RE: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users?
Hi Ben, > In my setup, I see the tcp.smtp.cdb file getting updated regularly, seeming > to indicate perhaps that the pop-before-smtp may actually be working. Is > there anyway to verify the contents of the cdb file to see if it actually > matches with the current relay table contents? To check if a IP address is listed: TCPREMOTEIP= tcprulescheck tcp.smtp.cdb Example for an IP that's allowed to relay: $ TCPREMOTEIP=62.226.202.17 tcprulescheck /etc/tcp.smtp.cdb rule 62.226.202.17: set environment variable RELAYCLIENT= set environment variable RBLSMTPD= allow connection Or use cdbdump from the cdb package to dump the whole .cdb file: http://cr.yp.to/cdb/cdbmake.html Jonas
RE: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users?
In my setup, I see the tcp.smtp.cdb file getting updated regularly, seeming to indicate perhaps that the pop-before-smtp may actually be working. Is there anyway to verify the contents of the cdb file to see if it actually matches with the current relay table contents? > -Original Message- > From: Jonas Pasche [mailto:[EMAIL PROTECTED] > Sent: Sunday, March 09, 2003 8:27 AM > To: [EMAIL PROTECTED] > Subject: Re: [vchkpw] tcp.smtp file perms/owns for > -enable-roaming-users? > > > Hi Jesse, > > > I may just be mouthing off again, but I gather from the last > paragraph in > > INSTALL that vpopmail may not even bother with vpopmail/etc/tc.smtp and > > open-smtp anymore. > > vpopmail never writes to tcp.smtp. It need read access to that file when > building tcp.smtp.cdb. > > vpopmail writes open-smtp if you have configured it for roaming users, > but without MySQL support. > > vpopmail writes tcp.smtp.cdb, if you have configured it for roaming > users, independent of wheter you have enabled MySQL support or not. > > > I think the default may be to assume that since you're > > using MySQL, you should use Matt Simerson's tcpserver-mysql > patch. The relay > > table is certainly populated in my database, but the > vpopmail/etc/tcp.smtp.cdb > > is NOT generated. > > I bet on write permissions. > > > Personally, I don't have any qualms about vpopmail defaulting to MySQL > > based tcpserver relay control when I'm using MySQL. > > It actually doesn't. > > > However, I strongly > > disagree with the INSTALL wording if that's the case! It makes it sound > > like Matt's patch is only "suggested", but it honestly seems to > be REQUIRED > > when mysql support is enabled in vpopmail. > > The INSTALL file is right. Don't blame it just because your setup didn't > work. You simply didn't care about the permissions on tcp.smtp.cdb - > it's obvious that vpopmail can't write to that file if it's only > writable by root while you don't have vchkpw running as root. > > Jonas > >
Re: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users?
Hi Jesse, > It seems to me that the whole ./configure autodetect of tcp.smtp is > hokey. I think it would make more sense to specify in the > INSTALL docs and in the configure script that there is a DEFAULT > location for tcp.smtp. The configure script does that, if you run "./configure --help". > Clearly /etc doesn't work real well because > of the default permissions, so I'd suggest "~vpopmail/etc". That _is_ the default location; it just doesn't get used in most cases because of a clumsy check, as I mentioned before. > Then, allow that default to be explicitly overridden by a configure > option like "--path-to-tcp-smtp=blah". That's already the case; again issue "./configure --help", or read the FAQ entry #8. > We could keep the current configure behavior and just make sure that > we document it in install, but I think trying to explain the > configure behavior would really confuse some people. Has my elaboration been confusing? ;-) IMHO, it's just the problem that users don't know about that "three location" thing without reading the configure script, thus expecting tcp.smtp file in the wrong place. > What do you think? I really wonder that this question hasn't come up earlier. ;-) Jonas
Re: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users?
