Re: [vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
On Wed, November 24, 2004 9:32 pm, Casey Allen Shobe said: Upon restarting services, I've found that bincimap authenticates okay, and qmail-send delivers mail... However qmail-smtpd cannot authenticate And neither qmailadmin. So imap and mail delivery work, but qmailadmin and smtp auth don't. What gives? -- Casey Allen Shobe [EMAIL PROTECTED]
Re: [vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
On Nov 25, 2004, at 5:06 AM, Casey Allen Shobe wrote: On Wed, November 24, 2004 9:32 pm, Casey Allen Shobe said: Upon restarting services, I've found that bincimap authenticates okay, and qmail-send delivers mail... However qmail-smtpd cannot authenticate And neither qmailadmin. So imap and mail delivery work, but qmailadmin and smtp auth don't. What gives? What are the permissions on qmailadmin? -rwsr-sr-x1 vpopmail vchkpw 438385 Aug 26 09:53 qmailadmin And what does your qmail-smtpd run file look like? Did you fix the UID/GID in the /etc/passwd file? Are you sure your qmail-smtpd is running as user vpopmail (with the correct uid/gid)? -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
On Thu, November 25, 2004 9:50 am, Tom Collins said: What are the permissions on qmailadmin? -rwsr-sr-x1 vpopmail vchkpw 438385 Aug 26 09:53 qmailadmin Mine was not ug+s, but that would not have changed. I went ahead and chmoded it so that it looked identical to yours, however logins still failed. And what does your qmail-smtpd run file look like? It's the stock run file that comes with Gentoo's build of QMail, with a change out of /bin/checkpassword for /var/vpopmail/bin/vchkpw. After variable substitution, it boils down to this: exec /usr/bin/softlimit -m 800 /usr/bin/tcpserver -p -v -R -x /etc/tcprules.d/tcp.qmail-smtpd -c 40 -u `id -u qmaild` -g `id -g qmaild` 0.0.0.0 smtp rblsmtpd -r relays.ordb.org -r bl.spamcop.net -r dnsbl.sorbs.net -r sbl-xbl.spamhaus.org /var/qmail/bin/qmail-smtpd midgard.osss.net /var/vpopmail/bin/vchkpw /bin/true 21 I don't believe there is anything wrong with that file because it worked fine before with vchkpw, and works fine now with checkpassword, just not vchkpw. Did you fix the UID/GID in the /etc/passwd file? Of course. Like I said, qmail-send is currently delivering mail fine, and I can access the mail fine via bincimap...the former depends on vpopmail working, and the latter uses vchkpw... I've also found I can run vchangepw and change a password fine, but I still cannot log in to smtp or qmailadmin as that user. Are you sure your qmail-smtpd is running as user vpopmail (with the correct uid/gid)? Why would it? From the above run file, it appears to run as qmaild:qmaild (201:200) - this has never changed, it was the same when it was working fine yesterday. It is delivering mail to vpopmail users sent in via regular SMTP perfectly...it's just started rejecting SMTP AUTH connections which users of my system use via TLS to relay. Cheers, -- Casey Allen Shobe [EMAIL PROTECTED]
Re: [vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
On Nov 24, 2004, at 9:32 PM, Casey Allen Shobe wrote: find / -group 1004 -print0 | xargs -0 chown 89 I assume you meant chgrp 89. I don't know how a typical Gentoo install handles ownership. On my install, qmail-smtpd runs as the vpopmail user. If qmail-smtpd can't run vhckpw, it can't authenticate. I'd look into why that might be the case. What is the ownership of the files/directories in /home/vpopmail? -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
On Thu, November 25, 2004 11:38 am, Tom Collins said: On Nov 24, 2004, at 9:32 PM, Casey Allen Shobe wrote: find / -group 1004 -print0 | xargs -0 chown 89 I assume you meant chgrp 89. You are correct, I typoed when typing the email, not the actual command. To verify, I have ensure that there is nothing owned by UID 1004 or GID 1004 on the entire system. If qmail-smtpd can't run vhckpw, it can't authenticate. I'd look into why that might be the case. I temporarily changed qmaild's shell to /bin/bash, su - qmaild'd, and successfully executed vchkpw: $ vchkpw vchkpw-pop3: vchkpw is only for talking with qmail-popup and qmail-pop3d. It is not for runnning on the command line. What is the ownership of the files/directories in /home/vpopmail? # ls -l /var/vpopmail/ (~vpopmail == /var/vpopmail on gentoo) drwxr-xr-x 2 root root 784 Nov 25 07:18 bin/ lrwxrwxrwx 1 root root 33 Nov 25 07:18 doc - /usr/share/doc/vpopmail-5.4.6-r1/ drwxr-xr-x 5 vpopmail vpopmail 352 Nov 25 14:44 domains/ drwxr-xr-x 3 root root 184 Nov 23 07:34 etc/ drwxr-xr-x 2 root root 200 Nov 25 07:18 include/ drwxr-xr-x 2 vpopmail vpopmail 80 Nov 25 07:18 lib/ And before you ask, vpopmail is the normal name for the group on the gentoo install, as opposed to the more traditional vchkpw. I'm 90% sure that permissions and ownerships aren't the problem here, because all I did was a specific chown which I reversed exactly. I have a feeling that there's a UID tucked away in a file someplace. How can we enable debug logging for vchkpw or something to give an insight? Cheers, -- Casey Allen Shobe [EMAIL PROTECTED]
