Re: [vchkpw] SMTP-AUTH problem with vchkpw
Hello Julien, Wednesday, July 27, 2011, 09:42:38, Julien Escario wrote: JE> Hello, JE> I also have an issue with a base64_decode() function which seems incompatible JE> with amd64 arch. JE> I'm using the patch from milkys (http://www.mcmilk.de/qmail/) JE> Try to print the return string after base64 decoding has been done to check if JE> your auth string is correct. If it's not, that's qmail-smtpd fault, not vpopmail's. JE> Regards, JE> Julien Escario JE> Le 26/07/2011 23:05, a...@ltmd.org a écrit : >> Hello Rick, >> >> Sunday, July 3, 2011, 17:15:29, Rick Macdougall wrote: >> RM> On 03/07/2011 5:11 AM, a...@ltmd.org wrote: Hello Rick, Saturday, July 2, 2011, 16:59:09, Rick Macdougall wrote: > User vpopmail realy exists. I also cannot find the >> difference between working x86 server configuration and the new >> amd64 one. I tried to reconfigure my system from no-multilib to >> multilib and to reemerge netqmail and vpopmail ebuilds, but still no >> success. :( Is there some way to debug that plain SMTP-AUTH to figure >> out what is really happening? RM> You can use recordio (part of one of djb's packages) to log everything RM> that happens within an smtp conversation. RM> http://cr.yp.to/ucspi-tcp/recordio.html Thank you for your assistance, Rick. I tried to use that nice tool. And here goes the result: @40004e1029d019fc59f4 22218> 220 mail.domain.com ESMTP @40004e1029d035004684 22218< EHLO [10.1.1.177] @40004e1029d035017b1c 22218> 250-mail.domain.com @40004e1029d03501b1cc 22218> 250-STARTTLS @40004e1029d03501e494 22218> 250-PIPELINING @40004e1029d03502175c 22218> 250-8BITMIME @40004e1029d03502463c 22218> 250-SIZE 0 @40004e1029d035027904 22218> 250 AUTH LOGIN PLAIN @40004e1029d10834940c 22218< AUTH PLAIN @40004e1029d108356ecc 22218> 334 @40004e1029d109252dcc 22218< c2VuZGVyLmNvbXBhc3N3b3Jk @40004e1029d6092f863c 22218> 535 authentication failed (#5.7.1) @40004e1029d60994146c 22218< RSET @40004e1029d60994e374 22218> 250 flushed @40004e1029d60b8495e4 22218< AUTH LOGIN @40004e1029d60b85ca7c 22218> 334 VXNlcm5hbWU6 @40004e1029d60c5eadec 22218< c2VuZGVyLmNvbQ== @40004e1029d60c5ff9f4 22218> 334 UGFzc3dvcmQ6 @40004e1029d60d4acf24 22218< cGFzc3dvcmQ= @40004e1029db0d59619c 22218> 535 authentication failed (#5.7.1) @40004e1029db0e782f7c 22218< RSET @40004e1029db0e78cbbc 22218> 250 flushed @40004e1029db10ef51cc 22218< MAIL FROM: SIZE=524 @40004e1029db10f0f3c4 22218> 250 ok @40004e1029db281154f4 22218< RCPT TO: @40004e1029db2812eb34 22218> 250 ok @40004e1029db2a9afd74 22218< DATA @40004e1029db2aa021dc 22218> 354 go ahead @40004e1029db2b9f619c 22218< Date: Sun, 3 Jul 2011 11:35:32 +0300 @40004e1029db2ba00d7c 22218< From: Name Surname @40004e1029db2ba08e64 22218< Reply-To: Name Surname @40004e1029db2ba10b64 22218< X-Priority: 3 (Normal) @40004e1029db2ba1847c 22218< Message-ID:<86092590.20110703113...@domain.com> @40004e1029db2ba1fd94 22218< To: receip...@domain.com @40004e1029db2ba276ac 22218< Subject: test @40004e1029db2ba2efc4 22218< MIME-Version: 1.0 @40004e1029db2ba364f4 22218< Content-Type: text/plain; charset=utf-8 @40004e1029db2ba3de0c 22218< Content-Transfer-Encoding: quoted-printable @40004e1029db2ba45724 22218< @40004e1029db2ba5ba9c 22218< test @40004e1029db2ba9f88c 22218< . @40004e1029db376d0894 22218> 250 ok 1309682129 qp 2 @40004e1029db3888d4ec 22218< RSET @40004e1029db3889cb04 22218> 250 flushed @40004e1029db3982d104 22218< QUIT @40004e1029db398a79f4 22218> 221 mail.domain.com @40004e1029db398a81c4 22218> [EOF] @40004e1029db399445c4 tcpserver: end 22217 status 0 @40004e1029db39944d94 tcpserver: status: 0/40 Right now I see that there is something goes wrong with a authentication process in qmail and this dump is not very useful for me. :( Are there any other ideas I can try? >> >> RM> Hi, >> >> RM> I'd trying asking on a spamdyke mailing list. If it was plain >> RM> qmail-smtpd then you'd see in the logs why it failed. >> >> RM> Rick >> >> I was done fresh clean install on gentoo amd64 netqmail and vpopmail >> with mysql support. No any clamav, spamassassin, spamdyke and others. >> SMTP-AUTH still not working. Trying to figure out what is really >> happening. Finally I have found the situation when SMTP-AUTH not working. Seems like it's not arch dependent. By some reason SMTP-AUTH fails when /var/vpopmail is mounted as another
Re: [vchkpw] SMTP-AUTH problem with vchkpw
Hello, I also have an issue with a base64_decode() function which seems incompatible with amd64 arch. I'm using the patch from milkys (http://www.mcmilk.de/qmail/) Try to print the return string after base64 decoding has been done to check if your auth string is correct. If it's not, that's qmail-smtpd fault, not vpopmail's. Regards, Julien Escario Le 26/07/2011 23:05, a...@ltmd.org a écrit : Hello Rick, Sunday, July 3, 2011, 17:15:29, Rick Macdougall wrote: RM> On 03/07/2011 5:11 AM, a...@ltmd.org wrote: Hello Rick, Saturday, July 2, 2011, 16:59:09, Rick Macdougall wrote: User vpopmail realy exists. I also cannot find the difference between working x86 server configuration and the new amd64 one. I tried to reconfigure my system from no-multilib to multilib and to reemerge netqmail and vpopmail ebuilds, but still no success. :( Is there some way to debug that plain SMTP-AUTH to figure out what is really happening? RM> You can use recordio (part of one of djb's packages) to log everything RM> that happens within an smtp conversation. RM> http://cr.yp.to/ucspi-tcp/recordio.html Thank you for your assistance, Rick. I tried to use that nice tool. And here goes the result: @40004e1029d019fc59f4 22218> 220 mail.domain.com ESMTP @40004e1029d035004684 22218< EHLO [10.1.1.177] @40004e1029d035017b1c 22218> 250-mail.domain.com @40004e1029d03501b1cc 22218> 250-STARTTLS @40004e1029d03501e494 22218> 250-PIPELINING @40004e1029d03502175c 22218> 250-8BITMIME @40004e1029d03502463c 22218> 250-SIZE 0 @40004e1029d035027904 22218> 250 AUTH LOGIN PLAIN @40004e1029d10834940c 22218< AUTH PLAIN @40004e1029d108356ecc 22218> 334 @40004e1029d109252dcc 22218< c2VuZGVyLmNvbXBhc3N3b3Jk @40004e1029d6092f863c 22218> 535 authentication failed (#5.7.1) @40004e1029d60994146c 22218< RSET @40004e1029d60994e374 22218> 250 flushed @40004e1029d60b8495e4 22218< AUTH LOGIN @40004e1029d60b85ca7c 22218> 334 VXNlcm5hbWU6 @40004e1029d60c5eadec 22218< c2VuZGVyLmNvbQ== @40004e1029d60c5ff9f4 22218> 334 UGFzc3dvcmQ6 @40004e1029d60d4acf24 22218< cGFzc3dvcmQ= @40004e1029db0d59619c 22218> 535 authentication failed (#5.7.1) @40004e1029db0e782f7c 22218< RSET @40004e1029db0e78cbbc 22218> 250 flushed @40004e1029db10ef51cc 22218< MAIL FROM: SIZE=524 @40004e1029db10f0f3c4 22218> 250 ok @40004e1029db281154f4 22218< RCPT TO: @40004e1029db2812eb34 22218> 250 ok @40004e1029db2a9afd74 22218< DATA @40004e1029db2aa021dc 22218> 354 go ahead @40004e1029db2b9f619c 22218< Date: Sun, 3 Jul 2011 11:35:32 +0300 @40004e1029db2ba00d7c 22218< From: Name Surname @40004e1029db2ba08e64 22218< Reply-To: Name Surname @40004e1029db2ba10b64 22218< X-Priority: 3 (Normal) @40004e1029db2ba1847c 22218< Message-ID:<86092590.20110703113...@domain.com> @40004e1029db2ba1fd94 22218< To: receip...@domain.com @40004e1029db2ba276ac 22218< Subject: test @40004e1029db2ba2efc4 22218< MIME-Version: 1.0 @40004e1029db2ba364f4 22218< Content-Type: text/plain; charset=utf-8 @40004e1029db2ba3de0c 22218< Content-Transfer-Encoding: quoted-printable @40004e1029db2ba45724 22218< @40004e1029db2ba5ba9c 22218< test @40004e1029db2ba9f88c 22218< . @40004e1029db376d0894 22218> 250 ok 1309682129 qp 2 @40004e1029db3888d4ec 22218< RSET @40004e1029db3889cb04 22218> 250 flushed @40004e1029db3982d104 22218< QUIT @40004e1029db398a79f4 22218> 221 mail.domain.com @40004e1029db398a81c4 22218> [EOF] @40004e1029db399445c4 tcpserver: end 22217 status 0 @40004e1029db39944d94 tcpserver: status: 0/40 Right now I see that there is something goes wrong with a authentication process in qmail and this dump is not very useful for me. :( Are there any other ideas I can try? RM> Hi, RM> I'd trying asking on a spamdyke mailing list. If it was plain RM> qmail-smtpd then you'd see in the logs why it failed. RM> Rick I was done fresh clean install on gentoo amd64 netqmail and vpopmail with mysql support. No any clamav, spamassassin, spamdyke and others. SMTP-AUTH still not working. Trying to figure out what is really happening. -- --- __ ___ Julien Escario /\ _ \ /\_ \ esca...@azylog.net \ \ \L\ \ __ __\//\ \ ___ __ Tél. : +33.677583199 \ \ __ \/\_ ,`\ /\ \/\ \ \ \ \ / __`\ /'_ `\ \ \ \/\ \/_/ /_\ \ \_\ \ \_\ \_/\ \L\ \/\ \L\ \ Azylog \ \_\ \_\/\\\/` \/\\ \/\ \ \ Rte de Champagnole \/_/\/_/\// `/___/> \//\/___/ \/___L\ \ F-39300 Les Nans /\___//\/ SIRET 49130560300020 \/__/ \_/__/ Hébergement mutualisé & dédié - infogéra
Re: [vchkpw] SMTP-AUTH problem with vchkpw
Hi, On 27.07.2011 at 00:56 a...@ltmd.org wrote: > > Just want to add that I tested right now and found that the same fresh > programs configurations and settings on the clean 32-bit system > working pretty good. Should I try once again to use recordio program > on a 64-bit system? 'recordio' only tells what's happening "on the outside", which, as you already know, is a rejection. I'd use 'strace -fF -s 4096 -o /tmp/auth.err -p ' to monitor what's "behind the curtain". Execute this command immediately before you start your next test and stop it immediately after you failed, because it'll gather data from all connections and therefore collect a lot. Within the output (/tmp/auth.err) you might need to sort out information from test-unrelated processes. But you should also see who's gonna be called for actually doing the authentication and why it return non-success. -- Regards, Peter !DSPAM:4e2faa3332713543020530!
Re: [vchkpw] SMTP-AUTH problem with vchkpw
Hello, Wednesday, July 27, 2011, 00:05:10, anf wrote: alo> Hello Rick, alo> Sunday, July 3, 2011, 17:15:29, Rick Macdougall wrote: RM>> On 03/07/2011 5:11 AM, anf wrote: >>> Hello Rick, >>> >>> Saturday, July 2, 2011, 16:59:09, Rick Macdougall wrote: User vpopmail realy exists. I also cannot find the > difference between working x86 server configuration and the new > amd64 one. I tried to reconfigure my system from no-multilib to > multilib and to reemerge netqmail and vpopmail ebuilds, but still no > success. :( Is there some way to debug that plain SMTP-AUTH to figure > out what is really happening? >>> >>> RM> You can use recordio (part of one of djb's packages) to log everything >>> RM> that happens within an smtp conversation. >>> >>> RM> http://cr.yp.to/ucspi-tcp/recordio.html >>> >>> Thank you for your assistance, Rick. I tried to use that nice tool. >>> And here goes the result: >>> >>> @40004e1029d019fc59f4 22218> 220 mail.domain.com ESMTP >>> @40004e1029d035004684 22218< EHLO [10.1.1.177] >>> @40004e1029d035017b1c 22218> 250-mail.domain.com >>> @40004e1029d03501b1cc 22218> 250-STARTTLS >>> @40004e1029d03501e494 22218> 250-PIPELINING >>> @40004e1029d03502175c 22218> 250-8BITMIME >>> @40004e1029d03502463c 22218> 250-SIZE 0 >>> @40004e1029d035027904 22218> 250 AUTH LOGIN PLAIN >>> @40004e1029d10834940c 22218< AUTH PLAIN >>> @40004e1029d108356ecc 22218> 334 >>> @40004e1029d109252dcc 22218< c2VuZGVyLmNvbXBhc3N3b3Jk >>> @40004e1029d6092f863c 22218> 535 authentication failed (#5.7.1) >>> @40004e1029d60994146c 22218< RSET >>> @40004e1029d60994e374 22218> 250 flushed >>> @40004e1029d60b8495e4 22218< AUTH LOGIN >>> @40004e1029d60b85ca7c 22218> 334 VXNlcm5hbWU6 >>> @40004e1029d60c5eadec 22218< c2VuZGVyLmNvbQ== >>> @40004e1029d60c5ff9f4 22218> 334 UGFzc3dvcmQ6 >>> @40004e1029d60d4acf24 22218< cGFzc3dvcmQ= >>> @40004e1029db0d59619c 22218> 535 authentication failed (#5.7.1) >>> @40004e1029db0e782f7c 22218< RSET >>> @40004e1029db0e78cbbc 22218> 250 flushed >>> @40004e1029db10ef51cc 22218< MAIL FROM: SIZE=524 >>> @40004e1029db10f0f3c4 22218> 250 ok >>> @40004e1029db281154f4 22218< RCPT TO: >>> @40004e1029db2812eb34 22218> 250 ok >>> @40004e1029db2a9afd74 22218< DATA >>> @40004e1029db2aa021dc 22218> 354 go ahead >>> @40004e1029db2b9f619c 22218< Date: Sun, 3 Jul 2011 11:35:32 +0300 >>> @40004e1029db2ba00d7c 22218< From: Name Surname >>> @40004e1029db2ba08e64 22218< Reply-To: Name Surname >>> @40004e1029db2ba10b64 22218< X-Priority: 3 (Normal) >>> @40004e1029db2ba1847c 22218< >>> Message-ID:<86092590.20110703113...@domain.com> >>> @40004e1029db2ba1fd94 22218< To: receip...@domain.com >>> @40004e1029db2ba276ac 22218< Subject: test >>> @40004e1029db2ba2efc4 22218< MIME-Version: 1.0 >>> @40004e1029db2ba364f4 22218< Content-Type: text/plain; charset=utf-8 >>> @40004e1029db2ba3de0c 22218< Content-Transfer-Encoding: >>> quoted-printable >>> @40004e1029db2ba45724 22218< >>> @40004e1029db2ba5ba9c 22218< test >>> @40004e1029db2ba9f88c 22218< . >>> @40004e1029db376d0894 22218> 250 ok 1309682129 qp 2 >>> @40004e1029db3888d4ec 22218< RSET >>> @40004e1029db3889cb04 22218> 250 flushed >>> @40004e1029db3982d104 22218< QUIT >>> @40004e1029db398a79f4 22218> 221 mail.domain.com >>> @40004e1029db398a81c4 22218> [EOF] >>> @40004e1029db399445c4 tcpserver: end 22217 status 0 >>> @40004e1029db39944d94 tcpserver: status: 0/40 >>> >>> Right now I see that there is something goes wrong with a >>> authentication process in qmail and this dump is not very useful for >>> me. :( Are there any other ideas I can try? >>> RM>> Hi, RM>> I'd trying asking on a spamdyke mailing list. If it was plain RM>> qmail-smtpd then you'd see in the logs why it failed. RM>> Rick alo> I was done fresh clean install on gentoo amd64 netqmail and vpopmail alo> with mysql support. No any clamav, spamassassin, spamdyke and others. alo> SMTP-AUTH still not working. Trying to figure out what is really alo> happening. Just want to add that I tested right now and found that the same fresh programs configurations and settings on the clean 32-bit system working pretty good. Should I try once again to use recordio program on a 64-bit system? !DSPAM:4e2f462332714910253358!
