subject:"RE\: \[vchkpw\] chkuser 2.0.8b"

Re: [vchkpw] CHKUSER 2.0.8b - banning IPs into tcp.smtp

2005-10-27 Thread Bob Hutchinson

On Wednesday 26 Oct 2005 22:51, ISP Lists wrote:
 CHKUSER 2.0.8b on qmail 1.03 and vpopmail 5.4.10.

 I LOVE that CHKUSER can single out the unknown recipients and block the
 offending SMTP session - big traffic control helper!  However, I've got
 one domain that's really being hit hard by dictionary attacks.  Some
 attack traffic is a few hits from many IPs, other traffic is many hits
 from few IPs.

 What I'd like to do is get something that's like an IDS that reads log
 output for CHKUSER rejections - currently only outputting to

 /var/log/qmail/smtp/current

cat current | grep 'CHKUSER rejected rcpt:' | tai64nlocal  mylog
then write a perl script to pull the ip addresses into a list and compare with 
what you already have in tcp.smtp


 and have that information parsed for the specific domain and have the
 offending sender IP stuffed into a database (probably with a timestamp).
 Then I would build some scripted logic to query the database to figure out
 if I've been hit N number of times from an IP in a certain window of time;
 thus the trigger to update tcp.smtp with the offender.

 I think I might go ahead and just compile the tcp.smtp at each pass,
 that way I can keep tcp.smtp as compact as possible.  Those who've stopped
 being naughty are taken off the blocklist eventually.  Almost an RBL
 mentality I guess.  (and yes, I AM running with the Spamhaus RBL also).

 I gotta believe some smart person already built this, but I don't know if
 it's called something specific.  Big challenge for me is how to keep an
 eye on a logfile for any particular time (particularly given DJB's arcane
 date values in the above log file) and not end up reprocessing data I've
 already seen.

 Help appreciated and thanks!
 Dave.

-- 
-
Bob Hutchinson
Midwales dot com
-

Re: [vchkpw] chkuser 2.0.8b

2005-09-26 Thread John Simpson


On 2005-09-22, at 1234, Tom Collins wrote:

On Sep 22, 2005, at 1:42 AM, John Simpson wrote:
if you're supporting AUTH, you really should use TLS as well.  
otherwise you're allowing your users to send their passwords  
across the internet in plain text- and all it takes is one spammer  
with a packet sniffer to use your machine as a relay.


If you use CRAM-MD5 for the AUTH method, it's impossible to sniff  
the cleartext password.


the design of CRAM requires that the server have a list of plain-text  
password, regardless of the hashing algorithm it uses.


if somebody cracks your machine (and for the sake of security you  
have to assume that they eventually will) the bad guys will now have  
a list of all of your users' passwords in plain text, making it  
possible to not only read your users' email, but relay spam through  
your server.


TLS is a good idea, but getting your users to enable it in their  
clients can be a challenge.  It's hard enough explaining how to  
enable SMTP AUTH!


er... telling a user to turn on the use TLS or use SSL checkbox  
and possibly change a port number isn't hard. i've been building,  
running, and consulting for ISP's for ten years now, and if you  
manage the process correctly, it's not hard.


it's like any other settings change... you set things up so that  
both the old and new settings will work, and then leave that in  
place for a month. tell the users that you've made this change to  
improve their service, the new settings are in this email or at such- 
and-such web page, and they have until such-and-such date to change  
their settings. during the month, your tech support people ask every  
customer they come in contact with if they've changed their settings,  
and if not they walk them through it on the spot. then when the end  
date arrives, most of your customers will have switched, and you can  
turn the old stuff off without killing your tech support people.  
then when that final rush of calls dies down, buy pizza for the tech  
support department to thank them for their extra effort.


at least that's how i've always done it, and it's always worked out  
pretty well.


--
| John M. Simpson - KG4ZOW - Programmer At Large |
| http://www.jms1.net/   [EMAIL PROTECTED] |
--
| Mac OS X proves that it's easier to make UNIX  |
| pretty than it is to make Windows secure.  |
--




PGP.sig
Description: This is a digitally signed message part

Re: [vchkpw] chkuser 2.0.8b

2005-09-26 Thread John Simpson


On 2005-09-22, at 1627, Erwin Hoffmann wrote:

At 18:12 22.09.2005 +0100, tonix (Antonio Nati) wrote:

At 17.34 22/09/2005, you wrote:

On Sep 22, 2005, at 1:42 AM, John Simpson wrote:

if you're supporting AUTH, you really should use TLS as well.  
otherwise you're allowing your users to send their passwords  
across the internet in plain text- and all it takes is one  
spammer with a packet sniffer to use your machine as a relay.


If you use CRAM-MD5 for the AUTH method, it's impossible to sniff  
the cleartext password.


I don't bet on this. If you tape the SMTP dialoge, its easy to  
encrypt the password.


i'm sure many of us know this already, but for the benefit of people  
who may not understand how CRAM authentication works, here's the deal:


the server sends a cookie- a string of text which contains a  
certain amount of pseudo-random text. many servers end up sending a  
timestamp, a process id, and/or a few bytes of random from /dev/ 
random, /dev/urandom, or some other source of random.


the client takes that cookie, adds the password to the end of it,  
computes a hash of the result, and sends that has back to the server.


the server takes the same cookie, adds the real password to the end  
of it, computes a hash of that result, and compares it to the hash  
sent by the client. if the hashes match, then obvoiusly the client  
knows what the real password is, so it's okay to let them in.  
otherwise, the client doesn't have the right password and should not  
be allowed in.


the idea with CRAM is for the client to prove that it knows what the  
correct password is, without every actually sending the password over  
the wire.


if you already have a list of plain-text passwords on the server,  
CRAM is a very good idea. my only objection is to keeping a list of  
plain-text passwords on the server in the first place. it's not  
something i do, but for somebody who already has such a list it can  
be a good thing.



Greets from the hurrican free Germany.
--eh.


and i'm in orlando- four hurricanes in a row last year, but luckily  
none so bad as the two which have hit louisiana this year...


--
| John M. Simpson - KG4ZOW - Programmer At Large |
| http://www.jms1.net/   [EMAIL PROTECTED] |
--
| Mac OS X proves that it's easier to make UNIX  |
| pretty than it is to make Windows secure.  |
--




PGP.sig
Description: This is a digitally signed message part

Re: [vchkpw] chkuser 2.0.8b

2005-09-22 Thread tonix (Antonio Nati)


Aleks,

these are some flags I'm using (I have smtp auth ON for all users, so 
disabling flag is OFF):


#disable_smtp
#disable_pop
#disable_imap

In this case, SMTP auth would be ON if line is commented (as in 
previous lines), OFF if line is active.


Check both your default switches in 
/home/vpopmail/etc/vlimits.default and in your domain 
.qmailadmin-limits (or in your MySQL limits).


Tonino

At 23.05 21/09/2005, you wrote:

Im not really suer what flags you are aiming for tonix. But i guess
they could be enabled/disabled?

Aleks


On 9/21/05, tonix (Antonio Nati) [EMAIL PROTECTED] wrote:

  Sorry for the dumb question.

  Are your users/domains smtp flags not disabled?

  Tonino


  At 14.38 21/09/2005, you wrote:


 Thanks Bruno, but im not that keen on the TLS support anymore. 
Perhaps i'll toast next time :)


  For now im going to figure out why i cant auth with the 
vpopmail/contrib/auth patch or the newest 
version   http://www.fehcom.de/qmail/auth/qmail-smtpd-auth-057_tgz.bin .


   4549  220 mx.domain.com ESMTP
   4549  EHLO [192.168.0.100]
   4549  250-mx.domain.com
   4549  250-PIPELINING
   4549  250-8BITMIME
   4549  250-SIZE 0
   4549  250 AUTH LOGIN PLAIN CRAM-MD5
   4549  AUTH CRAM-MD5
   4549  334 PDExLjExMjczMDdAbXguY29uZmlnLm5vPg==
   4549  YWxla3NhbmRlckBvbHNlbi5jbiBkOJlNzdmZGVkMzUzYjA1ZDZlZDU4ZGNlZQ==
   4549  535 authentication failed (#5.7.1)
   4549  AUTH PLAIN AGFsZWtzYW5kZXJAb2xzZ4AeWY4NDRpdG8=
   4549  535 authentication failed (#5.7.1)
   4549  AUTH LOGIN
   4549  334 VXNlcmbWU6
   4549  YWxla3NhlckBvbHNlbi5jbg==
   4549  334 UGFzc3dvcmQ6
   4549  eWY4NpdG8=
   4549  535 authentication failed (#5.7.1)


  Thanks!


  On 9/21/05, Bruno Negrao [EMAIL PROTECTED]  wrote:
Aleks,

   I also had problems when I tried to install chkuser and the 
auth patch in vpopmail/contrib.


   I discovered that Bill Shupp's qmail-toaster 
http://shupp.org/toaster/ already has netqmail+chkuser+auth+tls 
patches and I'm testing it now. On the toaster mailing list you'll 
find Antonio Nati and other nice guys. There is even an EMPF patch 
made specially for qmail-toaster, but not for netqmail.


   It seems to me that there's a lot of people supporting 
qmail-toaster. Maybe you'd like to try qmail-toaster installation 
instead of installing all these patches by hand (this is what I'm 
trying to get with qmail-toaster).


   Regards,
   bnegrao
- Original Message -
   From: Aleks Olsen
   To: vchkpw@inter7.com
   Sent: Wednesday, September 21, 2005 7:14 AM
   Subject: Re: [vchkpw] chkuser 2.0.8b

   Hi

   I didnt. I missed the trailing */ on that line it seems. Thanks!
   -
   Now, it seems the patch didnt like working with 
auth-jms1.4a.patch(auth patch) and/or qmail-1.03-jms1.5.patch (tls patch).


   I got the auth patch from the vpopmail contrib dir and tried 
with that, leaving the ones mentioned above out of it and then 
patched with the netqmail*auth*chkuser patch. I believe im not 
really in the need for that tls anyways for smtp transactions. Now, 
anyone know if there is another trick to that to make the auth work 
with chkuser? Qmail compiled fine
   with the patches and the result at the moment is the the smtp 
wont auth anyone and chkuser works somewhat how it is designed to work (sweet).


   220 mx.domain.com ESMTP
   ehlo
   250-mx.domain.com
   250-PIPELINING
   250-8BITMIME
   250-SIZE 0
   250 AUTH LOGIN PLAIN

   chkuser.c
   #include /home/vpopmail/include/vpopmail.h
   #include /home/vpopmail/include/vauth.h
   #include /home/vpopmail/include/vpopmail_config.h

   /* #define CHKUSER_ENABLE_VAUTH_OPEN */

   /usr/local/bin/tcpserver -v -R -l $LOCAL -x /etc/tcp.smtp.cdb 
-c $MAXSMTPD \

   -u $QMAILDUID -g $NOFILESGID 0 smtp \
   /var/qmail/bin/qmail-smtpd mx.domain.com \
   /home/vpopmail/bin/vchkpw /usr/bin/true 21

   I undefined and defined /* #define CRAM_MD5 */ from 
qmail-smtpd.c, compiled fine - but no-go. Wont auth.


   Anyone notice anything i might have missed out?

   This hoffman patch -should- work with a vpopmail/mysql setup right?

   Thanks!

   /Aleksander

   On 9/20/05, tonix (Antonio Nati) [EMAIL PROTECTED] wrote:
At 11.51 20/09/2005, you wrote:


  Tried to patch up a clean src of qmail-1.03. I get the same 
error as I get with the already patched up src.


   Hope this is right.
   Yes. How did you define CHKUSER_STARTING_VARIABLE within 
chkuser_settings.h?


   Tonino



  Thanks,
   /Aleksander

   -
   static void first_time_init (void) {

 char * temp_string;

   #if !defined CHKUSER_ALWAYS_ON  defined CHKUSER_STARTING_VARIABLE
   starting_string = env_get (CHKUSER_STARTING_VARIABLE);
   if (starting_string) {
if (strcasecmp(starting_string, ALWAYS) == 0) {
starting_value = 1;
} else if (strcasecmp(starting_string, DOMAIN) == 0) {
starting_value = 0;
}
   } else

Re: [vchkpw] chkuser 2.0.8b

2005-09-22 Thread John Simpson


On 2005-09-21, at 0614, Aleks Olsen wrote:

-
Now, it seems the patch didnt like working with auth-jms1.4a.patch 
(auth

patch) and/or qmail-1.03-jms1.5.patch (tls patch).


both of which are ANCIENT. my combined patch is up to version 6b now.

and it doesn't use chkuser... i doctored up a different way to  
handle the same problem, using a validrcptto.cdb file containing  
every valid email address on the system. whenever you add or remove a  
user, you rebuild the cdb file.


http://qmail.jms1.net/patches/ has information on both patches.

