Re: [vchkpw] vdeliver perimission denied for vadddomain -u
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Mussulis wrote: > The solution is vadddomain -g 516 which creates the domain skeleton with > vpopmail:mike4 owner and group. This ensures vpopmail can authenticate > whilst maintaining group rights for file system quotas via group quotas. The solution would be to run the process as root, rather than as vpopmail, so that it can change to the UID :) > Dovecot imap/imaps/pop3s still authenticate but ONLY if I specify a > custom sql query in it's configuration AND update the vpopmail mysql > table uid/gid with the corresponding values i.e. 507/516. Although this > method works, I still feel there's something funky going with > dovecot+vpopmail authentication. Having to manually update the vpopmail > table with uid/gid after domain creation isn't very elegant, can > something be done about this? Is it not possible to modify vpopmail to > store the uid/gid instead of the constant values of 0/0? No, because even though these fields are *called* uid/gid, they are not meant to store that. You should configure Dovecot to use vpopmail to get the user information, rather than forming an SQL query yourself. We run Dovecot on many of our installations without these problems. - -- /* Matt BrookingsGnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAksw4ZUACgkQIwet2/rgZyysEACeMmLjV0iAPx8GLuGqbzuNYvgL VXcAoIDRmAbBZIoef9xO4SlVLKHfB89o =djP2 -END PGP SIGNATURE-
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Matt, Got it. Permissions for invoking sslserver are fine, no need to change anything. I traced the problem to vauth_getpw(), where vpopmail's user is compared to the domain uid/gid. Thus vadddomain -u mike4 creates the entire domain skeleton with uid/gid 516 (mike4), and vauth_getpw returns 507 for vpopmail - so it fails. The solution is vadddomain -g 516 which creates the domain skeleton with vpopmail:mike4 owner and group. This ensures vpopmail can authenticate whilst maintaining group rights for file system quotas via group quotas. Dovecot imap/imaps/pop3s still authenticate but ONLY if I specify a custom sql query in it's configuration AND update the vpopmail mysql table uid/gid with the corresponding values i.e. 507/516. Although this method works, I still feel there's something funky going with dovecot+vpopmail authentication. Having to manually update the vpopmail table with uid/gid after domain creation isn't very elegant, can something be done about this? Is it not possible to modify vpopmail to store the uid/gid instead of the constant values of 0/0? Thanks,Michael. > Date: Mon, 21 Dec 2009 08:47:30 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Mussulis wrote: > > I am back, and I want to thank you ALL for all your help and assistance, > > you've all been very kind, patient and helpful. Sorry I've dropped off > > the map these last couple of weeks, but I underwent an operation to > > remove a cyst on my right kidney. > > Glad to hear your kidney is now cyst free :) > > > /var/log/maillog > > Dec 21 14:37:37 localhost vpopmail[23557]: vchkpw-smtps: vpopmail user > > not found postmas...@test10.com:192.168.0.12 > > > > Does anyone have any idea why this happening under sslserver? > > It would appear that vchkpw may not have permissions to look up the user. > Make sure > it's not being run as an underprivileged user. The sslserver arguments > related to > running the qmail-smtp process should be identical to tcpserver. > - -- > /* > Matt BrookingsGnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksvioEACgkQIwet2/rgZywa0QCfYJXQTN90UIWc4AIPCaqzARL2 > 4bgAn084HDcLwqgDWUJBLX6ABHEL1I9V > =Eud4 > -END PGP SIGNATURE- _ Got more than one Hotmail account? Save time by linking them together http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b30ae6132718292337833!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Thanks Matt, I am curious to see if the op will make a difference to the discomfort I was experiencing just under my last right rib :) Re. sslserver, my tcpserver and sslserver run files are identical (bar the SSL on/off options), thus they are both being called as follows: command-line: exec sslserver -e -vR -l localhost -c 30 -u 501 -g 500 -x /usr/local/hcp/etc/tcp.smtpssl.cdb 0.0.0.0 465qmail-smtpd localhost /usr/local/hcp/vpopmail/bin/vchkpw /bin/true 2>&1 and command-line: exec tcpserver -vR -l localhost -c 30 -u 501 -g 500 -x /usr/local/hcp/etc/tcp.smtp.cdb 0.0.0.0 25qmail-smtpd localhost /usr/local/hcp/vpopmail/bin/vchkpw /bin/true 2>&1 both use user 'qmaild' (-u 501 -g 500). The only difference between the two is -e and the cdb file, as you can you see. Any other ideas? Mike. > Date: Mon, 21 Dec 2009 08:47:30 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Mussulis wrote: > > I am back, and I want to thank you ALL for all your help and assistance, > > you've all been very kind, patient and helpful. Sorry I've dropped off > > the map these last couple of weeks, but I underwent an operation to > > remove a cyst on my right kidney. > > Glad to hear your kidney is now cyst free :) > > > /var/log/maillog > > Dec 21 14:37:37 localhost vpopmail[23557]: vchkpw-smtps: vpopmail user > > not found postmas...@test10.com:192.168.0.12 > > > > Does anyone have any idea why this happening under sslserver? > > It would appear that vchkpw may not have permissions to look up the user. > Make sure > it's not being run as an underprivileged user. The sslserver arguments > related to > running the qmail-smtp process should be identical to tcpserver. > - -- > /* > Matt BrookingsGnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksvioEACgkQIwet2/rgZywa0QCfYJXQTN90UIWc4AIPCaqzARL2 > 4bgAn084HDcLwqgDWUJBLX6ABHEL1I9V > =Eud4 > -END PGP SIGNATURE- _ Add your Gmail and Yahoo! Mail email accounts into Hotmail - it's easy http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b2f91b032711219875927!
Re: [vchkpw] vdeliver perimission denied for vadddomain -u
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Mussulis wrote: > I am back, and I want to thank you ALL for all your help and assistance, > you've all been very kind, patient and helpful. Sorry I've dropped off > the map these last couple of weeks, but I underwent an operation to > remove a cyst on my right kidney. Glad to hear your kidney is now cyst free :) > /var/log/maillog > Dec 21 14:37:37 localhost vpopmail[23557]: vchkpw-smtps: vpopmail user > not found postmas...@test10.com:192.168.0.12 > > Does anyone have any idea why this happening under sslserver? It would appear that vchkpw may not have permissions to look up the user. Make sure it's not being run as an underprivileged user. The sslserver arguments related to running the qmail-smtp process should be identical to tcpserver. - -- /* Matt BrookingsGnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAksvioEACgkQIwet2/rgZywa0QCfYJXQTN90UIWc4AIPCaqzARL2 4bgAn084HDcLwqgDWUJBLX6ABHEL1I9V =Eud4 -END PGP SIGNATURE-
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Hi Guys, I am back, and I want to thank you ALL for all your help and assistance, you've all been very kind, patient and helpful. Sorry I've dropped off the map these last couple of weeks, but I underwent an operation to remove a cyst on my right kidney. Anyways, back to the issue at hand, I must confess I am a bit of an idiot. These last couple of days I've been busy packaging up the entire installation I've created as an rpm file. Having created an rpm, I installed it in a brand new FC12 box and to my horror, qmail would not start up, more specifically qmail-smtp. Checking the output of readproctitle and qmail-smtp/current log file, I saw a strange error: tcpserver could not bind to port 25, it was already in use - which needless to say stumped me completely. I couldn't understand what was taking up port 25, for the brand new box had a really minimal install of fedora, and I manually removed sendmail first thing. So, after a few days of blundering around like a fool, I discovered the culprit: EXIM. I couldn't believe it! I couldn't understand why or how exim got into my system, for I specifically didn't install it or any other smtp servers. Finally, I found out how it got it, via squirrelmail rpm. For some reason, suirrelmail rpm depends on exim (why I have no idea), which means that using yum to install squirrelmail automatically install exim as well. Which really begs the question - why on earth does squirrelmail depend on exim? Surely it should distribute without any dependency and let the user configure it with whatever backend they prefer, right? Please correct me if I am wrong. Ok, so I removed exim. This fixed tcpserver starting up, but then it complained that it couldn't find validrcptto.cdb. Again I was stumped. So after much digging around, I realized what was going on. The qmail-smtp run file (from jms), was actually kicking in causing tcpserver and qmail-smtp unexpected behavior. After altering the run file accordingly everything worked just fine. So I went back to the original FC12 box, and discovered something even stranger - exim was installed and running AS WELL as tcpserver both binding on port 25. I reckon one was binding on localhost and the other on a specific ip address, causing both to start (without errors). In any case, as a result of the above, I was able to fix qmail-smtp to use simscan + clamav/dspam. Needless to say, I had fun with those two as well. Mostly because both programs have changed, and the simscan distro hasn't been modified accordingly (and/or perhaps some changes are specific to Fedora). I had to manually alter the code in simscan to modify the dspam arguments, as --feature=chained is no longer supported and compiling with --with-dspam-args has no effect. So, finally I decided to go the jms route and install multiple smtp services for security reasons. 1) smtp + tls port 25, 2) smtp + ssl port 465 (using sslserver). Sending an email via port 25 works just fine: authentication, simscan, clamav, dspam. But sending an email via port 465 results with this error: /var/log/qmail/qmail-smtpdssl/curr...@40004b2f6c161b555e2c qmail-smtpd[23550]: AUTH failed [192.168.0.12] postmas...@test10.com /var/log/maillogDec 21 14:37:37 localhost vpopmail[23557]: vchkpw-smtps: vpopmail user not found postmas...@test10.com:192.168.0.12 Does anyone have any idea why this happening under sslserver? Many thanks,Michael.PS: Apologies for the lengthy blurb, but I thought I would share with everyone my discoveries. > Date: Sat, 5 Dec 2009 02:37:13 +0200 > From: jukka.kurk...@tjc.fi > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > dovecot, to get around the uid 0 error. > > Michael Mussulis wrote: > > sorry modify exactly which user_query? vopmail or dovecot? > > > > > > that one: > > > > user_query = SELECT pw_dir as home, pw_uid AS uid, pw_gid AS gid FROM > > > > vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' > > > and a side note: > > > > Also, the pw_uid/pw_gid in vpopmail table MUST have the correct > > uid/gid > > > > values for the domain if created with -u, other dovecot will fail with: > > that is not quite true, since its dovecot that fails, not vpopmail. so > vpopmail's table does not need to have correct uid/gid, it works fine > without them. > > ++jukka > > > _ Have more than one Hotmail account? Link them together to easily access both http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b2f748132711597814111!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
mmm, I think I tried that at one point but can't be certain, too many tests... :)I will give it a go, but I don't think it will work, I think it will want the domain owner uid/gid not vpopmail/vchkpw...I will let you know the results shortly... mike. > Date: Sat, 5 Dec 2009 02:37:13 +0200 > From: jukka.kurk...@tjc.fi > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > dovecot, to get around the uid 0 error. > > Michael Mussulis wrote: > > sorry modify exactly which user_query? vopmail or dovecot? > > > > > > that one: > > > > user_query = SELECT pw_dir as home, pw_uid AS uid, pw_gid AS gid FROM > > > > vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' > > > and a side note: > > > > Also, the pw_uid/pw_gid in vpopmail table MUST have the correct > > uid/gid > > > > values for the domain if created with -u, other dovecot will fail with: > > that is not quite true, since its dovecot that fails, not vpopmail. so > vpopmail's table does not need to have correct uid/gid, it works fine > without them. > > ++jukka > > > _ View your other email accounts from your Hotmail inbox. Add them now. http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b19ac5532716013015893!
