. Rick R.: You might want to try changing 110 to 0 in line 117 of vchkpw and see if that fixes your problem. If so, please let me know. I'm sure it will - once I removed the 'deny pop' from that account, imap worked fine. If not please post how you are running Dovecot imap and I will see if I can detect your situation from argv[1]. Also, please note that README.roamingusers mentions that you need to run your POP daemon under tcpserver to allow it to work. If you aren't running imap under tcpserver, doing so will almost certainly fix your problem. *smacks forehead* Duh. I was wondering where vchkpw got the variable for smtp connections, since it's called from tcpserver - and figured tcpserver was providing it. I never extended that to run dovecot under tcpserver stupid! :) I probably won't have time today to test - I will get back to the list asap. Thanks! Rick Rick
[vchkpw] Re: vchpw/onauth connection types
Joshua Megeman wrote: It sets the connection type based on a list of known ports (25/465/587 for SMTP, 110/995 for POP and 143/993 for IMAP), and defaults to POP on an unknown conenction. Sorry, this isn't an actual thread reply, but I just came across an issue with the vchkpw program itself. I use Dovecot for my IMAP server, and to get last auth to work properly, I have to call the vchkpw program. LastAuth works now, but since vchkpw defaults to pop, a pop restriction causes IMAP (and webmail) not to work ;) Now I'll admit this is probably a mistake in how Dovecot does vpopmail authentication - but I was wondering if we could also set the connection type based on the binary name. For example, vchkpw-imap would set the type to imap. vchkpw-smtp would set it to smtp, etc. This seems like a trivial change, and would only require a softlink back to vchkpw to enable. Am I thinking straight, or am I way offbase? Rick
Re: [vchkpw] The future of valias other topics
On Fri, 2007-01-05 at 11:34 -0700, Rick Widmer wrote: -- Back to the future... after reviewing the threads '5.4.17 patches', '.vpopmail instead of .qmail' and '5.4.18 valias' this is what I think should happen in 5.4.19. How about removing the cdb domain check for vauth? I don't know what all utilizes the vauth function, but I happened to notice that if a domain does not exist in /var/qmail/control/aliases, a user cannot authenticate. To be more precise: I have a 'user' server which also houses the primary database. All creation/deletion of users/domains is done on that server. I have another server with an NFS export, also running IMAP, that has a copy of the required qmail files, a 5.4.17 vpopmail install on it, and a MySQL slave. If I create a domain on the 'user' server, the user cannot authenticate on the IMAP server because the domain doesn't exist in the aliases cdb file. For my purposes, the cdb check is unnecessary, and just another thing I have to replicate. Is it possible to have a configure with --skip-cdb-auth - or maybe can we put/replicate the aliases cdb into MySQL ? Just some thoughts. It 'feels' smoother to have everything replicated in MySQL, instead of having scripts run or a bunch of extra NFS mounts.. Rick
Re: [vchkpw] vpopmail sans qmail.
Christopher Chan wrote: http://qmail.jms1.net/patches/validrcptto.cdb.shtml There is a better patch for vpopmail support in qmail. A mysql patch that goes straight the vpopmail mysql database but I am not sure of its location. The writer even rebuffed one of Inter7's developers when someone floated the idea of qmail supporting vpopmail's mysql tables and the developer said he would write it since he was not aware of the patch's existence. So I believe the Inter7 guy drop it right then and there or maybe not. I believe it is this one here and the writer was Italian: http://www.interazioni.it/opensource/chkusr/ postfix trumps chkusr/chkuser just as chkusr/chkuser trumps the cdb check. First, chkusr vs rcptto.cdb. tcpserver + qmail-smtpd means a fresh fork for each new connection. The cdb rcptto means a disk access for each rcpt to check and regular rebuilds of the cdb database. chkusr/chkuser helps by keeping I/O of disk (okay we can contest whether looking up cdbs is better than looking up mysql tables or not but I think it is fair game to say that mysql lookups are more likely to be disk I/O free) and by not needing regular rebuilds of a cdb file. In fact, it offers instant/real-time user existence checks. In addition, I believe Matt Simerson authored a tcpserver mysql patch to allow the removal of cdb files altogether. http://www.tnpi.biz - it's great for heavily loaded servers, because constantly recompiling that damn file with multiple processes tends to corrupt it. I love qmail too, but I'm with ya on all the 'unapproved' patches and it's concurrency limitations. Rick
Re: [vchkpw] vpopmail sans qmail.
Christopher Chan wrote: In addition, I believe Matt Simerson authored a tcpserver mysql patch to allow the removal of cdb files altogether. http://www.tnpi.biz - it's great for heavily loaded servers, because constantly recompiling that damn file with multiple processes tends to corrupt it. Eh? Rebuilding it while multiple processes are accessing it corrupts it?!? Or multiple processes trying to rebuild the same file? I believe it's multiple processes trying to rebuild the same file. I've had a corrupted cdb for a long time - from courier POP auths. I've never fixed it because I also have the mysql patches, and SMTP Auth in place. Everything works, so I'm not touching it until I completely rebuild that system :) I love qmail too, but I'm with ya on all the 'unapproved' patches and it's concurrency limitations. The mysql side of things could be alleviated by using sqlrelay. Don't hammer mysql. Hammer sqlrelay instead :) Oh EXCELLENT tip. I thought replicating the database to each server was the best solution, sqlrelay looks like it'll make things even better. Thanks Christopher
Re: [vchkpw] vpopmail sans qmail.
DAve wrote: soapbox Patch smatch, if it's a patch everyone gets to beat qmail up and scream at each other about what a wasted never updated POS qmail is. So patches are bad bad bad. Only software that is poor and decrepit uses patches. But, let someone add that patch to the source code and bundle up a new package and suddenly every new user who posts a question is told You need the latest version. I have seen this many many times on many many maillists. We have not had to make a security update to our qmail installs in the 5 years we have been running them. All it took was running patch somediff a few times ONCE during the initial install. Lets be honest here, most minor version upgrades in OSS are the result of contributed patches (developer or user). Yet no one is claiming that vpopmail/postfix/perl/ruby/python is a patchy POS after we see the developers accepting patches from users and rolling out an upgrade. I think it would be nice to feel like to owner/author of qmail was actually behind it. And to do that, he should be improving upon it - that is, accepting at least the patches that we all use. Obviously it's not a complete product, unless you can point me to a substantial 'stock qmail' userbase. Nobody can even provide binaries for the 'lessers' among us - so they will never use it. I propose that someone create a shell script that installs qmail and a set of user selected Modules chosen from a menu. Vpopmail could be a Module, chkuser could be a Module, bigip could be a Module. You could even rerun the script to add/subtract Modules, much like Apache Toolbox. Maybe then people would get over their aversion to patches in qmail. /soapbox Check out Matt Simerson's Mail::Toaster - I think the back end is even in CPAN now.. www.tnpi.biz. I've totally felt like a 'Matt schill' lately, but IMHO what he has done just rocks. Rick Thank you, I feel better, you may return to your regularly scheduled list mail. DAve
Re: [vchkpw] vdelivermail patch in order to handle maildrop filtering capabilities
On Fri, 2006-10-27 at 09:42 +0200, Jérôme MOLLIER-PIERRET wrote: Rick Inserting maildrop into .qmail-default is a fine implementation solution but this patch provide thoses advantages : - Maildrop handle correctly the maildir quota (and in you mailfilter sample you should handle the exit codde 77). But for example, this configuration will nevers bounce the quota-warn and over-quota message ... - Imagine you use and admin tool like qmailadmin, you'll have to patch it to modify permanently the behavior of .qmail-default of the domain. Ahhh That's what I was missing - I wasn't sure what wasn't covered by what I was doing. Thanks. :) Rick
Re: [vchkpw] Re: [toaster] filtering outgoing emails
On Wed, 2006-10-25 at 17:21 -0400, David Chaplin-Loebell wrote: John Simpson wrote: On 2006-10-25, at 1614, Ingo Claro wrote: Jeff Koch escribió: We are getting demands from large ISP's - Comcast, AOL, ATT - that we spam filter all outgoing email. We're using simscan to filter incoming email but I think that misses email generated by our customers and autoresponders. Can it be accomplished by modifying /home/vpopmail/etc/tcp.smtp ? How are other qmail users handling this? i'm also interested in this feature. Have you found how to filter outgoing messages? for incoming messages I use maildrop you can still use simscan. the trick is to make your customers send their mail through simscan. [snip] I'm not sure that spam-filtering outgoing mail is a good idea-- I've never run into an implementation that doesn't annoy legitimate customers sending legitimate mail-- and simscan is, as far as I know, specifically designed not to allow it. If RELAYCLIENT is set, simscan checks for viruses but it doesn't run SpamAssassin. Am I missing something? Yeah, Free ISPs who have spammers sign up. I've been fighting with this for quite a while. I've ended up having multiple qmail installs to do this. One to receive the email, one to spam scan it and relay it out. This seems to work well, I check the queues and clear out those emails and users - block those sending IP's if necessaary. My big problem is - how do I convert a single email with 50 TO: addresses into ONE email to be spam scanned? I think I need to run a different email server for the intital queue - but this then brings up questions like, how do I use SMTP AUTH with, say, Exim, and vpopmail? The whole spam/antivirus requirements have turned a nice 'email server' into a multiple install/multiple queue hell - and I only have about 2k regular users. Rick
Re: [vchkpw] MAIL FROM question