Re: [vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
On Thu, November 25, 2004 11:02 am, Casey Allen Shobe said: On Thu, November 25, 2004 9:50 am, Tom Collins said: What are the permissions on qmailadmin? -rwsr-sr-x1 vpopmail vchkpw 438385 Aug 26 09:53 qmailadmin Mine was not ug+s, but that would not have changed. I went ahead and chmoded it so that it looked identical to yours, however logins still failed. WHOOPS, turns out I was completely wrong here. I tried chmod ug+s on the main copy of qmail admin, but as it happened, I'd copied that file into my web root, rather than symlinked. So I tried ug+s on the correct copy, and it works. I then tried a manual chown 1004:1004 on the file, and saw that the +s attributes were removed (not what I would have thought)! So, long story short, qmailadmin is now working again, it's just smtp auth that's not working now. I'll keep digging...thanks for all your advice so far, -- Casey Allen Shobe [EMAIL PROTECTED]
Re: [vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
Hi, At 11:02 25.11.04 -0800, Casey Allen Shobe wrote: On Thu, November 25, 2004 9:50 am, Tom Collins said: What are the permissions on qmailadmin? -rwsr-sr-x1 vpopmail vchkpw 438385 Aug 26 09:53 qmailadmin Mine was not ug+s, but that would not have changed. I went ahead and chmoded it so that it looked identical to yours, however logins still failed. And what does your qmail-smtpd run file look like? It's the stock run file that comes with Gentoo's build of QMail, with a change out of /bin/checkpassword for /var/vpopmail/bin/vchkpw. After variable substitution, it boils down to this: exec /usr/bin/softlimit -m 800 /usr/bin/tcpserver -p -v -R -x /etc/tcprules.d/tcp.qmail-smtpd -c 40 -u `id -u qmaild` -g `id -g qmaild` 0.0.0.0 smtp rblsmtpd -r relays.ordb.org -r bl.spamcop.net -r dnsbl.sorbs.net -r sbl-xbl.spamhaus.org /var/qmail/bin/qmail-smtpd midgard.osss.net /var/vpopmail/bin/vchkpw /bin/true 21 with the standard SMTP-Auth patch (I don't know which is included in your Gentoo patch) you don't need the hostname in the call of the PAM. Check man qmail-smtpd and read my http://www.fehcom.de/qmail/smtpauth.html regards. --eh. Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/ Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24
Re: [vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
On Thu, November 25, 2004 1:33 pm, Erwin Hoffmann said: with the standard SMTP-Auth patch (I don't know which is included in your Gentoo patch) you don't need the hostname in the call of the PAM. Check man qmail-smtpd and read my http://www.fehcom.de/qmail/smtpauth.html Heavy reading..poked around a bit more, but... * The run file has not changed since it was working. * The run file works if I replace vchkpw with checkpassword. So...I'm going to assume, rather than spending too much time looking at all the patches Gentoo applies, that the run file is acceptable. It's not the same as the standard one I applied to my own build before, as it only works after STARTTLS and some other things... Especially with the indication that it's a permissions problem (as it was in the case of qmailadmin). I found that when I execute the following as the qmaild user: printf [EMAIL PROTECTED] | /var/vpopmail/bin/vchkpw /bin/id 30 With the binary owned by root and not SUID, I get no response. With the binary owned by vpopmail and SUID, I get no response. With the binary owned by root and SUID, I get: uid=89(vpopmail) gid=89(vpopmail) groups=200(nofiles) I still haven't got smtp auth working with vchkpw yet, though... -- Casey Allen Shobe [EMAIL PROTECTED]
[vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