Re: [vchkpw] vdeliver perimission denied for vadddomain -u
dovecot, to get around the uid 0 error. Michael Mussulis wrote: sorry modify exactly which user_query? vopmail or dovecot? that one: > > user_query = SELECT pw_dir as home, pw_uid AS uid, pw_gid AS gid FROM > > vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' and a side note: > > Also, the pw_uid/pw_gid in vpopmail table MUST have the correct uid/gid > > values for the domain if created with -u, other dovecot will fail with: that is not quite true, since its dovecot that fails, not vpopmail. so vpopmail's table does not need to have correct uid/gid, it works fine without them. ++jukka !DSPAM:4b19ab2132711897023641!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
or did u mean the sql query used in dovecot-sql.conf? > Date: Sat, 5 Dec 2009 02:18:13 +0200 > From: jukka.kurk...@tjc.fi > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > you could hard code vpopmail's uid and vchkpw gid in that user_query.. > not quite sure if that will do what you're looking for though. > > ++jukka > _ Got more than one Hotmail account? Save time by linking them together http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b19a94b32711341118240!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
sorry modify exactly which user_query? vopmail or dovecot? mike > Date: Sat, 5 Dec 2009 02:18:13 +0200 > From: jukka.kurk...@tjc.fi > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > you could hard code vpopmail's uid and vchkpw gid in that user_query.. > not quite sure if that will do what you're looking for though. > > ++jukka > > Michael Mussulis wrote: > > Hmm... so basically so far from everything that's been said, it looks > > like the uid/gid values are being used for domain creation purposes, but > > not stored in the sql backend, which brings me to the issue of dovecot > > authentication via IMAP. > > > > As mentioned before, I did a bog standard vpopmail build/install, > > followed by a bog standard dovecot build/install. If I add a domain, > > that is owned by vpopmail/vchkpw - dovecot imap authentication from > > squirremail works just fine. > > > > However, if for a domain owned by a 'mike4', dovecot authentication > > fails with: > > > > auth(default): Info: client in: AUTH1 PLAIN service=imap > > secured lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=56559 > > resp=AHBvc3RtYXN0ZXJAdGVzdDEwLmNvbQAxMjM= > > auth(default): Info: vpopmail(postmas...@test10.com,127.0.0.1): lookup > > user=postmaster domain=test10.com > > auth(default): Info: vpopmail(postmas...@test10.com,127.0.0.1): unknown user > > auth(default): Info: new auth connection: pid=18526 > > auth(default): Info: client out: FAIL 1 user=postmas...@test10.com > > imap-login: Info: Aborted login (auth failed, 1 attempts): > > user=, method=PLAIN, rip=127.0.0.1, > > lip=127.0.0.1, secured > > > > My dovecot.conf auth section is: > > > > ## > > ## Authentication processes > > ## > > > > auth default { > >mechanisms = plain > > > >### works for vpopmail/vchkpw domains > >#passdb vpopmail { > >#args = > >#} > > > >#userdb vpopmail { > >#} > >### > > > >### works for -u domains > >passdb sql { > > args = /usr/local/hcp/etc/dovecot-sql.conf > >} > > > > > >userdb sql { > >args = /usr/local/hcp/etc/dovecot-sql.conf > > } > > > >user = vpopmail > >count = 1 > >ssl_require_client_cert = no > > } > > > > and dovecot-sql.conf: > > > > driver = mysql > > connect = host=localhost port=3306 user=admin password= dbname=hcp > > default_pass_scheme = CRYPT > > password_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user, > > pw_passwd AS password FROM vpopmail WHERE pw_name = '%n' AND pw_domain = > > '%d' > > user_query = SELECT pw_dir as home, pw_uid AS uid, pw_gid AS gid FROM > > vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' > > > > Also, the pw_uid/pw_gid in vpopmail table MUST have the correct uid/gid > > values for the domain if created with -u, other dovecot will fail with: > > > > dovecot: Error: User postmas...@test10.com not allowed to log in using > > UNIX UID 0 (root logins are never allowed) > > > > Am I doing something wrong? Am I to understand that for any domain I > > create with -u, I then have to update vpopmail table with the real > > uid/gid values? > > > > Thanks, > > Michael. > > (PS: I know part of the question is about dovecot, but it's closely tied > > to vpopmail authentication). > > > > > Date: Fri, 4 Dec 2009 09:46:37 -0600 > > > From: m...@inter7.com > > > To: vchkpw@inter7.com > > > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > > > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA1 > > > > > > Pavel V. Yanchenko wrote: > > > > Could it be that vdelivermail ignores groups? Is it possible at all? > > > > > > The groups file is not read by uid selection or execution system calls. > > > - -- > > > /* > > > Matt Brookings GnuPG Key FAE0672C > > > Software developer Systems technician > > > Inter7 Internet Technologies, Inc. (815)776-9465 > > > */ > > > -BEGIN PGP SIGNATURE- > > > Version: GnuPG v1.4.9 (GNU/Linux) > > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > > > > > iEYEARECAAYFAksZLt0ACgkQIwet2/rgZyyUBACcCRonIobcnTDT02rhYIr43oqA > > > /94Ani3PjvK4TTtEB0fmsiHhCi9mbU8E > > > =sHP6 > > > -END PGP SIGNATURE- > > > > > > Use Hotmail to send and receive mail from your different email accounts. > > Find out how. <http://clk.atdmt.com/UKM/go/186394592/direct/01/> > > > > > > _ Use Hotmail to send and receive mail from your different email accounts http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b19a8fb32717360018702!
Re: [vchkpw] vdeliver perimission denied for vadddomain -u
you could hard code vpopmail's uid and vchkpw gid in that user_query.. not quite sure if that will do what you're looking for though. ++jukka Michael Mussulis wrote: Hmm... so basically so far from everything that's been said, it looks like the uid/gid values are being used for domain creation purposes, but not stored in the sql backend, which brings me to the issue of dovecot authentication via IMAP. As mentioned before, I did a bog standard vpopmail build/install, followed by a bog standard dovecot build/install. If I add a domain, that is owned by vpopmail/vchkpw - dovecot imap authentication from squirremail works just fine. However, if for a domain owned by a 'mike4', dovecot authentication fails with: auth(default): Info: client in: AUTH1 PLAIN service=imap secured lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=56559 resp=AHBvc3RtYXN0ZXJAdGVzdDEwLmNvbQAxMjM= auth(default): Info: vpopmail(postmas...@test10.com,127.0.0.1): lookup user=postmaster domain=test10.com auth(default): Info: vpopmail(postmas...@test10.com,127.0.0.1): unknown user auth(default): Info: new auth connection: pid=18526 auth(default): Info: client out: FAIL 1 user=postmas...@test10.com imap-login: Info: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured My dovecot.conf auth section is: ## ## Authentication processes ## auth default { mechanisms = plain ### works for vpopmail/vchkpw domains #passdb vpopmail { #args = #} #userdb vpopmail { #} ### ### works for -u domains passdb sql { args = /usr/local/hcp/etc/dovecot-sql.conf } userdb sql { args = /usr/local/hcp/etc/dovecot-sql.conf } user = vpopmail count = 1 ssl_require_client_cert = no } and dovecot-sql.conf: driver = mysql connect = host=localhost port=3306 user=admin password= dbname=hcp default_pass_scheme = CRYPT password_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_passwd AS password FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' user_query = SELECT pw_dir as home, pw_uid AS uid, pw_gid AS gid FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' Also, the pw_uid/pw_gid in vpopmail table MUST have the correct uid/gid values for the domain if created with -u, other dovecot will fail with: dovecot: Error: User postmas...@test10.com not allowed to log in using UNIX UID 0 (root logins are never allowed) Am I doing something wrong? Am I to understand that for any domain I create with -u, I then have to update vpopmail table with the real uid/gid values? Thanks, Michael. (PS: I know part of the question is about dovecot, but it's closely tied to vpopmail authentication). > Date: Fri, 4 Dec 2009 09:46:37 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Pavel V. Yanchenko wrote: > > Could it be that vdelivermail ignores groups? Is it possible at all? > > The groups file is not read by uid selection or execution system calls. > - -- > /* > Matt Brookings GnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksZLt0ACgkQIwet2/rgZyyUBACcCRonIobcnTDT02rhYIr43oqA > /94Ani3PjvK4TTtEB0fmsiHhCi9mbU8E > =sHP6 > -END PGP SIGNATURE- Use Hotmail to send and receive mail from your different email accounts. Find out how. <http://clk.atdmt.com/UKM/go/186394592/direct/01/> !DSPAM:4b19a6ae32711147615442!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Hmm... so basically so far from everything that's been said, it looks like the uid/gid values are being used for domain creation purposes, but not stored in the sql backend, which brings me to the issue of dovecot authentication via IMAP. As mentioned before, I did a bog standard vpopmail build/install, followed by a bog standard dovecot build/install. If I add a domain, that is owned by vpopmail/vchkpw - dovecot imap authentication from squirremail works just fine. However, if for a domain owned by a 'mike4', dovecot authentication fails with: auth(default): Info: client in: AUTH1 PLAIN service=imapsecured lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=56559 resp=AHBvc3RtYXN0ZXJAdGVzdDEwLmNvbQAxMjM=auth(default): Info: vpopmail(postmas...@test10.com,127.0.0.1): lookup user=postmaster domain=test10.comauth(default): Info: vpopmail(postmas...@test10.com,127.0.0.1): unknown userauth(default): Info: new auth connection: pid=18526auth(default): Info: client out: FAIL 1 user=postmas...@test10.comimap-login: Info: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured My dovecot.conf auth section is: Authentication processes## auth default { mechanisms = plain ### works for vpopmail/vchkpw domains #passdb vpopmail { #args = #} #userdb vpopmail { #} ### ### works for -u domains passdb sql { args = /usr/local/hcp/etc/dovecot-sql.conf } userdb sql { args = /usr/local/hcp/etc/dovecot-sql.conf} user = vpopmail count = 1 ssl_require_client_cert = no} and dovecot-sql.conf: driver = mysqlconnect = host=localhost port=3306 user=admin password= dbname=hcpdefault_pass_scheme = CRYPTpassword_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_passwd AS password FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d'user_query = SELECT pw_dir as home, pw_uid AS uid, pw_gid AS gid FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' Also, the pw_uid/pw_gid in vpopmail table MUST have the correct uid/gid values for the domain if created with -u, other dovecot will fail with: dovecot: Error: User postmas...@test10.com not allowed to log in using UNIX UID 0 (root logins are never allowed) Am I doing something wrong? Am I to understand that for any domain I create with -u, I then have to update vpopmail table with the real uid/gid values? Thanks,Michael.(PS: I know part of the question is about dovecot, but it's closely tied to vpopmail authentication). > Date: Fri, 4 Dec 2009 09:46:37 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Pavel V. Yanchenko wrote: > > Could it be that vdelivermail ignores groups? Is it possible at all? > > The groups file is not read by uid selection or execution system calls. > - -- > /* > Matt BrookingsGnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksZLt0ACgkQIwet2/rgZyyUBACcCRonIobcnTDT02rhYIr43oqA > /94Ani3PjvK4TTtEB0fmsiHhCi9mbU8E > =sHP6 > -END PGP SIGNATURE- _ Use Hotmail to send and receive mail from your different email accounts http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b199dfa32711374655388!
RE: Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u
Pavel, Didn't work, I got this: @40004b1996a62056cd0c status: local 0/10 remote 0/1...@40004b19970325ce2f3c starting delivery 92: msg 206456 to local test10.com-postmas...@test10.com@40004b19970325ce42c4 status: local 1/10 remote 0/1...@40004b1997071b92096c delivery 92: deferral: vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/Error_-_no_authentication_database_connection._Initial_open./vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/Error_-_no_authentication_database_connection._Initial_open./grep:_/.qmail-default:_No_such_file_or_directory/grep:_/.qmail-default:_No_such_file_or_directory/awk:_cmd._line:1:_fatal:_cannot_open_file_`/.qmail-default'_for_reading_(No_such_file_or_directory)/maildrop:_non-filtered_mail_delivery//usr/local/hcp/bin/maildrop:_Unable_to_open_mailbox./@40004b1997071be015e4 status: local 0/10 remote 0/120 Works only in mode 644. Mike. > Date: Fri, 4 Dec 2009 18:30:05 +0300 > From: bal...@msmu.ru > To: vchkpw@inter7.com > Subject: Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u > > Update. > > If vdelivermail is made 102711 (set group id on exec) then mail is > delivered. > > Try it, Michael. > > -- > Best regards, > Pavelmailto:bal...@msmu.ru > > > > _ Use Hotmail to send and receive mail from your different email accounts http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b1997b632711610977555!
Re: [vchkpw] vdeliver perimission denied for vadddomain -u
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pavel V. Yanchenko wrote: > Could it be that vdelivermail ignores groups? Is it possible at all? The groups file is not read by uid selection or execution system calls. - -- /* Matt BrookingsGnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAksZLt0ACgkQIwet2/rgZyyUBACcCRonIobcnTDT02rhYIr43oqA /94Ani3PjvK4TTtEB0fmsiHhCi9mbU8E =sHP6 -END PGP SIGNATURE-
Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u
Update. If vdelivermail is made 102711 (set group id on exec) then mail is delivered. Try it, Michael. -- Best regards, Pavelmailto:bal...@msmu.ru !DSPAM:4b192b2832711661460450!
Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u
Hmmm, I've created a test domain belonging to user balrog, and although vpopmail.mysql file is accesible, messages are not delivered until I change its permissions to 644: permissions: /home/vpopmail 40711 /home/vpopmail/etc 40755 /home/vpopmail/etc/vpopmail.mysql 100640 [bal...@mail ~]$ id uid=508(balrog) gid=508(balrog) groups=502(vchkpw),508(balrog) [bal...@mail ~]$ cat /home/vpopmail/etc/vpopmail.mysql localhost|0|vpopmail||vpopmail Attempt to send mail results in this error in qmail-send log: deferral: vmysql:_can't_read_settings_from_/home/vpopmail/etc/vpopmail.mysql/vdelivermail:_deferred,_database_down/ When vpopmail.mysql is made 644, then messages are delivered nicely. Further testing revealed that although user "balrog" is a member of vchkpw group and can access vpopmail.mysql (see above), this file is not available to him while vdelivermail is running: 15730 open("/home/vpopmail/etc/vpopmail.mysql", O_RDONLY) = -1 EACCES (Permission denied) If I change group of vpopmail.mysql to balrog, then mail gets delivered in this domain. Could it be that vdelivermail ignores groups? Is it possible at all? Friday, December 4, 2009, 4:49:30 PM, you wrote: > Jukka, To clarify, the user was part of 'vhckpw' group before I tried reverting to mode 640. So still having the issue. At the moment it's working with mode 644. Mike. > Date: Fri, 4 Dec 2009 15:45:30 +0200 > From: jukka.kurk...@tjc.fi > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > Thats kind of odd.. did you make sure the user (mike4 i guess) is in > that group? > > ++jukka > > Michael Mussulis wrote: Add other email accounts to Hotmail in 3 easy steps. Find out how. -- Best regards, Pavel mailto:bal...@msmu.ru !DSPAM:4b192a3232712125865721!
Re: [vchkpw] vdeliver perimission denied for vadddomain -u
Matt Brookings wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Mussulis wrote: Furthermore, having followed the instructions to the letter, I would expect it to simply work - unless there's something silly I've missed (or perhaps undocumented). If other people have -u to work perhaps they can shed some light on whether they had to take special steps to make it work. I would also expect it to work. I have no reports of failure of this feature anywhere, and my local tests show that it's working with all of the recent versions available. Are you running a version prior to 5.4.15? Unfortunately I do not have any further ideas what it might be. Hi, I believe when I used to run it with other users, I had to run qmail-smtpd as root. Otherwise it can't setuid to the other users. Regards, Rick !DSPAM:4b191aa032712038539215!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Jukka, To clarify, the user was part of 'vhckpw' group before I tried reverting to mode 640.So still having the issue. At the moment it's working with mode 644. Mike. > Date: Fri, 4 Dec 2009 15:45:30 +0200 > From: jukka.kurk...@tjc.fi > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > Thats kind of odd.. did you make sure the user (mike4 i guess) is in > that group? > > ++jukka > > Michael Mussulis wrote: _ Have more than one Hotmail account? Link them together to easily access both http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b19136b32711767011716!
RE: Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u
Hi Pavel, It already is, see output of id: [r...@vmfc12 ~]# id mike4uid=516(mike4) gid=516(mike4) groups=516(mike4),502(vchkpw) Mike. Date: Fri, 4 Dec 2009 16:36:46 +0300 From: bal...@msmu.ru To: vchkpw@inter7.com Subject: Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u Hello Michael, I'm not sure how it will affect security, but perhaps you could make mike4 and other users who need access to vpopmail.mysql members of vchkpw group? In linux it should be "usermod -a -G vchkpw mike4" And you can use "groups mike4" command to see in which groups mike4 is. _ Use Hotmail to send and receive mail from your different email accounts http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b1912f132712110113787!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Yup... see output of id: [r...@vmfc12 ~]# id mike4uid=516(mike4) gid=516(mike4) groups=516(mike4),502(vchkpw) Mike. > Date: Fri, 4 Dec 2009 15:45:30 +0200 > From: jukka.kurk...@tjc.fi > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > Thats kind of odd.. did you make sure the user (mike4 i guess) is in > that group? > > ++jukka > > Michael Mussulis wrote: > > Jukka, > > > > Good point, but vpopmail.mysql is already group vchkpw and mode 640 > > doesn't work. I tried and it gives: > > > > @40004b19000104a3957c delivery 37: deferral: > > vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/vdelivermail:_deferred,_database_down/ > > > > Any other ideas? > > > > Thanks, > > Michael. > > > > > Date: Fri, 4 Dec 2009 10:09:44 +0200 > > > From: jukka.kurk...@tjc.fi > > > To: vchkpw@inter7.com > > > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > > > > > rather change the group of vpopmail.mysql to vchkpw and let it be in > > > mode 640.. it contains the password for the database, and if anyone who > > > don't need to know it has shell access, its a security risk. > > > > > > ++jukka > > > > > > > > > > > Have more than one Hotmail account? Link them together to easily access > > both. < http://clk.atdmt.com/UKM/go/186394591/direct/01/> > > > > > > _ Add your Gmail and Yahoo! Mail email accounts into Hotmail - it's easy http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b1912c732711108910712!
Re: [vchkpw] vdeliver perimission denied for vadddomain -u
Thats kind of odd.. did you make sure the user (mike4 i guess) is in that group? ++jukka Michael Mussulis wrote: Jukka, Good point, but vpopmail.mysql is already group vchkpw and mode 640 doesn't work. I tried and it gives: @40004b19000104a3957c delivery 37: deferral: vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/vdelivermail:_deferred,_database_down/ Any other ideas? Thanks, Michael. > Date: Fri, 4 Dec 2009 10:09:44 +0200 > From: jukka.kurk...@tjc.fi > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > rather change the group of vpopmail.mysql to vchkpw and let it be in > mode 640.. it contains the password for the database, and if anyone who > don't need to know it has shell access, its a security risk. > > ++jukka > Have more than one Hotmail account? Link them together to easily access both. < http://clk.atdmt.com/UKM/go/186394591/direct/01/> !DSPAM:4b19126232711894716758!
Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u
Hello Michael, I'm not sure how it will affect security, but perhaps you could make mike4 and other users who need access to vpopmail.mysql members of vchkpw group? In linux it should be "usermod -a -G vchkpw mike4" And you can use "groups mike4" command to see in which groups mike4 is. Friday, December 4, 2009, 3:47:57 PM, you wrote: > Jukka, Good point, but vpopmail.mysql is already group vchkpw and mode 640 doesn't work. I tried and it gives: @40004b19000104a3957c delivery 37: deferral: vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/vdelivermail:_deferred,_database_down/ Any other ideas? Thanks, Michael. > Date: Fri, 4 Dec 2009 10:09:44 +0200 > From: jukka.kurk...@tjc.fi > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > rather change the group of vpopmail.mysql to vchkpw and let it be in > mode 640.. it contains the password for the database, and if anyone who > don't need to know it has shell access, its a security risk. > > ++jukka > Have more than one Hotmail account? Link them together to easily access both. -- Best regards, Pavel mailto:bal...@msmu.ru !DSPAM:4b19109d32711976249256!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Jukka, Good point, but vpopmail.mysql is already group vchkpw and mode 640 doesn't work. I tried and it gives: @40004b19000104a3957c delivery 37: deferral: vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/vdelivermail:_deferred,_database_down/ Any other ideas? Thanks,Michael. > Date: Fri, 4 Dec 2009 10:09:44 +0200 > From: jukka.kurk...@tjc.fi > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > rather change the group of vpopmail.mysql to vchkpw and let it be in > mode 640.. it contains the password for the database, and if anyone who > don't need to know it has shell access, its a security risk. > > ++jukka > _ Add your Gmail and Yahoo! Mail email accounts into Hotmail - it's easy http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b1904ff32711926221187!
Re: [vchkpw] vdeliver perimission denied for vadddomain -u
rather change the group of vpopmail.mysql to vchkpw and let it be in mode 640.. it contains the password for the database, and if anyone who don't need to know it has shell access, its a security risk. ++jukka Michael Mussulis wrote: Tom/Matt, I recompiled with spamassassin and maildrop, reinstalled, and vpopmail.mysql went back to mode 640, which caused this error: @40004b184f6a0be9e37c new msg 207176 @40004b184f6a0be9ef34 info msg 207176: bytes 496 from qp 15404 uid 0 @40004b184f6a0be9f704 starting delivery 1: msg 207176 to local test10.com-postmas...@test10.com @40004b184f6a0bea02bc status: local 1/10 remote 0/120 @40004b184f6a0cce9274 delivery 1: deferral: vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/vdelivermail:_deferred,_database_down/ As soon as I changed to mode 644, it worked instantly. @40004b184fe21a1183ec starting delivery 7: msg 206333 to local test10.com-postmas...@test10.com @40004b184fe21a119774 status: local 1/10 remote 0/120 @40004b184fe70d156744 delivery 7: success: LibClamAV_Error:_cl_cvdhead:_Can't_open_file_/var/lib/clamav/daily.cvd/maildrop:_non-filtered_mail_delivery/did_0+0+1/ @40004b184fe70da581e4 status: local 0/10 remote 0/120 @40004b184fe70da58d9c end msg 206333 Tom, you're my hero! :) Now to get rid of that annoying clamav error... Mike. > From: t...@tomlogic.com > Date: Thu, 3 Dec 2009 15:25:05 -0800 > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > Sorry to just jump in at a random point in the conversation, but here are some thoughts. > > If you su to the mike4 user, can you run ~vpopmail/bin/vdelivermail (i.e., do you have execute access on the file)? It needs to be able to do that. Can you cd into the directory with email for that domain? Maybe a higher-level directory prevents you from changing into it (you'll likely have to cd directly to it). > > I think that vdelivermail is self-contained, so you probably don't need to have access to other binaries. Qmail-local runs with the uid/gid in the users/assign file. > > -Tom > > View your other email accounts from your Hotmail inbox. Add them now. <http://clk.atdmt.com/UKM/go/186394592/direct/01/> !DSPAM:4b18c3b132712015298635!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Matt, Just to reply, config.h look ok to me: [r...@vmfc12 vpopmail-5.4.29]# cat config.h | grep -P "usr|bin|vpop"#define LOG_NAME "vpopmail"#define MAILDROP_PROG "/usr/local/hcp/bin/maildrop"#define OPEN_SMTP_CUR_FILE "/usr/local/hcp/vpopmail/etc/open-smtp"#define OPEN_SMTP_LOK_FILE "/usr/local/hcp/vpopmail/etc/open-smtp.lock"#define OPEN_SMTP_TMP_FILE "/usr/local/hcp/vpopmail/etc/open-smtp.tmp"#define PACKAGE "vpopmail"#define PACKAGE_NAME "vpopmail"#define PACKAGE_STRING "vpopmail 5.4.29"#define PACKAGE_TARNAME "vpopmail"#define QMAILDIR "/usr/local/hcp/var/qmail"#define QMAILINJECT "/usr/local/hcp/var/qmail/bin/qmail-inject"#define QMAILNEWMRH "/usr/local/hcp/var/qmail/bin/qmail-newmrh"#define QMAILNEWU "/usr/local/hcp/var/qmail/bin/qmail-newu"#define SPAMC_PROG "/usr/bin/spamc"#define TCPRULES_PROG "/usr/local/bin/tcprules"#define TCP_FILE "/usr/local/hcp/vpopmail/etc/tcp.smtp"#define VLIMITS_DEFAULT_FILE "/usr/local/hcp/vpopmail/etc/vlimits.default"#define VPOPMAILDIR "/usr/local/hcp/vpopmail"#define VPOPUSER "vpopmail" Any other paths I may have missed? Thanks,Michael. > Date: Thu, 3 Dec 2009 17:14:34 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Mussulis wrote: > > Matt, > > > > Just to make sure we're on the page, I've done a brand new build using > > version 5.4.29 you recently released, without maildrop as shown below.. > > Installed, restarted qmail, still getting permission denied. > > Check config.h to check the directory locations. Also, su to the mike user > and see if he can execute the command in test.com/.qmail-default. > - -- > /* > Matt BrookingsGnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksYRloACgkQIwet2/rgZyxQMACfZJWL6yVy2aQniBNzdoWgCxVL > DtIAni37zsGrKDSDEpXK+WE/Q/dlg6sT > =FvBC > -END PGP SIGNATURE- _ Have more than one Hotmail account? Link them together to easily access both http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b1850d332713077757407!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Tom/Matt, I recompiled with spamassassin and maildrop, reinstalled, and vpopmail.mysql went back to mode 640, which caused this error: @40004b184f6a0be9e37c new msg 207...@40004b184f6a0be9ef34 info msg 207176: bytes 496 from qp 15404 uid 0...@40004b184f6a0be9f704 starting delivery 1: msg 207176 to local test10.com-postmas...@test10.com@40004b184f6a0bea02bc status: local 1/10 remote 0/1...@40004b184f6a0cce9274 delivery 1: deferral: vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/vdelivermail:_deferred,_database_down/ As soon as I changed to mode 644, it worked instantly. @40004b184fe21a1183ec starting delivery 7: msg 206333 to local test10.com-postmas...@test10.com@40004b184fe21a119774 status: local 1/10 remote 0/1...@40004b184fe70d156744 delivery 7: success: LibClamAV_Error:_cl_cvdhead:_Can't_open_file_/var/lib/clamav/daily.cvd/maildrop:_non-filtered_mail_delivery/did_0+0+1/@40004b184fe70da581e4 status: local 0/10 remote 0/1...@40004b184fe70da58d9c end msg 206333 Tom, you're my hero! :) Now to get rid of that annoying clamav error... Mike. > From: t...@tomlogic.com > Date: Thu, 3 Dec 2009 15:25:05 -0800 > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > Sorry to just jump in at a random point in the conversation, but here are > some thoughts. > > If you su to the mike4 user, can you run ~vpopmail/bin/vdelivermail (i.e., do > you have execute access on the file)? It needs to be able to do that. Can > you cd into the directory with email for that domain? Maybe a higher-level > directory prevents you from changing into it (you'll likely have to cd > directly to it). > > I think that vdelivermail is self-contained, so you probably don't need to > have access to other binaries. Qmail-local runs with the uid/gid in the > users/assign file. > > -Tom > > _ View your other email accounts from your Hotmail inbox. Add them now. http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b18501332718274911049!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Tom, I reckon you might be on to something. I did su to mike4, and couldn't even list the ~vpopmail/bin directory, let alone execute vdelivermail - in fact I got "Permission denied"! And I fixed it! I changed permissions as follows: ~vpopmail/ - to mode 2755~vpopmail/etc/ - to mode 40755~vpopmail/etc/vpopmail.mysql - to mode 644 It started working straight away! Can you guys validate my changes? I want to make sure I have not opened a security hole. Many thanks,Michael. > From: t...@tomlogic.com > Date: Thu, 3 Dec 2009 15:25:05 -0800 > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > Sorry to just jump in at a random point in the conversation, but here are > some thoughts. > > If you su to the mike4 user, can you run ~vpopmail/bin/vdelivermail (i.e., do > you have execute access on the file)? It needs to be able to do that. Can > you cd into the directory with email for that domain? Maybe a higher-level > directory prevents you from changing into it (you'll likely have to cd > directly to it). > > I think that vdelivermail is self-contained, so you probably don't need to > have access to other binaries. Qmail-local runs with the uid/gid in the > users/assign file. > > -Tom > > _ Use Hotmail to send and receive mail from your different email accounts http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b184e8132712986024433!