Quoting Tom Collins [EMAIL PROTECTED]: On Oct 20, 2006, at 8:14 PM, Rick Romero wrote: I have an auditor who is telling me that allowing non-SMTP-AUTHd clients to use a valid local user in MAIL FROM: is a potential spoof, and a security vulnerability. I don't know if it came up in the original thread, but enforcing that limitation assumes that your users send all of their email through your server. I guess no one works from the road and has to use the ISP's mail server for outbound messages. It might be a good way to detect possible spam, and I can see a grain of truth in their reasoning. If you enforce that policy, the Return- Path header on email received on your sever should be accurate if it's a local domain. I'll tell the auditors that your Received headers contain the SMTP AUTH information of any validated users, so if you need to validate a message with a forged MAIL FROM header, you just need to look at the Received headers. After that, forge an email from [EMAIL PROTECTED] thanking them for their efforts in securing the homeland. ;-) lol. Did I mention their SMTP server was replacing an empty 'FROM:' with the 'MAIL FROM:' data? *I* inserted the 'SMTP-Auth' variable in that statement. I honestly don't think they even know what it is, but to begin to attempt to prevent some sort of spoofing, it would almost be required. One thing I also noticed that I found odd about their 'spoofing' test, was that they don't even publish SPF records themselves. If spoofing an internal user was such as issue, you would think they'd also publish SPF - so those users couldn't be spoofed against another company's mail server... *shrug* These guys are a real headache - but we passed, so I don't need to fight with them for another year :) Rick -- Tom Collins - [EMAIL PROTECTED] Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/ QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/
Re: [vchkpw] MAIL FROM question
Update, in case anyone cares. 'Security' company doesn't know the difference between 'MAIL FROM:' and 'From:'. Not only do they not run their own mail server (supposedly to 'prevent any attacks from that vector'), their ISP's mail server actually creates a From: header from the Return-Path: if the From: header is left out. Not that I have intimate knowledge of all mail servers, but I've never heard of that. So after going through all this, they now believe qmail doesn't work like the rest of the internet. Of course, they'll still continue to verify 'spoofing' by testing via MAIL FROM: (because, supposedly, everyone else passes) - not realizing they will never have an accurate result. It's pretty much a given that From: will exist, negating their test entirely. I guess I learned today anyone can do pen testing, as long as you find enough scripts posted on websites. Just thought I'd finish this 'thread' in case anyone was wondering or comes across it again. Rick Rick Romero wrote: Hi All, I have an auditor who is telling me that allowing non-SMTP-AUTHd clients to use a valid local user in MAIL FROM: is a potential spoof, and a security vulnerability. I just can't fathom how that is. As I understand it, MAIL FROM is only used for returning undeliverable mail. So, yes, I'm sure we've all been joe-jobbed, but he's talking about on my own server. Since I'm using tcpserver, I really have total control over what would be a 'local joe-job'. Supposedly it'll be in the pen-test report, but I haven't even been given a theoretical on how this is an issue. Can anyone else come up with one? Rick
[vchkpw] MAIL FROM question
Hi All, I have an auditor who is telling me that allowing non-SMTP-AUTHd clients to use a valid local user in MAIL FROM: is a potential spoof, and a security vulnerability. I just can't fathom how that is. As I understand it, MAIL FROM is only used for returning undeliverable mail. So, yes, I'm sure we've all been joe-jobbed, but he's talking about on my own server. Since I'm using tcpserver, I really have total control over what would be a 'local joe-job'. Supposedly it'll be in the pen-test report, but I haven't even been given a theoretical on how this is an issue. Can anyone else come up with one? Rick
Re: [vchkpw] Qmail Relaying
On Wed, 2006-07-12 at 09:16 -0500, Austin Jorden wrote: I have several thousands of FAILURE NOTICES coming in to my account. I know how-to change them over to another account, etc.. but I shouldn’t be receiving this many. Some places are obviously using us as a SPAM Email server. How can I only allow relaying from certain domains? Hi Austin, Check the headers first to make sure they're actually coming from your server. If they're not, you can try using SPF spf.pobox.com - but that's still hit or miss. If /var/qmail/control/rcpthosts is empty, you'd have an open relay. It should list your local domains. Rick Basically only allow relaying from @domain.com, @domain1.com, @domain2.com, etc? Thanks, Austin Jorden (972) 284-4909 Digitalpath of Texas http://www.dptexas.net/
RE: [vchkpw] Qmail Relaying
On Wed, 2006-07-12 at 14:08 -0500, Austin Jorden wrote: Okay, they're all there. However if I try to send mail to @yahoo.com I get a failure notice saying can't send to blah as it isn't in my rcpthosts list Thoughts? You'll have to enable relaying in some fashion. That depends on your install, and is really more than should be on this list. Assuming you run tcpserver, and if you don't need roaming, you can add your IP address to your vopmail/etc/tcp.smtp file: 127.0.0.1:allow,RELAYCLIENT= Then recompile it from in your vpopmail/etc directory: tcprules tcp.smtp.cdb tcp.smtp.tmp tcp.smtp So assuming you're starting qmail-smtpd in a way that checks that file, that would allow 127.0.0.1 to relay. Rick Thanks, Austin Jorden (972) 284-4909 Digitalpath of Texas http://www.dptexas.net/ -Original Message- From: Rick Romero [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 12, 2006 1:29 PM To: vchkpw@inter7.com Subject: Re: [vchkpw] Qmail Relaying On Wed, 2006-07-12 at 09:16 -0500, Austin Jorden wrote: I have several thousands of FAILURE NOTICES coming in to my account. I know how-to change them over to another account, etc.. but I shouldn?t be receiving this many. Some places are obviously using us as a SPAM Email server. How can I only allow relaying from certain domains? Hi Austin, Check the headers first to make sure they're actually coming from your server. If they're not, you can try using SPF spf.pobox.com - but that's still hit or miss. If /var/qmail/control/rcpthosts is empty, you'd have an open relay. It should list your local domains. Rick Basically only allow relaying from @domain.com, @domain1.com, @domain2.com, etc? Thanks, Austin Jorden (972) 284-4909 Digitalpath of Texas http://www.dptexas.net/
RE: [vchkpw] Qmail Relaying
On Wed, 2006-07-12 at 15:26 -0500, Austin Jorden wrote: My email server's rcpthosts file has: Dptexas.net Digitalpathtexas.net Dptexas.com Digitalpathtexas.com Any users locally ([EMAIL PROTECTED]), etc can't send mail to anything remote (yahoo.com, aol.com, etc) I need this to be enabled! However I can't have someone connect to my SMTP service and send a email to [EMAIL PROTECTED] from [EMAIL PROTECTED] Make sense? Yes, but the RELAY option is done by IP address. If you want to enable roaming users (people on dial-up, people who have dhcp - ie, people who aren't on your LAN) you'll have to consult your distribution or whoever put your setup together (the toaster author?). That's more of a qmail function than a vpopmail function, as the relay options are compiled into the qmail programs. I use Matt Simerson's toaster, maybe you followed Life with Qmail? If you just want your whole LAN to relay, put this in your tcp.smtp file before recompiling it: 192.168:allow,RELAYCLIENT= That will allow anyone with a 192.168.x.x address to relay through your mail server. Use whatever IP Address scheme is setup on your network. Though you really should double check with your setup docs for file locations and relay options and the like... Rick Thanks, Austin Jorden (972) 284-4909 Digitalpath of Texas http://www.dptexas.net/ -Original Message- From: Rick Romero [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 12, 2006 3:00 PM To: vchkpw@inter7.com Subject: RE: [vchkpw] Qmail Relaying On Wed, 2006-07-12 at 14:08 -0500, Austin Jorden wrote: Okay, they're all there. However if I try to send mail to @yahoo.com I get a failure notice saying can't send to blah as it isn't in my rcpthosts list Thoughts? You'll have to enable relaying in some fashion. That depends on your install, and is really more than should be on this list. Assuming you run tcpserver, and if you don't need roaming, you can add your IP address to your vopmail/etc/tcp.smtp file: 127.0.0.1:allow,RELAYCLIENT= Then recompile it from in your vpopmail/etc directory: tcprules tcp.smtp.cdb tcp.smtp.tmp tcp.smtp So assuming you're starting qmail-smtpd in a way that checks that file, that would allow 127.0.0.1 to relay. Rick Thanks, Austin Jorden (972) 284-4909 Digitalpath of Texas http://www.dptexas.net/ -Original Message- From: Rick Romero [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 12, 2006 1:29 PM To: vchkpw@inter7.com Subject: Re: [vchkpw] Qmail Relaying On Wed, 2006-07-12 at 09:16 -0500, Austin Jorden wrote: I have several thousands of FAILURE NOTICES coming in to my account. I know how-to change them over to another account, etc.. but I shouldn?t be receiving this many. Some places are obviously using us as a SPAM Email server. How can I only allow relaying from certain domains? Hi Austin, Check the headers first to make sure they're actually coming from your server. If they're not, you can try using SPF spf.pobox.com - but that's still hit or miss. If /var/qmail/control/rcpthosts is empty, you'd have an open relay. It should list your local domains. Rick Basically only allow relaying from @domain.com, @domain1.com, @domain2.com, etc? Thanks, Austin Jorden (972) 284-4909 Digitalpath of Texas http://www.dptexas.net/
RE: [vchkpw] Qmail Relaying
On Wed, 2006-07-12 at 15:38 -0500, Austin Jorden wrote: Ohhh, Okay. I completely understand. Sorry for such confusion. Not a problem. I actually used QmailRocks.org, the installation guide. Sorry, never saw it :( Would you be able to tell me how to let a certain IP address range relay? I appear to have a network specified in one of my lines 192.168.1.0/24:allow,RELAY= Though I'm not sure specifying the netmask is valid. You can try it. Not sure if you know netmasks - The /24 is the number of bits (where 255 is in binary, count the 1s and you have 8 bits. So 255.255.255.0 = ... = /24 ) Here's a page if you know what your starting and ending IPs are http://www.csc.fi/english/funet/calc/laskin2.html or just google 'netmask calculator' - there are more advanced ones. Rick Thanks, Austin Jorden (972) 284-4909 Digitalpath of Texas http://www.dptexas.net/ -Original Message- From: Rick Romero [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 12, 2006 3:34 PM To: vchkpw@inter7.com Subject: RE: [vchkpw] Qmail Relaying On Wed, 2006-07-12 at 15:26 -0500, Austin Jorden wrote: My email server's rcpthosts file has: Dptexas.net Digitalpathtexas.net Dptexas.com Digitalpathtexas.com Any users locally ([EMAIL PROTECTED]), etc can't send mail to anything remote (yahoo.com, aol.com, etc) I need this to be enabled! However I can't have someone connect to my SMTP service and send a email to [EMAIL PROTECTED] from [EMAIL PROTECTED] Make sense? Yes, but the RELAY option is done by IP address. If you want to enable roaming users (people on dial-up, people who have dhcp - ie, people who aren't on your LAN) you'll have to consult your distribution or whoever put your setup together (the toaster author?). That's more of a qmail function than a vpopmail function, as the relay options are compiled into the qmail programs. I use Matt Simerson's toaster, maybe you followed Life with Qmail? If you just want your whole LAN to relay, put this in your tcp.smtp file before recompiling it: 192.168:allow,RELAYCLIENT= That will allow anyone with a 192.168.x.x address to relay through your mail server. Use whatever IP Address scheme is setup on your