Re: [vchkpw] SMTP-AUTH problem with vchkpw
Hello Rick, Sunday, July 3, 2011, 17:15:29, Rick Macdougall wrote: RM> On 03/07/2011 5:11 AM, a...@ltmd.org wrote: >> Hello Rick, >> >> Saturday, July 2, 2011, 16:59:09, Rick Macdougall wrote: >>> User vpopmail realy exists. I also cannot find the difference between working x86 server configuration and the new amd64 one. I tried to reconfigure my system from no-multilib to multilib and to reemerge netqmail and vpopmail ebuilds, but still no success. :( Is there some way to debug that plain SMTP-AUTH to figure out what is really happening? >> >> RM> You can use recordio (part of one of djb's packages) to log everything >> RM> that happens within an smtp conversation. >> >> RM> http://cr.yp.to/ucspi-tcp/recordio.html >> >> Thank you for your assistance, Rick. I tried to use that nice tool. >> And here goes the result: >> >> @40004e1029d019fc59f4 22218> 220 mail.domain.com ESMTP >> @40004e1029d035004684 22218< EHLO [10.1.1.177] >> @40004e1029d035017b1c 22218> 250-mail.domain.com >> @40004e1029d03501b1cc 22218> 250-STARTTLS >> @40004e1029d03501e494 22218> 250-PIPELINING >> @40004e1029d03502175c 22218> 250-8BITMIME >> @40004e1029d03502463c 22218> 250-SIZE 0 >> @40004e1029d035027904 22218> 250 AUTH LOGIN PLAIN >> @40004e1029d10834940c 22218< AUTH PLAIN >> @40004e1029d108356ecc 22218> 334 >> @40004e1029d109252dcc 22218< c2VuZGVyLmNvbXBhc3N3b3Jk >> @40004e1029d6092f863c 22218> 535 authentication failed (#5.7.1) >> @40004e1029d60994146c 22218< RSET >> @40004e1029d60994e374 22218> 250 flushed >> @40004e1029d60b8495e4 22218< AUTH LOGIN >> @40004e1029d60b85ca7c 22218> 334 VXNlcm5hbWU6 >> @40004e1029d60c5eadec 22218< c2VuZGVyLmNvbQ== >> @40004e1029d60c5ff9f4 22218> 334 UGFzc3dvcmQ6 >> @40004e1029d60d4acf24 22218< cGFzc3dvcmQ= >> @40004e1029db0d59619c 22218> 535 authentication failed (#5.7.1) >> @40004e1029db0e782f7c 22218< RSET >> @40004e1029db0e78cbbc 22218> 250 flushed >> @40004e1029db10ef51cc 22218< MAIL FROM: SIZE=524 >> @40004e1029db10f0f3c4 22218> 250 ok >> @40004e1029db281154f4 22218< RCPT TO: >> @40004e1029db2812eb34 22218> 250 ok >> @40004e1029db2a9afd74 22218< DATA >> @40004e1029db2aa021dc 22218> 354 go ahead >> @40004e1029db2b9f619c 22218< Date: Sun, 3 Jul 2011 11:35:32 +0300 >> @40004e1029db2ba00d7c 22218< From: Name Surname >> @40004e1029db2ba08e64 22218< Reply-To: Name Surname >> @40004e1029db2ba10b64 22218< X-Priority: 3 (Normal) >> @40004e1029db2ba1847c 22218< >> Message-ID:<86092590.20110703113...@domain.com> >> @40004e1029db2ba1fd94 22218< To: receip...@domain.com >> @40004e1029db2ba276ac 22218< Subject: test >> @40004e1029db2ba2efc4 22218< MIME-Version: 1.0 >> @40004e1029db2ba364f4 22218< Content-Type: text/plain; charset=utf-8 >> @40004e1029db2ba3de0c 22218< Content-Transfer-Encoding: quoted-printable >> @40004e1029db2ba45724 22218< >> @40004e1029db2ba5ba9c 22218< test >> @40004e1029db2ba9f88c 22218< . >> @40004e1029db376d0894 22218> 250 ok 1309682129 qp 2 >> @40004e1029db3888d4ec 22218< RSET >> @40004e1029db3889cb04 22218> 250 flushed >> @40004e1029db3982d104 22218< QUIT >> @40004e1029db398a79f4 22218> 221 mail.domain.com >> @40004e1029db398a81c4 22218> [EOF] >> @40004e1029db399445c4 tcpserver: end 22217 status 0 >> @40004e1029db39944d94 tcpserver: status: 0/40 >> >> Right now I see that there is something goes wrong with a >> authentication process in qmail and this dump is not very useful for >> me. :( Are there any other ideas I can try? >> RM> Hi, RM> I'd trying asking on a spamdyke mailing list. If it was plain RM> qmail-smtpd then you'd see in the logs why it failed. RM> Rick I was done fresh clean install on gentoo amd64 netqmail and vpopmail with mysql support. No any clamav, spamassassin, spamdyke and others. SMTP-AUTH still not working. Trying to figure out what is really happening. !DSPAM:4e2f2c0c32714376791534!
Re: [vchkpw] SMTP-AUTH problem with vchkpw
On 03/07/2011 5:11 AM, a...@ltmd.org wrote: Hello Rick, Saturday, July 2, 2011, 16:59:09, Rick Macdougall wrote: User vpopmail realy exists. I also cannot find the difference between working x86 server configuration and the new amd64 one. I tried to reconfigure my system from no-multilib to multilib and to reemerge netqmail and vpopmail ebuilds, but still no success. :( Is there some way to debug that plain SMTP-AUTH to figure out what is really happening? RM> You can use recordio (part of one of djb's packages) to log everything RM> that happens within an smtp conversation. RM> http://cr.yp.to/ucspi-tcp/recordio.html Thank you for your assistance, Rick. I tried to use that nice tool. And here goes the result: @40004e1029d019fc59f4 22218> 220 mail.domain.com ESMTP @40004e1029d035004684 22218< EHLO [10.1.1.177] @40004e1029d035017b1c 22218> 250-mail.domain.com @40004e1029d03501b1cc 22218> 250-STARTTLS @40004e1029d03501e494 22218> 250-PIPELINING @40004e1029d03502175c 22218> 250-8BITMIME @40004e1029d03502463c 22218> 250-SIZE 0 @40004e1029d035027904 22218> 250 AUTH LOGIN PLAIN @40004e1029d10834940c 22218< AUTH PLAIN @40004e1029d108356ecc 22218> 334 @40004e1029d109252dcc 22218< c2VuZGVyLmNvbXBhc3N3b3Jk @40004e1029d6092f863c 22218> 535 authentication failed (#5.7.1) @40004e1029d60994146c 22218< RSET @40004e1029d60994e374 22218> 250 flushed @40004e1029d60b8495e4 22218< AUTH LOGIN @40004e1029d60b85ca7c 22218> 334 VXNlcm5hbWU6 @40004e1029d60c5eadec 22218< c2VuZGVyLmNvbQ== @40004e1029d60c5ff9f4 22218> 334 UGFzc3dvcmQ6 @40004e1029d60d4acf24 22218< cGFzc3dvcmQ= @40004e1029db0d59619c 22218> 535 authentication failed (#5.7.1) @40004e1029db0e782f7c 22218< RSET @40004e1029db0e78cbbc 22218> 250 flushed @40004e1029db10ef51cc 22218< MAIL FROM: SIZE=524 @40004e1029db10f0f3c4 22218> 250 ok @40004e1029db281154f4 22218< RCPT TO: @40004e1029db2812eb34 22218> 250 ok @40004e1029db2a9afd74 22218< DATA @40004e1029db2aa021dc 22218> 354 go ahead @40004e1029db2b9f619c 22218< Date: Sun, 3 Jul 2011 11:35:32 +0300 @40004e1029db2ba00d7c 22218< From: Name Surname @40004e1029db2ba08e64 22218< Reply-To: Name Surname @40004e1029db2ba10b64 22218< X-Priority: 3 (Normal) @40004e1029db2ba1847c 22218< Message-ID:<86092590.20110703113...@domain.com> @40004e1029db2ba1fd94 22218< To: receip...@domain.com @40004e1029db2ba276ac 22218< Subject: test @40004e1029db2ba2efc4 22218< MIME-Version: 1.0 @40004e1029db2ba364f4 22218< Content-Type: text/plain; charset=utf-8 @40004e1029db2ba3de0c 22218< Content-Transfer-Encoding: quoted-printable @40004e1029db2ba45724 22218< @40004e1029db2ba5ba9c 22218< test @40004e1029db2ba9f88c 22218< . @40004e1029db376d0894 22218> 250 ok 1309682129 qp 2 @40004e1029db3888d4ec 22218< RSET @40004e1029db3889cb04 22218> 250 flushed @40004e1029db3982d104 22218< QUIT @40004e1029db398a79f4 22218> 221 mail.domain.com @40004e1029db398a81c4 22218> [EOF] @40004e1029db399445c4 tcpserver: end 22217 status 0 @40004e1029db39944d94 tcpserver: status: 0/40 Right now I see that there is something goes wrong with a authentication process in qmail and this dump is not very useful for me. :( Are there any other ideas I can try? Hi, I'd trying asking on a spamdyke mailing list. If it was plain qmail-smtpd then you'd see in the logs why it failed. Rick !DSPAM:4e10799632711821815719!
Re: [vchkpw] SMTP-AUTH problem with vchkpw
Hello Rick, Saturday, July 2, 2011, 16:59:09, Rick Macdougall wrote: > User vpopmail realy exists. I also cannot find the >> difference between working x86 server configuration and the new >> amd64 one. I tried to reconfigure my system from no-multilib to >> multilib and to reemerge netqmail and vpopmail ebuilds, but still no >> success. :( Is there some way to debug that plain SMTP-AUTH to figure >> out what is really happening? RM> You can use recordio (part of one of djb's packages) to log everything RM> that happens within an smtp conversation. RM> http://cr.yp.to/ucspi-tcp/recordio.html Thank you for your assistance, Rick. I tried to use that nice tool. And here goes the result: @40004e1029d019fc59f4 22218 > 220 mail.domain.com ESMTP @40004e1029d035004684 22218 < EHLO [10.1.1.177] @40004e1029d035017b1c 22218 > 250-mail.domain.com @40004e1029d03501b1cc 22218 > 250-STARTTLS @40004e1029d03501e494 22218 > 250-PIPELINING @40004e1029d03502175c 22218 > 250-8BITMIME @40004e1029d03502463c 22218 > 250-SIZE 0 @40004e1029d035027904 22218 > 250 AUTH LOGIN PLAIN @40004e1029d10834940c 22218 < AUTH PLAIN @40004e1029d108356ecc 22218 > 334 @40004e1029d109252dcc 22218 < c2VuZGVyLmNvbXBhc3N3b3Jk @40004e1029d6092f863c 22218 > 535 authentication failed (#5.7.1) @40004e1029d60994146c 22218 < RSET @40004e1029d60994e374 22218 > 250 flushed @40004e1029d60b8495e4 22218 < AUTH LOGIN @40004e1029d60b85ca7c 22218 > 334 VXNlcm5hbWU6 @40004e1029d60c5eadec 22218 < c2VuZGVyLmNvbQ== @40004e1029d60c5ff9f4 22218 > 334 UGFzc3dvcmQ6 @40004e1029d60d4acf24 22218 < cGFzc3dvcmQ= @40004e1029db0d59619c 22218 > 535 authentication failed (#5.7.1) @40004e1029db0e782f7c 22218 < RSET @40004e1029db0e78cbbc 22218 > 250 flushed @40004e1029db10ef51cc 22218 < MAIL FROM: SIZE=524 @40004e1029db10f0f3c4 22218 > 250 ok @40004e1029db281154f4 22218 < RCPT TO: @40004e1029db2812eb34 22218 > 250 ok @40004e1029db2a9afd74 22218 < DATA @40004e1029db2aa021dc 22218 > 354 go ahead @40004e1029db2b9f619c 22218 < Date: Sun, 3 Jul 2011 11:35:32 +0300 @40004e1029db2ba00d7c 22218 < From: Name Surname @40004e1029db2ba08e64 22218 < Reply-To: Name Surname @40004e1029db2ba10b64 22218 < X-Priority: 3 (Normal) @40004e1029db2ba1847c 22218 < Message-ID: <86092590.20110703113...@domain.com> @40004e1029db2ba1fd94 22218 < To: receip...@domain.com @40004e1029db2ba276ac 22218 < Subject: test @40004e1029db2ba2efc4 22218 < MIME-Version: 1.0 @40004e1029db2ba364f4 22218 < Content-Type: text/plain; charset=utf-8 @40004e1029db2ba3de0c 22218 < Content-Transfer-Encoding: quoted-printable @40004e1029db2ba45724 22218 < @40004e1029db2ba5ba9c 22218 < test @40004e1029db2ba9f88c 22218 < . @40004e1029db376d0894 22218 > 250 ok 1309682129 qp 2 @40004e1029db3888d4ec 22218 < RSET @40004e1029db3889cb04 22218 > 250 flushed @40004e1029db3982d104 22218 < QUIT @40004e1029db398a79f4 22218 > 221 mail.domain.com @40004e1029db398a81c4 22218 > [EOF] @40004e1029db399445c4 tcpserver: end 22217 status 0 @40004e1029db39944d94 tcpserver: status: 0/40 Right now I see that there is something goes wrong with a authentication process in qmail and this dump is not very useful for me. :( Are there any other ideas I can try? !DSPAM:4e10323332711707610120!
Re: [vchkpw] SMTP-AUTH problem with vchkpw
On 01/07/2011 12:54 PM, a...@ltmd.org wrote: User vpopmail realy exists. I also cannot find the difference between working x86 server configuration and the new amd64 one. I tried to reconfigure my system from no-multilib to multilib and to reemerge netqmail and vpopmail ebuilds, but still no success. :( Is there some way to debug that plain SMTP-AUTH to figure out what is really happening? Hi, You can use recordio (part of one of djb's packages) to log everything that happens within an smtp conversation. http://cr.yp.to/ucspi-tcp/recordio.html ie /service/qmail-smtpd/run #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 1200 \ /usr/local/bin/tcpserver -v -h -R \ -x /home/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \ /usr/local/bin/rblsmtpd -t 2 -b \ -r cbl.aei.ca \ -r bl.spamcop.net \ recordio /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /bin/true 2>&1 Rick !DSPAM:4e0f243632713934528930!
Re: [vchkpw] SMTP-AUTH problem with vchkpw
Hello Rick, Friday, July 1, 2011, 16:13:45, Rick Macdougall wrote: RM> On 30/06/2011 8:10 PM, a...@ltmd.org wrote: >> I tried to migrate my mail service (qmail+vpopmail+mysql) to the >> 64-bit Gentoo platform and almost succeeded, but SMTP-AUTH problem >> blocked me. >> >> Right now I have no multilib 64-bit hardened Gentoo system with >> netqmail-1.06, vpopmail-5.4.30-r2, dovecot-2.0.13 and some other >> stuff. Everything seems working fine, except SMTP-AUTH function. >> >> My mailer on this new server shows me: >> >> SEND - connected to SMTP server >> SEND - authenticating (plain)... >> SEND - Server reports error. The response is: authentication failed (#5.7.1) >> SEND - authenticating (login)... >> SEND - Server reports error. The response is: authentication failed (#5.7.1) >> SEND - WARNING: there were no compatible authentication mechanisms detected >> >> Here goes my config /var/qmail/control/conf-smtpd: >> --- >> TCPSERVER_OPTS="${TCPSERVER_OPTS} -R" >> QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} spamdyke -f /etc/spamdyke/spamdyke.conf" >> QMAIL_SMTP_CHECKPASSWORD="/var/vpopmail/bin/vchkpw" >> [[ -n "${QMAIL_SMTP_CHECKPASSWORD}" ]]&& { >> [[ -z "${QMAIL_SMTP_POST}" ]]&& QMAIL_SMTP_POST=/bin/true >> QMAIL_SMTP_POST="${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}" >> } >> --- >> RM> Hi, RM> You should be able to see the auth attempt in one f your log files. On RM> all my servers it's in /var/log/messages. This might help show where RM> the problem lies. RM> One of my lines as an example - Jul 1 04:43:17 mail002 vpopmail[24348]: RM> vchkpw-smtp: vpopmail user not found rlev...@aei.ca:14.208.230.43 I scanned through all my log files, but not found any entry about with pattern vchkpw. I have only spamdyke messages like user was not SMTP authorized. Jul 1 00:32:49 mail spamdyke[7441]: ALLOWED from: m...@address.com to: m...@address.com origin_ip: 2.6.7.8 origin_rdns: 2-6-7-8.domain.com auth: (unknown) Spamdyke disabling not helped me. Server response show that it SMTP-AUTH capable: $ telnet 1.2.3.4 25 Trying 1.2.3.4... Connected to 1.2.3.4. Escape character is '^]'. 220 mail.server.com ESMTP EHLO mail.server.com 250-mail.server.com 250-STARTTLS 250-PIPELINING 250-8BITMIME 250-SIZE 0 250 AUTH LOGIN PLAIN User vpopmail realy exists. I also cannot find the difference between working x86 server configuration and the new amd64 one. I tried to reconfigure my system from no-multilib to multilib and to reemerge netqmail and vpopmail ebuilds, but still no success. :( Is there some way to debug that plain SMTP-AUTH to figure out what is really happening? Anf !DSPAM:4e0dfbd932711543016584!
Re: [vchkpw] SMTP-AUTH problem with vchkpw
On 30/06/2011 8:10 PM, a...@ltmd.org wrote: I tried to migrate my mail service (qmail+vpopmail+mysql) to the 64-bit Gentoo platform and almost succeeded, but SMTP-AUTH problem blocked me. Right now I have no multilib 64-bit hardened Gentoo system with netqmail-1.06, vpopmail-5.4.30-r2, dovecot-2.0.13 and some other stuff. Everything seems working fine, except SMTP-AUTH function. My mailer on this new server shows me: SEND - connected to SMTP server SEND - authenticating (plain)... SEND - Server reports error. The response is: authentication failed (#5.7.1) SEND - authenticating (login)... SEND - Server reports error. The response is: authentication failed (#5.7.1) SEND - WARNING: there were no compatible authentication mechanisms detected Here goes my config /var/qmail/control/conf-smtpd: --- TCPSERVER_OPTS="${TCPSERVER_OPTS} -R" QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} spamdyke -f /etc/spamdyke/spamdyke.conf" QMAIL_SMTP_CHECKPASSWORD="/var/vpopmail/bin/vchkpw" [[ -n "${QMAIL_SMTP_CHECKPASSWORD}" ]]&& { [[ -z "${QMAIL_SMTP_POST}" ]]&& QMAIL_SMTP_POST=/bin/true QMAIL_SMTP_POST="${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}" } --- Hi, You should be able to see the auth attempt in one f your log files. On all my servers it's in /var/log/messages. This might help show where the problem lies. One of my lines as an example - Jul 1 04:43:17 mail002 vpopmail[24348]: vchkpw-smtp: vpopmail user not found rlev...@aei.ca:14.208.230.43 Rick !DSPAM:4e0dc81232712410438437!
Re: [vchkpw] smtp auth with chkuser problems
Sigh- this is a shame - it doesn't work. still getting smtp auth issues with fehcom's auth. So i've given up on it for now it works now, but now simscan messages are bled in: simscan:[17008]:PASSTHRU (7.70/5.00):2.6977s:[SPAM] :93.89.85.51:ja...@imaj.es :ima...@gmail.com I'm wondering if i'm fundamentally doing something wrong- could i convince someone to login and take a look? Thanks, james On 11 Jun 2009, at 16:18, Remo Mattei wrote: #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` export QMAILQUEUE=/var/qmail/bin/simscan export NOP0FCHECK=1 export SIMSCAN_DEBUG=0 #IPADDR="208.53.44.231" exec /usr/local/bin/softlimit -m 2200 \ /usr/local/bin/tcpserver -v -H -R -l 0 \ -x /home/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \ /usr/local/bin/rblsmtpd \ -r "x.r.mail-abuse.com:see http://www.mail-abuse.com/cgi-bin/lo okup?ip_address=%IP%" -r zen.spamhaus.org /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /bin/true 2>&1 Here you go... On 6/11/09 9:16 AM, "James Cox" wrote: Remo, what's your full run script? -james On 11 Jun 2009, at 15:59, Remo Mattei wrote: Did u try this settings on your server? #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` export QMAILQUEUE=/var/qmail/bin/simscan export NOP0FCHECK=1 export SIMSCAN_DEBUG=0 Just my 2 cents.. Remo On 6/11/09 8:44 AM, "James Cox" wrote: I just did a fresh install of toaster. i'm still getting these frustrating smtp auth problems - it's conflating the first portion of domain, so if for example i have the user f...@example.com, it tries to auth foo.com@:myip huh?? -james On 11 Jun 2009, at 13:51, Tren Blackburn wrote: I apologize if this has already been mentioned but have you tried Bill Shupp's toaster if you're on Linux or Matt Simmerman's toaster if you're on BSD? There's others, but I've used both over the years with no problems. I haven't switched to netqmail 1.06 but I thought it was primarily just a version increment to reflect the change in qmail's license. But if these have already been suggested and are not viable to you for some reason then please disregardmy 2 cents here is in Canadian... ;) Regardless I hope you can track down your problem! Regards, Tren From: James Cox To: vchkpw@inter7.com Sent: Thu Jun 11 04:47:52 2009 Subject: Re: [vchkpw] smtp auth with chkuser problems On 10 Jun 2009, at 22:41, James Cox wrote: Patch in Shupp toaster is taken from Erwin Hoffmann's SMTP- AUTH (http://www.fehcom.de/qmail/smtpauth.html). qmail 1.0.5 and 1.0.6 should be extremely similar and I wonder if it is worth using 1.0.6. Weird, i installed the patch with Erwin's smtp-auth, and have ended up with failed auths: Jun 10 16:39:21 reason vpopmail[7505]: vchkpw-smtp: vpopmail user not found james.es@:86.13.225.60 when authing with username "ja...@imaj.es" all, halps! throwing this in again - chkuser + krystopf's smtp auth ends up spitting random log stuff into the smtp stream. now i'm seeing simscan messages after turning logging off for chkuser. So somehow either my service scripts or some patch to netqmail has caused errant bleeding of log messages into the smtp stream, which is of course weird and broken. I tried Erwin's smtp auth (fehcom) thinking this is where the problem lies- but alas, i can't auth at all there. anyone able to help shed some more light for me? thanks. james !DSPAM:4a324d2632667166074158!
