Re: [vchkpw] Troubleshooting enable-roaming-users
Nope. I reinstalled, but still nothing. Further research turned up some threads that indicate that this is maybe just not supported with courier anymore? Can anybody confirm this? http://www.mail-archive.com/vchkpw@inter7.com/msg20495.html http://www.mail-archive.com/vchkpw@inter7.com/msg21945.html http://www.mail-archive.com/vchkpw@inter7.com/msg23726.html http://www.mail-archive.com/vchkpw@inter7.com/msg20745.html That is probably the final nail in this thread for me. I've been weighing the hassle between to enable roaming-users versus instructing all our users to reconfigure their MUAs to use SMTP-AUTH. Ok ok ok... Quinn On Thu, 2 Nov 2006 15:31:04 -0800, Tom Collins wrote: You probably just need to recompile/reinstall courier so it relinks libvpopmail and picks up the correct setting for roaming users. My guess is that your initial install didn't support roaming users, but you updated vpopmail later to enable it. libvpopmail is always statically linked (for now) so updating vpopmail requires updates to Courier-IMAP, QmailAdmin and any other app that links to libvpopmail.
Re: [vchkpw] Troubleshooting enable-roaming-users
Which doesn't use /home/vpopmail/bin/vchkpw, which would explain why POP3-SSL connections aren't being added to the database. use sslserver as ssl wrapper around tcpserver (part of http:// www.superscript.com/ucspi-ssl/intro.html. Then you still use vpopmail and popbeforesmtp works. You can use sslserver also to provide ssmtp/ smtps. So my question should then be: How to get Courier SSL connections to pass the connect message to vpopmail? I assume this is an issue for IMAP and IMAP-SSL users as well. as far as I know this was depreciated because SMTP-AUTH was considered the way to go. I have no solution for this. We only offer popbeforesmtp and no imapbeforesmtp (that is not as trivial as it looks). cheers andrej
Re: [vchkpw] Troubleshooting enable-roaming-users
On Nov 3, 2006, at 1:42 AM, Quinn Comendant wrote: Further research turned up some threads that indicate that this is maybe just not supported with courier anymore? Can anybody confirm this? Yes, that is correct. The vchkpw code embedded in courier-imap doesn't know the IP address of the end user, so it can't update the relay table. -- Tom Collins - [EMAIL PROTECTED] Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/ QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/
Re: [vchkpw] Troubleshooting enable-roaming-users
Ah ha, so it is in the database rather than /home/vpopmail/etc/open-smtp. And...the database contains the IPs! mysql select * from relay; +++ | ip_addr| timestamp | +++ | 83.167.100.41 | 1162456105 | | 69.236.80.73 | 1162455951 | | 63.195.16.136 | 1162445324 | | 67.161.162.12 | 1162455940 | | 71.139.185.158 | 1162449362 | | 71.202.165.159 | 1162447742 | | 208.53.81.33 | 1162454384 | | 24.61.40.57| 1162455976 | +++ 8 rows in set (0.00 sec) Now checking tcp.smtp.cdb... [EMAIL PROTECTED]/0 ~]$grep 63.195.16.136 /etc/tcprules.d/tcp.smtp.cdb Binary file /etc/tcprules.d/tcp.smtp.cdb matches And my IP address is found! So...it *should* be working, but it's not. Arrr! Anything else I can look at? Quinn On Thu, 02 Nov 2006 08:24:57 +0100, andrej wrote: Yes! then you should check if you have the 'relay' table (and whats written there) in your vpopmail mysql table. You can also look at tcp.smtp.cdb with cat tcp.smtp.cdb. You find the listed IPs at the end of the dump. cheers andrej
Re: [vchkpw] Troubleshooting enable-roaming-users
And my IP address is found! well that shows that the problem is not with vpopmail. If I remember right your problem is that your clients cant do roaming so you will have to check if your smtpd is checking the tcp.smtp.cdb at all. I assume you use tcpserver... make sure that in your run script the command and path are set correct: tcpserver -x /path/to/your/tcp.smtp.cdb cheers andrej
Re: [vchkpw] Troubleshooting enable-roaming-users
