[vchkpw] Authentication problem
Hello ! I have a problem and it seems that some people have it also but no one has an answer for it. I've searched thru courierusers mailinglist and thru this mailing list but i can't find a solution to this matter... Here it goes.. I have a fedora core 5 os and vpopmail 5.4.13 with the cumulative patch made by Bill Shupp, all works ok but the imap authentication service... it seems like when the server is not used or it is used rarely (nightime) it has the habit of refusing authentications of valid users because the mysql server has gone away message ! The weird thing is, after i made some reading, it does not happen in the 8 hour interval wich is the timeout for mysql it happens randomly and when it does i discovered that restarting the courier-authlib daemon temporarely fixes the problem until next time... So, i made an hourly cronjob that restarts the courier-authlib as a quickdirty fix until i find where's the real problem but it seems that this does not work as well in the morning i still find that imap refuses authentication... Can some one help me with this, i'm not a complete noob but this is really over my head and i would really appreciate some help or some indications of what to read in order to understand what's going on. This what the logs say for today, sorry for the large message Max connections in mysql is set to 250 via my.cnf [EMAIL PROTECTED] log]# cat maillog | grep Apr 28 12 Apr 28 12:04:20 ns1 imapd: Connection, ip=[:::127.0.0.1] Apr 28 12:04:20 ns1 authdaemond: received auth request, service=imap, authtype=login Apr 28 12:04:20 ns1 authdaemond: authvchkpw: trying this module Apr 28 12:04:20 ns1 authdaemond: authvchkpw: sysusername=null, sysuserid=514, sysgroupid=506, homedir=/home/vpopmail/domains/clients_domain.com/hotel, [EMAIL PROTECTED], fullname=hotel, maildir=null, quota=null, options=disablewebmail=0,disablepop3=0,disableimap=0 Apr 28 12:04:20 ns1 authdaemond: password matches successfully Apr 28 12:04:20 ns1 authdaemond: Authenticated: sysusername=null, sysuserid=514, sysgroupid=506, homedir=/home/vpopmail/domains/clients_domain.com/hotel, [EMAIL PROTECTED], fullname=hotel, maildir=null, quota=null, options=disablewebmail=0,disablepop3=0,disableimap=0 Apr 28 12:04:20 ns1 imapd: LOGIN, [EMAIL PROTECTED], ip=[:::127.0.0.1], protocol=IMAP Apr 28 12:04:20 ns1 imapd: LOGOUT, [EMAIL PROTECTED], ip=[:::127.0.0.1], headers=0, body=0, time=0 Apr 28 12:13:36 ns1 imapd: Connection, ip=[:::127.0.0.1] Apr 28 12:13:36 ns1 authdaemond: received auth request, service=imap, authtype=login Apr 28 12:13:36 ns1 authdaemond: authvchkpw: trying this module Apr 28 12:13:36 ns1 authdaemond: authvchkpw: sysusername=null, sysuserid=514, sysgroupid=506, homedir=/home/vpopmail/domains/clients_domain.com/hotel, [EMAIL PROTECTED], fullname=hotel, maildir=null, quota=null, options=disablewebmail=0,disablepop3=0,disableimap=0 Apr 28 12:13:36 ns1 authdaemond: password matches successfully Apr 28 12:13:36 ns1 authdaemond: Authenticated: sysusername=null, sysuserid=514, sysgroupid=506, homedir=/home/vpopmail/domains/clients_domain.com/hotel, [EMAIL PROTECTED], fullname=hotel, maildir=null, quota=null, options=disablewebmail=0,disablepop3=0,disableimap=0 Apr 28 12:13:36 ns1 imapd: LOGIN, [EMAIL PROTECTED], ip=[:::127.0.0.1], protocol=IMAP Apr 28 12:13:36 ns1 imapd: LOGOUT, [EMAIL PROTECTED], ip=[:::127.0.0.1], headers=0, body=0, time=0 Apr 28 12:13:36 ns1 imapd: Connection, ip=[:::127.0.0.1] Apr 28 12:13:36 ns1 authdaemond: received auth request, service=imap, authtype=login Apr 28 12:13:36 ns1 authdaemond: authvchkpw: trying this module Apr 28 12:13:36 ns1 authdaemond: authvchkpw: sysusername=null, sysuserid=514, sysgroupid=506, homedir=/home/vpopmail/domains/clients_domain.com/hotel, [EMAIL PROTECTED], fullname=hotel, maildir=null, quota=null, options=disablewebmail=0,disablepop3=0,disableimap=0 Apr 28 12:13:36 ns1 authdaemond: password matches successfully Apr 28 12:13:36 ns1 authdaemond: Authenticated: sysusername=null, sysuserid=514, sysgroupid=506, homedir=/home/vpopmail/domains/clients_domain.com/hotel, [EMAIL PROTECTED], fullname=hotel, maildir=null, quota=null, options=disablewebmail=0,disablepop3=0,disableimap=0 Apr 28 12:13:36 ns1 imapd: LOGIN, [EMAIL PROTECTED], ip=[:::127.0.0.1], protocol=IMAP Apr 28 12:13:37 ns1 imapd: LOGOUT, [EMAIL PROTECTED], ip=[:::127.0.0.1], headers=10506, body=0, time=1 Apr 28 12:14:52 ns1 imapd: Connection, ip=[:::127.0.0.1] Apr 28 12:14:52 ns1 authdaemond: received auth request, service=imap, authtype=login Apr 28 12:14:52 ns1 imapd: LOGIN FAILED, [EMAIL PROTECTED], ip=[:::127.0.0.1] Apr 28 12:14:52 ns1 authdaemond: authvchkpw: trying this module Apr 28 12:14:52 ns1 authdaemond: vmysql: sql error[3]: MySQL server has gone away Apr 28 12:14:52 ns1 authdaemond: vchkpw: user does not exist Apr 28 12:14:52 ns1 authdaemond: authvchkpw: REJECT - try next module Apr 28 12:14:52 ns1 authdaemond: FAIL, all modules rejected
[vchkpw] Authentication Problems
Hello I am having a difficult time with authentication and I dont know what is missing. What I have done it attempted to setup SMTP authentication. Since this attempt I have not been able to POP without using the complete email address as the account name. I have pulled the SMTP auth and now I am just trying to run QMAIL and Vpopmail and still cant POP correctly. POP use to work now it does not for some reason. Here is the start script #!/bin/sh # Qmail Startup # set the max open files # linux 2.4 # echo 16384 /proc/sys/fs/file-max # # linux 2.2 # echo 8 /proc/sys/fs/file-max echo 8 /proc/sys/fs/inode-max # HOSTNAME=`hostname` # See how we were called. case $1 in start) cd / echo Starting: env - PATH=/var/qmail/bin:/usr/local/bin \ qmail-start ./Maildir/ | /usr/local/bin/setuidgid qmaill \ /usr/local/bin/multilog t n20 s100 /var/log/qmail echo qmail env - PATH=/var/qmail/bin:/usr/local/bin \ tcpserver -vHRD -l$HOSTNAME -c400 0 110 /var/qmail/bin/qmail-popup \ $HOSTNAME \ /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 21 | \ /usr/local/bin/setuidgid qmaill \ /usr/local/bin/multilog t n20 s100 /var/log/pop3 echo pop # /usr/lib/courier-imap/libexec/imapd.rc start # /usr/local/share/sqwebmail/libexec/authlib/authdaemond start env - PATH=/var/qmail/bin:/usr/local/bin \ tcpserver -pvHRD -l$HOSTNAME -x /etc/tcp.smtp.cdb \ -c450 -u89 -g89 0 25 /usr/local/bin/rblsmtpd -r relays.ordb.org \ /var/qmail/bin/qmail-smtpd 21 | \ /usr/local/bin/setuidgid qmaill \ /usr/local/bin/multilog t n20 s100 /var/log/smtp echo smtp ;; stop) echo stopping qmail pkill -9 qmail-send pkill -9 tcpserver pkill -9 qmail-remote pkill -9 qmail-smtpd # /usr/lib/courier-imap/libexec/imapd.rc stop # /usr/local/share/sqwebmail/libexec/authlib/authdaemond stop ;; restart) $0 stop $0 start ;; *) echo Usage: qmail {start|stop|restart} exit 1 esac exit Here is the message in logs I get when I cant connect Mar 31 11:52:07 spam vpopmail[5256]: vchkpw: vpopmail user not found wildcard@:192.168.141.254 Thanks Mike
RE: [vchkpw] Authentication Problems
Never mind I am dumb ass and figured it out thanks. From: Mike Jimenez [mailto:[EMAIL PROTECTED] Sent: Friday, March 31, 2006 12:28 PM To: vchkpw@inter7.com Subject: [vchkpw] Authentication Problems Hello I am having a difficult time with authentication and I dont know what is missing. What I have done it attempted to setup SMTP authentication. Since this attempt I have not been able to POP without using the complete email address as the account name. I have pulled the SMTP auth and now I am just trying to run QMAIL and Vpopmail and still cant POP correctly. POP use to work now it does not for some reason. Here is the start script #!/bin/sh # Qmail Startup # set the max open files # linux 2.4 # echo 16384 /proc/sys/fs/file-max # # linux 2.2 # echo 8 /proc/sys/fs/file-max echo 8 /proc/sys/fs/inode-max # HOSTNAME=`hostname` # See how we were called. case $1 in start) cd / echo Starting: env - PATH=/var/qmail/bin:/usr/local/bin \ qmail-start ./Maildir/ | /usr/local/bin/setuidgid qmaill \ /usr/local/bin/multilog t n20 s100 /var/log/qmail echo qmail env - PATH=/var/qmail/bin:/usr/local/bin \ tcpserver -vHRD -l$HOSTNAME -c400 0 110 /var/qmail/bin/qmail-popup \ $HOSTNAME \ /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 21 | \ /usr/local/bin/setuidgid qmaill \ /usr/local/bin/multilog t n20 s100 /var/log/pop3 echo pop # /usr/lib/courier-imap/libexec/imapd.rc start # /usr/local/share/sqwebmail/libexec/authlib/authdaemond start env - PATH=/var/qmail/bin:/usr/local/bin \ tcpserver -pvHRD -l$HOSTNAME -x /etc/tcp.smtp.cdb \ -c450 -u89 -g89 0 25 /usr/local/bin/rblsmtpd -r relays.ordb.org \ /var/qmail/bin/qmail-smtpd 21 | \ /usr/local/bin/setuidgid qmaill \ /usr/local/bin/multilog t n20 s100 /var/log/smtp echo smtp ;; stop) echo stopping qmail pkill -9 qmail-send pkill -9 tcpserver pkill -9 qmail-remote pkill -9 qmail-smtpd # /usr/lib/courier-imap/libexec/imapd.rc stop # /usr/local/share/sqwebmail/libexec/authlib/authdaemond stop ;; restart) $0 stop $0 start ;; *) echo Usage: qmail {start|stop|restart} exit 1 esac exit Here is the message in logs I get when I cant connect Mar 31 11:52:07 spam vpopmail[5256]: vchkpw: vpopmail user not found wildcard@:192.168.141.254 Thanks Mike
Re: [vchkpw] authentication problem
On Jun 10, 2005, at 3:19 PM, [EMAIL PROTECTED] wrote: Thank you for your recomendations I did this: mysql update vpopmail set pw_clear_passwd = NULL; And dint work, so i did this mysql update vpopmail set pw_clear_passwd = ''; And didnt work too And didnt work even with new accounts My vpopmail version is 5.4.9 After clearing the password, you then authenticated one of the users, and his cleartext password didn't update? Try clearing the encrypted password of a few test accounts and see if vpopmail can learn their passwords. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
[vchkpw] authentication problem
Hello I have a mail server with qmail, courrier imap, mysql and vpopmail. I have lost some password of some virtual domains, so i need that vpopmail learn passwords when users try to get mails with pop3 client program. I have recompiled vpopmail with the option --learn-password but didnt work. Somebody knows if i need to do more configurations, and the question will be, what more else? Regards Mario.