- Original Message - From: "Jonas Pasche" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, March 09, 2003 1:39 PM Subject: Re: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users? > Hi Jesse, > > > First off, I didn't write the text you just replied to. That was written by the > > other gentleman. > > You're absolutely right; my further posting should have been started > with "Hi Benjamin". :-) > > > -- begin -- > > 4. How do I allow roaming users to use our smtp server without opening > >the machine up to everyone on the internet? > > > >Your startup script for the qmail smtp server must use the > >tcpserver -x file command similar to this startup line. > > > > env - PATH="/var/qmail/bin:/usr/local/bin" \ > > tcpserver -H -R -x /path/to/vpopmail/etc/tcp.smtp.cdb \ > > -c20 -u504 -g503 0 smtp \ > > /var/qmail/bin/qmail-smtpd 2>&1 > /dev/null & > > -- end -- > > > > > > This clearly implies that the tcp.smtp.cdb file is to be created by > > vpopmail (or clearopensmtp) in the /path/to/vpopmail/etc/ directory. > > I agree that it can be understood that way. However, most users (at > least the users that used "Life with qmail" to install qmail) have the > tcp.smtp.cdb in /etc, and the line you quoted simply is confusing and > should have included "/path/to/whereever/you/have/tcp.smtp.cdb". > > The trick is within the configure script. It reads: > > --- begin --- > [...] > tcpserver_file="" > for f in "$vpopmaildir"/etc/tcp.smtp /etc/tcp.smtp /etc/tcprules.d/qmail-smtpd > do > if test -f $f > then > tcpserver_file=$f > break > fi > done > [...] > --- end --- > > So it looks (in exactly in that order) for: > > 1) "$vpopmaildir"/etc/tcp.smtp > 2) /etc/tcp.smtp > 3) /etc/tcprules.d/qmail-smtpd > > Remember, we're at _compile_ time. > > When doing a fresh install, there isn't a tcp.smtp file in 1) in nearly > all cases, but in 2). That's why vpopmail then adapts itself to use > /etc/tcp.smtp and writes to /etc/tcp.smtp.cdb and not to > ~vpopmail/etc/tcp.smtp.cdb. Ah. I see now. It seems to me that the whole ./configure autodetect of tcp.smtp is hokey. I think it would make more sense to specify in the INSTALL docs and in the configure script that there is a DEFAULT location for tcp.smtp. Clearly /etc doesn't work real well because of the default permissions, so I'd suggest "~vpopmail/etc". Then, allow that default to be explicitly overridden by a configure option like "--path-to-tcp-smtp=blah". Then the FAQ entry would be correct, but we could add a note that the default setting can be overridden. Or We could keep the current configure behavior and just make sure that we document it in install, but I think trying to explain the configure behavior would really confuse some people. What do you think?
Re: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users?
Hi Jesse, > First off, I didn't write the text you just replied to. That was written by the > other gentleman. You're absolutely right; my further posting should have been started with "Hi Benjamin". :-) > -- begin -- > 4. How do I allow roaming users to use our smtp server without opening >the machine up to everyone on the internet? > >Your startup script for the qmail smtp server must use the >tcpserver -x file command similar to this startup line. > > env - PATH="/var/qmail/bin:/usr/local/bin" \ > tcpserver -H -R -x /path/to/vpopmail/etc/tcp.smtp.cdb \ > -c20 -u504 -g503 0 smtp \ > /var/qmail/bin/qmail-smtpd 2>&1 > /dev/null & > -- end -- > > > This clearly