I got the auth patch from the vpopmail contrib dir and tried with  
that,

leaving the ones mentioned above out of it and then patched with the
netqmail*auth*chkuser patch. I believe im not really in the need  
for that

tls anyways for smtp transactions.


if you're supporting AUTH, you really should use TLS as well.  
otherwise you're allowing your users to send their passwords across  
the internet in plain text- and all it takes is one spammer with a  
packet sniffer to use your machine as a relay.


--
| John M. Simpson - KG4ZOW - Programmer At Large |
| http://www.jms1.net/   [EMAIL PROTECTED] |
--
| Mac OS X proves that it's easier to make UNIX  |
| pretty than it is to make Windows secure.  |
--




PGP.sig
Description: This is a digitally signed message part

Re: [vchkpw] chkuser 2.0.8b

2005-09-22 Thread John Simpson


On 2005-09-21, at 0623, tonix (Antonio Nati) wrote:



Why are you running it with -u $QMAILDUID ?

You should run it as vpopmail, excluding any uidswitching (if you  
enabled uidswitching within chkuser_settings.h, comment it).


Cert must be owned by vpopmail as well.


qmail is, and has always been, designed to have qmail-smtpd run as  
qmaild. the only reason to make it run as the vpopmail user is so  
that you can us vchkpw to support AUTH, and the solution there is  
to make the vchkpw binary setuid so it always runs as the vpopmail  
user.


the servercert.pem file should be owned by root and readable to the  
group nofiles (which is the group qmaild belongs to.) the  
clientcert.pem file (if you have one) should also be owned by root,  
but readable to the group qmail.


--
| John M. Simpson - KG4ZOW - Programmer At Large |
| http://www.jms1.net/   [EMAIL PROTECTED] |
--
| Mac OS X proves that it's easier to make UNIX  |
| pretty than it is to make Windows secure.  |
--




PGP.sig
Description: This is a digitally signed message part

Re: [vchkpw] chkuser 2.0.8b

2005-09-22 Thread Aleks Olsen

Just for the fun of it; If I was to, (in this lifetime) get tls/auth
to work with chkuser, what/who's tls and auth code should i use?
Since jms obvious dont need to make he's patches compatible since he's
got the needed stuff for himself in validrcptto, i was hoping someone
knew what works or not. I stand corrected about the hole auth and no
tls security breach jms pointed out. If you want auth you should use
tls i guess.

Thanks,

/Aleks

On 9/22/05, John Simpson [EMAIL PROTECTED] wrote:
 On 2005-09-21, at 0623, tonix (Antonio Nati) wrote:

 
  Why are you running it with -u $QMAILDUID ?
 
  You should run it as vpopmail, excluding any uidswitching (if you
  enabled uidswitching within chkuser_settings.h, comment it).
 
  Cert must be owned by vpopmail as well.

 qmail is, and has always been, designed to have qmail-smtpd run as
 qmaild. the only reason to make it run as the vpopmail user is so
 that you can us vchkpw to support AUTH, and the solution there is
 to make the vchkpw binary setuid so it always runs as the vpopmail
 user.

 the servercert.pem file should be owned by root and readable to the
 group nofiles (which is the group qmaild belongs to.) the
 clientcert.pem file (if you have one) should also be owned by root,
 but readable to the group qmail.

 --
 | John M. Simpson - KG4ZOW - Programmer At Large |
 | http://www.jms1.net/   [EMAIL PROTECTED] |
 --
 | Mac OS X proves that it's easier to make UNIX  |
 | pretty than it is to make Windows secure.  |
 --

Re: [vchkpw] chkuser 2.0.8b

2005-09-22 Thread tonix (Antonio Nati)


Aleks,

sorry to repeat what has been already said, but to make it short use 
Shupp's Toaster. There inside chkuser + TLS + auth work fine together 
(since years). You'll build it in minuts, and will never regret of 
making this step.


Ciao,

Tonino

At 13.18 22/09/2005, you wrote:

Just for the fun of it; If I was to, (in this lifetime) get tls/auth
to work with chkuser, what/who's tls and auth code should i use?
Since jms obvious dont need to make he's patches compatible since he's
got the needed stuff for himself in validrcptto, i was hoping someone
knew what works or not. I stand corrected about the hole auth and no
tls security breach jms pointed out. If you want auth you should use
tls i guess.

Thanks,

/Aleks

On 9/22/05, John Simpson [EMAIL PROTECTED] wrote:
 On 2005-09-21, at 0623, tonix (Antonio Nati) wrote:

 
  Why are you running it with -u $QMAILDUID ?
 
  You should run it as vpopmail, excluding any uidswitching (if you
  enabled uidswitching within chkuser_settings.h, comment it).
 
  Cert must be owned by vpopmail as well.

 qmail is, and has always been, designed to have qmail-smtpd run as
 qmaild. the only reason to make it run as the vpopmail user is so
 that you can us vchkpw to support AUTH, and the solution there is
 to make the vchkpw binary setuid so it always runs as the vpopmail
 user.

 the servercert.pem file should be owned by root and readable to the
 group nofiles (which is the group qmaild belongs to.) the
 clientcert.pem file (if you have one) should also be owned by root,
 but readable to the group qmail.

 --
 | John M. Simpson - KG4ZOW - Programmer At Large |
 | http://www.jms1.net/   [EMAIL PROTECTED] |
 --
 | Mac OS X proves that it's easier to make UNIX  |
 | pretty than it is to make Windows secure.  |
 --

Re: [vchkpw] chkuser 2.0.8b

2005-09-22 Thread Remo Mattei

I have just rebuild it last week and it works fine.

Remo
- Original Message - 
From: tonix (Antonio Nati) [EMAIL PROTECTED]
To: vchkpw@inter7.com
Sent: Thursday, September 22, 2005 08:07
Subject: Re: [vchkpw] chkuser 2.0.8b

 Aleks,

 sorry to repeat what has been already said, but to make it short use 
 Shupp's Toaster. There inside chkuser + TLS + auth work fine together 
 (since years). You'll build it in minuts, and will never regret of 
 making this step.

 Ciao,

 Tonino

 At 13.18 22/09/2005, you wrote:
Just for the fun of it; If I was to, (in this lifetime) get tls/auth
to work with chkuser, what/who's tls and auth code should i use?
Since jms obvious dont need to make he's patches compatible since he's
got the needed stuff for himself in validrcptto, i was hoping someone
knew what works or not. I stand corrected about the hole auth and no
tls security breach jms pointed out. If you want auth you should use
tls i guess.

Thanks,

/Aleks

On 9/22/05, John Simpson [EMAIL PROTECTED] wrote:
  On 2005-09-21, at 0623, tonix (Antonio Nati) wrote:

   Why are you running it with -u $QMAILDUID ?

   You should run it as vpopmail, excluding any uidswitching (if you
   enabled uidswitching within chkuser_settings.h, comment it).

   Cert must be owned by vpopmail as well.

  qmail is, and has always been, designed to have qmail-smtpd run as
  qmaild. the only reason to make it run as the vpopmail user is so
  that you can us vchkpw to support AUTH, and the solution there is
  to make the vchkpw binary setuid so it always runs as the vpopmail
  user.

  the servercert.pem file should be owned by root and readable to the
  group nofiles (which is the group qmaild belongs to.) the
  clientcert.pem file (if you have one) should also be owned by root,
  but readable to the group qmail.

  --
  | John M. Simpson - KG4ZOW - Programmer At Large |
  | http://www.jms1.net/   [EMAIL PROTECTED] |
  --
  | Mac OS X proves that it's easier to make UNIX  |
  | pretty than it is to make Windows secure.  |
  --

Re: [vchkpw] chkuser 2.0.8b

2005-09-22 Thread Tom Collins


On Sep 22, 2005, at 1:42 AM, John Simpson wrote:
if you're supporting AUTH, you really should use TLS as well. 
otherwise you're allowing your users to send their passwords across 
the internet in plain text- and all it takes is one spammer with a 
packet sniffer to use your machine as a relay.


If you use CRAM-MD5 for the AUTH method, it's impossible to sniff the 
cleartext password.


TLS is a good idea, but getting your users to enable it in their 
clients can be a challenge.  It's hard enough explaining how to enable 
SMTP AUTH!


Here's an idea, how about a Wiki page dedicated to instructions on 
setting SMTP AUTH in various email clients?  People could contribute by 
taking screen shots of their setup, preferably with '[EMAIL PROTECTED]' 
or some similar username.


A more ambitious project would be to use PHP and GD with the proper 
fonts to automatically fill in the fields and generate a completely 
custom how to page.  Any ISP could use it, and make use of hidden 
fields to enable/disable certain features (like 'user port 587 for 
outbound smtp', 'enable TLS', 'use full email address as username', 
'use smtp.server.com for outbound email', etc.).  The end user could 
enter their name, email address and email client and get a one-page 
printout instructing them on how to set everything up.


--
Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
You don't need a laptop to troubleshoot high-speed Internet: 
sniffter.com

Re: [vchkpw] chkuser 2.0.8b

2005-09-22 Thread Remo Mattei

sounds good to me!

Remo
- Original Message - 
From: Tom Collins [EMAIL PROTECTED]
To: vchkpw@inter7.com
Sent: Thursday, September 22, 2005 10:34
Subject: Re: [vchkpw] chkuser 2.0.8b

 On Sep 22, 2005, at 1:42 AM, John Simpson wrote:
 if you're supporting AUTH, you really should use TLS as well. 
 otherwise you're allowing your users to send their passwords across 
 the internet in plain text- and all it takes is one spammer with a 
 packet sniffer to use your machine as a relay.

 If you use CRAM-MD5 for the AUTH method, it's impossible to sniff the 
 cleartext password.

 TLS is a good idea, but getting your users to enable it in their 
 clients can be a challenge.  It's hard enough explaining how to enable 
 SMTP AUTH!

 Here's an idea, how about a Wiki page dedicated to instructions on 
 setting SMTP AUTH in various email clients?  People could contribute by 
 taking screen shots of their setup, preferably with '[EMAIL PROTECTED]' 
 or some similar username.

 A more ambitious project would be to use PHP and GD with the proper 
 fonts to automatically fill in the fields and generate a completely 
 custom how to page.  Any ISP could use it, and make use of hidden 
 fields to enable/disable certain features (like 'user port 587 for 
 outbound smtp', 'enable TLS', 'use full email address as username', 
 'use smtp.server.com for outbound email', etc.).  The end user could 
 enter their name, email address and email client and get a one-page 
 printout instructing them on how to set everything up.

 --
 Tom Collins  -  [EMAIL PROTECTED]
 QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
 You don't need a laptop to troubleshoot high-speed Internet: 
 sniffter.com

Re: [vchkpw] chkuser 2.0.8b

2005-09-22 Thread DAve


Tom Collins wrote:

On Sep 22, 2005, at 1:42 AM, John Simpson wrote:

if you're supporting AUTH, you really should use TLS as well. 
otherwise you're allowing your users to send their passwords across 
the internet in plain text- and all it takes is one spammer with a 
packet sniffer to use your machine as a relay.



If you use CRAM-MD5 for the AUTH method, it's impossible to sniff the 
cleartext password.


TLS is a good idea, but getting your users to enable it in their clients 
can be a challenge.  It's hard enough explaining how to enable SMTP AUTH!


Here's an idea, how about a Wiki page dedicated to instructions on 
setting SMTP AUTH in various email clients?  People could contribute by 
taking screen shots of their setup, preferably with '[EMAIL PROTECTED]' or 
some similar username.