Hi guys, I had qmail-smtp/smtpauth (standard Gentoo install) working fine with vchkpw previously. I then decided that I needed to change the user ID for vpopmail to get a suexec script working as the vpopmail user... So I stopped qmail, changed the UID and GID from 89 to 1004, and did: find / -user 89 -print0 | xargs -0 chown 1004 find / -group 89 -print0 | xargs -0 chgrp 1004 This had catastrophic effects after services were restarted. Nothing that used vchkpw could authenticate, including qmail-send, qmail-smtpd, and bincimap. I struggled for a while to figure out why, but couldn't find any logical explanation. So in desperation, I again stopped all running services, changed the passwd and group files back, and did: find / -user 1004 -print0 | xargs -0 chown 89 find / -group 1004 -print0 | xargs -0 chown 89 Upon restarting services, I've found that bincimap authenticates okay, and qmail-send delivers mail (a huge improvement). However qmail-smtpd cannot authenticate, and any time I try to send mail I get the oops, unable to write to pipe and I can't auth error. If I change the password program from /var/vpopmail/bin/vchkpw back to /bin/checkpassword, I can authenticate and send mail fine, but this is not acceptable in the long-term as most of my mail users do not have machine accounts. Could anyone advise me as to what might be going wrong here? Your help is greatly appreciated! -- Casey Allen Shobe [EMAIL PROTECTED]
[vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
Hi guys, I had qmail-smtp/smtpauth (standard Gentoo install) working fine with vchkpw previously. I then decided that I needed to change the user ID for vpopmail to get a suexec script working as the vpopmail user... So I stopped qmail, changed the UID and GID from 89 to 1004, and did: find / -user 89 -print0 | xargs -0 chown 1004 find / -group 89 -print0 | xargs -0 chgrp 1004 This had catastrophic effects after services were restarted. Nothing that used vchkpw could authenticate, including qmail-send, qmail-smtpd, and bincimap. I struggled for a while to figure out why, but couldn't find any logical explanation. So in desperation, I again stopped all running services, changed the passwd and group files back, and did: find / -user 1004 -print0 | xargs -0 chown 89 find / -group 1004 -print0 | xargs -0 chown 89 Upon restarting services, I've found that bincimap authenticates okay, and qmail-send delivers mail (a huge improvement). However qmail-smtpd cannot authenticate, and any time I try to send mail I get the oops, unable to write to pipe and I can't auth error. If I change the password program from /var/vpopmail/bin/vchkpw back to /bin/checkpassword, I can authenticate and send mail fine, but this is not acceptable in the long-term as most of my mail users do not have machine accounts. Could anyone advise me as to what might be going wrong here? Your help is greatly appreciated! -- Casey Allen Shobe [EMAIL PROTECTED]
Re: [vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
On Nov 24, 2004, at 8:33 PM, Casey Allen Shobe wrote: Could anyone advise me as to what might be going wrong here? Your help is greatly appreciated! Go through /var/qmail/users/assign and update the user and group of every entry to match the new user/group for vpopmail. Run qmail-newu so it rebuilds the users/cdb file. Go into your vpopmail source directory and rebuild vpopmail. It would be best to make clean and re-run configure with the same options as you previously did. In a pinch, you can edit VPOPMAILUID and VPOPMAILGID in config.h and just re-compile. Install vpopmail, and rebuild qmailadmin as well (so it links the new vpopmail libraries). You said you were using binc-imap, so you won't need to recompile it. If you were using Courier-IMAP, you'd have to recompile it as well (since it links libvpopmail). That should cover it! -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
On Wed, November 24, 2004 10:20 pm, Tom Collins said: Go through /var/qmail/users/assign and update the user and group of every entry to match the new user/group for vpopmail. Run qmail-newu so it rebuilds the users/cdb file. This looks fine. All uids and gids are 89, which is what I changed vpopmail back to after changing to 1004 failed. Go into your vpopmail source directory and rebuild vpopmail. It would be best to make clean and re-run configure with the same options as you previously did. Did this already. Qmail as well. That should cover it! Unfortunately not. It's good advice (especially the bit about qmail users) in case I try to change UIDs again, but the need for the suexec cgi isn't that great, and the results are horrible, so I doubt I'll ever try again. I just want to get vchkpw working with qmail-smtpd again... Cheers, -- Casey Allen Shobe [EMAIL PROTECTED]