implies that the tcp.smtp.cdb file is to be created by > vpopmail (or clearopensmtp) in the /path/to/vpopmail/etc/ directory. I agree that it can be understood that way. However, most users (at least the users that used "Life with qmail" to install qmail) have the tcp.smtp.cdb in /etc, and the line you quoted simply is confusing and should have included "/path/to/whereever/you/have/tcp.smtp.cdb". The trick is within the configure script. It reads: --- begin --- [...] tcpserver_file="" for f in "$vpopmaildir"/etc/tcp.smtp /etc/tcp.smtp /etc/tcprules.d/qmail-smtpd do if test -f $f then tcpserver_file=$f break fi done [...] --- end --- So it looks (in exactly in that order) for: 1) "$vpopmaildir"/etc/tcp.smtp 2) /etc/tcp.smtp 3) /etc/tcprules.d/qmail-smtpd Remember, we're at _compile_ time. When doing a fresh install, there isn't a tcp.smtp file in 1) in nearly all cases, but in 2). That's why vpopmail then adapts itself to use /etc/tcp.smtp and writes to /etc/tcp.smtp.cdb and not to ~vpopmail/etc/tcp.smtp.cdb. If you already have a vpopmail installation and a tcp.smtp in ~vpopmail/etc/, and then do a new ./configure (after "make clean"), vpopmail will find the file in location 1), where it has write access without hassles. > vpopmail clearly has write access. Yet a .cdb file was not created. vpopmail tried to create/update the .cdb file in /etc, which couldn't work without a permission change. > I even copied my /etc/tcp.smtp file here and ran clearopensmtp. > No .cdb file. As the location of the file is set at _compile_ time, moving files around at _run_ time doesn't affect anything. > So, I ask again: Does vpopmail now neglect to build a .cdb file when > --enable-roaming-users=y and --with-mysql are specified at > configure time? No. > Or is the FAQ incorrect, and vpopmail now tries to build the .cdb in > my /etc directory? It does. The FAQ suggests a path corresponding to location 1), while on most systems location 2) has been automatically chosen. That's in fact confusing and should be updated to make it clearer that the location depends on the compile time setting. However, ./configure is kind enough to tell you which location it uses: # ./configure --enable-roaming-users [...] vpopmail 5.2.1 Current settings --- vpopmail directory = /home/vpopmail uid = 89 gid = 89 ip alias = OFF --enable-ip-alias-domains=n (default) address extentions = OFF --enable-qmail-ext=n (default) roaming users = ON --enable-roaming-users=y tcpserver file = /etc/tcp.smtp <<< LOOK HERE open_smtp file = /home/vpopmail/etc/open-smtp user quota = OFF --enable-defaultquota=NOQUOTA default table optimization = many domains --enable-many-domains=y default auth module = cdb default system passwords = OFF --enable-passwd=n default file locking = ON --enable-file-locking=y default file sync = OFF --enable-file-sync=n default disable vdelivermail fsync auth logging = ON --enable-auth-logging=y default mysql logging = OFF --enable-mysql-logging=n default clear passwd = ON --enable-clear-passwd=y (default) valias processing = OFF --enable-valias=n pop syslog = show only failure attempts --enable-logging=e default default domain = --enable-default-domain= auth inc = -Icdb auth lib = The "default" setting is still ~vpopmail/etc/tcp.smtp, but it's obvious that vpopmail cannot use that file if it doesn't exist (yet) - which is the reason it chose the second location (/etc/) as the alternative. Jonas
Re: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users?
