Re: [vchkpw] tcp.smtp
On Monday 06 June 2005 11:31 pm, Shane Chrisp wrote: On Mon, 2005-06-06 at 22:14 -0400, Martin Leduc wrote: Good evening folks, I would like to understand something regarding the /etc/tcp.smtp file. I have this configuration 192.168.1.:allow,RELAYCLIENT= 127.:allow,RELAYCLIENT= When I connect using telnet on 127.0.0.1 I got my server header Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 mail.somedomain.com ESMTP When I try using 192.168.1.5, my actual server I got nothing, and I don't have any firewall on my tcp 25 port ;). It could be dns related, try waiting for a fairly long time to see if qmail responds. You could also try Also post your SMTP run script for us to pick at and give you better advice as to what to do. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgp4R0wm0JSqj.pgp Description: PGP signature
RE: [vchkpw] tcp.smtp
Sounds correct. After waiting few minutes, I received my connexion, but only after update the tcp.smtp with your new settings. Where can I found a complete description of all these parameters? I will test again and check my /$%?* Microsoft DNS server. Long life to BIND :) Best regards Martin -Message d'origine- De : Shane Chrisp [mailto:[EMAIL PROTECTED] Envoyé : 7 juin 2005 00:32 À : vchkpw@inter7.com Objet : Re: [vchkpw] tcp.smtp On Mon, 2005-06-06 at 22:14 -0400, Martin Leduc wrote: Good evening folks, I would like to understand something regarding the /etc/tcp.smtp file. I have this configuration 192.168.1.:allow,RELAYCLIENT= 127.:allow,RELAYCLIENT= When I connect using telnet on 127.0.0.1 I got my server header Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 mail.somedomain.com ESMTP When I try using 192.168.1.5, my actual server I got nothing, and I don't have any firewall on my tcp 25 port ;). It could be dns related, try waiting for a fairly long time to see if qmail responds. You could also try 192.168.1.:allow,RELAYCLIENT=,NODNSCHECK=,RBLSMTPD=,QMAILQUEUE=/var/q mail/bin/qmail-queue cheers Shane
Re: [vchkpw] tcp.smtp
On Mon, 2005-06-06 at 22:14 -0400, Martin Leduc wrote: Good evening folks, I would like to understand something regarding the /etc/tcp.smtp file. I have this configuration 192.168.1.:allow,RELAYCLIENT= 127.:allow,RELAYCLIENT= When I connect using telnet on 127.0.0.1 I got my server header Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 mail.somedomain.com ESMTP When I try using 192.168.1.5, my actual server I got nothing, and I don't have any firewall on my tcp 25 port ;). It could be dns related, try waiting for a fairly long time to see if qmail responds. You could also try 192.168.1.:allow,RELAYCLIENT=,NODNSCHECK=,RBLSMTPD=,QMAILQUEUE=/var/qmail/bin/qmail-queue cheers Shane
Re: [vchkpw] tcp.smtp / open-smtp rule precedence
On Fri, 16 Jan 2004, Mauricio Teixeira (listas) wrote: Em Sex, 2004-01-16 às 14:24, Chris Hardie escreveu: Hmm, if it's in the run file, isn't it still subject to the rules of tcpserver, in terms of the impact the environment variables have? Perhaps The variable is used by qmail-smtpd to determine how it will queue the mesage. tcpserver does not know anything about it. qmail-qsmtpd/run follows: ...snip... QMAILQUEUE=bin/qmail-scanner-queue.pl export QMAILQUEUE I was able to clarify why running qmail-scanner globally doesn't solve the problem. The RELAYCLIENT environment variable is still being set via open-smtp, and so qmail-scanner still refuses to examine mail from IPs which have been the source of a successful POP session when roaming users is enabled. So again, a POP user is able to unintentionally override the environment settings in tcp.smtp that should presumably take precedence. Chris
Re: [vchkpw] tcp.smtp / open-smtp rule precedence
