RE: [vchkpw] chkuser 2.0 and vpopmail w/mysql
>-Original Message- >From: tonix (Antonio Nati) [mailto:[EMAIL PROTECTED] >Sent: Thursday, January 20, 2005 9:12 AM >To: vchkpw@inter7.com >Subject: RE: [vchkpw] chkuser 2.0 and vpopmail w/mysql > >At 17.47 20/01/2005, you wrote: > >>So based on what you have said, if >>chkuser relies on vpopmail commands to determine existence then my current >>setup should work just fine. If chkuser directly reads the virtualdomains >>file, then I will have problems. > >Hi Brian, > >chkuser relies on vpopmail for domains (i.e. rcpthosts, virtualdomains), >users (cdb/MySQL/other) and valiases (MySQL) informations, using instead >its own code for aliases and mailing lists. > >Checking of chkuser enabling (looking for "bounce string") is done using >its own code. > >Ciao, > >Tonino > Just as a follow-up. This all works great. Chkuser works great in our particular application. Thanks to all of those that helped me understand the integration a little better. Two more questions. Can anyone tell me which stable version of the vpopmail code will contain the vauth-open code to use with CHKUSER_ENABLE_VAUTH_OPEN? I am currently at 5.4.7 and would like to avoid any bouncing due to mysql being down. Also, it looks like what ever calls that are being invoked to determine user existence creates connections to the master sql server instead of the local slave. I have the /home/vpopmail/etc/vpopmail.mysql set up correctly. I have noticed this before as well. Operations that would appear to be reads, fail when my master server is down, logins, etc. I don't do any logging to the mysql tables because that really hoses replication. Any insight here would be great. Thanks Brian
RE: [vchkpw] chkuser 2.0 and vpopmail w/mysql
At 17.47 20/01/2005, you wrote: So based on what you have said, if chkuser relies on vpopmail commands to determine existence then my current setup should work just fine. If chkuser directly reads the virtualdomains file, then I will have problems. Hi Brian, chkuser relies on vpopmail for domains (i.e. rcpthosts, virtualdomains), users (cdb/MySQL/other) and valiases (MySQL) informations, using instead its own code for aliases and mailing lists. Checking of chkuser enabling (looking for "bounce string") is done using its own code. Ciao, Tonino
RE: [vchkpw] chkuser 2.0 and vpopmail w/mysql
>-Original Message- >From: Rick Macdougall [mailto:[EMAIL PROTECTED] >Sent: Wednesday, January 19, 2005 3:29 PM >To: vchkpw@inter7.com >Subject: Re: [vchkpw] chkuser 2.0 and vpopmail w/mysql > > > >Brian Lanier wrote: >>>-Original Message- >>>From: Jeremy Kitchen [mailto:[EMAIL PROTECTED] >>>Sent: Tuesday, January 18, 2005 3:03 PM >>>To: vchkpw@inter7.com >>>Subject: Re: [vchkpw] chkuser 2.0 and vpopmail w/mysql >>> >>>On Tuesday 18 January 2005 03:23 pm, Brian Lanier wrote: >>> >>> >>>>This is where I am not clear and would love to be >>>>corrected. I don't want delivery to happen on my public facing mail >>> >>>server, >>> >>>>but I would like to run chkuser there to prevent bad mail from even >>> >>>coming >>> >>>>into my mail system. >>> >>>that's a little trickier, and requires a certain type of setup. >>> >> >> Any examples of this type of setup? Any docs or postings of anyone have >used >> this type of setup? With our setup, we use a first layer to knock down >all >> the easy/obvious email and then pass on to our scanning layers to reduce >the >> load on our AV setup. This dependency on using the virtualdomains file >kills >> this type of setup. I have heard a lot of success stories using chkuser >and >> would like to implement it on our setup. I thought I had seen people >using >> this tiered approach with vpopmail and chkuser, just no details on >> implementation. >> > >I'm pretty sure vpopmail verifies the domain exists as a vpopmail domain >by looking at the qmail/users/assign file (at least it does here with >5.4.6), so you should be able to do what you want if the chkusr patch >relies on vpopmail calls (which it did in 1.0, I haven't used the 2.0 >version yet). > >I missed the earlier messages on this topic so I'm not quite sure what >you want to do but if you want a primary MX to accept mail and then >forward it on to a second machine that does local delivery, adding the >domain on the primary MX, then removing it from virtualdomains and >adding into smtproutes *should* work. > >I did do a similar setup for a client but I was using cdb not mysql, and >duplicating the vpasswd files for each domain and that did work. > >Should be easy enough to do the same thing with mysql although I think >you'll have to manually add the domains to the assign file and rebuild >it yourself if you are using the mysql server of the local delivery >machine, plus add the domains vpopmail directory and .qmail-default file >and any user .qmail files... yesh. Ummm, manually add the domain to >assign, rebuild and nfs mount the vpopmail domains/ directory :) > >Did that make any sense at all ? > >Regards, > >Rick Thanks Rick, That makes perfect sense in a convoluted sort of