Re: [vchkpw] Courier support

[ISP Lists]

Where's the best documentation to migrate off of Courier?
I presume Dovecot is the favored IMAP now for Vpopmail?
Any known issues in making this switch?

 Matt Brookings wrote:
 My question is this: Courier-IMAP has dropped us, should we drop
Courier-IMAP?

 Most definitely Yes!

 







!DSPAM:49ba554232689351814391!

[vchkpw] chkuser 2.0b - somes false positives

[ISP Lists]

A system that's been running with 9000 users is now experiencing
intermittent false positives when checking for invalid recipients.  It's
allowing invalid recipients sometimes.  I cannot find a pattern.

Any guess on areas that might be culprits?  Does chkuser have a default
permit behavior if it cannot reach IMAP or Sql?  Not sure if there's a
resource issue on the machine yet.

Mysql backend, linux, courier imap, vpopmail 5.4.17, chkuser 2.08b

Thanks.


!DSPAM:497e28c432685692751208!

[vchkpw] How to route local delivery through a separate SMTP spam scanner

[ISP Lists]

A customer has challenged whether this can be done...

Anti-SPAM appliances A, B, and C are available on an internal LAN
via DNS round-robin through SMTP at appliance.example.com

VPOPMAIL server D is on the same LAN.

Customer has had a few local accounts that had their password guessed and
spammers sent spam through webmail.

S

We're considering doing something inline to the delivery process that
would 1) accept the authenticated user's email for remote/local delivery,
2) force that delivery off of box D to A-C over SMTP in ALL cases (not
just remote), 3) Scan on A-C, 4) return the inbound (local) mail back to
D for further delivery to the locals.

I realize this is pretty insane, but the customer isn't excited about
adding a local spam daemon to D and would like to leverage the
investment in the appliances A-C to control for local delivery abuses. 
The appliances are doing a nice job on SMTP scanning, but the vendor says
that their appliance does not have a port listener (like a spamd daemon)
that could answer a stream request - thus only SMTP will do.

Ideas?  THANKS!  Dave.


!DSPAM:48223e3e120508248733278!

RE: [vchkpw] How to route local delivery through a separate SMTP spam scanner

[ISP Lists]

/me thumps head Very cool!  Thanks for the idea on options!


 It can be done quite easily.


 Two options:


 Preferred:

 Configure webmail to send messages directly to the appliances.



 Alternatively:

 Install a dumb SMTP mailer on D that listens on a port other than 25.
 Configure that dumb-mailer to forward all mail to the appliances.
 Configure
 webmail to send messages to the dumb mailer's listening port.


 webmail -SMTP- D dumb-mailer listening on tcp:125(example) -SMTP-
 appliances via static SMTP route -SMTP- back to D tcp:25 via static
 SMTP
 route for local deliveries





 -Original Message-
 From: ISP Lists [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, May 07, 2008 4:41 PM
 To: vchkpw@inter7.com
 Subject: [vchkpw] How to route local delivery through a separate SMTP spam
 scanner

 A customer has challenged whether this can be done...

 Anti-SPAM appliances A, B, and C are available on an internal LAN
 via DNS round-robin through SMTP at appliance.example.com

 VPOPMAIL server D is on the same LAN.

 Customer has had a few local accounts that had their password guessed and
 spammers sent spam through webmail.

 S

 We're considering doing something inline to the delivery process that
 would 1) accept the authenticated user's email for remote/local delivery,
 2) force that delivery off of box D to A-C over SMTP in ALL cases (not
 just remote), 3) Scan on A-C, 4) return the inbound (local) mail back to
 D for further delivery to the locals.

 I realize this is pretty insane, but the customer isn't excited about
 adding a local spam daemon to D and would like to leverage the
 investment in the appliances A-C to control for local delivery abuses.
 The appliances are doing a nice job on SMTP scanning, but the vendor says
 that their appliance does not have a port listener (like a spamd daemon)
 that could answer a stream request - thus only SMTP will do.

 Ideas?  THANKS!  Dave.





 





!DSPAM:48225a58120502068847775!

Re: [vchkpw] Distribute Qmail + Vpopmail bundle

[ISP Lists]

 Joshua Megerman wrote:
 On Saturday 23 February 2008 01:55:14 pm Nick Bright wrote:
 While the qmail sources are available, it is not GPL. It's my
 understanding that the way qmail is licensed specifically forbids
 repackaging.

 Um, no.  As the original poster stated qmail is now in the public
 domain,
 which means there is not only no restrictions to its distribution,
 there's
 not even any license anymore.

 Well, that is excellent. I was not aware that it had been placed into
 the public domain.

 Perhaps now someone could get a project together with some traction to
 integrate all of the best patches into qmail and make a technologically
 recent package that doesn't have to have 15 patches applied to get
 anything resembling a recent feature set.


Are you aware of the netqmail project or Bill Shupp's qmail toaster project?
Easily googled if you weren't.


 I for one would love to see inter7 take the lead on such a project, as
 they have a proven track record and as far as I can tell, know qmail
 quite well.


 And please try not to top-post :)

 I'll never understand why people don't like top posting. I find it
 easier to read, but lets not get OT on this; I'm sure it's been argued
 about before.


 Josh

 





!DSPAM:47c4001f31054114656!

Re: [vchkpw] OT: Which RBLsmtpd lookups are you using?

[ISP Lists]

 Adi Pircalabu wrote:
 On Fri, 01 Feb 2008 07:33:53 +1000 Quey wrote:


 dnsbl.sorbs.net
 bl.spamcop.net


 Don't use these to reject connections at SMTP level, they give many
 false-positives. Eventually use them only after queueing, and only to
 increase the spam score.
 zen.spamhaus.org and list.dsbl.org, au contraire, are much better
 choices for rblsmtpd.

 My 0,02RON


 each to our own, I dont consider they give many false positives at all,
 not in this part of the world, but of course it may be different for
 where you are,  however even with the acceptable FP's they *may* give,
 the massive reduction in spam makes it completely worth it.
 The more they hit there, the less work MailScanner has to do, it can use
 system resources just to scan for viruses and phishing and of course
 whatever spam it detects that get past the RBL's  :-)

 A good thing to do as well  which also dramatically reduces spam, is
 enforce DNS forward and reverse, if someone can't be bothered making
 sure their mail server is RFC compliant, then I am under no obligation
 to allow my servers to accept connections from them.



 



My thanks to everyone who contributed!  I'm on zen.spamhaus.org now! 
Noticed at least some increase in stopped connections at smtpd!  A good
thing, in my review.  I'll research FPs for downside.  Thanks!




!DSPAM:47a381a0310549759113929!

[vchkpw] OT: Which RBLsmtpd lookups are you using?

[ISP Lists]

Which RBLsmtpd references are you using in your smtpd listeners and why?
(example sbl-xbl.spamhaus.org in /var/qmail/supervise/qmail-smtp/run)


!DSPAM:47a1f0e1310547134712337!

[vchkpw] OT: Webmail trends for vpopmail/qmail/IMAP

[ISP Lists]

Off-topic, perhaps respond off-list?

What are the hot applications in F/OSS webmail that start to move towards
AJAX  clients (yahoo! mail beta, gmail) that might function well on a
vpopmail/qmail/IMAP infrastructure?  I looked at Sourceforge and didn't
see much that would leap past squirrelmail.



!DSPAM:477d4215310543745219514!

Re: [vchkpw] OT: Webmail trends for vpopmail/qmail/IMAP

[ISP Lists]

 ISP Lists wrote:
 Off-topic, perhaps respond off-list?

 What are the hot applications in F/OSS webmail that start to move
 towards
 AJAX  clients (yahoo! mail beta, gmail) that might function well on a
 vpopmail/qmail/IMAP infrastructure?  I looked at Sourceforge and didn't
 see much that would leap past squirrelmail.


 We use RoundCube in addition to Squirell.

 http://roundcube.net/

 Regards,

 Rick


 



Thanks Rick, good stuff!  Any other ideas are most appreciated.