network. Though you really should double check with your setup docs for file locations and relay options and the like... Rick Thanks, Austin Jorden (972) 284-4909 Digitalpath of Texas http://www.dptexas.net/ -Original Message- From: Rick Romero [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 12, 2006 3:00 PM To: vchkpw@inter7.com Subject: RE: [vchkpw] Qmail Relaying On Wed, 2006-07-12 at 14:08 -0500, Austin Jorden wrote: Okay, they're all there. However if I try to send mail to @yahoo.com I get a failure notice saying can't send to blah as it isn't in my rcpthosts list Thoughts? You'll have to enable relaying in some fashion. That depends on your install, and is really more than should be on this list. Assuming you run tcpserver, and if you don't need roaming, you can add your IP address to your vopmail/etc/tcp.smtp file: 127.0.0.1:allow,RELAYCLIENT= Then recompile it from in your vpopmail/etc directory: tcprules tcp.smtp.cdb tcp.smtp.tmp tcp.smtp So assuming you're starting qmail-smtpd in a way that checks that file, that would allow 127.0.0.1 to relay. Rick Thanks, Austin Jorden (972) 284-4909 Digitalpath of Texas http://www.dptexas.net/ -Original Message- From: Rick Romero [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 12, 2006 1:29 PM To: vchkpw@inter7.com Subject: Re: [vchkpw] Qmail Relaying On Wed, 2006-07-12 at 09:16 -0500, Austin Jorden wrote: I have several thousands of FAILURE NOTICES coming in to my account. I know how-to change them over to another account, etc.. but I shouldn?t be receiving this many. Some places are obviously using us as a SPAM Email server. How can I only allow relaying from certain domains? Hi Austin, Check the headers first to make sure they're actually coming from your server. If they're not, you can try using SPF spf.pobox.com - but that's still hit or miss. If /var/qmail/control/rcpthosts is empty, you'd have an open relay. It should list your local domains. Rick Basically only allow relaying from @domain.com, @domain1.com, @domain2.com, etc? Thanks, Austin Jorden (972) 284-4909 Digitalpath of Texas http://www.dptexas.net/
RE: [vchkpw] Qmail Relaying
On Wed, 2006-07-12 at 15:58 -0500, Austin Jorden wrote: I'm almost a CCNA and taking my CWNA exam in a week. Here's what I have in my tcp.smtp file 127.:allow,RELAYCLIENT= 69.152.0.0/19:allow,RELAYCLIENT= That's correct - though I'm not sure if using the /19 notation will work. According to: http://cr.yp.to/ucspi-tcp/tcprules.html Address ranges tcprules treats 1.2.3.37-53:ins as an abbreviation for the rules 1.2.3.37:ins, 1.2.3.38:ins, and so on up through 1.2.3.53:ins. Similarly, 10.2-3.:ins is an abbreviation for 10.2.:ins and 10.3.:ins. So I think I'd just do: 69.152.:allow,RELAYCLIENT= To get your users up and running until you can wrap your brain around the tcprules docs and narrow the range down a bit ;) Rick Sound right? Thanks, Austin Jorden (972) 284-4909 Digitalpath of Texas http://www.dptexas.net/ -Original Message- From: Rick Romero [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 12, 2006 3:51 PM To: vchkpw@inter7.com Subject: RE: [vchkpw] Qmail Relaying On Wed, 2006-07-12 at 15:38 -0500, Austin Jorden wrote: Ohhh, Okay. I completely understand. Sorry for such confusion. Not a problem. I actually used QmailRocks.org, the installation guide. Sorry, never saw it :( Would you be able to tell me how to let a certain IP address range relay? I appear to have a network specified in one of my lines 192.168.1.0/24:allow,RELAY= Though I'm not sure specifying the netmask is valid. You can try it. Not sure if you know netmasks - The /24 is the number of bits (where 255 is in binary, count the 1s and you have 8 bits. So 255.255.255.0 = ... = /24 ) Here's a page if you know what your starting and ending IPs are http://www.csc.fi/english/funet/calc/laskin2.html or just google 'netmask calculator' - there are more advanced ones. Rick Thanks, Austin Jorden (972) 284-4909 Digitalpath of Texas http://www.dptexas.net/ -Original Message- From: Rick Romero [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 12, 2006 3:34 PM To: vchkpw@inter7.com Subject: RE: [vchkpw] Qmail Relaying On Wed, 2006-07-12 at 15:26 -0500, Austin Jorden wrote: My email server's rcpthosts file has: Dptexas.net Digitalpathtexas.net Dptexas.com Digitalpathtexas.com Any users locally ([EMAIL PROTECTED]), etc can't send mail to anything remote (yahoo.com, aol.com, etc) I need this to be enabled! However I can't have someone connect to my SMTP service and send a email to [EMAIL PROTECTED] from [EMAIL PROTECTED] Make sense? Yes, but the RELAY option is done by IP address. If you want to enable roaming users (people on dial-up, people who have dhcp - ie, people who aren't on your LAN) you'll have to consult your distribution or whoever put your setup together (the toaster author?). That's more of a qmail function than a vpopmail function, as the relay options are compiled into the qmail programs. I use Matt Simerson's toaster, maybe you followed Life with Qmail? If you just want your whole LAN to relay, put this in your tcp.smtp file before recompiling it: 192.168:allow,RELAYCLIENT= That will allow anyone with a 192.168.x.x address to relay through your mail server. Use whatever IP Address scheme is setup on your network. Though you really should double check with your setup docs for file locations and relay options and the like... Rick Thanks, Austin Jorden (972) 284-4909 Digitalpath of Texas http://www.dptexas.net/ -Original Message- From: Rick Romero [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 12, 2006 3:00 PM To: vchkpw@inter7.com Subject: RE: [vchkpw] Qmail Relaying On Wed, 2006-07-12 at 14:08 -0500, Austin Jorden wrote: Okay, they're all there. However if I try to send mail to @yahoo.com I get a failure notice saying can't send to blah as it isn't in my rcpthosts list Thoughts? You'll have to enable relaying in some fashion. That depends on your install, and is really more than should be on this list. Assuming you run tcpserver, and if you don't need roaming, you can add your IP address to your vopmail/etc/tcp.smtp file: 127.0.0.1:allow,RELAYCLIENT= Then recompile it from in your vpopmail/etc directory: tcprules tcp.smtp.cdb tcp.smtp.tmp tcp.smtp So assuming you're starting qmail-smtpd in a way that checks that file, that would allow 127.0.0.1 to relay. Rick Thanks, Austin Jorden (972) 284-4909 Digitalpath of Texas http://www.dptexas.net/ -Original Message- From: Rick Romero [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 12, 2006 1:29 PM To: vchkpw@inter7.com Subject: Re: [vchkpw] Qmail Relaying On Wed, 2006-07-12 at 09:16 -0500, Austin Jorden wrote: I have several thousands of FAILURE
RE: [vchkpw] Qmail Relaying
On Wed, 2006-07-12 at 16:17 -0500, Austin Jorden wrote: It worked. Excellent. However I have 1 more problem. What if one of my customers ([EMAIL PROTECTED]) checked his email from work (not on the 69 network) it would deny it huh? He could read his email, but he couldn't send to anyone that wasn't listed in your rcpthosts. You'll have to check with qmailrocks.org to see how they're implementing SMTP Relay. You can use POP before SMTP and/or SMTP-AUTH. I would suggest SMTP-AUTH - IMAP users don't generally POP before sending mail. You'll also have to keep in mind that some ISP's block outgoing port 25, so you may want to add port 587 (smtp-submit) if that isn't already included in the qmailrocks.org setup. I'm done working for the day ;) Have fun! Rick Thanks, Austin Jorden (972) 284-4909 Digitalpath of Texas http://www.dptexas.net/ -Original Message- From: Austin Jorden [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 12, 2006 4:11 PM To: vchkpw@inter7.com Subject: RE: [vchkpw] Qmail Relaying Importance: High We actually own the whole 69.152.0.0/19 range (255.255.224.0) Yea, that's what I was thinking, let me try it and get back with you. Thanks, Austin Jorden (972) 284-4909 Digitalpath of Texas http://www.dptexas.net/ -Original Message- From: Rick Romero [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 12, 2006 4:05 PM To: vchkpw@inter7.com Subject: RE: [vchkpw] Qmail Relaying On Wed, 2006-07-12 at 15:58 -0500, Austin Jorden wrote: I'm almost a CCNA and taking my CWNA exam in a week. Here's what I have in my tcp.smtp file 127.:allow,RELAYCLIENT= 69.152.0.0/19:allow,RELAYCLIENT= That's correct - though I'm not sure if using the /19 notation will work. According to: http://cr.yp.to/ucspi-tcp/tcprules.html Address ranges tcprules treats 1.2.3.37-53:ins as an abbreviation for the rules 1.2.3.37:ins, 1.2.3.38:ins, and so on up through 1.2.3.53:ins. Similarly, 10.2-3.:ins is an abbreviation for 10.2.:ins and 10.3.:ins. So I think I'd just do: 69.152.:allow,RELAYCLIENT= To get your users up and running until you can wrap your brain around the tcprules docs and narrow the range down a bit ;) Rick Sound right? Thanks, Austin Jorden (972) 284-4909 Digitalpath of Texas http://www.dptexas.net/ -Original Message- From: Rick Romero [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 12, 2006 3:51 PM To: vchkpw@inter7.com Subject: RE: [vchkpw] Qmail Relaying On Wed, 2006-07-12 at 15:38 -0500, Austin Jorden wrote: Ohhh, Okay. I completely understand. Sorry for such confusion. Not a problem. I actually used QmailRocks.org, the installation guide. Sorry, never saw it :( Would you be able to tell me how to let a certain IP address range relay? I appear to have a network specified in one of my lines 192.168.1.0/24:allow,RELAY= Though I'm not sure specifying the netmask is valid. You can try it. Not sure if you know netmasks - The /24 is the number of bits (where 255 is in binary, count the 1s and you have 8 bits. So 255.255.255.0 = ... = /24 ) Here's a page if you know what your starting and ending IPs are http://www.csc.fi/english/funet/calc/laskin2.html or just google 'netmask calculator' - there are more advanced ones. Rick Thanks, Austin Jorden (972) 284-4909 Digitalpath of Texas http://www.dptexas.net/ -Original Message- From: Rick Romero [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 12, 2006 3:34 PM To: vchkpw@inter7.com Subject: RE: [vchkpw] Qmail Relaying On Wed, 2006-07-12 at 15:26 -0500, Austin Jorden wrote: My email server's rcpthosts file has: Dptexas.net Digitalpathtexas.net Dptexas.com Digitalpathtexas.com Any users locally ([EMAIL PROTECTED]), etc can't send mail to anything remote (yahoo.com, aol.com, etc) I need this to be enabled! However I can't have someone connect to my SMTP service and send a email to [EMAIL PROTECTED] from [EMAIL PROTECTED] Make sense? Yes, but the RELAY option is done by IP address. If you want to enable roaming users (people on dial-up, people who have dhcp - ie, people who aren't on your LAN) you'll have to consult your distribution or whoever put your setup together (the toaster author?). That's more of a qmail function than a vpopmail function, as the relay options are compiled into the qmail programs. I use Matt Simerson's toaster, maybe you followed Life with Qmail? If you just want your whole LAN to relay, put this in your tcp.smtp file before recompiling it: 192.168:allow,RELAYCLIENT= That will allow anyone with a 192.168.x.x address to relay through your mail server. Use whatever IP Address scheme is setup on your network. Though you really should
Re: [vchkpw] how to unsubscribe??