On Sun, 2004-01-18 at 14:49, Chris Hardie wrote: I was able to clarify why running qmail-scanner globally doesn't solve the problem. The RELAYCLIENT environment variable is still being set via open-smtp, and so qmail-scanner still refuses to examine mail from IPs which have been the source of a successful POP session when roaming users is enabled. So again, a POP user is able to unintentionally override the environment settings in tcp.smtp that should presumably take precedence. yes, which is what I also said in different reply to you. In that reply, I also gave you a few pointers on what you might be able to do to make this all work for you. -Jeremy -- Jeremy Kitchen [EMAIL PROTECTED]
Re: [vchkpw] tcp.smtp / open-smtp rule precedence
Em Sex, 2004-01-16 às 14:10, Chris Hardie escreveu: The result is that the users pop / roaming action is disabling Why don't you enable qmail-scanner globally? I put QMAILQUEUE=bin/qmail-scanner-queue.pl into /service/qmail-smtpd/run before smtpd initialization, in a way it's used by all connections. If you want some other connection NOT to use the scanner,you would have to specify it in tcp.smtp My 2c. -- [] Mauricio Teixeira - Maceió/AL/Brazil [] * Este e-mail serve apenas para listas!!! * [] * This e-mail is for mailing lists only!!! *
Re: [vchkpw] tcp.smtp / open-smtp rule precedence
On Fri, 2004-01-16 at 11:10, Chris Hardie wrote: We have a line in our ~vpopmail/etc/tcp.smtp file that looks like this: 12.161.105.140:allow,MFCHECK=0,RBLSMTPD=,QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl BUT, we have a meddlesome user on 12.161.105.140 who is popping into vpopmail, which has the allow roaming users flag set. As soon as this user does that, an entry is created in the tcp.smtp database for that user, as reflected in the open-smtp file: 12.161.105.140:allow,RELAYCLIENT=,RBLSMTPD= 1074272408 The result is that the users pop / roaming action is disabling qmail-scanner for all mail from that server. In general, the issue is that a user popping in from an IP that has a line in the main ~vpopmail/etc/tcp.smtp can override the rule for that IP. Interesting indeed! I would simply disable pop-before-smtp for this user. Look at vmoduser. Then, add RELAYCLIENT= to your original line, and call it good. -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
Re: [vchkpw] tcp.smtp / open-smtp rule precedence
On Fri, 16 Jan 2004, Mauricio Teixeira (listas) wrote: Em Sex, 2004-01-16 às 14:10, Chris Hardie escreveu: The result is that the users pop / roaming action is disabling Why don't you enable qmail-scanner globally? I put QMAILQUEUE=bin/qmail-scanner-queue.pl into /service/qmail-smtpd/run before smtpd initialization, in a way it's used by all connections. If you want some other connection NOT to use the scanner,you would have to specify it in tcp.smtp Hmm, if it's in the run file, isn't it still subject to the rules of tcpserver, in terms of the impact the environment variables have? Perhaps you could paste in /service/qmail-smtpd/run. Chris
Re: [vchkpw] tcp.smtp / open-smtp rule precedence
On Fri, 16 Jan 2004, Jeremy Kitchen wrote: I would simply disable pop-before-smtp for this user. Look at vmoduser. Then, add RELAYCLIENT= to your original line, and call it good. I see why that would work (though I think you didn't mean the part about putting RELAYCLIENT= in tcp.smtp, as that disables qmail-scanner), but it doesn't seem to scale very well. As other users on 12.161.105.140 do the same thing, we'd have to watch for them and vmoduser each one. Chris
Re: [vchkpw] tcp.smtp / open-smtp rule precedence