- Original Message - From: "Jonas Pasche" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, March 09, 2003 10:17 AM Subject: RE: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users? > Hi Jesse, > > > His ~vpopmail/etc/open-smtp a file I should have manually created at > > some point in time (touch open-smtp)? > > No. As you use the MySQL backend, there is no need for that file. You > should have mentioned in your first post that you're using MySQL as a > backend. I did. > > Rule of thumb: If you did anything other besides a plain "./configure" > when compiling qmail, let us know your configure line if you post a > question, or tell us about ("I have compiled vpopmail with roaming users > support and the MySQL backend"); it prevents unneccessary confusion. I considered posting my configure statement, but I figured that just mentioning that I use MySQL should do the trick. I have a very long configure statement, and I figured it would probably just confuse some people. > > > Where I'm also > > lost, then, is that my /etc/tcp.smtp and /etc/tcp.smtp.cdb files are both > > owned by root:root at present (this seems incorrect to me) and are both > > chmod 644. > > The tcp.smtp.cdb file has to writable to the user that handles the POP3 > session for the authenticed user. In many cases, this is > vpopmail.vchkpw, but it might be another user if you created domains > with the "-u " argument. > > Try "chown vpopmail.vchkpw /etc/tcp.smtp.cdb" first and see if it works. First off, I didn't write the text you just replied to. That was written by the other gentleman. Second, take a look at this excerpt from the FAQ file in the root of my vpopmail 5.2.1 distribution: -- begin -- 4. How do I allow roaming users to use our smtp server without opening the machine up to everyone on the internet? Your startup script for the qmail smtp server must use the tcpserver -x file command similar to this startup line. env - PATH="/var/qmail/bin:/usr/local/bin" \ tcpserver -H -R -x /path/to/vpopmail/etc/tcp.smtp.cdb \ -c20 -u504 -g503 0 smtp \ /var/qmail/bin/qmail-smtpd 2>&1 > /dev/null & -- end -- This clearly implies that the tcp.smtp.cdb file is to be created by vpopmail (or clearopensmtp) in the /path/to/vpopmail/etc/ directory. Here are my permissions for that directory: drwxr-xr-x 2 vpopmail vchkpw 512 Mar 7 19:42 ./ drwxr-xr-x 11 vpopmail vchkpw 512 Feb 6 15:16 ../ -rw-r--r-- 1 vpopmail vchkpw 30 Dec 12 09:31 inc_deps -rw-r--r-- 1 vpopmail vchkpw 78 Dec 12 09:31 lib_deps vpopmail clearly has write access. Yet a .cdb file was not created. I even copied my /etc/tcp.smtp file here and ran clearopensmtp. No .cdb file. So, I ask again: Does vpopmail now neglect to build a .cdb file when --enable-roaming-users=y and --with-mysql are specified at configure time? If this is the case, then the INSTALL AND FAQ files need to note this. Or is the FAQ incorrect, and vpopmail now tries to build the .cdb in my /etc directory? If that's the case, the documentation is still incorrect, and it needs to be updated. Thanks for replying! Jesse > > Jonas > > >
Re: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users?
Hi Jesse, > I may just be mouthing off again, but I gather from the last paragraph in > INSTALL that vpopmail may not even bother with vpopmail/etc/tc.smtp and > open-smtp anymore. vpopmail never writes to tcp.smtp. It need read access to that file when building tcp.smtp.cdb. vpopmail writes open-smtp if you have configured it for roaming users, but without MySQL support. vpopmail writes tcp.smtp.cdb, if you have configured it for roaming users, independent of wheter you have enabled MySQL support or not. > I think the default may be to assume that since you're > using MySQL, you should use Matt Simerson's tcpserver-mysql patch. The relay > table is certainly populated in my database, but the vpopmail/etc/tcp.smtp.cdb > is NOT generated. I bet on write permissions. > Personally, I don't have any qualms about vpopmail defaulting to MySQL > based tcpserver relay control when I'm using MySQL. It actually doesn't. > However, I strongly > disagree with the INSTALL wording if that's the case! It makes it sound > like Matt's patch is only "suggested", but it honestly seems to be REQUIRED > when mysql support is enabled in vpopmail. The INSTALL file is right. Don't blame it just because your setup didn't work. You simply didn't care about the permissions on tcp.smtp.cdb - it's obvious that vpopmail can't write to that file if it's only writable by root while you don't have vchkpw running as root. Jonas
RE: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users?