It appears I have that correct too: #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` BLACKLIST=`cat /var/qmail/control/blacklists` SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb RBLSMTPD=/usr/bin/rblsmtpd HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw exec /usr/bin/softlimit -m 1200 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ $RBLSMTPD $BLACKLIST $SMTPD $VCHKPW /bin/true 21 UPDATE: I discovered the whole system DOES work if I connect via POP3, but if I connect via POP3-SSL my IP address is *not* added to the vpopmail.relay database. My POP3-SSL run file is thus: #!/bin/sh HOSTNAME=`hostname --fqdn`; rm -rf ./env/*; cat /etc/courier/pop3d-ssl | /usr/bin/envconv; exec /usr/bin/envdir ./env/ \ /usr/bin/softlimit -m 900 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME 0 995 \ /usr/bin/couriertls -server -tcpd \ /usr/sbin/pop3login \ /usr/bin/pop3d Maildir 21 Which doesn't use /home/vpopmail/bin/vchkpw, which would explain why POP3-SSL connections aren't being added to the database. So my question should then be: How to get Courier SSL connections to pass the connect message to vpopmail? I assume this is an issue for IMAP and IMAP-SSL users as well. Quinn On Thu, 02 Nov 2006 10:49:21 +0100, andrej wrote: And my IP address is found! well that shows that the problem is not with vpopmail. If I remember right your problem is that your clients cant do roaming so you will have to check if your smtpd is checking the tcp.smtp.cdb at all. I assume you use tcpserver... make sure that in your run script the command and path are set correct: tcpserver -x /path/to/your/tcp.smtp.cdb cheers andrej
Re: [vchkpw] Troubleshooting enable-roaming-users
On Nov 2, 2006, at 2:59 PM, Quinn Comendant wrote: So my question should then be: How to get Courier SSL connections to pass the connect message to vpopmail? I assume this is an issue for IMAP and IMAP-SSL users as well. You probably just need to recompile/reinstall courier so it relinks libvpopmail and picks up the correct setting for roaming users. My guess is that your initial install didn't support roaming users, but you updated vpopmail later to enable it. libvpopmail is always statically linked (for now) so updating vpopmail requires updates to Courier-IMAP, QmailAdmin and any other app that links to libvpopmail. -- Tom Collins - [EMAIL PROTECTED] Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/ QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/
[vchkpw] Troubleshooting enable-roaming-users
Hi y'all How can I troubleshoot why roaming users (POP-before-SMTP) isn't working for me? I've compiled vpopmail with --enable-roaming-users, and recompiled everything else after installing. But I still get a 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3 - chkuser). I'm not quite sure the mechanisms that allow this to work. vchkpw intercepts a pop/imap connection and appends the remote IP to a cdb file used by chkuser? Thanks for any direction pointing. Quinn
Re: [vchkpw] Troubleshooting enable-roaming-users
By default, there is a file called ~vpopmail/etc/open-smtp that is in the same format as tcp.smtp. The first thing to do would be to check that this file exists and your IP has been placed in it. That will ensure at least the first half of the process is working. After every authentication where an IP is added, this file is combined with /etc/tcp.smtp and hashed in /etc/tcp.smtp.cdb. You will also want to check that this file is being created and is writable by your vpopmail user. ___ Michael Johnson 626-852-9696 Ext. 103 System Administrator [EMAIL PROTECTED] PhD Computing http://www.phdcomputing.net/ Quinn Comendant wrote: Hi y'all How can I troubleshoot why roaming users (POP-before-SMTP) isn't working for me? I've compiled vpopmail with --enable-roaming-users, and recompiled everything else after installing. But I still get a 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3 - chkuser). I'm not quite sure the mechanisms that allow this to work. vchkpw intercepts a pop/imap connection and appends the remote IP to a cdb file used by chkuser? Thanks for any direction pointing. Quinn
Re: [vchkpw] Troubleshooting enable-roaming-users