way. We actually have our primary mx's setup identical to our local delivery boxes for various network topology reasons. The difference is of course the use of smtproutes vs. virtualdomains and a few different patches to qmail at that level. Our customers use these servers as the outbound server for their mail clients as well and it works out great. Also, for our internal scripts and process, all of the vpopmail commands work because we sync the control files across all of our boxes when we add/delete domains. So based on what you have said, if chkuser relies on vpopmail commands to determine existence then my current setup should work just fine. If chkuser directly reads the virtualdomains file, then I will have problems. Thanks for all of the great info. If anyone can confirm or deny that last item that would be great(vpopmail commands vs. reading the file directly. If I could read C, I could figure this out ;-)), but I will probably give this a try when I can and report back for anyone else that has this same question. Also, thanks again for all of you who provide such excellent support on this list. I have been following the list for a long time but never had a need to post since my questions have always already been answered. Thanks to the developers and contributors and those of you who just help. Brian
Re: [vchkpw] chkuser 2.0 and vpopmail w/mysql
Brian Lanier wrote: -Original Message- From: Jeremy Kitchen [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 18, 2005 3:03 PM To: vchkpw@inter7.com Subject: Re: [vchkpw] chkuser 2.0 and vpopmail w/mysql On Tuesday 18 January 2005 03:23 pm, Brian Lanier wrote: This is where I am not clear and would love to be corrected. I don't want delivery to happen on my public facing mail server, but I would like to run chkuser there to prevent bad mail from even coming into my mail system. that's a little trickier, and requires a certain type of setup. Any examples of this type of setup? Any docs or postings of anyone have used this type of setup? With our setup, we use a first layer to knock down all the easy/obvious email and then pass on to our scanning layers to reduce the load on our AV setup. This dependency on using the virtualdomains file kills this type of setup. I have heard a lot of success stories using chkuser and would like to implement it on our setup. I thought I had seen people using this tiered approach with vpopmail and chkuser, just no details on implementation. I'm pretty sure vpopmail verifies the domain exists as a vpopmail domain by looking at the qmail/users/assign file (at least it does here with 5.4.6), so you should be able to do what you want if the chkusr patch relies on vpopmail calls (which it did in 1.0, I haven't used the 2.0 version yet). I missed the earlier messages on this topic so I'm not quite sure what you want to do but if you want a primary MX to accept mail and then forward it on to a second machine that does local delivery, adding the domain on the primary MX, then removing it from virtualdomains and adding into smtproutes *should* work. I did do a similar setup for a client but I was using cdb not mysql, and duplicating the vpasswd files for each domain and that did work. Should be easy enough to do the same thing with mysql although I think you'll have to manually add the domains to the assign file and rebuild it yourself if you are using the mysql server of the local delivery machine, plus add the domains vpopmail directory and .qmail-default file and any user .qmail files... yesh. Ummm, manually add the domain to assign, rebuild and nfs mount the vpopmail domains/ directory :) Did that make any sense at all ? Regards, Rick
Re: [vchkpw] chkuser 2.0 and vpopmail w/mysql
On Wednesday 19 January 2005 01:42 pm, Brian Lanier wrote: > >-Original Message- > >From: Jeremy Kitchen [mailto:[EMAIL PROTECTED] > >Sent: Tuesday, January 18, 2005 3:03 PM > >To: vchkpw@inter7.com > >Subject: Re: [vchkpw] chkuser 2.0 and vpopmail w/mysql > > > >On Tuesday 18 January 2005 03:23 pm, Brian Lanier wrote: > >> This is where I am not clear and would love to be > >> corrected. I don't want delivery to happen on my public facing mail > > > >server, > > > >> but I would like to run chkuser there to prevent bad mail from even > > > >coming > > > >> into my mail system. > > > >that's a little trickier, and requires a certain type of setup. > > Any examples of this type of setup? Any docs or postings of anyone have > used this type of setup? With our setup, we use a first layer to knock down > all the easy/obvious email and then pass on to our scanning layers to > reduce the load on our AV setup. This dependency on using the > virtualdomains file kills this type of setup. I have heard a lot of success > stories using chkuser and would like to implement it on our setup. I > thought I had seen people using this tiered approach with vpopmail and > chkuser, just no details on implementation. well, you could use the qmailqueue patch and two qmail installs on the same system to make it work. as far as I know, the chkuser patch uses conf-qmail to find the home directory. You'd have your say, /var/qmail2 qmail-send running, and use /var/qmail2/bin/qmail-queue to queue the mail, and it would have your smtproutes and stuff. also, you'd have to either nfs mount or make a local copy of your domains directories so the chkuser patch can look for .qmail files and such. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgpAfEoeASjt6.pgp Description: PGP signature