Hi Jesse, > His ~vpopmail/etc/open-smtp a file I should have manually created at > some point in time (touch open-smtp)? No. As you use the MySQL backend, there is no need for that file. You should have mentioned in your first post that you're using MySQL as a backend. Rule of thumb: If you did anything other besides a plain "./configure" when compiling qmail, let us know your configure line if you post a question, or tell us about ("I have compiled vpopmail with roaming users support and the MySQL backend"); it prevents unneccessary confusion. > Where I'm also > lost, then, is that my /etc/tcp.smtp and /etc/tcp.smtp.cdb files are both > owned by root:root at present (this seems incorrect to me) and are both > chmod 644. The tcp.smtp.cdb file has to writable to the user that handles the POP3 session for the authenticed user. In many cases, this is vpopmail.vchkpw, but it might be another user if you created domains with the "-u " argument. Try "chown vpopmail.vchkpw /etc/tcp.smtp.cdb" first and see if it works. Jonas
Re: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users?
Hi Jesse, > I'm a little confused about this myself... > Does 'open-smtp' not get created if you have mysql support enabled? No; IP adresses that are allowed to relay are written into the "relay" table. Jonas
Re: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users?
On Friday 07 March 2003 19:55, Benjamin Tomhave wrote: > His ~vpopmail/etc/open-smtp a file I should have manually created > at some point in time (touch open-smtp)? It does not currently exist, and > probably explains why the pop-before-smtp has never functioned. I'm going > to assume this file should be owned by vpopmail:vchkpw. Where I'm also > lost, then, is that my /etc/tcp.smtp and /etc/tcp.smtp.cdb files are both > owned by root:root at present (this seems incorrect to me) and are both > chmod 644. > > I am, btw, using a mysql backend, too...I second Jesse's comments... I may just be mouthing off again, but I gather from the last paragraph in INSTALL that vpopmail may not even bother with vpopmail/etc/tc.smtp and open-smtp anymore. I think the default may be to assume that since you're using MySQL, you should use Matt Simerson's tcpserver-mysql patch. The relay table is certainly populated in my database, but the vpopmail/etc/tcp.smtp.cdb is NOT generated. Personally, I don't have any qualms about vpopmail defaulting to MySQL based tcpserver relay control when I'm using MySQL. However, I strongly disagree with the INSTALL wording if that's the case! It makes it sound like Matt's patch is only "suggested", but it honestly seems to be REQUIRED when mysql support is enabled in vpopmail. I have now installed Matt's patch in my tcpserver. > > > -Original Message- > > From: Jonas Pasche [mailto:[EMAIL PROTECTED] > > Sent: Friday, March 07, 2003 3:36 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [vchkpw] tcp.smtp file perms/owns for > > -enable-roaming-users? > > > > > > Hi Ben, > > > > > Apologies if this is already answered elsewhere -- I didn't see > > > > it. What > > > > > should the file permissions and ownership be for the tcprules > > > > tcp.smtp file > > > > > in order to enable vpopmail pop-before-smtp roaming user > > > > support? In other > > > > > words, for qmail/vpopmail to temporarily add an IP address for > > > pop-before-stmp temp-relay support, what setup do I need? > > > > vpopmail doesn't need to write to tcp.smtp (as you can see, the file > > never changes, even not without roaming users). tcp.smtp only contains > > _static_ rules for allowing/disallowing connections and relaying. > > > > vpopmail saves relaying information in ~vpopmail/etc/open-smtp, and it > > creates tcp.smtp.cdb (which is used by tcpserver) from both tcp.smtp and > > open-smtp. > > > > In short, you need: > > > > - read permissions on tcp.smtp > > - write permissions on tcp.smtp.cdb > > > > Judge for yourself if relaying data is sensible or not, to decide if you > > want these files to be group- or world-readable, or not. > > > > Jonas -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net We are actively looking for companies that do a lot of long distance faxing and want to cut their long distance bill by up to 50%. Contact [EMAIL PROTECTED] for more info.
RE: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users?