!DSPAM:477d4fd9310541599016348!

Re: [vchkpw] courier maildirfolder files

[ISP Lists]

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 ISP Lists wrote:
 Therefore, to fix a partially failed rsync during a migration, I should
 use the following rules:

 /Maildir/.Sent|.Drafts|.Trash/maildirfolder
 is NOT correct usage

 /Maildir/.MyFolder/maildirfolder
 is NOT correct usage

 /Maildir/.MyFolder.MySubFolder/maildirfolder
 IS correct usage.

 I'm not sure what you're saying here about incorrect usage.  maildirfolder
 files must exist under any folder directory you wish Courier-IMAP to
 honor.


 Is the presence of 'maildirfolder' in subfolders actually MANDATORY for
 IMAP to function properly?

 Not for IMAP, for Courier-IMAP.  I'm sure you knew that, but I figured I'd
 be
 a little more technical on this point for anyone else who may not have
 caught
 that.
 - --
 /*
 Matt Brookings [EMAIL PROTECTED]   GnuPG Key ABA26FE7
 Software developer Systems technician
 Inter7 Internet Technologies, Inc. (815)776-9465
 */
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.2.6 (GNU/Linux)
 Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org

 iD8DBQFHTzBeYaj0Mauib+cRAhsDAJ0TYcF6vqbndnV5Pe+nIsIC1CthCgCgmkrN
 xE/PM6o3fJZTkthW6gFHtr4=
 =E+3Q
 -END PGP SIGNATURE-


Matt, thanks for your post, the answer surprises me.  Is there a resource
you can recommend?  I hadn't anticipated that 'maildirfolder' is a
requirement for all folders; by inspection, my existing vpopmail/courier
kit seems to run fine with very few 'maildirfolder' files that don't seem
to conform to any particular methodology/rule.  Thus the basis for my
confusion.
Again, I really appreciate the help!
Dave.




!DSPAM:474f442732002376413044!

Re: [vchkpw] Problem compiling courier-auth 0.59.3+

[ISP Lists]

Some very smart person - I'm REALLY sorry I cannot easily find the link to
give proper credit - posted this patch out there a few weeks ago.  I
don't think it's become mainstream yet, but I literally just went through
the same problem with authlib 0.59.3 and vpopmail 5.4.17.   Yes, the patch
works; no I don't know why.

the patch I used came from discussion here:
http://www.mail-archive.com/vchkpw@inter7.com/msg24923.html

I tried to google for the filename of the patch below but I think it's a
filename I made up...  I was in a rush to get something built, so my notes
are incomplete.  Bad dog, I know.

Meanwhile, here's the patch code
===
--- courier-authlib-0.59.3/authvchkpw.c 2007-04-22 20:53:30.0 +0200
+++ courier-authlib-0.59.3b/authvchkpw.c2007-04-25
17:53:58.908980669 +0200
@@ -55,16 +55,19 @@
return (*i-callback_func)(a, i-callback_arg);
 }

 #if HAVE_HMACLIB

 #includelibhmac/hmac.h
 #includecramlib.h

+static int auth_vchkpw_login(const char *service, char *authdata,
+int (*callback_func)(struct authinfo *, void *), void
*callback_arg);
+

 static int auth_vchkpw_cram(const char *service,
const char *authtype, char *authdata,
int (*callback_func)(struct authinfo *, void *),
void *callback_arg)
 {
 struct  cram_callback_info  cci;
===

And how I build the authlib for my system

cd /usr/src/qmail
wget
http://superb-west.dl.sourceforge.net/sourceforge/courier/courier-authlib-0.59.3.tar.bz2
bunzip2 courier-authlib-0.59.3.tar.bz2
tar xf courier-authlib-0.59.3.tar
chown -R root.root courier-authlib-0.59.3
cd courier-authlib-0.59.3
wget http://www.dermanagement.com/qmail/courier-0.59.3-authvchkpw.patch
patch  courier-0.59.3-authvchkpw.patch

./configure \
  --prefix=/usr/local/courier-authlib \
  --without-authpam \
  --without-authldap \
  --without-authpwd \
  --without-authmysql \
  --without-authpgsql \
  --without-authshadow \
  --without-authuserdb \
  --without-authcustom \
  --without-authcram \
  --without-authpipe \
  --with-authdaemon \
  --with-redhat \
  --with-authvchkpw




Good luck.
Dave.



 I can compile courier-authlib version 0.59.2 or lower just fine with
 vpopmail
 5.4.17 but I cannot get newer versions to compile.  I tried asking on the
 courier-imap list but they say not our problem.

 Here's the errors:

 --

 authvchkpw.c: In function 'auth_vchkpw_login':
 authvchkpw.c:40: warning: empty declaration
 authvchkpw.c:43: error: expected '=', ',', ';', 'asm' or '__attribute__'
 before '{' token
 In file included from authvchkpw.c:63:
 libhmac/hmac.h:15: error: storage class specified for parameter
 'hmac_h_rcsid'
 libhmac/hmac.h:15: error: parameter 'hmac_h_rcsid' is initialized
 libhmac/hmac.h:50: warning: empty declaration
 libhmac/hmac.h:54: error: storage class specified for parameter 'hmac_md5'
 libhmac/hmac.h:54: error: storage class specified for parameter
 'hmac_sha1'
 libhmac/hmac.h:54: error: storage class specified for parameter
 'hmac_sha256'
 libhmac/hmac.h:61: error: storage class specified for parameter
 'hmac_list'
 In file included from authvchkpw.c:64:
 cramlib.h:17: warning: empty declaration
 cramlib.h:19: error: storage class specified for
 parameter 'auth_cram_callback'
 cramlib.h:26: warning: empty declaration
 authvchkpw.c:71: error: expected '=', ',', ';', 'asm' or '__attribute__'
 before '{' token
 authvchkpw.c:87: error: expected '=', ',', ';', 'asm' or '__attribute__'
 before '{' token
 authvchkpw.c:106: error: expected '=', ',', ';', 'asm' or '__attribute__'
 before '{' token
 authvchkpw.c:170: error: expected '=', ',', ';', 'asm' or '__attribute__'
 before '{' token
 authvchkpw.c:177: error: expected '=', ',', ';', 'asm' or '__attribute__'
 before '{' token
 authvchkpw.c:227: error: parameter 'authvchkpw_info' is initialized
 authvchkpw.c:229: error: 'auth_vchkpw' undeclared (first use in this
 function)
 authvchkpw.c:229: error: (Each undeclared identifier is reported only once
 authvchkpw.c:229: error: for each function it appears in.)
 authvchkpw.c:231: error: 'authvchkpwclose' undeclared (first use in this
 function)
 authvchkpw.c:232: error: 'auth_vchkpw_changepass' undeclared (first use in
 this function)
 authvchkpw.c:238: error: expected '=', ',', ';', 'asm' or '__attribute__'
 before '{' token
 authvchkpw.c:240: error: old-style parameter declarations in prototyped
 function definition
 authvchkpw.c:240: error: expected '{' at end of input
 make[2]: *** [authvchkpw.lo] Error 1
 make[2]: Leaving directory `/netsrc/courier-authlib-0.59.3.20070721'

 --

 This is NOT just for the pre-release, before anyone asks.  I tried it
 because
 they mentioned some authvchkpw fixes.

 --
 --
 Cheers,
 Steve

Re: [vchkpw] Problem compiling courier-auth 0.59.3+

[ISP Lists]

Crud, NO that is not the correct link for what I thought was the patch
source.

OK, I found it! It's in French, that's why it's kinda hard to find.  You
can run this page through Babelfish and get something readable, but the
patch originated from this page

http://christian.caleca.free.fr/qmail/courier-imap.htm

Credit due.

D.