Re: [vchkpw] vdeliver perimission denied for vadddomain -u
Sorry to just jump in at a random point in the conversation, but here are some thoughts. If you su to the mike4 user, can you run ~vpopmail/bin/vdelivermail (i.e., do you have execute access on the file)? It needs to be able to do that. Can you cd into the directory with email for that domain? Maybe a higher-level directory prevents you from changing into it (you'll likely have to cd directly to it). I think that vdelivermail is self-contained, so you probably don't need to have access to other binaries. Qmail-local runs with the uid/gid in the users/assign file. -Tom !DSPAM:4b1848d732711437321215!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
spamassassin was already disabled in vlimits.default, but I recompiled again without it.Same problem. Mike. Date: Thu, 3 Dec 2009 15:16:45 -0800 From: t...@eotnetworks.com To: vchkpw@inter7.com Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u Try disabling spamassassin support as well. t _ Add your Gmail and Yahoo! Mail email accounts into Hotmail - it's easy http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b18482a32711903420225!
Re: [vchkpw] vdeliver perimission denied for vadddomain -u
Try disabling spamassassin support as well. t From: Michael Mussulis To: vchkpw@inter7.com Sent: Thu Dec 03 15:13:25 2009 Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u Matt, Just to make sure we're on the page, I've done a brand new build using version 5.4.29 you recently released, without maildrop as shown below. Installed, restarted qmail, still getting permission denied. Mike. configure: creating ./config.status config.status: creating Makefile config.status: creating config.h config.status: executing depfiles commands vpopmail 5.4.29 Current settings --- vpopmail directory = /usr/local/hcp/vpopmail domains directory = /usr/local/hcp/vpopmail/domains uid = 507 gid = 502 & nbsp; roaming users = ON --enable-roaming-users tcpserver file = /usr/local/hcp/vpopmail/etc/tcp.smtp open_smtp file = /usr/local/hcp/vpopmail/etc/open-smtp rebuild tcpserver file = ON --enable-rebuild-tcpserver-file (default) password learning = OFF --disable-learn-passwords (default) md5 passwords = ON --enable-md5-passwords (default) file locking = ON --enable-file-locking (default) vdelivermail fsync = OFF --disable-file-sync (default) make seekable = ON --enable-make-seekable (default) clear passwd = OFF --disable-clear-passwd user dir hashing = ON --enable-users-big-dir (default) address extensions = ON --enable-qmail-ext &nb sp;ip alias = ON --enable-ip-alias-domains onchange script = OFF --disable-onchange-script (default) domain quotas = ON --enable-domainquotas *** Domain quotas should only be enabled *** *** when using the vpopmail usage daemon *** auth module = mysql --enable-auth-module=mysql mysql replication = OFF --disable-mysql-replication (default) sql logging = OFF --disable-sql-logging (default) mysql limits = ON --enable-mysql-limits SQL valias table = ON --enable-valias auth inc = -I/usr/include/mysql &n bsp; auth lib = -Xlinker -R -Xlinker /usr/lib/mysql -L/usr/lib/mysql -lmysqlclient -lz -lm system passwords = ON --enable-passwd pop syslog = log success and errors including passwords --enable-logging=v auth logging = ON --enable-auth-logging (default) all domains in one SQL table = --enable-many-domains (default) spamassassin = ON --enable-spamassassin maildrop = OFF --disable-maildrop (default) > Date: Thu, 3 Dec 2009 17:05:43 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Tren Blackburn wrote: > > Excuse my interjection but could the issue be with maildrop being called > > during the delivery process? What do your maildroprc file have in it? > > Does maildrop have permission to delivery to that directory? > > Ah. Also, does vdelivermail have permission to run maildrop, and if so, when > it's running as your domain's user, can it read the maildroprc file? > - -- > /* > Matt Brookings GnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksYREcACgkQIwet2/rgZyzBrACdEzrgSHO9RhfnB2HEq/yoX5UP > OK4An38fXfPDDaIxnG3BsqfX/naiVR0R > =Zd65 > -END PGP SIGNATURE- < hr />Use Hotmail to send and receive mail from your different email accounts. Find out how. <http://clk.atdmt.com/UKM/go/186394592/direct/01/> !DSPAM:4b18472a32711015180732!
Re: [vchkpw] vdeliver perimission denied for vadddomain -u
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Mussulis wrote: > Matt, > > Just to make sure we're on the page, I've done a brand new build using > version 5.4.29 you recently released, without maildrop as shown below. > Installed, restarted qmail, still getting permission denied. Check config.h to check the directory locations. Also, su to the mike user and see if he can execute the command in test.com/.qmail-default. - -- /* Matt BrookingsGnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAksYRloACgkQIwet2/rgZyxQMACfZJWL6yVy2aQniBNzdoWgCxVL DtIAni37zsGrKDSDEpXK+WE/Q/dlg6sT =FvBC -END PGP SIGNATURE-
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Matt, Just to make sure we're on the page, I've done a brand new build using version 5.4.29 you recently released, without maildrop as shown below. Installed, restarted qmail, still getting permission denied. Mike. configure: creating ./config.statusconfig.status: creating Makefileconfig.status: creating config.hconfig.status: executing depfiles commands vpopmail 5.4.29Current settings--- vpopmail directory = /usr/local/hcp/vpopmail domains directory = /usr/local/hcp/vpopmail/domains uid = 507 gid = 502 roaming users = ON --enable-roaming-userstcpserver file = /usr/local/hcp/vpopmail/etc/tcp.smtpopen_smtp file = /usr/local/hcp/vpopmail/etc/open-smtprebuild tcpserver file = ON --enable-rebuild-tcpserver-file (default) password learning = OFF --disable-learn-passwords (default) md5 passwords = ON --enable-md5-passwords (default) file locking = ON --enable-file-locking (default)vdelivermail fsync = OFF --disable-file-sync (default) make seekable = ON --enable-make-seekable (default) clear passwd = OFF --disable-clear-passwd user dir hashing = ON --enable-users-big-dir (default)address extensions = ON --enable-qmail-ext ip alias = ON --enable-ip-alias-domains onchange script = OFF --disable-onchange-script (default) domain quotas = ON --enable-domainquotas *** Domain quotas should only be enabled *** *** when using the vpopmail usage daemon *** auth module = mysql --enable-auth-module=mysql mysql replication = OFF --disable-mysql-replication (default) sql logging = OFF --disable-sql-logging (default) mysql limits = ON --enable-mysql-limits SQL valias table = ON --enable-valias auth inc = -I/usr/include/mysql auth lib = -Xlinker -R -Xlinker /usr/lib/mysql -L/usr/lib/mysql -lmysqlclient -lz -lm system passwords = ON --enable-passwdpop syslog = log success and errors including passwords --enable-logging=v auth logging = ON --enable-auth-logging (default)all domains in one SQL table = --enable-many-domains (default) spamassassin = ON --enable-spamassassin maildrop = OFF --disable-maildrop (default) > Date: Thu, 3 Dec 2009 17:05:43 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Tren Blackburn wrote: > > Excuse my interjection but could the issue be with maildrop being called > > during the delivery process? What do your maildroprc file have in it? > > Does maildrop have permission to delivery to that directory? > > Ah. Also, does vdelivermail have permission to run maildrop, and if so, when > it's running as your domain's user, can it read the maildroprc file? > - -- > /* > Matt BrookingsGnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksYREcACgkQIwet2/rgZyzBrACdEzrgSHO9RhfnB2HEq/yoX5UP > OK4An38fXfPDDaIxnG3BsqfX/naiVR0R > =Zd65 > -END PGP SIGNATURE- _ Use Hotmail to send and receive mail from your different email accounts http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b18461732717061118818!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Tren, No need to apologize, and I thought of the exact same thing, so I did two tests: 1. disable maildrop in ./etc/vlimits.default2. recompiled vpopmail without maildrop Still got the same error. I even went as far as renaming the maildroprc file, but still no go. Thanks,Michael. -- Excuse my interjection but could the issue be with maildrop being called during the delivery process? What do your maildroprc file have in it? Does maildrop have permission to delivery to that directory? _ Have more than one Hotmail account? Link them together to easily access both http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b1844d932719032374427!