RE: [vchkpw] chkuser 2.0 and vpopmail w/mysql
>-Original Message- >From: Jeremy Kitchen [mailto:[EMAIL PROTECTED] >Sent: Tuesday, January 18, 2005 3:03 PM >To: vchkpw@inter7.com >Subject: Re: [vchkpw] chkuser 2.0 and vpopmail w/mysql > >On Tuesday 18 January 2005 03:23 pm, Brian Lanier wrote: > >> This is where I am not clear and would love to be >> corrected. I don't want delivery to happen on my public facing mail >server, >> but I would like to run chkuser there to prevent bad mail from even >coming >> into my mail system. > >that's a little trickier, and requires a certain type of setup. > Any examples of this type of setup? Any docs or postings of anyone have used this type of setup? With our setup, we use a first layer to knock down all the easy/obvious email and then pass on to our scanning layers to reduce the load on our AV setup. This dependency on using the virtualdomains file kills this type of setup. I have heard a lot of success stories using chkuser and would like to implement it on our setup. I thought I had seen people using this tiered approach with vpopmail and chkuser, just no details on implementation. Thanks for all the info so far. >-Jeremy > >-- >Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, >Inc. > [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l > kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail > GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] -- Brian
Re: [vchkpw] chkuser 2.0 and vpopmail w/mysql
On Tuesday 18 January 2005 03:23 pm, Brian Lanier wrote: > Ok... Maybe I don't understand qmail as much as I thought or I can't find > the info in the man pages. My understanding is if the domain is listed in > virtualdomains, then qmail-send treats this delivery as local and will not > read smtproutes. that is correct. In fact, qmail-send doesn't care about smtproutes at all.. qmail-remote does.. and qmail-remote is only called when a delivery is to be made to a remote host.. qmail-send determines that by checking if the domain is in locals or virtualdomains. > This is where I am not clear and would love to be > corrected. I don't want delivery to happen on my public facing mail server, > but I would like to run chkuser there to prevent bad mail from even coming > into my mail system. that's a little trickier, and requires a certain type of setup. > I guess I understand everything you have said except for the relation > between smtproutes, virtualdomains and how qmail process this flow. If > anyone can clear this up or slap me upside the head with an obvious answer > that I am missing, that would be great. Thanks you might want to look at the PIC.* files in /var/qmail/doc for how qmail processes incoming emails. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgpbuj5MMkizO.pgp Description: PGP signature
RE: [vchkpw] chkuser 2.0 and vpopmail w/mysql
Ok... Maybe I don't understand qmail as much as I thought or I can't find the info in the man pages. My understanding is if the domain is listed in virtualdomains, then qmail-send treats this delivery as local and will not read smtproutes. This is where I am not clear and would love to be corrected. I don't want delivery to happen on my public facing mail server, but I would like to run chkuser there to prevent bad mail from even coming into my mail system. I guess I understand everything you have said except for the relation between smtproutes, virtualdomains and how qmail process this flow. If anyone can clear this up or slap me upside the head with an obvious answer that I am missing, that would be great. Thanks -- Brian Lanier Network Engineer Quexion, LLC 858.573.2323 x2 4858 Mercury St., Suite 200, San Diego, CA 92111 EnterpriseMail - complete business email from Quexion No more spam. No more viruses. www.quexion.com >-Original Message- >From: tonix (Antonio Nati) [mailto:[EMAIL PROTECTED] >Sent: Friday, January 14, 2005 1:17 AM >To: vchkpw@inter7.com >Subject: Re: [vchkpw] chkuser 2.0 and vpopmail w/mysql > > >I feel these two statements are not in opposition. > >chkuser checks recipients only for domains who are in virtualdomains. > >When a domain is already inside virtualdomains, for a new user you may >simply add a new line with MySQL vpopmail database, and the user will be >added automatically as it is used the first time (the first incoming >message). > >In this way, using a replica MySQL on a front-end qmail system, it will use >chkuser for all domains that are listed in virtualdomains and have all >users within MySQL. So it looks simply like you have to add your domains to >virtualdomains, and put them also in