 Some very smart person - I'm REALLY sorry I cannot easily find the link to
 give proper credit - posted this patch out there a few weeks ago.  I
 don't think it's become mainstream yet, but I literally just went through
 the same problem with authlib 0.59.3 and vpopmail 5.4.17.   Yes, the patch
 works; no I don't know why.

 the patch I used came from discussion here:
 http://www.mail-archive.com/vchkpw@inter7.com/msg24923.html

 I tried to google for the filename of the patch below but I think it's a
 filename I made up...  I was in a rush to get something built, so my notes
 are incomplete.  Bad dog, I know.

 Meanwhile, here's the patch code
 ===
 --- courier-authlib-0.59.3/authvchkpw.c 2007-04-22 20:53:30.0
 +0200
 +++ courier-authlib-0.59.3b/authvchkpw.c2007-04-25
 17:53:58.908980669 +0200
 @@ -55,16 +55,19 @@
 return (*i-callback_func)(a, i-callback_arg);
  }

  #if HAVE_HMACLIB

  #includelibhmac/hmac.h
  #includecramlib.h

 +static int auth_vchkpw_login(const char *service, char *authdata,
 +int (*callback_func)(struct authinfo *, void *), void
 *callback_arg);
 +

  static int auth_vchkpw_cram(const char *service,
 const char *authtype, char *authdata,
 int (*callback_func)(struct authinfo *, void
 *),
 void *callback_arg)
  {
  struct  cram_callback_info  cci;
 ===

 And how I build the authlib for my system

 cd /usr/src/qmail
 wget
 http://superb-west.dl.sourceforge.net/sourceforge/courier/courier-authlib-0.59.3.tar.bz2
 bunzip2 courier-authlib-0.59.3.tar.bz2
 tar xf courier-authlib-0.59.3.tar
 chown -R root.root courier-authlib-0.59.3
 cd courier-authlib-0.59.3
 wget http://www.dermanagement.com/qmail/courier-0.59.3-authvchkpw.patch
 patch  courier-0.59.3-authvchkpw.patch

 ./configure \
   --prefix=/usr/local/courier-authlib \
   --without-authpam \
   --without-authldap \
   --without-authpwd \
   --without-authmysql \
   --without-authpgsql \
   --without-authshadow \
   --without-authuserdb \
   --without-authcustom \
   --without-authcram \
   --without-authpipe \
   --with-authdaemon \
   --with-redhat \
   --with-authvchkpw




 Good luck.
 Dave.



 I can compile courier-authlib version 0.59.2 or lower just fine with
 vpopmail
 5.4.17 but I cannot get newer versions to compile.  I tried asking on
 the
 courier-imap list but they say not our problem.

 Here's the errors:

 --

 authvchkpw.c: In function 'auth_vchkpw_login':
 authvchkpw.c:40: warning: empty declaration
 authvchkpw.c:43: error: expected '=', ',', ';', 'asm' or '__attribute__'
 before '{' token
 In file included from authvchkpw.c:63:
 libhmac/hmac.h:15: error: storage class specified for parameter
 'hmac_h_rcsid'
 libhmac/hmac.h:15: error: parameter 'hmac_h_rcsid' is initialized
 libhmac/hmac.h:50: warning: empty declaration
 libhmac/hmac.h:54: error: storage class specified for parameter
 'hmac_md5'
 libhmac/hmac.h:54: error: storage class specified for parameter
 'hmac_sha1'
 libhmac/hmac.h:54: error: storage class specified for parameter
 'hmac_sha256'
 libhmac/hmac.h:61: error: storage class specified for parameter
 'hmac_list'
 In file included from authvchkpw.c:64:
 cramlib.h:17: warning: empty declaration
 cramlib.h:19: error: storage class specified for
 parameter 'auth_cram_callback'
 cramlib.h:26: warning: empty declaration
 authvchkpw.c:71: error: expected '=', ',', ';', 'asm' or '__attribute__'
 before '{' token
 authvchkpw.c:87: error: expected '=', ',', ';', 'asm' or '__attribute__'
 before '{' token
 authvchkpw.c:106: error: expected '=', ',', ';', 'asm' or
 '__attribute__'
 before '{' token
 authvchkpw.c:170: error: expected '=', ',', ';', 'asm' or
 '__attribute__'
 before '{' token
 authvchkpw.c:177: error: expected '=', ',', ';', 'asm' or
 '__attribute__'
 before '{' token
 authvchkpw.c:227: error: parameter 'authvchkpw_info' is initialized
 authvchkpw.c:229: error: 'auth_vchkpw' undeclared (first use in this
 function)
 authvchkpw.c:229: error: (Each undeclared identifier is reported only
 once
 authvchkpw.c:229: error: for each function it appears in.)
 authvchkpw.c:231: error: 'authvchkpwclose' undeclared (first use in this
 function)
 authvchkpw.c:232: error: 'auth_vchkpw_changepass' undeclared (first use
 in
 this function)
 authvchkpw.c:238: error: expected '=', ',', ';', 'asm' or
 '__attribute__'
 before '{' token
 authvchkpw.c:240: error: old-style parameter declarations in prototyped
 function definition
 authvchkpw.c:240: error: expected '{' at end of input
 

[vchkpw] Alternate routing for failed send

[ISP Lists]

I had a case where a single destination SMTP MX server was denying my send
request from what appeared to be an IP range-based RBL blacklist.  Nobody
elses MXs levered that blacklist, so I only had the one problem delivery.

I was able to mockup a gateway on another server of mine in another IP
block and I temporarily used 'smtproutes' to clear my queue for that
issue.

Q: What solutions are being used in the wild to deal with this kind of case?

I could see an 'smtproutes' file that uses a :farm.of.hostnames.tld in
order to send your outbound email through a farm of servers in diverse
netblocks, but that implies a bit more scale than I can offer/afford.

I don't believe there's any available logic that says something like
after a message is SMTP-connect-refused XX times, please try alternate
send path via 'othersmtproutes'  That's probably more overhead than
value, but it occurred to me...

Feedback is most welcome.  (Please let me know if this is more appropriate
for the qmail list than vpopmail.)

Dave

[vchkpw] Anti-spam solution - favs?

[ISP Lists]

I've got vpopmail/netqmail built using typical clamav and spamassassin
(clamd, spamd).  I've got XBL filtering and CHKUSER enabled on smtp.  I'm
actively training my Bayes filters.  I do not use verified sender or SPF.

Spamassassin's local.cf look like this:

required_score 6
rewrite_header Subject [SPAM]
report_safe 0
use_pyzor 0
use_razor2 1
use_dcc 0
dcc_home /var/dcc
skip_rbl_checks 0
rbl_timeout 3
score RCVD_IN_BL_SPAMCOP_NET 2
use_bayes 1
bayes_auto_learn 1
bayes_path /home/spamd/.spamassassin/bayes


I STILL find a good bit of spam is getting through. (pharma, mortgages,
stock hype, etc)

I wonder whether there are other/better anti-spam tools I should use to
cull the spam more effectively.  Suggestions most welcome.

[vchkpw] announce: bantcp for CHKUSER patch

[ISP Lists]

I wanted to announce a little script project I'm starting called 'bantcp'.

I got frustrated by a dictionary attack on one of my domains.  Tonix'
CHKUSER patch did it's job in repelling the offending IPs (who were not
already RBLd) but I wanted more.

I wanted a (semi-)automated way to extract the attacking IPs from my qmail
logs and insert them into my tcp.smtp file using selection criteria based
upon how many attacks had been made from an IP during a specific window of
time.  I felt this was a way to prevent further abuse from these IPs.

bantcp is version 0.01   It's a cobbling of bash and perl to provide the
output suitable for pasting into your tcp.smtp file.  It's not terribly
elegant yet, but I'm hoping for some suggestions.

Flames are welcome too, though please be kind.  I'm not a coder.  I'm also
guessing that a 'sed/awk' guru could tighten bantcp up a lot - maybe kill
off the perl jumps altogether.

http://www.bantcp.com/

Thanks,
Dave.