Thanks for the explanation... On Wed, 01 Nov 2006 07:11:25 -0800, Michael Johnson wrote: By default, there is a file called ~vpopmail/etc/open-smtp that is in the same format as tcp.smtp. The first thing to do would be to check that this file exists and your IP has been placed in it. That will ensure at least the first half of the process is working. This file (~vpopmail/etc/open-smtp) is not being created. Directory permissions appear correct. After every authentication where an IP is added, this file is combined with /etc/tcp.smtp and hashed in /etc/tcp.smtp.cdb. You will also want to check that this file is being created and is writable by your vpopmail user. This file exists at /etc/tcprules.d/tcp.smtp.cdb and is writable by the vpopmail user. Any ideas why no open-smtp file was created? Thanks, Quinn PS: here is more info on the vpopmail package I'm running: [EMAIL PROTECTED]/0 ~]$rpm -qi vpopmail-toaster Name: vpopmail-toaster Relocations: (not relocatable) Version : 5.4.13Vendor: (none) Release : 1.3.5 Build Date: Sun 08 Oct 2006 01:02:24 AM CDT Install Date: Sun 08 Oct 2006 01:57:24 AM CDT Build Host: one.strangecode.com Group : Networking/Other Source RPM: vpopmail-toaster-5.4.13-1.3.5.src.rpm Size: 1805315 License: GPL Signature : (none) Packager: Nick Hemmesch [EMAIL PROTECTED] URL : http://www.inter7.com/vpopmail Summary : Vpopmail for qmail-toaster Description : vpopmail (vchkpw) is a collection of programs and a library to automate the creation and maintence of virtual domain email for qmail installations using either a single UID/GID, or any valid UID/GID in /etc/passwd with a home directory. All the features are provided in the library for other applications which need to maintain virtual domain email accounts. It supports named or IP based domains. It works with vqadmin, qmailadmin, vqregister, sqwebmail, and courier-imap. It supports MySQL, Sybase, Oracle, LDAP, and file-based (DJB constant database) authentication. It handles 10 to 10 million users, and over 500K domains. vpopmail 5.4.13 Current settings --- vpopmail directory = /home/vpopmail uid = 89 gid = 89 roaming users = ON --enable-roaming-users password learning = OFF --disable-learn-passwords (default) md5 passwords = ON --enable-md5-passwords (default) file locking = ON --enable-file-locking (default) vdelivermail fsync = OFF --disable-file-sync (default) make seekable = ON --enable-make-seekable (default) clear passwd = ON --enable-clear-passwd (default) user dir hashing = OFF --disable-users-big-dir address extensions = ON --enable-qmail-ext ip alias = OFF --disable-ip-alias-domains (default) auth module = mysql --enable-auth-module=mysql mysql replication = OFF --disable-mysql-replication (default) sql logging = OFF --disable-sql-logging (default) mysql limits = OFF --disable-mysql-limits (default) MySQL valias = ON --enable-valias auth inc = -I/usr/include/mysql auth lib = -L/usr/lib64/mysql -lmysqlclient -lz -lm system passwords = OFF --disable-passwd (default) pop syslog = log success and errors including passwords --enable-logging=v auth logging = ON --enable-auth-logging (default) one SQL table for all domains = --enable-many-domains (default)
Re: [vchkpw] Troubleshooting enable-roaming-users
do u use mysql? Remo Quinn Comendant wrote: Thanks for the explanation... On Wed, 01 Nov 2006 07:11:25 -0800, Michael Johnson wrote: This file (~vpopmail/etc/open-smtp) is not being created. Directory permissions appear correct. This file exists at /etc/tcprules.d/tcp.smtp.cdb and is writable by the vpopmail user. Any ideas why no open-smtp file was created? Thanks, Quinn PS: here is more info on the vpopmail package I'm running: [EMAIL PROTECTED]/0 ~]$rpm -qi vpopmail-toaster Name: vpopmail-toaster Relocations: (not relocatable) Version : 5.4.13Vendor: (none) Release : 1.3.5 Build Date: Sun 08 Oct 2006 01:02:24 AM CDT Install Date: Sun 08 Oct 2006 01:57:24 AM CDT Build Host: one.strangecode.com Group : Networking/Other Source RPM: vpopmail-toaster-5.4.13-1.3.5.src.rpm Size: 1805315 License: GPL Signature : (none) Packager: Nick Hemmesch [EMAIL PROTECTED] URL : http://www.inter7.com/vpopmail Summary : Vpopmail for qmail-toaster Description : vpopmail (vchkpw) is a collection of programs and a library to automate the creation and maintence of virtual domain email for qmail installations using either a single UID/GID, or any valid UID/GID in /etc/passwd with a home directory. All the features are provided in the library for other applications which need to maintain virtual domain email accounts. It supports named or IP based domains. It works with vqadmin, qmailadmin, vqregister, sqwebmail, and courier-imap. It supports MySQL, Sybase, Oracle, LDAP, and file-based (DJB constant database) authentication. It handles 10 to 10 million users, and