Re: [vchkpw] authentication problem
On Jun 10, 2005, at 1:35 PM, [EMAIL PROTECTED] wrote: I have lost some password of some virtual domains, so i need that vpopmail learn passwords when users try to get mails with pop3 client program. I have recompiled vpopmail with the option --learn-password but didnt work. Somebody knows if i need to do more configurations, and the question will be, what more else? You need to have blank passwords on the accounts you want to re-learn. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
RE: [vchkpw] authentication problem
Thank you for your recomendations I did this: mysql update vpopmail set pw_clear_passwd = NULL; And dint work, so i did this mysql update vpopmail set pw_clear_passwd = ''; And didnt work too And didnt work even with new accounts My vpopmail version is 5.4.9 Regards -Mensaje original- De: Tom Collins [mailto:[EMAIL PROTECTED] Enviado el: Friday, June 10, 2005 4:21 PM Para: vchkpw@inter7.com Asunto: Re: [vchkpw] authentication problem On Jun 10, 2005, at 1:35 PM, [EMAIL PROTECTED] wrote: I have lost some password of some virtual domains, so i need that vpopmail learn passwords when users try to get mails with pop3 client program. I have recompiled vpopmail with the option --learn-password but didnt work. Somebody knows if i need to do more configurations, and the question will be, what more else? You need to have blank passwords on the accounts you want to re-learn. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] Authentication problem
On May 12, 2005, at 7:42 AM, Nikodemus Karlsson wrote: I've set up a qmail server with vpopmail and vchkpw authentication on a Gentoo box. When I try to send mail through the smtp server from a remote host, I have to authenticate 3 times before I come through. My /var/log/messages files looks like this during the authentications: May 12 15:57:15 jupiter vpopmail[15822]: vchkpw-smtp: password fail [EMAIL PROTECTED]:82.182.88.166 May 12 15:57:23 jupiter vpopmail[15824]: vchkpw-smtp: password fail [EMAIL PROTECTED]:82.182.88.166 May 12 15:57:31 jupiter vpopmail[15826]: vchkpw-smtp: password fail [EMAIL PROTECTED]:82.182.88.166 May 12 15:57:36 jupiter vpopmail[15828]: vchkpw-smtp: (PLAIN) login success [EMAIL PROTECTED]:82.182.88.166 Two possibilities. 1) You don't have cleartext passwords enabled for vpopmail, so only encrypted passwords are stored in the user database. The CRAM-MD5 SMTP AUTH method requires the cleartext password on the server end. 2) You've patched qmail-smtpd with an older SMTP AUTH patch that passes the parameters for CRAM-MD5 in the wrong order. Vpopmail versions prior to 5.4, expected the parameters in the wrong order, but we fixed that in 5.4 and later. As a result, it broke SMTP AUTH in qmail-smtpd with the wrong patch. There's a version of the patch in the vpopmail contrib directory that will work. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
[vchkpw] Authentication problem
Hi, I've set up a qmail server with vpopmail and vchkpw authentication on a Gentoo box. When I try to send mail through the smtp server from a remote host, I have to authenticate 3 times before I come through. My /var/log/messages files looks like this during the authentications: May 12 15:57:15 jupiter vpopmail[15822]: vchkpw-smtp: password fail [EMAIL PROTECTED]:82.182.88.166 May 12 15:57:23 jupiter vpopmail[15824]: vchkpw-smtp: password fail [EMAIL PROTECTED]:82.182.88.166 May 12 15:57:31 jupiter vpopmail[15826]: vchkpw-smtp: password fail [EMAIL PROTECTED]:82.182.88.166 May 12 15:57:36 jupiter vpopmail[15828]: vchkpw-smtp: (PLAIN) login success [EMAIL PROTECTED]:82.182.88.166 I have a ssl certificate (servercert.pem) in the qmail control directory, and according to the instructions on the Gentoo web site (http://www.gentoo.org/doc/en/qmail-howto.xml), I would be able to authenticate with ssl/tls. But the log says plain... What can cause these passwords fails (yes, I type the correct passwords), and how do I get a ssl connection? TIA Nikodemus
Re: [vchkpw] Authentication problem
your mail client is probably trying 3 different login types before it tries plain. - Original Message - From: Nikodemus Karlsson [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Thursday, May 12, 2005 9:42 AM Subject: [vchkpw] Authentication problem Hi, I've set up a qmail server with vpopmail and vchkpw authentication on a Gentoo box. When I try to send mail through the smtp server from a remote host, I have to authenticate 3 times before I come through. My /var/log/messages files looks like this during the authentications: May 12 15:57:15 jupiter vpopmail[15822]: vchkpw-smtp: password fail [EMAIL PROTECTED]:82.182.88.166 May 12 15:57:23 jupiter vpopmail[15824]: vchkpw-smtp: password fail [EMAIL PROTECTED]:82.182.88.166 May 12 15:57:31 jupiter vpopmail[15826]: vchkpw-smtp: password fail [EMAIL PROTECTED]:82.182.88.166 May 12 15:57:36 jupiter vpopmail[15828]: vchkpw-smtp: (PLAIN) login success [EMAIL PROTECTED]:82.182.88.166 I have a ssl certificate (servercert.pem) in the qmail control directory, and according to the instructions on the Gentoo web site (http://www.gentoo.org/doc/en/qmail-howto.xml), I would be able to authenticate with ssl/tls. But the log says plain... What can cause these passwords fails (yes, I type the correct passwords), and how do I get a ssl connection? TIA Nikodemus
Re: [vchkpw] authentication problem for qmail-smtp-auth
Increased the softlimit to 4000. No luck. How can I test vchkpw to see if it is ok, or the problem resides elsewhere? (maybe qmail-smtpd is not feeding vchkpw the username/password correctly, and thus, authentication failes) On a second thought, the message is: vpopmail[]: vchkpw-smtp: vpopmail user not found [EMAIL PROTECTED]:ip. Maybe, the ":ip" ending is not stripped from the username (email address), and it is trying to authenticate the whole [EMAIL PROTECTED]:ipwhich of course could cause this ***beep***-up. But, as I mentioned before, Pop3 and IMAP authentication work flawlessly (courier-imap package) - Original Message - From: "Tom Collins" [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Saturday, April 02, 2005 7:34 PM Subject: Re: [vchkpw] authentication problem for qmail-smtp-auth On Apr 2, 2005, at 7:00 AM, Bogdan Motoc - CRC wrote: As you can see, OE6 tried AUTH LOGIN, which didn't work, then closed connection. Eudora tried first AUTH CRAM-MD5. After it failed, it tried to send the message without authentication, which of course failed. Still, MySQL logs show no attempts to read the username/password from the database. Instead the same error message I mentioned before, is entered in maillog and sql database. Try increasing the softlimit for qmail-smtpd and the pop server. It may be running out of memory trying to run vchkpw. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] authentication problem for qmail-smtp-auth
On Apr 5, 2005, at 10:49 AM, Bogdan Motoc - CRC wrote: How can I test vchkpw to see if it is ok, or the problem resides elsewhere? Take a look at checkpassword_debug in the contrib directory of vpopmail. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] authentication problem for qmail-smtp-auth
Test again - Original Message - From: Tom Collins [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Saturday, April 02, 2005 12:34 PM Subject: Re: [vchkpw] authentication problem for qmail-smtp-auth On Apr 2, 2005, at 7:00 AM, Bogdan Motoc - CRC wrote: As you can see, OE6 tried AUTH LOGIN, which didn't work, then closed connection. Eudora tried first AUTH CRAM-MD5. After it failed, it tried to send the message without authentication, which of course failed. Still, MySQL logs show no attempts to read the username/password from the database. Instead the same error message I mentioned before, is entered in maillog and sql database. Try increasing the softlimit for qmail-smtpd and the pop server. It may be running out of memory trying to run vchkpw. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.9.1 - Release Date: 4/1/2005
Re: [vchkpw] authentication problem for qmail-smtp-auth
And here is the log recordio produced: First trying to send with Outlook Express 6: == 4000424e9e0d2550f4a4 8497 220 serv-domain.tld ESMTP 4000424e9e0d2621584c 8497 EHLO client-machine 4000424e9e0d2622812c 8497 250-serv-domain.tld 4000424e9e0d2622989c 8497 250-PIPELINING 4000424e9e0d26229c84 8497 250-8BITMIME 4000424e9e0d2622a06c 8497 250-SIZE 0 4000424e9e0d2622a454 8497 250 AUTH LOGIN PLAIN CRAM-MD5 4000424e9e0d2749e25c 8497 AUTH LOGIN 4000424e9e0d274ae814 8497 334 VXNlcm5hbWU6 4000424e9e0d285ed4cc 8497 dGVzdEBjaGVtdGVjby5ybw== 4000424e9e0d2860057c 8497 334 UGFzc3dvcmQ6 4000424e9e0d2972b9b4 8497 NDU2 4000424e9e1229d33cbc 8497 535 authentication failed (#5.7.1) @4000424e9e122aea2714 8497 [EOF] @4000424e9e122aecbf24 8497 [EOF] = Then I used Eudora 6.2: = 4000424ea2a73254068c 8621 220 serv-domain.tld ESMTP 4000424ea2a7335ab88c 8621 EHLO client-machine 4000424ea2a7335bbe44 8621 250-serv-domain.tld 4000424ea2a7335bfcc4 8621 250-PIPELINING 4000424ea2a7335c2f8c 8621 250-8BITMIME 4000424ea2a7335c663c 8621 250-SIZE 0 4000424ea2a7335c9cec 8621 250 AUTH LOGIN PLAIN CRAM-MD5 4000424ea2a73468b1d4 8621 AUTH CRAM-MD5 4000424ea2a73469e284 8621 334 PDg2MjEuMTExMjQ0OTY5M0BjaGVtdGVjby5ybz4= 4000424ea2a7356f63d4 8621 dGVzdEBjaGVtdGVjby5ybyBmMDY4Y2FiZmNmZTBlYTYzYjViZWY5NmU3NTI5OWMwMw== 4000424ea2ac35db9edc 8621 535 authentication failed (#5.7.1) 4000424ea2ac36e7ea74 8621 RSET 4000424ea2ac36e8e474 8621 250 flushed 4000424ea2ac37ea23ec 8621 MAIL FROM:[EMAIL PROTECTED] 4000424ea2ac37eb4ccc 8621 250 ok 4000424ea2ac38f26c2c 8621 RCPT TO:[EMAIL PROTECTED] 4000424ea2ac38f3ac7c 8621 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) 4000424ea2ac3a802494 8621 QUIT 4000424ea2ac3a83f13c 8621 221 serv-domain.tld @4000424ea2ac3a83f90c 8621 [EOF] = As you can see, OE6 tried AUTH LOGIN, which didn't work, then closed connection. Eudora tried first AUTH CRAM-MD5. After it failed, it tried to send the message without authentication, which of course failed. Still, MySQL logs show no attempts to read the username/password from the database. Instead the same error message I mentioned before, is entered in maillog and sql database. Clear passwords is enabled in vpopmail. - Original Message - From: Bogdan Motoc - CRC [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Friday, April 01, 2005 1:38 AM Subject: Re: [vchkpw] authentication problem for qmail-smtp-auth - Original Message - From: Tom Collins [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Wednesday, March 30, 2005 9:59 PM Subject: Re: [vchkpw] authentication problem for qmail-smtp-auth On Mar 30, 2005, at 10:33 AM, Bogdan Motoc - CRC wrote: So, what am I doing wrong? What have I missed? What else can I do to throw some light on this matter? I apreciate any help you can give me. One possibility: If you don't have clear passwords enabled, and the user tries to use CRAM-MD5 for SMTP AUTH, their authentication will fail. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com Hmm... what auth method it is actually using is a good question. I'll try and log the smtp conversation (only recordio comes in mind at this point), and see exactly what's going on. Thank you for this ideea, and all the help.
Re: [vchkpw] authentication problem for qmail-smtp-auth
On Apr 2, 2005, at 7:00 AM, Bogdan Motoc - CRC wrote: As you can see, OE6 tried AUTH LOGIN, which didn't work, then closed connection. Eudora tried first AUTH CRAM-MD5. After it failed, it tried to send the message without authentication, which of course failed. Still, MySQL logs show no attempts to read the username/password from the database. Instead the same error message I mentioned before, is entered in maillog and sql database. Try increasing the softlimit for qmail-smtpd and the pop server. It may be running out of memory trying to run vchkpw. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] authentication problem for qmail-smtp-auth
- Original Message - From: Erwin Hoffmann [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Wednesday, March 30, 2005 10:09 PM Subject: Re: [vchkpw] authentication problem for qmail-smtp-auth Why do you use /home/vpopmail/bin/vchkpw $LOCAL /bin/true 21 ? Is $LOCAL required by vchkpw ? I have removed the $LOCAL string, killed the tcpserver process, verified that it was restarted without the $LOCAL argument, and nothing happened. (nothing good, anyway) I still see the message: vpopmail[]: vchkpw-smtp: vpopmail user not found [EMAIL PROTECTED]:ip
Re: [vchkpw] authentication problem for qmail-smtp-auth
- Original Message - From: Tom Collins [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Wednesday, March 30, 2005 9:59 PM Subject: Re: [vchkpw] authentication problem for qmail-smtp-auth On Mar 30, 2005, at 10:33 AM, Bogdan Motoc - CRC wrote: So, what am I doing wrong? What have I missed? What else can I do to throw some light on this matter? I apreciate any help you can give me. One possibility: If you don't have clear passwords enabled, and the user tries to use CRAM-MD5 for SMTP AUTH, their authentication will fail. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com Hmm... what auth method it is actually using is a good question. I'll try and log the smtp conversation (only recordio comes in mind at this point), and see exactly what's going on. Thank you for this ideea, and all the help.
[vchkpw] authentication problem for qmail-smtp-auth
I know this issue has been covered by previous threads, but my problem is slightly different and more documented. So don't shoot me for asking this in the vpopmail mailinglist, because it may very well be a vpopmail problem, rather than a smtp-auth one. I have been using qmail+vpopmail for severel years, and I've managed to solve all the various issues that surfaced iin this period. Until now... I had to make a new mail server, so I started from scratch: -installed OS (I use Slackware-current, which came with kernel-2.6.10, gcc-3.3.5, Apache-1.3.33, MySQL-4.0.23a) -installed netqmail-1.05 as described at http://www.lifewithqmail.org/ -installed vpopmail-5.4.9 (using MySQL to store accounts and logs) -installed courier-imap-4.0.2 and courier-authlib-0.55 -installed sqwebmail-5.0.1 -installed smtp-authentication-0.63 from http://www.fehcom.de/qmail/smtpauth.html Result: everything works fine, except the smtp authentication. Users cannot send emails, and I get this message in maillog: vpopmail[]: vchkpw-smtp: vpopmail user not found [EMAIL PROTECTED]:ip Since I am using courier-imap-4.x.x, the roaming users feature is unavailable, and for clients connecting from unknown ip-s, I am left with no other alternative but to use smtp authentication. So far, my conclusion was that vchkpw is not actually verifying username/password, for a reason that eludes me. I have reached this conclusion by logging all queries to mysql and this log only shows the pop3/imap authentications. No smtp-auth authentication attempts or error messages regarding such attempts. I have compiled vpopmail to log also in MySQL, and this way I can see the same error that I get in maillog. Here's how the MySQL log looks like: /usr/libexec/mysqld, Version: 4.0.23a-log, started with: Tcp port: 3306 Unix socket: /var/run/mysql/mysql.sock Time Id CommandArgument 050330 18:57:43 1 Connect [EMAIL PROTECTED] on 1 Init DB vpopmail 1 Query INSERT INTO vlog set user='user', passwd='1dddf10d806134be304b47aadecf0929', domain='domain.tld', logon='[EMAIL PROTECTED]', remoteip='xx.xx.xx.xx', message='vchkpw-smtp: vpopmail user not found [EMAIL PROTECTED]:xx.xx.xx.xx', error=1, timestamp=1112198263 1 Quit 050330 19:06:46 2 Connect [EMAIL PROTECTED] on vpopmail 2 Query select pw_name, pw_passwd, pw_uid, pw_gid, pw_gecos, pw_dir, pw_shell , pw_clear_passwd from vpopmail where pw_name = user and pw_domain = domain.tld 2 Query replace into lastauth set user='user', domain='domain.tld', remote_ip='imap', timestamp=1112198806 050330 19:08:16 3 Connect [EMAIL PROTECTED] on vpopmail 3 Query select pw_name, pw_passwd, pw_uid, pw_gid, pw_gecos, pw_dir, pw_shell , pw_clear_passwd from vpopmail where pw_name = user and pw_domain = domain.tld 3 Query replace into lastauth set user='user', domain='domain.tld', remote_ip='pop3', timestamp=1112198896 (of course, all usernames, domains, and ip-s have been replaced in this log excerpt) This log shows: 1. the error loogged into MySQL database by vchkpw, but no attempt to actually validate that username. This tells me that vchkpw IS able to access the mysql database. 2. the validation of a user/password by the imap server 3. the validation of a user/password by the pop server I have also googled a little bit about this error, and found that other people have encountered a similar error, but have not reached a definitive answer to the problem. Some have suggested that it might be a user/rights conflict. I have made /home/vpopmail/bin/vchkpw owned by root, but nothing changed. Here's my /service/qmail-smtpd/run file: #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD -o -z $LOCAL ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo No /var/qmail/control/rcpthosts! echo Refusing to start SMTP listener because it'll create an open relay exit 1 fi exec /usr/local/bin/softlimit -m 400 \ /usr/local/bin/tcpserver -v -R -H -l $LOCAL -x /etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd -r relays.ordb.org \ /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw $LOCAL /bin/true 21 So, what am I doing wrong? What have I missed? What else can I do to throw some light on this matter? I apreciate any help you can give me.