Re: [vchkpw] smtp auth with chkuser problems
#!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` export QMAILQUEUE=/var/qmail/bin/simscan export NOP0FCHECK=1 export SIMSCAN_DEBUG=0 #IPADDR="208.53.44.231" exec /usr/local/bin/softlimit -m 2200 \ /usr/local/bin/tcpserver -v -H -R -l 0 \ -x /home/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \ /usr/local/bin/rblsmtpd \ -r "x.r.mail-abuse.com:see http://www.mail-abuse.com/cgi-bin/lo okup?ip_address=%IP%" -r zen.spamhaus.org /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /bin/true 2>&1 Here you go... On 6/11/09 9:16 AM, "James Cox" wrote: > Remo, > > what's your full run script? > > -james > On 11 Jun 2009, at 15:59, Remo Mattei wrote: > >> Did u try this settings on your server? >> >> >> #!/bin/sh >> QMAILDUID=`id -u vpopmail` >> NOFILESGID=`id -g vpopmail` >> MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` >> export QMAILQUEUE=/var/qmail/bin/simscan >> export NOP0FCHECK=1 >> export SIMSCAN_DEBUG=0 >> >> >> Just my 2 cents.. >> Remo >> >> On 6/11/09 8:44 AM, "James Cox" wrote: >> >> >>> I just did a fresh install of toaster. >>> >>> i'm still getting these frustrating smtp auth problems - it's >>> conflating the first portion of domain, so if for example i have the >>> user f...@example.com, it tries to auth foo.com@:myip >>> >>> huh?? >>> >>> -james >>> >>> On 11 Jun 2009, at 13:51, Tren Blackburn wrote: >>> >>> >>>> I apologize if this has already been mentioned but have you tried Bill >>>> Shupp's toaster if you're on Linux or Matt Simmerman's toaster if you're on >>>> BSD? There's others, but I've used both over the years with no problems. I >>>> haven't switched to netqmail 1.06 but I thought it was primarily just a >>>> version increment to reflect the change in qmail's license. >>>> >>>> But if these have already been suggested and are not viable to you for >>>> some reason then please disregardmy 2 cents here is in Canadian... ;) >>>> >>>> Regardless I hope you can track down your problem! >>>> >>>> Regards, >>>> >>>> Tren >>>> >>>> >>>> >>>> From: James Cox >>>> To: vchkpw@inter7.com >>>> Sent: Thu Jun 11 04:47:52 2009 >>>> Subject: Re: [vchkpw] smtp auth with chkuser problems >>>> >>>> >>>> On 10 Jun 2009, at 22:41, James Cox wrote: >>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> Patch in Shupp toaster is taken from Erwin Hoffmann's SMTP-AUTH >>>>>> (http://www.fehcom.de/qmail/smtpauth.html). >>>>>> qmail 1.0.5 and 1.0.6 should be extremely similar and I wonder if it is >>>>>> worth using 1.0.6. >>>>>> >>>>> >>>>> Weird, i installed the patch with Erwin's smtp-auth, and have ended up >>>>> with failed auths: >>>>> >>>>> Jun 10 16:39:21 reason vpopmail[7505]: vchkpw-smtp: vpopmail user not >>>>> found james.es@:86.13.225.60 >>>>> >>>>> when authing with username "ja...@imaj.es" >>>>> >>>>> >>>> >>>> all, >>>> >>>> halps! >>>> >>>> throwing this in again - chkuser + krystopf's smtp auth ends up spitting >>>> random log stuff into the smtp stream. now i'm seeing simscan messages >>>> after turning logging off for chkuser. So somehow either my service scripts >>>> or some patch to netqmail has caused errant bleeding of log messages into >>>> the smtp stream, which is of course weird and broken. >>>> >>>> I tried Erwin's smtp auth (fehcom) thinking this is where the problem >>>> lies- but alas, i can't auth at all there. >>>> >>>> anyone able to help shed some more light for me? >>>> thanks. >>>> >>>> james >>>> >>>> >>>> >>> >>> >>> >> >> > > !DSPAM:4a31204432664417892754!
Re: [vchkpw] smtp auth with chkuser problems
Brian Lanier ha scritto: - Original Message - *From:* James Cox <mailto:ja...@imaj.es> *To:* vchkpw@inter7.com <mailto:vchkpw@inter7.com> *Sent:* Thursday, June 11, 2009 7:44 AM *Subject:* Re: [vchkpw] smtp auth with chkuser problems I just did a fresh install of toaster. i'm still getting these frustrating smtp auth problems - it's conflating the first portion of domain, so if for example i have the user f...@example.com <mailto:f...@example.com>, it tries to auth foo.com@:myip <mailto:foo.com@:myip> huh?? -james This may be so obvious that I shouldn't mention it, but did you change your run script to reflect the new smtp_auth patch? If I remember correctly, the older version wanted things in a different order. I just don't remember if that applies to this particular problem as its been awhile and I don't have access to my vpopmail setup right now... Brian Something like /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true 2>&1 Tonino -- in...@zioniInterazioni di Antonio Nati http://www.interazioni.it to...@interazioni.it !DSPAM:4a311fda32662016013213!
Re: [vchkpw] smtp auth with chkuser problems
Remo, what's your full run script? -james On 11 Jun 2009, at 15:59, Remo Mattei wrote: Did u try this settings on your server? #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` export QMAILQUEUE=/var/qmail/bin/simscan export NOP0FCHECK=1 export SIMSCAN_DEBUG=0 Just my 2 cents.. Remo On 6/11/09 8:44 AM, "James Cox" wrote: I just did a fresh install of toaster. i'm still getting these frustrating smtp auth problems - it's conflating the first portion of domain, so if for example i have the user f...@example.com, it tries to auth foo.com@:myip huh?? -james On 11 Jun 2009, at 13:51, Tren Blackburn wrote: I apologize if this has already been mentioned but have you tried Bill Shupp's toaster if you're on Linux or Matt Simmerman's toaster if you're on BSD? There's others, but I've used both over the years with no problems. I haven't switched to netqmail 1.06 but I thought it was primarily just a version increment to reflect the change in qmail's license. But if these have already been suggested and are not viable to you for some reason then please disregardmy 2 cents here is in Canadian... ;) Regardless I hope you can track down your problem! Regards, Tren From: James Cox To: vchkpw@inter7.com Sent: Thu Jun 11 04:47:52 2009 Subject: Re: [vchkpw] smtp auth with chkuser problems On 10 Jun 2009, at 22:41, James Cox wrote: Patch in Shupp toaster is taken from Erwin Hoffmann's SMTP-AUTH (http://www.fehcom.de/qmail/smtpauth.html ). qmail 1.0.5 and 1.0.6 should be extremely similar and I wonder if it is worth using 1.0.6. Weird, i installed the patch with Erwin's smtp-auth, and have ended up with failed auths: Jun 10 16:39:21 reason vpopmail[7505]: vchkpw-smtp: vpopmail user not found james.es@:86.13.225.60 when authing with username "ja...@imaj.es" all, halps! throwing this in again - chkuser + krystopf's smtp auth ends up spitting random log stuff into the smtp stream. now i'm seeing simscan messages after turning logging off for chkuser. So somehow either my service scripts or some patch to netqmail has caused errant bleeding of log messages into the smtp stream, which is of course weird and broken. I tried Erwin's smtp auth (fehcom) thinking this is where the problem lies- but alas, i can't auth at all there. anyone able to help shed some more light for me? thanks. james !DSPAM:4a311fba32661067792816!
Re: [vchkpw] smtp auth with chkuser problems
- Original Message - From: James Cox To: vchkpw@inter7.com Sent: Thursday, June 11, 2009 7:44 AM Subject: Re: [vchkpw] smtp auth with chkuser problems I just did a fresh install of toaster. i'm still getting these frustrating smtp auth problems - it's conflating the first portion of domain, so if for example i have the user f...@example.com, it tries to auth foo.com@:myip huh?? -james This may be so obvious that I shouldn't mention it, but did you change your run script to reflect the new smtp_auth patch? If I remember correctly, the older version wanted things in a different order. I just don't remember if that applies to this particular problem as its been awhile and I don't have access to my vpopmail setup right now... Brian !DSPAM:4a311eb432664685113058!
Re: [vchkpw] smtp auth with chkuser problems
Did u try this settings on your server? #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` export QMAILQUEUE=/var/qmail/bin/simscan export NOP0FCHECK=1 export SIMSCAN_DEBUG=0 Just my 2 cents.. Remo On 6/11/09 8:44 AM, "James Cox" wrote: > I just did a fresh install of toaster. > > i'm still getting these frustrating smtp auth problems - it's > conflating the first portion of domain, so if for example i have the > user f...@example.com, it tries to auth foo.com@:myip > > huh?? > > -james > > On 11 Jun 2009, at 13:51, Tren Blackburn wrote: > >> I apologize if this has already been mentioned but have you tried Bill >> Shupp's toaster if you're on Linux or Matt Simmerman's toaster if you're on >> BSD? There's others, but I've used both over the years with no problems. I >> haven't switched to netqmail 1.06 but I thought it was primarily just a >> version increment to reflect the change in qmail's license. >> >> But if these have already been suggested and are not viable to you for some >> reason then please disregardmy 2 cents here is in Canadian... ;) >> >> Regardless I hope you can track down your problem! >> >> Regards, >> >> Tren >> >> >> From: James Cox >> To: vchkpw@inter7.com >> Sent: Thu Jun 11 04:47:52 2009 >> Subject: Re: [vchkpw] smtp auth with chkuser problems >> >> >> On 10 Jun 2009, at 22:41, James Cox wrote: >>>>> >>>>> >>>> Patch in Shupp toaster is taken from Erwin Hoffmann's SMTP-AUTH >>>> (http://www.fehcom.de/qmail/smtpauth.html). >>>> qmail 1.0.5 and 1.0.6 should be extremely similar and I wonder if it is >>>> worth using 1.0.6. >>> >>> Weird, i installed the patch with Erwin's smtp-auth, and have ended up with >>> failed auths: >>> >>> Jun 10 16:39:21 reason vpopmail[7505]: vchkpw-smtp: vpopmail user not found >>> james.es@:86.13.225.60 >>> >>> when authing with username "ja...@imaj.es" >>> >> >> all, >> >> halps! >> >> throwing this in again - chkuser + krystopf's smtp auth ends up spitting >> random log stuff into the smtp stream. now i'm seeing simscan messages after >> turning logging off for chkuser. So somehow either my service scripts or some >> patch to netqmail has caused errant bleeding of log messages into the smtp >> stream, which is of course weird and broken. >> >> I tried Erwin's smtp auth (fehcom) thinking this is where the problem lies- >> but alas, i can't auth at all there. >> >> anyone able to help shed some more light for me? >> thanks. >> >> james >> >> > > !DSPAM:4a311bdd32666086566072!
Re: [vchkpw] smtp auth with chkuser problems
I just did a fresh install of toaster. i'm still getting these frustrating smtp auth problems - it's conflating the first portion of domain, so if for example i have the user f...@example.com, it tries to auth foo.com@:myip huh?? -james On 11 Jun 2009, at 13:51, Tren Blackburn wrote: I apologize if this has already been mentioned but have you tried Bill Shupp's toaster if you're on Linux or Matt Simmerman's toaster if you're on BSD? There's others, but I've used both over the years with no problems. I haven't switched to netqmail 1.06 but I thought it was primarily just a version increment to reflect the change in qmail's license. But if these have already been suggested and are not viable to you for some reason then please disregardmy 2 cents here is in Canadian... ;) Regardless I hope you can track down your problem! Regards, Tren From: James Cox To: vchkpw@inter7.com Sent: Thu Jun 11 04:47:52 2009 Subject: Re: [vchkpw] smtp auth with chkuser problems On 10 Jun 2009, at 22:41, James Cox wrote: Patch in Shupp toaster is taken from Erwin Hoffmann's SMTP-AUTH (http://www.fehcom.de/qmail/smtpauth.html ). qmail 1.0.5 and 1.0.6 should be extremely similar and I wonder if it is worth using 1.0.6. Weird, i installed the patch with Erwin's smtp-auth, and have ended up with failed auths: Jun 10 16:39:21 reason vpopmail[7505]: vchkpw-smtp: vpopmail user not found james.es@:86.13.225.60 when authing with username "ja...@imaj.es" all, halps! throwing this in again - chkuser + krystopf's smtp auth ends up spitting random log stuff into the smtp stream. now i'm seeing simscan messages after turning logging off for chkuser. So somehow either my service scripts or some patch to netqmail has caused errant bleeding of log messages into the smtp stream, which is of course weird and broken. I tried Erwin's smtp auth (fehcom) thinking this is where the problem lies- but alas, i can't auth at all there. anyone able to help shed some more light for me? thanks. james !DSPAM:4a31185532662012537108!
Re: [vchkpw] smtp auth with chkuser problems
I apologize if this has already been mentioned but have you tried Bill Shupp's toaster if you're on Linux or Matt Simmerman's toaster if you're on BSD? There's others, but I've used both over the years with no problems. I haven't switched to netqmail 1.06 but I thought it was primarily just a version increment to reflect the change in qmail's license. But if these have already been suggested and are not viable to you for some reason then please disregardmy 2 cents here is in Canadian... ;) Regardless I hope you can track down your problem! Regards, Tren From: James Cox To: vchkpw@inter7.com Sent: Thu Jun 11 04:47:52 2009 Subject: Re: [vchkpw] smtp auth with chkuser problems On 10 Jun 2009, at 22:41, James Cox wrote: Patch in Shupp toaster is taken from Erwin Hoffmann's SMTP-AUTH (http://www.fehcom.de/qmail/smtpauth.html). qmail 1.0.5 and 1.0.6 should be extremely similar and I wonder if it is worth using 1.0.6. Weird, i installed the patch with Erwin's smtp-auth, and have ended up with failed auths: Jun 10 16:39:21 reason vpopmail[7505]: vchkpw-smtp: vpopmail user not found james.es@:86.13.225.60 when authing with username "ja...@imaj.es" all, halps! throwing this in again - chkuser + krystopf's smtp auth ends up spitting random log stuff into the smtp stream. now i'm seeing simscan messages after turning logging off for chkuser. So somehow either my service scripts or some patch to netqmail has caused errant bleeding of log messages into the smtp stream, which is of course weird and broken. I tried Erwin's smtp auth (fehcom) thinking this is where the problem lies- but alas, i can't auth at all there. anyone able to help shed some more light for me? thanks. james !DSPAM:4a30fdd432661702533441!
Re: [vchkpw] smtp auth with chkuser problems
On 10 Jun 2009, at 22:41, James Cox wrote: Patch in Shupp toaster is taken from Erwin Hoffmann's SMTP-AUTH (http://www.fehcom.de/qmail/smtpauth.html ). qmail 1.0.5 and 1.0.6 should be extremely similar and I wonder if it is worth using 1.0.6. Weird, i installed the patch with Erwin's smtp-auth, and have ended up with failed auths: Jun 10 16:39:21 reason vpopmail[7505]: vchkpw-smtp: vpopmail user not found james.es@:86.13.225.60 when authing with username "ja...@imaj.es" all, halps! throwing this in again - chkuser + krystopf's smtp auth ends up spitting random log stuff into the smtp stream. now i'm seeing simscan messages after turning logging off for chkuser. So somehow either my service scripts or some patch to netqmail has caused errant bleeding of log messages into the smtp stream, which is of course weird and broken. I tried Erwin's smtp auth (fehcom) thinking this is where the problem lies- but alas, i can't auth at all there. anyone able to help shed some more light for me? thanks. james !DSPAM:4a30ef1d32665615831132!
Re: [vchkpw] smtp auth with chkuser problems
Thank you James, grazie Tonino. !DSPAM:4a30ba6832669637967409!
Re: [vchkpw] smtp auth with chkuser problems
On 10 Jun 2009, at 22:00, Tonix (Antonio Nati) wrote: James Cox ha scritto: On 10 Jun 2009, at 18:02, Tonix (Antonio Nati) wrote: Roberto ha scritto: Hi James, what version of netqmail are you using? does anybody knows if chkuser is compatible with 1.06? Problem should be the auth patch which breaks the output. In the past other people with other auth patches complained. They passed to the one contained in Shupp's Toaster (the unique one I've checked) and all problems went away. As alternative, should try to disable logs. So, versions- I've got - netqmail 1.06 - smtp auth 1.03 from http://members.elysium.pl/brush/qmail-smtpd-auth/ - chkuser 2.0.9 i tried looking at the toaster, but it is patched against a different netqmail - 1.05? wasn't sure if i should look to back out that patch and rebuild qmail.. --james Patch in Shupp toaster is taken from Erwin Hoffmann's SMTP-AUTH (http://www.fehcom.de/qmail/smtpauth.html ). qmail 1.0.5 and 1.0.6 should be extremely similar and I wonder if it is worth using 1.0.6. Weird, i installed the patch with Erwin's smtp-auth, and have ended up with failed auths: Jun 10 16:39:21 reason vpopmail[7505]: vchkpw-smtp: vpopmail user not found james.es@:86.13.225.60 when authing with username "ja...@imaj.es" huh? -james !DSPAM:4a3028a832664575497802!
Re: [vchkpw] smtp auth with chkuser problems
James Cox wrote: On 10 Jun 2009, at 18:02, Tonix (Antonio Nati) wrote: Roberto ha scritto: Hi James, what version of netqmail are you using? does anybody knows if chkuser is compatible with 1.06? Problem should be the auth patch which breaks the output. In the past other people with other auth patches complained. They passed to the one contained in Shupp's Toaster (the unique one I've checked) and all problems went away. As alternative, should try to disable logs. So, versions- I've got - netqmail 1.06 - smtp auth 1.03 from http://members.elysium.pl/brush/qmail-smtpd-auth/ - chkuser 2.0.9 i tried looking at the toaster, but it is patched against a different netqmail - 1.05? wasn't sure if i should look to back out that patch and rebuild qmail.. Hi, Bill's qmail-toaster-0.9.1.patch.bz2 applies cleanly and makes cleanly against netqmail 1.06. I just tested that. I didn't install it how ever. Regards, Rick !DSPAM:4a3023b532661537351311!