Em Sex, 2004-01-16 às 14:24, Chris Hardie escreveu: Hmm, if it's in the run file, isn't it still subject to the rules of tcpserver, in terms of the impact the environment variables have? Perhaps The variable is used by qmail-smtpd to determine how it will queue the mesage. tcpserver does not know anything about it. qmail-qsmtpd/run follows: - #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` QMAILQUEUE=bin/qmail-scanner-queue.pl export QMAILQUEUE if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD -o -z $LOCAL ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo No /var/qmail/control/rcpthosts! echo Refusing to start SMTP listener because it'll create an open relay exit 1 fi exec /usr/local/bin/softlimit -m 6400 \ /usr/local/bin/tcpserver -v -R -l $LOCAL -S -x /etc/tcp.smtp.cdb \ -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd -r relays.ordb.org -r sbl.spamhaus.org -r bl.spamcop.net \ /var/qmail/bin/qmail-smtpd 21 -- [] Mauricio Teixeira - Maceió/AL/Brazil [] * Este e-mail serve apenas para listas!!! * [] * This e-mail is for mailing lists only!!! *
Re: [vchkpw] tcp.smtp / open-smtp rule precedence
On Fri, 2004-01-16 at 11:25, Chris Hardie wrote: On Fri, 16 Jan 2004, Jeremy Kitchen wrote: I would simply disable pop-before-smtp for this user. Look at vmoduser. Then, add RELAYCLIENT= to your original line, and call it good. I see why that would work (though I think you didn't mean the part about putting RELAYCLIENT= in tcp.smtp, as that disables qmail-scanner), but it doesn't seem to scale very well. As other users on 12.161.105.140 do the same thing, we'd have to watch for them and vmoduser each one. well then you'll have to either: a) vmoduser all of them and force the other clients on that IP to use SMTP auth. b) set up another qmail-smtpd service specifically for the server you want to have all mail from scanned with qmail-scanner, and configure that server to use your new qmail-smtpd service. there's no other way to do it, since tcpserver doesn't know which client is which, it just knows IPs, and since you pointed out that qmail-scanner doesn't run if the RELAYCLIENT is set, then having them both on the same port/ip is not possible. -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
Re: [vchkpw] tcp.smtp / open-smtp rule precedence
On Fri, 2004-01-16 at 11:31, Jeremy Kitchen wrote: and since you pointed out that qmail-scanner doesn't run if the RELAYCLIENT is set, then having them both on the same port/ip is not possible. ahem, it runs. it just doesn't do anything. *MORE REDBULL* -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
Re: [vchkpw] tcp.smtp / open-smtp rule precedence
On Jan 16, 2004, at 10:10 AM, Chris Hardie wrote: BUT, we have a meddlesome user on 12.161.105.140 who is popping into vpopmail, which has the allow roaming users flag set. As soon as this user does that, an entry is created in the tcp.smtp database for that user, as reflected in the open-smtp file: 12.161.105.140:allow,RELAYCLIENT=,RBLSMTPD= 1074272408 I don't think it's an unreasonable request for us to modify vpopmail so that the rules in tcp.smtp take precedence over the rules established by open-smtp. The actual code to change is in update_rules(). I was under the impression that the first line to match an IP was the one selected. If that's the case, then processing tcp.smtp first, followed by open-smtp (which is how it works now) should work correctly. I see two options: 1) keep track of all IPs listed in tcp.smtp when sending that data to tcprules, and ignore entries that match those IPs when processing open-smtp. 2) send entries from open-smtp to tcprules FIRST, followed by the rules in tcp.smtp. I don't personally use roaming users, so I don't know the full details of how it works. If someone can provide more information, it should be possible to modify vpopmail to handle this situation. Also, if anyone can think of a reason that rules in tcp.smtp SHOULDN'T override entries in open-smtp, then please speak up now. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
RE: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users?