On Thu, 2005-04-07 at 11:32 -0400, John McGivern wrote: List-Post: mailto:vchkpw@inter7.com List-Help: mailto:[EMAIL PROTECTED] List-Unsubscribe: mailto:[EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED] Always check the headers of lists. Rick
Re: [vchkpw] Adding a message footer
On Wed, 2004-11-17 at 11:42, Jeremy Kitchen wrote: On Wednesday 17 November 2004 10:55 am, [EMAIL PROTECTED] wrote: Hi everyone, How do i add a per domain footer message? how is this related to vpopmail? Please be more specific when asking your questions as yours sounds like you want to add stupid disclaimers to outbound mails. http://www.goldmark.org/jeff/stupid-disclaimers/ It's not vpopmail, but it would be more useful to some of us if we could add advertisements to our free SMTP users without a whole hullabaloo. :) I seem to remember there being an ad for Inter7 at the bottom of the vqregister email ;) Rick -Jeremy
Re: [vchkpw] fetchmail and maildrop to a vpopmail account
On Tue, 2004-09-28 at 10:06, ISP Lists wrote: I'm struggling finding a howto on a particular issue: I have a webmail/pop3 account, no IMAP. I do not run that server and only have user privs on the email account. I want to do a ONE-TIME conversion to pull the 400+ messages from this account using fetchmail (or whatever you recommend) for delivery to my vpopmail user account. I run the destination server, it runs vpopmail/courier/mysql, and has a domain with the particular ./Maildir account that I want to deliver the mail into. I was going to use fetchmail - maildrop - ./Maildir I was doing okay pulling together information to accomplish this until I realized that I didn't have a local account for maildrop since the destination account is a virtual user in vpopmail (/home/vpopmail/domains/example.com/username/Maildir) Does anybody have some guidance on where I should go to cook up a solution? All help appreciated! Thanks, Dave. You're fine just using Fetchmail - after that, IMHO, you're overcomplicating it with maildrop :) I do fetchmail like so: /usr/local/bin/fetchmail -s -f /home/root/fetchmail/fetchmail2.rc where fetcmail2.rc contains: poll mail.com.com proto POP3 user username pass password smtpname [EMAIL PROTECTED] fetchall Basically grab anything from the remote user's mailbox and redirect it via smtp to '[EMAIL PROTECTED]'. Then your SMTP setup takes care of the delivery as if all those emails came in to your localuser originally. Rick
Re: [vchkpw] vQregister and MySQL
On Wed, 2004-09-22 at 13:33, Alessio C. wrote: I have installed vqregister 2.6 on my slackware 9.0 (qmail, vpopmail 5.4.5 and mysql 3.23.56) vqregister works fine but don't save data on mysql table i have modified Makefile: VDIR = /home/vpopmail CC = gcc BIN = vqregister DEFS = -I$(VDIR)/include -I/usr/include/mysql LINKDEFS = LIBS = -L$(VDIR)/lib -lvpopmail -lcrypt -L/usr/lib/mysql -lmysqlclient OBJS = main.o cgi.o template.o global.o misc.o config.o register.o password.o \ vpopmail.o db.o field.o badhosts.o INSTALL_DIR = /var/www/cgi-bin/vqregister INSTALL_BIN = vqregister.cgi INSTALL_UID = vpopmail INSTALL_GID = vchkpw and the vqregister.conf: DB_Host localhost DB_Name user_store DB_User root DB_Password root_password DB_Fields user_info user,dom,pass,fname I have created the database and the table: CREATE DATABASE `user_store`; CREATE TABLE `user_info` ( `user` varchar(20) default NULL, `dom` varchar(20) default NULL, `pass` varchar(50) default NULL, `cemail` varchar(20) default NULL, `fname` varchar(20) default NULL ) TYPE=MyISAM; vqregister add user but the table is empty the file db_mysql.h is empty, is regular? You need to link db_mysql to db: lrwxrwxrwx 1 root wheel 10 May 20 2003 db.c - db_mysql.c lrwxrwxrwx 1 root wheel 10 May 20 2003 db.h - db_mysql.h Rick Someone can help me Thanks
Re: [vchkpw] How to Split a domain into 2 machines?
How about 2 qmail installs? After you install qmail once, change conf-qmail to have a qmail2. make setup check again, and you have a 2nd qmail install. In there, change smtproutes to point your domain to your 2nd server. Then for each user that exists on the 2nd server, make a .qmail-default with: |/var/qmail2/bin/forward [EMAIL PROTECTED] (remember to run your qmail-send process from the 2nd install, or nothing will go out - Yes yes.. It got me :) Rick On Mon, 2004-08-23 at 13:36, Bruno Negrão wrote: Hi Itamar, Pra que voce quer fazer isto Bruno ? (he is asking me why would I want to do this) To answer it i'll have to explain a little about my network. Here where i'm working is the central node of a big network. We are the mailserver for some companys that are connected to us through leased lines. Some of these links are slow 64K links. There is a company connected to us using a 64K link that wants the mailserver for their domain installed directly in their LAN, to speed up the mail transition and to avoid the internal mail traffic passing through this link every time a local employee send a message to other local employee. The problem about moving their mailserver from here (the central node) to their local network is that they have a big filial in another state that is also connected to us. When we move their MX box to their LAN, everybody in the filial will have to pass throught their 64KB link to send and receive e-mail, thus, consuming their bandwidth again. So, to avoid this, i want the filial maildirs to stay configured here in the central node of the network. And the maildirs of the biggest office will be configured in their own local mailserver. Could you understand me? Regards, bruno.
Re: [vchkpw] How to Split a domain into 2 machines?
On Mon, 2004-08-23 at 14:44, Bruno Negrão wrote: How about 2 qmail installs? After you install qmail once, change conf-qmail to have a qmail2. make setup check again, and you have a 2nd qmail install. In there, change smtproutes to point your domain to your 2nd server. Then for each user that exists on the 2nd server, make a .qmail-default with: |/var/qmail2/bin/forward [EMAIL PROTECTED] (remember to run your qmail-send process from the 2nd install, or nothing will go out - Yes yes.. It got me :) Rick, are you currently using this? For a whole domain. Not per user. It seems you omitted that I would have to make the same thing in the second server, creating .qmail files forwarding messages to the users configured in the 1st server. No, if you create a .qmail-default for each user that needs to be forwarded, you only need to create THOSE users on the 2nd server. I think this configuration isn't scalable. What would happen if I'd like to split the domain through 3 or more machines? Or if I'd like to split other domains through other servers? It would became an administration nightmare... don't you think? Then I'd set a flag, or create a field in MySQL - and look at using maildrop for the redirection, after a perl script checks for the routing information. The qmail-ldap still appears to be the best solution. The only disadvantage is, besides I'll be obligated to understand all about LDAP concepts, qmail-ldap seems to be difficult to install and configure at a first look. That's the main reason I suggested just using a 2nd qmail install. It's easy to create, and there's really nothing special about it. This gonna be a lot of work... No matter how you do it, breaking up a domain based on username is going to take a lot of work. Rick Regards, bruno.