Re: [vchkpw] authentication problem for qmail-smtp-auth
On Mar 30, 2005, at 10:33 AM, Bogdan Motoc - CRC wrote: So, what am I doing wrong? What have I missed? What else can I do to throw some light on this matter? I apreciate any help you can give me. One possibility: If you don't have clear passwords enabled, and the user tries to use CRAM-MD5 for SMTP AUTH, their authentication will fail. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] authentication problem for qmail-smtp-auth
Hi, At 21:33 30.03.2005 +0300, you wrote: I know this issue has been covered by previous threads, but my problem is slightly different and more documented. So don't shoot me for asking this in the vpopmail mailinglist, because it may very well be a vpopmail problem, rather than a smtp-auth one. I have been using qmail+vpopmail for severel years, and I've managed to solve all the various issues that surfaced iin this period. Until now... I had to make a new mail server, so I started from scratch: -installed OS (I use Slackware-current, which came with kernel-2.6.10, gcc-3.3.5, Apache-1.3.33, MySQL-4.0.23a) -installed netqmail-1.05 as described at http://www.lifewithqmail.org/ -installed vpopmail-5.4.9 (using MySQL to store accounts and logs) -installed courier-imap-4.0.2 and courier-authlib-0.55 -installed sqwebmail-5.0.1 -installed smtp-authentication-0.63 from http://www.fehcom.de/qmail/smtpauth.html Ok. Then you should know the theory behind SMTP-Auth. Result: everything works fine, except the smtp authentication. Users cannot send emails, and I get this message in maillog: vpopmail[]: vchkpw-smtp: vpopmail user not found [EMAIL PROTECTED]:ip Since I am using courier-imap-4.x.x, the roaming users feature is unavailable, and for clients connecting from unknown ip-s, I am left with no other alternative but to use smtp authentication. So far, my conclusion was that vchkpw is not actually verifying username/password, for a reason that eludes me. I have reached this conclusion by logging all queries to mysql and this log only shows the pop3/imap authentications. No smtp-auth authentication attempts or error messages regarding such attempts. I have compiled vpopmail to log also in MySQL, and this way I can see the same error that I get in maillog. Here's how the MySQL log looks like: /usr/libexec/mysqld, Version: 4.0.23a-log, started with: Tcp port: 3306 Unix socket: /var/run/mysql/mysql.sock Time Id CommandArgument 050330 18:57:43 1 Connect [EMAIL PROTECTED] on 1 Init DB vpopmail 1 Query INSERT INTO vlog set user='user', passwd='1dddf10d806134be304b47aadecf0929', domain='domain.tld', logon='[EMAIL PROTECTED]', remoteip='xx.xx.xx.xx', message='vchkpw-smtp: vpopmail user not found [EMAIL PROTECTED]:xx.xx.xx.xx', error=1, timestamp=1112198263 1 Quit 050330 19:06:46 2 Connect [EMAIL PROTECTED] on vpopmail 2 Query select pw_name, pw_passwd, pw_uid, pw_gid, pw_gecos, pw_dir, pw_shell , pw_clear_passwd from vpopmail where pw_name = user and pw_domain = domain.tld 2 Query replace into lastauth set user='user', domain='domain.tld', remote_ip='imap', timestamp=1112198806 050330 19:08:16 3 Connect [EMAIL PROTECTED] on vpopmail 3 Query select pw_name, pw_passwd, pw_uid, pw_gid, pw_gecos, pw_dir, pw_shell , pw_clear_passwd from vpopmail where pw_name = user and pw_domain = domain.tld 3 Query replace into lastauth set user='user', domain='domain.tld', remote_ip='pop3', timestamp=1112198896 (of course, all usernames, domains, and ip-s have been replaced in this log excerpt) This log shows: 1. the error loogged into MySQL database by vchkpw, but no attempt to actually validate that username. This tells me that vchkpw IS able to access the mysql database. 2. the validation of a user/password by the imap server 3. the validation of a user/password by the pop server I have also googled a little bit about this error, and found that other people have encountered a similar error, but have not reached a definitive answer to the problem. Some have suggested that it might be a user/rights conflict. I have made /home/vpopmail/bin/vchkpw owned by root, but nothing changed. Here's my /service/qmail-smtpd/run file: #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD -o -z $LOCAL ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo No /var/qmail/control/rcpthosts! echo Refusing to start SMTP listener because it'll create an open relay exit 1 fi exec /usr/local/bin/softlimit -m 400 \ /usr/local/bin/tcpserver -v -R -H -l $LOCAL -x /etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd -r relays.ordb.org \ /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw $LOCAL /bin/true 21 Why do you use /home/vpopmail/bin/vchkpw $LOCAL /bin/true 21 ? Is $LOCAL required by vchkpw ? regards. --eh. Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/ Wiener Weg 8, 50858 Cologne |
Re: [vchkpw] authentication problem for qmail-smtp-auth
On Wednesday 30 March 2005 01:09 pm, Erwin Hoffmann wrote: Here's my /service/qmail-smtpd/run file: #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` can the qmaild user read ~vpopmail/etc/vpopmail.mysql ? MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD -o -z $LOCAL ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo No /var/qmail/control/rcpthosts! echo Refusing to start SMTP listener because it'll create an open relay exit 1 fi exec /usr/local/bin/softlimit -m 400 \ /usr/local/bin/tcpserver -v -R -H -l $LOCAL -x /etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd -r relays.ordb.org \ /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw $LOCAL /bin/true 21 Why do you use /home/vpopmail/bin/vchkpw $LOCAL /bin/true 21 ? Is $LOCAL required by vchkpw ? Nope, but that wouldn't cause auth failures to show up in the logs, that would only cause the SMTP server to not be able to authenticate. The problem is almost certainly that the user you are running your smtp server as does not have permission to read the vpopmail.mysql file. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgphV7dcbZ8qz.pgp Description: PGP signature
Re: [vchkpw] Authentication problems after upgrading Vpopmail
On Mar 8, 2005, at 6:57 AM, Ron Dyck wrote: I've successfully installed the patch and am still having trouble logging in. I'm forced to reset passwds to gain access. The problem is random and causing me much grief with my clients. The CRAM-MD5 method of authentication requires a cleartext password for each user. Older accounts on your system could have been created before you had cleartext enabled, causing errors when the user tries to authenticate. Take a look at the vpasswd file, or the user table and see if the problematic users follow that pattern (blank cleartext password). I just checked the vckhpw.c code, and it should update the cleartext password when a user logs in. I guess that code needs some additional testing. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] Authentication problems after upgrading Vpopmail
The CRAM-MD5 method of authentication requires a cleartext password for each user. Older accounts on your system could have been created before you had cleartext enabled, causing errors when the user tries to authenticate. Take a look at the vpasswd file, or the user table and see if the problematic users follow that pattern (blank cleartext password). The clients experiencing authentication problem do have clear passwds. They are stored in mysql and I'm able to access this information with ./vuserinfo as well as viewing the DB records. I've reset a number of them repeatedly. This seems to provide access, though for a limited time. Additionally, oddly the authentication errors are not recorded in the 'vlog' table in the vpopmail database. I'm able to track the majority of the errors using SquirrelMails' sql_squirrel_logger plugin. Regards, ron = Ron Dyck [EMAIL PROTECTED] webbtech.net =
[vchkpw] Authentication problems after upgrading Vpopmail
I've recently upgraded to vpopmail-5.4.9 and am having problems with authentication. Users are getting a error claiming the user or passwd is incorrect. Strangely, the error occurs only when logging in with IMAP like 'SquirrelMail' or even qmailadmin not with pop like 'outlook'. After resetting the passwd (to the existing one) with ./vpasswd, the problem is temporarily resolved. I've looked at the 'UPGRADE' file and noticed a patch: qmail-smtpd-auth-0.4.2 When I attempt to intall I get: [EMAIL PROTECTED] netqmail-1.04]# ./install_auth.sh head: conf-qmail: No such file or directory ./find-systype.sh: ./find-systype.sh: No such file or directory Installing qmail-smtpd AUTH 057 (Build 2005024212941) at Sat Mar 5 12:28:54 EST 2005 Targeting file TARGETS ... TARGETS not found ! Can anyone shed some lite on this for me? I've included the original configure and configure for the upgrade below. I've even tried re-installing my previous version of vpopmail but still received the error. You help is appreciated. ron Original configure: ./configure \ --enable-roaming-users=y \ --enable-logging=p \ --enable-defaultquota=10485760 \ --enable-ip-alias-domains=n \ --enable-passwd=n \ --enable-clear-passwd=y \ --enable-domain-quotas=y \ --enable-mysql=y \ --enable-many-domains=n \ --enable-auth-logging=y \ --enable-mysql-logging=y \ --enable-mysql-limits=n \ --enable-valias=y \ --enable-incdir=/usr/local/mysql/include/mysql \ --enable-libdir=/usr/local/mysql/lib/mysql Upgrade configure: ./configure \ --enable-roaming-users \ --enable-logging=p \ --disable-passwd \ --enable-clear-passwd \ --disable-domain-quotas \ --enable-auth-module=mysql \ --disable-many-domains \ --enable-auth-logging \ --enable-sql-logging \ --enable-qmail-ext \ --disable-valias \ --disable-mysql-limits \ --enable-incdir=/usr/local/mysql/include/mysql \ --enable-libdir=/usr/local/mysql/lib/mysql = Ron Dyck [EMAIL PROTECTED] webbtech.net =
Re: [vchkpw] Authentication problems after upgrading Vpopmail
Hi, At 10:59 07.03.05 -0500, you wrote: I've recently upgraded to vpopmail-5.4.9 and am having problems with authentication. Users are getting a error claiming the user or passwd is incorrect. Strangely, the error occurs only when logging in with IMAP like 'SquirrelMail' or even qmailadmin not with pop like 'outlook'. After resetting the passwd (to the existing one) with ./vpasswd, the problem is temporarily resolved. I've looked at the 'UPGRADE' file and noticed a patch: qmail-smtpd-auth-0.4.2 When I attempt to intall I get: [EMAIL PROTECTED] netqmail-1.04]# ./install_auth.sh head: conf-qmail: No such file or directory ./find-systype.sh: ./find-systype.sh: No such file or directory Installing qmail-smtpd AUTH 057 (Build 2005024212941) at Sat Mar 5 12:28:54 EST 2005 Targeting file TARGETS ... TARGETS not found ! You have to install the patch in the original qmail-1.03 directory. The installation script is missing those files mentioned above. regards. --eh. Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/ Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24
[vchkpw] Authentication Problems
I've recently upgraded to vpopmail-5.4.9 and am having problems with authentication. Users are getting a error claiming the user or passwd is incorrect. Strangely, the error occurs only when logging in with IMAP like 'SquirrelMail' or even qmailadmin not with pop like 'outlook'. After resetting the passwd (to the existing one) with ./vpasswd, the problem is temporarily resolved. I've looked at the 'UPGRADE' file and noticed a patch: qmail-smtpd-auth-0.4.2 When I attempt to intall I get: [EMAIL PROTECTED] netqmail-1.04]# ./install_auth.sh head: conf-qmail: No such file or directory ./find-systype.sh: ./find-systype.sh: No such file or directory Installing qmail-smtpd AUTH 057 (Build 2005024212941) at Sat Mar 5 12:28:54 EST 2005 Targeting file TARGETS ... TARGETS not found ! Can anyone shed some lite on this for me? I've included the original configure and configure for the upgrade below. I've even tried re-installing my previous version of vpopmail but still received the error. You help is appreciated. ron Original configure: ./configure \ --enable-roaming-users=y \ --enable-logging=p \ --enable-defaultquota=10485760 \ --enable-ip-alias-domains=n \ --enable-passwd=n \ --enable-clear-passwd=y \ --enable-domain-quotas=y \ --enable-mysql=y \ --enable-many-domains=n \ --enable-auth-logging=y \ --enable-mysql-logging=y \ --enable-mysql-limits=n \ --enable-valias=y \ --enable-incdir=/usr/local/mysql/include/mysql \ --enable-libdir=/usr/local/mysql/lib/mysql Upgrade configure: ./configure \ --enable-roaming-users \ --enable-logging=p \ --disable-passwd \ --enable-clear-passwd \ --disable-domain-quotas \ --enable-auth-module=mysql \ --disable-many-domains \ --enable-auth-logging \ --enable-sql-logging \ --enable-qmail-ext \ --disable-valias \ --disable-mysql-limits \ --enable-incdir=/usr/local/mysql/include/mysql \ --enable-libdir=/usr/local/mysql/lib/mysql = Ron Dyck [EMAIL PROTECTED] webbtech.net +
Re: [vchkpw] vchkpw authentication fails
X-Istence wrote: Shameless plug url:http://bsdguides.org/guides/freebsd/mailserver/ qmail+vpopmail+qmailadmin.php. Guide was written by me, site owned by a friend of mine. It is geared to using the FreeBSD ports tree to make install easier. And includes all the standard stuff you would want (imap, pop3, sa, qmailadmin, qmail, vpopmail) Noted. Thx. Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] vchkpw authentication fails
In the kernel, is UFS_DIRHASH enabled, or whatever the option is? This caused a lot of trouble on another server i admin, where it would be so slow, that at times login sporadically failed. It is enabled by default, and it would be stupid to have been removed, but you never know. Hm...I'm pretty new to BSD (more used to Linux) so I'm not sure how to discover kernel compile options...but AFAIK the guy who set all this stuff up just used a generic 4.6 kernel config. If anything see if it is possible to at least upgrade to the last 4.10 version, as there have been a lot of overall improvements (This is off topic BTW) Yeah, that's on my overly long to-do list. Also, when you manually auth using pop3: telnet localhost 110 user username pass password list What is the output? (Please truncate, if the user has a ton of emails, we don't need the entire list) Or does it die saying can't scan maildir? per my earlier post, it dies with the Maildir scan ERR. Does this only happen for his account, yes and have you tried to mv the Maildir,and then /var/qmail/bin/maildirmake Maildir in the same dir, then chowning it to the right user and then trying to login again to see if it succeeds then? I didn't try that, but when I do, it authenticates correctly. This is good. So now: I read somewhere that it's not a great idea to manipulate the queues directly; what's the consensus? Can I not just move the messages back into the appropriate directories in the new Maildir I just created? Thanks.