In my setup, I see the tcp.smtp.cdb file getting updated regularly, seeming to indicate perhaps that the pop-before-smtp may actually be working. Is there anyway to verify the contents of the cdb file to see if it actually matches with the current relay table contents? -Original Message- From: Jonas Pasche [mailto:[EMAIL PROTECTED] Sent: Sunday, March 09, 2003 8:27 AM To: [EMAIL PROTECTED] Subject: Re: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users? Hi Jesse, I may just be mouthing off again, but I gather from the last paragraph in INSTALL that vpopmail may not even bother with vpopmail/etc/tc.smtp and open-smtp anymore. vpopmail never writes to tcp.smtp. It need read access to that file when building tcp.smtp.cdb. vpopmail writes open-smtp if you have configured it for roaming users, but without MySQL support. vpopmail writes tcp.smtp.cdb, if you have configured it for roaming users, independent of wheter you have enabled MySQL support or not. I think the default may be to assume that since you're using MySQL, you should use Matt Simerson's tcpserver-mysql patch. The relay table is certainly populated in my database, but the vpopmail/etc/tcp.smtp.cdb is NOT generated. I bet on write permissions. Personally, I don't have any qualms about vpopmail defaulting to MySQL based tcpserver relay control when I'm using MySQL. It actually doesn't. However, I strongly disagree with the INSTALL wording if that's the case! It makes it sound like Matt's patch is only suggested, but it honestly seems to be REQUIRED when mysql support is enabled in vpopmail. The INSTALL file is right. Don't blame it just because your setup didn't work. You simply didn't care about the permissions on tcp.smtp.cdb - it's obvious that vpopmail can't write to that file if it's only writable by root while you don't have vchkpw running as root. Jonas
RE: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users?
Hi Ben, In my setup, I see the tcp.smtp.cdb file getting updated regularly, seeming to indicate perhaps that the pop-before-smtp may actually be working. Is there anyway to verify the contents of the cdb file to see if it actually matches with the current relay table contents? To check if a IP address is listed: TCPREMOTEIP=ip tcprulescheck tcp.smtp.cdb Example for an IP that's allowed to relay: $ TCPREMOTEIP=62.226.202.17 tcprulescheck /etc/tcp.smtp.cdb rule 62.226.202.17: set environment variable RELAYCLIENT= set environment variable RBLSMTPD= allow connection Or use cdbdump from the cdb package to dump the whole .cdb file: http://cr.yp.to/cdb/cdbmake.html Jonas
Re: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users?
Hi Jesse, I'm a little confused about this myself... Does 'open-smtp' not get created if you have mysql support enabled? No; IP adresses that are allowed to relay are written into the relay table. Jonas
RE: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users?
Hi Jesse, His ~vpopmail/etc/open-smtp a file I should have manually created at some point in time (touch open-smtp)? No. As you use the MySQL backend, there is no need for that file. You should have mentioned in your first post that you're using MySQL as a backend. Rule of thumb: If you did anything other besides a plain ./configure when compiling qmail, let us know your configure line if you post a question, or tell us about (I have compiled vpopmail with roaming users support and the MySQL backend); it prevents unneccessary confusion. Where I'm also lost, then, is that my /etc/tcp.smtp and /etc/tcp.smtp.cdb files are both owned by root:root at present (this seems incorrect to me) and are both chmod 644. The tcp.smtp.cdb file has to writable to the user that handles the POP3 session for the authenticed user. In many cases, this is vpopmail.vchkpw, but it might be another user if you created domains with the -u user argument. Try chown vpopmail.vchkpw /etc/tcp.smtp.cdb first and see if it works. Jonas
Re: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users?
Hi Jesse, I may just be mouthing off again, but I gather from the last paragraph in INSTALL that vpopmail may not even bother with vpopmail/etc/tc.smtp and open-smtp anymore. vpopmail never writes to tcp.smtp. It need read access to that file when building tcp.smtp.cdb. vpopmail writes open-smtp if you have configured it for roaming users, but without MySQL support. vpopmail writes tcp.smtp.cdb, if you have configured it for roaming users, independent of wheter you have enabled MySQL support or not. I think the default may be to assume that since you're using MySQL, you should use Matt Simerson's tcpserver-mysql patch. The relay table is certainly populated in my database, but the vpopmail/etc/tcp.smtp.cdb is NOT generated. I bet on write permissions. Personally, I don't have any qualms about vpopmail defaulting to MySQL based tcpserver relay control when I'm using MySQL. It actually doesn't. However, I strongly disagree with the INSTALL wording if that's the case! It makes it sound like Matt's patch is only suggested, but it honestly seems to be REQUIRED when mysql support is enabled in vpopmail. The INSTALL file is right. Don't blame it just because your setup didn't work. You simply didn't care about the permissions on tcp.smtp.cdb - it's obvious that vpopmail can't write to that file if it's only writable by root while you don't have vchkpw running as root. Jonas
[vchkpw] vpopmail and tcpserver-mysql (was: Re: [vchkpw] tcp.smtp fileperms/owns for -enable-roaming-users?)