Re: [vchkpw] How to Split a domain into 2 machines?
On Mon, 2004-08-23 at 14:57, Rick Romero wrote: On Mon, 2004-08-23 at 14:44, Bruno Negrão wrote: How about 2 qmail installs? After you install qmail once, change conf-qmail to have a qmail2. make setup check again, and you have a 2nd qmail install. In there, change smtproutes to point your domain to your 2nd server. Then for each user that exists on the 2nd server, make a .qmail-default with: |/var/qmail2/bin/forward [EMAIL PROTECTED] (remember to run your qmail-send process from the 2nd install, or nothing will go out - Yes yes.. It got me :) Rick, are you currently using this? For a whole domain. Not per user. It seems you omitted that I would have to make the same thing in the second server, creating .qmail files forwarding messages to the users configured in the 1st server. No, if you create a .qmail-default for each user that needs to be forwarded, you only need to create THOSE users on the 2nd server. I think this configuration isn't scalable. What would happen if I'd like to split the domain through 3 or more machines? Or if I'd like to split other domains through other servers? It would became an administration nightmare... don't you think? Then I'd set a flag, or create a field in MySQL - and look at using maildrop for the redirection, after a perl script checks for the routing information. The only way to avoid creating users on each of those multiple servers would be to use MySQL replication. Then you still only have 1 point of administration, and your maildrop/perl/SQL thingy in your .qmail-default would do the forwarding for you (when you create the user, you'd set the 'home server' for your forwarding script). Your script could call a separate qmail install for each remote server, or use subdomains like someone else suggested. The qmail-ldap still appears to be the best solution. The only disadvantage is, besides I'll be obligated to understand all about LDAP concepts, qmail-ldap seems to be difficult to install and configure at a first look. That's the main reason I suggested just using a 2nd qmail install. It's easy to create, and there's really nothing special about it. This gonna be a lot of work... No matter how you do it, breaking up a domain based on username is going to take a lot of work. Rick Regards, bruno.
Re: [vchkpw] How to Split a domain into 2 machines?
On Mon, 2004-08-23 at 15:18, Bruno Negrão wrote: Hi Rick, Rick, are you currently using this? For a whole domain. Not per user. I can't get you, what you mean for a whole domain, not per user? \ :) I use the 2nd qmail install for forwarding a whole domain, not an individual user account. I want to split a whole domain... (??) You told you have to create a .qmail file on the 1st server for every account that is configured on the 2nd server. That's the easiest way to do it. But like you said, that would not be very scalable.. But it all depends on your needs. Isn't it per user configuration too? That would be easiest initially. It seems you omitted that I would have to make the same thing in the second server, creating .qmail files forwarding messages to the users configured in the 1st server. No, if you create a .qmail-default for each user that needs to be forwarded, you only need to create THOSE users on the 2nd server. But what happens when a user of the second server send an email to a user of the first server? The seconds server would bounce an error message this account doesn't exist if it is not configured to forward the e-mails for unexistent accounts for the fisrt server. I was assuming you already have a relay setup, which isn't your POP/IMAP server. Again though, to keep it 'simple', you could run a 2nd instance of qmail on that server, listening on it's own IP. It would follow the MX records for all domains (so yes, sending internally would not be efficient, because it would goto the 1st server, and back to the 2nd). There's your outgoing address. I think this configuration isn't scalable. What would happen if I'd like to split the domain through 3 or more machines? Or if I'd like to split other domains through other servers? It would became an administration nightmare... don't you think? Then I'd set a flag, or create a field in MySQL - and look at using maildrop for the redirection, after a perl script checks for the routing information. This was too interesting. Can you write this with more detail? I never used vpopmail integrated with MySQL, and I don't master databases or SQL. What program would check the mysql database to discover where the maildir is installed? Well.. most vpopmail 'toasters' I've seen lately use MySQL as the user store. So (again to make it simple) were you to add an extra field to the vpopmail table (server_number), and have a perl script check that field, for the # : #!/usr/local/bin/perl -w use strict; use DBI; my ($hash_ref); my $driver = DBI-install_driver('mysql'); my $dbh = DBI-connect('DBI:mysql:vpopmail','vpopmail','vpoppass'); die Unable to Connect $DBI::errstr\n unless (defined $dbh); my $table_data = $dbh-prepare(q{SELECT * FROM vpopmail WHERE (pw_domain = ? AND pw_name=?)}); $table_data-execute($ARGV[1],$ARGV[0]); if ($hash_ref = $table_data-fetchrow_hashref){ echo Server Number: $hash_ref-{server_number} .\n; exit $hash_ref-{pw_svclvl}; } #print Not Found!!\n; else { exit (1); } Then in your .qmail-default (for the domain): | maildrop mailfilter In your mailfilter file: SHELL=/bin/sh VPOP=| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox VFWD2=| /var/qmail2/bin/forward [EMAIL PROTECTED] VHOME=`/home/vpopmail/bin/vuserinfo -d [EMAIL PROTECTED] MAILDIR=$VHOME/Maildir #Run your Perl script from here `/home/vpopmail/domains/host.com/getserver_number.pl $EXT $HOST` if ( $RETURNCODE == 0 ) { #deliver locally to $VHOME } if ( $RETURNCODE == 1 ) { # Send to Server2 to $VFWD2 } Ok, I just did that off the top of my head, so I can't guarantee it will work, or is efficient :P If qmail-ldap already addresses this problem, do you believe it is worth to reimplement this using an mysql database? Wouldn't it be reinventing the wheel? If you don't know SQL or ldap, I suppose it wouldn't matter either way. But it seems to me you're going to have better luck finding help if you don't got the ldap way - just because fewer people are using qmail-ldap. Anyways, Above I combined two things that I do in production. The first is check the user's Service Level field in MySQL, then filter Spam based on that. The other is the second qmail install for forwarding all users to another server.. Yes, It would be easier to do SMTP routes, but that customer wanted their own specific SpamAssassin config, so I have to run it through their own SpamAssain config before I can reforward it. Rick Regards, bruno.
Re: [vchkpw] How to Split a domain into 2 machines?
On Mon, 2004-08-23 at 12:53, Jean Wainer wrote: Just out of curiosity, Rick.. On Mon, 23 Aug 2004 15:41:09 -0500 Rick Romero [EMAIL PROTECTED] wrote: On Mon, 2004-08-23 at 15:18, Bruno Negrão wrote: Hi Rick, Rick, are you currently using this? For a whole domain. Not per user. I can't get you, what you mean for a whole domain, not per user? \ :) I use the 2nd qmail install for forwarding a whole domain, not an individual user account. Why not just using smtproutes? You missed the bottom of the last email :P That specific customer wanted specific SpamAssassin settings, and running received email through spam assassin, then forwarding it via a 2nd qmail install seemed the easiest way to do it. I run SpamAssassin from Qmail-Scanner via tcpserver and the qmailqueue patch.. So theirs gets scanned twice, but that's not a problem. Rick --Jw.
RE: [vchkpw] queue
On Tue, 2004-08-10 at 13:51, Charles Sprickman wrote: On Thu, 29 Jul 2004, Shane Chrisp wrote: Using the chkusr patch is probably your best option. Another option if all of your mxers are running qmail/vpopmail is to use chkuser, but to protect yourself from the intermittent false negatives it may give, set it's error string to return a temp failure (ie: 450 instead of 550). It's a bit cruel on the sender, but considering the bulk of what it's catching is dictionary spam attacks you might take the risk of pushing the queue load off to the sender. :) Ahhh! Not only that, but if your MySQL replication gets out of sync, you won't give out permanent errors for new(er) users. Rick Charles cheers Shane -Original Message- From: Andras Kende [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 July 2004 2:23 AM To: [EMAIL PROTECTED] Subject: [vchkpw] queue Hello, I use to do catchall for my domain but I had to many spam... I deleted the catchall and set to bounce but now my queue is filling up with junk because can't bounce to fake senders... Is there a settings to avoid this ?? Or should I change bounce to delete ?? Thanks, Andras Kende
Re: [vchkpw] simscan test release: simplified scanner for clamav/spamassassin
I don't have a copy, and don't have time to test right now, but is the rejection based on the score, or the Yes/No? Currently, I'm sending anything over 15 to /dev/null via a maildrop script, but 5 is marked as spam.. Rick On Jul 31, 2004, at 6:40 PM, Ken Jones wrote: Sure, some other folks suggested the same option. Perhaps a configuration option to decide to reject or just process Ken On Saturday 31 July 2004 03:03 pm, Bastiaan van der Put wrote: Ken, Is it possible to scan for spam and use tagging only, not rejecting the msg? Greetings, Bas At 19:43 7/29/2004, you wrote: Here you go Ken The installation instructions are in the INSTALL file On Thursday 29 July 2004 12:18 pm, Shane Chrisp wrote: Please send me a copy Ken. cheers Shane -Original Message- From: Ken Jones [mailto:[EMAIL PROTECTED] Sent: Wednesday, 28 July 2004 1:57 AM To: [EMAIL PROTECTED] Subject: [vchkpw] simscan test release: simplified scanner for clamav/spamassassin Anyone interested in trying simscan before I release it? It is a simplified replacement for qscanq. We have been running it on our server for over a week and it is solid. Like qscanq it can call clamdscan to check for viri. It is invoked via the QMAILQUEUE patch. Differences: - uses configure ; make ; make install-strip - automatically deletes working directories when done - uses one program instead of qscanq's two programs per email - optionally calls spamassassin to reject spam during smtp - optionally blocks list of attachments - does not require svscan - simplified C code (one simscan.c file) If you are interested, please email me directly and I'll send you a tar ball. -- Ken Jones inter7.com
[vchkpw] PHP Password reset script
Hey all, I guess I had to do it myself :P I've created a password reset script for installs that use vqregister to signup users. Please take a look at my PHP and let me know if I hosed anything up. www.havokmon.com/stuff/requestpw.zip Two files, one's for your cgi-bin (or I guess wherever you want it), and the other is the form for your HTML page. Rick
[vchkpw] vqregister / send password
Does anyone have a 'safe' I forgot my password script? I utilize vqregister to allow users to sign-up, so I have their original email address, and I also have a 'secret word' they've provided. phpMember Just does: $result=mysql_fetch_array(mysql_db_query($db_name, SELECT * FROM $tbl_member WHERE login = '$login' )); But that doesn't seem safe to me. The input is never sanitized... especially for vqregister, where a user could potentially pick an already used user name who's been deleted - then I just want the last row, but still - isn't it possible to stick a join in there or something? Any ideas on this subject? Rick
Re: [vchkpw] ack, major problem! numbered subdir incremented too high
On Wed, 2004-06-23 at 14:35, Paul Theodoropoulos wrote: At 12:31 PM 6/23/2004, Jeremy Kitchen wrote: On Wednesday 23 June 2004 02:16 pm, Paul Theodoropoulos wrote: so, if anyone can confirm my speculations, and suggest how to fix it (that's right, i've never inserted data manually into a table!), i'd appreciate the help. phpmyadmin (http://phpmyadmin.sf.net) makes working with mysql very easy :) that it does, but it can also lower your effective security, by creating Yet Another Thing To Crack. but your point is well taken. still - i don't want to hose my entire configuration by entering an incorrect digit into the incorrect place, at the incorrect time, in the incorrect table. or something like that. ;^) .htaccess: deny from All allow from myownIP If they have access to 'myownIP', you're already compromised. But that's just me ;) Rick Paul Theodoropoulos http://www.anastrophe.com
Re: [vchkpw] another dumb question!