over 500K domains. vpopmail 5.4.13 Current settings --- vpopmail directory = /home/vpopmail uid = 89 gid = 89 roaming users = ON --enable-roaming-users password learning = OFF --disable-learn-passwords (default) md5 passwords = ON --enable-md5-passwords (default) file locking = ON --enable-file-locking (default) vdelivermail fsync = OFF --disable-file-sync (default) make seekable = ON --enable-make-seekable (default) clear passwd = ON --enable-clear-passwd (default) user dir hashing = OFF --disable-users-big-dir address extensions = ON --enable-qmail-ext ip alias = OFF --disable-ip-alias-domains (default) auth module = mysql --enable-auth-module=mysql mysql replication = OFF --disable-mysql-replication (default) sql logging = OFF --disable-sql-logging (default) mysql limits = OFF --disable-mysql-limits (default) MySQL valias = ON --enable-valias auth inc = -I/usr/include/mysql auth lib = -L/usr/lib64/mysql -lmysqlclient -lz -lm system passwords = OFF --disable-passwd (default) pop syslog = log success and errors including passwords --enable-logging=v auth logging = ON --enable-auth-logging (default) one SQL table for all domains = --enable-many-domains (default)
Re: [vchkpw] Troubleshooting enable-roaming-users
Yes! Quinn On Wed, 01 Nov 2006 20:52:01 -0700, Remo Mattei wrote: do u use mysql? Remo Quinn Comendant wrote: Thanks for the explanation... On Wed, 01 Nov 2006 07:11:25 -0800, Michael Johnson wrote: This file (~vpopmail/etc/open-smtp) is not being created. Directory permissions appear correct. This file exists at /etc/tcprules.d/tcp.smtp.cdb and is writable by the vpopmail user. Any ideas why no open-smtp file was created? Thanks, Quinn PS: here is more info on the vpopmail package I'm running: [EMAIL PROTECTED]/0 ~]$rpm -qi vpopmail-toaster Name: vpopmail-toaster Relocations: (not relocatable) Version : 5.4.13Vendor: (none) Release : 1.3.5 Build Date: Sun 08 Oct 2006 01:02:24 AM CDT Install Date: Sun 08 Oct 2006 01:57:24 AM CDT Build Host: one.strangecode.com Group : Networking/Other Source RPM: vpopmail-toaster-5.4.13-1.3.5.src.rpm Size: 1805315 License: GPL Signature : (none) Packager: Nick Hemmesch [EMAIL PROTECTED] URL : http://www.inter7.com/vpopmail Summary : Vpopmail for qmail-toaster Description : vpopmail (vchkpw) is a collection of programs and a library to automate the creation and maintence of virtual domain email for qmail installations using either a single UID/GID, or any valid UID/GID in /etc/passwd with a home directory. All the features are provided in the library for other applications which need to maintain virtual domain email accounts. It supports named or IP based domains. It works with vqadmin, qmailadmin, vqregister, sqwebmail, and courier-imap. It supports MySQL, Sybase, Oracle, LDAP, and file-based (DJB constant database) authentication. It handles 10 to 10 million users, and over 500K domains. vpopmail 5.4.13 Current settings --- vpopmail directory = /home/vpopmail uid = 89 gid = 89 roaming users = ON --enable-roaming-users password learning = OFF --disable-learn-passwords (default) md5 passwords = ON --enable-md5-passwords (default) file locking = ON --enable-file-locking (default) vdelivermail fsync = OFF --disable-file-sync (default) make seekable = ON --enable-make-seekable (default) clear passwd = ON --enable-clear-passwd (default) user dir hashing = OFF --disable-users-big-dir address extensions = ON --enable-qmail-ext ip alias = OFF --disable-ip-alias-domains (default) auth module = mysql --enable-auth-module=mysql mysql replication = OFF --disable-mysql-replication (default) sql logging = OFF --disable-sql-logging (default) mysql limits = OFF --disable-mysql-limits (default) MySQL valias = ON --enable-valias auth inc = -I/usr/include/mysql auth lib = -L/usr/lib64/mysql -lmysqlclient -lz -lm system passwords = OFF --disable-passwd (default) pop syslog = log success and errors including passwords --enable-logging=v auth logging = ON --enable-auth-logging (default) one SQL table for all domains = --enable-many-domains (default)
Re: [vchkpw] Troubleshooting enable-roaming-users
Yes! then you should check if you have the 'relay' table (and whats written there) in your vpopmail mysql table. You can also look at tcp.smtp.cdb with cat tcp.smtp.cdb. You find the listed IPs at the end of the dump. cheers andrej