Hi again, However, I strongly disagree with the INSTALL wording if that's the case! It makes it sound like Matt's patch is only suggested, but it honestly seems to be REQUIRED when mysql support is enabled in vpopmail. The INSTALL file is right. Short note; quoting the INSTALL file: --- begin --- 13. For sites using the mysql module and --enable-roaming-users=y it is highly suggested to use Matt Simersons tcpserver-mysql patch. This removes the need for vpopmail to compile a tcp.smtp.cdb file for each pop authentication. Instead, tcpserver looks directly into the vpopmail mysql table of IP's. --- end --- It is correct that the tcpserver-mysql patch removes the need for vpopmail to compile a tcp.smtp.cdb file for each pop authentication. That's true, the _need_ for that functionality is removed - but not the functionality itself! vpopmail still compiles a tcp.smtp.cdb file, so the tcpserver-mysql patch doesn't mean anything to vpopmail. As vpopmail doesn't know of you're using the tcpserver-mysql patch, it has no way to know that it doesn't have to update tcp.smtp.cdb. I don't think there's a big performance hit using the tcpserver-mysql patch, as reading from a cdb file is already extremely fast. Thus, the benefit isn't in tcpserver itself; but it's the _possibility_ to remove the time-consuming tcp.smtp.cdb rebuild functionality from the vpopmail code. If you don't do that (manually), the tcpserver-mysql patch doesn't mean anything better to you compared to a working cdb setup without it. To make that patch really usable, vpopmail needs a way to know that it doesn't have to update tcp.smtp.cdb, maybe a ./configure parameter like --i-use-the-tcpserver-mysql-patch-and-thus-do-not-need-cdb-updates. In some situations (like yours, Jesse), the tcpserver-mysql patch seems to act as a fix, but it actually is a different thing. Your problems have been with file permissions, not with vpopmail requiring a patch that's marked as optional/suggested. It only looks like a fix because its totally different approach doesn't depend on file permissions. And, while we're at it... the newest README.mysql file tells us to... #define MYSQL_UPDATE_SERVER localhost #define MYSQL_UPDATE_USER root #define MYSQL_UPDATE_PASSWD secret #define MYSQL_READ_SERVER localhost #define MYSQL_READ_USER root #define MYSQL_READ_PASSWD secret From a security perspective, it should be preferred to use a dedicated MySQL user instead of root; this would highly reduce the danger that a possibly table-corrupting vpopmail bug would have on MySQL data. Yes, it's the user's choice, and MySQL administrators should already know that, but IMHO the README.mysql file should set a good example here. Jonas
Re: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users?