smtproutes. > >Tonino > >At 21.00 12/01/2005, you wrote: >>Quick question that I can't seem to sort out myself. I see people are >doing >>the same thing based on the archives but I can't seem to find a definitive >>answer. >> >>Using a smart host relay to do initial mail checking running qmail. All my >>virtual domains are setup up correctly but not listed in the >virtualdomains >>file. Instead we are using the smtproutes file to pass on to the rest of >our >>mail system. This all works great. Vpopmail 5.4.7 is setup using MySQL >with >>a replicated read only host on the smart relay. I noticed in the archives >>that people have used the chkuser patch to qmail in this situation with >>great success. My question is this: In the FAQ at >>http://www.interazioni.it/opensource/chkuser/documentation/faq/general.htm >l >>it states that chkuser will do the checking only if the domain exists in >>rcpthosts(or morercpthosts) AND virtualdomains. The archives seem to >suggest >>that if you are using MySQL, you don't need the entries in virtualdomains. >>Am I misreading this? What would be the correct setup in this case >assuming >>checking on all domains? Any clarification would be great. Thanks >> >>Brian Lanier >
Re: [vchkpw] chkuser 2.0 and vpopmail w/mysql
At 10.17 14/01/2005, you wrote: I feel these two statements are not in opposition. chkuser checks recipients only for domains who are in virtualdomains. When a domain is already inside virtualdomains, for a new user you may simply add a new line with MySQL vpopmail database, and the user will be added automatically as it is used the first time (the first incoming message). Correction: the user is already created, as you put it inside MySQL; the needed qmail directories and structures for that user will be created the first time the account will receive e-mail. In this way, using a replica MySQL on a front-end qmail system, it will use chkuser for all domains that are listed in virtualdomains and have all users within MySQL. So it looks simply like you have to add your domains to virtualdomains, and put them also in smtproutes. Tonino At 21.00 12/01/2005, you wrote: Quick question that I can't seem to sort out myself. I see people are doing the same thing based on the archives but I can't seem to find a definitive answer. Using a smart host relay to do initial mail checking running qmail. All my virtual domains are setup up correctly but not listed in the virtualdomains file. Instead we are using the smtproutes file to pass on to the rest of our mail system. This all works great. Vpopmail 5.4.7 is setup using MySQL with a replicated read only host on the smart relay. I noticed in the archives that people have used the chkuser patch to qmail in this situation with great success. My question is this: In the FAQ at http://www.interazioni.it/opensource/chkuser/documentation/faq/general.html it states that chkuser will do the checking only if the domain exists in rcpthosts(or morercpthosts) AND virtualdomains. The archives seem to suggest that if you are using MySQL, you don't need the entries in virtualdomains. Am I misreading this? What would be the correct setup in this case assuming checking on all domains? Any clarification would be great. Thanks Brian Lanier
Re: [vchkpw] chkuser 2.0 and vpopmail w/mysql
I feel these two statements are not in opposition. chkuser checks recipients only for domains who are in virtualdomains. When a domain is already inside virtualdomains, for a new user you may simply add a new line with MySQL vpopmail database, and the user will be added automatically as it is used the first time (the first incoming message). In this way, using a replica MySQL on a front-end qmail system, it will use chkuser for all domains that are listed in virtualdomains and have all users within MySQL. So it looks simply like you have to add your domains to virtualdomains, and put them also in smtproutes. Tonino At 21.00 12/01/2005, you wrote: Quick question that I can't seem to sort out myself. I see people are doing the same thing based on the archives but I can't seem to find a definitive answer. Using a smart host relay to do initial mail checking running qmail. All my virtual domains are setup up correctly but not listed in the virtualdomains file. Instead we are using the smtproutes file to pass on to the rest of our mail system. This all works great. Vpopmail 5.4.7 is setup using MySQL with a replicated read only host on the smart relay. I noticed in the archives that people have used the chkuser patch to qmail in this situation with great success. My question is this: In the FAQ at http://www.interazioni.it/opensource/chkuser/documentation/faq/general.html it states that chkuser will do the checking only if the domain exists in rcpthosts(or morercpthosts) AND virtualdomains. The archives seem to suggest that if you are using MySQL, you don't need the entries in virtualdomains. Am I misreading this? What would be the correct setup in this case assuming checking on all domains? Any clarification would be great. Thanks Brian Lanier