A more ambitious project would be to use PHP and GD with the proper 
fonts to automatically fill in the fields and generate a completely 
custom how to page.  Any ISP could use it, and make use of hidden 
fields to enable/disable certain features (like 'user port 587 for 
outbound smtp', 'enable TLS', 'use full email address as username', 'use 
smtp.server.com for outbound email', etc.).  The end user could enter 
their name, email address and email client and get a one-page printout 
instructing them on how to set everything up.


If screen shots were provided, any of the PDF generators for PHP could 
provide a custom PDF file with ISP branding for downloading on demand.


Interesting Idea.. We are in the middle of moving our entire 
operation, NOC and office. But afterwards maybe, would anyone be 
interested in this if I did it?


DAve



--
Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
You don't need a laptop to troubleshoot high-speed Internet: sniffter.com

Re: [vchkpw] chkuser 2.0.8b

2005-09-22 Thread Remo Mattei

I would Dave..

Remo
- Original Message - 
From: DAve [EMAIL PROTECTED]
To: vchkpw@inter7.com
Sent: Thursday, September 22, 2005 10:50
Subject: Re: [vchkpw] chkuser 2.0.8b

 Tom Collins wrote:
 On Sep 22, 2005, at 1:42 AM, John Simpson wrote:

 if you're supporting AUTH, you really should use TLS as well. 
 otherwise you're allowing your users to send their passwords across 
 the internet in plain text- and all it takes is one spammer with a 
 packet sniffer to use your machine as a relay.

 If you use CRAM-MD5 for the AUTH method, it's impossible to sniff the 
 cleartext password.

 TLS is a good idea, but getting your users to enable it in their clients 
 can be a challenge.  It's hard enough explaining how to enable SMTP AUTH!

 Here's an idea, how about a Wiki page dedicated to instructions on 
 setting SMTP AUTH in various email clients?  People could contribute by 
 taking screen shots of their setup, preferably with '[EMAIL PROTECTED]' or 
 some similar username.

 A more ambitious project would be to use PHP and GD with the proper 
 fonts to automatically fill in the fields and generate a completely 
 custom how to page.  Any ISP could use it, and make use of hidden 
 fields to enable/disable certain features (like 'user port 587 for 
 outbound smtp', 'enable TLS', 'use full email address as username', 'use 
 smtp.server.com for outbound email', etc.).  The end user could enter 
 their name, email address and email client and get a one-page printout 
 instructing them on how to set everything up.

 If screen shots were provided, any of the PDF generators for PHP could 
 provide a custom PDF file with ISP branding for downloading on demand.

 Interesting Idea.. We are in the middle of moving our entire 
 operation, NOC and office. But afterwards maybe, would anyone be 
 interested in this if I did it?

 DAve

 -- 
 Tom Collins  -  [EMAIL PROTECTED]
 QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
 You don't need a laptop to troubleshoot high-speed Internet: sniffter.com

Re: [vchkpw] chkuser 2.0.8b

2005-09-22 Thread tonix (Antonio Nati)


At 17.34 22/09/2005, you wrote:

On Sep 22, 2005, at 1:42 AM, John Simpson wrote:
if you're supporting AUTH, you really should use TLS as well. 
otherwise you're allowing your users to send their passwords across 
the internet in plain text- and all it takes is one spammer with a 
packet sniffer to use your machine as a relay.


If you use CRAM-MD5 for the AUTH method, it's impossible to sniff 
the cleartext password.


TLS is a good idea, but getting your users to enable it in their 
clients can be a challenge.  It's hard enough explaining how to 
enable SMTP AUTH!


Here's an idea, how about a Wiki page dedicated to instructions on 
setting SMTP AUTH in various email clients?  People could contribute 
by taking screen shots of their setup, preferably with 
'[EMAIL PROTECTED]' or some similar username.


A more ambitious project would be to use PHP and GD with the proper 
fonts to automatically fill in the fields and generate a completely 
custom how to page.  Any ISP could use it, and make use of hidden 
fields to enable/disable certain features (like 'user port 587 for 
outbound smtp', 'enable TLS', 'use full email address as username', 
'use smtp.server.com for outbound email', etc.).  The end user could 
enter their name, email address and email client and get a one-page 
printout instructing them on how to set everything up.


A better idea... The most of probably use qmail because there is vpopmail.

What about rewriting around vpopmail a modern, robust and 
customizable MTA that does not force us to be acrobats in order to 
add functionalities to qmail?


First step would be to mantain the same schema and code of qmail, 
rewriting all the code step by step, module after module. So, free 
from Bernstein license, we could finally update and upgrade the MTA 
in a serious way.


Tonino


--
Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
You don't need a laptop to troubleshoot high-speed Internet: sniffter.com

Re: [vchkpw] chkuser 2.0.8b

2005-09-22 Thread Erwin Hoffmann


Hi,

At 18:12 22.09.2005 +0100, tonix (Antonio Nati) wrote:

At 17.34 22/09/2005, you wrote:

On Sep 22, 2005, at 1:42 AM, John Simpson wrote:
if you're supporting AUTH, you really should use TLS as well. otherwise 
you're allowing your users to send their passwords across the internet 
in plain text- and all it takes is one spammer with a packet sniffer to 
use your machine as a relay.


If you use CRAM-MD5 for the AUTH method, it's impossible to sniff the 
cleartext password.


I don't bet on this. If you tape the SMTP dialoge, its easy to encrypt the 
password.




TLS is a good idea, but getting your users to enable it in their clients 
can be a challenge.  It's hard enough explaining how to enable SMTP AUTH!


Here's an idea, how about a Wiki page dedicated to instructions on 
setting SMTP AUTH in various email clients?  People could contribute by 
taking screen shots of their setup, preferably with '[EMAIL PROTECTED]' or 
some similar username.


You should start teaching yourself. 
http://www.fehcom.de/qmail/smtpauth.html is your friend.



A more ambitious project would be to use PHP and GD with the proper fonts 
to automatically fill in the fields and generate a completely custom how 
to page.  Any ISP could use it, and make use of hidden fields to 
enable/disable certain features (like 'user port 587 for outbound smtp', 
'enable TLS', 'use full email address as username', 'use smtp.server.com 
for outbound email', etc.).  The end user could enter their name, email 
address and email client and get a one-page printout instructing them on 
how to set everything up.


A better idea... The most of probably use qmail because there is vpopmail.
What about rewriting around vpopmail a modern, robust and customizable MTA 
that does not force us to be acrobats in order to add functionalities to qmail?


Do you have considered how many changes vpopmail has undergone the last years ?
Did you ever do a code digest ?
Do you have the slightest idea how vchkpw works ?


First step would be to mantain the same schema and code of qmail, 
rewriting all the code step by step, module after module. So, free from 
Bernstein license, we could finally update and upgrade the MTA in a 
serious way.


If anything needs a rewrite, its vpopmail - qmail is perfect in the way it 
is defined. Or course, since 1998 the requirements have changed.


In particular, most of the SMTP add-ones (as defined in the latest RFCs) 
are (according to my personal oppinion) - useless.
We do have AC in our cars, DVD + surround sound, airbags, automatic 
adjusting seats - but we still use four wheels and a benzine motor, driving 
on badly-paved roads.


Qmail is a good car, but the road gets increasingly worse - adding DVD 
players to your car doesn't really help.


Greets from the hurrican free Germany.
--eh.




Tonino


--
Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
You don't need a laptop to troubleshoot high-speed Internet: sniffter.com

Re: [vchkpw] chkuser 2.0.8b

2005-09-22 Thread Tom Collins


On Sep 22, 2005, at 1:27 PM, Erwin Hoffmann wrote:
If you use CRAM-MD5 for the AUTH method, it's impossible to sniff 
the cleartext password.


I don't bet on this. If you tape the SMTP dialoge, its easy to encrypt 
the password.


I think you're wrong.  AUTH PLAIN and AUTH LOGIN are just base64 
encoded cleartext and you can determine the password from them.  
CRAM-MD5 involves a one-way hash.  It is impossible to reverse the hash 
and determine the cleartext password.  Each time you connect, a 
different challenge results in a different response.  The only way the 
server and client can generate the correct response is to have the same 
cleartext password available.


Given the challenge and response, it is not possible to generate the 
cleartext password.


--
Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
You don't need a laptop to troubleshoot high-speed Internet: 
sniffter.com

RE: [vchkpw] chkuser 2.0.8b

2005-09-22 Thread Nicholas Harring

 On Sep 22, 2005, at 1:27 PM, Erwin Hoffmann wrote:
  If you use CRAM-MD5 for the AUTH method, it's impossible to sniff
  the cleartext password.
 
  I don't bet on this. If you tape the SMTP dialoge, its easy to
encrypt
  the password.
 
 I think you're wrong.  AUTH PLAIN and AUTH LOGIN are just base64
 encoded cleartext and you can determine the password from them.
 CRAM-MD5 involves a one-way hash.  It is impossible to reverse the
hash
 and determine the cleartext password.  Each time you connect, a
 different challenge results in a different response.  The only way the
 server and client can generate the correct response is to have the
same
 cleartext password available.
 
 Given the challenge and response, it is not possible to generate the
 cleartext password.

I'm with Tom on this one, the CRAM-MD5 algorithm makes snooping to get
the password unpossible excepting brute force.
The only real problem it has is that MD5 collisions are increasingly
easy to generate (down from 2^63 to the range of 2^48), however they're
still far from a practical means of faking authentication.

RE: [vchkpw] chkuser 2.0.8b

2005-09-22 Thread Nicholas Harring

 A better idea... The most of probably use qmail because there is
 vpopmail.
 What about rewriting around vpopmail a modern, robust and
customizable
 MTA
 that does not force us to be acrobats in order to add functionalities
to
 qmail?
 
 Do you have considered how many changes vpopmail has undergone the
last
 years ?
And what exactly does this have to do with the subject being discussed?
Since vpopmail changes so much qmail is the only mta to use? 
Hell, if the vpopmail folks would get their butts into the 21st century
and use shared libraries all of the hell of upgrading vpopmail from one
version to the next would also disappear. And I can get on my high horse
about this since I submitted patches to facilitate this ages ago. They
worked, weren't too ugly, and I offered to make any cleanups people
wanted to see.
I disagree with the concept of writing a new MTA (we've got several
really good ones out there already), but I agree with the end result of
vpopmail being more useable by more people.
 Did you ever do a code digest ?
Again, wtf is the relevance?
 Do you have the slightest idea how vchkpw works ?
Since I do have a pretty solid understanding, I'm quite confident in
saying that I think vpopmail really ought to be ported to work with
postfix or exim in a much cleaner fashion. While I admire qmail a lot,
especially when considering its late 90s tech, I definitely am cognizant
of its short comings. The lack of a license, and the resultant patch
nightmare it creates is probably the single largest liability of qmail.

RE: [vchkpw] chkuser 2.0.8b

2005-09-22 Thread Erwin Hoffmann


Hi,

At 15:41 22.09.2005 -0500, you wrote:

 On Sep 22, 2005, at 1:27 PM, Erwin Hoffmann wrote:
  If you use CRAM-MD5 for the AUTH method, it's impossible to sniff
  the cleartext password.
 
  I don't bet on this. If you tape the SMTP dialoge, its easy to
encrypt
  the password.

 I think you're wrong.  AUTH PLAIN and AUTH LOGIN are just base64
 encoded cleartext and you can determine the password from them.
 CRAM-MD5 involves a one-way hash.  It is impossible to reverse the
hash
 and determine the cleartext password.  Each time you connect, a
 different challenge results in a different response.  The only way the
 server and client can generate the correct response is to have the
same
 cleartext password available.

 Given the challenge and response, it is not possible to generate the
 cleartext password.

I'm with Tom on this one, the CRAM-MD5 algorithm makes snooping to get
the password unpossible excepting brute force.
The only real problem it has is that MD5 collisions are increasingly
easy to generate (down from 2^63 to the range of 2^48), however they're
still far from a practical means of faking authentication.


C'm on. The generation of the challenge and the way its used in qmail is 
well documented on my web site http://www.fehcom.de/qmail/smtpauth.html.


Everyone can read that and download the code to do it.

The only free parameters are the timestamp and the pid of the current process.

regards.
--eh.

RE: [vchkpw] chkuser 2.0.8b

2005-09-22 Thread Nicholas Harring

 
 C'm on. The generation of the challenge and the way its used in
qmail is
 well documented on my web site
http://www.fehcom.de/qmail/smtpauth.html.
 