[vchkpw] CHKUSER 2.0.8b - banning IPs into tcp.smtp

[ISP Lists]

CHKUSER 2.0.8b on qmail 1.03 and vpopmail 5.4.10.

I LOVE that CHKUSER can single out the unknown recipients and block the
offending SMTP session - big traffic control helper!  However, I've got
one domain that's really being hit hard by dictionary attacks.  Some
attack traffic is a few hits from many IPs, other traffic is many hits
from few IPs.

What I'd like to do is get something that's like an IDS that reads log
output for CHKUSER rejections - currently only outputting to

/var/log/qmail/smtp/current

and have that information parsed for the specific domain and have the
offending sender IP stuffed into a database (probably with a timestamp). 
Then I would build some scripted logic to query the database to figure out
if I've been hit N number of times from an IP in a certain window of time;
thus the trigger to update tcp.smtp with the offender.

I think I might go ahead and just compile the tcp.smtp at each pass,
that way I can keep tcp.smtp as compact as possible.  Those who've stopped
being naughty are taken off the blocklist eventually.  Almost an RBL
mentality I guess.  (and yes, I AM running with the Spamhaus RBL also).

I gotta believe some smart person already built this, but I don't know if
it's called something specific.  Big challenge for me is how to keep an
eye on a logfile for any particular time (particularly given DJB's arcane
date values in the above log file) and not end up reprocessing data I've
already seen.

Help appreciated and thanks!
Dave.

[vchkpw] How expensive is reloading the tcp.smtp.cdb?

[ISP Lists]

Related to my earlier post, how expensive is it - resource-wise - to
reload a tcp.smtp file of 100-1000 lines?

If I have processing that is updating tcp.smtp every 5-10 minutes and I
choose to reload the cdb from that tcp.smtp, is that a bad idea?

The qmailctl cdb command runs very fast for me now, but I don't have any
idea what impact it has on any smtpd instances having to restart or
re-read.

Anyone know?

[vchkpw] Spotty behavior authenticating: MySQL server has gone away

[ISP Lists]

Something peculiar happened to mysql during a reboot and now vpopmail
authdaemond is having trouble completing authentications

/var/log/maillog says:

Aug 24 08:36:15 hostname authdaemond: vmysql: sql error[3]: MySQL server
has gone away


This problem is spotty though.  I have several successful authentications
before this error occurs.  I then have to restart mysqld before I can get
any other authentications to succeed.  I am still able to use the mysql
client to connect to the server for an interactive session.

What seems strange to me is that there are only two mysql daemons running:

root 23923  0.0  0.1  5060 1108 pts/0S09:13   0:00 /bin/sh
/usr/bin/safe_mysqld --defaults-file=/etc/my.cnf
--pid-file=/var/run/mysqld/mysqld.pid

mysql23956  0.0  0.5 38620 5656 pts/0Sl   09:13   0:00
/usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedir=/var/lib
--datadir=/var/lib/mysql --user=mysql
--pid-file=/var/run/mysqld/mysqld.pid --skip-locking


Every other instance of mysql 3.23.x I've ever run has about 10 child
threads running, so this seems strange to see only one child thread.

I have not updated any packages on this box recently.  None at all, I swear.

Suggestions to investigate?  Googling on the MySQL server has gone away
is a wild goose chase.

Re: [vchkpw] Spotty behavior authenticating: MySQL server has gone away

[ISP Lists]

 Something peculiar happened to mysql during a reboot and now vpopmail
 authdaemond is having trouble completing authentications

 /var/log/maillog says:

 Aug 24 08:36:15 hostname authdaemond: vmysql: sql error[3]: MySQL server
 has gone away


 This problem is spotty though.  I have several successful authentications
 before this error occurs.  I then have to restart mysqld before I can get
 any other authentications to succeed.  I am still able to use the mysql
 client to connect to the server for an interactive session.

 What seems strange to me is that there are only two mysql daemons running:

 root 23923  0.0  0.1  5060 1108 pts/0S09:13   0:00 /bin/sh
 /usr/bin/safe_mysqld --defaults-file=/etc/my.cnf
 --pid-file=/var/run/mysqld/mysqld.pid

 mysql23956  0.0  0.5 38620 5656 pts/0Sl   09:13   0:00
 /usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedir=/var/lib
 --datadir=/var/lib/mysql --user=mysql
 --pid-file=/var/run/mysqld/mysqld.pid --skip-locking


 Every other instance of mysql 3.23.x I've ever run has about 10 child
 threads running, so this seems strange to see only one child thread.

 I have not updated any packages on this box recently.  None at all, I
 swear.

 Suggestions to investigate?  Googling on the MySQL server has gone away
 is a wild goose chase.






Hrm, rebooting the box seems to have helped.  Still same number of mysql
daemons, but they're answering now...  Damned strange.  dmesg on reboot
didn't show any ext3 errors being fixed - I was wondering if this was a
disk thing.

Thoughts still welcome and appreciated on this.

[vchkpw] SMTP-AUTH works POP3 not SMTPd?

[ISP Lists]

sys: Fedora core3, manually compiled vpopmail 3.4.10, RPM Mysql 3.23.59?,
compiled courier imap 4.0.2, compiled qmail-1.03, patched
qmail-ej-cocktail-14.tar.gz, manually patched Tonix' chkuser 2.0.

I have installed vpopmail with roaming/SMTP-AUTH before, again using
Michael Bowe's webmail guide.  SMTP-AUTH is failing authentication and I
cannot tell why.

I had created the qmail install with Tonix' chkuser patch and saved that
qmail-smtpd binary.  Substituting between the original and the Tonix
patched qmail-smtpd binaries does not seem to change the behavior.

compiled vpopmail as:

./configure \
  --enable-roaming-users \
  --enable-logging=p \
  --disable-passwd \
  --enable-clear-passwd \
  --disable-domain-quotas \
  --enable-auth-module=mysql \
  --disable-many-domains \
  --enable-auth-logging \
  --enable-sql-logging \
  --enable-valias \
  --disable-mysql-limits

/home/vpopmail/etc:
qmail]# ls -l ~vpopmail/etc/
total 16
-rw-r--r--  1 root root 25 Jun  8 19:47 inc_deps
-rw-r--r--  1 root root 81 Jun  8 19:47 lib_deps
-rw-r--r--  1 vpopmail vchkpw 1107 Jun  8 19:47 vlimits.default
-rw-r-  1 vpopmail vchkpw   43 Jun  8 19:43 vpopmail.mysql


/var/qmail/supervise/qmail-smtpd/run:
#!/bin/sh
QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl export QMAILQUEUE
VPOPMAILUID=`id -u vpopmail`
VPOPMAILGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD -o -z $LOCAL
]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
exec /usr/local/bin/softlimit -m 1700 \
/usr/local/bin/tcpserver \
  -H -l [[[my.host.name]]] \
-v -x /etc/tcp.smtp.cdb \
  -c 30 -R -u $VPOPMAILUID -g $VPOPMAILGID 0 smtp \
  /usr/local/bin/rblsmtpd -b -C \
 -r 'sbl-xbl.spamhaus.org:Your message was rejected ' \
  /var/qmail/bin/qmail-smtpd $LOCAL /home/vpopmail/bin/vchkpw \
  /usr/bin/true 21


mysql's vpopmail database table vlog contains:
| id | user  | passwd   | domain| logon   
   | remoteip | message   
 | timestamp  | error |
++---+--+---+-+--+-++---+
|  1 | daver | [EMAIL PROTECTED] | example.net |
[EMAIL PROTECTED] | MYIP | vchkpw-25: password fail (pass:
'[EMAIL PROTECTED]') [EMAIL PROTECTED]:MYIP | 1119024854 |  
  3 |
|  2 | daver | [EMAIL PROTECTED] | example.net |
[EMAIL PROTECTED] | MYIP | vchkpw-25: password fail (pass:
'[EMAIL PROTECTED]') [EMAIL PROTECTED]:MYIP | 1119025751 |  
  3 |


THIS IMPLIES that some element of the hostname and a timestamp(?) are
being forwarded instead of the submitted password??