Re: [vchkpw] vchkpw authentication fails
John Berliner wrote: In the kernel, is UFS_DIRHASH enabled, or whatever the option is? This caused a lot of trouble on another server i admin, where it would be so slow, that at times login sporadically failed. It is enabled by default, and it would be stupid to have been removed, but you never know. Hm...I'm pretty new to BSD (more used to Linux) so I'm not sure how to discover kernel compile options...but AFAIK the guy who set all this stuff up just used a generic 4.6 kernel config. The FreeBSD handbook and FAQ (directly linked from http://www.freebsd.org) makes an excellent reading and goes to great lengths explaining the details, which in the end boils down to editing one file and executing a handful of commands (in the right sequence. The UFS_DIRHASH options is - TTBOMK - only useful when creating new filesystems. It doesn't have any effect later-on. Well, shouldn't. ;-) UFS_DIRHASH was introduced with or post-RELENG_4_6, IIRC, together with making softupdates the default at installtime If anything see if it is possible to at least upgrade to the last 4.10 version, as there have been a lot of overall improvements (This is off topic BTW) Yeah, that's on my overly long to-do list. It should be on top. ;-) 4.6 contains numerous vulnerabilites and is no longer supported. Looking at it, it was released in June 2002 - that's a long time in FreeBSD-land. If you have a test-machine, you can try going from 4.6 to 4.10 directly via cvsup. Otherwhise, I'm not 100%sure if going straight from 4.6 to 4.10 works (it should, but the devil is a squirrel, as we say here around) - read /usr/src/UPDATING for more information. Also, when you manually auth using pop3: telnet localhost 110 user username pass password list What is the output? (Please truncate, if the user has a ton of emails, we don't need the entire list) Or does it die saying can't scan maildir? per my earlier post, it dies with the Maildir scan ERR. Does this only happen for his account, yes and have you tried to mv the Maildir,and then /var/qmail/bin/maildirmake Maildir in the same dir, then chowning it to the right user and then trying to login again to see if it succeeds then? I didn't try that, but when I do, it authenticates correctly. This is good. So now: I read somewhere that it's not a great idea to manipulate the queues directly; what's the consensus? Can I not just move the messages back into the appropriate directories in the new Maildir I just created? The queue is in /var/qmail/queue and it *is* a bad idea to manipulate it directly (unless You Know What You Are Doing (TM). But what you're manipulating here is the maildir. If you shut down qmail while you move the mail to the old place, you are 100% safe. As it crashes with POP, the error should be in the top-level maildirectory somewhere, I assume. If you're bored, you can truss -p the process after you connected with telnet and before you authenticated ;-) If you have further ambitions with your Qmail-installation, you might want to check-out Matt Simerson's Qmail-FreeBSD-Toaster at http://www.tnpi.biz. Though it's geared towards ISPs, it does also work very nicely for smaller installations. cheers, Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] vchkpw authentication fails
On Nov 30, 2004, at 11:49 AM, Rainer Duffner wrote: John Berliner wrote: In the kernel, is UFS_DIRHASH enabled, or whatever the option is? This caused a lot of trouble on another server i admin, where it would be so slow, that at times login sporadically failed. It is enabled by default, and it would be stupid to have been removed, but you never know. Hm...I'm pretty new to BSD (more used to Linux) so I'm not sure how to discover kernel compile options...but AFAIK the guy who set all this stuff up just used a generic 4.6 kernel config. The FreeBSD handbook and FAQ (directly linked from http://www.freebsd.org) makes an excellent reading and goes to great lengths explaining the details, which in the end boils down to editing one file and executing a handful of commands (in the right sequence. The UFS_DIRHASH options is - TTBOMK - only useful when creating new filesystems. It doesn't have any effect later-on. Well, shouldn't. ;-) UFS_DIRHASH was introduced with or post-RELENG_4_6, IIRC, together with making softupdates the default at installtime Did not know this. Stepped into freeBSD from Linux in RELENG_4_6_2, and then did a reinstall for RELENG_4_7. If anything see if it is possible to at least upgrade to the last 4.10 version, as there have been a lot of overall improvements (This is off topic BTW) Yeah, that's on my overly long to-do list. It should be on top. ;-) 4.6 contains numerous vulnerabilites and is no longer supported. Looking at it, it was released in June 2002 - that's a long time in FreeBSD-land. If you have a test-machine, you can try going from 4.6 to 4.10 directly via cvsup. Otherwhise, I'm not 100%sure if going straight from 4.6 to 4.10 works (it should, but the devil is a squirrel, as we say here around) - read /usr/src/UPDATING for more information. I suggest a clean reinstall, if you pick RELENG_4_10, it will be a clean start, as there are a ton of old libraries that are in RELENG_4_6. Personally i suggest RELENG_5_3 though, has given me a more stable system, that is far more responsive, but i guess it is personal choice. Also, when you manually auth using pop3: telnet localhost 110 user username pass password list What is the output? (Please truncate, if the user has a ton of emails, we don't need the entire list) Or does it die saying can't scan maildir? per my earlier post, it dies with the Maildir scan ERR. Does this only happen for his account, yes and have you tried to mv the Maildir,and then /var/qmail/bin/maildirmake Maildir in the same dir, then chowning it to the right user and then trying to login again to see if it succeeds then? I didn't try that, but when I do, it authenticates correctly. This is good. So now: I read somewhere that it's not a great idea to manipulate the queues directly; what's the consensus? Can I not just move the messages back into the appropriate directories in the new Maildir I just created? The queue is in /var/qmail/queue and it *is* a bad idea to manipulate it directly (unless You Know What You Are Doing (TM). But what you're manipulating here is the maildir. If you shut down qmail while you move the mail to the old place, you are 100% safe. As it crashes with POP, the error should be in the top-level maildirectory somewhere, I assume. If you're bored, you can truss -p the process after you connected with telnet and before you authenticated ;-) I did that when i had the same problem, and did not find anything. It seems to happen when some message is screwed up in some way. But this user i was tryingt it out on had over 60,000 emails, so finding the culprit woulda been painfull. If you have further ambitions with your Qmail-installation, you might want to check-out Matt Simerson's Qmail-FreeBSD-Toaster at http://www.tnpi.biz. Though it's geared towards ISPs, it does also work very nicely for smaller installations. Shameless plug url:http://bsdguides.org/guides/freebsd/mailserver/ qmail+vpopmail+qmailadmin.php. Guide was written by me, site owned by a friend of mine. It is geared to using the FreeBSD ports tree to make install easier. And includes all the standard stuff you would want (imap, pop3, sa, qmailadmin, qmail, vpopmail) cheers, Rainer Good luck with your install. X-Istence
[vchkpw] vchkpw authentication fails
I am a web and application developer who has inherited sysadmin duties for our school's servers. Thus I'm basically a novice. I have scoured the web and mailing lists for clues to solving my problem here, but no luck. So here goes: Our mail services are all working fine, with the exception of a single user (the heaviest mail user, by far) who has previously had intermittent issues with POPping mail. Now it very rarely succeeds -- and currently, does not succeed at all -- in picking up mail. Using any POP client, we get authentication errors (vchkpw: password fail in maillog). We are running vpopmail 5.2.1 + qmail 1.03 on a FreeBSD 4.6 server. No imap. No inetd/ xinetd, just tcpserver + daemontools... Can someone please get me pointed in the right direction to troubleshooting this one account? I have done /checked the following: - permissions for this and other accounts all look well - checked user quota, well under limit - tried creating a new account, pops OK - re-assigned a password more times than is reasonable, both via vpasswd and vmoduser (crypted and unencrypted) - rebuilt passwd.cdb using - restarted qmail - checked logs, nothing I can see beyond the password fail message in maillog. On manual inspection the Maildir queues seem normal. I am assuming that the problem is with vpopmail/vchkpw and not with qmail itself. But any and all pointers are welcome. Thanks in advance, John Berliner Live Oak School
Re: [vchkpw] vchkpw authentication fails
On Nov 29, 2004, at 6:33 PM, John Berliner wrote: I am a web and application developer who has inherited sysadmin duties for our school's servers. Thus I'm basically a novice. I have scoured the web and mailing lists for clues to solving my problem here, but no luck. So here goes: Our mail services are all working fine, with the exception of a single user (the heaviest mail user, by far) who has previously had intermittent issues with POPping mail. Now it very rarely succeeds -- and currently, does not succeed at all -- in picking up mail. Using any POP client, we get authentication errors (vchkpw: password fail in maillog). We are running vpopmail 5.2.1 + qmail 1.03 on a FreeBSD 4.6 server. No imap. No inetd/ xinetd, just tcpserver + daemontools... In the kernel, is UFS_DIRHASH enabled, or whatever the option is? This caused a lot of trouble on another server i admin, where it would be so slow, that at times login sporadically failed. It is enabled by default, and it would be stupid to have been removed, but you never know. If anything see if it is possible to at least upgrade to the last 4.10 version, as there have been a lot of overall improvements (This is off topic BTW) Thanks in advance, John Berliner Live Oak School Also, when you manually auth using pop3: telnet localhost 110 user username pass password list What is the output? (Please truncate, if the user has a ton of emails, we don't need the entire list) Or does it die saying can't scan maildir? Does this only happen for his account, and have you tried to mv the Maildir,and then /var/qmail/bin/maildirmake Maildir in the same dir, then chowning it to the right user and then trying to login again to see if it succeeds then? X-Istence
Re: [vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
On Wed, November 24, 2004 9:32 pm, Casey Allen Shobe said: Upon restarting services, I've found that bincimap authenticates okay, and qmail-send delivers mail... However qmail-smtpd cannot authenticate And neither qmailadmin. So imap and mail delivery work, but qmailadmin and smtp auth don't. What gives? -- Casey Allen Shobe [EMAIL PROTECTED]
Re: [vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
On Nov 25, 2004, at 5:06 AM, Casey Allen Shobe wrote: On Wed, November 24, 2004 9:32 pm, Casey Allen Shobe said: Upon restarting services, I've found that bincimap authenticates okay, and qmail-send delivers mail... However qmail-smtpd cannot authenticate And neither qmailadmin. So imap and mail delivery work, but qmailadmin and smtp auth don't. What gives? What are the permissions on qmailadmin? -rwsr-sr-x1 vpopmail vchkpw 438385 Aug 26 09:53 qmailadmin And what does your qmail-smtpd run file look like? Did you fix the UID/GID in the /etc/passwd file? Are you sure your qmail-smtpd is running as user vpopmail (with the correct uid/gid)? -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
On Thu, November 25, 2004 9:50 am, Tom Collins said: What are the permissions on qmailadmin? -rwsr-sr-x1 vpopmail vchkpw 438385 Aug 26 09:53 qmailadmin Mine was not ug+s, but that would not have changed. I went ahead and chmoded it so that it looked identical to yours, however logins still failed. And what does your qmail-smtpd run file look like? It's the stock run file that comes with Gentoo's build of QMail, with a change out of /bin/checkpassword for /var/vpopmail/bin/vchkpw. After variable substitution, it boils down to this: exec /usr/bin/softlimit -m 800 /usr/bin/tcpserver -p -v -R -x /etc/tcprules.d/tcp.qmail-smtpd -c 40 -u `id -u qmaild` -g `id -g qmaild` 0.0.0.0 smtp rblsmtpd -r relays.ordb.org -r bl.spamcop.net -r dnsbl.sorbs.net -r sbl-xbl.spamhaus.org /var/qmail/bin/qmail-smtpd midgard.osss.net /var/vpopmail/bin/vchkpw /bin/true 21 I don't believe there is anything wrong with that file because it worked fine before with vchkpw, and works fine now with checkpassword, just not vchkpw. Did you fix the UID/GID in the /etc/passwd file? Of course. Like I said, qmail-send is currently delivering mail fine, and I can access the mail fine via bincimap...the former depends on vpopmail working, and the latter uses vchkpw... I've also found I can run vchangepw and change a password fine, but I still cannot log in to smtp or qmailadmin as that user. Are you sure your qmail-smtpd is running as user vpopmail (with the correct uid/gid)? Why would it? From the above run file, it appears to run as qmaild:qmaild (201:200) - this has never changed, it was the same when it was working fine yesterday. It is delivering mail to vpopmail users sent in via regular SMTP perfectly...it's just started rejecting SMTP AUTH connections which users of my system use via TLS to relay. Cheers, -- Casey Allen Shobe [EMAIL PROTECTED]
Re: [vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
On Nov 24, 2004, at 9:32 PM, Casey Allen Shobe wrote: find / -group 1004 -print0 | xargs -0 chown 89 I assume you meant chgrp 89. I don't know how a typical Gentoo install handles ownership. On my install, qmail-smtpd runs as the vpopmail user. If qmail-smtpd can't run vhckpw, it can't authenticate. I'd look into why that might be the case. What is the ownership of the files/directories in /home/vpopmail? -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