On Tue, 2004-05-04 at 10:59, Paul Theodoropoulos wrote: instead of a mass migration and upgrade as i'd originally contemplated, i've simply added a new disk array to my systems to add more space. i've moved many existing domains from the original filer to the new one, simply dropping a symlink in place at the original location - and everything works perfectly, which is great. however, some of my biggest domains are the ones for customers who don't have their own domain. i'm probably not going to migrate those to the new filer, as the downtime while the data transfers would be too long. instead, i'd like to symlink the new numbered subdirectories of those domains to the new filer, so future growth will go there. my question is, can one 'pre-create' the numbered subdirectories, and will vpopmail use them properly, or does vpopmail have to create them itself for them to work? Can you rsync two directories? Then you wouldn't really have the downtime... Paul Theodoropoulos http://www.anastrophe.com
Re: [vchkpw] another dumb question!
On Tue, 2004-05-04 at 11:17, Paul Theodoropoulos wrote: At 09:05 AM 5/4/2004, Rick Romero wrote: Can you rsync two directories? Then you wouldn't really have the downtime... i've never used rsync, have never had a need so never looked into it. rsync can work while a file system is being actively and aggressively modified? e.g. user X is checking email every 30 seconds via pop3, their account receives several new messages per minute - customer checks for new mail while rsync is running, the pop session moves new messages from Maildir/new to Maildir/cur - rsync will understand that, even if it happens while rsync is syncing that part of the filesystem? there's no danger of winding up with duplicate copies in new and cur? There's a delete option when you're running a synch. You can delete from source or destination. So if you set delete on destination, the destination should always match the source when it's done. yeah, i guess these aren't vpopmail questions. shrug :) but anyway, that's not specifically the issue i was asking about. i actually don't want to move the largest domains to the new filer - by leaving most of their data where it is, i can balance load better across more spindles, as opposed to moving all data to the new filer. Ohh. for some reason I was thinking single drive - RAID.. Yeah, then whatever ;) Rick Paul Theodoropoulos http://www.anastrophe.com
Re: [vchkpw] SMTP Slowness
On Mon, 2004-04-26 at 08:42, Chris Miller wrote: Now Ive got another problem with SMTP. When I try to connect, it takes FOREVER to send the welcome message. Go ahead and telnet into rhost1.zfx.com on port 25 and issue a HELO, and youll see what I mean. Just give it a few minutes before you do anything and youll see. After the initial wait, things are fine, but that first part takes forever. I thought that it could be something with DNS, but everything seems fine with DNS. The hostname and reverse DNS entries for the box are in there, and the DNS servers on the server are set correctly so it should be able to resolve its self pretty quickly (the DNS server it uses is on the local box, as is the zone for the domain). Any idea?? Are you running rblsmtpd? Thanks, Chris Miller Compuville www.compuville.net
Re: [vchkpw] Feature request: per-user wildcards/catchall
On Thu, 2004-04-15 at 14:51, Dan Grigsby wrote: Hi, I used qmails per-user wildcard system. Using this, I can do user dash something at host dot com. For example, [EMAIL PROTECTED] I am writing a little hack for myself to rewrite the messages to have a non-wildcard name and add an extra header for the original to that will be called before vdelivermail. check vpopmail's configure: --enable-qmail-ext=y|n enable qmail email address extensions (default no). (Granted my vpopmail is older, but should still be there) Works like a charm for me. Rick
Re: [vchkpw] Re: Tom's fork of vpopmail (and qmailadmin)
On Tue, 2003-09-09 at 12:30, Tom Collins wrote: On Tuesday, September 9, 2003, at 10:07 AM, Ken Jones wrote: Just so everyone knows. Tom Collins is attempting to fork the vpopmail project. He refuses to let me share ownership of the vpopmail and qmailadmin projects on source forge. When I asked him to add me as an owner on the project he said he refuses now and at any time in the future to allow me to share ownership. I have forked ownership since I felt that Inter7 was doing a poor job of maintaining vpopmail and qmailadmin. I readily acknowledge that Ken created vpopmail and qmailadmin. They're GPL projects, so I'm free to fork them if I like. Since moving the projects to SourceForge, we've kept up with submitted patches and bug reports. I feel that making the move was beneficial to the projects themselves and the people that use them. I would agree. snip Ken Jones hasn't contributed to vpopmail and qmailadmin development since March. We've had 12 qmailadmin releases and 7 vpopmail releases since then. Managing the projects on SourceForge keeps everything out in the open, and allows anyone to contribute. IMHO, I think Ken can bring a little more stability to the devel releases. Yes, we KNOW it's a development release, but some of the Changelog entries show a lack of, umm, a polished release. Now, while I didn't have a problem merging my hacks into the latest inter7 devel version, I have yet to grab a sourceforge version simply BECAUSE there are so many releases. I think that may cause problems with testing 5.2.2 in a production environment. While updates from Inter7 were sparse, I definitely felt comfortable running the current devel version. Ken hasn't stated why he wants to be an owner of the project. I'm not sure I understand what he loses out on by being a developer on the project and not an admin. I would call it plain old common courtesy. Nobody wants to see a power struggle, or two vpopmail/qmailadmin projects, but a lot of people are doing great things with these two projects. I find it somewhat unprofessional to fork the project using the same names at sourceforge, and hijack the mailing lists in an effort to steer everyone towards your fork. IMHO if you're going to be King, change your project names (so you don't appear to be intentionally confusing newbies), and don't use this mailing list. Rick -- Tom Collins [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] web based prefs for spamassassin
On Sat, 2003-06-14 at 11:37, Trey Nolen wrote: There is a very nice looking package on Freshmeat (http://www.freshmeat.net) today that allows users to make changes to their Spamassassin preferences via the web. Has anyone tried using it with Vpopmail? Hmm Look at this in config.php: // user_prefs File Location // If you typed file for $prefs_source above, set this // variable // to the location of the user_prefs file. WebUserPrefs doesn't // have authentication modules (yet) so you may want to write //your // own authentication scheme and set this variable accordingly. $user_prefs = user_prefs; It looks like it only works with a single user_prefs file.. If you call spamassassin with -u vpopmail, it's supposed to grab the prefs file from vpopmail/domains/user/.spamassassin. I think the place for this is qmailadmin, but it would probably integrate easier with Horde (I already pass login info to qmailadmin from Horde) or Sqwebmail... I think you need to replace $user_prefs with the full directory, if you're using SQL, it would be easy enough to grab that from the table based on the user's login name - I force users to use their complete email address for login.. If I get around to it, I'm up for giving it a try. (rebuilding a server at the moment..) Rick
Re: [vchkpw] Parse with spamassassin, then honour smtproutes?
On Wed, 2003-05-28 at 07:05, Rick Macdougall wrote: Hi, You can not do it that way. The only way I can see to do it is to set up a dummy sub-domain and forward the mail to that sub-domain... ie - domain.com mx = your server, mail2.domain.com mx = real server .qmail-default = |/usr/bin/spamc -f -u spamd |forward $DEFAULT@mail2.domain.com Regards, Rick I Recently setup a 'forward to existing domain save locally' config for a domain that used a second qmail installtion, and use the 'forward' from that qmail. .qmail-default: | /var/qmail2/bin/forward $DEFAULT@thatdomain.com where /var/qmail2/control/smtproutes: thatdomain.com:205.62.123.123 That'll work...For me, that domain is scanned by SpamAssassin before it's forwarded. Rick Michael Bellears wrote: I have multiple domains running on one server, and have been asked to accept mail for a domain, parse it with spamassassin, then forward to remote mail server. I have tried adding the domain(eg example.com via vqadmin), adding an smtproutes entry, then creating an .qmail-default: |/usr/bin/spamc -f -u spamd |forward $DEFAULT@example.com But the message fails (loops): 2003-05-28 16:33:10.422753500 delivery 10263: failure: This_message_is_looping:_it_already_has_my_Delivered-To_line._(#5.4.6) Regards, MB
RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!