I'm at a loss here, help appreciated!

BTW, all incoming SMTP delivery works to all accounts.  All POP3 pickup
and authentication works too.  Just SMTP-AUTH to send is broken.

Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?

[ISP Lists]

 You've got an old SMTP AUTH patch that sends the MD5 challenge and
 response in the wrong order.

 Use the patch from the contrib directory of vpopmail, and then remove
 the $LOCAL from your run file, as the newer SMTP AUTH patch does not
 use it.

 --
 Tom Collins  -  [EMAIL PROTECTED]
 QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
 You don't need a laptop to troubleshoot high-speed Internet:
 sniffter.com



Tom, thanks.  I didn't realize there had been a change in patches that
did this...  Wilco.

Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?

[ISP Lists]

 You've got an old SMTP AUTH patch that sends the MD5 challenge and
 response in the wrong order.

 Use the patch from the contrib directory of vpopmail, and then remove
 the $LOCAL from your run file, as the newer SMTP AUTH patch does not
 use it.

 --
 Tom Collins  -  [EMAIL PROTECTED]
 QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
 You don't need a laptop to troubleshoot high-speed Internet:
 sniffter.com



 Tom, thanks.  I didn't realize there had been a change in patches that
 did this...  Wilco.


Follow-up

Built as netqmail-1.05, patched SMTP-AUTH from vpopmail contrib, then
manually added Tonix' chkuser 2.0

Everything is VERY happy now.

Thanks for the help!
Dave.

Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?

[ISP Lists]

 On Jun 17, 2005, at 11:21 AM, ISP Lists wrote:
 Built as netqmail-1.05, patched SMTP-AUTH from vpopmail contrib, then
 manually added Tonix' chkuser 2.0

 Everything is VERY happy now.

 Did you remember to remove $LOCAL from your qmail-smtpd/run file?  If
 not, you can now auth with any username/password.

 --
 Tom Collins  -  [EMAIL PROTECTED]
 QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
 You don't need a laptop to troubleshoot high-speed Internet:
 sniffter.com


Yes, I did and I tried using nonsense/invalid combos to ensure that I
wasn't AUTH'ing the world.  Appreciate your concern!  Thanks again!

Re: [vchkpw] RBL setup

[ISP Lists]

 Hello,

 how to setup RBL cheking to my qmail-vpopmail instalation. How can I
 chack if my RBL check works.

 TNX




Hello,
Check the relevant section of this guide
http://www.pipeline.com.au/staff/mbowe/isp/webmail-server.htm

Re: [vchkpw] OT: Migration of Lotus Notes to Vpopmail

[ISP Lists]

Googling shall set ye free

http://www.google.com/search?hl=enq=convert+lotus+notes+to+mboxbtnG=Google+Search




 Hi list.

 I need migrate accounts and mailbox from Lotus Notes 5.0.1 to
 Qmail+Vpopmail. The accounts creation isn't problem, but my main problem
 is migrate the mailbox to maildir. The mailbox for one user, in Lotus, is
 into a file .nsf (database Lotus). I need convert 1062 mailbox to
 Maildir. Somebody know how convert this?

 If isn't possible convert directly the file nsf, I'm think use imap
 migration tool
 http://migrationtool.sourceforge.net/  but I never use this tool

 Somebody has some experience using tools like to fetchmail, migrationtool,
 or others?

 Any suggestion is been thankful

 Bye friends

 Juan Enciso Condeña
 Área de Operaciones
 Qnet
 Soluciones Tecnológicas
 Av. Paseo de la República 4675 - Lima 34
 Telf: (511) 241-4122 Anexo 2244
 Fax: (511) 446-8135
 www.qnet.com.pe

[vchkpw] Howto reject invalid recipients AFTER SMTPD receipt of msg?

[ISP Lists]

I want to reject incoming email to invalid users AFTER accepting the email
by SMTPd. Where can I insert a small bash script to check valid users
against VPOPMAIL MYSQL DB before allowing SPAMD, CLAMAV, qmail-inject,
etc. to run???

Vpopmail 5.4.5, Mysql 3.23.54.  Also, I'm aware of Tonix's patch to
prevent invalid users BEFORE SMTPD accepts mail.  Am considering it, but
want to understand options if I'm willing to take the bandwidth hit but
not provide hints to dictionary attackers.  Really hoping to put a small
script inline to SMTP processing.  THANKS!

My current /var/qmail/supervise/qmail-smtpd/run file reads thusly.

#!/bin/sh
QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl export QMAILQUEUE
VPOPMAILUID=`id -u vpopmail`
VPOPMAILGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`

if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD -o -z $LOCAL
]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi

exec /usr/local/bin/softlimit -m 1500 \
/usr/local/bin/tcpserver \
  -H -l server.example.com \
  -v -x /etc/tcp.smtp.cdb \
  -c 20 -R -u $VPOPMAILUID -g $VPOPMAILGID 0 smtp \
  /usr/local/bin/rblsmtpd -b -C \
  -r 'relays.ordb.org: denied' \
  -r 'sbl-xbl.spamhaus.org: denied' \
  /var/qmail/bin/qmail-smtpd $LOCAL \
  /home/vpopmail/bin/vchkpw /usr/bin/true 21

[vchkpw] Re: Howto reject invalid recipients AFTER SMTPD receipt of msg?

[ISP Lists]

 On Jan 11, 2005, at 6:07 AM, ISP Lists wrote:
 I want to reject incoming email to invalid users AFTER accepting the
 email
 by SMTPd. Where can I insert a small bash script to check valid users
 against VPOPMAIL MYSQL DB before allowing SPAMD, CLAMAV, qmail-inject,
 etc. to run???

 Vpopmail 5.4.5, Mysql 3.23.54.  Also, I'm aware of Tonix's patch to
 prevent invalid users BEFORE SMTPD accepts mail.  Am considering it,
 but
 want to understand options if I'm willing to take the bandwidth hit but
 not provide hints to dictionary attackers.  Really hoping to put a
 small
 script inline to SMTP processing.  THANKS!

 My current /var/qmail/supervise/qmail-smtpd/run file reads thusly.

 #!/bin/sh
 QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl export QMAILQUEUE

 You can incorporate it into qmail-scanner-queue.pl.  If the qmail-queue
 program exits with the proper exit code, qmail-smtpd will reject the
 message.

 You can run vuserinfo and check the exit code to determine if an
 account is valid or not.  You'll need to check the catchall setting
 (unless catchall is bounce/delete, all addresses are valid).  You'll
 have to add some additional code though to check for mailing list,
 autoresponder and alias/forward accounts.  We have bounced around the
 idea of writing a simple vpopmail program that checks to see if an
 account is valid or not (taking into consideration the catchall
 setting).

 Another option would be to modify Tonix's patch to do the checking
 after receiving the message.  I have no idea how hard that would be
 though.

 On possible problem with this setup is that if I legitimately email two
 people at your company and one address is invalid, the entire message
 bounces and I don't know which address was wrong.

 --
 Tom Collins  -  [EMAIL PROTECTED]
 QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
 Info on the Sniffter hand-held Network Tester: http://sniffter.com/



Tom, thanks for your well considered message.  Your last point is probably
the most troubling to any scenario that rejects by name.  I haven't taken
a serious look yet into the docs/code from Tonino to see its behavior in
such a case.

I, for one, would like to see some additional movement in vpopmail to
expand control of smtpd - if not replace it as LinuxMagic have done. 
That's a bit far-reaching, so perhaps your thought of extending some
service for checking valid IDs is useful.  I, for one, do NOT run with a
catchall, BTW

[vchkpw] fetchmail and maildrop to a vpopmail account

[ISP Lists]

I'm struggling finding a howto on a particular issue:

I have a webmail/pop3 account, no IMAP.  I do not run that server and only
have user privs on the email account.  I want to do a ONE-TIME conversion
to pull the 400+ messages from this account using fetchmail (or whatever
you recommend) for delivery to my vpopmail user account.