 Everyone can read that and download the code to do it.
 
 The only free parameters are the timestamp and the pid of the current
 process.
 
I'm obviously missing something here, though I did reread the site for
the umpteenth time in the last few years. Yes using the pid and
timestamp as part of the challenge is weak. Yes the implementation ought
to be fixed. No it doesn't compromise security because the challenge
isn't the important part. 
You claimed that by recording the smtp conversation, or at least the
portion relating to the AUTH process, was enough to encrypt the
password. I'm assuming you meant decrypt (which would be the wrong word
here since you don't decrypt a hash since it isn't encryption in the
normal sense but is much more accurately described as obfuscation). So
we're at the original situation as stated by Tom Collins and myself,
namely that you can't go from an MD5 hash of the password and challenge
to the password itself. Its not done anywhere in the code, because it's
mathematically not doable. That's the whole point of one-way hashing
as I'm sure you're aware.
Can you please provide a description of exactly how you would take such
a network dump and return the password? I'd even be willing to provide
such a dump and publicly declare you right if you sent me the correct
password and only the correct password in one try. 
If you're unable to do the above, I'd really appreciate if you'd stop
spreading FUD and acknowledge that while CRAM-MD5 has its weak points
vulnerability to network snooping is not one of them at this point in
time.

Cheers,
Nick

Re: [vchkpw] chkuser 2.0.8b

2005-09-22 Thread Tom Collins


On Sep 22, 2005, at 2:10 PM, Erwin Hoffmann wrote:
C'm on. The generation of the challenge and the way its used in 
qmail is well documented on my web site 
http://www.fehcom.de/qmail/smtpauth.html.


Everyone can read that and download the code to do it.

The only free parameters are the timestamp and the pid of the current 
process.


And the code to generate the response is freely available in an RFC.  I 
know -- I implemented SMTP AUTH client code to work with PLAIN, LOGIN 
and CRAM-MD5.


Even so, it's a one-way function.  Given the challenge and the 
response, you cannot derive the cleartext password.


This is the reason vpopmail requires cleartext passwords if you want to 
use CRAM-MD5.  There's no way for it to derive the cleartext password 
from CRAM-MD5 in order to run it through crypt() with the proper salt 
and compare it to the stored, encrypted version.


--
Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
You don't need a laptop to troubleshoot high-speed Internet: 
sniffter.com

Re: [vchkpw] chkuser 2.0.8b

2005-09-21 Thread Aleks Olsen

Hi 

I didnt. I missed the trailing */ on that line it seems. Thanks!
-
Now, it seems the patch didnt like working with auth-jms1.4a.patch(auth patch) and/or qmail-1.03-jms1.5.patch (tls patch). 

I got the auth patch from the vpopmail contrib dir and tried with that,
leaving the ones mentioned above out of it and then patched with the
netqmail*auth*chkuser patch. I believe im not really in the need for
that tls anyways for smtp transactions. Now, anyone know if there is
another trick to that to make the auth work with chkuser? Qmail
compiled fine
with the patches and the result at the moment is the the smtp wont auth
anyone and chkuser works somewhat how it is designed to work (sweet).

220 mx.domain.com ESMTP
ehlo
250-mx.domain.com
250-PIPELINING
250-8BITMIME
250-SIZE 0
250 AUTH LOGIN PLAIN

chkuser.c
#include /home/vpopmail/include/vpopmail.h
#include /home/vpopmail/include/vauth.h
#include /home/vpopmail/include/vpopmail_config.h

/* #define CHKUSER_ENABLE_VAUTH_OPEN */

/usr/local/bin/tcpserver -v -R -l $LOCAL -x /etc/tcp.smtp.cdb -c $MAXSMTPD \
-u $QMAILDUID -g $NOFILESGID 0 smtp \
/var/qmail/bin/qmail-smtpd mx.domain.com \
/home/vpopmail/bin/vchkpw /usr/bin/true 21

I undefined and defined /* #define CRAM_MD5 */ from qmail-smtpd.c, compiled fine - but no-go. Wont auth.

Anyone notice anything i might have missed out?

This hoffman patch -should- work with a vpopmail/mysql setup right?

Thanks!

/AleksanderOn 9/20/05, tonix (Antonio Nati) [EMAIL PROTECTED] wrote:


At 11.51 20/09/2005, you wrote:
Tried to patch up a clean src of
qmail-1.03. I get the same error as I get with the already patched up
src.
Hope this is right.

Yes. How did you define CHKUSER_STARTING_VARIABLE within
chkuser_settings.h?
Tonino
Thanks,
/Aleksander
-
static void first_time_init (void) {
 char * temp_string;
#if !defined CHKUSER_ALWAYS_ON  defined
CHKUSER_STARTING_VARIABLE
 starting_string = env_get
(CHKUSER_STARTING_VARIABLE);
 if (starting_string) {

if (strcasecmp(starting_string, ALWAYS) == 0) {
starting_value = 1;

} else if (strcasecmp(starting_string, DOMAIN) == 0) {

starting_value = 0;

}
 } else {

starting_string = ;
 }
#endif
-
./load qmail-qmtpd rcpthosts.o control.o constmap.o \
received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \
datetime.a open.a getln.a sig.a case.a env.a stralloc.a \
alloc.a substdio.a error.a str.a fs.a auto_qmail.o 
./compile qmail-smtpd.c
qmail-smtpd.c: In function `main':
qmail-smtpd.c:1021: warning: return type of `main' is not `int'
./compile spf.c
./compile base64.c
./compile chkuser.c
chkuser.c: In function `first_time_init':
chkuser.c:425: error: syntax error before '/' token
make: *** [chkuser.o] Error 1

On 9/20/05, tonix (Antonio Nati)
[EMAIL PROTECTED]
wrote:


At 11.26 20/09/2005, you wrote:



Hi,



Trying to patch up an already auth+tls+spf patched qmail-smtpd and
seems i hit a rock and

hoping for some guidance. 



I followed the manual patch guide at

http://www.interazioni.it/opensource/chkuser/documentation/installation/manual.html
 and think I somewhat 

fit all the pices in the right places. When i now try to compile it I
get this:



make

./compile chkuser.c

chkuser.c: In function `first_time_init':

chkuser.c:425: error: syntax error before '/' token

make: *** [chkuser.o] Error 1



I have not changed anything directly within the .c
file

Can you pls post ten lines of code surrounding the error?

Tonino




Anyone got a clue?



Thanks!



/Aleksander

Re: [vchkpw] chkuser 2.0.8b

2005-09-21 Thread tonix (Antonio Nati)



At 11.14 21/09/2005, you wrote:
Hi 
I didnt. I missed the trailing */ on that line it seems. Thanks!
-
Now, it seems the patch didnt like working with auth-jms1.4a.patch(auth
patch) and/or qmail-1.03-jms1.5.patch (tls patch). 
I got the auth patch from the vpopmail contrib dir and tried with that,
leaving the ones mentioned above out of it and then patched with the
netqmail*auth*chkuser patch. I believe im not really in the need for that
tls anyways for smtp transactions. Now, anyone know if there is another
trick to that to make the auth work with chkuser? Qmail compiled
fine
with the patches and the result at the moment is the the smtp wont auth
anyone and chkuser works somewhat how it is designed to work
(sweet).
220 mx.domain.com ESMTP
ehlo
250-mx.domain.com
250-PIPELINING
250-8BITMIME
250-SIZE 0
250 AUTH LOGIN PLAIN
chkuser.c
#include /home/vpopmail/include/vpopmail.h
#include /home/vpopmail/include/vauth.h
#include /home/vpopmail/include/vpopmail_config.h
/* #define CHKUSER_ENABLE_VAUTH_OPEN */
/usr/local/bin/tcpserver -v -R -l $LOCAL -x /etc/tcp.smtp.cdb
-c $MAXSMTPD \
-u $QMAILDUID -g $NOFILESGID 0 smtp \
/var/qmail/bin/qmail-smtpd
mx.domain.com \
/home/vpopmail/bin/vchkpw /usr/bin/true 21

Why are you running it with -u $QMAILDUID ?
You should run it as vpopmail, excluding any uidswitching (if you enabled
uidswitching within chkuser_settings.h, comment it).
Cert must be owned by vpopmail as well.
Tonino
I undefined and defined /*
#define CRAM_MD5 */ from qmail-smtpd.c, compiled fine - but no-go. Wont
auth.
Anyone notice anything i might have missed out?
This hoffman patch -should- work with a vpopmail/mysql setup
right?
Thanks!
/Aleksander
On 9/20/05, tonix (Antonio Nati)
[EMAIL PROTECTED]
wrote:


At 11.51 20/09/2005, you wrote:

Tried to patch up a clean src of qmail-1.03. I get the same error as
I get with the already patched up src.

Hope this is right.

Yes. How did you define CHKUSER_STARTING_VARIABLE within
chkuser_settings.h?

Tonino


Thanks,

/Aleksander

-

static void first_time_init (void) {

 char * temp_string;

#if !defined CHKUSER_ALWAYS_ON  defined
CHKUSER_STARTING_VARIABLE

 starting_string = env_get
(CHKUSER_STARTING_VARIABLE);

 if (starting_string)
{



if (strcasecmp(starting_string, ALWAYS) == 0) {



starting_value = 1;



} else if (strcasecmp(starting_string, DOMAIN) == 0) {



starting_value = 0;



}

 } else {



starting_string = ;

 }

#endif

-

./load qmail-qmtpd rcpthosts.o control.o constmap.o \

received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \

datetime.a open.a getln.a sig.a case.a env.a stralloc.a \

alloc.a substdio.a error.a str.a fs.a auto_qmail.o 

./compile qmail-smtpd.c

qmail-smtpd.c: In function `main':

qmail-smtpd.c:1021: warning: return type of `main' is not `int'

./compile spf.c

./compile base64.c

./compile chkuser.c

chkuser.c: In function `first_time_init':

chkuser.c:425: error: syntax error before '/' token

make: *** [chkuser.o] Error 1


On 9/20/05, tonix (Antonio Nati)
[EMAIL PROTECTED]
wrote:

At 11.26 20/09/2005, you
wrote:

Hi,

Trying to patch up an already auth+tls+spf patched qmail-smtpd and
seems i hit a rock and
hoping for some guidance. 

I followed the manual patch guide at

http://www.interazioni.it/opensource/chkuser/documentation/installation/manual.html
 and think I somewhat 
fit all the pices in the right places. When i now try to compile it I
get this:

make
./compile chkuser.c
chkuser.c: In function `first_time_init':
chkuser.c:425: error: syntax error before '/' token
make: *** [chkuser.o] Error 1

I have not changed anything directly within the .c file
Can you pls post ten lines of code surrounding the error?

Tonino



Anyone got a clue?

Thanks!

/Aleksander

Re: [vchkpw] chkuser 2.0.8b

2005-09-21 Thread Aleks Olsen

Sorry, ill include the complete run file;

#!/bin/sh
QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl ; export QMAILQUEUE
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD -o -z $LOCAL ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo No /var/qmail/control/rcpthosts!
echo Refusing to start SMTP listener because it'll create an open relay
exit 1
fi
exec /usr/local/bin/softlimit -m 4000 \
/usr/local/bin/tcpserver -v -R -l $LOCAL -x /etc/tcp.smtp.cdb -c $MAXSMTPD \
-u $QMAILDUID -g $NOFILESGID 0 smtp \
/var/qmail/bin/qmail-smtpd mx.domain.com \
/home/vpopmail/bin/vchkpw /usr/bin/true 21

/AleksanderOn 9/21/05, tonix (Antonio Nati) [EMAIL PROTECTED] wrote:


At 11.14 21/09/2005, you wrote:
Hi 
I didnt. I missed the trailing */ on that line it seems. Thanks!
-
Now, it seems the patch didnt like working with auth-jms1.4a.patch(auth
patch) and/or qmail-1.03-jms1.5.patch (tls patch). 
I got the auth patch from the vpopmail contrib dir and tried with that,
leaving the ones mentioned above out of it and then patched with the
netqmail*auth*chkuser patch. I believe im not really in the need for that
tls anyways for smtp transactions. Now, anyone know if there is another
trick to that to make the auth work with chkuser? Qmail compiled
fine
with the patches and the result at the moment is the the smtp wont auth
anyone and chkuser works somewhat how it is designed to work
(sweet).
220 mx.domain.com ESMTP
ehlo
250-mx.domain.com
250-PIPELINING
250-8BITMIME
250-SIZE 0
250 AUTH LOGIN PLAIN
chkuser.c
#include /home/vpopmail/include/vpopmail.h
#include /home/vpopmail/include/vauth.h
#include /home/vpopmail/include/vpopmail_config.h
/* #define CHKUSER_ENABLE_VAUTH_OPEN */
/usr/local/bin/tcpserver -v -R -l $LOCAL -x /etc/tcp.smtp.cdb
-c $MAXSMTPD \
-u $QMAILDUID -g $NOFILESGID 0 smtp \
/var/qmail/bin/qmail-smtpd
mx.domain.com \
/home/vpopmail/bin/vchkpw /usr/bin/true 21

Why are you running it with -u $QMAILDUID ?
You should run it as vpopmail, excluding any uidswitching (if you enabled
uidswitching within chkuser_settings.h, comment it).
Cert must be owned by vpopmail as well.
Tonino
I undefined and defined /*
#define CRAM_MD5 */ from qmail-smtpd.c, compiled fine - but no-go. Wont
auth.
Anyone notice anything i might have missed out?
This hoffman patch -should- work with a vpopmail/mysql setup
right?
Thanks!
/Aleksander
On 9/20/05, tonix (Antonio Nati)
[EMAIL PROTECTED]
wrote:


At 11.51 20/09/2005, you wrote:

Tried to patch up a clean src of qmail-1.03. I get the same error as
I get with the already patched up src.