Re: [vchkpw] smtp auth with chkuser problems
James Cox ha scritto: On 10 Jun 2009, at 18:02, Tonix (Antonio Nati) wrote: Roberto ha scritto: Hi James, what version of netqmail are you using? does anybody knows if chkuser is compatible with 1.06? Problem should be the auth patch which breaks the output. In the past other people with other auth patches complained. They passed to the one contained in Shupp's Toaster (the unique one I've checked) and all problems went away. As alternative, should try to disable logs. So, versions- I've got - netqmail 1.06 - smtp auth 1.03 from http://members.elysium.pl/brush/qmail-smtpd-auth/ - chkuser 2.0.9 i tried looking at the toaster, but it is patched against a different netqmail - 1.05? wasn't sure if i should look to back out that patch and rebuild qmail.. --james Patch in Shupp toaster is taken from Erwin Hoffmann's SMTP-AUTH (http://www.fehcom.de/qmail/smtpauth.html). qmail 1.0.5 and 1.0.6 should be extremely similar and I wonder if it is worth using 1.0.6. Trust and use Shupp's toaster! Ciao, Tonino -- in...@zioniInterazioni di Antonio Nati http://www.interazioni.it to...@interazioni.it !DSPAM:4a301f0732661607920333!
Re: [vchkpw] smtp auth with chkuser problems
On 10 Jun 2009, at 18:02, Tonix (Antonio Nati) wrote: Roberto ha scritto: Hi James, what version of netqmail are you using? does anybody knows if chkuser is compatible with 1.06? Problem should be the auth patch which breaks the output. In the past other people with other auth patches complained. They passed to the one contained in Shupp's Toaster (the unique one I've checked) and all problems went away. As alternative, should try to disable logs. So, versions- I've got - netqmail 1.06 - smtp auth 1.03 from http://members.elysium.pl/brush/qmail-smtpd-auth/ - chkuser 2.0.9 i tried looking at the toaster, but it is patched against a different netqmail - 1.05? wasn't sure if i should look to back out that patch and rebuild qmail.. --james !DSPAM:4a300bed32661846241777!
Re: [vchkpw] smtp auth with chkuser problems
Roberto ha scritto: Hi James, what version of netqmail are you using? does anybody knows if chkuser is compatible with 1.06? Roberto James Cox ha scritto: I've had it running for a few hours, and have this: 1 CHKUSER rejected relaying 5 CHKUSER accepted any rcpt 28 CHKUSER relaying rcpt 362 CHKUSER accepted rcpt 1719 CHKUSER rejected rcpt 1758 CHKUSER accepted sender and... in my defines... neither of those two are enabled. version 2.0.9 for me. -james Problem should be the auth patch which breaks the output. In the past other people with other auth patches complained. They passed to the one contained in Shupp's Toaster (the unique one I've checked) and all problems went away. As alternative, should try to disable logs. Ciao! Tonino -- in...@zioniInterazioni di Antonio Nati http://www.interazioni.it to...@interazioni.it !DSPAM:4a2fe72032662043116501!
Re: [vchkpw] smtp auth with chkuser problems
Hi James, what version of netqmail are you using? does anybody knows if chkuser is compatible with 1.06? Roberto James Cox ha scritto: I've had it running for a few hours, and have this: 1 CHKUSER rejected relaying 5 CHKUSER accepted any rcpt 28 CHKUSER relaying rcpt 362 CHKUSER accepted rcpt 1719 CHKUSER rejected rcpt 1758 CHKUSER accepted sender and... in my defines... neither of those two are enabled. version 2.0.9 for me. -james !DSPAM:4a2fdf4c32661011711836!
Re: [vchkpw] smtp auth with chkuser problems
Rick Macdougall wrote: James Cox wrote: On 10 Jun 2009, at 14:26, Rick Macdougall wrote: James Cox wrote: I've had it running for a few hours, and have this: 1 CHKUSER rejected relaying 5 CHKUSER accepted any rcpt 28 CHKUSER relaying rcpt 362 CHKUSER accepted rcpt 1719 CHKUSER rejected rcpt 1758 CHKUSER accepted sender and... in my defines... neither of those two are enabled. version 2.0.9 for me. What version of SMTP AUTH are you using ? I know there is a version out there that causes the exact problem you are seeing, although to my knowledge it hasn't been seen in years. Rick: yeah, i saw that patch. but i am using the current version (i think?) 0.31 james Don't know what that patch is or does. I use Bill Shupp's toaster (http://www.shupp.org/toaster/) which uses the following smtp-auth patch v. 0.5.7 by Erwin Hoffmann http://www.fehcom.de/qmail/smtpauth.html Regards, Rick Hi, Yup, I'm pretty sure your 0.31 patch is the culprit. -- quote -- now mostly superseded with Krysztof Dabrowski's (and Eric M. Johnston) qmail-smtpd-auth-0.31 patch to include support for CRAM-MD5 with an additional cmd5checkpw PAM. Unfortunately, though wide-spread, Krysztof Dabrowski's SMTP-Auth patch breaks the checkpassword interface for CRAM-MD5. Instead of transmitting the sequence 'userid\0password\0challenge\0' it uses 'userid\0challenge\0password\0'. *** Another obstacle is to close (like 'qmail-popup') unnecessarily file descriptor 2 (FD 2). This inhibits a common logging to STDERR. *** Also, the unconditional close of FD 3 (to provide the AUTH information to the PAM) conflicts with reading control/morercpthosts.cdb. Further, there are some problems decoding BASE64. -- end quote -- Regards, Rick !DSPAM:4a2fd83732661317915693!
Re: [vchkpw] smtp auth with chkuser problems
Here is mine you can try to use my settings.. #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` export QMAILQUEUE=/var/qmail/bin/simscan export NOP0FCHECK=1 export SIMSCAN_DEBUG=0 exec /usr/local/bin/softlimit -m 2200 \ /usr/local/bin/tcpserver -v -H -R -l 0 \ -x /home/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \ /usr/local/bin/rblsmtpd \ On 6/10/09 9:38 AM, "Matt Brookings" wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > James Cox wrote: >> yeah, i saw that patch. but i am using the current version (i think?) 0.31 > > I'm not really sure *why* it would be happening and I don't really have a > solution > to pose to you. I just wanted you to be aware that the output you were seeing > the > SMTP session were not meant to be in the SMTP session, it's meant to be log > output. > > Because of how tcpserver works, it's unlikely that a patch would accidentally > push > output into a server's data stream. Descriptors 6 and 7 are used for input > and > output, and generally debugging output, etc, are done with printf()s and > fprintf()s > which unless purposely mucked with, are going to hit descriptors 1 and 2. > > Anyway, please let us know if you figure out what's going on. > - -- > /* > Matt BrookingsGnuPG Key D9414F70 > Software developer Systems technician > Inter7 Internet Technologies, Inc. (815)776-9465 > */ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkov02EACgkQ6QgvSNlBT3DlLACfWu87P74FLGWXEcfPu47T7qx7 > /DgAoKKLl6TAbIMkbT0ZzQG4yv2TBEYc > =Evt/ > -END PGP SIGNATURE- > > > !DSPAM:4a2fd52832663695612844!
Re: [vchkpw] smtp auth with chkuser problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Cox wrote: > yeah, i saw that patch. but i am using the current version (i think?) 0.31 I'm not really sure *why* it would be happening and I don't really have a solution to pose to you. I just wanted you to be aware that the output you were seeing the SMTP session were not meant to be in the SMTP session, it's meant to be log output. Because of how tcpserver works, it's unlikely that a patch would accidentally push output into a server's data stream. Descriptors 6 and 7 are used for input and output, and generally debugging output, etc, are done with printf()s and fprintf()s which unless purposely mucked with, are going to hit descriptors 1 and 2. Anyway, please let us know if you figure out what's going on. - -- /* Matt BrookingsGnuPG Key D9414F70 Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkov02EACgkQ6QgvSNlBT3DlLACfWu87P74FLGWXEcfPu47T7qx7 /DgAoKKLl6TAbIMkbT0ZzQG4yv2TBEYc =Evt/ -END PGP SIGNATURE-
Re: [vchkpw] smtp auth with chkuser problems
I used Bill's and works fine. I do have chkuser installed on mine with smtp auth. Remo On 6/10/09 9:25 AM, "Rick Macdougall" wrote: > James Cox wrote: >> >> On 10 Jun 2009, at 14:26, Rick Macdougall wrote: >> >>> James Cox wrote: I've had it running for a few hours, and have this: 1 CHKUSER rejected relaying 5 CHKUSER accepted any rcpt 28 CHKUSER relaying rcpt 362 CHKUSER accepted rcpt 1719 CHKUSER rejected rcpt 1758 CHKUSER accepted sender and... in my defines... neither of those two are enabled. version 2.0.9 for me. >>> >>> What version of SMTP AUTH are you using ? >>> >>> I know there is a version out there that causes the exact problem you >>> are seeing, although to my knowledge it hasn't been seen in years. >> Rick: >> >> yeah, i saw that patch. but i am using the current version (i think?) 0.31 >> >> james >> >> >> > > Don't know what that patch is or does. > > I use Bill Shupp's toaster (http://www.shupp.org/toaster/) which uses > the following > > smtp-auth patch v. 0.5.7 by Erwin Hoffmann > http://www.fehcom.de/qmail/smtpauth.html > > Regards, > > Rick > > > > > > > !DSPAM:4a2fd17b32661437732454!
Re: [vchkpw] smtp auth with chkuser problems
James Cox wrote: On 10 Jun 2009, at 14:26, Rick Macdougall wrote: James Cox wrote: I've had it running for a few hours, and have this: 1 CHKUSER rejected relaying 5 CHKUSER accepted any rcpt 28 CHKUSER relaying rcpt 362 CHKUSER accepted rcpt 1719 CHKUSER rejected rcpt 1758 CHKUSER accepted sender and... in my defines... neither of those two are enabled. version 2.0.9 for me. What version of SMTP AUTH are you using ? I know there is a version out there that causes the exact problem you are seeing, although to my knowledge it hasn't been seen in years. Rick: yeah, i saw that patch. but i am using the current version (i think?) 0.31 james Don't know what that patch is or does. I use Bill Shupp's toaster (http://www.shupp.org/toaster/) which uses the following smtp-auth patch v. 0.5.7 by Erwin Hoffmann http://www.fehcom.de/qmail/smtpauth.html Regards, Rick !DSPAM:4a2fd06a32661582142373!
Re: [vchkpw] smtp auth with chkuser problems
On 10 Jun 2009, at 14:26, Rick Macdougall wrote: James Cox wrote: I've had it running for a few hours, and have this: 1 CHKUSER rejected relaying 5 CHKUSER accepted any rcpt 28 CHKUSER relaying rcpt 362 CHKUSER accepted rcpt 1719 CHKUSER rejected rcpt 1758 CHKUSER accepted sender and... in my defines... neither of those two are enabled. version 2.0.9 for me. What version of SMTP AUTH are you using ? I know there is a version out there that causes the exact problem you are seeing, although to my knowledge it hasn't been seen in years. Rick: yeah, i saw that patch. but i am using the current version (i think?) 0.31 james !DSPAM:4a2fc87f3291712120!
Re: [vchkpw] smtp auth with chkuser problems
James Cox wrote: I've had it running for a few hours, and have this: 1 CHKUSER rejected relaying 5 CHKUSER accepted any rcpt 28 CHKUSER relaying rcpt 362 CHKUSER accepted rcpt 1719 CHKUSER rejected rcpt 1758 CHKUSER accepted sender and... in my defines... neither of those two are enabled. version 2.0.9 for me. What version of SMTP AUTH are you using ? I know there is a version out there that causes the exact problem you are seeing, although to my knowledge it hasn't been seen in years. Regards, Rick !DSPAM:4a2fb48732661746112274!
Re: [vchkpw] smtp auth with chkuser problems
I've had it running for a few hours, and have this: 1 CHKUSER rejected relaying 5 CHKUSER accepted any rcpt 28 CHKUSER relaying rcpt 362 CHKUSER accepted rcpt 1719 CHKUSER rejected rcpt 1758 CHKUSER accepted sender and... in my defines... neither of those two are enabled. version 2.0.9 for me. -james On 9 Jun 2009, at 23:31, Harm van Tilborg wrote: Hi James, What version of chkuser are you using? When I look at the 2.0.9 source, I see the following lines inside chkuser_settings.h: /* * the following line enables debugging of chkuser */ /* #define CHKUSER_DEBUG */ /* * The following line moves DEBUG output from STDOUT (default) to STDERR * Example of usage within sh: ./qmail-smtpd 2> /var/log/smtpd- debug.log */ /* #define CHKUSER_DEBUG_STDERR */ Did you perhaps uncomment one of these defines? That would explain the behaviour. You are indeed correct about how the output should be catched by multilog. What /do/ your logs provide (i.e. what's in / var/log/qmail/smtpd/current)? (Ow, and between your log's command `...n 10...' there's no need for a space in between) -- Kind regards, Harm van Tilborg http://zeroxcool.net James Cox wrote: hey Harm, Here's the run file for the log - exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s250 n 10 /var/log/qmail/smtpd and yeah- i figured that i'm pushing to stdout... which i expect the log/run should catch via the multilog. therefore i'm a bit confused as to how it's still getting into the smtp conversation. :) -james On 9 Jun 2009, at 23:15, Harm van Tilborg wrote: Hi James, You are copying stderr (file descriptor 2) to your stdout (that's what the terminating 2>&1 is for). However, this log is only saved if multilog is indeed catching it. Find in the directory where this `run' file was located the directory `log', and publish the content of the `run' file in that directory... James Cox wrote: On 9 Jun 2009, at 18:16, Matt Brookings wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Cox wrote: Anyone got any tips for how to skip those log lines? I've been looking at the chkuser_settings and i'm not confident i've seen anything immediately obvious. I'm also not convinced that these lines should ever exist in the smtp conversation anyhow... You are supposed to redirect stdout and stderr to another location. Either to /dev/null or to logfiles. Hmm - makes sense. This is how i'm running it, and not sure why i'm getting logs in the smtp conversation: env CHKUSER_START=DOMAIN \ /usr/local/bin/tcpserver -vHR -p -x /etc/tcp.smtp.cdb \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd \ -r sbl-xbl.spamhaus.org \ /var/qmail/bin/qmail-smtpd /var/qmail/vpopmail/bin/vchkpw /bin/ true 2>&1 since it's running under supervise, and is logged... -james !DSPAM:4a2ee3f232665271019884!
Re: [vchkpw] smtp auth with chkuser problems
Hi James, What version of chkuser are you using? When I look at the 2.0.9 source, I see the following lines inside chkuser_settings.h: /* * the following line enables debugging of chkuser */ /* #define CHKUSER_DEBUG */ /* * The following line moves DEBUG output from STDOUT (default) to STDERR * Example of usage within sh: ./qmail-smtpd 2> /var/log/smtpd-debug.log */ /* #define CHKUSER_DEBUG_STDERR */ Did you perhaps uncomment one of these defines? That would explain the behaviour. You are indeed correct about how the output should be catched by multilog. What /do/ your logs provide (i.e. what's in /var/log/qmail/smtpd/current)? (Ow, and between your log's command `...n 10...' there's no need for a space in between) -- Kind regards, Harm van Tilborg http://zeroxcool.net James Cox wrote: hey Harm, Here's the run file for the log - exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s250 n 10 /var/log/qmail/smtpd and yeah- i figured that i'm pushing to stdout... which i expect the log/run should catch via the multilog. therefore i'm a bit confused as to how it's still getting into the smtp conversation. :) -james On 9 Jun 2009, at 23:15, Harm van Tilborg wrote: Hi James, You are copying stderr (file descriptor 2) to your stdout (that's what the terminating 2>&1 is for). However, this log is only saved if multilog is indeed catching it. Find in the directory where this `run' file was located the directory `log', and publish the content of the `run' file in that directory... James Cox wrote: On 9 Jun 2009, at 18:16, Matt Brookings wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Cox wrote: Anyone got any tips for how to skip those log lines? I've been looking at the chkuser_settings and i'm not confident i've seen anything immediately obvious. I'm also not convinced that these lines should ever exist in the smtp conversation anyhow... You are supposed to redirect stdout and stderr to another location. Either to /dev/null or to logfiles. Hmm - makes sense. This is how i'm running it, and not sure why i'm getting logs in the smtp conversation: env CHKUSER_START=DOMAIN \ /usr/local/bin/tcpserver -vHR -p -x /etc/tcp.smtp.cdb \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd \ -r sbl-xbl.spamhaus.org \ /var/qmail/bin/qmail-smtpd /var/qmail/vpopmail/bin/vchkpw /bin/true 2>&1 since it's running under supervise, and is logged... -james !DSPAM:4a2ee2bc32666440818484!
Re: [vchkpw] smtp auth with chkuser problems
hey Harm, Here's the run file for the log - exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s250 n 10 /var/log/qmail/smtpd and yeah- i figured that i'm pushing to stdout... which i expect the log/run should catch via the multilog. therefore i'm a bit confused as to how it's still getting into the smtp conversation. :) -james On 9 Jun 2009, at 23:15, Harm van Tilborg wrote: Hi James, You are copying stderr (file descriptor 2) to your stdout (that's what the terminating 2>&1 is for). However, this log is only saved if multilog is indeed catching it. Find in the directory where this `run' file was located the directory `log', and publish the content of the `run' file in that directory... James Cox wrote: On 9 Jun 2009, at 18:16, Matt Brookings wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Cox wrote: Anyone got any tips for how to skip those log lines? I've been looking at the chkuser_settings and i'm not confident i've seen anything immediately obvious. I'm also not convinced that these lines should ever exist in the smtp conversation anyhow... You are supposed to redirect stdout and stderr to another location. Either to /dev/null or to logfiles. Hmm - makes sense. This is how i'm running it, and not sure why i'm getting logs in the smtp conversation: env CHKUSER_START=DOMAIN \ /usr/local/bin/tcpserver -vHR -p -x /etc/tcp.smtp.cdb \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd \ -r sbl-xbl.spamhaus.org \ /var/qmail/bin/qmail-smtpd /var/qmail/vpopmail/bin/vchkpw /bin/ true 2>&1 since it's running under supervise, and is logged... -james !DSPAM:4a2edfda32661019412068!
Re: [vchkpw] smtp auth with chkuser problems
Hi James, You are copying stderr (file descriptor 2) to your stdout (that's what the terminating 2>&1 is for). However, this log is only saved if multilog is indeed catching it. Find in the directory where this `run' file was located the directory `log', and publish the content of the `run' file in that directory... -- Kind regards, Harm van Tilborg http://zeroxcool.net James Cox wrote: On 9 Jun 2009, at 18:16, Matt Brookings wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Cox wrote: Anyone got any tips for how to skip those log lines? I've been looking at the chkuser_settings and i'm not confident i've seen anything immediately obvious. I'm also not convinced that these lines should ever exist in the smtp conversation anyhow... You are supposed to redirect stdout and stderr to another location. Either to /dev/null or to logfiles. Hmm - makes sense. This is how i'm running it, and not sure why i'm getting logs in the smtp conversation: env CHKUSER_START=DOMAIN \ /usr/local/bin/tcpserver -vHR -p -x /etc/tcp.smtp.cdb \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd \ -r sbl-xbl.spamhaus.org \ /var/qmail/bin/qmail-smtpd /var/qmail/vpopmail/bin/vchkpw /bin/true 2>&1 since it's running under supervise, and is logged... -james !DSPAM:4a2edf0532661060516316!
Re: [vchkpw] smtp auth with chkuser problems
On 9 Jun 2009, at 18:16, Matt Brookings wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Cox wrote: Anyone got any tips for how to skip those log lines? I've been looking at the chkuser_settings and i'm not confident i've seen anything immediately obvious. I'm also not convinced that these lines should ever exist in the smtp conversation anyhow... You are supposed to redirect stdout and stderr to another location. Either to /dev/null or to logfiles. Hmm - makes sense. This is how i'm running it, and not sure why i'm getting logs in the smtp conversation: env CHKUSER_START=DOMAIN \ /usr/local/bin/tcpserver -vHR -p -x /etc/tcp.smtp.cdb \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd \ -r sbl-xbl.spamhaus.org \ /var/qmail/bin/qmail-smtpd /var/qmail/vpopmail/bin/vchkpw /bin/true 2>&1 since it's running under supervise, and is logged... -james !DSPAM:4a2ebb8432661324210016!