I run the destination server, it runs vpopmail/courier/mysql, and has a
domain with the particular ./Maildir account that I want to deliver the
mail into.

I was going to use fetchmail - maildrop - ./Maildir

I was doing okay pulling together information to accomplish this until I
realized that I didn't have a local account for maildrop since the
destination account is a virtual user in vpopmail
(/home/vpopmail/domains/example.com/username/Maildir)

Does anybody have some guidance on where I should go to cook up a solution?
All help appreciated!  Thanks, Dave.

Re: [vchkpw] fetchmail and maildrop to a vpopmail account

[ISP Lists]

 On Tue, 2004-09-28 at 10:06, ISP Lists wrote:
 I'm struggling finding a howto on a particular issue:

 I have a webmail/pop3 account, no IMAP.  I do not run that server and
 only
 have user privs on the email account.  I want to do a ONE-TIME
 conversion
 to pull the 400+ messages from this account using fetchmail (or whatever
 you recommend) for delivery to my vpopmail user account.

 I run the destination server, it runs vpopmail/courier/mysql, and has a
 domain with the particular ./Maildir account that I want to deliver the
 mail into.

 I was going to use fetchmail - maildrop - ./Maildir

 I was doing okay pulling together information to accomplish this until I
 realized that I didn't have a local account for maildrop since the
 destination account is a virtual user in vpopmail
 (/home/vpopmail/domains/example.com/username/Maildir)

 Does anybody have some guidance on where I should go to cook up a
 solution?
 All help appreciated!  Thanks, Dave.

 You're fine just using Fetchmail - after that, IMHO, you're
 overcomplicating it with maildrop :)

 I do fetchmail like so:
 /usr/local/bin/fetchmail -s -f /home/root/fetchmail/fetchmail2.rc

 where fetcmail2.rc contains:
 poll mail.com.com proto POP3 user username pass password smtpname
 [EMAIL PROTECTED] fetchall

 Basically grab anything from the remote user's mailbox and redirect it via
 smtp
 to '[EMAIL PROTECTED]'.   Then your SMTP setup takes care of the
 delivery as if all those
 emails came in to your localuser originally.

 Rick



Shucks, that was too easy.  Worked great!  Thanks Rick!

[vchkpw] SMTP-AUTH fails, POP3 auth works. Mysql, Linux

[ISP Lists]

I've built vpopmail 5.4.5 with mysql 3.23.57-ish on Debian potato. I've
enabled roaming users and have included the SMTP-AUTH patch.  Courier,
vpopmail, qmail, and everything else compiled fine (I did not use Debian
packages).

POP3 works fine.  Spam filtering works fine.  Squirrelmail fine.  
Squirrelmail sends via 127.0.0.1 SMTP fine via
/home/vpopmail/etc/tcp.smtp.  SMTP-AUTH fails on password look ups and
therefore roaming users cannot send email.

ERROR LOG:
Aug  7 06:58:21 puffer vpopmail[28939]: vchkpw-smtp: password fail [email
protected]:[ip protected]

vpopmail was compiled like this:
./configure --enable-roaming-users=y --enable-logging=y
--enable-ip-alias-domains=y --enable-auth-module=mysql
--enable-clear-passwd=n --enable-libdir=/usr/include/mysql/
--enable-tcpserver-path=/home/vpopmail/etc/
--enable-tcpserver-file=/home/vpopmail/etc/tcp.smtp --enable-qmail-ext
--enable-logging=e --enable-tcprules-prog=/usr/local/bin/tcprules
--enable-rebuild-tcpserver-file

My qmail-smtp/run file reads:
#!/bin/sh
QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl export QMAILQUEUE
VPOPMAILUID=`id -u vpopmail`
VPOPMAILGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD -o -z $LOCAL ];
then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
exec /usr/local/bin/softlimit -m 1500 \
/usr/local/bin/tcpserver \
-H -l [server hostname protected] \
-v -x /etc/tcp.smtp.cdb \
-c 20 -R -u $VPOPMAILUID -g $VPOPMAILGID 0 smtp \
  /usr/local/bin/rblsmtpd -b -C \
-r 'relays.ordb.org:Your message was rejected. \
-r 'sbl-xbl.spamhaus.org:Your message was rejected \
  /var/qmail/bin/qmail-smtpd $LOCAL /home/vpopmail/bin/vchkpw \
  /usr/bin/true 21


/home/vpopmail/bin/vchkpw is owned by vpopmail.vchkpw

/usr/local/courier-imap/etc/imapd bears the line
AUTHMODULES=authdaemon

How do I go further debug this?
Thanks.
D.

Re: [vchkpw] SMTP-AUTH fails, POP3 auth works. Mysql, Linux

[ISP Lists]

 I've built vpopmail 5.4.5 with mysql 3.23.57-ish on Debian potato. I've
 enabled roaming users and have included the SMTP-AUTH patch.  Courier,
 vpopmail, qmail, and everything else compiled fine (I did not use Debian
 packages).

 POP3 works fine.  Spam filtering works fine.  Squirrelmail fine.
 Squirrelmail sends via 127.0.0.1 SMTP fine via
 /home/vpopmail/etc/tcp.smtp.  SMTP-AUTH fails on password look ups and
 therefore roaming users cannot send email.

[SNIP]

OK, I've found that it was a client software error where CRAM-MD5 login is
advertised first.  Pegasus mail wouldn't keep trying to get to plain
LOGIN, but The BAT! would fail back from CRAM-MD5 to plain LOGIN and
roaming SMTP relay works fine.

Sorry for the initial concern, but I'd like to remove CRAM-MD5 from the
advertised capabilities to avoid this kind of confusion with users.

Any help there?!
Sorry, but thanks so far!

[vchkpw] only allow SMTP from SMTP-AUTH relays

[isp]

Is there a vpopmail mechanism to only permit SMTP connections inbound for
those IPs that appear in the current relays table?  I realize that this
means that SMTPd probably needs to talk to the MYSQL db with the relay
table (my implementation), but I'm curious if this is doable.  VPOPMAIL
5.2.1, RH Linux 7.3, qmail 1.03

[vchkpw] vdelivermail bounce-no-mailbox. Can I drop?

[isp]

The standard implementation of the ~.qmail-default for a vpopmail domain
is to use the string

| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox

I don't care about handling bounces for typo'd addresses and I want to
/dev/null them.

does vdelivermail mail have a drop-no-mailbox option?

Re: [vchkpw] Re: vdelivermail bounce-no-mailbox. Can I drop?

[isp]

 Hello List,

 On Monday, May 10, 2004 at 2:20:31 PM [EMAIL PROTECTED] wrote (at least
 in part):

 I don't care about handling bounces for typo'd addresses and I want to
 /dev/null them.

 does vdelivermail mail have a drop-no-mailbox option?

 Yes:

 ,- [ vpopmail FAQ ]
 | 32. I don't want to bounce emails for non existent users. Instead I want
 | to delete them, how?
 |
 |The last parameter in the .qmail-default file tells vdelivermail
 |what to do with non-matching emails. The default is to bounce
 |the email back to the sender. But you can also delete it instead.
 |
 |update your .qmail-default file  from something like this:
 || /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox
 |
 |to something like this:
 || /home/vpopmail/bin/vdelivermail '' delete
 `-

 Reading s***s, I know.
 --
 Best regards
 Peter Palmreuther

 If at first you don't succeed, skydiving is not for you.



stupid me, here I was reading the manual for the thing and never got that
answer.
http://www.inter7.com/vpopmail/doc/vdelivermail.html
Thanks Pit!

Re: [vchkpw] dial-up authorization with vpopmail

[isp]

How about a cron'd script to extract from your MySQL/LDAP to populate
FreeRadius's user tables?