Hope this is right.

Yes. How did you define CHKUSER_STARTING_VARIABLE within
chkuser_settings.h?

Tonino


Thanks,

/Aleksander

-

static void first_time_init (void) {

 char * temp_string;

#if !defined CHKUSER_ALWAYS_ON  defined
CHKUSER_STARTING_VARIABLE

 starting_string = env_get
(CHKUSER_STARTING_VARIABLE);

 if (starting_string)
{



if (strcasecmp(starting_string, ALWAYS) == 0) {


starting_value = 1;



} else if (strcasecmp(starting_string, DOMAIN) == 0) {



starting_value = 0;



}

 } else {



starting_string = ;

 }

#endif

-

./load qmail-qmtpd rcpthosts.o control.o constmap.o \

received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \

datetime.a open.a getln.a sig.a case.a env.a stralloc.a \

alloc.a substdio.a error.a str.a fs.a auto_qmail.o 

./compile qmail-smtpd.c

qmail-smtpd.c: In function `main':

qmail-smtpd.c:1021: warning: return type of `main' is not `int'

./compile spf.c

./compile base64.c

./compile chkuser.c

chkuser.c: In function `first_time_init':

chkuser.c:425: error: syntax error before '/' token

make: *** [chkuser.o] Error 1


On 9/20/05, tonix (Antonio Nati)
[EMAIL PROTECTED]
wrote:

At 11.26 20/09/2005, you
wrote:

Hi,

Trying to patch up an already auth+tls+spf patched qmail-smtpd and
seems i hit a rock and
hoping for some guidance. 

I followed the manual patch guide at

http://www.interazioni.it/opensource/chkuser/documentation/installation/manual.html
 and think I somewhat 
fit all the pices in the right places. When i now try to compile it I
get this:

make
./compile chkuser.c
chkuser.c: In function `first_time_init':
chkuser.c:425: error: syntax error before '/' token
make: *** [chkuser.o] Error 1

I have not changed anything directly within the .c file
Can you pls post ten lines of code surrounding the error?

Tonino



Anyone got a clue?

Thanks!

/Aleksander

Re: [vchkpw] chkuser 2.0.8b

2005-09-21 Thread tonix (Antonio Nati)



At 11.56 21/09/2005, you wrote:
-



Now, it seems the patch didnt like working with
auth-jms1.4a.patch(auth patch) and/or qmail-1.03-jms1.5.patch (tls
patch). 

I got the auth patch from the vpopmail contrib dir and tried with
that, leaving the ones mentioned above out of it and then patched


Sorry, I never try those patches.
Can you try them WITHOUT chkuser and check if problem comes from
chkuser?
[Not related strictly to the problem, but may help... When possible I
suggest to put auth system on different addresses than normal smtp, and
disable chkuser, because Outlook does not handle correctly KO
messages and it would be preferable to send back to sender a normal mail
delivery message (user are trusted, so there should be no risk of spam
disabling chkuser). Or, set up a variable excluding chkuser when user is
authenticated.]
Tonino

Re: [vchkpw] chkuser 2.0.8b

2005-09-21 Thread Bruno Negrao




Aleks,

I also had problems when I tried to install chkuser 
and the auth patch in vpopmail/contrib.

I discovered that Bill Shupp's qmail-toaster http://shupp.org/toaster/already has 
netqmail+chkuser+auth+tls patches and I'm testing it now. On the toaster mailing 
list you'll find Antonio Nati and other niceguys. There is even an EMPF 
patch made specially for qmail-toaster, but not for netqmail.

It seems to me that there's a lot of people 
supporting qmail-toaster. Maybe you'd like to try qmail-toaster installation 
instead of installing all these patches by hand (this is what I'm trying to get 
with qmail-toaster).

Regards,
bnegrao

  - Original Message - 
  From: 
  Aleks Olsen 
  To: vchkpw@inter7.com 
  Sent: Wednesday, September 21, 2005 7:14 
  AM
  Subject: Re: [vchkpw] chkuser 
2.0.8b
  Hi I didnt. I missed the trailing */ on that line it 
  seems. Thanks!-Now, it seems the patch didnt like working with 
  auth-jms1.4a.patch(auth patch) and/or qmail-1.03-jms1.5.patch (tls patch). 
  I got the auth patch from the vpopmail contrib dir and tried with 
  that, leaving the ones mentioned above out of it and then patched with the 
  netqmail*auth*chkuser patch. I believe im not really in the need for that tls 
  anyways for smtp transactions. Now, anyone know if there is another trick to 
  that to make the auth work with chkuser? Qmail compiled finewith the 
  patches and the result at the moment is the the smtp wont auth anyone and 
  chkuser works somewhat how it is designed to work (sweet).220 mx.domain.com ESMTPehlo250-mx.domain.com250-PIPELINING250-8BITMIME250-SIZE 
  0250 AUTH LOGIN PLAINchkuser.c#include 
  "/home/vpopmail/include/vpopmail.h"#include 
  "/home/vpopmail/include/vauth.h"#include 
  "/home/vpopmail/include/vpopmail_config.h"/* #define 
  CHKUSER_ENABLE_VAUTH_OPEN *//usr/local/bin/tcpserver -v -R -l "$LOCAL" 
  -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \-u "$QMAILDUID" -g "$NOFILESGID" 0 
  smtp \/var/qmail/bin/qmail-smtpd mx.domain.com \/home/vpopmail/bin/vchkpw 
  /usr/bin/true 21I undefined and defined /* #define CRAM_MD5 
  */ from qmail-smtpd.c, compiled fine - but no-go. Wont auth.Anyone 
  notice anything i might have missed out?This hoffman patch -should- 
  work with a vpopmail/mysql setup 
  right?Thanks!/Aleksander
  On 9/20/05, tonix 
  (Antonio Nati) [EMAIL PROTECTED] wrote:
  At 11.51 20/09/2005, you wrote:
Tried to patch up a clean src of 
  qmail-1.03. I get the same error as I get with the already patched up 
  src.Hope this is right.Yes. How did you 
define CHKUSER_STARTING_VARIABLE within chkuser_settings.h?Tonino

Thanks,/Aleksander-static void first_time_init 
  (void) { char * temp_string;#if !defined 
  CHKUSER_ALWAYS_ON  defined 
  CHKUSER_STARTING_VARIABLE 
  starting_string = env_get 
  (CHKUSER_STARTING_VARIABLE); 
  if (starting_string) 
  { 
  if (strcasecmp(starting_string, "ALWAYS") == 0) 
  { 
  starting_value = 
  1; 
  } else if (strcasecmp(starting_string, "DOMAIN") == 0) 
  { 
  starting_value = 
  0; 
  } } else 
  { 
  starting_string = ""; 
  }#endif-./load qmail-qmtpd rcpthosts.o control.o 
  constmap.o \received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a 
  \datetime.a open.a getln.a sig.a case.a env.a stralloc.a \alloc.a 
  substdio.a error.a str.a fs.a auto_qmail.o ./compile 
  qmail-smtpd.cqmail-smtpd.c: In function `main':qmail-smtpd.c:1021: 
  warning: return type of `main' is not `int'./compile 
  spf.c./compile base64.c./compile chkuser.cchkuser.c: In 
  function `first_time_init':chkuser.c:425: error: syntax error before 
  '/' tokenmake: *** [chkuser.o] Error 1On 9/20/05, tonix 
  (Antonio Nati) [EMAIL PROTECTED] wrote:
  
At 11.26 20/09/2005, you wrote:

  
  Hi,
  
  Trying to patch up an already auth+tls+spf patched qmail-smtpd and 
  seems i hit a rock and
  hoping for some guidance. 
  
  I followed the manual patch guide at http://www.interazioni.it/opensource/chkuser/documentation/installation/manual.html 
   and think I somewhat 
  fit all the pices in the right places. When i now try to compile 
  it I get this:
  
  make
  ./compile chkuser.c
  chkuser.c: In function `first_time_init':
  chkuser.c:425: error: syntax error before '/' token
  make: *** [chkuser.o] Error 1
  
  I have not changed anything directly within the .c 
file
Can you pls post ten lines of code surrounding the error?
Tonino

  
  Anyone got a clue?
  
  Thanks!
  
  /Aleksander

Re: [vchkpw] chkuser 2.0.8b

2005-09-21 Thread Aleks Olsen


Thanks Bruno, but im not that keen on the TLS support anymore. Perhaps i'll toast next time :)

For now im going to figure out why i cant auth with the  vpopmail/contrib/auth patch or the newest version http://www.fehcom.de/qmail/auth/qmail-smtpd-auth-057_tgz.bin
. 

4549  220 mx.domain.com ESMTP
4549  EHLO [192.168.0.100]
4549  250-mx.domain.com
4549  250-PIPELINING
4549  250-8BITMIME
4549  250-SIZE 0
4549  250 AUTH LOGIN PLAIN CRAM-MD5
4549  AUTH CRAM-MD5
4549  334 PDExLjExMjczMDdAbXguY29uZmlnLm5vPg==
4549  YWxla3NhbmRlckBvbHNlbi5jbiBkOJlNzdmZGVkMzUzYjA1ZDZlZDU4ZGNlZQ==
4549  535 authentication failed (#5.7.1)
4549  AUTH PLAIN AGFsZWtzYW5kZXJAb2xzZ4AeWY4NDRpdG8=
4549  535 authentication failed (#5.7.1)
4549  AUTH LOGIN
4549  334 VXNlcmbWU6
4549  YWxla3NhlckBvbHNlbi5jbg==
4549  334 UGFzc3dvcmQ6
4549  eWY4NpdG8=
4549  535 authentication failed (#5.7.1)


Thanks!

On 9/21/05, Bruno Negrao [EMAIL PROTECTED] wrote:







Aleks,

I also had problems when I tried to install chkuser 
and the auth patch in vpopmail/contrib.

I discovered that Bill Shupp's qmail-toaster http://shupp.org/toaster/already has 
netqmail+chkuser+auth+tls patches and I'm testing it now. On the toaster mailing 
list you'll find Antonio Nati and other niceguys. There is even an EMPF 
patch made specially for qmail-toaster, but not for netqmail.

It seems to me that there's a lot of people 
supporting qmail-toaster. Maybe you'd like to try qmail-toaster installation 
instead of installing all these patches by hand (this is what I'm trying to get 
with qmail-toaster).