Re: [vchkpw] vdeliver perimission denied for vadddomain -u
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tren Blackburn wrote: > Excuse my interjection but could the issue be with maildrop being called > during the delivery process? What do your maildroprc file have in it? > Does maildrop have permission to delivery to that directory? Ah. Also, does vdelivermail have permission to run maildrop, and if so, when it's running as your domain's user, can it read the maildroprc file? - -- /* Matt BrookingsGnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAksYREcACgkQIwet2/rgZyzBrACdEzrgSHO9RhfnB2HEq/yoX5UP OK4An38fXfPDDaIxnG3BsqfX/naiVR0R =Zd65 -END PGP SIGNATURE-
Re: [vchkpw] vdeliver perimission denied for vadddomain -u
Excuse my interjection but could the issue be with maildrop being called during the delivery process? What do your maildroprc file have in it? Does maildrop have permission to delivery to that directory? - Original Message - From: Matt Brookings To: vchkpw@inter7.com Sent: Thu Dec 03 15:00:16 2009 Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Mussulis wrote: > Matt, > > I am running version 5.4.28 downloaded from sourceforge and compiled with: > > #!/bin/sh > > ./configure \ > --prefix=/usr/local/hcp \ > --enable-qmaildir=/usr/local/hcp/var/qmail \ > --enable-qmail-newu=/usr/local/hcp/var/qmail/bin/qmail-newu \ > --enable-qmail-inject=/usr/local/hcp/var/qmail/bin/qmail-inject \ > --enable-qmail-newmrh=/usr/local/hcp/var/qmail/bin/qmail-newmrh \ > --enable-tcpserver-fle=/usr/local/hcp/etc/tcp.smtp \ > --enable-logging=v \ > --enable-auth-module=mysql \ > --disable-clear-passwd \ > --enable-qmail-ext \ > --enable-ip-alias-domains \ > --enable-auth-logging \ > --enable-valias \ > --enable-mysql-limits \ > --enable-domainquotas=y \ > --enable-roaming-users \ > --enable-relay-clear-minutes=180 \ > --enable-many-domains \ > --enable-spamassassin=y \ > --enable-passwd \ > --enable-maildrop=y \ > --enable-maildrop-prog=/usr/local/hcp/bin/maildrop There are some path selection issues with 5.4. Check config.h. You will probably notice that some of the defines show the wrong location for binaries and other files. You can create symlinks to fix the pathing issues, or modify config.h to show the proper locations and recompile if you find this problem. - -- /* Matt BrookingsGnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAksYQwAACgkQIwet2/rgZyzlBQCfWkFlKk8n9mMZe9fACqYS2OH5 QrQAnAuGIoG9edUmYLE+pXmlYWqQl/rr =4CGR -END PGP SIGNATURE- !DSPAM:4b1843df32718190216758!
Re: [vchkpw] vdeliver perimission denied for vadddomain -u
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Mussulis wrote: > Matt, > > Is there any way to manually debug vdelivermail? Of course. Look at the qmail-command manpage. - -- /* Matt BrookingsGnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAksYQzUACgkQIwet2/rgZyx2sACbB9XJpefKfUCeULTVyPaRUe0z +XcAoIb301+sEsvnvAvV8z4YME3cFylo =3W+d -END PGP SIGNATURE-
Re: [vchkpw] vdeliver perimission denied for vadddomain -u
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Mussulis wrote: > Matt, > > I am running version 5.4.28 downloaded from sourceforge and compiled with: > > #!/bin/sh > > ./configure \ > --prefix=/usr/local/hcp \ > --enable-qmaildir=/usr/local/hcp/var/qmail \ > --enable-qmail-newu=/usr/local/hcp/var/qmail/bin/qmail-newu \ > --enable-qmail-inject=/usr/local/hcp/var/qmail/bin/qmail-inject \ > --enable-qmail-newmrh=/usr/local/hcp/var/qmail/bin/qmail-newmrh \ > --enable-tcpserver-fle=/usr/local/hcp/etc/tcp.smtp \ > --enable-logging=v \ > --enable-auth-module=mysql \ > --disable-clear-passwd \ > --enable-qmail-ext \ > --enable-ip-alias-domains \ > --enable-auth-logging \ > --enable-valias \ > --enable-mysql-limits \ > --enable-domainquotas=y \ > --enable-roaming-users \ > --enable-relay-clear-minutes=180 \ > --enable-many-domains \ > --enable-spamassassin=y \ > --enable-passwd \ > --enable-maildrop=y \ > --enable-maildrop-prog=/usr/local/hcp/bin/maildrop There are some path selection issues with 5.4. Check config.h. You will probably notice that some of the defines show the wrong location for binaries and other files. You can create symlinks to fix the pathing issues, or modify config.h to show the proper locations and recompile if you find this problem. - -- /* Matt BrookingsGnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAksYQwAACgkQIwet2/rgZyzlBQCfWkFlKk8n9mMZe9fACqYS2OH5 QrQAnAuGIoG9edUmYLE+pXmlYWqQl/rr =4CGR -END PGP SIGNATURE-
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Matt, Is there any way to manually debug vdelivermail? Cheers,Michael. > Date: Thu, 3 Dec 2009 16:45:56 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Mussulis wrote: > > Furthermore, having followed the instructions to the letter, I would > > expect it to simply work - unless there's something silly I've missed > > (or perhaps undocumented). If other people have -u to work perhaps they > > can shed some light on whether they had to take special steps to make it > > work. > > I would also expect it to work. I have no reports of failure of this feature > anywhere, and my local tests show that it's working with all of the recent > versions > available. Are you running a version prior to 5.4.15? > > Unfortunately I do not have any further ideas what it might be. > - -- > /* > Matt BrookingsGnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksYP6QACgkQIwet2/rgZywAzACggMCNxpFs6TNF3OzhdMV2jW+W > L/cAn01NxHdZAME10vEGNrtSx4PMVXse > =d4qJ > -END PGP SIGNATURE- _ View your other email accounts from your Hotmail inbox. Add them now. http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b18425c32715135881307!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Matt, I am running version 5.4.28 downloaded from sourceforge and compiled with: #!/bin/sh ./configure \--prefix=/usr/local/hcp \ --enable-qmaildir=/usr/local/hcp/var/qmail \ --enable-qmail-newu=/usr/local/hcp/var/qmail/bin/qmail-newu \ --enable-qmail-inject=/usr/local/hcp/var/qmail/bin/qmail-inject \ --enable-qmail-newmrh=/usr/local/hcp/var/qmail/bin/qmail-newmrh \ --enable-tcpserver-fle=/usr/local/hcp/etc/tcp.smtp \--enable-logging=v \ --enable-auth-module=mysql \--disable-clear-passwd \--enable-qmail-ext \--enable-ip-alias-domains \--enable-auth-logging \--enable-valias \--enable-mysql-limits \--enable-domainquotas=y \ --enable-roaming-users \--enable-relay-clear-minutes=180 \ --enable-many-domains \--enable-spamassassin=y \--enable-passwd \ --enable-maildrop=y \--enable-maildrop-prog=/usr/local/hcp/bin/maildrop Thanks,Michael. > Date: Thu, 3 Dec 2009 16:45:56 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Mussulis wrote: > > Furthermore, having followed the instructions to the letter, I would > > expect it to simply work - unless there's something silly I've missed > > (or perhaps undocumented). If other people have -u to work perhaps they > > can shed some light on whether they had to take special steps to make it > > work. > > I would also expect it to work. I have no reports of failure of this feature > anywhere, and my local tests show that it's working with all of the recent > versions > available. Are you running a version prior to 5.4.15? > > Unfortunately I do not have any further ideas what it might be. > - -- > /* > Matt BrookingsGnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksYP6QACgkQIwet2/rgZywAzACggMCNxpFs6TNF3OzhdMV2jW+W > L/cAn01NxHdZAME10vEGNrtSx4PMVXse > =d4qJ > -END PGP SIGNATURE- _ Use Hotmail to send and receive mail from your different email accounts http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b18406732711544510070!
Re: [vchkpw] vdeliver perimission denied for vadddomain -u
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Mussulis wrote: > Furthermore, having followed the instructions to the letter, I would > expect it to simply work - unless there's something silly I've missed > (or perhaps undocumented). If other people have -u to work perhaps they > can shed some light on whether they had to take special steps to make it > work. I would also expect it to work. I have no reports of failure of this feature anywhere, and my local tests show that it's working with all of the recent versions available. Are you running a version prior to 5.4.15? Unfortunately I do not have any further ideas what it might be. - -- /* Matt BrookingsGnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAksYP6QACgkQIwet2/rgZywAzACggMCNxpFs6TNF3OzhdMV2jW+W L/cAn01NxHdZAME10vEGNrtSx4PMVXse =d4qJ -END PGP SIGNATURE-
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Matt, First of, I have not made any changes whatsoever to the codebase. I merely had a peek at the code to study it's inner workings due to this problem - and that was just looking at at the vpopmail source code, nothing else. I followed the instructions very carefully, and as I've said before, it works perfectly fine if -u is not used. I've looked at the logs I could find, but the error 'Permission denied" is very cryptic - not giving me any clue as to where it's breaking down. To answer you questions: 1. SELinux is disabled - I took that measure early on.2. Excuse my ignorance, but I don't know what you mean by 'any security restrictions placed on setuid'. Personally I don't think so, but I am more than happy to check if tell me where.3. As far as I can tell the assign values are correct: +test10.com-:test10.com:516:516:/home/mike4/domains/test10.com:-::and to confirm: [r...@vmfc12 install]# id mike4uid=516(mike4) gid=516(mike4) groups=516(mike4),502(vchkpw)4. As far as I can tell the cdb file is updated. I've checked the documentation pretty closely and there's no specific instructions for when using -u option, i.e. configuring special permissions, etc - so I believe I've followed the instructions to the letter. Checking the logs:- /var/log/maillog: no qmail error messages- /var/log/messages: no qmail error messages- ./qmail-send/current: the only log with the cryptic "Permission denied" message I admit I am no qmail expert, or linux guru, but I do think I am more than reasonably competent with installing linux, applications, etc. All I need is some pointers as to where to look, cause I've exhausted all I could think of. Furthermore, having followed the instructions to the letter, I would expect it to simply work - unless there's something silly I've missed (or perhaps undocumented). If other people have -u to work perhaps they can shed some light on whether they had to take special steps to make it work. Thanks,Michael. > Date: Thu, 3 Dec 2009 16:00:23 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Mussulis wrote: > > It looks like I am talking partly nonsense, apologies for that. I've had > > another stab at the code, and it looks like the sql insert command > > statement has gid hardcoded to '0', and uid is the 'apop' value - which > > from what I gather (correct me if I am wrong), only works in clear text > > mode. So since I've disabled clear text, I am assuming the value is > > truncated to '0'; which makes me wonder - is this by design? > > > > Also, if I am not wrong (and would appreciate confirmation), these > > values have no baring on vdelivermail - although I found they are > > critical for Dovecot IMAP authentication. > > Michael, part of the problem is that you're making modifications > to the source of your system without really understanding how it all works > together. This makes it very difficult for us to have any confidence in the > fact that you're running on the same code base we are. > > > Which brings me back to the question - what purpose do they serve in the > > first place? > > When the vqpasswd structure was defined, it was modeled after the > passwd-related > functions such that everyone would be familiar with it's syntax. > > Since then the pw_gid field has been updated to store user flags, and the > pw_uid > flag is *mostly* ignored and just passed around as it stands by the various > parts > of the API. Although the pw_uid portion remains unused for the most part, it > is still considered reserved, and should not be modified. > > > So I am back to square one. I still have no clue which permission is > > affecting the delivery of mail for user specified domain. Please > > someone, any ideas where else I could look? > > As I said, it's tough to determine why you're having this problem. There > could be any number of issues. Do you have any kind of security restrictions > placed on setuid? Do you have SELinux, or any of the other many low-level > system restrictions running? > > Are you running qmail-start under a restricted environment? > > Are the uid:gid values in /var/qmail/users/assign correct? Is the cdb > file updated? Run /var/qmail/bin/qmail-newu. > > Check system logs for errors, etc, etc. > > There are *so many* different things that could be wrong, if you can't figure > it > out, you may want to consider purchasing technical support. > - -- > /* > Matt BrookingsGnuPG Key FAE0672C
Re: [vchkpw] vdeliver perimission denied for vadddomain -u
