Re: [vchkpw] RE:[vchkpw] Making qmail check for existant user against vpopmail _before_ accepting mail
At 27/05/2004 27/05/2004 -0600, you wrote: tonix (Antonio Nati) wrote: I'll ask, nextly, to join the development group and develop a robust subset of calls solving this problem (for all, not only for chkuser). Help on vpopmail would be welcome, at least by me, [1] but creating another set of calls is not a good way to handle this problem. As I recall, a major part of your complaint was that you could not tell the difference between not being able to open the database and getting a no answer back from that database. I have already corrected that problem by providing a vauth_open() in every back end. Any program can now verify access to the back end, and most of the ones in ~/vpopmail/bin already do. (This is only in CVS so far. A dev release is in the works...) Please sign up to the SourceFORGE vpopmail list to continue this discussion... http://lists.sourceforge.net/lists/listinfo/vpopmail-devel Rick Thanks Rick, I did not know of this new set. I'll update chkuser as this new version is available. Ciao, Tonino [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [vchkpw] RE:[vchkpw] Making qmail check for existant user against vpopmail _before_ accepting mail
tonix (Antonio Nati) wrote: I'll ask, nextly, to join the development group and develop a robust subset of calls solving this problem (for all, not only for chkuser). Help on vpopmail would be welcome, at least by me, [1] but creating another set of calls is not a good way to handle this problem. As I recall, a major part of your complaint was that you could not tell the difference between not being able to open the database and getting a no answer back from that database. I have already corrected that problem by providing a vauth_open() in every back end. Any program can now verify access to the back end, and most of the ones in ~/vpopmail/bin already do. (This is only in CVS so far. A dev release is in the works...) Please sign up to the SourceFORGE vpopmail list to continue this discussion... http://lists.sourceforge.net/lists/listinfo/vpopmail-devel Rick [1] I'm not the one who decides.
Re: [vchkpw] RE:[vchkpw] Making qmail check for existant user against vpopmail _before_ accepting mail
At 27/05/2004 27/05/2004 -0500, you wrote: On Thursday 27 May 2004 04:26 am, Tonix wrote: *ahem* +#include *ahem* If you comment out this line, you have this compilation error: In file included from qmail-smtpd.c:45: /vpopmail/include/vpopmail.h:133: syntax error before `*' This is the guilty 133 line, inside vpopmail.h: struct vqpasswd *vgetent(FILE *); It looks like my patch needs stdio.h only because vpopmail needs it. So, does Ken know your opinion about his writing "UGLY" and "HORRIBLE" code with glibc-stuff inside? *ahem* > This patch is running in hundreds of productions sites since more than two > years (without a bug and without any performance problem), and I'm > receiving dozen of e-mails, each month, thanking for it. I continually see reports of 'false positives' on this mailing list. This is a MySQL fault, with vpopmail NOT handling bad return codes in some core routines. I'll ask, nextly, to join the development group and develop a robust subset of calls solving this problem (for all, not only for chkuser). Not to mention my first experience with this patch it wasn't even a unified diff, therefore I had to apply it against a fresh qmail tarball and make a real diff out of it before I could apply it against the qmail tarball I was building. I'm not selling this patch, it is just a free patch. And you should know about patching patched sources... I don't like how it determines the 'catchall' either, however, that's not a problem with the patch, that's a problem with how vpopmail determines how it's supposed to handle deliveries to unknown user accounts/aliases. Thanks. Tonino -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [vchkpw] RE:[vchkpw] Making qmail check for existant user against vpopmail _before_ accepting mail
On Thursday 27 May 2004 04:26 am, Tonix wrote: > Tobias, > > it looks like there is a "trust" against this patch, just saying > generically it's ugly, but not beeing able to say why, and not beeing > able, mainly, to make another one working. > > This patch is highly responding to DJ security and programming models, > while all the rest around (including vpopmail) is not, so all the attacks > are without comprension (or people attacking does not understand what is > speaking about). *ahem* +#include > This patch is running in hundreds of productions sites since more than two > years (without a bug and without any performance problem), and I'm > receiving dozen of e-mails, each month, thanking for it. I continually see reports of 'false positives' on this mailing list. Not to mention my first experience with this patch it wasn't even a unified diff, therefore I had to apply it against a fresh qmail tarball and make a real diff out of it before I could apply it against the qmail tarball I was building. I don't like how it determines the 'catchall' either, however, that's not a problem with the patch, that's a problem with how vpopmail determines how it's supposed to handle deliveries to unknown user accounts/aliases. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
Re: [vchkpw] RE:[vchkpw] Making qmail check for existant user against vpopmail _before_ accepting mail