Regards,
bnegrao

  - Original Message - 
  
From: 
  Aleks Olsen 
  To: 
vchkpw@inter7.com 
  Sent: Wednesday, September 21, 2005 7:14 
  AM
  Subject: Re: [vchkpw] chkuser 
2.0.8b
  Hi I didnt. I missed the trailing */ on that line it 
  seems. Thanks!-Now, it seems the patch didnt like working with 
  auth-jms1.4a.patch(auth patch) and/or qmail-1.03-jms1.5.patch (tls patch). 
  I got the auth patch from the vpopmail contrib dir and tried with 
  that, leaving the ones mentioned above out of it and then patched with the 
  netqmail*auth*chkuser patch. I believe im not really in the need for that tls 
  anyways for smtp transactions. Now, anyone know if there is another trick to 
  that to make the auth work with chkuser? Qmail compiled finewith the 
  patches and the result at the moment is the the smtp wont auth anyone and 
  chkuser works somewhat how it is designed to work (sweet).220 mx.domain.com ESMTPehlo
250-mx.domain.com250-PIPELINING250-8BITMIME250-SIZE 
  0250 AUTH LOGIN PLAINchkuser.c#include 
  /home/vpopmail/include/vpopmail.h#include 
  /home/vpopmail/include/vauth.h#include 
  /home/vpopmail/include/vpopmail_config.h/* #define 
  CHKUSER_ENABLE_VAUTH_OPEN *//usr/local/bin/tcpserver -v -R -l $LOCAL 
  -x /etc/tcp.smtp.cdb -c $MAXSMTPD \-u $QMAILDUID -g $NOFILESGID 0 
  smtp \/var/qmail/bin/qmail-smtpd mx.domain.com \/home/vpopmail/bin/vchkpw 
  /usr/bin/true 21I undefined and defined /* #define CRAM_MD5 
  */ from qmail-smtpd.c, compiled fine - but no-go. Wont auth.Anyone 
  notice anything i might have missed out?This hoffman patch -should- 
  work with a vpopmail/mysql setup 
  right?Thanks!/Aleksander
  On 9/20/05, tonix 
  (Antonio Nati) [EMAIL PROTECTED] wrote:
  At 11.51 20/09/2005, you wrote:
Tried to patch up a clean src of 
  qmail-1.03. I get the same error as I get with the already patched up 
  src.Hope this is right.Yes. How did you 
define CHKUSER_STARTING_VARIABLE within chkuser_settings.h?Tonino

Thanks,/Aleksander-static void first_time_init 
  (void) { char * temp_string;#if !defined 
  CHKUSER_ALWAYS_ON  defined 
  CHKUSER_STARTING_VARIABLE 
  starting_string = env_get 
  (CHKUSER_STARTING_VARIABLE); 
  if (starting_string) 
  { 
  if (strcasecmp(starting_string, ALWAYS) == 0) 
  {
starting_value = 1; 
  } else if (strcasecmp(starting_string, DOMAIN) == 0) 
  {
starting_value = 0; 
  } } else 
  { 
  starting_string = ; 
  }#endif-./load qmail-qmtpd rcpthosts.o control.o 
  constmap.o \received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a 
  \datetime.a open.a getln.a sig.a case.a env.a stralloc.a \alloc.a 
  substdio.a error.a str.a fs.a auto_qmail.o ./compile 
  qmail-smtpd.cqmail-smtpd.c: In function `main':qmail-smtpd.c:1021: 
  warning: return type of `main' is not `int'./compile 
  spf.c./compile base64.c./compile chkuser.cchkuser.c: In 
  function `first_time_init':chkuser.c:425: error: syntax error before 
  '/' tokenmake: *** [chkuser.o] Error 1On 9/20/05, tonix 
  (Antonio Nati) [EMAIL PROTECTED] wrote:
  
At 11.26 20/09/2005, you wrote:

  
  Hi,
  
  Trying to patch up an already auth+tls+spf patched qmail-smtpd and 
  seems i hit a rock and
  hoping for some guidance. 
  
  I followed the manual patch guide at 
http

Re: [vchkpw] chkuser 2.0.8b

2005-09-21 Thread Bruno Negrao


Did you remember to correctly start qmail-smtpd on the run script?
Bellow is an example of a working one:

#!/bin/sh
VPOPMAILUID=`id -u vpopmail`
VPOPMAILGID=`id -g vpopmail`
VpopmailHome=`grep vpopmail /etc/passwd|cut -d':' -f6`
#SIMSCAN_DEBUG=2
#QMAILQUEUE=/var/qmail/bin/simscan
#export QMAILQUEUE SIMSCAN_DEBUG
#export QMAILQUEUE
exec /usr/local/bin/softlimit -m 1000 \
/usr/local/bin/tcpserver -v -p -x $VpopmailHome/etc/tcp.smtp.cdb \
 -u $VPOPMAILUID -g $VPOPMAILGID 0 smtp \
/usr/local/bin/recordio sh -c '/var/qmail/bin/qmail-smtpd \
   /var/vpopmail/bin/vchkpw /usr/bin/true 21'

regards,
bnegrao

- Original Message - 
From: Aleks Olsen

To: vchkpw@inter7.com
Sent: Wednesday, September 21, 2005 10:38 AM
Subject: Re: [vchkpw] chkuser 2.0.8b



Thanks Bruno, but im not that keen on the TLS support anymore. Perhaps i'll 
toast next time :)


For now im going to figure out why i cant auth with the 
vpopmail/contrib/auth patch or the newest version 
http://www.fehcom.de/qmail/auth/qmail-smtpd-auth-057_tgz.bin .


4549  220 mx.domain.com ESMTP
4549  EHLO [192.168.0.100]
4549  250-mx.domain.com
4549  250-PIPELINING
4549  250-8BITMIME
4549  250-SIZE 0
4549  250 AUTH LOGIN PLAIN CRAM-MD5
4549  AUTH CRAM-MD5
4549  334 PDExLjExMjczMDdAbXguY29uZmlnLm5vPg==
4549  YWxla3NhbmRlckBvbHNlbi5jbiBkOJlNzdmZGVkMzUzYjA1ZDZlZDU4ZGNlZQ==
4549  535 authentication failed (#5.7.1)
4549  AUTH PLAIN AGFsZWtzYW5kZXJAb2xzZ4AeWY4NDRpdG8=
4549  535 authentication failed (#5.7.1)
4549  AUTH LOGIN
4549  334 VXNlcmbWU6
4549  YWxla3NhlckBvbHNlbi5jbg==
4549  334 UGFzc3dvcmQ6
4549  eWY4NpdG8=
4549  535 authentication failed (#5.7.1)


Thanks!



On 9/21/05, Bruno Negrao [EMAIL PROTECTED] wrote:
Aleks,

I also had problems when I tried to install chkuser and the auth patch in 
vpopmail/contrib.


I discovered that Bill Shupp's qmail-toaster http://shupp.org/toaster/ 
already has netqmail+chkuser+auth+tls patches and I'm testing it now. On 
the toaster mailing list you'll find Antonio Nati and other nice guys. 
There is even an EMPF patch made specially for qmail-toaster, but not for 
netqmail.


It seems to me that there's a lot of people supporting qmail-toaster. Maybe 
you'd like to try qmail-toaster installation instead of installing all 
these patches by hand (this is what I'm trying to get with qmail-toaster).


Regards,
bnegrao
- Original Message - 
From: Aleks Olsen

To: vchkpw@inter7.com
Sent: Wednesday, September 21, 2005 7:14 AM
Subject: Re: [vchkpw] chkuser 2.0.8b


Hi

I didnt. I missed the trailing */ on that line it seems. Thanks!
-
Now, it seems the patch didnt like working with auth-jms1.4a.patch(auth 
patch) and/or qmail-1.03-jms1.5.patch (tls patch).


I got the auth patch from the vpopmail contrib dir and tried with that, 
leaving the ones mentioned above out of it and then patched with the 
netqmail*auth*chkuser patch. I believe im not really in the need for that 
tls anyways for smtp transactions. Now, anyone know if there is another 
trick to that to make the auth work with chkuser? Qmail compiled fine
with the patches and the result at the moment is the the smtp wont auth 
anyone and chkuser works somewhat how it is designed to work (sweet).


220 mx.domain.com ESMTP
ehlo
250-mx.domain.com
250-PIPELINING
250-8BITMIME
250-SIZE 0
250 AUTH LOGIN PLAIN

chkuser.c
#include /home/vpopmail/include/vpopmail.h
#include /home/vpopmail/include/vauth.h
#include /home/vpopmail/include/vpopmail_config.h

/* #define CHKUSER_ENABLE_VAUTH_OPEN */

/usr/local/bin/tcpserver -v -R -l $LOCAL -x /etc/tcp.smtp.cdb -c 
$MAXSMTPD \

-u $QMAILDUID -g $NOFILESGID 0 smtp \
/var/qmail/bin/qmail-smtpd mx.domain.com \
/home/vpopmail/bin/vchkpw /usr/bin/true 21

I undefined and defined /* #define CRAM_MD5 */ from qmail-smtpd.c, compiled 
fine - but no-go. Wont auth.


Anyone notice anything i might have missed out?

This hoffman patch -should- work with a vpopmail/mysql setup right?

Thanks!

/Aleksander


On 9/20/05, tonix (Antonio Nati) [EMAIL PROTECTED] wrote:
At 11.51 20/09/2005, you wrote:


Tried to patch up a clean src of qmail-1.03. I get the same error as I get 
with the already patched up src.


Hope this is right.


Yes. How did you define CHKUSER_STARTING_VARIABLE within 
chkuser_settings.h?


Tonino



Thanks,
/Aleksander

-
static void first_time_init (void) {

 char * temp_string;

#if !defined CHKUSER_ALWAYS_ON  defined CHKUSER_STARTING_VARIABLE
   starting_string = env_get (CHKUSER_STARTING_VARIABLE);
   if (starting_string) {
   if (strcasecmp(starting_string, ALWAYS) == 0) {
   starting_value = 1;
   } else if (strcasecmp(starting_string, DOMAIN) == 0) {
   starting_value = 0;
   }
   } else {
   starting_string = ;
   }
#endif

-

./load qmail-qmtpd rcpthosts.o control.o constmap.o \
received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \
datetime.a open.a getln.a sig.a case.a env.a stralloc.a \
alloc.a

Re: [vchkpw] chkuser 2.0.8b

2005-09-21 Thread Bruno Negrao




But you don't need to use TLS, your qmail will just 
support it. It won't bother you to have it. Since the toaster gives you all the 
installation steps (you cut and paste every command) you don't need to read 
boring tls stuff (i didn't).

regards,
bnegrao

  - Original Message - 
  From: 
  Aleks Olsen 
  To: vchkpw@inter7.com 
  Sent: Wednesday, September 21, 2005 10:38 
  AM
  Subject: Re: [vchkpw] chkuser 
2.0.8b
  Thanks Bruno, but im not that keen on the TLS support 
  anymore. Perhaps i'll toast next time :)For now im going to figure out 
  why i cant auth with the vpopmail/contrib/auth patch 
  or the newest version http://www.fehcom.de/qmail/auth/qmail-smtpd-auth-057_tgz.bin 
  . 4549  220 mx.domain.com ESMTP4549  EHLO 
  [192.168.0.100]4549  250-mx.domain.com4549  
  250-PIPELINING4549  250-8BITMIME4549  250-SIZE 
  04549  250 AUTH LOGIN PLAIN CRAM-MD54549  AUTH 
  CRAM-MD54549  334 
  PDExLjExMjczMDdAbXguY29uZmlnLm5vPg==4549  
  YWxla3NhbmRlckBvbHNlbi5jbiBkOJlNzdmZGVkMzUzYjA1ZDZlZDU4ZGNlZQ==4549 
   535 authentication failed (#5.7.1)4549  AUTH PLAIN 
  AGFsZWtzYW5kZXJAb2xzZ4AeWY4NDRpdG8=4549  535 authentication 
  failed (#5.7.1)4549  AUTH LOGIN4549  334 
  VXNlcmbWU64549  YWxla3NhlckBvbHNlbi5jbg==4549  334 
  UGFzc3dvcmQ64549  eWY4NpdG8=4549  535 
  authentication failed (#5.7.1)Thanks!
  On 9/21/05, Bruno 
  Negrao [EMAIL PROTECTED] 
  wrote:
  
Aleks,

I also had problems when I tried to install 
chkuser and the auth patch in vpopmail/contrib.

I discovered that Bill Shupp's qmail-toaster http://shupp.org/toaster/already has 
netqmail+chkuser+auth+tls patches and I'm testing it now. On the toaster 
mailing list you'll find Antonio Nati and other niceguys. There is 
even an EMPF patch made specially for qmail-toaster, but not for 
netqmail.