Just because I feel like a smart-ass today.. I suppose the rule about top posting is 'posted' right next to the reverse DNS one? Look at that.. now it's all out of order.. :P On Thu, 2003-03-27 at 10:12, Ron Guerin wrote: On Thu, 2003-03-27 at 11:05, Nick Harring wrote: Rather than questioning why we would refuse to accept from non-reversible hosts, why don't we ask why anyone would set a host up without reverse DNS? Rather than question why you've deliberately broken your mail server, I should explain to you why some people running legit servers don't comply with your arbitrary requirements? A better question is why I'm wasting my time trying to explain things to someone who top-posts and sends HTML to mailing lists. - Ron
Re: [vchkpw] Server Swap Questions
On Mon, 2003-03-17 at 09:08, Tom Walsh wrote: We are investigating the procedure of moving our current mail server to newer (and perhaps more stable) hardware. (The current server expereinces random reboots, which are frustrating to say the least.) Our current configuration is a fBSD 4.2 machine running qmail+vpopmail using tcp.smtp.cdb file rather than db based tcp.smtp.cdb. The vpopmail DBs are located on another server that will not be upgraded, but be reused by the new server. We plan on setting up a new complete server, taking some down time to backup the existing vpopmail mail store (via tar?) restoring that on the new server, and then bringing up the new server. I am looking for someboy that has done this before to provide me with any gotchas that we might encounter. Here are some of the key points I for see: 1) backing up the current vpopmail store and restoring that on the new server and making sure the permissions are correctly assigned on the new server. tar -czvf /home/vpopmail/domains/* domainback.tar.gz (IIRC) 2) contents of tcp.smtp file (whitelists for RBLSMTPd, etc...) I've never needed to play with the tcp.smtp files. 3) anything else I am missing? I did user data in the mysql table also. I am going to write up the entire process to make sure we don't miss anything, but I was alos looking for some input on some of things that I might be missing, or not seeing. Any help is appreciated, I've done this twice. My install is based on Matt Simerson's toaster. I basically setup a new system, manually created the domains, then untar'd(?) the users' data back into the domain directory. The only gotcha I had, was making sure the vpopmail directory information pointed to the same location on the new server. IIRC, mine was first installed into /usr/vpopmail, and the newer version was /home/vpopmail. A symlink does the trick there. Of course, double check that the owner is correct (or do another 'make install' after you've untar'd the users - it'll do a recursive chown). I think that was it. It's easy enough that you can create the new server, move a bunch of user data over, then test it out. Once your sure it's working 'turn off' the old server, backup all the data, restore it on the new, and put the new in place of the old. Unless you want 100% uptime, then you'll have to drop the new one in place BEFORE you restore the current data to it.. But that just feels wrong to me... Rick
Re: [vchkpw] Server Swap Questions
On Mon, 2003-03-17 at 14:43, Phil Goembel wrote: I've been thinking about this too, only for keeping a backup server in sync. I'm wondering if it would make sense to use rsync to syncronize the two servers, and to shut down the mail services while the syncronization is taking place. The idea is to minimize the time the services will be offline. In the case of a backup system, the syncronization would happen at regular intevals. For moving to another server, I would think you could do something like: 1) copy everything over to the new server without shutting down the old server, 2) shut down the old server 3) use rsync to catch any changes that happened since the time you started copying and shutting the server down. 4) connect the new server and start it up I'm a newbie at this, so I won't be hurt if anyone wants to tell me why this is a ridiculous idea. I suspect it may be overkill, for example. I also suspect there may be a simpler way to keep a backup server in sync I assume you wanted this to go to everyone, so I'm replying that way. This is a case where NFS mounts, and MySQL replication would come in handy. Never done it myself though. Rick On Mon, 2003-03-17 at 09:22, Rick Romero wrote: snip I think that was it. It's easy enough that you can create the new server, move a bunch of user data over, then test it out. Once your sure it's working 'turn off' the old server, backup all the data, restore it on the new, and put the new in place of the old. Unless you want 100% uptime, then you'll have to drop the new one in place BEFORE you restore the current data to it.. But that just feels wrong to me... Rick
[vchkpw] 5.3.18 vpopbull -V
A bit of a scare/nuisance, if you use -V , the username gets printed twice. eg: vpopbull -V -f filename domain.com [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] It looks like it's been sent twice. -n -V only prints the domain once. This patch adds some extra text just to show what's happening. --- vpopmail-5.3.18/vpopbull.c Thu Feb 20 13:48:32 2003 +++ vpopmail-5.3.18-vfe/vpopbull.c Fri Mar 7 09:05:51 2003 @@ -175,17 +175,20 @@ if ( !in_exclude_list( fsx, domain, pwent-pw_name) ) { if ( Verbose == 1 ) { -printf([EMAIL PROTECTED], pwent-pw_name, domain); +printf(Working on: [EMAIL PROTECTED], pwent-pw_name, domain); } if ( DoNothing == 0 ) { if(copy_email( fsi, filename, domain, pwent) == 0) { if ( Verbose == 1 ) { -printf([EMAIL PROTECTED], pwent-pw_name, domain); +printf(Success: [EMAIL PROTECTED], pwent-pw_name, domain); } } else { printf([EMAIL PROTECTED]: ERROR COPYING TO %s\n, pwent-pw_name, domain, pwent-pw_dir); } + } + else { +printf(Skipped (-n): [EMAIL PROTECTED], pwent-pw_name, domain); } } }
Re: [vchkpw] 5.3.18 vpopbull -V
It basically sends an email to everyone in a domain. Kind of like Vpop Bulletin. It's great for sending notifications to all users. Rick On Fri, 2003-03-07 at 09:20, Oliver Etzel - GoodnGo.COM (R) wrote: Hi Rick, sorry for that silly question. What does vpopbull do? Oliver Etzel A bit of a scare/nuisance, if you use -V , the username gets printed twice. eg: vpopbull -V -f filename domain.com [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] It looks like it's been sent twice. -n -V only prints the domain once. This patch adds some extra text just to show what's happening.
[vchkpw] Help adding user 'Service Levels'
This is a first attempt at adding user-based Service Levels to my setup in vpopmail. I run vpopmail with MySQL, and so far I'm just trying to change what html templates are displayed by qmailadmin. (basically, the same thing that's done for postmaster and quotas) I've attached two patches to vpopmail-5.3.18 and qmailadmin-1.12, and I was hoping someone could help me :) It seems the default 'svclvl' of 0 is always used, and I'm not sure if it's not pulled from MySQL, or if I've just done something wrong somewhere else. A couple things to note: 1. I'm not a programmer :) (What my look like good works from me, are just modifications of other's works ;) 2. I think it's best if I change that char's to int's, but I started with char because I added the field in MySQL as a char. I haven't gotten back to that part yet, afaics, it should work as is. I'm not sure about: if ( row[8] != 0) strncpy(vpw.pw_svclvl, row[8],SMALL_BUFF); in vmysql.c, row[8] should exist because I do have a clear password (row[7]). I haven't even thrown any basic printf's in there for debugging, so I am REALLY at the beginning of trying to make this work.. (umm, where would they end up? syslog?) So before I really start spending time on it, is anyone else interested is this, and if so.. is there a better, more 'global' way of doing this? I'm not very comfortable with assigning 'Service Levels' directly in the qmailadmin code, but for my own uses it'll work just fine. And if anyone could comment on the patches, and what I did wrong, I'd appreciate it :) I'm not on the qmailadmin list, so I didn't send this there.. I want to make sure my vpopmail code looks right first :) Thanks Rick --- vpopmail-5.3.18/vauth.h Sat Apr 6 08:30:31 2002 +++ vpopmail-5.3.18-vfe/vauth.h Sun Mar 2 19:12:15 2003 @@ -36,6 +36,7 @@ char *pw_dir; /* Home directory. */ char *pw_shell; /* Shell program. */ char *pw_clear_passwd; /* Clear password. */ + char *pw_svclvl; /* Service Level */ }; int vauth_adddomain(char *); --- vpopmail-5.3.18/vmysql.c Mon Jan 27 10:29:15 2003 +++ vpopmail-5.3.18-vfe/vmysql.c Sun Mar 2 19:13:13 2003 @@ -72,6 +72,7 @@ char IDir[SMALL_BUFF]; char IShell[SMALL_BUFF]; char IClearPass[SMALL_BUFF]; +char Isvclvl[SMALL_BUFF]; char EPass[SMALL_BUFF]; char EGecos[SMALL_BUFF]; @@ -327,7 +328,7 @@ uid_t myuid; uid_t uid; gid_t gid; - + vget_assign(domain,NULL,156,uid,gid); myuid = geteuid(); if ( myuid != 0 myuid != uid ) return(NULL); @@ -382,13 +383,15 @@ memset(IDir, 0, sizeof(IDir)); memset(IShell, 0, sizeof(IShell)); memset(IClearPass, 0, sizeof(IClearPass)); - + memset(Isvclvl, 0, sizeof(Isvclvl)); + vpw.pw_name = IUser; vpw.pw_passwd = IPass; vpw.pw_gecos = IGecos; vpw.pw_dir= IDir; vpw.pw_shell = IShell; vpw.pw_clear_passwd = IClearPass; + vpw.pw_svclvl = Isvclvl; if((row = mysql_fetch_row(res_read))) { strncpy(vpw.pw_name,row[0],SMALL_BUFF); @@ -401,7 +404,8 @@ #ifdef CLEAR_PASS if ( row[7] != 0 ) strncpy(vpw.pw_clear_passwd, row[7],SMALL_BUFF); #endif -} else { + if ( row[8] != 0) strncpy(vpw.pw_svclvl, row[8],SMALL_BUFF); + } else { mysql_free_result(res_read); return(NULL); } --- vpopmail-5.3.18/vmysql.h Fri Jan 24 02:30:33 2003 +++ vpopmail-5.3.18-vfe/vmysql.h Mon Mar 3 03:40:41 2003 @@ -45,6 +45,7 @@ pw_dir char(160), \ pw_shell char(20), \ pw_clear_passwd char(16), \ +pw_svclvl char(5), \ primary key (pw_name, pw_domain ) #else #define TABLE_LAYOUT pw_name char(32) not null, \ @@ -54,6 +55,7 @@ pw_gecos char(48), \ pw_dir char(160), pw_shell char(20), \ +pw_svclvl char(5), \ primary key (pw_name, pw_domain ) #endif #else --- qmailadmin-1.0.12/auth.c Tue Aug 6 17:04:59 2002 +++ qmailadmin-1.0.12-vfe/auth.c Mon Mar 3 04:27:46 2003 @@ -143,6 +143,12 @@ vpw = vauth_getpw(Username, Domain); AdminType = NO_ADMIN; + ServiceLevel = 0; + if (strstr(vpw-pw_svclvl, 0)) {ServiceLevel = 0;} + if (strstr(vpw-pw_svclvl, 1)) {ServiceLevel = 1;} + if (strstr(vpw-pw_svclvl, 5)) {ServiceLevel = 5;} + if (strstr(vpw-pw_svclvl, 6)) {ServiceLevel = 6;} + if ( strlen(Domain) 0 ) { if ( strcmp(Username,postmaster)==0 ) { AdminType = DOMAIN_ADMIN; --- qmailadmin-1.0.12/qmailadmin.c Thu Feb 27 14:38:17 2003 +++ qmailadmin-1.0.12-vfe/qmailadmin.c Sun Mar 2 19:45:31 2003 @@ -63,6 +63,7 @@ FILE *color_table; int AdminType; +int ServiceLevel; int MaxPopAccounts; int MaxAliases; int MaxForwards; --- qmailadmin-1.0.12/qmailadminx.h Fri Oct 25 03:33:42 2002 +++ qmailadmin-1.0.12-vfe/qmailadminx.h Sun Mar 2 19:43:43 2003 @@ -48,6 +48,7 @@ extern int num_of_mailinglist; extern int AdminType; +extern int ServiceLevel; extern int MaxPopAccounts; extern int MaxAliases; extern int MaxForwards; --- qmailadmin-1.0.12/user.c Thu Feb 27 18:19:08 2003 +++ qmailadmin-1.0.12-vfe/user.c Mon Mar 3 04:26:02 2003 @@ -345,10
[vchkpw] Quotas
I wanted to mention that when using qmailadmin-1.12 and vpopmail-5.3.18, if I set the quota from qmailadmin to 100MB, the quota is set to 100483292.00 (I'm just guessing on the bytes, but you get the idea). For some reason, I belive the .00 makes vdelivermail bounce email saying the user is over quota. Using vsetuserquota to set the actual # of bytes works fine though. Rick
Re: [vchkpw] Quotas
On Mon, 2003-03-03 at 09:52, Rick Romero wrote: I wanted to mention that when using qmailadmin-1.12 and vpopmail-5.3.18, if I set the quota from qmailadmin to 100MB, the quota is set to 100483292.00 (I'm just guessing on the bytes, but you get the idea). For some reason, I belive the .00 makes vdelivermail bounce email saying the user is over quota. Using vsetuserquota to set the actual # of bytes works fine though. Ok, so here's the code in vpopmail.c (right at the end): char *format_maildirquota(const char *q) { int i; int per_user_limit; static chartempquota[500]; /* translate the quota to a number, or leave it */ i = strlen(q) - 1; tempquota[0] = '\0'; /* make sure tempquota is 0 length */ if(strstr(q, ,) == NULL q[i] != 'S') { per_user_limit = atol(q); for(i=0;q[i]!=0;++i) { if ( q[i] == 'k' || q[i] == 'K' ) { per_user_limit = per_user_limit * 1024; snprintf(tempquota, 500, %dS, per_user_limit); break; } if ( q[i] == 'm' || q[i] == 'M' ) { per_user_limit = per_user_limit * 1048576; sprintf(tempquota, %dS, per_user_limit); break; } } Maybe this isn't the problem... but if per_user_int is initialized as an int, should atol be atoi? Though, supposedly atol() should stop 'converting' at the period anyways.. Maybe it's crashing? Rick
Re: [vchkpw] Help adding user 'Service Levels'
Whoop.. I'm a dork. I miscounted columns, and assumed the SELECT in vmysql.c just grabbed them all. It's working now :) (But if anyone is interested in more, or has any ideas on a better way to do it, let me know) Rick On Mon, 2003-03-03 at 09:48, Rick Romero wrote: This is a first attempt at adding user-based Service Levels to my setup in vpopmail. I run vpopmail with MySQL, and so far I'm just trying to change what html templates are displayed by qmailadmin. (basically, the same thing that's done for postmaster and quotas) I've attached two patches to vpopmail-5.3.18 and qmailadmin-1.12, and I was hoping someone could help me :) It seems the default 'svclvl' of 0 is always used, and I'm not sure if it's not pulled from MySQL, or if I've just done something wrong somewhere else. A couple things to note: 1. I'm not a programmer :) (What my look like good works from me, are just modifications of other's works ;) 2. I think it's best if I change that char's to int's, but I started with char because I added the field in MySQL as a char. I haven't gotten back to that part yet, afaics, it should work as is. I'm not sure about: if ( row[8] != 0) strncpy(vpw.pw_svclvl, row[8],SMALL_BUFF); in vmysql.c, row[8] should exist because I do have a clear password (row[7]). I haven't even thrown any basic printf's in there for debugging, so I am REALLY at the beginning of trying to make this work.. (umm, where would they end up? syslog?) So before I really start spending time on it, is anyone else interested is this, and if so.. is there a better, more 'global' way of doing this? I'm not very comfortable with assigning 'Service Levels' directly in the qmailadmin code, but for my own uses it'll work just fine. And if anyone could comment on the patches, and what I did wrong, I'd appreciate it :) I'm not on the qmailadmin list, so I didn't send this there.. I want to make sure my vpopmail code looks right first :) Thanks Rick
Re: [vchkpw] 5.3.18 / bandwidth limits
Quoting Jesse Guardiani [EMAIL PROTECTED]: On Friday 21 February 2003 16:04, Bill Shupp wrote: On Friday, February 21, 2003, at 10:26 AM, Jesse Guardiani wrote: Bill, Maybe this would be a good time to ask this question (I've asked it once before, but never got an answer): How does the development/production releas process work here? When does inter7 release a new production version? Is there back porting involved? Or does inter7 one day say, hey, I think we should release a new production release! Just like most OSS packages. When it's ready. Ken makes the call, I just organize development releases. Backporting is only done if there is a major bug found, but the dev release isn't ready for production yet. I did this with the vgetent problems in 5.2, for example. That's the only time I'm aware of it, though. I'm not try to be a smart A#% or anything, but how do you know it's ready if you keep adding new functionality? Is there a scheduled code freeze? Hopefully 5.3.18 won't be frozen until line 1258 in vdelivermail.c is 'trimmed' :) It just something that shouldn't be in the final, and, IMHO, is easier to trim now than later. Is anyone working on bandwidth limits? I was thinking the existing quota code (that utilized maildirsize) would work well. For example, there would be a 'bandwidthused' file in the user's maildir folder , that would be updated along with maildirsize, but add mm to it. So my maildirsize has: 1S 42386940 5111 And my bandwidthused (if I never retrieved/delete email) would be 1S 42386940 5111 022003 The date would just be rolled over to the next month if it doesn't match the current month. Does that sound feasible? Rick
Re: [vchkpw] vpopmail 5.3.18 with --enable-vlimits
Quoting Brian Kolaci [EMAIL PROTECTED]: Ahh, good catch. I increased limits table structure to about twice its original size, (more items added) and since my table already existed, I didn't encounter the buffer overflow. Since the original create failed, you'll need to delete and add the domain again to get the row added to the table. I guess another limit we can add would be Rick's request for a monthly bandwidth limitation per domain (or user?). I was thinking user.. In my own environment, I use Isoqlog to watch domains, but users aren't 'summed' up by month. I figured (note, I haven't actually looked at the code ;) maildirsize.* could be copied to bandwidthsize.*, trimmed (we don't need directories), and a date added. I only mentioned it first, because I saw the 'naughty' word in vdelivermail.c, and I figured I'd 'air' my quota thoughts :) Not that I'm a prude or anything, most of my first applications' variable names consisted of f**kthis,f**that... Yes, those were real var names :) Good thing those were small programs. I stopped doing that after one of the 'real' programmers (I'm a network guy), told me he used a 'choice phrase' for a 'This should never happen' message, and a client managed to create that error.. whoops. Sorry.. very babbly today.. must go socialize with adults :) Rick Brian solved. increasing vmysql.c: SQL_BUF_SIZE to 2000 fixed it. however i do get delivery 6: success: vnysql:_can't_find_limits_for_domain_'test.com'/did_0+0+1/ (with a type in it too.. vnysql = vmysql) shouldn't it add some defaults when calling vadddomain ? -- Best Regards, Justin
Re: [vchkpw] 5.3.17
On Thu, 2003-02-20 at 15:40, Andrew Kohlsmith wrote: Thanks for the update! I'm running running vpopmail 5.2.1 and it's been running great for me! I know I need to upgrade to 5.3.x to be able to use SpamAssassin but outside of that is it safe or ok for me to stick with 5.2.1 for the time being? I'm running it with qmail 1.03. You don't need 5.3.x to run SpamAssassin -- I've been running 5.2.x with SA for quite some time now (a year?) by using Procmail -- actually the procmail option is better IMO since I can stuff the spam into a separate mailbox for the users, and use SquirrelMail to view the spam folder. Or, you can also run it with Qmail-Scanner. Then SpamAssassin will automatically scan every email that comes through qmail. Less customizable than the above..Currently, I just stick the headers in the message, and let the users filter them. Rick Good for integration though, I will admit. Are there any compelling reasons for me to upgrade to the 5.3.x level from 5.2.1? I guess I'm scared of breaking something :) 5.3.x are developmental releases... they shouldn't be used on production servers without fair warning. :-) Regards, Andrew