His ~vpopmail/etc/open-smtp a file I should have manually created at some point in time (touch open-smtp)? It does not currently exist, and probably explains why the pop-before-smtp has never functioned. I'm going to assume this file should be owned by vpopmail:vchkpw. Where I'm also lost, then, is that my /etc/tcp.smtp and /etc/tcp.smtp.cdb files are both owned by root:root at present (this seems incorrect to me) and are both chmod 644. I am, btw, using a mysql backend, too...I second Jesse's comments... > -Original Message- > From: Jonas Pasche [mailto:[EMAIL PROTECTED] > Sent: Friday, March 07, 2003 3:36 PM > To: [EMAIL PROTECTED] > Subject: Re: [vchkpw] tcp.smtp file perms/owns for > -enable-roaming-users? > > > Hi Ben, > > > Apologies if this is already answered elsewhere -- I didn't see > it. What > > should the file permissions and ownership be for the tcprules > tcp.smtp file > > in order to enable vpopmail pop-before-smtp roaming user > support? In other > > words, for qmail/vpopmail to temporarily add an IP address for > > pop-before-stmp temp-relay support, what setup do I need? > > vpopmail doesn't need to write to tcp.smtp (as you can see, the file > never changes, even not without roaming users). tcp.smtp only contains > _static_ rules for allowing/disallowing connections and relaying. > > vpopmail saves relaying information in ~vpopmail/etc/open-smtp, and it > creates tcp.smtp.cdb (which is used by tcpserver) from both tcp.smtp and > open-smtp. > > In short, you need: > > - read permissions on tcp.smtp > - write permissions on tcp.smtp.cdb > > Judge for yourself if relaying data is sensible or not, to decide if you > want these files to be group- or world-readable, or not. > > Jonas > >
Re: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users?
On Friday 07 March 2003 17:36, Jonas Pasche wrote: > Hi Ben, > > > Apologies if this is already answered elsewhere -- I didn't see it. What > > should the file permissions and ownership be for the tcprules tcp.smtp > > file in order to enable vpopmail pop-before-smtp roaming user support? > > In other words, for qmail/vpopmail to temporarily add an IP address for > > pop-before-stmp temp-relay support, what setup do I need? > > vpopmail doesn't need to write to tcp.smtp (as you can see, the file > never changes, even not without roaming users). tcp.smtp only contains > _static_ rules for allowing/disallowing connections and relaying. > > vpopmail saves relaying information in ~vpopmail/etc/open-smtp, and it > creates tcp.smtp.cdb (which is used by tcpserver) from both tcp.smtp and > open-smtp. I'm a little confused about this myself... Does 'open-smtp' not get created if you have mysql support enabled? I have mysql support enabled. My vpopmail installation doesn't create this file, and it doesn't build 'tcp.smtp.cdb'. (Yes, I ran clearopensmtp) > > In short, you need: > > - read permissions on tcp.smtp > - write permissions on tcp.smtp.cdb > > Judge for yourself if relaying data is sensible or not, to decide if you > want these files to be group- or world-readable, or not. > > Jonas -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net We are actively looking for companies that do a lot of long distance faxing and want to cut their long distance bill by up to 50%. Contact [EMAIL PROTECTED] for more info.
Re: [vchkpw] tcp.smtp file perms/owns for -enable-roaming-users?
Hi Ben, > Apologies if this is already answered elsewhere -- I didn't see it. What > should the file permissions and ownership be for the tcprules tcp.smtp file > in order to enable vpopmail pop-before-smtp roaming user support? In other > words, for qmail/vpopmail to temporarily add an IP address for > pop-before-stmp temp-relay support, what setup do I need? vpopmail doesn't need to write to tcp.smtp (as you can see, the file never changes, even not without roaming users). tcp.smtp only contains _static_ rules for allowing/disallowing connections and relaying. vpopmail saves relaying information in ~vpopmail/etc/open-smtp, and it creates tcp.smtp.cdb (which is used by tcpserver) from both tcp.smtp and open-smtp. In short, you need: - read permissions on tcp.smtp - write permissions on tcp.smtp.cdb Judge for yourself if relaying data is sensible or not, to decide if you want these files to be group- or world-readable, or not. Jonas