It seems to me that there's a lot of people 
supporting qmail-toaster. Maybe you'd like to try qmail-toaster installation 
instead of installing all these patches by hand (this is what I'm trying to 
get with qmail-toaster).

Regards,
bnegrao


  - 
  Original Message - 
  From: 
  Aleks Olsen 
  
  To: 
  vchkpw@inter7.com 
  Sent: 
  Wednesday, September 21, 2005 7:14 AM
  Subject: 
  Re: [vchkpw] chkuser 2.0.8b
  Hi I didnt. I missed the trailing */ on that line 
  it seems. Thanks!-Now, it seems the patch didnt like working with 
  auth-jms1.4a.patch(auth patch) and/or qmail-1.03-jms1.5.patch (tls patch). 
  I got the auth patch from the vpopmail contrib dir and tried with 
  that, leaving the ones mentioned above out of it and then patched with the 
  netqmail*auth*chkuser patch. I believe im not really in the need for that 
  tls anyways for smtp transactions. Now, anyone know if there is another 
  trick to that to make the auth work with chkuser? Qmail compiled 
  finewith the patches and the result at the moment is the the smtp wont 
  auth anyone and chkuser works somewhat how it is designed to work 
  (sweet).220 mx.domain.com 
  ESMTPehlo250-mx.domain.com250-PIPELINING250-8BITMIME250-SIZE 
  0250 AUTH LOGIN PLAINchkuser.c#include 
  "/home/vpopmail/include/vpopmail.h"#include 
  "/home/vpopmail/include/vauth.h"#include 
  "/home/vpopmail/include/vpopmail_config.h"/* #define 
  CHKUSER_ENABLE_VAUTH_OPEN *//usr/local/bin/tcpserver -v -R -l 
  "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \-u "$QMAILDUID" -g 
  "$NOFILESGID" 0 smtp \/var/qmail/bin/qmail-smtpd mx.domain.com 
  \/home/vpopmail/bin/vchkpw /usr/bin/true 21I 
  undefined and defined /* #define CRAM_MD5 */ from qmail-smtpd.c, compiled 
  fine - but no-go. Wont auth.Anyone notice anything i might have 
  missed out?This hoffman patch -should- work with a vpopmail/mysql 
  setup right?Thanks!/Aleksander
  On 9/20/05, tonix 
  (Antonio Nati) [EMAIL PROTECTED] wrote: 
  At 
11.51 20/09/2005, you wrote:
Tried to patch up a clean src of qmail-1.03. I 
  get the same error as I get with the already patched up 
  src.Hope this is right.Yes. How did 
you define CHKUSER_STARTING_VARIABLE within 
chkuser_settings.h?Tonino 

Thanks,/Aleksander-static void 
  first_time_init (void) { char * temp_string;#if 
  !defined CHKUSER_ALWAYS_ON  defined 
  CHKUSER_STARTING_VARIABLE 
  starting_string = env_get 
  (CHKUSER_STARTING_VARIABLE); 
  if (starting_string) 
  { 
  if (strcasecmp(starting_string, "ALWAYS") == 0) 
  { 
  starting_value = 
  1; 
  } else if (strcasecmp(starting_string, "DOMAIN") == 0) 
  { 
  starting_value = 
  0; 
  } } else 
  {

Re: [vchkpw] chkuser 2.0.8b

2005-09-21 Thread tonix (Antonio Nati)




Sorry for the dumb question.
Are your users/domains smtp flags not disabled?
Tonino
At 14.38 21/09/2005, you wrote:
Thanks Bruno, but im not that
keen on the TLS support anymore. Perhaps i'll toast next time :)
For now im going to figure out why i cant auth with the
vpopmail/contrib/auth patch or the newest version

http://www.fehcom.de/qmail/auth/qmail-smtpd-auth-057_tgz.bin .

4549  220 mx.domain.com
ESMTP
4549  EHLO
[192.168.0.100]
4549 
250-mx.domain.com
4549  250-PIPELINING
4549  250-8BITMIME
4549  250-SIZE 0
4549  250 AUTH LOGIN PLAIN CRAM-MD5
4549  AUTH CRAM-MD5
4549  334 PDExLjExMjczMDdAbXguY29uZmlnLm5vPg==
4549 
YWxla3NhbmRlckBvbHNlbi5jbiBkOJlNzdmZGVkMzUzYjA1ZDZlZDU4ZGNlZQ==
4549  535 authentication failed (#5.7.1)
4549  AUTH PLAIN AGFsZWtzYW5kZXJAb2xzZ4AeWY4NDRpdG8=
4549  535 authentication failed (#5.7.1)
4549  AUTH LOGIN
4549  334 VXNlcmbWU6
4549  YWxla3NhlckBvbHNlbi5jbg==
4549  334 UGFzc3dvcmQ6
4549  eWY4NpdG8=
4549  535 authentication failed (#5.7.1)

Thanks!

On 9/21/05, Bruno Negrao
[EMAIL PROTECTED]
 wrote:


Aleks,



I also had problems when I tried to install chkuser and
the auth patch in vpopmail/contrib.



I discovered that Bill Shupp's qmail-toaster
http://shupp.org/toaster/ already
has netqmail+chkuser+auth+tls patches and I'm testing it now. On the
toaster mailing list you'll find Antonio Nati and other nice guys. There
is even an EMPF patch made specially for qmail-toaster, but not for
netqmail.



It seems to me that there's a lot of people supporting
qmail-toaster. Maybe you'd like to try qmail-toaster installation instead
of installing all these patches by hand (this is what I'm trying to get
with qmail-toaster).



Regards,

bnegrao


- Original Message - 

From: Aleks Olsen


To: vchkpw@inter7.com


Sent: Wednesday, September 21, 2005 7:14 AM

Subject: Re: [vchkpw] chkuser 2.0.8b

Hi 

I didnt. I missed the trailing */ on that line it seems. Thanks!

-

Now, it seems the patch didnt like working with
auth-jms1.4a.patch(auth patch) and/or qmail-1.03-jms1.5.patch (tls
patch). 

I got the auth patch from the vpopmail contrib dir and tried with
that, leaving the ones mentioned above out of it and then patched with
the netqmail*auth*chkuser patch. I believe im not really in the need for
that tls anyways for smtp transactions. Now, anyone know if there is
another trick to that to make the auth work with chkuser? Qmail compiled
fine

with the patches and the result at the moment is the the smtp wont
auth anyone and chkuser works somewhat how it is designed to work
(sweet).

220 mx.domain.com ESMTP

ehlo

250-mx.domain.com

250-PIPELINING

250-8BITMIME

250-SIZE 0

250 AUTH LOGIN PLAIN

chkuser.c

#include /home/vpopmail/include/vpopmail.h

#include /home/vpopmail/include/vauth.h

#include
/home/vpopmail/include/vpopmail_config.h

/* #define CHKUSER_ENABLE_VAUTH_OPEN */

/usr/local/bin/tcpserver -v -R -l $LOCAL -x
/etc/tcp.smtp.cdb -c $MAXSMTPD \

-u $QMAILDUID -g $NOFILESGID 0 smtp \

/var/qmail/bin/qmail-smtpd
mx.domain.com \

/home/vpopmail/bin/vchkpw /usr/bin/true 21

I undefined and defined /* #define CRAM_MD5 */ from qmail-smtpd.c,
compiled fine - but no-go. Wont auth.

Anyone notice anything i might have missed out?

This hoffman patch -should- work with a vpopmail/mysql setup
right?

Thanks!

/Aleksander

On 9/20/05, tonix (Antonio Nati)
[EMAIL PROTECTED]
wrote: 


At 11.51 20/09/2005, you wrote:

Tried to patch up a clean src of qmail-1.03. I get the same error as
I get with the already patched up src.

Hope this is right.

Yes. How did you define CHKUSER_STARTING_VARIABLE within
chkuser_settings.h?

Tonino 


Thanks,

/Aleksander

-

static void first_time_init (void) {

 char * temp_string;

#if !defined CHKUSER_ALWAYS_ON  defined
CHKUSER_STARTING_VARIABLE

 starting_string = env_get
(CHKUSER_STARTING_VARIABLE);

 if (starting_string)
{



if (strcasecmp(starting_string, ALWAYS) == 0) {



starting_value = 1;



} else if (strcasecmp(starting_string, DOMAIN) == 0) {



starting_value = 0;



}

 } else {



starting_string = ;

 }

#endif

-

./load qmail-qmtpd rcpthosts.o control.o constmap.o \

received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \

datetime.a open.a getln.a sig.a case.a env.a stralloc.a \

alloc.a substdio.a error.a str.a fs.a auto_qmail.o 

./compile qmail-smtpd.c

qmail-smtpd.c: In function `main':

qmail-smtpd.c:1021: warning: return type of `main' is not `int'

./compile spf.c

./compile base64.c

./compile chkuser.c

chkuser.c: In function `first_time_init':

chkuser.c:425: error: syntax error before '/' token

make: *** [chkuser.o] Error 1


On 9/20/05, tonix (Antonio Nati)
[EMAIL PROTECTED]
wrote:

At 11.26 20/09/2005, you
wrote:
 
Hi,

 
Trying to patch up an already auth+tls+spf patched qmail-smtpd and
seems i hit a rock and
hoping for some guidance. 

 
I followed the manual patch guide at

http://www.interazioni.it/opensource/chkuser/documentation/installation/manual.html
 and think I somewhat 
fit all the pices in the right

Re: [vchkpw] chkuser 2.0.8b

2005-09-21 Thread Aleks Olsen

Im not really suer what flags you are aiming for tonix. But i guess
they could be enabled/disabled?

Aleks


On 9/21/05, tonix (Antonio Nati) [EMAIL PROTECTED] wrote:

  Sorry for the dumb question.

  Are your users/domains smtp flags not disabled?

  Tonino


  At 14.38 21/09/2005, you wrote:


 Thanks Bruno, but im not that keen on the TLS support anymore. Perhaps i'll 
 toast next time :)

  For now im going to figure out why i cant auth with the 
 vpopmail/contrib/auth patch or the newest version   
 http://www.fehcom.de/qmail/auth/qmail-smtpd-auth-057_tgz.bin .

   4549  220 mx.domain.com ESMTP
   4549  EHLO [192.168.0.100]
   4549  250-mx.domain.com
   4549  250-PIPELINING
   4549  250-8BITMIME
   4549  250-SIZE 0
   4549  250 AUTH LOGIN PLAIN CRAM-MD5
   4549  AUTH CRAM-MD5
   4549  334 PDExLjExMjczMDdAbXguY29uZmlnLm5vPg==
   4549  YWxla3NhbmRlckBvbHNlbi5jbiBkOJlNzdmZGVkMzUzYjA1ZDZlZDU4ZGNlZQ==
   4549  535 authentication failed (#5.7.1)
   4549  AUTH PLAIN AGFsZWtzYW5kZXJAb2xzZ4AeWY4NDRpdG8=
   4549  535 authentication failed (#5.7.1)
   4549  AUTH LOGIN
   4549  334 VXNlcmbWU6
   4549  YWxla3NhlckBvbHNlbi5jbg==
   4549  334 UGFzc3dvcmQ6
   4549  eWY4NpdG8=
   4549  535 authentication failed (#5.7.1)


  Thanks!


  On 9/21/05, Bruno Negrao [EMAIL PROTECTED]  wrote:
Aleks,

   I also had problems when I tried to install chkuser and the auth patch in 
 vpopmail/contrib.

   I discovered that Bill Shupp's qmail-toaster http://shupp.org/toaster/ 
 already has netqmail+chkuser+auth+tls patches and I'm testing it now. On the 
 toaster mailing list you'll find Antonio Nati and other nice guys. There is 
 even an EMPF patch made specially for qmail-toaster, but not for netqmail.

   It seems to me that there's a lot of people supporting qmail-toaster. Maybe 
 you'd like to try qmail-toaster installation instead of installing all these 
 patches by hand (this is what I'm trying to get with qmail-toaster).