On Thu, November 25, 2004 11:38 am, Tom Collins said: On Nov 24, 2004, at 9:32 PM, Casey Allen Shobe wrote: find / -group 1004 -print0 | xargs -0 chown 89 I assume you meant chgrp 89. You are correct, I typoed when typing the email, not the actual command. To verify, I have ensure that there is nothing owned by UID 1004 or GID 1004 on the entire system. If qmail-smtpd can't run vhckpw, it can't authenticate. I'd look into why that might be the case. I temporarily changed qmaild's shell to /bin/bash, su - qmaild'd, and successfully executed vchkpw: $ vchkpw vchkpw-pop3: vchkpw is only for talking with qmail-popup and qmail-pop3d. It is not for runnning on the command line. What is the ownership of the files/directories in /home/vpopmail? # ls -l /var/vpopmail/ (~vpopmail == /var/vpopmail on gentoo) drwxr-xr-x 2 root root 784 Nov 25 07:18 bin/ lrwxrwxrwx 1 root root 33 Nov 25 07:18 doc - /usr/share/doc/vpopmail-5.4.6-r1/ drwxr-xr-x 5 vpopmail vpopmail 352 Nov 25 14:44 domains/ drwxr-xr-x 3 root root 184 Nov 23 07:34 etc/ drwxr-xr-x 2 root root 200 Nov 25 07:18 include/ drwxr-xr-x 2 vpopmail vpopmail 80 Nov 25 07:18 lib/ And before you ask, vpopmail is the normal name for the group on the gentoo install, as opposed to the more traditional vchkpw. I'm 90% sure that permissions and ownerships aren't the problem here, because all I did was a specific chown which I reversed exactly. I have a feeling that there's a UID tucked away in a file someplace. How can we enable debug logging for vchkpw or something to give an insight? Cheers, -- Casey Allen Shobe [EMAIL PROTECTED]
Re: [vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
On Thu, November 25, 2004 11:02 am, Casey Allen Shobe said: On Thu, November 25, 2004 9:50 am, Tom Collins said: What are the permissions on qmailadmin? -rwsr-sr-x1 vpopmail vchkpw 438385 Aug 26 09:53 qmailadmin Mine was not ug+s, but that would not have changed. I went ahead and chmoded it so that it looked identical to yours, however logins still failed. WHOOPS, turns out I was completely wrong here. I tried chmod ug+s on the main copy of qmail admin, but as it happened, I'd copied that file into my web root, rather than symlinked. So I tried ug+s on the correct copy, and it works. I then tried a manual chown 1004:1004 on the file, and saw that the +s attributes were removed (not what I would have thought)! So, long story short, qmailadmin is now working again, it's just smtp auth that's not working now. I'll keep digging...thanks for all your advice so far, -- Casey Allen Shobe [EMAIL PROTECTED]
Re: [vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
Hi, At 11:02 25.11.04 -0800, Casey Allen Shobe wrote: On Thu, November 25, 2004 9:50 am, Tom Collins said: What are the permissions on qmailadmin? -rwsr-sr-x1 vpopmail vchkpw 438385 Aug 26 09:53 qmailadmin Mine was not ug+s, but that would not have changed. I went ahead and chmoded it so that it looked identical to yours, however logins still failed. And what does your qmail-smtpd run file look like? It's the stock run file that comes with Gentoo's build of QMail, with a change out of /bin/checkpassword for /var/vpopmail/bin/vchkpw. After variable substitution, it boils down to this: exec /usr/bin/softlimit -m 800 /usr/bin/tcpserver -p -v -R -x /etc/tcprules.d/tcp.qmail-smtpd -c 40 -u `id -u qmaild` -g `id -g qmaild` 0.0.0.0 smtp rblsmtpd -r relays.ordb.org -r bl.spamcop.net -r dnsbl.sorbs.net -r sbl-xbl.spamhaus.org /var/qmail/bin/qmail-smtpd midgard.osss.net /var/vpopmail/bin/vchkpw /bin/true 21 with the standard SMTP-Auth patch (I don't know which is included in your Gentoo patch) you don't need the hostname in the call of the PAM. Check man qmail-smtpd and read my http://www.fehcom.de/qmail/smtpauth.html regards. --eh. Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/ Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24
Re: [vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
On Thu, November 25, 2004 1:33 pm, Erwin Hoffmann said: with the standard SMTP-Auth patch (I don't know which is included in your Gentoo patch) you don't need the hostname in the call of the PAM. Check man qmail-smtpd and read my http://www.fehcom.de/qmail/smtpauth.html Heavy reading..poked around a bit more, but... * The run file has not changed since it was working. * The run file works if I replace vchkpw with checkpassword. So...I'm going to assume, rather than spending too much time looking at all the patches Gentoo applies, that the run file is acceptable. It's not the same as the standard one I applied to my own build before, as it only works after STARTTLS and some other things... Especially with the indication that it's a permissions problem (as it was in the case of qmailadmin). I found that when I execute the following as the qmaild user: printf [EMAIL PROTECTED] | /var/vpopmail/bin/vchkpw /bin/id 30 With the binary owned by root and not SUID, I get no response. With the binary owned by vpopmail and SUID, I get no response. With the binary owned by root and SUID, I get: uid=89(vpopmail) gid=89(vpopmail) groups=200(nofiles) I still haven't got smtp auth working with vchkpw yet, though... -- Casey Allen Shobe [EMAIL PROTECTED]
Re: [vchkpw] Authentication failure [RESOLVED]
On Thu, November 25, 2004 1:08 pm, Casey Allen Shobe said: I'll keep digging... Aha, seems that once vchkpw was SUID root, and qmail-smtpd was restarted, everything worked grand. The core of my problem here was that I did not realize chown would remove SUID/SGID bits, and learned the really hard way. Well, all's well that ends well, and I'll not soon forget this lesson. On the bright side, every sort of problem like this becomes a wonderful opportunity to learn much more about the product you're using :-). Thanks for the assistance and advice, especially Tom whose advice proved invaluable! -- Casey Allen Shobe, the Ready-For-Sleep-Now Postmaster [EMAIL PROTECTED]
[vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
Hi guys, I had qmail-smtp/smtpauth (standard Gentoo install) working fine with vchkpw previously. I then decided that I needed to change the user ID for vpopmail to get a suexec script working as the vpopmail user... So I stopped qmail, changed the UID and GID from 89 to 1004, and did: find / -user 89 -print0 | xargs -0 chown 1004 find / -group 89 -print0 | xargs -0 chgrp 1004 This had catastrophic effects after services were restarted. Nothing that used vchkpw could authenticate, including qmail-send, qmail-smtpd, and bincimap. I struggled for a while to figure out why, but couldn't find any logical explanation. So in desperation, I again stopped all running services, changed the passwd and group files back, and did: find / -user 1004 -print0 | xargs -0 chown 89 find / -group 1004 -print0 | xargs -0 chown 89 Upon restarting services, I've found that bincimap authenticates okay, and qmail-send delivers mail (a huge improvement). However qmail-smtpd cannot authenticate, and any time I try to send mail I get the oops, unable to write to pipe and I can't auth error. If I change the password program from /var/vpopmail/bin/vchkpw back to /bin/checkpassword, I can authenticate and send mail fine, but this is not acceptable in the long-term as most of my mail users do not have machine accounts. Could anyone advise me as to what might be going wrong here? Your help is greatly appreciated! -- Casey Allen Shobe [EMAIL PROTECTED]
[vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
Hi guys, I had qmail-smtp/smtpauth (standard Gentoo install) working fine with vchkpw previously. I then decided that I needed to change the user ID for vpopmail to get a suexec script working as the vpopmail user... So I stopped qmail, changed the UID and GID from 89 to 1004, and did: find / -user 89 -print0 | xargs -0 chown 1004 find / -group 89 -print0 | xargs -0 chgrp 1004 This had catastrophic effects after services were restarted. Nothing that used vchkpw could authenticate, including qmail-send, qmail-smtpd, and bincimap. I struggled for a while to figure out why, but couldn't find any logical explanation. So in desperation, I again stopped all running services, changed the passwd and group files back, and did: find / -user 1004 -print0 | xargs -0 chown 89 find / -group 1004 -print0 | xargs -0 chown 89 Upon restarting services, I've found that bincimap authenticates okay, and qmail-send delivers mail (a huge improvement). However qmail-smtpd cannot authenticate, and any time I try to send mail I get the oops, unable to write to pipe and I can't auth error. If I change the password program from /var/vpopmail/bin/vchkpw back to /bin/checkpassword, I can authenticate and send mail fine, but this is not acceptable in the long-term as most of my mail users do not have machine accounts. Could anyone advise me as to what might be going wrong here? Your help is greatly appreciated! -- Casey Allen Shobe [EMAIL PROTECTED]
Re: [vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
On Nov 24, 2004, at 8:33 PM, Casey Allen Shobe wrote: Could anyone advise me as to what might be going wrong here? Your help is greatly appreciated! Go through /var/qmail/users/assign and update the user and group of every entry to match the new user/group for vpopmail. Run qmail-newu so it rebuilds the users/cdb file. Go into your vpopmail source directory and rebuild vpopmail. It would be best to make clean and re-run configure with the same options as you previously did. In a pinch, you can edit VPOPMAILUID and VPOPMAILGID in config.h and just re-compile. Install vpopmail, and rebuild qmailadmin as well (so it links the new vpopmail libraries). You said you were using binc-imap, so you won't need to recompile it. If you were using Courier-IMAP, you'd have to recompile it as well (since it links libvpopmail). That should cover it! -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] Authentication failure with qmail-smtpd +auth and vchkpw
On Wed, November 24, 2004 10:20 pm, Tom Collins said: Go through /var/qmail/users/assign and update the user and group of every entry to match the new user/group for vpopmail. Run qmail-newu so it rebuilds the users/cdb file. This looks fine. All uids and gids are 89, which is what I changed vpopmail back to after changing to 1004 failed. Go into your vpopmail source directory and rebuild vpopmail. It would be best to make clean and re-run configure with the same options as you previously did. Did this already. Qmail as well. That should cover it! Unfortunately not. It's good advice (especially the bit about qmail users) in case I try to change UIDs again, but the need for the suexec cgi isn't that great, and the results are horrible, so I doubt I'll ever try again. I just want to get vchkpw working with qmail-smtpd again... Cheers, -- Casey Allen Shobe [EMAIL PROTECTED]
Re: [vchkpw] Authentication Problem/Login problem
Hi, Vlad Soutyrine wrote: I saw reply to you from somebody else to use full address as login name. That is correct, did that help? That did the trick on that server! I wounder why I haven't thought of that before. Then again its the small pices that make the wheel turn, sometimes. If that was not the problem, you may also run courier with environment variable set DEBUG_LOGIN=2 This will enable more messages in /var/log/maillog during authentication and this may give you an idea. You mean I can set it in one of the files in /usr/local/etc/courier-imap/ named: imapd, imapd.dist, pop3d or pop3d.dist But there are no way to do it for imapd-ssl, then again I can test it with imapd (No ssl via port 143). Then the problem should be about the same for imapd as well as with imapd-ssl. Or am I out on to deep water? -Original Message- From: Mattias Björk [mailto:[EMAIL PROTECTED] Sent: Monday, August 09, 2004 6:57 PM To: [EMAIL PROTECTED] Subject: Re: [vchkpw] Authentication Problem/Login problem Hi, Vlad Soutyrine wrote: I had problems as well, first I made sure that vpopmail itself works fine. Try to change password of a user with vpasswd, for example, to see if you get any error messages. No problem here: mail# ./vpasswd [EMAIL PROTECTED] Please enter password for [EMAIL PROTECTED]: enter password again: mail# vadddomain, vadduser - no errors for troublesome domain? Added a new user: mail# ./vadduser [EMAIL PROTECTED] Please enter password for [EMAIL PROTECTED]: enter password again: mail# Added a new virtaldomain: mail# ./vadddomain webmail.birch.se Please enter password for postmaster: enter password again: mail# Also, /var/qmail/users/assign should have a line properly formatted for each domain. This line gets inserted automatically when using vadddomain. Something like: cat /var/qmail/users/assign mail# cat assign +mail.birch.se-:mail.birch.se:89:89:/usr/local/vpopmail/domains/mail.birch.s e:-:: +webmail.birch.se-:webmail.birch.se:89:89:/usr/local/vpopmail/domains/webmai l.birch.se:-:: . mail# id vpopmail uid=89(vpopmail) gid=89(vchkpw) groups=89(vchkpw) mail# There could be a variety of things on how you ran configure for courier also, but I would first make sure that simple stuff above is ok. It seems okey so far? -Original Message- From: Mattias Björk [mailto:[EMAIL PROTECTED] Sent: Monday, August 09, 2004 5:28 PM To: [EMAIL PROTECTED] Subject: [vchkpw] Authentication Problem/Login problem Hi, I have setup qmail with vpopmail+courier-imap and are using a virtual domain. Its named mail.birch.se. Im running it on FreeBSD 5.2.1. I have used this guide to accomplish this: http://www.stevenfettig.com/mythoughts/archives/cat_qmail.php; (Qmail HOWTO 1 thru chapter 3.) I have also read some of the comments and did the change of AUTHMODULES=authvchkpw in /usr/local/etc/courier-imap/authdaemonrc from AUTHMODULES=authdaemon. And my /var/qmail/control/virtualdomains does have this line: mail.birch.se:mail.birch.se Im using thunderbird as my MUA. My user name is kladd Almost everything works fine, I can auth/login via imap-ssl and all. I get the certificate and accept it. However when I look in /var/log/maillog it says: Aug 10 01:50:18 mail imapd-ssl: LOGIN FAILED, ip=[:::192.168.10.201] Aug 10 01:50:18 mail imapd-ssl: LOGOUT, ip=[:::192.168.10.201] (There are more but just the same thing but other date/time stamps) And I can't see/list my mails, And If I send a mail to my self, with the option Place mail in sent folder set. I get an error message saying that it can't do it. I have tried to change the password several times but that does not seem to make any diffrance. I have listed and there are the mail that I have sent to my self in /usr/local/vpopmail/domains/mail.birch.se/kladd/Maildir/new I hope have not forgotten to do something, I can't think of anything that I have forgotten. Perhaps I have missed something but I have also checked the logs in /var/log. I have checked /var/messages and /var/log/qmail/current with tail -f. And there is not more that I can think of that is wrong. Does anybody have a clue on what might be wrong? This has something to do with the auth. I don't know but it might be something to with the open_relay fix/addon in the guide as well. Mvh Mattias Björk Thank you very mutch for the fast reply Mvh Mattias Björk Thanks for the help! Mvh Mattias Björk