- Original Message - From: Jonas Pasche [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, March 09, 2003 10:17 AM Subject: RE: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users? Hi Jesse, His ~vpopmail/etc/open-smtp a file I should have manually created at some point in time (touch open-smtp)? No. As you use the MySQL backend, there is no need for that file. You should have mentioned in your first post that you're using MySQL as a backend. I did. Rule of thumb: If you did anything other besides a plain ./configure when compiling qmail, let us know your configure line if you post a question, or tell us about (I have compiled vpopmail with roaming users support and the MySQL backend); it prevents unneccessary confusion. I considered posting my configure statement, but I figured that just mentioning that I use MySQL should do the trick. I have a very long configure statement, and I figured it would probably just confuse some people. Where I'm also lost, then, is that my /etc/tcp.smtp and /etc/tcp.smtp.cdb files are both owned by root:root at present (this seems incorrect to me) and are both chmod 644. The tcp.smtp.cdb file has to writable to the user that handles the POP3 session for the authenticed user. In many cases, this is vpopmail.vchkpw, but it might be another user if you created domains with the -u user argument. Try chown vpopmail.vchkpw /etc/tcp.smtp.cdb first and see if it works. First off, I didn't write the text you just replied to. That was written by the other gentleman. Second, take a look at this excerpt from the FAQ file in the root of my vpopmail 5.2.1 distribution: -- begin -- 4. How do I allow roaming users to use our smtp server without opening the machine up to everyone on the internet? Your startup script for the qmail smtp server must use the tcpserver -x file command similar to this startup line. env - PATH=/var/qmail/bin:/usr/local/bin \ tcpserver -H -R -x /path/to/vpopmail/etc/tcp.smtp.cdb \ -c20 -u504 -g503 0 smtp \ /var/qmail/bin/qmail-smtpd 21 /dev/null -- end -- This clearly implies that the tcp.smtp.cdb file is to be created by vpopmail (or clearopensmtp) in the /path/to/vpopmail/etc/ directory. Here are my permissions for that directory: drwxr-xr-x 2 vpopmail vchkpw 512 Mar 7 19:42 ./ drwxr-xr-x 11 vpopmail vchkpw 512 Feb 6 15:16 ../ -rw-r--r-- 1 vpopmail vchkpw 30 Dec 12 09:31 inc_deps -rw-r--r-- 1 vpopmail vchkpw 78 Dec 12 09:31 lib_deps vpopmail clearly has write access. Yet a .cdb file was not created. I even copied my /etc/tcp.smtp file here and ran clearopensmtp. No .cdb file. So, I ask again: Does vpopmail now neglect to build a .cdb file when --enable-roaming-users=y and --with-mysql are specified at configure time? If this is the case, then the INSTALL AND FAQ files need to note this. Or is the FAQ incorrect, and vpopmail now tries to build the .cdb in my /etc directory? If that's the case, the documentation is still incorrect, and it needs to be updated. Thanks for replying! Jesse Jonas
Re: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users?
Hi Jesse, It seems to me that the whole ./configure autodetect of tcp.smtp is hokey. I think it would make more sense to specify in the INSTALL docs and in the configure script that there is a DEFAULT location for tcp.smtp. The configure script does that, if you run ./configure --help. Clearly /etc doesn't work real well because of the default permissions, so I'd suggest ~vpopmail/etc. That _is_ the default location; it just doesn't get used in most cases because of a clumsy check, as I mentioned before. Then, allow that default to be explicitly overridden by a configure option like --path-to-tcp-smtp=blah. That's already the case; again issue ./configure --help, or read the FAQ entry #8. We could keep the current configure behavior and just make sure that we document it in install, but I think trying to explain the configure behavior would really confuse some people. Has my elaboration been confusing? ;-) IMHO, it's just the problem that users don't know about that three location thing without reading the configure script, thus expecting tcp.smtp file in the wrong place. What do you think? I really wonder that this question hasn't come up earlier. ;-) Jonas
Re: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users?
Hi Ben, Apologies if this is already answered elsewhere -- I didn't see it. What should the file permissions and ownership be for the tcprules tcp.smtp file in order to enable vpopmail pop-before-smtp roaming user support? In other words, for qmail/vpopmail to temporarily add an IP address for pop-before-stmp temp-relay support, what setup do I need? vpopmail doesn't need to write to tcp.smtp (as you can see, the file never changes, even not without roaming users). tcp.smtp only contains _static_ rules for allowing/disallowing connections and relaying. vpopmail saves relaying information in ~vpopmail/etc/open-smtp, and it creates tcp.smtp.cdb (which is used by tcpserver) from both tcp.smtp and open-smtp. In short, you need: - read permissions on tcp.smtp - write permissions on tcp.smtp.cdb Judge for yourself if relaying data is sensible or not, to decide if you want these files to be group- or world-readable, or not. Jonas
Re: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users?