   Regards,
   bnegrao
- Original Message -
   From: Aleks Olsen
   To: vchkpw@inter7.com
   Sent: Wednesday, September 21, 2005 7:14 AM
   Subject: Re: [vchkpw] chkuser 2.0.8b

   Hi

   I didnt. I missed the trailing */ on that line it seems. Thanks!
   -
   Now, it seems the patch didnt like working with auth-jms1.4a.patch(auth 
 patch) and/or qmail-1.03-jms1.5.patch (tls patch).

   I got the auth patch from the vpopmail contrib dir and tried with that, 
 leaving the ones mentioned above out of it and then patched with the 
 netqmail*auth*chkuser patch. I believe im not really in the need for that tls 
 anyways for smtp transactions. Now, anyone know if there is another trick to 
 that to make the auth work with chkuser? Qmail compiled fine
   with the patches and the result at the moment is the the smtp wont auth 
 anyone and chkuser works somewhat how it is designed to work (sweet).

   220 mx.domain.com ESMTP
   ehlo
   250-mx.domain.com
   250-PIPELINING
   250-8BITMIME
   250-SIZE 0
   250 AUTH LOGIN PLAIN

   chkuser.c
   #include /home/vpopmail/include/vpopmail.h
   #include /home/vpopmail/include/vauth.h
   #include /home/vpopmail/include/vpopmail_config.h

   /* #define CHKUSER_ENABLE_VAUTH_OPEN */

   /usr/local/bin/tcpserver -v -R -l $LOCAL -x /etc/tcp.smtp.cdb -c 
 $MAXSMTPD \
   -u $QMAILDUID -g $NOFILESGID 0 smtp \
   /var/qmail/bin/qmail-smtpd mx.domain.com \
   /home/vpopmail/bin/vchkpw /usr/bin/true 21

   I undefined and defined /* #define CRAM_MD5 */ from qmail-smtpd.c, compiled 
 fine - but no-go. Wont auth.

   Anyone notice anything i might have missed out?

   This hoffman patch -should- work with a vpopmail/mysql setup right?

   Thanks!

   /Aleksander

   On 9/20/05, tonix (Antonio Nati) [EMAIL PROTECTED] wrote:
At 11.51 20/09/2005, you wrote:


  Tried to patch up a clean src of qmail-1.03. I get the same error as I get 
 with the already patched up src.

   Hope this is right.
   Yes. How did you define CHKUSER_STARTING_VARIABLE within chkuser_settings.h?

   Tonino



  Thanks,
   /Aleksander

   -
   static void first_time_init (void) {

 char * temp_string;

   #if !defined CHKUSER_ALWAYS_ON  defined CHKUSER_STARTING_VARIABLE
   starting_string = env_get (CHKUSER_STARTING_VARIABLE);
   if (starting_string) {
if (strcasecmp(starting_string, ALWAYS) == 0) {
starting_value = 1;
} else if (strcasecmp(starting_string, DOMAIN) == 0) {
starting_value = 0;
}
   } else {
starting_string = ;
   }
   #endif

   -

   ./load qmail-qmtpd rcpthosts.o control.o constmap.o \
   received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \
   datetime.a open.a getln.a sig.a case.a env.a stralloc.a \
   alloc.a substdio.a error.a str.a fs.a auto_qmail.o
   ./compile qmail-smtpd.c
   qmail-smtpd.c: In function `main':
   qmail-smtpd.c:1021: warning: return type of `main' is not `int'
   ./compile spf.c

Re: [vchkpw] chkuser 2.0.8b

2005-09-20 Thread tonix (Antonio Nati)



At 11.26 20/09/2005, you wrote:

Hi,

Trying to patch up an already auth+tls+spf patched qmail-smtpd and seems
i hit a rock and
hoping for some guidance. 

I followed the manual patch guide at

http://www.interazioni.it/opensource/chkuser/documentation/installation/manual.html
 and think I somewhat 
fit all the pices in the right places. When i now try to compile it I get
this:

make
./compile chkuser.c
chkuser.c: In function `first_time_init':
chkuser.c:425: error: syntax error before '/' token
make: *** [chkuser.o] Error 1

I have not changed anything directly within the .c file

Can you pls post ten lines of code surrounding the error?
Tonino

Anyone got a clue?

Thanks!

/Aleksander

Re: [vchkpw] chkuser 2.0.8b

2005-09-20 Thread Aleks Olsen


Tried to patch up a clean src of qmail-1.03. I get the same error as I get with the already patched up src.

Hope this is right.

Thanks,
/Aleksander

-
static void first_time_init (void) {

 char * temp_string;

#if !defined CHKUSER_ALWAYS_ON  defined CHKUSER_STARTING_VARIABLE
 starting_string = env_get (CHKUSER_STARTING_VARIABLE);
 if (starting_string) {

if (strcasecmp(starting_string, ALWAYS) == 0) {

starting_value = 1;

} else if (strcasecmp(starting_string, DOMAIN) == 0) {

starting_value = 0;
 }
 } else {
 starting_string = ;
 }
#endif

-
./load qmail-qmtpd rcpthosts.o control.o constmap.o \
received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \
datetime.a open.a getln.a sig.a case.a env.a stralloc.a \
alloc.a substdio.a error.a str.a fs.a auto_qmail.o 
./compile qmail-smtpd.c
qmail-smtpd.c: In function `main':
qmail-smtpd.c:1021: warning: return type of `main' is not `int'
./compile spf.c
./compile base64.c
./compile chkuser.c
chkuser.c: In function `first_time_init':
chkuser.c:425: error: syntax error before '/' token
make: *** [chkuser.o] Error 1


On 9/20/05, tonix (Antonio Nati) [EMAIL PROTECTED] wrote:


At 11.26 20/09/2005, you wrote:

Hi,

Trying to patch up an already auth+tls+spf patched qmail-smtpd and seems
i hit a rock and
hoping for some guidance. 

I followed the manual patch guide at

http://www.interazioni.it/opensource/chkuser/documentation/installation/manual.html
 and think I somewhat 
fit all the pices in the right places. When i now try to compile it I get
this:

make
./compile chkuser.c
chkuser.c: In function `first_time_init':
chkuser.c:425: error: syntax error before '/' token
make: *** [chkuser.o] Error 1

I have not changed anything directly within the .c file

Can you pls post ten lines of code surrounding the error?
Tonino

Anyone got a clue?

Thanks!

/Aleksander

Re: [vchkpw] chkuser 2.0.8b

2005-09-20 Thread tonix (Antonio Nati)



At 11.51 20/09/2005, you wrote:
Tried to patch up a clean src of
qmail-1.03. I get the same error as I get with the already patched up
src.
Hope this is right.

Yes. How did you define CHKUSER_STARTING_VARIABLE within
chkuser_settings.h?
Tonino
Thanks,
/Aleksander
-
static void first_time_init (void) {
 char * temp_string;
#if !defined CHKUSER_ALWAYS_ON  defined
CHKUSER_STARTING_VARIABLE
 starting_string = env_get
(CHKUSER_STARTING_VARIABLE);
 if (starting_string) {

if (strcasecmp(starting_string, ALWAYS) == 0) {

starting_value = 1;

} else if (strcasecmp(starting_string, DOMAIN) == 0) {

starting_value = 0;

}
 } else {

starting_string = ;
 }
#endif
-
./load qmail-qmtpd rcpthosts.o control.o constmap.o \
received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \
datetime.a open.a getln.a sig.a case.a env.a stralloc.a \
alloc.a substdio.a error.a str.a fs.a auto_qmail.o 
./compile qmail-smtpd.c
qmail-smtpd.c: In function `main':
qmail-smtpd.c:1021: warning: return type of `main' is not `int'
./compile spf.c
./compile base64.c
./compile chkuser.c
chkuser.c: In function `first_time_init':
chkuser.c:425: error: syntax error before '/' token
make: *** [chkuser.o] Error 1

On 9/20/05, tonix (Antonio Nati)
[EMAIL PROTECTED]
wrote:


At 11.26 20/09/2005, you wrote:



Hi,



Trying to patch up an already auth+tls+spf patched qmail-smtpd and
seems i hit a rock and

hoping for some guidance. 



I followed the manual patch guide at

http://www.interazioni.it/opensource/chkuser/documentation/installation/manual.html
 and think I somewhat 

fit all the pices in the right places. When i now try to compile it I
get this:



make

./compile chkuser.c

chkuser.c: In function `first_time_init':

chkuser.c:425: error: syntax error before '/' token

make: *** [chkuser.o] Error 1



I have not changed anything directly within the .c
file

Can you pls post ten lines of code surrounding the error?

Tonino




Anyone got a clue?



Thanks!



/Aleksander

Re: [vchkpw] chkuser 2.0.8b

2005-07-27 Thread tonix (Antonio Nati)


At 18.58 26/07/2005, you wrote:


 If it works telnetting to port 25, then it should work from anywhere,
 as the protocol is the same and the programs are the same.

 What are logs saying about rejected/lost messages?

The logs say nothing.


Is there any chkuser log in /var/log/maillog (or whener you keep your logs)?

Are your logs active?

My starting script has
/var/qmail/bin/qmail-smtpd-smtp 21 | splogger mymxname 
in the last line (I don't use supervise), so my chkuser logs are active.

If your logs are active and see no chkuser logs, problem is elsewhere.


What I had noticed is that sending through an email
client, the messages do not appear to hit my system at all and are sent to
my mailbackup.  once i switch back, the mail starts comming in from the
mailbackup as normal.


Are you sure the problem is in chkuser or qmail? If mails are going 
to backup MX it looks the problem is elsewhere.


Are your clients sending to a fix relay, or are they using the best 
MX, routing by themselves?





/*
  * Uncomment this to enable uid/gid changing
  * (switching UID/GID is NOT compatible with TLS; you may keep this
commented if you have TLS)
  */
#define CHKUSER_ENABLE_UIDGID

 Are you using this the right way, putting right setuid/setgid bits on
 over patched qmail-smtpd?

I am not sure, I belive this was uncommended and didnt change it at all.
I am not using any TLS patches [I couldnt get them to work at the time so
i stopped trying].
I didnt think it would hurt to leave it enabled.


It should be the same, as it should switch from vpopmail user to vpopmail user.

Anyway, comment it (default) if you are simply running as vpopmail.

Tonino

Re: [vchkpw] chkuser 2.0.8b

2005-07-26 Thread Dan Delaney

 At 07.28 26/07/2005, you wrote:
I am having a problem with chkuser.  When qmail is running with the
 patch,
everthing appears to be working fine.
i can telnet into port 25 of my server and send a test message from my
local box and a remote box.
this test appears in my inbox as normal.
but when i send through a mail client, such was outlook, thunderbird, or
even yahoo webmail, the messages are not delivered AT ALL.

mail works normally when i use the old qmail-smtpd file [before
 patching].

Does this make sense to anyone?

 If it works telnetting to port 25, then it should work from anywhere,
 as the protocol is the same and the programs are the same.

 What are logs saying about rejected/lost messages?

The logs say nothing.  What I had noticed is that sending through an email
client, the messages do not appear to hit my system at all and are sent to
my mailbackup.  once i switch back, the mail starts comming in from the
mailbackup as normal.

laster today i will run a tcpdump session on my FW checking to see if
anything hits me and i will also try with a email client externally and
enable logging on that.





/*
  * Uncomment this to enable uid/gid changing
  * (switching UID/GID is NOT compatible with TLS; you may keep this
commented if you have TLS)
  */
#define CHKUSER_ENABLE_UIDGID

 Are you using this the right way, putting right setuid/setgid bits on
 over patched qmail-smtpd?

I am not sure, I belive this was uncommended and didnt change it at all. 
I am not using any TLS patches [I couldnt get them to work at the time so
i stopped trying].
I didnt think it would hurt to leave it enabled.
the patches I am using are: maildir++ and qmail-remote-auth and of course
trying to get chkuser working.

I thought it would be ok since the qmail-smtpd/run script is pulling up
qmail-smtpd as the vpopmail user and group.
should i try to uncomment this and try again?



thanks for any help in advance

Dan Delaney

 Tonino




thanks again
Dan Delaney

Re: [vchkpw] CHKUSER 2.0.8b - banning IPs into tcp.smtp

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

RE: [vchkpw] chkuser 2.0.8b

RE: [vchkpw] chkuser 2.0.8b

RE: [vchkpw] chkuser 2.0.8b

RE: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

Re: [vchkpw] chkuser 2.0.8b

36 matches

Site Navigation

Mail list logo

Footer information