Re: [vchkpw] Authentication Problem/Login problem
Hi, Tom Collins wrote: On Aug 9, 2004, at 5:28 PM, Mattias Björk wrote: Im using thunderbird as my MUA. My user name is kladd Try using the full email address as the user name. It did the trick to use the hole email address. I don't know why I haven't thought of that earlier, I would have saved a lot of headache. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/ Thanks for the help. Mvh Mattias Björk
[vchkpw] Authentication Problem/Login problem
Hi, I have setup qmail with vpopmail+courier-imap and are using a virtual domain. Its named mail.birch.se. Im running it on FreeBSD 5.2.1. I have used this guide to accomplish this: http://www.stevenfettig.com/mythoughts/archives/cat_qmail.php; (Qmail HOWTO 1 thru chapter 3.) I have also read some of the comments and did the change of AUTHMODULES=authvchkpw in /usr/local/etc/courier-imap/authdaemonrc from AUTHMODULES=authdaemon. And my /var/qmail/control/virtualdomains does have this line: mail.birch.se:mail.birch.se Im using thunderbird as my MUA. My user name is kladd Almost everything works fine, I can auth/login via imap-ssl and all. I get the certificate and accept it. However when I look in /var/log/maillog it says: Aug 10 01:50:18 mail imapd-ssl: LOGIN FAILED, ip=[:::192.168.10.201] Aug 10 01:50:18 mail imapd-ssl: LOGOUT, ip=[:::192.168.10.201] (There are more but just the same thing but other date/time stamps) And I can't see/list my mails, And If I send a mail to my self, with the option Place mail in sent folder set. I get an error message saying that it can't do it. I have tried to change the password several times but that does not seem to make any diffrance. I have listed and there are the mail that I have sent to my self in /usr/local/vpopmail/domains/mail.birch.se/kladd/Maildir/new I hope have not forgotten to do something, I can't think of anything that I have forgotten. Perhaps I have missed something but I have also checked the logs in /var/log. I have checked /var/messages and /var/log/qmail/current with tail -f. And there is not more that I can think of that is wrong. Does anybody have a clue on what might be wrong? This has something to do with the auth. I don't know but it might be something to with the open_relay fix/addon in the guide as well. Mvh Mattias Björk
Re: [vchkpw] Authentication Problem/Login problem
Hi, Vlad Soutyrine wrote: I had problems as well, first I made sure that vpopmail itself works fine. Try to change password of a user with vpasswd, for example, to see if you get any error messages. No problem here: mail# ./vpasswd [EMAIL PROTECTED] Please enter password for [EMAIL PROTECTED]: enter password again: mail# vadddomain, vadduser - no errors for troublesome domain? Added a new user: mail# ./vadduser [EMAIL PROTECTED] Please enter password for [EMAIL PROTECTED]: enter password again: mail# Added a new virtaldomain: mail# ./vadddomain webmail.birch.se Please enter password for postmaster: enter password again: mail# Also, /var/qmail/users/assign should have a line properly formatted for each domain. This line gets inserted automatically when using vadddomain. Something like: cat /var/qmail/users/assign mail# cat assign +mail.birch.se-:mail.birch.se:89:89:/usr/local/vpopmail/domains/mail.birch.se:-:: +webmail.birch.se-:webmail.birch.se:89:89:/usr/local/vpopmail/domains/webmail.birch.se:-:: . mail# id vpopmail uid=89(vpopmail) gid=89(vchkpw) groups=89(vchkpw) mail# There could be a variety of things on how you ran configure for courier also, but I would first make sure that simple stuff above is ok. It seems okey so far? -Original Message- From: Mattias Björk [mailto:[EMAIL PROTECTED] Sent: Monday, August 09, 2004 5:28 PM To: [EMAIL PROTECTED] Subject: [vchkpw] Authentication Problem/Login problem Hi, I have setup qmail with vpopmail+courier-imap and are using a virtual domain. Its named mail.birch.se. Im running it on FreeBSD 5.2.1. I have used this guide to accomplish this: http://www.stevenfettig.com/mythoughts/archives/cat_qmail.php; (Qmail HOWTO 1 thru chapter 3.) I have also read some of the comments and did the change of AUTHMODULES=authvchkpw in /usr/local/etc/courier-imap/authdaemonrc from AUTHMODULES=authdaemon. And my /var/qmail/control/virtualdomains does have this line: mail.birch.se:mail.birch.se Im using thunderbird as my MUA. My user name is kladd Almost everything works fine, I can auth/login via imap-ssl and all. I get the certificate and accept it. However when I look in /var/log/maillog it says: Aug 10 01:50:18 mail imapd-ssl: LOGIN FAILED, ip=[:::192.168.10.201] Aug 10 01:50:18 mail imapd-ssl: LOGOUT, ip=[:::192.168.10.201] (There are more but just the same thing but other date/time stamps) And I can't see/list my mails, And If I send a mail to my self, with the option Place mail in sent folder set. I get an error message saying that it can't do it. I have tried to change the password several times but that does not seem to make any diffrance. I have listed and there are the mail that I have sent to my self in /usr/local/vpopmail/domains/mail.birch.se/kladd/Maildir/new I hope have not forgotten to do something, I can't think of anything that I have forgotten. Perhaps I have missed something but I have also checked the logs in /var/log. I have checked /var/messages and /var/log/qmail/current with tail -f. And there is not more that I can think of that is wrong. Does anybody have a clue on what might be wrong? This has something to do with the auth. I don't know but it might be something to with the open_relay fix/addon in the guide as well. Mvh Mattias Björk Thank you very mutch for the fast reply Mvh Mattias Björk
Re: [vchkpw] Authentication Problem/Login problem
On Aug 9, 2004, at 5:28 PM, Mattias Björk wrote: Im using thunderbird as my MUA. My user name is kladd Try using the full email address as the user name. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
[vchkpw] authentication failure
Hi, I am trying to authenticate against /etc/passwd as well as my regular vpasswd.cdb files. While the latter one is working, the /etc/passwd part is not. My ./configure line was, # ./configure --enable-tcpserver-file=/service/smtpd/tcp --enable-passwd=y --enable-roaming-users=y --enable-relay-clear-minutes=15 --enable-clear-passwd=y # make # make install-strip I start pop3 server as, tcpserver -vHRl 0 0 110 /var/qmail/bin/qmail-popup designs.local /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir Still when I do $ telnet 127.0.0.1 110 Trying 127.0.0.1... Connected to localhost (127.0.0.1). Escape character is '^]'. +OK [EMAIL PROTECTED] user payal +OK pass xxx -ERR authorization failed Connection closed by foreign host. What must be wrong? With warm regards, -Payal
Re: [vchkpw] Authentication
i installed qmail using lwq and configured the domain name as eriva.erivaind.com then i created a virtual domain with vpopmail as erivaind.com and added 2 users anu and puneet using qmailadmin. i configured outlook express in one of the client pcs. with pop and smtp servers as 192.168.1.9(the ip address of the pc in which the server is installed) the pop authentication is working well. from the outlook express configured at the client pc, i am able to check for the incoming messages but not able to send messages. The message i m getting is: Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Account: '192..168.1.9', Server: '192.168.1.9', Protocol: SMTP, Port: 25, Secure(SSL): No, Error Number: 0x800CCC0F --- when i tried telnet to the local host as follows, i get the following message. - [EMAIL PROTECTED] root]# telnet 192.168.1.9 25 Trying 192.168.1.9... Connected to 192.168.1.9. Escape character is '^]'. 220 eriva.erivaind.com ESMTP user [EMAIL PROTECTED] 502 unimplemented (#5.5.1) - any idea what has gone wrong ? regards, Anu
Re: [vchkpw] Authentication
Dear Anu, Try to send mail using these email ids through Webmail. send the result. Manish Jain (Network Administrator) C-DAC (Ministry of Comm. IT) Anusandhan Bhawan C-56/1, Sec-62, Noida - 201307 Ph91 120 2402563 (Direct) 91 120 2402551-60 (Ext-718) FAX 91 120 2402569 - Original Message - From: Anuradha Kalyan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, June 29, 2004 4:28 PM Subject: Re: [vchkpw] Authentication i installed qmail using lwq and configured the domain name as eriva.erivaind.com then i created a virtual domain with vpopmail as erivaind.com and added 2 users anu and puneet using qmailadmin. i configured outlook express in one of the client pcs. with pop and smtp servers as 192.168.1.9(the ip address of the pc in which the server is installed) the pop authentication is working well. from the outlook express configured at the client pc, i am able to check for the incoming messages but not able to send messages. The message i m getting is: Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Account: '192..168.1.9', Server: '192.168.1.9', Protocol: SMTP, Port: 25, Secure(SSL): No, Error Number: 0x800CCC0F --- when i tried telnet to the local host as follows, i get the following message. - [EMAIL PROTECTED] root]# telnet 192.168.1.9 25 Trying 192.168.1.9... Connected to 192.168.1.9. Escape character is '^]'. 220 eriva.erivaind.com ESMTP user [EMAIL PROTECTED] 502 unimplemented (#5.5.1) - any idea what has gone wrong ? regards, Anu
Re: [vchkpw] Authentication
On Jun 29, 2004, at 3:58 AM, Anuradha Kalyan wrote: when i tried telnet to the local host as follows, i get the following message. - [EMAIL PROTECTED] root]# telnet 192.168.1.9 25 Trying 192.168.1.9... Connected to 192.168.1.9. Escape character is '^]'. 220 eriva.erivaind.com ESMTP user [EMAIL PROTECTED] 502 unimplemented (#5.5.1) - any idea what has gone wrong ? That's not the way to do SMTP AUTH. Check out this very useful tutorial by Erwin Hoffmann, which includes instructions on testing an SMTP AUTH setup. http://www.fehcom.de/qmail/smtpauth.html Does LWQ include SMTP AUTH patches to qmail-smtpd? Stock qmail doesn't include that feature. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] Authentication
On Tuesday 29 June 2004 11:01 am, Tom Collins wrote: Does LWQ include SMTP AUTH patches to qmail-smtpd? Stock qmail doesn't include that feature. no, it uses netqmail-1.05 -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
RE: [vchkpw] Authentication
unsubscribe -Original Message- From: Charles M. Gerungan [mailto:[EMAIL PROTECTED] Sent: Friday, June 25, 2004 4:48 AM To: Anuradha Kalyan on the vchkpw list Subject: Re: [vchkpw] Authentication Hello Anuradha, On Fri, 25 Jun 2004 03:21:28 -0700 UTC, Anuradha Kalyan wrote: AK where do u think the authorization is not happening. What program are you using to authenticate? If you're using vpopmail, you should use vchkpw. Check your run script for your pop3 daemon. -- Regards, Charles.
Re: [vchkpw] Authentication
On Sunday 27 June 2004 02:36 pm, Nick wrote: unsubscribe Since your message did not contain any content relevant to the thread/post you replied to and merely contained the word 'unsubscribe', I will assume you are attempting to unsubscribe from this mailing list. If you read the headers of every message sent to you by the mailing list, you will quickly realize how to unsubscribe, get help, email the owner, etc. Also, all of this information was sent to you when you subscribed to the list, if you kept the welcome message you received when confirming your subscription request. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
[vchkpw] Authentication
hello everyone, i am a newbie to linux and to qmail . i installed qmail+ vpopmail+qmailadmin + ezmlm i added users throught the qmailadmin web interface. but there is a problem with the authentication. could anyopne help. i could use telnet but authentication is a problem. this is what happens [EMAIL PROTECTED] host root] telnet 192.168.1.9 110 Trying 192.168.1.9 Connected to 192.168.1.9 Escape character is '^]'. +ok [EMAIL PROTECTED] user dharini +ok pass dharu -ERR authorization failed Connection closed by foreign host. let me know how to sort this out. thanks , Anu
Re: [vchkpw] Authentication
Hello Anuradha, On Fri, 25 Jun 2004 02:56:51 -0700 UTC, Anuradha Kalyan wrote: AK i added users throught the qmailadmin web interface. So they're virtual. AK user dharini Try: USER [EMAIL PROTECTED] -- Regards, Charles.
Re: [vchkpw] Authentication
thanks charles, but i am still not able to sort the problem. i tried [EMAIL PROTECTED] the virtual domain created is erivaind.com. where do u think the authorization is not happening. thanks, Anuradha -- Original Message -- From: Charles M. Gerungan [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 25 Jun 2004 12:15:08 +0200 Hello Anuradha, On Fri, 25 Jun 2004 02:56:51 -0700 UTC, Anuradha Kalyan wrote: AK i added users throught the qmailadmin web interface. So they're virtual. AK user dharini Try: USER [EMAIL PROTECTED] -- Regards, Charles.
Re: [vchkpw] Authentication
Hello Anuradha, On Fri, 25 Jun 2004 03:21:28 -0700 UTC, Anuradha Kalyan wrote: AK where do u think the authorization is not happening. What program are you using to authenticate? If you're using vpopmail, you should use vchkpw. Check your run script for your pop3 daemon. -- Regards, Charles.
[vchkpw] Authentication and vpopmail
Hey, everyone I am using netqmail 1.05, vpopmail 5.4.0 and latest courier-imap. My problem is that when I authenticate through outlook via IMAP, my ip is recognized as imap and is written to open-smtp as imap, thus I cannot send any mail through my smtp. How can that problem be solved? Thanks!
Re: [vchkpw] Authentication and vpopmail
- Original Message - From: Vitaliy Sholokhov [EMAIL PROTECTED] Hey, everyone I am using netqmail 1.05, vpopmail 5.4.0 and latest courier-imap. My problem is that when I authenticate through outlook via IMAP, my ip is recognized as imap and is written to open-smtp as imap, thus I cannot send any mail through my smtp. How can that problem be solved? To have imap-before-smtp support, you need to configure courier-imap --with-authdaemon Michael.