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Mussulis wrote: > It looks like I am talking partly nonsense, apologies for that. I've had > another stab at the code, and it looks like the sql insert command > statement has gid hardcoded to '0', and uid is the 'apop' value - which > from what I gather (correct me if I am wrong), only works in clear text > mode. So since I've disabled clear text, I am assuming the value is > truncated to '0'; which makes me wonder - is this by design? > > Also, if I am not wrong (and would appreciate confirmation), these > values have no baring on vdelivermail - although I found they are > critical for Dovecot IMAP authentication. Michael, part of the problem is that you're making modifications to the source of your system without really understanding how it all works together. This makes it very difficult for us to have any confidence in the fact that you're running on the same code base we are. > Which brings me back to the question - what purpose do they serve in the > first place? When the vqpasswd structure was defined, it was modeled after the passwd-related functions such that everyone would be familiar with it's syntax. Since then the pw_gid field has been updated to store user flags, and the pw_uid flag is *mostly* ignored and just passed around as it stands by the various parts of the API. Although the pw_uid portion remains unused for the most part, it is still considered reserved, and should not be modified. > So I am back to square one. I still have no clue which permission is > affecting the delivery of mail for user specified domain. Please > someone, any ideas where else I could look? As I said, it's tough to determine why you're having this problem. There could be any number of issues. Do you have any kind of security restrictions placed on setuid? Do you have SELinux, or any of the other many low-level system restrictions running? Are you running qmail-start under a restricted environment? Are the uid:gid values in /var/qmail/users/assign correct? Is the cdb file updated? Run /var/qmail/bin/qmail-newu. Check system logs for errors, etc, etc. There are *so many* different things that could be wrong, if you can't figure it out, you may want to consider purchasing technical support. - -- /* Matt BrookingsGnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAksYNPcACgkQIwet2/rgZyzUmACfX3Giuul/6QvfXsivikIx6rE8 fz8Ania3i21Rw1wVhiaiKv+uU46rghek =Eb5T -END PGP SIGNATURE-
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
It looks like I am talking partly nonsense, apologies for that. I've had another stab at the code, and it looks like the sql insert command statement has gid hardcoded to '0', and uid is the 'apop' value - which from what I gather (correct me if I am wrong), only works in clear text mode. So since I've disabled clear text, I am assuming the value is truncated to '0'; which makes me wonder - is this by design? Also, if I am not wrong (and would appreciate confirmation), these values have no baring on vdelivermail - although I found they are critical for Dovecot IMAP authentication. Which brings me back to the question - what purpose do they serve in the first place? So I am back to square one. I still have no clue which permission is affecting the delivery of mail for user specified domain. Please someone, any ideas where else I could look? Thanks,Michael. From: mike_at...@hotmail.com To: vchkpw@inter7.com Date: Wed, 2 Dec 2009 11:12:50 + Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u By the way, as a sideline question - related to the same issue, why do the fields pw_uid and pw_gid always end up as '0' in the vpopmail table regardless? I did both vadddomain -u mike4 test10.com 123 and vadddomain -i [uid of mike4] -g [gid of mike4] test10.com 123 and the pw_uid/pw_gid are always '0' after the domain creation. Am I doing something wrong? Should those table fields not reflect the actual uid/gid of the user assigned to the domain? I looked through the source code, and at first glance it looks like that's what should happen - but in reality '0' is the value for both fields as show by the mysql query log: 19 Query insert into `vpopmail` ( pw_name, pw_domain, pw_passwd, pw_uid, pw_gid, pw_gecos, pw_dir, pw_shell ) values ( "postmaster", "test10.com", "$1$p1nVNe41$5StvPRrC/SX8DKPcV8ep60", 0, 0, "Postmaster", "/home/mike4/domains/test10.com/postmaster", "NOQUOTA" ) I thought that this might be the reason for the permission denied, so I changed the values manually to the mike4 uid/gid, but it didn't make a difference - other than fix the authentication problem through Squirrelmail + Dovecot + IMAP with custom SQL authdb in dovecot_sql.conf. Regards,Micahel. From: mike_at...@hotmail.com To: vchkpw@inter7.com Date: Wed, 2 Dec 2009 10:31:17 + Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u Tren, It's definitely a TYPO - apologies for that. The user is "mike4". Besides, I don't think it would work for non-existent user. Michael. ---------------- > Date: Tue, 1 Dec 2009 08:22:06 -0800 > From: t...@eotnetworks.com > To: vchkpw@inter7.com > Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u > > In your example the thing that pops out is the user you add is "mike42" > however the user you're assigning the domain to is "mike4". Is this a > typo? Or deliberate? > > t. > > -Original Message- > From: Michael Mussulis [mailto:mike_at...@hotmail.com] > Sent: December-01-09 8:19 AM > To: vchkpw@inter7.com > Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u > > > Hi Matt, > > Thanks for your reply, which is what I suspected all along - I am more > than certain something is wrong on my end, but for the life of me I > can't figure it out yet. And yes, I agree, it MUST be permission > related. > > As for the versions:- Fedora 12 x86- qmail 1.03 with jms1 combined patch > 7.08- maildrop 2.2.0- ezmlm-idx 7.0.2- vpopmail 5.4.28- dovecot 1.2.8- > spamassassin 3.3.0 (fedora rpm)- clamav 0.95.2-5 (fedora rpm) > > Basically I would say I am using the most up-to-date versions of > everything.. > I believe I am doing the right thing, i.e.: > 1. adduser mike42. vadddomain -u mike4 test10.com 123 > vpopmail creates ./test10.com directory structure just fine in > /home/mike4, with mike4:mike4 ownership all the way down. However, > delivery fails which is baffling, since vadddomain assigns ownership and > permissions. I have not modified the owenership/permissions in any way. > What I don't understand is which part fails - qmail-local unable to > invoke vdelivermail? or vdelivermail accessing the userdir? or something > else (now that you mentioned qmail-users)? At one point I thought it > might be maildrop, so I re-compiled vpopmail without maildrop but this > didn't work either. > Would you have any directions as to how to enable this feature? And is > there any way to debug vdelivermail? If yes, what would be the proper > method? > And just to show vpopmail works: > @40004b153edf0
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
It looks like I am talking partly nonsense, apologies for that. I've had another stab at the code, and it looks like the sql insert command statement has gid hardcoded to '0', and uid is the 'apop' value - which from what I gather (correct me if I am wrong), only works in clear text mode. So since I've disabled clear text, I am assuming the value is truncated to '0'; which makes me wonder - is this by design? Also, if I am not wrong (and would appreciate confirmation), these values have no baring on vdelivermail - although I found they are critical for Dovecot IMAP authentication. Which brings me back to the question - what purpose do they serve in the first place? So I am back to square one. I still have no clue which permission is affecting the delivery of mail for user specified domain. Please someone, any ideas where else I could look? Thanks,Michael. From: mike_at...@hotmail.com To: vchkpw@inter7.com Date: Wed, 2 Dec 2009 11:12:50 + Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u By the way, as a sideline question - related to the same issue, why do the fields pw_uid and pw_gid always end up as '0' in the vpopmail table regardless? I did both vadddomain -u mike4 test10.com 123 and vadddomain -i [uid of mike4] -g [gid of mike4] test10.com 123 and the pw_uid/pw_gid are always '0' after the domain creation. Am I doing something wrong? Should those table fields not reflect the actual uid/gid of the user assigned to the domain? I looked through the source code, and at first glance it looks like that's what should happen - but in reality '0' is the value for both fields as show by the mysql query log: 19 Query insert into `vpopmail` ( pw_name, pw_domain, pw_passwd, pw_uid, pw_gid, pw_gecos, pw_dir, pw_shell ) values ( "postmaster", "test10.com", "$1$p1nVNe41$5StvPRrC/SX8DKPcV8ep60", 0, 0, "Postmaster", "/home/mike4/domains/test10.com/postmaster", "NOQUOTA" ) I thought that this might be the reason for the permission denied, so I changed the values manually to the mike4 uid/gid, but it didn't make a difference - other than fix the authentication problem through Squirrelmail + Dovecot + IMAP with custom SQL authdb in dovecot_sql.conf. Regards,Micahel. From: mike_at...@hotmail.com To: vchkpw@inter7.com Date: Wed, 2 Dec 2009 10:31:17 + Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u Tren, It's definitely a TYPO - apologies for that. The user is "mike4". Besides, I don't think it would work for non-existent user. Michael. ---------------- > Date: Tue, 1 Dec 2009 08:22:06 -0800 > From: t...@eotnetworks.com > To: vchkpw@inter7.com > Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u > > In your example the thing that pops out is the user you add is "mike42" > however the user you're assigning the domain to is "mike4". Is this a > typo? Or deliberate? > > t. > > -Original Message- > From: Michael Mussulis [mailto:mike_at...@hotmail.com] > Sent: December-01-09 8:19 AM > To: vchkpw@inter7.com > Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u > > > Hi Matt, > > Thanks for your reply, which is what I suspected all along - I am more > than certain something is wrong on my end, but for the life of me I > can't figure it out yet. And yes, I agree, it MUST be permission > related. > > As for the versions:- Fedora 12 x86- qmail 1.03 with jms1 combined patch > 7.08- maildrop 2.2.0- ezmlm-idx 7.0.2- vpopmail 5.4.28- dovecot 1.2.8- > spamassassin 3.3.0 (fedora rpm)- clamav 0.95.2-5 (fedora rpm) > > Basically I would say I am using the most up-to-date versions of > everything.. > I believe I am doing the right thing, i.e.: > 1. adduser mike42. vadddomain -u mike4 test10.com 123 > vpopmail creates ./test10.com directory structure just fine in > /home/mike4, with mike4:mike4 ownership all the way down. However, > delivery fails which is baffling, since vadddomain assigns ownership and > permissions. I have not modified the owenership/permissions in any way. > What I don't understand is which part fails - qmail-local unable to > invoke vdelivermail? or vdelivermail accessing the userdir? or something > else (now that you mentioned qmail-users)? At one point I thought it > might be maildrop, so I re-compiled vpopmail without maildrop but this > didn't work either. > Would you have any directions as to how to enable this feature? And is > there any way to debug vdelivermail? If yes, what would be the proper > method? > And just to show vpopmail works: > @40004b153edf0
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
By the way, as a sideline question - related to the same issue, why do the fields pw_uid and pw_gid always end up as '0' in the vpopmail table regardless? I did both vadddomain -u mike4 test10.com 123 and vadddomain -i [uid of mike4] -g [gid of mike4] test10.com 123 and the pw_uid/pw_gid are always '0' after the domain creation. Am I doing something wrong? Should those table fields not reflect the actual uid/gid of the user assigned to the domain? I looked through the source code, and at first glance it looks like that's what should happen - but in reality '0' is the value for both fields as show by the mysql query log: 19 Query insert into `vpopmail` ( pw_name, pw_domain, pw_passwd, pw_uid, pw_gid, pw_gecos, pw_dir, pw_shell ) values ( "postmaster", "test10.com", "$1$p1nVNe41$5StvPRrC/SX8DKPcV8ep60", 0, 0, "Postmaster", "/home/mike4/domains/test10.com/postmaster", "NOQUOTA" ) I thought that this might be the reason for the permission denied, so I changed the values manually to the mike4 uid/gid, but it didn't make a difference - other than fix the authentication problem through Squirrelmail + Dovecot + IMAP with custom SQL authdb in dovecot_sql.conf. Regards,Micahel. From: mike_at...@hotmail.com To: vchkpw@inter7.com Date: Wed, 2 Dec 2009 10:31:17 + Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u Tren, It's definitely a TYPO - apologies for that. The user is "mike4". Besides, I don't think it would work for non-existent user. Michael. ---- > Date: Tue, 1 Dec 2009 08:22:06 -0800 > From: t...@eotnetworks.com > To: vchkpw@inter7.com > Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u > > In your example the thing that pops out is the user you add is "mike42" > however the user you're assigning the domain to is "mike4". Is this a > typo? Or deliberate? > > t. > > -Original Message- > From: Michael Mussulis [mailto:mike_at...@hotmail.com] > Sent: December-01-09 8:19 AM > To: vchkpw@inter7.com > Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u > > > Hi Matt, > > Thanks for your reply, which is what I suspected all along - I am more > than certain something is wrong on my end, but for the life of me I > can't figure it out yet. And yes, I agree, it MUST be permission > related. > > As for the versions:- Fedora 12 x86- qmail 1.03 with jms1 combined patch > 7.08- maildrop 2.2.0- ezmlm-idx 7.0.2- vpopmail 5.4.28- dovecot 1.2.8- > spamassassin 3.3.0 (fedora rpm)- clamav 0.95.2-5 (fedora rpm) > > Basically I would say I am using the most up-to-date versions of > everything.. > I believe I am doing the right thing, i.e.: > 1. adduser mike42. vadddomain -u mike4 test10.com 123 > vpopmail creates ./test10.com directory structure just fine in > /home/mike4, with mike4:mike4 ownership all the way down. However, > delivery fails which is baffling, since vadddomain assigns ownership and > permissions. I have not modified the owenership/permissions in any way. > What I don't understand is which part fails - qmail-local unable to > invoke vdelivermail? or vdelivermail accessing the userdir? or something > else (now that you mentioned qmail-users)? At one point I thought it > might be maildrop, so I re-compiled vpopmail without maildrop but this > didn't work either. > Would you have any directions as to how to enable this feature? And is > there any way to debug vdelivermail? If yes, what would be the proper > method? > And just to show vpopmail works: > @40004b153edf0b291bec new msg 206...@40004b153edf0b292b8c info > msg 206712: bytes 492 from qp 3248 uid > 0...@40004b153edf0b29335c starting delivery 7: msg 206712 to local > test1.com-postmas...@test1.com@40004b153edf0b293b2c status: local > 1/10 remote 0/1...@40004b153eef2626edfc delivery 7: success: > LibClamAV_Error:_cl_cvdhead:_Can't_open_file_/var/lib/clamav/daily.cvd/m > aildrop:_non-filtered_mail_delivery/did_0+0+1/@40004b153eef26843cb4 > status: local 0/10 remote 0/1...@40004b153eef269386c4 end msg 206712 > from the same test script, but sending to test1.com which was created > simply as: > vadddomain test1.com 123 > the directory structure gets created in the vpopmail home (as specified > in ./configure), with vpopmail:vchkpw ownership. > > Thanks,Michael.PS: Ignore the libclamav error, although I would > appreciate if anyone knows how to get rid of it. > > > Date: Tue, 1 Dec 2009 09:41:29 -0600 > > From: m...@inter7.com