Re: [vchkpw] smtp auth with chkuser problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Cox wrote: > Anyone got any tips for how to skip those log lines? I've been looking > at the chkuser_settings and i'm not confident i've seen anything > immediately obvious. I'm also not convinced that these lines should ever > exist in the smtp conversation anyhow... You are supposed to redirect stdout and stderr to another location. Either to /dev/null or to logfiles. - -- /* Matt BrookingsGnuPG Key D9414F70 Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoumQMACgkQ6QgvSNlBT3DcbwCfWLgzTdwb5V0vUmBJB8yVxXM9 g+cAn1xmhT0ENg/sf8Xn1kbtAZMQYewg =8SBM -END PGP SIGNATURE-
Re: [vchkpw] smtp-auth and rblsmtpd
Thanks for the info. Trey Nolen - Original Message - From: "John Simpson" <[EMAIL PROTECTED]> To: Sent: Saturday, August 18, 2007 7:28 PM Subject: Re: [vchkpw] smtp-auth and rblsmtpd
Re: [vchkpw] smtp-auth and rblsmtpd
On 2007-08-17, at 2113, Trey Nolen wrote: I would suggest starting another instance of qmail-smtpd on port 587 that does not use the rbls, and has its own tcp.submpt.cdb that allows anyone to connect, but does not ever set RELAYCLIENT. This allows all addresses, but will only allow relay for authenticated users. Port 587, is the default port for this kind of operation. Thanks. We will start that, too. But, we do have a number of clients that are ALREADY using port 25 for smtp-auth. Is there any way to keep them from being affected by the rblmtpd? For instance, is there a way to pass a variable to tcpserver if the connection is authenticated via smtp-auth? no, because there's no way for tcpserver to know whether or not a valid AUTH command will be sent. remember that qmail-smtpd would be accepting the AUTH command, and rblsmtpd runs before qmail-smtpd does. the correct answer is to create one or more AUTH-only SMTP services, preferably also "encrypted only" for security, and tell your users that they must use those instead. i'm not sure which patches you're using, but my combined patch has support for both of these features (i.e. it won't accept any MAIL commands until a valid AUTH command has been sent, and it won't accept any AUTH commands unless the connection is secured.) i *think* both of these features are available in other patches but i will admit that i'm not 100% familiar with them- i'm sure if you can tell us which patches you're using, somebody on the list will be able to give you some quick directions for how to set this up. if you're not married to any particular patch, here's the info regarding mine. do your research and make see if it will work for you, if so you're (obviously) welcome to use it. http://qmail.jms1.net/patches/combined.shtml http://qmail.jms1.net/smtp-service.shtml http://qmail.jms1.net/tls-auth.shtml | John M. Simpson--- KG4ZOW ---Programmer At Large | | http://www.jms1.net/ <[EMAIL PROTECTED]> | | http://video.google.com/videoplay?docid=-1656880303867390173 | PGP.sig Description: This is a digitally signed message part
Re: [vchkpw] smtp-auth and rblsmtpd
On 8/17/2007 9:13 PM, Trey Nolen wrote: being affected by the rblmtpd? For instance, is there a way to pass a variable to tcpserver if the connection is authenticated via smtp-auth? Not without patching. the process goes like this: user -> tcpserver -> rblsmtpd -> qmail-smtpd (with smtp-auth) so, rblsmtpd has already intercepted your user before he's had the change to talk to qmail-smtpd and auth. there is at least one patch that puts rblsmtpd functionality inside qmail-smtpd for this purpose, but i'm having a hard time finding it. Based on http://lists.ziobudda.net/pipermail/qmail-it/2007-April/001698.html, I'm making an educated guess that the patch is at: http://lists.ziobudda.net/pipermail/qmail-it/attachments/20070410/7d59066d/qmail-dnsbl.bin -- Jeremy Kister http://jeremy.kister.net./
Re: [vchkpw] smtp-auth and rblsmtpd
I would suggest starting another instance of qmail-smtpd on port 587 that does not use the rbls, and has its own tcp.submpt.cdb that allows anyone to connect, but does not ever set RELAYCLIENT. This allows all addresses, but will only allow relay for authenticated users. Port 587, is the default port for this kind of operation. Thanks. We will start that, too. But, we do have a number of clients that are ALREADY using port 25 for smtp-auth. Is there any way to keep them from being affected by the rblmtpd? For instance, is there a way to pass a variable to tcpserver if the connection is authenticated via smtp-auth? Trey Nolen
Re: [vchkpw] smtp-auth and rblsmtpd
Trey Nolen wrote: We have been using smtp-after-pop for a long time, but are also using smtp-auth for some purposes. When users authenticate via POP, a line like the following gets added to open-smtp: ww.xx.yy.zz:allow,RELAYCLIENT="",RBLSMTPD="",WHITELIST="" 1187395788 This keeps the users from being affected by rblsmtpd. We added sorbs to our rblsmtpd to block "dynamic IP pools", but it seems to be blocking our users that use smtp-auth. Our smtp-after-pop users work fine using the same dynamic IPs. We have some users that need to be able send via our servers but that do not have a POP account to authenticate against. Is there a way to get smtp-auth excluded from the rblsmtpd blocks? I would suggest starting another instance of qmail-smtpd on port 587 that does not use the rbls, and has its own tcp.submpt.cdb that allows anyone to connect, but does not ever set RELAYCLIENT. This allows all addresses, but will only allow relay for authenticated users. Port 587, is the default port for this kind of operation. My run file for the submission port is: #!/bin/sh QMAILUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 1000 \ /usr/local/bin/tcpserver -v -H -R -l 0 \ -x /mail/etc/tcp.submission.cdb -c "$MAXSMTPD" \ -u "$QMAILUID" -g "$NOFILESGID" 0 587 \ /var/qmail/bin/qmail-smptd \ /mail/bin/vchkpw /bin/true 2>&1 /mail/bin/ is my ~vpopmail/bin, in absolute terms.
Re: [vchkpw] smtp auth failed when no email to be retrieved
sure.. I already checked .. because he/she able to send email with smtp auth after he/she got email from their pop account otherwise if he/she does not have any email to be retrieve then the smtp auth will failed.. pls help Regards Winanjaya New Page 1 - Original Message - From: "Shane Chrisp" <[EMAIL PROTECTED]> To: Sent: Monday, January 29, 2007 2:08 PM Subject: Re: [vchkpw] smtp auth failed when no email to be retrieved > On Mon, 2007-01-29 at 13:59 +0700, Winanjaya - CBN wrote: > > Has the user checked the option "my outgoing server requires > authentication"? > > Shane > > > Dear All, > > > > I am runnning qmail+vpopmail 5.4.17 with smtp auth for roaming users, my > > users use Outlook Express as email client to send/receive email. > > > > My problem is: > > It seems like smtp auth failed (see below message) when he/she does not have > > email to be retrieve. > > > > I need advise.. > > > > Thanks & Regards > > Winanjaya > > > > > > > > The message could not be sent because one of the recipients was rejected by > > the server. The rejected e-mail address was '[EMAIL PROTECTED]'. Subject > > 'test', Account: 'mail.lippogeneral.com', Server: 'mail2.lippogeneral.com', > > Protocol: SMTP, Server Response: '553 sorry, that domain isn't in my list of > > allowed rcpthosts (#5.7.1)', Port: 25, Secure(SSL): No, Server Error: 553, > > Error Number: 0x800CCC79 > > > > > > > > > > *** > > Our outgoing mail has been scanned by MSS. > > ***-*** > > *** Our outgoing mail has been scanned by MSS. ***-***
Re: [vchkpw] smtp auth failed when no email to be retrieved
so you meant this is outlook express problem? regards Winanjaya New Page 1 - Original Message - From: "shadowplay.net" <[EMAIL PROTECTED]> To: Sent: Monday, January 29, 2007 2:11 PM Subject: RE: [vchkpw] smtp auth failed when no email to be retrieved > > > well um > doesn't look like neone actually > hit any thing that would give them a > connection because your clients ip never appeared > in a pop b4 smtp connection. > > your error message, and log extract as listed > does not show a pop connection cleanring the tcpserver > to clear the ip as an allowed relay. > > so your qmail acted normaily and denied a relay status for > the originating connecting ip. > > > kenneth gf brown > ceo shadowplay.net > > > > -Original Message- > > From: Winanjaya - CBN [mailto:[EMAIL PROTECTED] > > Sent: January 29, 2007 02:00 > > To: vchkpw@inter7.com > > Subject: [vchkpw] smtp auth failed when no email to be retrieved > > > > > > > > Dear All, > > > > I am runnning qmail+vpopmail 5.4.17 with smtp auth for > > roaming users, my users use Outlook Express as email client > > to send/receive email. > > > > My problem is: > > It seems like smtp auth failed (see below message) when > > he/she does not have email to be retrieve. > > > > I need advise.. > > > > Thanks & Regards > > Winanjaya > > > > > > > > The message could not be sent because one of the recipients > > was rejected by the server. The rejected e-mail address was > > '[EMAIL PROTECTED]'. Subject 'test', Account: > > 'mail.lippogeneral.com', Server: 'mail2.lippogeneral.com', > > Protocol: SMTP, Server Response: '553 sorry, that domain > > isn't in my list of allowed rcpthosts (#5.7.1)', Port: 25, > > Secure(SSL): No, Server Error: 553, Error Number: 0x800CCC79 > > > > > > > > > > *** > > Our outgoing mail has been scanned by MSS. > > ***-*** > > > > *** Our outgoing mail has been scanned by MSS. ***-***
RE: [vchkpw] smtp auth failed when no email to be retrieved
sry on crack... obviously I missed the auth smtp, my brain went straight to popb4smtp... and I agree with shane's note did they click the damn check box :P ken > -Original Message- > From: shadowplay.net [mailto:[EMAIL PROTECTED] > Sent: January 29, 2007 02:12 > To: vchkpw@inter7.com > Subject: RE: [vchkpw] smtp auth failed when no email to be retrieved > > > > > well um > doesn't look like neone actually > hit any thing that would give them a > connection because your clients ip never appeared > in a pop b4 smtp connection. > > your error message, and log extract as listed > does not show a pop connection cleanring the tcpserver > to clear the ip as an allowed relay. > > so your qmail acted normaily and denied a relay status for > the originating connecting ip. > > > kenneth gf brown > ceo shadowplay.net > > > > -Original Message- > > From: Winanjaya - CBN [mailto:[EMAIL PROTECTED] > > Sent: January 29, 2007 02:00 > > To: vchkpw@inter7.com > > Subject: [vchkpw] smtp auth failed when no email to be retrieved > > > > > > > > Dear All, > > > > I am runnning qmail+vpopmail 5.4.17 with smtp auth for > > roaming users, my users use Outlook Express as email client > > to send/receive email. > > > > My problem is: > > It seems like smtp auth failed (see below message) when > > he/she does not have email to be retrieve. > > > > I need advise.. > > > > Thanks & Regards > > Winanjaya > > > > > > > > The message could not be sent because one of the recipients > > was rejected by the server. The rejected e-mail address was > > '[EMAIL PROTECTED]'. Subject 'test', Account: > > 'mail.lippogeneral.com', Server: 'mail2.lippogeneral.com', > > Protocol: SMTP, Server Response: '553 sorry, that domain > > isn't in my list of allowed rcpthosts (#5.7.1)', Port: 25, > > Secure(SSL): No, Server Error: 553, Error Number: 0x800CCC79 > > > > > > > > > > *** > > Our outgoing mail has been scanned by MSS. > > ***-*** > > > > > >
RE: [vchkpw] smtp auth failed when no email to be retrieved
Winanjaya - CBN wrote: > I am runnning qmail+vpopmail 5.4.17 with smtp auth for roaming users, > my users use Outlook Express as email client to send/receive email. > > My problem is: > It seems like smtp auth failed (see below message) when he/she does > not have email to be retrieve. > > The message could not be sent because one of the recipients was > rejected by the server. The rejected e-mail address was > '[EMAIL PROTECTED]'. Subject 'test', Account: > 'mail.lippogeneral.com', Server: 'mail2.lippogeneral.com', Protocol: > SMTP, Server Response: '553 sorry, that domain isn't in my list of > allowed rcpthosts (#5.7.1)', Port: 25, Secure(SSL): No, Server Error: > 553, Error Number: 0x800CCC79 Have you tried Google? http://www.google.com/search?q=0x800CCC79 Regards Peter Normann
RE: [vchkpw] smtp auth failed when no email to be retrieved
well um doesn't look like neone actually hit any thing that would give them a connection because your clients ip never appeared in a pop b4 smtp connection. your error message, and log extract as listed does not show a pop connection cleanring the tcpserver to clear the ip as an allowed relay. so your qmail acted normaily and denied a relay status for the originating connecting ip. kenneth gf brown ceo shadowplay.net > -Original Message- > From: Winanjaya - CBN [mailto:[EMAIL PROTECTED] > Sent: January 29, 2007 02:00 > To: vchkpw@inter7.com > Subject: [vchkpw] smtp auth failed when no email to be retrieved > > > > Dear All, > > I am runnning qmail+vpopmail 5.4.17 with smtp auth for > roaming users, my users use Outlook Express as email client > to send/receive email. > > My problem is: > It seems like smtp auth failed (see below message) when > he/she does not have email to be retrieve. > > I need advise.. > > Thanks & Regards > Winanjaya > > > > The message could not be sent because one of the recipients > was rejected by the server. The rejected e-mail address was > '[EMAIL PROTECTED]'. Subject 'test', Account: > 'mail.lippogeneral.com', Server: 'mail2.lippogeneral.com', > Protocol: SMTP, Server Response: '553 sorry, that domain > isn't in my list of allowed rcpthosts (#5.7.1)', Port: 25, > Secure(SSL): No, Server Error: 553, Error Number: 0x800CCC79 > > > > > *** > Our outgoing mail has been scanned by MSS. > ***-*** > >
Re: [vchkpw] smtp auth failed when no email to be retrieved
On Mon, 2007-01-29 at 13:59 +0700, Winanjaya - CBN wrote: Has the user checked the option "my outgoing server requires authentication"? Shane > Dear All, > > I am runnning qmail+vpopmail 5.4.17 with smtp auth for roaming users, my > users use Outlook Express as email client to send/receive email. > > My problem is: > It seems like smtp auth failed (see below message) when he/she does not have > email to be retrieve. > > I need advise.. > > Thanks & Regards > Winanjaya > > > > The message could not be sent because one of the recipients was rejected by > the server. The rejected e-mail address was '[EMAIL PROTECTED]'. Subject > 'test', Account: 'mail.lippogeneral.com', Server: 'mail2.lippogeneral.com', > Protocol: SMTP, Server Response: '553 sorry, that domain isn't in my list of > allowed rcpthosts (#5.7.1)', Port: 25, Secure(SSL): No, Server Error: 553, > Error Number: 0x800CCC79 > > > > > *** > Our outgoing mail has been scanned by MSS. > ***-*** >
Re: [vchkpw] smtp-auth and vpopmail
Rick Macdougall escribió: Mario Beltran wrote: Hi I have installed a new box on linux with qmail (i follow life with qmail) + vpopmail + autorespond +ezmlm +qmailadmin + courier-imap All works fine. Now i need use smtp authentication. I found a qmail-smtpd-auth-057 patch by Dr. Erwin Hoffmann. But I cant aplied yet the patch. The reason is that I have looked for one tutorial (and I cant found) that tell me how to set up my smtp run file for use vchkpw for authentication Does somebody knows how to? If the answer is yes, please, tell me how Thanks in advance and regards Mario Hi, If this is a new install you might want to look at http:://www.shupp.org/toaster and install using that guide instead. It will save you a lot of time and effort. It has all the patches you want and includes smtp-auth. If you are adverse to using a different package, see http://shupp.org/smtp-auth-tls/ Regards, Rick Thank you Rick i used http://shupp.org/smtp-auth-tls and work fine :) regards Mario
Re: [vchkpw] smtp-auth and vpopmail
Mario Beltran wrote: Hi I have installed a new box on linux with qmail (i follow life with qmail) + vpopmail + autorespond +ezmlm +qmailadmin + courier-imap All works fine. Now i need use smtp authentication. I found a qmail-smtpd-auth-057 patch by Dr. Erwin Hoffmann. But I cant aplied yet the patch. The reason is that I have looked for one tutorial (and I cant found) that tell me how to set up my smtp run file for use vchkpw for authentication Does somebody knows how to? If the answer is yes, please, tell me how Thanks in advance and regards Mario Hi, If this is a new install you might want to look at http:://www.shupp.org/toaster and install using that guide instead. It will save you a lot of time and effort. It has all the patches you want and includes smtp-auth. If you are adverse to using a different package, see http://shupp.org/smtp-auth-tls/ Regards, Rick
Re: [vchkpw] SMTP auth ....
On Fri, 1 Jul 2005 00:00:26 +0200 Henti Smith <[EMAIL PROTECTED]> wrote: > On Thu, 30 Jun 2005 21:53:22 - (GMT) > [EMAIL PROTECTED] wrote: > > > If you are using an ebuild for qmail, can you send the output of the > > following command to the list: > > > > # emerge -vp qmail > > [ebuild R ] mail-mta/qmail-1.03-r15 -noauthcram -notlsbeforeauth > (-selinux) +ssl 0 kB Ok guys .. got it all working ... For mail-mta/qmail-1.03-r15 you need notlsbeforeauth set in make.conf Also in your /var/qmail/control/conf-smtpd QMAIL_SMTP_POST="${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}" Usually there is a ${QMAIL_SMTP_AUTHHOST} before CHECKPASS, but this is not needed or it gives you a permission error vmysql can't read settings /var/vpopmail/etc/vpopmail.mysql FYI +:) -- Henti Smith [EMAIL PROTECTED] +27 82 958 2525 http://www.geekware.co.za DISCLAIMER : Unauthorised use of characters, images, sounds, odors, severed limbs, noodles, wierd dreams, strange looking fruit, oxygen, and certain parts of Jupiter are strictly forbidden. If I find you violating, or molesting my property in any way, I will employ a pair of burly convicts to find you, kidnap you, and perform god-awful sexual experiments on you until you lose the ability to sound out vowels. I don't know why you are still reading this, but by doing so you have proven that you have far too much time on your hands, and you should go plant a tree, or read a book or something. - http://www.ctrlaltdel-online.com/
Re: [vchkpw] SMTP auth ....
On Thu, 30 Jun 2005 21:53:22 - (GMT) [EMAIL PROTECTED] wrote: > If you are using an ebuild for qmail, can you send the output of the > following command to the list: > > # emerge -vp qmail [ebuild R ] mail-mta/qmail-1.03-r15 -noauthcram -notlsbeforeauth (-selinux) +ssl 0 kB -- Henti Smith [EMAIL PROTECTED] +27 82 958 2525 http://www.geekware.co.za DISCLAIMER : Unauthorised use of characters, images, sounds, odors, severed limbs, noodles, wierd dreams, strange looking fruit, oxygen, and certain parts of Jupiter are strictly forbidden. If I find you violating, or molesting my property in any way, I will employ a pair of burly convicts to find you, kidnap you, and perform god-awful sexual experiments on you until you lose the ability to sound out vowels. I don't know why you are still reading this, but by doing so you have proven that you have far too much time on your hands, and you should go plant a tree, or read a book or something. - http://www.ctrlaltdel-online.com/
Re: [vchkpw] SMTP auth ....