Re: [vchkpw] Authentication and vpopmail
but will I still be able to authenticate via vpopmail and recieve mail through imap on all of my virtual domains? quote who=Michael Bowe - Original Message - From: Vitaliy Sholokhov [EMAIL PROTECTED] Hey, everyone I am using netqmail 1.05, vpopmail 5.4.0 and latest courier-imap. My problem is that when I authenticate through outlook via IMAP, my ip is recognized as imap and is written to open-smtp as imap, thus I cannot send any mail through my smtp. How can that problem be solved? To have imap-before-smtp support, you need to configure courier-imap --with-authdaemon Michael.
Re: [vchkpw] Authentication and vpopmail
Vitaliy Sholokhov wrote: but will I still be able to authenticate via vpopmail and recieve mail through imap on all of my virtual domains? quote who="Michael Bowe" - Original Message - From: "Vitaliy Sholokhov" [EMAIL PROTECTED] Hey, everyone I am using netqmail 1.05, vpopmail 5.4.0 and latest courier-imap. My problem is that when I authenticate through outlook via IMAP, my ip is recognized as "imap" and is written to open-smtp as "imap", thus I cannot send any mail through my smtp. How can that problem be solved? To have imap-before-smtp support, you need to configure courier-imap --with-authdaemon Michael. You might need to change your daemontools run file to something like: #!/bin/sh exec /command/envdir /var/qmail/supervise/imapd/env \ /usr/local/bin/tcpserver -v -R -H -l FQDN 0 143 \ /usr/lib/courier-imap/sbin/imaplogin \ /usr/lib/courier-imap/libexec/authlib/authvchkpw \ /usr/lib/courier-imap/bin/imapd Maildir 21 I'm sure there are more ways to do it, but this works for me. -Patrick
[vchkpw] Authentication problems.
I am having problems authenticating system users. I have used the --enable-passwd flag to enable it. However, I am still seeing this in the mail log: vchkpw-pop3: vpopmail user not found bm@:ip address vchkpw-pop3: vpopmail user not found [EMAIL PROTECTED]:ip address vchkpw-pop3: vpopmail user not found [EMAIL PROTECTED]:ip address I have no problem authenticating the virtual user accounts. Here is my configure options of vpopmail: vpopmail 5.4.0 Current settings --- vpopmail directory = /home/vpopmail uid = 1004 gid = 1004 roaming users = OFF --disable-roaming-users (default) password learning = OFF --disable-learn-passwords (default) md5 passwords = ON --enable-md5-passwords (default) file locking = ON --enable-file-locking (default) vdelivermail fsync = OFF --disable-file-sync (default) make seekable = ON --enable-make-seekable (default) clear passwd = ON --enable-clear-passwd (default) user dir hashing = ON --enable-users-big-dir (default) address extensions = OFF --disable-qmail-ext (default) ip alias = OFF --disable-ip-alias-domains (default) domain quotas = OFF --disable-domainquotas (default) auth module = cdb --enable-auth-module=cdb (default) auth inc = -Icdb auth lib = system passwords = ON --enable-passwd pop syslog = show failed attempts with clear text password --enable-logging=p auth logging = ON --enable-auth-logging (default) - Brian Malia, Systems Engineer Phone: 800.656.GWIS or 330.656.5511 GWIS Internet Solutions Fax: 330.656.5440 Web site: http://www.gwis.com E-mail: [EMAIL PROTECTED] E-Commerce Business Web Hosting, Fast DSL, ISDN, Leased Line!
Re: [vchkpw] Authentication failed..
On Wednesday, August 6, 2003, at 01:38 PM, Doug Clements wrote: Yet again, the problem is with vpopmail. Solution: Fix vpopmail. This was fixed around release 5.3.5 (according to Michael Bowe's research), and vpopmail 5.3.20 and later should work fine with authdaemon. If it doesn't, then we need more information as to when it fails. Michael is working on a 5.2.2 release that backports major bugfixes from the 5.3 series. We hope to have a 5.4 release (i.e., a stable 5.3 release) of vpopmail ready by the end of August. -- Tom Collins [EMAIL PROTECTED] http://sniffter.com/ - info on the Sniffter hand-held Network Tester
Re: [vchkpw] Authentication failed..
On Wed, Aug 06, 2003 at 02:15:20PM -0700, Tom Collins wrote: On Wednesday, August 6, 2003, at 01:38 PM, Doug Clements wrote: Yet again, the problem is with vpopmail. Solution: Fix vpopmail. This was fixed around release 5.3.5 (according to Michael Bowe's research), and vpopmail 5.3.20 and later should work fine with authdaemon. If it doesn't, then we need more information as to when it fails. Michael is working on a 5.2.2 release that backports major bugfixes from the 5.3 series. We hope to have a 5.4 release (i.e., a stable 5.3 release) of vpopmail ready by the end of August. Hooray! I'm definately looking forward to being able use authdaemon. Thanks for the reply. --Doug
Re: [vchkpw] Authentication failed..
On Tue, Jul 29, 2003 at 01:55:48PM -0400, Ajai Khattri wrote: [EMAIL PROTECTED] wrote: Hi, I have an qmail/vpopmail/courierimap/sqwebmail-server. And, I have a problem.. I?m not really sure if it is about the vchkpw -program, but that?s my guess The problem is, that if I start the imapserver, and/or the sqwebmailserver, the first minutes I can log in without any problems, or let?s say, the first time. But, when I try to login in again, with the same account or with another, authentication fails.. Whery strange. I uses plain-password style for authdaemond.plain for imap. For the local users /etc/passwd the problem inly apears sometimes. I think this problem is with authdaemond? Solution: Do not use authdaemond. Yet again, the problem is with vpopmail. Solution: Fix vpopmail. --Doug
[vchkpw] Authentication failed..
Hi, I have an qmail/vpopmail/courierimap/sqwebmail-server. And, I have a problem.. I´m not really sure if it is about the vchkpw -program, but that´s my guess The problem is, that if I start the imapserver, and/or the sqwebmailserver, the first minutes I can log in without any problems, or let´s say, the first time. But, when I try to login in again, with the same account or with another, authentication fails.. Whery strange. I uses plain-password style for authdaemond.plain for imap. For the local users /etc/passwd the problem inly apears sometimes. Please, help me! And, sorry for my bad english ;)
Re: [vchkpw] Authentication failed..
[EMAIL PROTECTED] wrote: Hi, I have an qmail/vpopmail/courierimap/sqwebmail-server. And, I have a problem.. I?m not really sure if it is about the vchkpw -program, but that?s my guess The problem is, that if I start the imapserver, and/or the sqwebmailserver, the first minutes I can log in without any problems, or let?s say, the first time. But, when I try to login in again, with the same account or with another, authentication fails.. Whery strange. I uses plain-password style for authdaemond.plain for imap. For the local users /etc/passwd the problem inly apears sometimes. I think this problem is with authdaemond? Solution: Do not use authdaemond. -- Aj. Systems Administrator / Developer
Re: [vchkpw] Authentication failed..
- Original Message - From: Ajai Khattri [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 29, 2003 10:55 AM Subject: Re: [vchkpw] Authentication failed.. [EMAIL PROTECTED] wrote: Hi, I have an qmail/vpopmail/courierimap/sqwebmail-server. And, I have a problem.. I?m not really sure if it is about the vchkpw -program, but that?s my guess The problem is, that if I start the imapserver, and/or the sqwebmailserver, the first minutes I can log in without any problems, or let?s say, the first time. But, when I try to login in again, with the same account or with another, authentication fails.. Whery strange. I uses plain-password style for authdaemond.plain for imap. For the local users /etc/passwd the problem inly apears sometimes. I think this problem is with authdaemond? Solution: Do not use authdaemond. You think wrong. The problem is with vpopmail. See the archives, maybe it will get fixed someday. --Doug
Re: [vchkpw] vchkpw authentication fails - more info
Se ahead for answers to your questions... On Thursday 03 July 2003 19:23, Kiril Todorov wrote: On Thu, Jul 03, 2003 at 10:02:54AM +0100, Howard Miller wrote: Hi again, Further to my previous email (follows), I have discovered something else. I created a new user. I can send mail to that user and it correctly ends up in the Maildir. BUT vchkpw does not authenticate that user ever - always an error. Stranger still, the failure is *not* logged (unlike the intermittent users). Something is broken!! Any pointers appreciated. Howard Hello Howard, give us more info first? what is the _exact_ error message on the client side? Messages - this is what I think, I am about 80% sure == When POP3 authentication fails, maillog file contains the line.. vchkpw: login success [EMAIL PROTECTED]: On my Mac at home the mail app polls every couple of minutes, so I get quite a few of these messages (c. 10 an hour?), but it does not materially affect the operation of mail. sqwebmail sometimes does not authorise but AFAIK there is never an error message, so it may be something else - but it seems a bit of a coincidence. When this does not work, my feeling is that you have to try loads of times before it does, or just leave it for ten minutes, but again its hard to put my finger on. what happens if you telnet to port 110 of the server and try to auth the user manualy? It works fine, but it might well do anyway as the problem is intermittent. what options did you compile vpopmail with? --enable-logging=y --enable-default-domain=alicats.org what's your pop3d run script? I am using xinet, so... service pop3 { disable = no socket_type = stream protocol= tcp wait= no user= root server = /var/qmail/bin/qmail-popup server_args = www.alicats.org /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir log_type= FILE /var/log/xinetd.log log_on_success = HOST log_on_failure = HOST RECORD } (There are no errors in xinetd.log) stuff like that ; ...again, any help appreciated!
Re: [vchkpw] vchkpw authentication fails - more info
On Fri, Jul 04, 2003 at 08:52:56AM +0100, Howard Miller wrote: what's your pop3d run script? I am using xinet, so... And that's exactly your problem : cut from xinetd.conf (5) cps Limits the rate of incoming connections. Takes two arguments. The first argument is the number of connections per second to handle. If the rate of incoming connections is higher than this, the service will be temporarily disabled. The second argument is the number of seconds to wait before re-enabling the service after it has been disabled. The default for this setting is 50 incoming connections and the interval is 10 seconds. As written on qmail.org, qmail is recommended to be run with tcpserver and daemontools, and inetd, xinetd are not supported anymore. If you need a hand how to set up daemontools and ucspi-tcp heres is a good howto on that: http://flounder.net/qmail/qmail-howto.html G'luck : -- Kiril Todorov-+- +359 2 9712013 Bulgaria Online -+- http://home.online.bg /* waiting... dreaming... wishing... */
Re: [vchkpw] vchkpw authentication fails - more info
Mmm Thanks, yes, but, I have set up a similar system many times previously and always used SuSE Linux with daemontools and ucspi-tcp, no problems at all. However this particular system is RedHat 8, and I was having big problems with daemontools processes just dying (big list of defunct processes). This was reported by others here and there but I never saw (or found) a decent explanation - I rather came to the conclusion that daemontools was broken in some way. Hence backing off to the old fashioned solution. It is worth noting that this is a *very* low-use mail server, its just used for a small department/project and only has about 6 users, which is why I wasn't too worried in the first place. 50 incoming connections strikes me as extremely unlikely, unless of course something else nasty has happened. Howard On Friday 04 July 2003 09:39, Kiril Todorov wrote: On Fri, Jul 04, 2003 at 08:52:56AM +0100, Howard Miller wrote: what's your pop3d run script? I am using xinet, so... And that's exactly your problem : cut from xinetd.conf (5) cps Limits the rate of incoming connections. Takes two arguments. The first argument is the number of connections per second to handle. If the rate of incoming connections is higher than this, the service will be temporarily disabled. The second argument is the number of seconds to wait before re-enabling the service after it has been disabled. The default for this setting is 50 incoming connections and the interval is 10 seconds. As written on qmail.org, qmail is recommended to be run with tcpserver and daemontools, and inetd, xinetd are not supported anymore. If you need a hand how to set up daemontools and ucspi-tcp heres is a good howto on that: http://flounder.net/qmail/qmail-howto.html G'luck :
Re: [vchkpw] vchkpw authentication fails - more info
On Fri, Jul 04, 2003 at 09:51:06AM +0100, Howard Miller wrote: Mmm However this particular system is RedHat 8, and I was having big problems with daemontools processes just dying (big list of defunct processes). This was reported by others here and there but I never saw (or found) a decent explanation - I rather came to the conclusion that daemontools was broken in some way. Hence backing off to the old fashioned solution. trust me.. daemontools aren't broken :) if theres anything broken that might be RedHat's config, a bunch of defuncts might come from wrong run files for example, but without detailed look at them I can't say for sure. It is worth noting that this is a *very* low-use mail server, its just used for a small department/project and only has about 6 users, which is why I wasn't too worried in the first place. 50 incoming connections strikes me as extremely unlikely, unless of course something else nasty has happened. Well, give it a try with daemontools, I'll be glad to help with anything you might need there. I bet it's xinetd causing the problems, still it's kinda weird if there are really just 6 users. -- Kiril Todorov-+- +359 2 9712013 Bulgaria Online -+- http://home.online.bg /* waiting... dreaming... wishing... */
Re: [vchkpw] vchkpw authentication fails - more info
Thanks for your all your help, by the way :-) I actually spent *days*, and lots of digging on the Net, trying to get it to work with daemontools. As I say I have a number of working systems to compare and contrast with, and I do generally stick closely to Mr. McKenna's howto. What I mean to say is that it ain't going to work at all if I go back. Its starting to look like the way forward is to rebuild the box with something other than RedHat and start again, although this feels even more like admitting defeat. I could always put W2000 on it and run Exchange :-) Oh well.. H. On Friday 04 July 2003 10:03, Kiril Todorov wrote: On Fri, Jul 04, 2003 at 09:51:06AM +0100, Howard Miller wrote: Mmm However this particular system is RedHat 8, and I was having big problems with daemontools processes just dying (big list of defunct processes). This was reported by others here and there but I never saw (or found) a decent explanation - I rather came to the conclusion that daemontools was broken in some way. Hence backing off to the old fashioned solution. trust me.. daemontools aren't broken :) if theres anything broken that might be RedHat's config, a bunch of defuncts might come from wrong run files for example, but without detailed look at them I can't say for sure. It is worth noting that this is a *very* low-use mail server, its just used for a small department/project and only has about 6 users, which is why I wasn't too worried in the first place. 50 incoming connections strikes me as extremely unlikely, unless of course something else nasty has happened. Well, give it a try with daemontools, I'll be glad to help with anything you might need there. I bet it's xinetd causing the problems, still it's kinda weird if there are really just 6 users.