 Is there anyone using vpopmail as backend for a dial-up authorization
 system?

 Any tip/suggestion on which could be the easiest way to configure a RAS
 server asking to a vpopmail backend?

 I'm evaluating freeradius, thinking to let it use the vpopmail MySQL
 tables, but I'ld like not to be tied to MySQL, as I'll probably migrate to
 LDAP; so I'm wondering if anyone has ever developed some custom code for
 vpopmail.

 Thanks for any suggestion.

 Tonino


 
  [EMAIL PROTECTED]Interazioni di Antonio Nati
 http://www.interazioni.it  [EMAIL PROTECTED]
 

[vchkpw] Maintaining vlog in mysql

[isp]

I noticed that my vlog table+index in vpopmail with MySQL enabled is up to
around 30MB.

Is there a maintenance procedure to cull records from this table?  I can
just start deleting oldest records, BUT..

D.

[vchkpw] Losing messages into a new folder

[isp]

Linux: vpopmail 5.2.1, courier 1.7, qmail 1.03, squirrelmail 1.4.1.

When a user through squirrelmail creates a new folder, all appears well. 
Then, user moves two or more messages to the folder and the messages are
deleted, as in lost.

I don't see anything wrong in vpopmail with the folder permissions or
name.  Does not affect all new folder.  Does not always affect all
messages.  Fewer messages lost when moving only one, but happens with just
one msg too.

Has anyone else ever seen this problem?  HELP pls.

Re: [vchkpw] Losing messages into a new folder

[isp]

I am trying those lists, Tom.  However, I was asking here because many of
us are running the same combination of apps.  I was hoping to find some
common ground.
Apologies if I've miffed anybody.
D.

 On Thursday, December 18, 2003, at 10:05  AM, [EMAIL PROTECTED] wrote:
 When a user through squirrelmail creates a new folder, all appears
 well.
 Then, user moves two or more messages to the folder and the messages
 are
 deleted, as in lost.

 I don't see anything wrong in vpopmail with the folder permissions or
 name.  Does not affect all new folder.  Does not always affect all
 messages.  Fewer messages lost when moving only one, but happens with
 just
 one msg too.

 Maybe you should try the SquirrelMail list, or the IMAP server you're
 using.  I don't see how vpopmail is involved here.

 --
 Tom Collins  -  [EMAIL PROTECTED]
 QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
 Info on the Sniffter hand-held Network Tester: http://sniffter.com/

Re: [vchkpw] qpsmtpd

[isp]

Henry, I too just started looking into it.. was the idea from this list??
Anyhow, what concerns me is the perl overhead for qpsmtpd, but I'm
probably paying for that overhead by using SpamAssassin...  There is a
link for something that virtualizes a perl processor session to make the
thing run like a daemon to avoid startup and memory grabbing issues; I
believe the link appears on the develooper listing for qpsmtpd.

Why change?  I wanted a nice, friendly way to introduce username checking
since the two patches out there for username checking in qmail-smtpd are
conflicting with other patches I run or don't like the mysql backend

I'd love to see anyone give a testamonial or some usage data about running
qpsmtpd.  (Sorry DJB)

D.




 Hi everyone,

 I just heard about qpsmtpd (http://develooper.com/code/qpsmtpd/) which is
 a
 qmail-smtpd replacement.  It supports plugins that lets you control its
 behavior, such as checking RBL lists, integrate SpamAssassin, etc.  Yes,
 the
 current qmail-smtpd can do all that but sometimes that requires patching
 the
 source and I'm not a fan of having to mess around with source codes.

 Has anyone tried using qpsmtpd on their vpopmail installation?

 -Henry Ho

Re: [vchkpw] from vpopmail5.2.1 to 5.3.29

[isp]

I am also interested in this roadmap..

 Hi to all,
 i have to convert vpopmail pop3 accounts done with 5.2.1 vpopmail and
 mysql to 5.3.29 and mysql. I noticed that the database structure is
 different. Is there anything to convert the domains all together ?

 thanks in advance

 Shape

[vchkpw] my vpopmail is a bad sender to ezmlm lists

[isp]

I run vpopmail 5.2.1 without any troubles...
When I try to (un-)subscribe to ezmlm-based mailing lists, I am given the
string to send to (example)

[EMAIL PROTECTED]

When I send this message to confirm my action request, it appears that my
SMTP outbound is parsing this by breaking the email address into two
parts.  It breaks at the equal sign and send two messages to:

1) [EMAIL PROTECTED]
2) magicmail-us-isp   without a domain which is parsed as a local
domain user.

This happens to every ezmlm list I work with now and has become a gross pain.

I am running a system mostly built from Michael Bowe's glorious work...
http://www.pipeline.com.au/staff/mbowe/isp/webmail-server.htm

Help!?

Re: [vchkpw] Re: my vpopmail is a bad sender to ezmlm lists

[isp]

My MTA is SquirrelMail 1.4.1, which I hadn't contemplated as being the
culprit.  I'll fire up Mozilla IMAP/POP3 client and see if I can shake the
matter loose.  If it's Squirrel I'll ask them about about it.

Thanks Pit!
Dave.

 Hello List,

 On Saturday, November 1, 2003 at 12:00:11 AM [EMAIL PROTECTED] wrote (at
 least in part):

 I run vpopmail 5.2.1 without any troubles...
 When I try to (un-)subscribe to ezmlm-based mailing lists, I am given
 the
 string to send to (example)

 [EMAIL PROTECTED]

 When I send this message to confirm my action request, it appears that
 my
 SMTP outbound is parsing this by breaking the email address into two
 parts.  It breaks at the equal sign and send two messages to:

 1) [EMAIL PROTECTED]
 2) magicmail-us-isp   without a domain which is parsed as a
 local
 domain user.

 This happens to every ezmlm list I work with now and has become a gross
 pain.

 Might it be you're trying to send this confirmation with Outlook? I
 ran into this trouble once and knew another reason why someone does
 not want to use Lookout. It seems to try to make sense of '=de' as a
 QP string, instead of simply using as is.

 I am running a system mostly built from Michael Bowe's glorious work...
 http://www.pipeline.com.au/staff/mbowe/isp/webmail-server.htm

 I'm quite sure neither vpopmail, not qmail nor any other part of the
 MTA and MDA is breaking things up here. Very sure. Check your MUA ...
 --
 Best regards
 Peter Palmreuther

 'Twas Brillig, and the slithey toves did gyre and gimble in the wabe;
 all mimsy were the borogoves, and the mome raths outgrabe.

Re: [vchkpw] Re: Inserting new users via mysql-insert into the vpopmail database

[isp]

You can do with with Perl's system or exec calls, and I'm sure that
PHP has equivalent calls as well.   Just call the binary from your script.
 Why not use the product as its architected?  Sheez!


 Hello Paul, hello all,

 Paul: The reason why I do NOT want vadduser or any commandline tool is
 that I want to write a perl script which automatize user generation.

 Cool would would be If one could run:
 vadduser $variable_password
 or something like this in
 Perl or PHP code!

  Regs,

 Oliver Etzel
 Oliver Etzel - GoodnGo.COM \(R\) writes:

  I want to create new users like [EMAIL PROTECTED] NOT with vadduser
   BUT with just inserting it via mysql-insert into the vpopmail
  database.

 OK, you have now explained what you want to use instead.  Somebody
 else
 pointed out that the maildir will be created automatically by
 vdelivermail
 if the user exists (I hadn't realized it did that until I read that
 message and looked at the code just now) so you can get away with
 doing
 that.  What you have yet to explain is any valid or sensible reason
 WHY
 you want to do this.

  Any hints,
  how I can generate the encrypted password in the column pw_passwd
  (looks like this $1$S/TPu$GjMMj7yMJqG.0ckx) ???