If you are using an ebuild for qmail, can you send the output of the following command to the list: # emerge -vp qmail > I've upgraded to vpopmail (5.4.6) and decided to switch to smtp auth .. > since I couldn't get roaming working anyway. > > I'm still getting rcpthosts errors, > > where do I check how relay-ctrl and how it does things. > > I'm fighting a loosing battle here ... > > I followed the instructions on > http://gentoo-wiki.com/HOWTO_Setup_QMAIL_RELAY-CTRL_VPOPMAIL > > -- > Henti Smith > [EMAIL PROTECTED] > +27 82 958 2525 > http://www.geekware.co.za > > DISCLAIMER : > > Unauthorised use of characters, images, sounds, odors, severed limbs, > noodles, wierd dreams, strange looking fruit, oxygen, and certain parts of > Jupiter are strictly forbidden. If I find you violating, or molesting my > property in any way, I will employ a pair of burly convicts to find you, > kidnap you, and perform god-awful sexual experiments on you until you lose > the ability to sound out vowels. I don't know why you are still reading > this, but by doing so you have proven that you have far too much time on > your hands, and you should go plant a tree, or read a book or something. > - http://www.ctrlaltdel-online.com/ >
Re: [vchkpw] smtp auth - md5 & learn pass
On Jun 19, 2005, at 9:09 PM, Casey Allen Shobe wrote: I don't know what dovecot does. I recompiled it and restarted it, no difference. Here's what shows up in the mail facility for syslog: # tail -f /var/log/mail/current Jun 20 04:08:51 [imap-login] Login: [EMAIL PROTECTED] [71.113.2.184] Jun 20 04:08:56 [pop3-login] Login: [EMAIL PROTECTED] [64.125.210.7] Jun 20 04:08:56 [pop3-login] Login: [EMAIL PROTECTED] [66.15.68.87] Jun 20 04:08:57 [pop3-login] Login: [EMAIL PROTECTED] [67.160.31.225] Jun 20 04:09:07 [pop3-login] Login: [EMAIL PROTECTED] [24.41.46.242] Jun 20 04:09:09 [pop3-login] Login: [EMAIL PROTECTED] [66.15.68.87] Jun 20 04:09:12 [vpopmail] vchkpw-smtp: (PLAIN) login success [EMAIL PROTECTED]:71.113.2.184 Jun 20 04:09:16 [pop3-login] Login: [EMAIL PROTECTED] [66.213.206.34] Jun 20 04:09:22 [vpopmail] vchkpw-smtp: (PLAIN) login success [EMAIL PROTECTED]:148.64.71.106 It looks like it doesn't call vchkpw. If it did, you'd see "[vpopmail] vchkpw-pop3:" in the logs. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] smtp auth - md5 & learn pass
On Monday 20 June 2005 00:49, Tom Collins wrote: > Does dovecot link directly to libvpopmail? If so, did you > recompile dovecot after enabling learn passwords and cleartext > passwords in vpopmail? If not, it's still linked to the old > vpopmail code. I don't know what dovecot does. I recompiled it and restarted it, no difference. Here's what shows up in the mail facility for syslog: # tail -f /var/log/mail/current Jun 20 04:08:51 [imap-login] Login: [EMAIL PROTECTED] [71.113.2.184] Jun 20 04:08:56 [pop3-login] Login: [EMAIL PROTECTED] [64.125.210.7] Jun 20 04:08:56 [pop3-login] Login: [EMAIL PROTECTED] [66.15.68.87] Jun 20 04:08:57 [pop3-login] Login: [EMAIL PROTECTED] [67.160.31.225] Jun 20 04:09:07 [pop3-login] Login: [EMAIL PROTECTED] [24.41.46.242] Jun 20 04:09:09 [pop3-login] Login: [EMAIL PROTECTED] [66.15.68.87] Jun 20 04:09:12 [vpopmail] vchkpw-smtp: (PLAIN) login success [EMAIL PROTECTED]:71.113.2.184 Jun 20 04:09:16 [pop3-login] Login: [EMAIL PROTECTED] [66.213.206.34] Jun 20 04:09:22 [vpopmail] vchkpw-smtp: (PLAIN) login success [EMAIL PROTECTED]:148.64.71.106 pop3-login and imap-login are subprocesses of dovecot. Cheers, -- Casey Allen Shobe | http://casey.shobe.info [EMAIL PROTECTED] | cell 425-443-4653 AIM & Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
Re: [vchkpw] smtp auth - md5 & learn pass
On Friday 17 June 2005 20:20, Sylwester S. Biernacki wrote: > AFAIR it does exactly what you said. Nope, doesn't seem to. I rebuilt vpopmail with it enabled, edited out the cleartext portions of a vpasswd file, and logged in a bunch of times as that user. No updates to vpasswd. :( Cheers, -- Casey Allen Shobe | http://casey.shobe.info [EMAIL PROTECTED] | cell 425-443-4653 AIM & Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
Re: [vchkpw] smtp auth - md5 & learn pass
On Friday 17 June 2005 17:42, Sylwester S. Biernacki wrote: > 1. I've reconfigured vpopmail and added > --enable-learn-passwords=y and --enable-clear-passwd=y What is --enable-learn-passwords? If it does what I'm guessing it does by name and starts recording missing cleartext entries in vpasswd files, that would be very useful to us!! Cheers, -- Casey Allen Shobe | http://casey.shobe.info [EMAIL PROTECTED] | cell 425-443-4653 AIM & Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?
> On Jun 17, 2005, at 11:21 AM, ISP Lists wrote: >> Built as netqmail-1.05, patched SMTP-AUTH from vpopmail contrib, then >> manually added Tonix' chkuser 2.0 >> >> Everything is VERY happy now. > > Did you remember to remove $LOCAL from your qmail-smtpd/run file? If > not, you can now auth with any username/password. > > -- > Tom Collins - [EMAIL PROTECTED] > QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ > You don't need a laptop to troubleshoot high-speed Internet: > sniffter.com > > Yes, I did and I tried using nonsense/invalid combos to ensure that I wasn't "AUTH'ing" the world. Appreciate your concern! Thanks again!
Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?
On Jun 17, 2005, at 11:21 AM, ISP Lists wrote: Built as netqmail-1.05, patched SMTP-AUTH from vpopmail contrib, then manually added Tonix' chkuser 2.0 Everything is VERY happy now. Did you remember to remove $LOCAL from your qmail-smtpd/run file? If not, you can now auth with any username/password. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?
>> >> You've got an old SMTP AUTH patch that sends the MD5 challenge and >> response in the wrong order. >> >> Use the patch from the contrib directory of vpopmail, and then remove >> the $LOCAL from your run file, as the newer SMTP AUTH patch does not >> use it. >> >> -- >> Tom Collins - [EMAIL PROTECTED] >> QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ >> You don't need a laptop to troubleshoot high-speed Internet: >> sniffter.com >> >> > > Tom, thanks. I didn't realize there had been a "change" in patches that > did this... Wilco. > > Follow-up Built as netqmail-1.05, patched SMTP-AUTH from vpopmail contrib, then manually added Tonix' chkuser 2.0 Everything is VERY happy now. Thanks for the help! Dave.
Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?
> > You've got an old SMTP AUTH patch that sends the MD5 challenge and > response in the wrong order. > > Use the patch from the contrib directory of vpopmail, and then remove > the $LOCAL from your run file, as the newer SMTP AUTH patch does not > use it. > > -- > Tom Collins - [EMAIL PROTECTED] > QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ > You don't need a laptop to troubleshoot high-speed Internet: > sniffter.com > > Tom, thanks. I didn't realize there had been a "change" in patches that did this... Wilco.
Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?
On Jun 17, 2005, at 9:43 AM, ISP Lists wrote: /usr/local/bin/tcpserver \ -H -l [[[my.host.name]]] \ -v -x /etc/tcp.smtp.cdb \ -c 30 -R -u "$VPOPMAILUID" -g "$VPOPMAILGID" 0 smtp \ /usr/local/bin/rblsmtpd -b -C \ -r 'sbl-xbl.spamhaus.org:Your message was rejected ' \ /var/qmail/bin/qmail-smtpd $LOCAL /home/vpopmail/bin/vchkpw \ /usr/bin/true 2>&1 mysql's vpopmail database table vlog contains: | id | user | passwd | domain| logon | remoteip | message | timestamp | error | ++---+--+--- +-+-- +-- ---++---+ | 1 | daver | <[EMAIL PROTECTED] | example.net | [EMAIL PROTECTED] | MYIP | vchkpw-25: password fail (pass: '<[EMAIL PROTECTED]>') [EMAIL PROTECTED]:MYIP | 1119024854 | You've got an old SMTP AUTH patch that sends the MD5 challenge and response in the wrong order. Use the patch from the contrib directory of vpopmail, and then remove the $LOCAL from your run file, as the newer SMTP AUTH patch does not use it. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] SMTP-AUTH works POP3 not SMTPd?
ISP Lists wrote: sys: Fedora core3, manually compiled vpopmail 3.4.10, RPM Mysql 3.23.59?, compiled courier imap 4.0.2, compiled qmail-1.03, patched qmail-ej-cocktail-14.tar.gz, manually patched Tonix' chkuser 2.0. I have installed vpopmail with roaming/SMTP-AUTH before, again using Michael Bowe's webmail guide. SMTP-AUTH is failing authentication and I cannot tell why. I had created the qmail install with Tonix' chkuser patch and saved that qmail-smtpd binary. Substituting between the original and the Tonix patched qmail-smtpd binaries does not seem to change the behavior. compiled vpopmail as: ./configure \ --enable-roaming-users \ --enable-logging=p \ --disable-passwd \ --enable-clear-passwd \ --disable-domain-quotas \ --enable-auth-module=mysql \ --disable-many-domains \ --enable-auth-logging \ --enable-sql-logging \ --enable-valias \ --disable-mysql-limits /home/vpopmail/etc: qmail]# ls -l ~vpopmail/etc/ total 16 -rw-r--r-- 1 root root 25 Jun 8 19:47 inc_deps -rw-r--r-- 1 root root 81 Jun 8 19:47 lib_deps -rw-r--r-- 1 vpopmail vchkpw 1107 Jun 8 19:47 vlimits.default -rw-r- 1 vpopmail vchkpw 43 Jun 8 19:43 vpopmail.mysql /var/qmail/supervise/qmail-smtpd/run: #!/bin/sh QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE VPOPMAILUID=`id -u vpopmail` VPOPMAILGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi exec /usr/local/bin/softlimit -m 1700 \ /usr/local/bin/tcpserver \ -H -l [[[my.host.name]]] \ -v -x /etc/tcp.smtp.cdb \ -c 30 -R -u "$VPOPMAILUID" -g "$VPOPMAILGID" 0 smtp \ /usr/local/bin/rblsmtpd -b -C \ -r 'sbl-xbl.spamhaus.org:Your message was rejected ' \ /var/qmail/bin/qmail-smtpd $LOCAL /home/vpopmail/bin/vchkpw \ /usr/bin/true 2>&1 mysql's vpopmail database table vlog contains: | id | user | passwd | domain| logon | remoteip | message | timestamp | error | ++---+--+---+-+--+-++---+ | 1 | daver | <[EMAIL PROTECTED] | example.net | [EMAIL PROTECTED] | MYIP | vchkpw-25: password fail (pass: '<[EMAIL PROTECTED]>') [EMAIL PROTECTED]:MYIP | 1119024854 | 3 | | 2 | daver | <[EMAIL PROTECTED] | example.net | [EMAIL PROTECTED] | MYIP | vchkpw-25: password fail (pass: '<[EMAIL PROTECTED]>') [EMAIL PROTECTED]:MYIP | 1119025751 | 3 | THIS IMPLIES that some element of the hostname and a timestamp(?) are being forwarded instead of the submitted password?? I'm at a loss here, help appreciated! BTW, all incoming SMTP delivery works to all accounts. All POP3 pickup and authentication works too. Just SMTP-AUTH to send is broken. Hi, I use Bill Shupp's toaster (www.shupp.org) and I don't know which smtp-auth patch you are using, but the newer patch does NOT use the localhost name ie /var/qmail/bin/qmail-smtpd $LOCAL /home/vpopmail/bin/vchkpw \ should be /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw \ with a recent patch. HTH, Rick
Re: [vchkpw] SMTP Auth problem for non vpopmail users
On Monday 16 May 2005 4:10 pm, Rainer Duffner wrote: > Ken Jones wrote: > > On Monday 16 May 2005 3:52 pm, Nick Gilbert wrote: > >>Hi, > >> > >>I have IMAP authentication working for vpopmail and standard linux > >>users, but I have a problem with SMTP authentication. > >> > >>I need SMTP authentication to work for standard linux users (I'm not > >>worried about vpop users at all for SMTP-AUTH). I have built my box > >>using the instructions on Shupp.org (Bill Schupp). I understand that > >>Bill's toaster incorporates a Qmail AUTH patch but when I try to login > >>it doesn't work: > >> > >>Escape character is '^]'. > >>220 blue.x-rm.com ESMTP > >>ehlo localhost > >>250-blue.x-rm.com > >>250-STARTTLS > >>250-PIPELINING > >>250-8BITMIME > >>250-SIZE 0 > >>250 AUTH LOGIN PLAIN CRAM-MD5 > >>auth login > >>334 VXNlcm5hbWU6 > >>bmljaw== > >>334 UGFzc3dvcmQ6 > >> > >>535 authentication failed (#5.7.1) > >> > >>I also have this line in /var/log/maillog > >> > >>May 16 20:56:23 blue vpopmail[22654]: vchkpw-smtp: vpopmail user not > >>found nick@:127.0.0.1 > >> > >>..which implies that perhaps it's only looking for vpopmail users rather > >>than /etc/passwd users. > >> > >>I would like it to work for /etc/passwd users only, or both vpopmail AND > >>/etc/passwd users - whichever is easier. > >> > >>Can someone please give me some pointers on how I can fix this problem > >>so that normal shell account users can authenticate. > > > > I think smtp auth requires a clear text password for CRAM-MD5 > > authentication to work. If so, /etc/passwd users won't be able to use > > smtp authentication. > > Wasn't the other problem that qmail-smtpd needed to be run as root? Possibly. It would need permission to access the passwd information.
Re: [vchkpw] SMTP Auth problem for non vpopmail users
Ken Jones wrote: On Monday 16 May 2005 3:52 pm, Nick Gilbert wrote: Hi, I have IMAP authentication working for vpopmail and standard linux users, but I have a problem with SMTP authentication. I need SMTP authentication to work for standard linux users (I'm not worried about vpop users at all for SMTP-AUTH). I have built my box using the instructions on Shupp.org (Bill Schupp). I understand that Bill's toaster incorporates a Qmail AUTH patch but when I try to login it doesn't work: Escape character is '^]'. 220 blue.x-rm.com ESMTP ehlo localhost 250-blue.x-rm.com 250-STARTTLS 250-PIPELINING 250-8BITMIME 250-SIZE 0 250 AUTH LOGIN PLAIN CRAM-MD5 auth login 334 VXNlcm5hbWU6 bmljaw== 334 UGFzc3dvcmQ6 535 authentication failed (#5.7.1) I also have this line in /var/log/maillog May 16 20:56:23 blue vpopmail[22654]: vchkpw-smtp: vpopmail user not found nick@:127.0.0.1 ..which implies that perhaps it's only looking for vpopmail users rather than /etc/passwd users. I would like it to work for /etc/passwd users only, or both vpopmail AND /etc/passwd users - whichever is easier. Can someone please give me some pointers on how I can fix this problem so that normal shell account users can authenticate. I think smtp auth requires a clear text password for CRAM-MD5 authentication to work. If so, /etc/passwd users won't be able to use smtp authentication. Wasn't the other problem that qmail-smtpd needed to be run as root? Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] SMTP Auth problem for non vpopmail users
On Monday 16 May 2005 3:52 pm, Nick Gilbert wrote: > Hi, > > I have IMAP authentication working for vpopmail and standard linux > users, but I have a problem with SMTP authentication. > > I need SMTP authentication to work for standard linux users (I'm not > worried about vpop users at all for SMTP-AUTH). I have built my box > using the instructions on Shupp.org (Bill Schupp). I understand that > Bill's toaster incorporates a Qmail AUTH patch but when I try to login > it doesn't work: > > Escape character is '^]'. > 220 blue.x-rm.com ESMTP > ehlo localhost > 250-blue.x-rm.com > 250-STARTTLS > 250-PIPELINING > 250-8BITMIME > 250-SIZE 0 > 250 AUTH LOGIN PLAIN CRAM-MD5 > auth login > 334 VXNlcm5hbWU6 > bmljaw== > 334 UGFzc3dvcmQ6 > > 535 authentication failed (#5.7.1) > > I also have this line in /var/log/maillog > > May 16 20:56:23 blue vpopmail[22654]: vchkpw-smtp: vpopmail user not > found nick@:127.0.0.1 > > ..which implies that perhaps it's only looking for vpopmail users rather > than /etc/passwd users. > > I would like it to work for /etc/passwd users only, or both vpopmail AND > /etc/passwd users - whichever is easier. > > Can someone please give me some pointers on how I can fix this problem > so that normal shell account users can authenticate. I think smtp auth requires a clear text password for CRAM-MD5 authentication to work. If so, /etc/passwd users won't be able to use smtp authentication. Ken Jones
Re: [vchkpw] smtp auth
Dave Goodrich wrote: > I believe I will move our smtp-auth users to another port and just fire up another instance of qmail-smtpd, leaving the normal qmail-smtpd running on port 25. I don't see a standard port for smtp-auth, any thoughts? I've looked through FreeBSD /etc/services file which is pretty complete, and found no entry for smtp-auth. I'm leaning towards using port 9025. Hi, Port 587. While not a port specifically for smtp-auth it is reserved for End User mail submission to a server MTA. http://xml.resource.org/public/rfc/html/rfc2476.html Regards, Rick
Re: [vchkpw] smtp auth
On Feb 4, 2005, at 3:17 PM, Dave Goodrich wrote: I don't see a standard port for smtp-auth, any thoughts? I've looked through FreeBSD /etc/services file which is pretty complete, and found no entry for smtp-auth. I'm leaning towards using port 9025. Use port 587, 'submission'. It's just like SMTP, but intended for clients sending email. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] smtp auth
Dave Goodrich wrote: Tom Collins wrote: On Jan 28, 2005, at 9:00 AM, Dave Goodrich wrote: Excellent, thank you. If I understand correctly I will also need to do nothing to my current tcp.smtp file? 3) How does this effect users who do not supply auth info? Does qmail-smtpd fall back to using the RELAYCLIENT value from tcp.smtp.cdb? Just as I feared, it is easy.. Uhh, kinda. Getting smtp-auth to work was easy but I fell into a hole when I did it. We found an instance where this breaks a lot of our clients. I was able to duplicate the issue using Netscape Mail 4.7 (yea it's old, but in rual Indiana not everyone has XP Pro or OSX). If a user has ever created a previous account in their mail program, the second account is created with smtp-auth checked and the username box empty. This caused a lot of people to suddenly not be able to send mail, and they all called tech support. I believe I will move our smtp-auth users to another port and just fire up another instance of qmail-smtpd, leaving the normal qmail-smtpd running on port 25. I don't see a standard port for smtp-auth, any thoughts? I've looked through FreeBSD /etc/services file which is pretty complete, and found no entry for smtp-auth. I'm leaning towards using port 9025. Thanks, DAve -- Dave Goodrich Systems Administrator http://www.tls.net Get rid of Unwanted Emails...get TLS Spam Blocker!