Hi, I have nothing but great things to say about Tonix's patch and the code is quite straight forward to read, even for an old C programmer like me. I use it personally and have it installed on more than 20 ISP and end user systems with no problems. Regards, Rick Tonix wrote: Tobias, it looks like there is a "trust" against this patch, just saying generically it's ugly, but not beeing able to say why, and not beeing able, mainly, to make another one working. This patch is highly responding to DJ security and programming models, while all the rest around (including vpopmail) is not, so all the attacks are without comprension (or people attacking does not understand what is speaking about). This patch is running in hundreds of productions sites since more than two years (without a bug and without any performance problem), and I'm receiving dozen of e-mails, each month, thanking for it. This patch has also be included in other bigger "containers", like Bill Shupp megapatch and Matt Simerson Toaster. I'm old and experienced enought to understand the real skills of people, and what's working and what not. If you install the patch and use it, you'll learn another way to know and trust people: by judging their work, and not their words. Tonino At 27/05/2004 27/05/2004 +0200, you wrote: Hi list, I found a patch [1] at [2] which enables qmail to first check against vpopmail if the user (email-address) is existant before accepting mail for it. Yesterday I asked in #qmail (IRC-channel) for any experiences and/or recommendations with this patch and have been told by Jeremy Kitchen that this patch is "UGLY" and "HORRIBLE" and has glibc-stuff in it. As he seems to have a "little bit" more experience than me, I trust him. :-) Anyway, I am still looking for a solution for this problem, maybe a solution which also checks if catch-all is activated for this domain. Right now we make the experience that a lot of spam and virus-mails are coming in and make the queue growing up enormously. I hope on the new systems, it will not be that bad by applying the "ext-todo" patch against the silly-qmail-syndrome, but I want these machines making be a little bit more secure. Because of the fact, that this solution would be a patch or anything else against vpopmail (maybe activating this functionality in qmail-smtp), I didn't ask in the qmail-list and hope this is the right place... Greetings Tobias [1] http://www.interazioni.it/qmail/easy-way-1.0.patch [2] http://www.interazioni.it/qmail/#qmail-smtpd [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED] -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- La tua posta elettronica senza virus su UfficioPostale.IT Your virus free electronic mail on UfficioPostale.IT
Re: [vchkpw] RE:[vchkpw] Making qmail check for existant user against vpopmail _before_ accepting mail
Alex, At 27/05/2004 27/05/2004 +0200, you wrote: .. But there is at least one problem that can be considered as bug. if you use comments in .qmail-default like in: #| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox | /home/vpopmail/bin/vdelivermail '' /home/vpopmail/domains/domain.de/user your patch recognizes "bounce-no-mailbox" which is wrong. This problem won't occur if you avoid changing .qmail-files by hand (using comments). You're right, but I don't see it as a bug (that piece of code replied - at that time - qmailadmin way of examining bouncing). Using a commented line is a workaround for maildrop users, so if I avoid commented lines for them is bad. Ok, ... I'll have to study and add some #define to next version, or add an external reference file (I'ld like to avoid any new file). What do you think about ? BTW, some time ago you promised a "surprise". Can we expect a new version of chkusr? I'm planning a new version, with unified and simplified installation and some new features (like quota checking and basic filtering), but I lack time to work on it... Hope within the summer. Ciao, Tonino Alex -- Alex Pleiner zeitform Internet Dienste Fraunhoferstrasse 5 64283 Darmstadt, Germany http://www.zeitform.de Tel.: +49 (0)6151 155-635 mailto:[EMAIL PROTECTED] Fax: +49 (0)6151 155-634 GnuPG/PGP Key-ID: 0x613C21EA [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [vchkpw] RE:[vchkpw] Making qmail check for existant user against vpopmail _before_ accepting mail
* Tonix <[EMAIL PROTECTED]> [2004-05-27 11:31]: > This patch is running in hundreds of productions sites since more than two > years (without a bug and without any performance problem), and I'm > receiving dozen of e-mails, each month, thanking for it. Tonino, I appreciate your work and use the patch in some production systems with success. But there is at least one problem that can be considered as bug. if you use comments in .qmail-default like in: #| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox | /home/vpopmail/bin/vdelivermail '' /home/vpopmail/domains/domain.de/user your patch recognizes "bounce-no-mailbox" which is wrong. This problem won't occur if you avoid changing .qmail-files by hand (using comments). BTW, some time ago you promised a "surprise". Can we expect a new version of chkusr? Alex -- Alex Pleiner zeitform Internet Dienste Fraunhoferstrasse 5 64283 Darmstadt, Germany http://www.zeitform.deTel.: +49 (0)6151 155-635 mailto:[EMAIL PROTECTED]Fax: +49 (0)6151 155-634 GnuPG/PGP Key-ID: 0x613C21EA