 Not without breaking out of MySQL and returning to the shell.  The
 hard way is to get a shell prompt, use passwd to set the password of
 a
 dummy system user then copy the crypted password into the MySQL
 command.
 The harder way is to write a perl script that generates some good
 random
 salt, calls crypt to crypt the password then uses the DBD modules to
 insert the user into MySQL.  An easy way to do it is to add the
 user with MySQL giving garbage for the crypted password then use
 vmoduser
 to set a valid crypted password.  The very easy way to do it is to
 run
 vadduser.

 You CANNOT do it all from MySQL.  You CAN do it all with vadduser.
 What
 is more, I can see no reason why you would want to add a user but
 NOT
 have the maildir created at the same time, which is all you could
 achieve
 if you could do it all from MySQL  If you have some automation tool
 that can only cope with adding MySQL rows then you'll still have to
 modify it to shell out to generate the crypted password, so you
 might
 as well modify it to shell out and run vadduser anyway.  If you want
 domain admins to be able to add users this way because they cannot
 run
 vadduser you'll still have to write code that validates they can
 only
 modify their own domains, so you'd be far better off installing
 something
 like qmailadmin on your server.

 --
 Paul Allen
 Softflare Support

Re: [vchkpw] Re: Tom's fork of vpopmail (and qmailadmin)

[isp]

Please end this thread.  Enough has been said.

Re: [vchkpw] 5.3.26 error with chkusr patch + mysql

[isp]

Just thinking out loud.

The approach of tarpitting is to slow down the attacker without impacting
your network or requiring additional resources on your end to deal with
the cracker.  I *think* it does this by analyzing the volume of incoming
SMTP requests from the same host.

The approach of chkuser is to reduce the amount of incoming messages by
denying unknown recipients before the message Data is transmitted.

I would hate to see an expanded chkuser that requires extensive database
activity to log/monitor/tarpit the username requests.  That's throwing
more resources at a problem

I think its entirely appropriate to respond VERY slowly to an unknown
username request.  HOWEVER, if I suddenly have a shortage of SMTPD daemons
because they are left open to service the chkuser tarpit, and that hurts
my email service quality, then I haven't gained anything.  I would rather
be fast at dumping chkuser denials and let them guess.

I guess if there was a child daemon that could handle ALL of the chkuser
tarpits (instead of keeping an SMTPD open) then we might have something
really great.

Sorry if I'm being too utopian, or too vague.  Just trying to contribute.
D.




 I thought of this initially, but then I forgot because of the general gain
 this patch gives.

 We could introduce a delay for each not existing user, or a limit for the
 maximum number of rcpt to. But for a massive hacker, that could not be a
 problem.

 I'm thinking of a more sophisticated code, but I surely would need of a
 database where to record every attempt.

 Let me know general opinions,

 Tonino

 At 01/09/03 01/09/03 -0700, Brad Dameron wrote:
Speaking of this patch. I think there is a potential of people being able
to harvest e-mail accounts using a dictionary, etc. They can connect up
and just validate e-mail addresses with this patch to determine if they
are valid or not. This could be a spammers dream come true. I have seen
this occur on sendmail servers.

Brad
- Original Message -
From: mailto:[EMAIL PROTECTED]Shane Chrisp

Tonino,

  Thanks for the reply. That has fixed the problem. Compiles now, and it
 works still with
the mysql backend.

cheers

Shane



 
  [EMAIL PROTECTED]Interazioni di Antonio Nati
 http://www.interazioni.it  [EMAIL PROTECTED]
 

Re: [vchkpw] Re: Webmail question

[isp]

Has anyone considered the Alternative PHP Cache
http://apc.communityconnect.com/
??
It's the PHP accelerator that is compiled in when you use the Apache
Toolbox kit
http://www.apachetoolbox.com

Just curious why you guys use the one you do?

 I have also been using that software on my server for a while now

 It seems to work very well

 Michael

 - Original Message -
 From: Paul Theodoropoulos [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Monday, August 25, 2003 2:14 AM
 Subject: Re: [vchkpw] Re: Webmail question



   i *am* using a software PHP accelerator, and there's no good reason
 for
  anyone to run squirrelmail without one - it dramatically reduces CPU
 demand.

 for those who may be interested, and also unaware of it, there is a
 freeware php accelerator out there. it works great, and i highly
 recommend
 it. figured this was an appropriate followup to my own post.

 http://www.php-accelerator.co.uk/




 Paul Theodoropoulos
 http://www.anastrophe.com

[vchkpw] which vpopmail to upgrade from 5.2.1

[isp]

I'm getting increasingly worried about my install running vpopmail v5.2.1.
 Don't want to get too far behind the times. :-)

Michael Bowe's guide
http://www.pipeline.com.au/staff/mbowe/isp/webmail-server.htm
now advocates v 5.3.24, which I guess seems ok given how the recent bug
reports have shaken out.

HOWEVER, what do I need to know about the upgrade itself on a running
system of vpopmail, qmail, courier 1.7, squirrel 1.4.1 ??  I'm into the
MySQL functions for vpopmail AND Squirrelmail settings and addressbook.

I don't use qmailadmin now (haven't had a need to yet) so I suspect I'll
build that new once I upgrade.  One less thing to worry about when
upgrading.

Any tips, warnings, howtos?
Thx. D.

Re: [vchkpw] Losing messages when I move them?

[isp]

Tim, MrSam, Michael Bowe - (Sorry for top-posting;)

I do enable IMAP_Emptytrash... but here's what's confusing.
This server has been running this exact configuration since January.  Only
in the last month have I noticed the dropped/lost messages.  In that
month's time, the only change to the configuration was a move from
Squirrelmail v1.40RC1 to v1.4.1 (my stated version was in error on
original post).

Since Squirrel can or does use its own IMAP engine (I am using Squirrel's
IMAP routines), I'm starting to wonder if Squirrel is writing messages
when they are touched that names/renames the message file to become
confusing for Courier IMAP when it's time to try moving the file to
another folder.

I don't understand the IMAP file naming system, so this is a complete W.A.G.

In a previous post, Michael Bowe noted that PHP 4.3.x has caused some
problems after an IMAP mod he proposed.  I am using *most* of his
excellent configuration - including his proposed IMAP mod.

However, since I'm losing messages when using Mozilla's IMAP client as
well, I'm inclined to guess that 1) either Squirrel/PHP are mistouching
the file/filename, or 2) Michael's IMAP mod is the problem.  Tim, your
microtime issue is another contender, of course, but I'm confused why it
hasn't reared its head until recently.

Any takers on this line of thought?  Sorry about the long post.
THANKS, BTW, for the contributions so far.
Dave.



 Quoting Dave Richardson - Lists [EMAIL PROTECTED]:

1058557796.M109269P14433V0302I0053812F_8.penguin.example.com,S=143
 6:2,S
1058557805.M99846P14433V0302I00538130_11.penguin.example.com,S=202
 3:2,RS

 [..snip..]

 1059675921.19351.penguin.example.com,S=163777:2,S
 1059689347.25043.penguin.example.com,S=2461:2,S


 Ok, the above says it all (from your last 2 or 3 emails)

 You also mentioned you are using Couirer-imap 1.7 which I believe is buggy
 or
 not backwards compatible!!
 If you look in Courier-imap's changelog, for version 1.7.0 (changes made
 by Mr
 Sam on 2003-01-14), you will see:
 * maildir/maildircreateh.c (maildir_try_create_hostname): Include
   microseconds in message filename.

 When I migrated one of my servers from a courier-imap 1.6.2 to a
 courier-imap
 1.7.0, I had the SAME problem that you are currently having. I think the
 problem manifests itself only in older messages with the older style names
 (I
 could be wrong). Does that problem happen only when you have
 IMAP_EMPTYTRASH
 enabled?

 Anyways, stick with 1.6.1 till Mr Sam, me, or someone else figures out a
 fix.
 Perhaps Mr. Sam could shed more light on the subject. I hope he didn't
 mind me
 cc'ing him on this, since I wanted to ask him anyhow.

 Best Regards,
 Tim