On Friday 07 March 2003 19:55, Benjamin Tomhave wrote: His ~vpopmail/etc/open-smtp a file I should have manually created at some point in time (touch open-smtp)? It does not currently exist, and probably explains why the pop-before-smtp has never functioned. I'm going to assume this file should be owned by vpopmail:vchkpw. Where I'm also lost, then, is that my /etc/tcp.smtp and /etc/tcp.smtp.cdb files are both owned by root:root at present (this seems incorrect to me) and are both chmod 644. I am, btw, using a mysql backend, too...I second Jesse's comments... I may just be mouthing off again, but I gather from the last paragraph in INSTALL that vpopmail may not even bother with vpopmail/etc/tc.smtp and open-smtp anymore. I think the default may be to assume that since you're using MySQL, you should use Matt Simerson's tcpserver-mysql patch. The relay table is certainly populated in my database, but the vpopmail/etc/tcp.smtp.cdb is NOT generated. Personally, I don't have any qualms about vpopmail defaulting to MySQL based tcpserver relay control when I'm using MySQL. However, I strongly disagree with the INSTALL wording if that's the case! It makes it sound like Matt's patch is only suggested, but it honestly seems to be REQUIRED when mysql support is enabled in vpopmail. I have now installed Matt's patch in my tcpserver. -Original Message- From: Jonas Pasche [mailto:[EMAIL PROTECTED] Sent: Friday, March 07, 2003 3:36 PM To: [EMAIL PROTECTED] Subject: Re: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users? Hi Ben, Apologies if this is already answered elsewhere -- I didn't see it. What should the file permissions and ownership be for the tcprules tcp.smtp file in order to enable vpopmail pop-before-smtp roaming user support? In other words, for qmail/vpopmail to temporarily add an IP address for pop-before-stmp temp-relay support, what setup do I need? vpopmail doesn't need to write to tcp.smtp (as you can see, the file never changes, even not without roaming users). tcp.smtp only contains _static_ rules for allowing/disallowing connections and relaying. vpopmail saves relaying information in ~vpopmail/etc/open-smtp, and it creates tcp.smtp.cdb (which is used by tcpserver) from both tcp.smtp and open-smtp. In short, you need: - read permissions on tcp.smtp - write permissions on tcp.smtp.cdb Judge for yourself if relaying data is sensible or not, to decide if you want these files to be group- or world-readable, or not. Jonas -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net We are actively looking for companies that do a lot of long distance faxing and want to cut their long distance bill by up to 50%. Contact [EMAIL PROTECTED] for more info.
Re: vchkpw tcp.smtp rebuild problem (possibly)
What are your user/groupids? -u1003 -g1003 -u 1009 -g 1005 - Original Message - From: "Gourgen Hakobian" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, April 11, 2001 12:05 PM Subject: vchkpw tcp.smtp rebuild problem (possibly) Hi there Here is the problem... I already spent a ton of time and searched the entire web for answer but the problem still persists. So any help will be greatly appreciated. The thing is that right after roaming POP user enters pop auth password, vchkpw locks and takes 100% of CPU;-) It writes user's IP and timestamp to ~vpopmail/etc/open-smtp, but when it's time to rebuild tcp.smtp via tcprules, it stops and doesn't even exit. This happens only if it needs to rebuild tcp.smtp (e.g. new IPs only). System: FreeBSD 4.2, Qmail 1.03, vpopmail 4.9.10, ucspi-tcpi 0.88, qmail-pop3d Vpopmail