[vchkpw] qmail-tap functionality
Hi, If I am posting to the wrong list, please let me know. The doc for qmail-tap reads to post questions to the vpopmail list, the vpopmail doc reads to post questions to this list, so here I am! We recently did a test of qmail-tap, and there was some of unexpected behavior. Some of it was corrected with changing the taps file, but some it would appear to require a code change. For example, the doc for the taps control file reads: To tap an individual email address and send a copy to [EMAIL PROTECTED] add a line like: [EMAIL PROTECTED]:[EMAIL PROTECTED] That is actually a bad example, because it will result in multiple matches. The user we tested was '[EMAIL PROTECTED]'. That tap line then matched '[EMAIL PROTECTED]', '[EMAIL PROTECTED]', etc. Since it's a regex match, it matched *all* addresses ending in '[EMAIL PROTECTED]'. The example should use [EMAIL PROTECTED]:[EMAIL PROTECTED]. The ^ means starts with, and will enforce only exact matches. That was easy enough, but another problem we encountered I just don't know. Using again the example of the '[EMAIL PROTECTED]' user, when she would send an e-mail to multiple recipients on the 'To' line, or a mix of 'To', 'Cc' and 'BCc' lines, the qmail-tap patch would generate one tapped copy for every recipient. That presents no problem from the legal standpoint, but from a more practical disk space usage standpoint, it is a big waste of space. Also, qmail-tap matches both on the 'From' and the 'To', so yet another copy is generated. Thanks, Ted
[vchkpw] Forwarding spec. users w/o local domain
Hi, Our system: netqmail-1.05 on RHEL4. I have a 'gateway' qmail system. It delivers nothing locally, and just does some filtering and logging before passing all messages through. locals contains only LOCALHOST, and there are no virtual domains. smtproutes contains the line macalester.edu:141.140.1.31:26, and rcpthosts contains macalester.edu. I'd like to do something I would think is very simple and possible, but I am stuck. I would like to setup some user forwards on this system. For example, if a message comes in for [EMAIL PROTECTED] I would like to be able to set a forward for that address to [EMAIL PROTECTED] or wherever. I would like to have a file with entries like: [EMAIL PROTECTED]:[EMAIL PROTECTED] [EMAIL PROTECTED]:[EMAIL PROTECTED] ...and so on... Of course I don't care about the syntax, but you get the idea. All other addresses would just follow the rule in smtproutes. Here's the line of thinking I've been following and the conclusions I've come to. 1. Since no mail is delivered locally, creating local user qmail accounts with .qmail files has no effect. 2. The moresmtproutes patch is not applicable here because it is for forwarding a given address to a specific destination host, not a specific destination address. 3. Since no mail is delivered locally, the ~alias/.qmail-default file isn't processed either. I had tried populating that file wth the line | /var/qmail/bin/fastforward -d /etc/aliases.cdb, created an aliases file, installed fastforward, etc., but it just doesn't get used. A user on the qmail mailing list suggested using qmailtap. I think it would almost do what I need, so I thought it was worth posting the question to this list too. qmailtap sends a copy to a specific address, however it would still allow qmail to attempt delivery of the original message, which would result in a failure notice for the sender. The end result would be that the user would receive a forwarded copy of the message, but the sender would think it didn't work. Does anyone have any ideas on how to accomplish this goal, using qmailtap or something else? Thanks in advance, Ted
Re: [vchkpw] creating maildir on the fly
On Sun, Apr 25, 2004 at 10:59:58AM +0300, Tech Info wrote: I have a qmail/vpopmail/mysql set-up running on Redhat 8, I would like to know how I can opt for 'creating user mailbox on the fly' option? Is there anyone who can help me out in this? It's doable and I've even patched vpopmail to do it (from only an entry in the vpopmail table)... however. pop3d will fail if the customer tries to login to the nonexisting directory, and courier-imap access will similarly fail. The gain of maybe saving a few inodes (no disk blocks need be sacrificed yet) isn't worth the tech support overhead. Use a filesystem like Reiserfs (on linux) and you don't have to care about the inodes anyhow. -- Ted Deppner http://www.deppner.us/
Re: [vchkpw] qmail-scanner replacement
On Thu, Feb 05, 2004 at 02:54:09AM -0600, Jeremy Kitchen wrote: On Wed, 2004-02-04 at 23:48, Ted Deppner wrote: On Wed, Feb 04, 2004 at 10:29:58AM -0700, Tom Collins wrote: message). I am curious about qmail-qfilter though... It doesn't appear to allow filtering on envelope information. Didn't dig too far, but didn't see any examples of it, and the examples shown didn't appear to have any hooks. envelope information? see badmailfrom, and also there are several patches which allow you to filter on recipient information. badmailfrom doesn't allow for regex matches (I know there are patches, but stock it doesn't allow it). KLEZ was easily identified because of a null appended to the mail from: line... it's that sort of operation on envelope information handling that doesn't appear to be present in qmail-qfilter. -- Ted Deppner http://www.deppner.us/
Re: [vchkpw] qmail-scanner replacement
On Wed, Feb 04, 2004 at 10:29:58AM -0700, Tom Collins wrote: message). I am curious about qmail-qfilter though... It doesn't appear to allow filtering on envelope information. Didn't dig too far, but didn't see any examples of it, and the examples shown didn't appear to have any hooks. KLEZ was easily handled by simple envelope checks. -- Ted Deppner http://www.deppner.us/
Re: [vchkpw] load balance suggestions
On Wed, Feb 04, 2004 at 10:44:36AM -0800, Joe Boyce wrote: RM Hello guys I would like what would you suggest for load balance with RM vpopmail and mysql any suggestions on how to set it up? I would also like RM to have Round robin with DNS etc.. We are using Linux Virtual Server to accomplish this: LVS is getting much easier to setup and maintain, but a simple round robin dns system is also quite easy to put together for a perl coder[1]. None of the mail servers need any sort of LVS magic, and nothing about mail is really CPU bound (other than AV), and mail systems nicely distribute themselves when given the opportunity to. [1] we use mon, a custom alert script, and djbdns' tinydns. Very lightweight and failover is seconds. -- Ted Deppner http://www.deppner.us/