Re: [vchkpw] smtp auth
Tom Collins wrote: On Jan 28, 2005, at 9:00 AM, Dave Goodrich wrote: 1) What is everyone else using? #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` DENYMAIL="DNSCHECK" export DENYMAIL LOCAL=`/usr/bin/head -1 /var/qmail/control/me` /usr/bin/spamd -a -c -d -F0 -u qmailq exec /usr/local/bin/softlimit -m 600 \ /usr/local/bin/tcpserver -H -R -l "$LOCAL" \ -x /home/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \ /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /bin/true 2>&1 2) Some examples/patches show that a hostname is required in the run file for auth "http://www.enderunix.org/documents/eng/smtp-auth/"; and some do not "http://www.fehcom.de/qmail/smtpauth.html#IMPLEMENTATION";. I would think this is not possible using vpopmail, as a hardcoded host would cause vchkpw to fail the lookup. Correct? An older patch required it, but the current patch does not. The hardcoded host name was only used in generating the MD5 challenge, and could be any string of text. If you're using the patch from vpopmail's contrib directory, then you shouldn't have the hostname. Excellent, thank you. If I understand correctly I will also need to do nothing to my current tcp.smtp file? 3) How does this effect users who do not supply auth info? Does qmail-smtpd fall back to using the RELAYCLIENT value from tcp.smtp.cdb? Just as I feared, it is easy.. DAve -- Systems Administrator http://www.tls.net Get rid of Unwanted Emails...get TLS Spam Blocker!
Re: [vchkpw] smtp auth
On Jan 28, 2005, at 9:00 AM, Dave Goodrich wrote: 1) What is everyone else using? #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` DENYMAIL="DNSCHECK" export DENYMAIL LOCAL=`/usr/bin/head -1 /var/qmail/control/me` /usr/bin/spamd -a -c -d -F0 -u qmailq exec /usr/local/bin/softlimit -m 600 \ /usr/local/bin/tcpserver -H -R -l "$LOCAL" \ -x /home/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \ /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /bin/true 2>&1 2) Some examples/patches show that a hostname is required in the run file for auth "http://www.enderunix.org/documents/eng/smtp-auth/"; and some do not "http://www.fehcom.de/qmail/smtpauth.html#IMPLEMENTATION";. I would think this is not possible using vpopmail, as a hardcoded host would cause vchkpw to fail the lookup. Correct? An older patch required it, but the current patch does not. The hardcoded host name was only used in generating the MD5 challenge, and could be any string of text. If you're using the patch from vpopmail's contrib directory, then you shouldn't have the hostname. 3) How does this effect users who do not supply auth info? Does qmail-smtpd fall back to using the RELAYCLIENT value from tcp.smtp.cdb? Yes. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] SMTP Auth problem
Ispas Paul wrote: On Tuesday 07 December 2004 13:56, Alastair Battrick wrote: I'm having problems with SMTP Auth. I am starting SMTP with -- #!/bin/sh QMAILQUEUE="/var/qmail/bin/simscan" export QMAILQUEUE QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` exec /usr/local/bin/softlimit -m 20971520 \ /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /home/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd 2>&1 -- You should start smtp with the folowing command line : qmail-smtpd mail.example.com /home/vpopmail/bin/vchkpw /bin/true Read the smtp-auth docs. Hi Paul Thanks for your help. Which documentation are you referring to? The information you gave me does not appear to be correct, as a different error started when doing it the way you describe. It now works, when starting qmail-smtpd like so: qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true Thanks anyway - it's working now Alastair
Re: [vchkpw] SMTP Auth problem
On Tuesday 07 December 2004 13:56, Alastair Battrick wrote: > I'm having problems with SMTP Auth. > > I have installed: > Netqmail 1.0.5 > Vpopmail 5.4.8 > Simscan 1.0.8 & Spamassassin & Clamav > Chkuser 2.0.7 > Bill Shupp's composite TLS & SMTP Auth patch, from > http://shupp.org/smtp-auth-tls/ > > The error I'm getting is this: > "503 auth not available (#5.3.3)" > -- > # telnet 217.158.68.125 25 > Trying 217.158.68.125... > Connected to 217.158.68.125. > Escape character is '^]'. > 220 mail.datasnake.co.uk ESMTP > EHLO datasnake.co.uk > 250-mail.datasnake.co.uk > 250-STARTTLS > 250-PIPELINING > 250-8BITMIME > 250-SIZE 0 > 250 AUTH LOGIN PLAIN CRAM-MD5 > AUTH PLAIN > 503 auth not available (#5.3.3) > -- > > SMTP does deliver locally. > > The smtpd log gives only this: > > 2004-12-07 11:30:47.177877500 tcpserver: pid 20753 from 81.178.252.159 > 2004-12-07 11:30:47.178302500 tcpserver: ok 20753 > mail.datasnake.co.uk:217.158.68.125:25 > 81-178-252-159.dsl.pipex.com:81.178.252.159::1314 > > > I am starting SMTP with > -- > #!/bin/sh > > QMAILQUEUE="/var/qmail/bin/simscan" > export QMAILQUEUE > > QMAILDUID=`id -u vpopmail` > NOFILESGID=`id -g vpopmail` > MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` > LOCAL=`head -1 /var/qmail/control/me` > > exec /usr/local/bin/softlimit -m 20971520 \ > /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x > /home/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g > "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd 2>&1 > -- > You should start smtp with the folowing command line : qmail-smtpd mail.example.com /home/vpopmail/bin/vchkpw /bin/true Read the smtp-auth docs.
Re: [vchkpw] SMTP-AUTH fails, POP3 auth works. Mysql, Linux
On Aug 7, 2004, at 5:39 AM, ISP Lists wrote: OK, I've found that it was a client software error where CRAM-MD5 login is advertised first. Pegasus mail wouldn't keep trying to get to plain LOGIN, but The BAT! would "fail back" from CRAM-MD5 to plain LOGIN and roaming SMTP relay works fine. If you're using an older SMTP AUTH patch, CRAM-MD5 won't work properly. Use the patch that's in the contrib directory of vpopmail 5.4.x instead (and note that you may need to update your qmail-smtpd/run file as well). You really should have CRAM-MD5, since it's the only SMTP AUTH protocol that encrypts the password when sending. Note that you'll also need to enable cleartext passwords in vpopmail for it to work properly. If you can't use CRAM-MD5 for some reason, edit the source to qmail-smtpd and remove it from the text sent to the SMTP client (just search for CRAM-MD5 and it should be easy to find). -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] SMTP-AUTH fails, POP3 auth works. Mysql, Linux
> I've built vpopmail 5.4.5 with mysql 3.23.57-ish on Debian potato. I've > enabled roaming users and have included the SMTP-AUTH patch. Courier, > vpopmail, qmail, and everything else compiled fine (I did not use Debian > packages). > > POP3 works fine. Spam filtering works fine. Squirrelmail fine. > Squirrelmail sends via 127.0.0.1 SMTP fine via > /home/vpopmail/etc/tcp.smtp. SMTP-AUTH fails on password look ups and > therefore roaming users cannot send email. [SNIP] OK, I've found that it was a client software error where CRAM-MD5 login is advertised first. Pegasus mail wouldn't keep trying to get to plain LOGIN, but The BAT! would "fail back" from CRAM-MD5 to plain LOGIN and roaming SMTP relay works fine. Sorry for the initial concern, but I'd like to remove CRAM-MD5 from the advertised capabilities to avoid this kind of confusion with users. Any help there?! Sorry, but thanks so far!
Re: [vchkpw] smtp-auth on separate server queries vpopmail -mysql
Ron Culler wrote: I'm and having difficulty setting up a separate qmail server as a smtp-auth server. (* Its being done to provide inbound virus scanning prior to the message being delivered to the local mailbox) I have successfully setup Qmail and can get smtp-auth to work with checkpassword and the local shadow users. I installed vpopmail enabling roaming users, and mysql-auth. I then set the vpopmail.mysql file to use the DB on my main vpopmail server. I can see it connect but it returns an incorrect password response for the user and then sends the email. My question is can vpopmail provide this type of functionality? If not has anyone seen something that can? I want to be able to have smtp-auth query the vpopmail user DB. Thanks Ron Culler this works great. the only think to do is to mirror the /var/qmail/users dir to the auth server. then your users can auth against your mainserver regards mandy
Re: [vchkpw] SMTP Auth HOW? *UPDATE* AMD64
Am Sonntag, 23. Mai 2004 21:28 schrieb blist: First of all: I have the same problem - also on Dual-Opteron machines. I also have been in contact with blist and X-ISTENCE... > Ok, after the huge number of irrevlent replies to my last thread I am > attempting to post an update on my SMTP Auth problem. I have tried just > most smtp patchs, the on in the contrib dir of vpopmail and > http://shupp.org/patches/netqmail-1.05-tls-smtpauth-20040207.patch I > have included captures of below. As far as I found out, all smtp-auth-patches are based on Krzysztof Dabrowski's auth-patch (http://members.elysium.pl/brush/qmail-smtpd-auth/). Some are improved, some are mixed with other features... > > Both patches apply without error and compile/install fine. I am running > a Dual AMD Opteron system with suse 64 bit. I have had other people > look at this situation and there are no solutions. I can only assume > the patch has a problem with 64bit systems. Here is an example of login > and error and run file: [...] I found out, that it doesn't matter what other patches are applied. I got the same error when using a vanilla qmail with only the auth-patch and the errno-patch applied. I tried to compile while editing conf-cc and adding there -m32 (for 32-bit), but I got errors with this. When I added -m64, it compiled, but I got the same result at the end => auth doesn't work. When running the following: exec softlimit -m 5000 tcpserver -vR -l $Server-FQDN -c 1000 -u 89 -g 89 0 25 /usr/local/bin/recordio sh -c '/var/qmail/bin/qmail-smtpd $Server-FQDN /var/vpopmail/bin/vchkpw /usr/bin/true 2>&1' I get: tcpserver: status: 0/1000 tcpserver: status: 1/1000 tcpserver: pid 23227 from $Client-IP tcpserver: ok 23227 $Server-FQDN:$Server-IP:25 $Client-FQDN:$Client-IP::4024 3227 > 220 $Server-FQDN ESMTP 3227 < EHLO $Client-Name 3227 > 250-$Server-FQDN 3227 > 250-AUTH LOGIN CRAM-MD5 PLAIN 3227 > 250-AUTH=LOGIN CRAM-MD5 PLAIN 3227 > 250-PIPELINING 3227 > 250 8BITMIME 3227 < AUTH LOGIN 3227 > 334 VXNlcm5hbWU6 3227 < dGVzdEB0ZXN0LmNvbQ== 3227 > 334 UGFzc3dvcmQ6 3227 < dGVzdA== 3227 > 454 oops, problem with child and I can't auth (#4.3.0) 23227 < [EOF] tcpserver: end 23227 status 256 tcpserver: status: 0/1000 23227 > [EOF] All Phrases with "$" are "masked" since there are some people on this list, which should not know which one is affected. It also doen't make any change, if I comment the ability of CRAM-MD5 out in the source of the patch. > If you've read this far, thanks!. Drop me an e-mail if you have any > other suggestions. Thanks! I'll start a post at the qmail-list and try to get in contact with Krzysztof Dabrowski and Erwin Hoffmann (since he seems to have experience and speaks the same language than I do, it would be a bit easier). If somebody would be able and willing to have a look at this patch there would surely be some people very pleased. If somebody wants to try but hasn't 64-bit-hardware, I can provide access to my machine since it isn't productive (badly). As blist already wrote, any suggestions would be apreciated. Since there is more than one who would be glad about a solution, please post answers to the list. Greetings Tobias
Re: [vchkpw] smtp auth
Hi, I've installed SPAMCONTROL and i've modified the tcp.smtp file like you say (:allow,REQUIREAUTH="") but now nobody can send me e-mail the sender receive the message: Your message has encountered delivery problems to the following recipient(s): [EMAIL PROTECTED] Delivery failed 535 authentication failed (#5.7.1) No recipients were successfully delivered to. bye, signo Erwin Hoffmann wrote: Erwin Hoffmann wrote: Hi, At 10:49 19.05.04 +0200, you wrote: Erwin Hoffmann wrote:Hi, At 09:46 19.05.04 +0200, signo wrote: hello, i ve 2 problems first: I've installed qmail 1.03 with qmail-smtpd-auth-043. Now the smth auth work fine but if i try to send an email (with Mozilla) without smpt authentication set it work??!!!?? Hm. Could you please explain that in more details ? If i set (in mozilla) 'the server require smtp-auth, he ask me for user name and passwd, he verify the entries and if the username/password are correct he send the mail. control)!!! I would like to acceprtONLY mail after a successfull smtp-auth. Ok. As I assumed. Look for my SPAMCONTROL patch. It includes SMTP Authentication. http://www.fehcom.de/qmail/spamcontrol.html The README (http://www.fehcom.de/qmail/spamcontrol/README_spamcontrol.html) tells more (Section 7.4). In your case you to have to set: :allow,REQUIREAUTH="" That will do the trick. regards. --eh. Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/ Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24
Re: [vchkpw] SMTP Auth HOW? *UPDATE* AMD64
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 DEBO Jurgen E. G. wrote: > > > First, I suggest You verify Your authentication. Start-tls is initiated, > in that case the pasword has to be plain-text, not cram. > First off, starttls is not initiated, as then he would have had to enter starttls to start it in the first place. Second, auth login takes a base 64 username and base 64 password which he supplied. Dont trust me on that? Please read the RFC's for it. If he was using cram-md5 he wouldnt have issued a AUTH LOGIN. He would have issued a AUTH CRAM-MD5. - Anyways, id like to second anything the thread starter said. I have been on the system myself (not like that matters, i know), but he has read all the documentation, and anything there is to know about SMTP auth, so its not a mistake some place. For some reason something is going wrong some place, and i am thinking it could be in the base64.c file, however i have no clue most of it. I highly doubt its vchkpw as vchkpw gets handed just the info it needs, and works with pop3, so it _should_ work with smtp auth as well. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAsTt9JukONu5DUaQRAkJaAJ9qSXy95Cej2AMBedJ9ohKKI51nHgCfcvpM 708uHSBbjo65tOpLZSRhabY= =JDLs -END PGP SIGNATURE-
Re: [vchkpw] SMTP Auth HOW? *UPDATE* AMD64
please trim your posts. trimming your signature would be courteous too. you don't need to quote 63k of original message to append two sentences. At 02:23 PM 5/23/2004, DEBO Jurgen E. G. wrote: Hello blist, Sunday, May 23, 2004, 9:28:35 PM, you wrote: b> If you've read this far, thanks!. Drop me an e-mail if you have any b> other suggestions. Thanks! First, I suggest You verify Your authentication. Start-tls is initiated, in that case the pasword has to be plain-text, not cram. -- Best regards, DEBO Jurgen mailto:[EMAIL PROTECTED] www.guide.be * www.gids.be * www.guide.fr * www.shop.fr / \ sarl GUIDE (sdet) --- the GUIDE, de GIDS, TELESHOP, SHOP __ | __ 128, rue du faubourg de Douai | / | \ |FR-59000 Lille, La France / \ | / \ Tél/Fax +32 59 26.91.51 Mobile +32 479 212.841 /|__\|/__|\ Sitehttp://sarl.guide.fr \| /|\ |/ N° TVA FR-55.440.243.988 |\ / | \ /|RC Lille 74075/2001B01478 |__\ | /__|Siret 440 243 988 00027 | Compte BE: KREDBEBB (BIC) BE56.466-5571951-88 (IBAN) --- Compte FR: CMCIFR2A (BIC) FR76.1562-9027-0200-0455-1870-127 (IBAN) \ / Conditions (terms): http://sarl.guide.fr/conditions.php www.teleshop.fr * www.teleshop.be * www.teleshop.biz * www.teleshop.info * www.teleshop.name Paul Theodoropoulos http://www.anastrophe.com
Re: [vchkpw] SMTP Auth HOWTO?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brooks Roy wrote: > I do not have an open relay. I am trying to setup SMTP Auth. It is not > working.. When users try to auth, it just keeps asking for username > password over and over. Never sends. How are they authentication? with [EMAIL PROTECTED] or just username? > > X-Istence wrote: > > Brooks Roy wrote: > > I have put in the patch as described in the contrib README and changed it to be /bin/checkpassword instead of vchkpw and I still have the same senario. > > > What does your data.cdb or smtp.cdb look like that gets created from a > file? > > Also, it should still be to vchkpw if you want to use vpopmail. > > > This is what your run file should look like: > > exec /usr/local/bin/softlimit -m 1000 \ > /usr/local/bin/tcpserver -v -H -R -l "$LOCAL" -x \ > /usr/local/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" -u \ > "$QMAILDUID" -g vchkpw 192.168.5.50 25 \ > /usr/local/bin/fixcrio \ > /usr/local/bin/rblsmtpd -r relays.ordb.org \ > /var/qmail/bin/qmail-smtpd /usr/local/vpopmail/bin/vchkpw /usr/bin/true & > > > Also make sure $QMAILDUID $MAXSMTPD and $LOCAL are set properly. > > > I see that you have your /usr/local/vpopmail/etc/tcp.smtp.cdb, are you > sure that is no causing the open relay? Try pointing it to one that only > has: > > :allow > > in it, and see if you are still an open relay then. > > X-Istence -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFArmIMJukONu5DUaQRAmnpAKCCfD0TAifKW9/j9tV5u9PZRo8c4wCgk/B1 UPQrlLc6uG27pYQXT5Sh1kY= =ry3M -END PGP SIGNATURE-
Re: [vchkpw] SMTP Auth HOWTO?
PD> Ahhh...yes! A flame war...always nice :) I quote from the one who has bringing 'the gas': EH> You are joking, troll Well, I did't start. This list is to help people. It's not about to be picky or to be arrogant, if someone share another view, he has the right to put his vision forward and to defend his case. You can discuss topics without insulting people and without words like 'troll', maintained in the directory of Dr. Erwin Hoffmann. Maybe I write terrible English, but I am on the internet for a few decades, and some use our programs quite a lot in their BSD stuff. I don't need insults of someone, who thinks to have the right to insult people, because he has a PhD. Well, you dont hear me complain!
Re: [vchkpw] SMTP Auth HOWTO?
[EMAIL PROTECTED] wrote: Hello Erwin, Friday, May 21, 2004, 7:37:15 PM, you wrote: EH> Hi, EH> At 17:21 21.05.04 +0200, you wrote: Hello Erwin, Friday, May 21, 2004, 5:14:30 PM, you wrote: EH> Hi, EH> At 11:41 21.05.04 +0200, you wrote: Hello blist, In the OLD days, people were happy with SMTP-Auth. I consider it LESS security as SMTP after POP, because with SMTP-Auth, You sent Your e-mailadress and Your password of Your mailbox over the internet. When a man-in-the-middle catch this e-mail (or worse Your PW), he can use it for spam, or access Your mailbox. EH> This is only true for SMTP Authentication of type "plain" and "login". EH> With CRAM-MD5 its quite save. EH> Read: http://www.fehcom.de/qmail/smtpauth.html#FRAMEWORK Yes, it's 'quite' safe, but You still reveal Your e-mailadress. If there are many hops between Your workstation and the smtpserver, You can get some spam in return. More, Your mail is sent in plaintext. I prefer encrypted streams, so SUPP's patch which encrypts the stream with SSL, and authenticate afterwards (in plaintext) is still the best way to go, it's not a big effort to realize. EH> Pls. tell us how you intend to communicate to the rest of the world by EH> means of email with encrypted addresses. EH> You are joking, troll. EH> regards. EH> --eh. EH> Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/ EH> Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24 To be rude and without respect, this was the speciality of Your ancestors when they pretended to be the most bright race on Earth. For Your records annoo 1914-18, 1940-1945. Clearly, some can't deny their roots. Ahhh...yes! A flame war...always nice :)
Re: [vchkpw] SMTP Auth HOWTO?