compile options: ./configure --enable-roaming-users=y --enable-tcprules-prog --enable-tcpserver-file=/home/vpopmail/etc/tcp.smtp --enable-hardquota=150 Startup scripts: #!bin/sh env - PATH="/var/qmail/bin:/usr/local/bin" \ /usr/local/bin/tcpserver -H -R -x /home/vpopmail/etc/tcp.smtp.cdb \ -c20 -u1003 -g1003 0 smtp \ /var/qmail/bin/qmail-smtpd 21 /dev/null /usr/local/bin/tcpserver -H -R -u 1009 -g 1005 0 pop3 \ /var/qmail/bin/qmail-popup digital.am \ /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir \ 21 | /var/qmail/bin/splogger pop3 3 -- Best regards, Gourgen Hakobian mailto:[EMAIL PROTECTED]
Re: vchkpw tcp.smtp rebuild problem (possibly)
What are your user/groupids? -u1003 -g1003 -u 1009 -g 1005 - Original Message - From: "Gourgen Hakobian" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, April 11, 2001 12:05 PM Subject: vchkpw tcp.smtp rebuild problem (possibly) Hi there Here is the problem... I already spent a ton of time and searched the entire web for answer but the problem still persists. So any help will be greatly appreciated. The thing is that right after roaming POP user enters pop auth password, vchkpw locks and takes 100% of CPU;-) It writes user's IP and timestamp to ~vpopmail/etc/open-smtp, but when it's time to rebuild tcp.smtp via tcprules, it stops and doesn't even exit. This happens only if it needs to rebuild tcp.smtp (e.g. new IPs only). System: FreeBSD 4.2, Qmail 1.03, vpopmail 4.9.10, ucspi-tcpi 0.88, qmail-pop3d Vpopmail compile options: ./configure --enable-roaming-users=y --enable-tcprules-prog --enable-tcpserver-file=/home/vpopmail/etc/tcp.smtp --enable-hardquota=150 Startup scripts: #!bin/sh env - PATH="/var/qmail/bin:/usr/local/bin" \ /usr/local/bin/tcpserver -H -R -x /home/vpopmail/etc/tcp.smtp.cdb \ -c20 -u1003 -g1003 0 smtp \ /var/qmail/bin/qmail-smtpd 21 /dev/null /usr/local/bin/tcpserver -H -R -u 1009 -g 1005 0 pop3 \ /var/qmail/bin/qmail-popup digital.am \ /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir \ 21 | /var/qmail/bin/splogger pop3 3 -- Best regards, Gourgen Hakobian mailto:[EMAIL PROTECTED]
Re: vchkpw tcp.smtp rebuild problem (possibly)
What are your user/groupids? -u1003 -g1003 -u 1009 -g 1005 - Original Message - From: "Gourgen Hakobian" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, April 11, 2001 12:05 PM Subject: vchkpw tcp.smtp rebuild problem (possibly) Hi there Here is the problem... I already spent a ton of time and searched the entire web for answer but the problem still persists. So any help will be greatly appreciated. The thing is that right after roaming POP user enters pop auth password, vchkpw locks and takes 100% of CPU;-) It writes user's IP and timestamp to ~vpopmail/etc/open-smtp, but when it's time to rebuild tcp.smtp via tcprules, it stops and doesn't even exit. This happens only if it needs to rebuild tcp.smtp (e.g. new IPs only). System: FreeBSD 4.2, Qmail 1.03, vpopmail 4.9.10, ucspi-tcpi 0.88, qmail-pop3d Vpopmail compile options: ./configure --enable-roaming-users=y --enable-tcprules-prog --enable-tcpserver-file=/home/vpopmail/etc/tcp.smtp --enable-hardquota=150 Startup scripts: #!bin/sh env - PATH="/var/qmail/bin:/usr/local/bin" \ /usr/local/bin/tcpserver -H -R -x /home/vpopmail/etc/tcp.smtp.cdb \ -c20 -u1003 -g1003 0 smtp \ /var/qmail/bin/qmail-smtpd 21 /dev/null /usr/local/bin/tcpserver -H -R -u 1009 -g 1005 0 pop3 \ /var/qmail/bin/qmail-popup digital.am \ /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir \ 21 | /var/qmail/bin/splogger pop3 3 -- Best regards, Gourgen Hakobian mailto:[EMAIL PROTECTED]