[vchkpw] imap before smtp
I've got a LWQ-style qmail configuration, plus vpopmail 5.3.27 and courier-imap-2.1.1.20030902. I have roaming users enabled (as well as qmail-ext), and POP3 before SMTP works perfectly (using qmail-pop3d). IMAP also seems to work just fine, but it does not update open-smtp. My workaround of creating a separate POP account to POP in without retrieving msgs allows me to send via IMAP, but is obviously not an ideal solution. (I'm using Thunderbird .2). I've installed courier-imap numerous times (with different releases up to 20030902), both with authdaemon enabled as well as disabled. In both cases, the results are the same (meaning that I can read mail but not relay). Perhaps my understanding is wrong, but I was under the impression that since these are virtual domains I'm having trouble with (all my domains are virtual), the fact that I am able to read mail at all under IMAP would indicate that vchkpw is being called from courier-imap. Since qmail-pop3d invokes vchkpw and works, I'm puzzled. I'm afraid I don't know where to look log-wise. thanks for any hints. -ted
Re: [vchkpw] imap before smtp
Charles, Bill, Ken, thanks for the quick responses. Indeed Bill's suggestion doesn't do the trick for my configuration. Charles, I'd make your suggested change, but am concerned about Ken's further input on the topic. I don't suppose an older version of Courier-IMAP is the answer? -ted Ken Jones wrote: The preauthvchkpw.c module needs to be modified. The problem is, when a user attempts to authenticate, if their user name exists on the system then it will open up relay. However, at that point in the code the user has not been authenticated. I attempted to fix this before but became confused on which function is called from what file. It's a bit obtuse for me. an quick hack could be to verify the password at that point, then open up relay on a valid password. The real fix would be to trace the fucntions and open up relay after password verification. Perhaps someone could figure it out. Ken Jones On Thursday 11 September 2003 2:35 pm, Charles Sprickman wrote: This is a good FAQ item, for when we have a FAQ. Mr. Sam has disabled the imap-before-smtp function in the authvchkpw code. I've looked at the courier archives, and there's no explanation from him as to what the problem is... Just lots of questions. :) Bill's suggestion might not work, as he #undefs the value. In your courier source dir, go into the authlib dir and open preauthvchkpw.c for editing. Look for a line like this: #undef HAVE_OPEN_SMTP_RELAY Go ahead and change that #undef to #define and it will work properly. I can't comment on what the security concerns are, because I don't know what they are. It does work however. Charles On Thu, 11 Sep 2003, ted wrote: I've got a LWQ-style qmail configuration, plus vpopmail 5.3.27 and courier-imap-2.1.1.20030902. I have roaming users enabled (as well as qmail-ext), and POP3 before SMTP works perfectly (using qmail-pop3d). IMAP also seems to work just fine, but it does not update open-smtp. My workaround of creating a separate POP account to POP in without retrieving msgs allows me to send via IMAP, but is obviously not an ideal solution. (I'm using Thunderbird .2). I've installed courier-imap numerous times (with different releases up to 20030902), both with authdaemon enabled as well as disabled. In both cases, the results are the same (meaning that I can read mail but not relay). Perhaps my understanding is wrong, but I was under the impression that since these are virtual domains I'm having trouble with (all my domains are virtual), the fact that I am able to read mail at all under IMAP would indicate that vchkpw is being called from courier-imap. Since qmail-pop3d invokes vchkpw and works, I'm puzzled. I'm afraid I don't know where to look log-wise. thanks for any hints. -ted
Re: [vchkpw] Hard disk replacement
On Thu, Dec 05, 2002 at 10:07:41AM -0600, Nick Lomonte wrote: What I am planning on doing is stopping qmail, mounting the new drive, and doing the following: cd /home cp -a * /newdrive Does anyone see a problem with this? Is there something I'm overlooking that would cause this to not work? Some versions of cp don't properly chown ownership on symlinks. Some versions of cp only do utime and chmod updates after entire subdir hierarchies are finished copying. Most versions of cp will leave partially copied files around if interrupted by ctrl-c. If you have gigs of data and millions of files, cp may take too long to run for your allotted window. If you can be assured that cp will run to completion in a relatively short period of time, you should be okay... but if any of the above concerns are real to you, then I'd suggest using rsync. rsync typically cannot easily handled millions of files (it does a full scan before doing any work, building a list in memory), therefore you may need to rsync domain by domain or even mailbox by mailbox for domains with thousands of mailboxes. This is usually easily managed with a list of your email boxes and little scripting. rsync has the advantage that you can spend 8 hours doing the initial copy, but then sync up the source and destination in minutes, thus allowing a short migration window, and you can know beforehand that your new disk has the data on it (and your inode counts and block sizes were chosen wisely). I've migrated 14gig of data off of NT and onto unix with only about 2 minutes of downtime using this method. -- Ted Deppner http://www.psyber.com/~ted/
Re: [vchkpw] Rcpthosts - Newbie Question :-/
On Fri, Oct 25, 2002 at 01:50:20PM +0200, Zeno Davatz wrote: I just set up qmail with the Debian packages from Gerrit Pape. I also compiled vpopmail from source. This question was already asked and answered on the qmail list... and it's not a question that belongs on a vpopmail/vchkpw list. -- Ted Deppner http://www.psyber.com/~ted/