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Tren, It's definitely a TYPO - apologies for that. The user is "mike4". Besides, I don't think it would work for non-existent user. Michael. > Date: Tue, 1 Dec 2009 08:22:06 -0800 > From: t...@eotnetworks.com > To: vchkpw@inter7.com > Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u > > In your example the thing that pops out is the user you add is "mike42" > however the user you're assigning the domain to is "mike4". Is this a > typo? Or deliberate? > > t. > > -Original Message- > From: Michael Mussulis [mailto:mike_at...@hotmail.com] > Sent: December-01-09 8:19 AM > To: vchkpw@inter7.com > Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u > > > Hi Matt, > > Thanks for your reply, which is what I suspected all along - I am more > than certain something is wrong on my end, but for the life of me I > can't figure it out yet. And yes, I agree, it MUST be permission > related. > > As for the versions:- Fedora 12 x86- qmail 1.03 with jms1 combined patch > 7.08- maildrop 2.2.0- ezmlm-idx 7.0.2- vpopmail 5.4.28- dovecot 1.2.8- > spamassassin 3.3.0 (fedora rpm)- clamav 0.95.2-5 (fedora rpm) > > Basically I would say I am using the most up-to-date versions of > everything.. > I believe I am doing the right thing, i.e.: > 1. adduser mike42. vadddomain -u mike4 test10.com 123 > vpopmail creates ./test10.com directory structure just fine in > /home/mike4, with mike4:mike4 ownership all the way down. However, > delivery fails which is baffling, since vadddomain assigns ownership and > permissions. I have not modified the owenership/permissions in any way. > What I don't understand is which part fails - qmail-local unable to > invoke vdelivermail? or vdelivermail accessing the userdir? or something > else (now that you mentioned qmail-users)? At one point I thought it > might be maildrop, so I re-compiled vpopmail without maildrop but this > didn't work either. > Would you have any directions as to how to enable this feature? And is > there any way to debug vdelivermail? If yes, what would be the proper > method? > And just to show vpopmail works: > @40004b153edf0b291bec new msg 206...@40004b153edf0b292b8c info > msg 206712: bytes 492 from qp 3248 uid > 0...@40004b153edf0b29335c starting delivery 7: msg 206712 to local > test1.com-postmas...@test1.com@40004b153edf0b293b2c status: local > 1/10 remote 0/1...@40004b153eef2626edfc delivery 7: success: > LibClamAV_Error:_cl_cvdhead:_Can't_open_file_/var/lib/clamav/daily.cvd/m > aildrop:_non-filtered_mail_delivery/did_0+0+1/@40004b153eef26843cb4 > status: local 0/10 remote 0/1...@40004b153eef269386c4 end msg 206712 > from the same test script, but sending to test1.com which was created > simply as: > vadddomain test1.com 123 > the directory structure gets created in the vpopmail home (as specified > in ./configure), with vpopmail:vchkpw ownership. > > Thanks,Michael.PS: Ignore the libclamav error, although I would > appreciate if anyone knows how to get rid of it. > > > Date: Tue, 1 Dec 2009 09:41:29 -0600 > > From: m...@inter7.com > > To: vchkpw@inter7.com > > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > Michael Mussulis wrote: > >> Guys, > >> > >> There's one thing I don't understand - why does vadddomain have the > -u and -i/-g options in the first place, if they don't seem to work > fully? > >> > >> Perhaps I am missing something for which I apologize, but I can't > imagine those options having been implemented to partially support non > vpopmail/vchkpw + userdir - unless of course this is either a bug or > those options haven't been fully tested (which I seriously doubt > considering the products age). > >> > >> Can anyone from Inter7 officially clarify this please? > > > > The feature continues to work as far as I know. If you would like to > post version > > information for all your software, including any patches to qmail, > please feel free. > > > > The uid:gid support is handled via qmail-users. Any permissions > problems you're having > > would probably be, well, permissions problems :) > > - -- > > /* > > Matt Brookings GnuPG Key FAE0672C > > Software developer Systems technician > > Inter7 Internet Technologies, Inc. (815)776-946
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
In your example the thing that pops out is the user you add is "mike42" however the user you're assigning the domain to is "mike4". Is this a typo? Or deliberate? t. -Original Message- From: Michael Mussulis [mailto:mike_at...@hotmail.com] Sent: December-01-09 8:19 AM To: vchkpw@inter7.com Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u Hi Matt, Thanks for your reply, which is what I suspected all along - I am more than certain something is wrong on my end, but for the life of me I can't figure it out yet. And yes, I agree, it MUST be permission related. As for the versions:- Fedora 12 x86- qmail 1.03 with jms1 combined patch 7.08- maildrop 2.2.0- ezmlm-idx 7.0.2- vpopmail 5.4.28- dovecot 1.2.8- spamassassin 3.3.0 (fedora rpm)- clamav 0.95.2-5 (fedora rpm) Basically I would say I am using the most up-to-date versions of everything.. I believe I am doing the right thing, i.e.: 1. adduser mike42. vadddomain -u mike4 test10.com 123 vpopmail creates ./test10.com directory structure just fine in /home/mike4, with mike4:mike4 ownership all the way down. However, delivery fails which is baffling, since vadddomain assigns ownership and permissions. I have not modified the owenership/permissions in any way. What I don't understand is which part fails - qmail-local unable to invoke vdelivermail? or vdelivermail accessing the userdir? or something else (now that you mentioned qmail-users)? At one point I thought it might be maildrop, so I re-compiled vpopmail without maildrop but this didn't work either. Would you have any directions as to how to enable this feature? And is there any way to debug vdelivermail? If yes, what would be the proper method? And just to show vpopmail works: @40004b153edf0b291bec new msg 206...@40004b153edf0b292b8c info msg 206712: bytes 492 from qp 3248 uid 0...@40004b153edf0b29335c starting delivery 7: msg 206712 to local test1.com-postmas...@test1.com@40004b153edf0b293b2c status: local 1/10 remote 0/1...@40004b153eef2626edfc delivery 7: success: LibClamAV_Error:_cl_cvdhead:_Can't_open_file_/var/lib/clamav/daily.cvd/m aildrop:_non-filtered_mail_delivery/did_0+0+1/@40004b153eef26843cb4 status: local 0/10 remote 0/1...@40004b153eef269386c4 end msg 206712 from the same test script, but sending to test1.com which was created simply as: vadddomain test1.com 123 the directory structure gets created in the vpopmail home (as specified in ./configure), with vpopmail:vchkpw ownership. Thanks,Michael.PS: Ignore the libclamav error, although I would appreciate if anyone knows how to get rid of it. > Date: Tue, 1 Dec 2009 09:41:29 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Mussulis wrote: >> Guys, >> >> There's one thing I don't understand - why does vadddomain have the -u and -i/-g options in the first place, if they don't seem to work fully? >> >> Perhaps I am missing something for which I apologize, but I can't imagine those options having been implemented to partially support non vpopmail/vchkpw + userdir - unless of course this is either a bug or those options haven't been fully tested (which I seriously doubt considering the products age). >> >> Can anyone from Inter7 officially clarify this please? > > The feature continues to work as far as I know. If you would like to post version > information for all your software, including any patches to qmail, please feel free. > > The uid:gid support is handled via qmail-users. Any permissions problems you're having > would probably be, well, permissions problems :) > - -- > /* > Matt Brookings GnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksVOSkACgkQIwet2/rgZyyAtwCfeV1HfgpsQQYm/KRKFc2Jg3zl > QEYAoI93rtWt5UrwKNXwSFTVpo6rZ+M4 > =UNdz > -END PGP SIGNATURE- _ Got more than one Hotmail account? Save time by linking them together http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b15937832711497310751!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Hi Matt, Thanks for your reply, which is what I suspected all along - I am more than certain something is wrong on my end, but for the life of me I can't figure it out yet. And yes, I agree, it MUST be permission related. As for the versions:- Fedora 12 x86- qmail 1.03 with jms1 combined patch 7.08- maildrop 2.2.0- ezmlm-idx 7.0.2- vpopmail 5.4.28- dovecot 1.2.8- spamassassin 3.3.0 (fedora rpm)- clamav 0.95.2-5 (fedora rpm) Basically I would say I am using the most up-to-date versions of everything.. I believe I am doing the right thing, i.e.: 1. adduser mike42. vadddomain -u mike4 test10.com 123 vpopmail creates ./test10.com directory structure just fine in /home/mike4, with mike4:mike4 ownership all the way down. However, delivery fails which is baffling, since vadddomain assigns ownership and permissions. I have not modified the owenership/permissions in any way. What I don't understand is which part fails - qmail-local unable to invoke vdelivermail? or vdelivermail accessing the userdir? or something else (now that you mentioned qmail-users)? At one point I thought it might be maildrop, so I re-compiled vpopmail without maildrop but this didn't work either. Would you have any directions as to how to enable this feature? And is there any way to debug vdelivermail? If yes, what would be the proper method? And just to show vpopmail works: @40004b153edf0b291bec new msg 206...@40004b153edf0b292b8c info msg 206712: bytes 492 from qp 3248 uid 0...@40004b153edf0b29335c starting delivery 7: msg 206712 to local test1.com-postmas...@test1.com@40004b153edf0b293b2c status: local 1/10 remote 0/1...@40004b153eef2626edfc delivery 7: success: LibClamAV_Error:_cl_cvdhead:_Can't_open_file_/var/lib/clamav/daily.cvd/maildrop:_non-filtered_mail_delivery/did_0+0+1/@40004b153eef26843cb4 status: local 0/10 remote 0/1...@40004b153eef269386c4 end msg 206712 from the same test script, but sending to test1.com which was created simply as: vadddomain test1.com 123 the directory structure gets created in the vpopmail home (as specified in ./configure), with vpopmail:vchkpw ownership. Thanks,Michael.PS: Ignore the libclamav error, although I would appreciate if anyone knows how to get rid of it. > Date: Tue, 1 Dec 2009 09:41:29 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Mussulis wrote: >> Guys, >> >> There's one thing I don't understand - why does vadddomain have the -u and >> -i/-g options in the first place, if they don't seem to work fully? >> >> Perhaps I am missing something for which I apologize, but I can't imagine >> those options having been implemented to partially support non >> vpopmail/vchkpw + userdir - unless of course this is either a bug or those >> options haven't been fully tested (which I seriously doubt considering the >> products age). >> >> Can anyone from Inter7 officially clarify this please? > > The feature continues to work as far as I know. If you would like to post > version > information for all your software, including any patches to qmail, please > feel free. > > The uid:gid support is handled via qmail-users. Any permissions problems > you're having > would probably be, well, permissions problems :) > - -- > /* > Matt Brookings GnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksVOSkACgkQIwet2/rgZyyAtwCfeV1HfgpsQQYm/KRKFc2Jg3zl > QEYAoI93rtWt5UrwKNXwSFTVpo6rZ+M4 > =UNdz > -END PGP SIGNATURE- _ Got more than one Hotmail account? Save time by linking them together http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b1541e432714544420887!