[vchkpw] vchkpw authentication fails - more info
Hi again, Further to my previous email (follows), I have discovered something else. I created a new user. I can send mail to that user and it correctly ends up in the Maildir. BUT vchkpw does not authenticate that user ever - always an error. Stranger still, the failure is *not* logged (unlike the intermittent users). Something is broken!! Any pointers appreciated. Howard Hi, I am using vpopmail version 5.2.1 I have a strange problem where vchkpw intermittently rejects correct username/password combinations. I don't yet have good feel for frequency but probably around 25% are being thrown out. The log simply notes that the user was rejected. This is applicable both to my sqwebmail installation and also to POP3 email from another machine. I'm not sure where to start looking to sort this. Does anybody have any ideas? Howard
[vchkpw] Authentication Errors
Hello All, I have been happily using vpopmail for about 2 years. Thank you for a great tool. I am in the process of setting up a new server and I am nearly through. The problem I have is that authentication sometimes fails. I seem to only have this issue from sqwebmail. I have seen in other mailing lists that this has recently been a bug in vpopmail but I haven't found a solution. Here are the specifics: User [EMAIL PROTECTED] attempts to login from sqwebmail and types the username and pass correctly. I am using mysql, so I look at the log and the username string that is presented is johnn or johni or john/. sqwebmail-3.5.3 and sqwebmail-3.5.2 and sqwebmail-3.5.1 (all the same) (ugh) maildrop-1.5.3 vpopmail-5.3.20 and vpopmail-5.2.1 (did same thing) qmail-1.03 I can't help but think I may have something misconfigured. My production server is working without a hitch. BTW, I asked this question on the sqwebmail list and was told it is a vpopmail/vchkpw bug. It still seems to only happen with sqwebmail though (for me). Thanks in advance, -- David Bronson
Re: [vchkpw] Authentication problems
Hi Neil, I am experiencing a strange problem and I have been told that it may be a known bug with vpopmail. The environment is Qmail + Vpopmail + Courier-Imap + SquirrelMail. Everything appears to be working fine (I can log in through Outlook client and SquirrelMail) until I switch to a new user (on the same box). Once I do this, the original user can't log in anymore. Did you compile Courier-IMAP with --without-authdaemon? If not, try to do so. authdaemon isn't really compatible with vpopmail. I've also asked this question on the courier-imap list and they indicated it was a known vpopmail bug. I don't know wheter it's a vpopmail bug or a Courier-IMAP bug. Simply don't use authdaemon; it doesn't work. Jonas
[vchkpw] Authentication problems
Title: Message Hello, I am experiencing a strange problem and I have been told that it may be a known bug with vpopmail. The environment is Qmail + Vpopmail + Courier-Imap + SquirrelMail.Everything appears to be working fine (I can log in through Outlook client and SquirrelMail) until I switch to a new user (on the same box). Once I do this, the original user can't log in anymore. I get an error that the user ID or password is incorrect. The new user is fine until I try a third user. Again the same thing and now neither of the first two users can log in anymore. If I reboot the server then everything returns to normal until I try to use more than one user again. I have checked all the logs and there is no indication of what is going on. There are a bunch of entries for successful LOGIN and LOGOUT and then all of a sudden a bunch of failures. I am wondering if maybe my server is locking a user to a PC IP address for some strange reason. I have tried checking the logs, restarting imap, restarting qmail and checking for strange entries in the config files. I'm stumped on this one. I've also duplicated this problem just by using the outlook clients and just by using the squirrelmail client so I don't think the problem rests with either of those two. I've also asked this question on the courier-imap list and they indicated it was a known vpopmail bug. Any ideas or suggestions? Is this a know bug and is there a resolution? Thanks in advance, Neil
Re: [vchkpw] Authentication problems
Title: Message Hi Neil, I am running in to something similar and I think there may be a lock somewhere on the account. When my Outlook checks the account it works fine.. but when I try to login through SquirrelMail it gives me an invalid username or password. If I disable the account in my outlook and wait awhile then I am able to login to SquirrelMail without an issue. I am not sure what this is .. but for the most part it does not affect me as I am using squirrelmail for all the people that use my mail server that don't want to use a Mail client to check their email. Regards, Rob G [EMAIL PROTECTED] - Original Message - From: Neil Harrison To: Vpopmail List Sent: Tuesday, March 25, 2003 1:03 PM Subject: [vchkpw] Authentication problems Hello, I am experiencing a strange problem and I have been told that it may be a known bug with vpopmail. The environment is Qmail + Vpopmail + Courier-Imap + SquirrelMail.Everything appears to be working fine (I can log in through Outlook client and SquirrelMail) until I switch to a new user (on the same box). Once I do this, the original user can't log in anymore. I get an error that the user ID or password is incorrect. The new user is fine until I try a third user. Again the same thing and now neither of the first two users can log in anymore. If I reboot the server then everything returns to normal until I try to use more than one user again. I have checked all the logs and there is no indication of what is going on. There are a bunch of entries for successful LOGIN and LOGOUT and then all of a sudden a bunch of failures. I am wondering if maybe my server is locking a user to a PC IP address for some strange reason. I have tried checking the logs, restarting imap, restarting qmail and checking for strange entries in the config files. I'm stumped on this one. I've also duplicated this problem just by using the outlook clients and just by using the squirrelmail client so I don't think the problem rests with either of those two. I've also asked this question on the courier-imap list and they indicated it was a known vpopmail bug. Any ideas or suggestions? Is this a know bug and is there a resolution? Thanks in advance, Neil
[vchkpw] Authentication Problems
When connecting to the server to attempt to collect mail, I am receiving an authorization failure. I have setup vpopmail to use mysql to store the domain and user info, and I am using vchkpw to authenticate the pwds and I am logging in using the username% [EMAIL PROTECTED] format. Is there a way to check the authentication using vchkpw directly?? Thanks Clint
Re: [vchkpw] Authentication Problems
On Sunday 23 March 2003 02:36, [EMAIL PROTECTED] wrote: When connecting to the server to attempt to collect mail, I am receiving an authorization failure. I have setup vpopmail to use mysql to store the domain and user info, and I am using vchkpw to authenticate the pwds and I am logging in using the username% [EMAIL PROTECTED] format. Is there a way to check the authentication using vchkpw directly?? # telnet mail.hostname.com 110 user [EMAIL PROTECTED] pass secret then check the logs. Also note, that we _do_ have an archive for this list and this question has been covered not only a million but fantastillions of zillion times. -- Yep, thats how I am testing it. I also just noticed, that I had not pointed out that it is for virtual domains, and have confirmed that I am using the right login format. I'm not sure about the logs though, which ones should I be checking for the authentication attempts? The following which I would think are the ones are empty :/ d97# ls -al /var/log/qmail/pop3d/ total 6 drwxr-xr-x 2 qmaill wheel 512 Mar 22 18:23 . drwxr-xr-x 4 qmaill wheel 512 Mar 22 17:31 .. -rw-r--r-- 1 qmaill wheel 27 Mar 22 18:23 current -rw--- 1 qmaill wheel0 Mar 22 18:23 lock -rw-r--r-- 1 qmaill wheel0 Mar 22 18:23 state Clint
Re: [vchkpw] Authentication Problems
On Sunday 23 March 2003 02:36, [EMAIL PROTECTED] wrote: When connecting to the server to attempt to collect mail, I am receiving an authorization failure. I have setup vpopmail to use mysql to store the domain and user info, and I am using vchkpw to authenticate the pwds and I am logging in using the username% [EMAIL PROTECTED] format. Is there a way to check the authentication using vchkpw directly?? # telnet mail.hostname.com 110 user [EMAIL PROTECTED] pass secret then check the logs. Also note, that we _do_ have an archive for this list and this question has been covered not only a million but fantastillions of zillion times. -- Yep, thats how I am testing it. I also just noticed, that I had not pointed out that it is for virtual domains, and have confirmed that I am using the right login format. I'm not sure about the logs though, which ones should I be checking for the authentication attempts? The following which I would think are the ones are empty :/ d97# ls -al /var/log/qmail/pop3d/ total 6 drwxr-xr-x 2 qmaill wheel 512 Mar 22 18:23 . drwxr-xr-x 4 qmaill wheel 512 Mar 22 17:31 .. -rw-r--r-- 1 qmaill wheel 27 Mar 22 18:23 current -rw--- 1 qmaill wheel0 Mar 22 18:23 lock -rw-r--r-- 1 qmaill wheel0 Mar 22 18:23 state Clint I belive I have it fixed.. firstly you have to be looking at the right log files.. /var/log/maillog damn I feel stupid. But I noticed there were some inconsistant looking permissions set in the /home/vpopmail dir so I changed them all to owner vpopmail and authentication seems to be working correctly now.. wierd :/ Thanks for the suggestions though! Everything always helps. Clint
[vchkpw] authentication of default and virtual domain users
hi ppl i am using qmail on redhat linux.i have one default domain of linux and other 2 domain as virtual domains through vpopmail. qmail-pop3d authenticatet the only virtual domain users. Before installing vpopmail and configuring virtual domains ,it work the default domain users. so i want to authenticate both user through qmail-pop3d. but how... bcz now after virtual domains ,i have that type of qmail-pop3d run file *** #!/bin/sh # Dave Sill, 2001-11-06 # For use with The qmail Handbook, ISBN 1893115402 MAXPOP3D=`head -1 /var/qmail/control/concurrencypop3` if [ -z $MAXPOP3D ]; then echo MAXPOP3D is unset in echo $0 exit 1 fi exec /usr/local/bin/softlimit -m 200 \ /usr/local/bin/tcpserver -v -R -H -l 0 -x /etc/tcp.pop3.cdb -c $MAXPOP3D \ 0 110 /var/qmail/bin/qmail-popup FQDN /home/vpopmail/bin/vchkpw \ /var/qmail/bin/qmail-pop3d Maildir 21 *** so how can i authenticte both users through pop3 and also with courier-imap too. thanks zafar
[vchkpw] Authentication based on alias names
Is it possible to have users authenticate using their alias names? I've scoured the net in hopes of finding some patch or hack, only to come up empty handed. I've got the mysql authentication module enabled. I was wondering if anyone has tried, or if its feasible to have vchkpw check against aliases in the event the username does not match. If anyone has any ideas please let me know. -Andy Johnson
[vchkpw] Authentication problem
Hi all, i'm so worry after 1 week trying to solve my problem. nothing, nothing!!! i can't authenticate with pop3 and courier-imap qmail-pop3d/run === #!/bin/sh env - PATH="/var/qmail/bin:/usr/local/bin:/bin:/service" \ /usr/local/bin/tcpserver -H -l 0 -R 0 pop3 /var/qmail/bin/qmail-popup ns.boliviancenters.com \ /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 21 qmail-smtpd = #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 200 \ /usr/local/bin/tcpserver -v -R -l 0 -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd 21 PLEASE HELPJ. Pedro Flor P. .~. /V\// \\ /( _ )\´´ ``Do You Yahoo!? Todo lo que quieres saber de Estados Unidos, América Latina y el resto del Mundo. Visíta Yahoo! Noticias.
Re: Compiling error--vchkpw authentication
i think you have to get patch c file from inter7 site hope this could solve the problem iam not sure - Original Message - From: master [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, June 15, 2001 10:14 AM Subject: Fwd: Compiling error--vchkpw authentication Hello : I encountered an error when compliling the sqwebmail.2.1.4 ,I want to use the vchkpw authentication.Follwing is the error message: * #include /home/vpopmail/include/config.h' vpopmail_config.h gcc -DHAVE_CONFIG_H -I. -I. -I. -I/home/vpopmail/include -g -O2 -Wall -I.. -I./.. -c authvchkpw.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I/home/vpopmail/include -g -O2 -Wall -I.. -I./.. -c authvchkpwlib.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I/home/vpopmail/include -g -O2 -Wall -I.. -I./.. -c preauthvchkpw.c preauthvchkpw.c: In function `auth_vchkpw_pre': preauthvchkpw.c:70: warning: passing arg 2 of `make_user_dir' makes integer from pointer without a cast preauthvchkpw.c:70: too many arguments to function `make_user_dir' make[1]: *** [preauthvchkpw.o] Error 1 make[1]: Leaving directory `/Server/Mail/Sqwebmail/sqwebmail-2.1.1/authlib' make: *** [all-recursive] Error 1 *** and, besides that , after I installed the sqwebmail( sqwebmail 1.2.4 can be compiled), i couldn't receive mails. What is the problem? Thanks to your kind help. Dal , [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Fwd: Compiling error--vchkpw authentication
Hello : I encountered an error when compliling the sqwebmail.2.1.4 ,I want to use the vchkpw authentication.Follwing is the error message: * #include /home/vpopmail/include/config.h' vpopmail_config.h gcc -DHAVE_CONFIG_H -I. -I. -I. -I/home/vpopmail/include -g -O2 -Wall -I.. -I./.. -c authvchkpw.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I/home/vpopmail/include -g -O2 -Wall -I.. -I./.. -c authvchkpwlib.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I/home/vpopmail/include -g -O2 -Wall -I.. -I./.. -c preauthvchkpw.c preauthvchkpw.c: In function `auth_vchkpw_pre': preauthvchkpw.c:70: warning: passing arg 2 of `make_user_dir' makes integer from pointer without a cast preauthvchkpw.c:70: too many arguments to function `make_user_dir' make[1]: *** [preauthvchkpw.o] Error 1 make[1]: Leaving directory `/Server/Mail/Sqwebmail/sqwebmail-2.1.1/authlib' make: *** [all-recursive] Error 1 *** and, besides that , after I installed the sqwebmail( sqwebmail 1.2.4 can be compiled), i couldn't receive mails. What is the problem? Thanks to your kind help. Dal , [EMAIL PROTECTED]