Title: Re: [vchkpw] SMTP Auth HOWTO? [EMAIL PROTECTED] wrote: >Hello Jeremy, > >Friday, May 21, 2004, 5:20:40 PM, you wrote: > >JK> On Friday 21 May 2004 10:21 am, [EMAIL PROTECTED] wrote: > > >>>EH> This is only true for SMTP Authentication of type "plain" and "login". >>>EH> With CRAM-MD5 its quite save. >>> >>> CRAM-MD5 makes it safer, not "quite safe". >>>Yes, it's 'quite' safe, but You still reveal Your e-mailadress. >>>If there are many hops between Your workstation and the smtpserver, >>>You can get some spam in return. >>> >>> > >JK> I am truly amazed at that statement. > > This sounds pretty ridiculous to me also. People who spend inordinate amounts of time actually worrying about having their traffic sniffed, probably shouldn't be using anything remotely resembling common internet protocols. >I agree on this. But why to promote smtp-auth in plaintext, cram when You have smtps >to secure the stream up to Your mailserver (one step), but in this >step, You 'can' have many hops between You and Your workstation, so >this stream is the first to protect anyway. I agree on the fact there >aren't many TLS servers, but if everyone do his own part to install >the TLS option, we have in a little decade a much nicer place to have >secure mail transport. If people stich with smtp-auth, we never get >there. > > Some of us don't actually have the luxury of smtp-tls because we have one physical mail server, or cluster thereof, serving multiple domains. These domains are all "hidden" from each other, so unless we start running separate smtpd instances, with their own configs, separate IPs we cannot present a certificate to each client that'd match what their mail client expects. >(note: even Your soft, courier-imap seems to have an option for >spamass, would be nice to see Dspam(.org) instead) > > I think this'd be a "show us the code" request. There are quite a few ways to use spamassassin where its not a ridiculous memory hog (spamc/spamd for one). Cheers, Nick Harring Webley Systems
Re: [vchkpw] SMTP Auth HOWTO?
On Friday 21 May 2004 10:21 am, [EMAIL PROTECTED] wrote: > EH> This is only true for SMTP Authentication of type "plain" and "login". > EH> With CRAM-MD5 its quite save. > Yes, it's 'quite' safe, but You still reveal Your e-mailadress. > If there are many hops between Your workstation and the smtpserver, > You can get some spam in return. I am truly amazed at that statement. > More, Your mail is sent in plaintext. I prefer encrypted streams, > so SUPP's patch which encrypts the stream with SSL, and authenticate > afterwards (in plaintext) is still the best way to go, it's not a big > effort to realize. but most servers out there don't have TLS support so your email still goes across unencrypted. for instance, I use smtps to talk to my mail server, purely because I have it available (I'm not using smtp auth or anything) but I realize that when it leaves my server it's not encrypted. If you want end to end encryption of emails, most MUAs support pgp/gpg/s-mime encryption formats. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
Re: [vchkpw] SMTP Auth HOWTO?
On Friday 21 May 2004 09:11 am, [EMAIL PROTECTED] wrote: > >> In the OLD days, people were happy with SMTP-Auth. I consider it LESS > >> security as SMTP after POP, because with SMTP-Auth, You sent Your > >> e-mailadress and Your password of Your mailbox over the internet. > JKister> Are you insinuating that this is not so with POP3 (or "SMTP after POP") > No not at all, were do You get this ? you said it yourself. > Maybe You read it Your way. no, he read it as you wrote it. > You can authenticate with POP3-SSL, and have a SMTP after POP, so were > is Your point, in this case ? you can also smtp auth over ssl > What I insinuating was to use TLS for SMTP, and not SMTP Auth. you said that later, but that wasn't your original statement. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
Re: [vchkpw] SMTP Auth HOWTO?
On Thursday 20 May 2004 09:24 pm, Brooks Roy wrote: > I have put in the patch as described in the contrib README and changed > it to be /bin/checkpassword instead of vchkpw and I still have the same > senario. /bin/checkpassword generally needs to be run as root to authenticate users. More than likely you are not doing this. Why did you change from vchkpw to /bin/checkpassword ? post your run script so we can try to attempt to help you. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
Re: [vchkpw] SMTP Auth HOWTO?
Hi, At 11:41 21.05.04 +0200, you wrote: >Hello blist, > >In the OLD days, people were happy with SMTP-Auth. I consider it LESS >security as SMTP after POP, because with SMTP-Auth, You sent Your >e-mailadress and Your password of Your mailbox over the internet. >When a man-in-the-middle catch this e-mail (or worse Your PW), he can >use it for spam, or access Your mailbox. This is only true for SMTP Authentication of type "plain" and "login". With CRAM-MD5 its quite save. Read: http://www.fehcom.de/qmail/smtpauth.html#FRAMEWORK regards. --eh. Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/ Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24
Re: [vchkpw] SMTP Auth HOWTO?
On Friday, May 21, 2004 5:41 AM, DEBO Jurgen E. G. wrote: > In the OLD days, people were happy with SMTP-Auth. I consider it LESS > security as SMTP after POP, because with SMTP-Auth, You sent Your > e-mailadress and Your password of Your mailbox over the internet. Are you insinuating that this is not so with POP3 (or "SMTP after POP") ? LOL Jeremy Kister http://jeremy.kister.com/
Re: [vchkpw] SMTP Auth HOWTO?
Hello blist, Friday, May 21, 2004, 2:00:08 AM, you wrote: b> I am installing vchkpw + SMTP AUTH + qmail. I have installed qmail with b> this patch: b>qmail-smtpd-auth-0.31 from b> http://members.elysium.pl/brush/qmail-smtpd-auth/ b> Here is my run tcpserver script for qmail-smtpd: b> exec /usr/local/bin/softlimit -m 1000 \ b> /usr/local/bin/tcpserver -v -H -R -l "$LOCAL" -x \ b> /usr/local/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" -u \ b> "$QMAILDUID" -g vchkpw 192.168.5.50 25 \ b> /usr/local/bin/fixcrio \ b> /usr/local/bin/rblsmtpd -r relays.ordb.org \ b> /var/qmail/bin/qmail-smtpd ps1.prostream.net \ b> /usr/local/vpopmail/bin/vchkpw /bin/true & b> I cannot get any users to authenticate when sending email. I then tried b> taking out ps1.prostream.net after /var/qmail/bin/qmail-smtpd and it b> lets all users authenticate. I am running SUSE 9.0 x86-64 with vpopmail b> 5.4.0 b> Any ideas why its not working? b> Thanks, b> Brooks Roy Roy, In the OLD days, people were happy with SMTP-Auth. I consider it LESS security as SMTP after POP, because with SMTP-Auth, You sent Your e-mailadress and Your password of Your mailbox over the internet. When a man-in-the-middle catch this e-mail (or worse Your PW), he can use it for spam, or access Your mailbox. I suggest You use: SHUPP's version with netqmail like : fetch http://www.qmail.org/netqmail-1.05.tar.gz tar xzvf netqmail-1.05.tar.gz.tar cd netqmail-1.05 ./collate.sh # patch with Shupp's TLS and SMTP-Auth fetch http://shupp.org/patches/netqmail-1.05-tls-smtpauth-20040207.patch patch < ./netqmail-1.05-tls-smtpauth-20040207.patch certificate: You can copy thoses (extension .pem) from : freeBSD, vpopmail stuff cd /var/qmail/control cp /usr/local/cert/ipop3d.pem servercert.pem ln -s servercert.pem ./clientcert.pem Activate TLS by create a certificate, and You will be much better off to create an encrypted connecton to Your SMTP server by the SMTP Enc smtps 465/tcp#smtp protocol over TLS/SSL (was ssmtp) smtps 465/udp#smtp protocol over TLS/SSL (was ssmtp) -- Best regards, DEBO Jurgen Belgian Chocolates mailto:[EMAIL PROTECTED] www.guide.be * www.gids.be * www.guide.fr * www.shop.fr / \ sarl GUIDE (sdet) --- the GUIDE, de GIDS, TELESHOP, SHOP __ | __ 128, rue du faubourg de Douai | / | \ |FR-59000 Lille, La France / \ | / \ Tél/Fax +32 59 26.91.51 Mobile +32 479 212.841 /|__\|/__|\ Sitehttp://sarl.guide.fr \| /|\ |/ N° TVA FR-55.440.243.988 |\ / | \ /|RC Lille 74075/2001B01478 |__\ | /__|Siret 440 243 988 00027 | Compte BE: KREDBEBB (BIC) BE56.466-5571951-88 (IBAN --- Compte FR: CMCIFR2A (BIC) FR76.1562-9027-0200-0455-1870-127 (IBAN) \ / Conditions (terms): http://sarl.guide.fr/conditions.php www.teleshop.fr * www.teleshop.be * www.teleshop.biz * www.teleshop.info * www.teleshop.name
Re: [vchkpw] SMTP Auth HOWTO?
I do not have an open relay. I am trying to setup SMTP Auth. It is not working.. When users try to auth, it just keeps asking for username password over and over. Never sends. X-Istence wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brooks Roy wrote: I have put in the patch as described in the contrib README and changed it to be /bin/checkpassword instead of vchkpw and I still have the same senario. What does your data.cdb or smtp.cdb look like that gets created from a file? Also, it should still be to vchkpw if you want to use vpopmail. This is what your run file should look like: exec /usr/local/bin/softlimit -m 1000 \ /usr/local/bin/tcpserver -v -H -R -l "$LOCAL" -x \ /usr/local/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" -u \ "$QMAILDUID" -g vchkpw 192.168.5.50 25 \ /usr/local/bin/fixcrio \ /usr/local/bin/rblsmtpd -r relays.ordb.org \ /var/qmail/bin/qmail-smtpd /usr/local/vpopmail/bin/vchkpw /usr/bin/true & Also make sure $QMAILDUID $MAXSMTPD and $LOCAL are set properly. I see that you have your /usr/local/vpopmail/etc/tcp.smtp.cdb, are you sure that is no causing the open relay? Try pointing it to one that only has: :allow in it, and see if you are still an open relay then. X-Istence -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFArWnTJukONu5DUaQRAvIEAJ4kNtYLR/Kq37/KHIhQT+bowaa2AwCfcfmw T/UiN67ZKxN5Xl8bfb7td2A= =ioO9 -END PGP SIGNATURE-
Re: [vchkpw] SMTP Auth HOWTO?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brooks Roy wrote: > I have put in the patch as described in the contrib README and changed > it to be /bin/checkpassword instead of vchkpw and I still have the > same senario. What does your data.cdb or smtp.cdb look like that gets created from a file? Also, it should still be to vchkpw if you want to use vpopmail. This is what your run file should look like: exec /usr/local/bin/softlimit -m 1000 \ /usr/local/bin/tcpserver -v -H -R -l "$LOCAL" -x \ /usr/local/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" -u \ "$QMAILDUID" -g vchkpw 192.168.5.50 25 \ /usr/local/bin/fixcrio \ /usr/local/bin/rblsmtpd -r relays.ordb.org \ /var/qmail/bin/qmail-smtpd /usr/local/vpopmail/bin/vchkpw /usr/bin/true & Also make sure $QMAILDUID $MAXSMTPD and $LOCAL are set properly. I see that you have your /usr/local/vpopmail/etc/tcp.smtp.cdb, are you sure that is no causing the open relay? Try pointing it to one that only has: :allow in it, and see if you are still an open relay then. X-Istence -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFArWnTJukONu5DUaQRAvIEAJ4kNtYLR/Kq37/KHIhQT+bowaa2AwCfcfmw T/UiN67ZKxN5Xl8bfb7td2A= =ioO9 -END PGP SIGNATURE-
Re: [vchkpw] SMTP Auth HOWTO?
I have put in the patch as described in the contrib README and changed it to be /bin/checkpassword instead of vchkpw and I still have the same senario. X-Istence wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brooks Roy wrote: So use the patch from the vpopmail contrib directory WITHOUT the hostname in the run script for tcpserver? Wont this make the server an open relay? No, cause that patch doesnt require a hostname on purpose, as to many poeple were unsure if it was needed or not. It is not needed, thus it was removed. So no, you will not make yourself an open relay. X-Istence wrote: My apologies, the solution i provided *WILL* not work. Considering the code still contains the hostname stuff. What i suggest is you grab the patch from the vpopmail contrib directory, it contains a copy that *will* work. X-Istence -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFArWgSJukONu5DUaQRApA6AKCM+q+2R0ErkBTWX1AK+swrOrruLgCfbBZs x1XaueBT++M1ovsaIvevqpw= =Ubls -END PGP SIGNATURE-
Re: [vchkpw] SMTP Auth HOWTO?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brooks Roy wrote: > So use the patch from the vpopmail contrib directory WITHOUT the > hostname in the run script for tcpserver? > > Wont this make the server an open relay? No, cause that patch doesnt require a hostname on purpose, as to many poeple were unsure if it was needed or not. It is not needed, thus it was removed. So no, you will not make yourself an open relay. > > X-Istence wrote: > > > My apologies, the solution i provided *WILL* not work. Considering the > code still contains the hostname stuff. > > What i suggest is you grab the patch from the vpopmail contrib > directory, it contains a copy that *will* work. > > X-Istence -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFArWgSJukONu5DUaQRApA6AKCM+q+2R0ErkBTWX1AK+swrOrruLgCfbBZs x1XaueBT++M1ovsaIvevqpw= =Ubls -END PGP SIGNATURE-
Re: [vchkpw] SMTP Auth HOWTO?
So use the patch from the vpopmail contrib directory WITHOUT the hostname in the run script for tcpserver? Wont this make the server an open relay? X-Istence wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 My apologies, the solution i provided *WILL* not work. Considering the code still contains the hostname stuff. What i suggest is you grab the patch from the vpopmail contrib directory, it contains a copy that *will* work. X-Istence -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFArV6EJukONu5DUaQRAuMQAJ4oPWzzYWeeAKRlYOop6DWxovBy/wCghqre PvraZ1VWDiBT4Yx++8H0Xho= =pS6m -END PGP SIGNATURE-
Re: [vchkpw] SMTP Auth HOWTO?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 My apologies, the solution i provided *WILL* not work. Considering the code still contains the hostname stuff. What i suggest is you grab the patch from the vpopmail contrib directory, it contains a copy that *will* work. X-Istence -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFArV6EJukONu5DUaQRAuMQAJ4oPWzzYWeeAKRlYOop6DWxovBy/wCghqre PvraZ1VWDiBT4Yx++8H0Xho= =pS6m -END PGP SIGNATURE-
Re: [vchkpw] SMTP Auth HOWTO?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Kitchen wrote: > On Thursday 20 May 2004 07:00 pm, blist wrote: >>Here is my run tcpserver script for qmail-smtpd: >> >>exec /usr/local/bin/softlimit -m 1000 \ >>/usr/local/bin/tcpserver -v -H -R -l "$LOCAL" -x \ >>/usr/local/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" -u \ >>"$QMAILDUID" -g vchkpw 192.168.5.50 25 \ >>/usr/local/bin/fixcrio \ >>/usr/local/bin/rblsmtpd -r relays.ordb.org \ >>/var/qmail/bin/qmail-smtpd ps1.prostream.net \ >>/usr/local/vpopmail/bin/vchkpw /bin/true & Simple, remove the hostname, and all should be well. > > > what's the value of $QMAILDUID in that script? > > also, if you take out the hostname you're an open relay, because you're > authenticating with /bin/true Wrong, vchkpw needs another program to change the directory for, check the way qmail-pop3d works. pop3-popup checkpasswrd realpop3 (Which is now in the users directory) If vchkpw is not given another argument to execute after it auth's the user, qmail-smtpd has no way to check if it was successfull. > > -Jeremy > > -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFArV1GJukONu5DUaQRAt/SAJ9Ubh1+KnXuKN9p+AGtnz3OvPEi4wCgmS2k lqa015oQi4ITRgNw0nECxRI= =LOQ4 -END PGP SIGNATURE-
Re: [vchkpw] SMTP Auth HOWTO?
The patch you are using is incredibly old. You should consider auth-jms1.4a.patch from http://www.jms1.net/qmail/auth-jms1.4a.patch If that link is broken, google on "auth-jms1.4a.patch" and look at the cached version. You might also consider the qmail-requireauth.patch that allows you to set an environment variable to selectively require authentication. I had to manually apply the patch as some of the line numbers didn't jive. I've pasted it below. Greg *** qmail-smtpd-orig.c Tue May 15 13:21:04 2001 --- qmail-smtpd.c Tue May 15 13:26:04 2001 *** *** 72,77 --- 72,79 int err_authabrt() { out("501 auth exchange cancelled (#5.0.0)\r\n"); return -1; } int err_input() { out("501 malformed auth input (#5.5.4)\r\n"); return -1; } + void err_authrequired() { out("503 you must authenticate first (#5.5.1)\r\n"); } + stralloc greeting = {0}; void smtp_greet(code) char *code; *** *** 93,98 --- 95,102 char *remoteinfo; char *local; char *relayclient; + char *requireauth; + int authd = 0; stralloc helohost = {0}; char *fakehelo; /* pointer into helohost, or 0 */ *** *** 143,148 --- 147,153 if (!remotehost) remotehost = "unknown"; remoteinfo = env_get("TCPREMOTEINFO"); relayclient = env_get("RELAYCLIENT"); + requireauth = env_get("REQUIREAUTH"); dohelo(remotehost); } *** *** 259,264 --- 264,270 } void smtp_mail(arg) char *arg; { + if (requireauth && !authd) { err_authrequired(); return; } if (!addrparse(arg)) { err_syntax(); return; } flagbarf = bmfcheck(); seenmail = 1; *** *** 425,431 char **childargs; substdio ssup; char upbuf[128]; - int authd = 0; int authgetl(void) { int i; --- 431,436 blist wrote: I am installing vchkpw + SMTP AUTH + qmail. I have installed qmail with this patch: qmail-smtpd-auth-0.31 from http://members.elysium.pl/brush/qmail-smtpd-auth/ Here is my run tcpserver script for qmail-smtpd: exec /usr/local/bin/softlimit -m 1000 \ /usr/local/bin/tcpserver -v -H -R -l "$LOCAL" -x \ /usr/local/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" -u \ "$QMAILDUID" -g vchkpw 192.168.5.50 25 \ /usr/local/bin/fixcrio \ /usr/local/bin/rblsmtpd -r relays.ordb.org \ /var/qmail/bin/qmail-smtpd ps1.prostream.net \ /usr/local/vpopmail/bin/vchkpw /bin/true & I cannot get any users to authenticate when sending email. I then tried taking out ps1.prostream.net after /var/qmail/bin/qmail-smtpd and it lets all users authenticate. I am running SUSE 9.0 x86-64 with vpopmail 5.4.0 Any ideas why its not working? Thanks, Brooks Roy