Re: [vchkpw] vdeliver perimission denied for vadddomain -u
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Mussulis wrote: > Guys, > > There's one thing I don't understand - why does vadddomain have the -u and > -i/-g options in the first place, if they don't seem to work fully? > > Perhaps I am missing something for which I apologize, but I can't imagine > those options having been implemented to partially support non > vpopmail/vchkpw + userdir - unless of course this is either a bug or those > options haven't been fully tested (which I seriously doubt considering the > products age). > > Can anyone from Inter7 officially clarify this please? The feature continues to work as far as I know. If you would like to post version information for all your software, including any patches to qmail, please feel free. The uid:gid support is handled via qmail-users. Any permissions problems you're having would probably be, well, permissions problems :) - -- /* Matt BrookingsGnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAksVOSkACgkQIwet2/rgZyyAtwCfeV1HfgpsQQYm/KRKFc2Jg3zl QEYAoI93rtWt5UrwKNXwSFTVpo6rZ+M4 =UNdz -END PGP SIGNATURE-
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Guys, There's one thing I don't understand - why does vadddomain have the -u and -i/-g options in the first place, if they don't seem to work fully? Perhaps I am missing something for which I apologize, but I can't imagine those options having been implemented to partially support non vpopmail/vchkpw + userdir - unless of course this is either a bug or those options haven't been fully tested (which I seriously doubt considering the products age). Can anyone from Inter7 officially clarify this please? Thanks,Michael. > Date: Mon, 30 Nov 2009 13:27:00 -0500 > From: vpopm...@honorablemenschen.com > To: vchkpw@inter7.com > Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u > >> Of-course. Restarted several times just to make sure.I've even rebooted >> the machine (just in case). >> the process starts with uid/gid 0 (root): >> 1349 ? S 0:00 > /usr/local/bin/tcpserver -v -R -l localhost -x >> /usr/local/hcp/vpopmail/etc/tcp.smtp.cdb -c 30 -u 0 -g 0 0 smtp >> /usr/local/hcp/var/qmail/bin/qmail-smtpd localhost >> /usr/local/hcp/vpopmail/bin/vchkpw /usr/bin/true >> Still no go. >> Any other things to look at? >> Cheers,Michael. >> > qmail-smtpd doesn't run vdelivermail - qmail-local does (which is started > via qmail-lspawn, which is started by qmail-send). Running qmail-smtpd as > root won't fix this. > > Unfortunately, I believe you need to make vdelivermail run as root to make > this work, possibly via suid, but I can't be certain of that. > > Josh > > Joshua Megerman > SJGames MIB #5273 - OGRE AI Testing Division > You can't win; You can't break even; You can't even quit the game. > - Layman's translation of the Laws of Thermodynamics > vpopm...@honorablemenschen.com > > > > _ Have more than one Hotmail account? Link them together to easily access both http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b14f55d32711754414332!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Hi Joshua, Thanks for the reply. Can you please expand on making vdelivermail run as root via suid?Are you implying modifying qmail source code? Thanks,Michael. > Date: Mon, 30 Nov 2009 13:27:00 -0500 > From: vpopm...@honorablemenschen.com > To: vchkpw@inter7.com > Subject: RE: [vchkpw] vdeliver perimission denied for vadddomain -u > >> Of-course. Restarted several times just to make sure.I've even rebooted >> the machine (just in case). >> the process starts with uid/gid 0 (root): >> 1349 ? S 0:00 > /usr/local/bin/tcpserver -v -R -l localhost -x >> /usr/local/hcp/vpopmail/etc/tcp.smtp.cdb -c 30 -u 0 -g 0 0 smtp >> /usr/local/hcp/var/qmail/bin/qmail-smtpd localhost >> /usr/local/hcp/vpopmail/bin/vchkpw /usr/bin/true >> Still no go. >> Any other things to look at? >> Cheers,Michael. >> > qmail-smtpd doesn't run vdelivermail - qmail-local does (which is started > via qmail-lspawn, which is started by qmail-send). Running qmail-smtpd as > root won't fix this. > > Unfortunately, I believe you need to make vdelivermail run as root to make > this work, possibly via suid, but I can't be certain of that. > > Josh > > Joshua Megerman > SJGames MIB #5273 - OGRE AI Testing Division > You can't win; You can't break even; You can't even quit the game. > - Layman's translation of the Laws of Thermodynamics > vpopm...@honorablemenschen.com > > > > _ Have more than one Hotmail account? Link them together to easily access both http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b141f7b32714906548328!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
> Of-course. Restarted several times just to make sure.I've even rebooted > the machine (just in case). > the process starts with uid/gid 0 (root): > 1349 ? S 0:00 /usr/local/bin/tcpserver -v -R -l localhost -x > /usr/local/hcp/vpopmail/etc/tcp.smtp.cdb -c 30 -u 0 -g 0 0 smtp > /usr/local/hcp/var/qmail/bin/qmail-smtpd localhost > /usr/local/hcp/vpopmail/bin/vchkpw /usr/bin/true > Still no go. > Any other things to look at? > Cheers,Michael. > qmail-smtpd doesn't run vdelivermail - qmail-local does (which is started via qmail-lspawn, which is started by qmail-send). Running qmail-smtpd as root won't fix this. Unfortunately, I believe you need to make vdelivermail run as root to make this work, possibly via suid, but I can't be certain of that. Josh Joshua Megerman SJGames MIB #5273 - OGRE AI Testing Division You can't win; You can't break even; You can't even quit the game. - Layman's translation of the Laws of Thermodynamics vpopm...@honorablemenschen.com !DSPAM:4b140e7732718365620435!
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Of-course. Restarted several times just to make sure.I've even rebooted the machine (just in case). the process starts with uid/gid 0 (root): 1349 ? S 0:00 /usr/local/bin/tcpserver -v -R -l localhost -x /usr/local/hcp/vpopmail/etc/tcp.smtp.cdb -c 30 -u 0 -g 0 0 smtp /usr/local/hcp/var/qmail/bin/qmail-smtpd localhost /usr/local/hcp/vpopmail/bin/vchkpw /usr/bin/true Still no go. Any other things to look at? Cheers,Michael. > Date: Mon, 30 Nov 2009 11:37:28 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Mussulis wrote: >> Hi Matt, >> >> Many thanks for the quick reply. >> >> Unfortunately running qmail-smtpd as root has not solved the problem, >> still getting permission denied. >> Any other suggestions please? > > Did you restart the service under supervise? > - -- > /* > Matt BrookingsGnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksUAtgACgkQIwet2/rgZyysZwCeOemyrnwwJo7uzAvu1CDcZj5Y > sswAniXaeTqzsUmXXj2Ba8amf/tKd22/ > =IBi4 > -END PGP SIGNATURE- _ Use Hotmail to send and receive mail from your different email accounts http://clk.atdmt.com/UKM/go/186394592/direct/01/ !DSPAM:4b1404bb32711229516280!
Re: [vchkpw] vdeliver perimission denied for vadddomain -u
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Mussulis wrote: > Hi Matt, > > Many thanks for the quick reply. > > Unfortunately running qmail-smtpd as root has not solved the problem, > still getting permission denied. > Any other suggestions please? Did you restart the service under supervise? - -- /* Matt BrookingsGnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAksUAtgACgkQIwet2/rgZyysZwCeOemyrnwwJo7uzAvu1CDcZj5Y sswAniXaeTqzsUmXXj2Ba8amf/tKd22/ =IBi4 -END PGP SIGNATURE-
RE: [vchkpw] vdeliver perimission denied for vadddomain -u
Hi Matt, Many thanks for the quick reply. Unfortunately running qmail-smtpd as root has not solved the problem, still getting permission denied.Any other suggestions please? Many thanks,Michael. > Date: Mon, 30 Nov 2009 09:14:15 -0600 > From: m...@inter7.com > To: vchkpw@inter7.com > Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Mussulis wrote: > > [r...@vmfc12 qmail-smtpd]# cat run > > #!/bin/sh > > QMAILDUID=`id -u vpopmail` > > NOFILESGID=`id -g vpopmail` > > Change to: > > QMAILUID=0 > NOFILESGID=0 > > The vpopmail user can't change UIDs. > - -- > /* > Matt BrookingsGnuPG Key FAE0672C > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAksT4UYACgkQIwet2/rgZyzKWQCffarQ3jjR1FA+PiHaj4+MjmSx > //gAniDsoS05F40atD+Uvom7dxMLgWYH > =UE1l > -END PGP SIGNATURE- _ Got more than one Hotmail account? Save time by linking them together http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b13e44932711990572742!
Re: [vchkpw] vdeliver perimission denied for vadddomain -u
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Mussulis wrote: > [r...@vmfc12 qmail-smtpd]# cat run > #!/bin/sh > QMAILDUID=`id -u vpopmail` > NOFILESGID=`id -g vpopmail` Change to: QMAILUID=0 NOFILESGID=0 The vpopmail user can't change UIDs. - -- /* Matt BrookingsGnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksT4UYACgkQIwet2/rgZyzKWQCffarQ3jjR1FA+PiHaj4+MjmSx //gAniDsoS05F40atD+Uvom7dxMLgWYH =UE1l -END PGP SIGNATURE-
[vchkpw] vdeliver perimission denied for vadddomain -u
Hi, vpopmail works fine under normal circumstances, except for when I add a domain with a different user as in: vadddomain -u mike4 test10.com 123 I am doing this in order to enable os quotas for the entire domain. Testing sending a simple message fails with @40004b13d1b11ddaad64 status: local 1/10 remote 0/1...@40004b13d1b11dee394c delivery 7: deferral: /bin/sh:_/usr/local/hcp/vpopmail/bin/vdelivermail:_Permission_denied/@40004b13d1b11dee4504 status: local 0/10 remote 0/120 I read a previous message saying I had to add the user (mike4) to the vchkpw group, which I did, but I am still get the error. The The permissions for mike4 domains are: [r...@vmfc12 qmail-smtpd]# ls /home/mike4/domains/ -lhtotal 12Kdrwx-- 3 mike4 mike4 4.0K 2009-11-30 02:51 test10.comdrwx-- 3 mike4 mike4 4.0K 2009-11-30 14:31 test11.comdrwx-- 3 mike4 mike4 4.0K 2009-11-30 01:36 test9.com The permissions on vpopmail are: [r...@vmfc12 qmail-smtpd]# ls /usr/local/hcp/vpopmail/ -lhtotal 24Kdrwxr-xr-x 2 vpopmail vchkpw 4.0K 2009-11-30 02:50 bindrwxr-xr-x 4 vpopmail vchkpw 4.0K 2009-11-25 03:10 docdrwx-- 8 vpopmail vchkpw 4.0K 2009-11-30 14:48 domainsdrwxr-xr-x 2 vpopmail vchkpw 4.0K 2009-11-30 01:50 etcdrwxr-xr-x 2 vpopmail vchkpw 4.0K 2009-11-30 02:50 includedrwxr-xr-x 2 vpopmail vchkpw 4.0K 2009-11-30 02:50 lib [r...@vmfc12 qmail-smtpd]# ls /usr/local/hcp/vpopmail/etc -lhtotal 32K-rw-r--r-- 1 root root 34 2009-11-30 02:50 inc_deps-rw-r--r-- 1 root root126 2009-11-30 02:50 lib_deps-rw-r--r-- 1 root root 26 2009-11-28 02:23 tcp.smtp-rw-r--r-- 1 vpopmail vchkpw 2.2K 2009-11-30 01:50 tcp.smtp.cdb-rw-r--r-- 1 vpopmail vchkpw 1.2K 2009-11-28 00:29 vlimits.default-rw-r- 1 vpopmail vchkpw 34 2009-11-29 16:16 vpopmail.mysql-rw-r--r-- 1 vpopmail vchkpw 1.1K 2009-11-25 03:10 vusagec.conf-rw-r--r-- 1 root root 2.4K 2009-11-25 03:11 vusaged.conf The qmail-smtp run file is: [r...@vmfc12 qmail-smtpd]# cat run#!/bin/shQMAILDUID=`id -u vpopmail`NOFILESGID=`id -g vpopmail`MAXSMTPD=`cat /usr/local/hcp/var/qmail/control/concurrencyincoming`LOCAL=`head -1 /usr/local/hcp/var/qmail/control/me`if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; thenecho QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset inecho /usr/local/hcp/var/qmail/supervise/qmail-smtpd/runexit 1fiif [ ! -f /usr/local/hcp/var/qmail/control/rcpthosts ]; thenecho "No /usr/local/hcp/var/qmail/control/rcpthosts!"echo "Refusing to start SMTP listener because it'll create an open relay"exit 1fiexec /usr/local/bin/softlimit -m 3000 \/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /usr/local/hcp/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \/usr/local/hcp/var/qmail/bin/qmail-smtpd localhost \/usr/local/hcp/vpopmail/bin/vchkpw /usr/bin/true 2>&1 I am at wits end. What am I missing? Please help someone. Many thanks,Michael. _ Got more than one Hotmail account? Save time by linking them together http://clk.atdmt.com/UKM/go/186394591/direct/01/ !DSPAM:4b13d3c232711464012663!