Re: [vchkpw] open-smtp.tmp.xxx files scattered about

2004-04-20 Thread Michael Bowe

- Original Message - 
From: Jeff Koch [EMAIL PROTECTED]



 Hi:

 We just setup a new mailserver using Bill's Toaster and are now seeing
 these strange files in the /home/vpopmail/etc directory:

 -rw-r--r--1 root root0 Apr 20 00:01 open-smtp.tmp.738
 -rw-r--r--1 root root0 Apr 16 01:38 open-smtp.tmp.739

 They have zero size and do not seem to be expiring. We are using vpopmail
 with roaming user support and courier-imap. We're not sure what's creating
 these files. They don't exist on non-courier-imap mailservers.

 Any ideas on where they are coming from or what we did wrong? We can write
 a cronjob to delete them but I thought I would ask in case we messed
 something up.

Yes its a bug in vpopmail

Refer to my post from a few days ago (subject authdaemon  vpopmail)

The fix has been uploaded to the vpopmail CVS, so will be in the next
release of vpopmail 5.4.x and 5.5.x

Michael



Re: [vchkpw] open-smtp.tmp.xxx files scattered about

2004-04-20 Thread Jeff Koch
Michael - can you confirm that this only occurs with courier-imap? Because 
we have two other mailservers with the same version of vpopmail that do not 
have this problem - they are not running courier-imap. Is there any problem 
deleting these files?

At 05:09 PM 4/20/2004, you wrote:

- Original Message -
From: Jeff Koch [EMAIL PROTECTED]

 Hi:

 We just setup a new mailserver using Bill's Toaster and are now seeing
 these strange files in the /home/vpopmail/etc directory:

 -rw-r--r--1 root root0 Apr 20 00:01 open-smtp.tmp.738
 -rw-r--r--1 root root0 Apr 16 01:38 open-smtp.tmp.739

 They have zero size and do not seem to be expiring. We are using vpopmail
 with roaming user support and courier-imap. We're not sure what's creating
 these files. They don't exist on non-courier-imap mailservers.

 Any ideas on where they are coming from or what we did wrong? We can write
 a cronjob to delete them but I thought I would ask in case we messed
 something up.
Yes its a bug in vpopmail

Refer to my post from a few days ago (subject authdaemon  vpopmail)

The fix has been uploaded to the vpopmail CVS, so will be in the next
release of vpopmail 5.4.x and 5.5.x
Michael
Best Regards,

Jeff Koch, Intersessions 




Re: [vchkpw] open-smtp.tmp.xxx files scattered about

2004-04-20 Thread Michael Bowe

- Original Message - 
From: Jeff Koch [EMAIL PROTECTED]



 Michael - can you confirm that this only occurs with courier-imap? Because
 we have two other mailservers with the same version of vpopmail that do
not
 have this problem - they are not running courier-imap. Is there any
problem
 deleting these files?


Hi Jeff

Up until fairly recently, the roaming user code in courier-imap was
hardcoded off. This was because of a security bug in the vchkpw code that
was being distributed with courier-imap.

Earlier this year I fixed the vchkpw code in courier to remove the security
bugs. Also at the same time I arranged for modifications to be made to the
courier-imap ./configure scripts so that roaming user support in
courier-imap would be automatically enabled based on whether this
functionality had been enabled in vpopmail

However, now that courier-imap is working properly, it exposed a bug in the
roaming user code in vpopmail

The bug was present when the following combination of features were enabled
:
  * courier-imap with authdaemon
  * vpopmail with roaming users and not with SQL auth backend

The bug resulted in temp files being created, and then never removed. Given
enough time/logins, the directory/disk would completely fill with these temp
files resulting in system failure.

It is safe to delete any old examples of these tmp files from your hard disk
(ie older than about 1 hour)

I am not sure when the next builds of vpopmail are to be released, but it is
possible for you to grab the patched builds direct from the CVS system with
a command like this :

to get the latest 5.4 build (5.4.4 pre-release)

  cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/vpopmail login
  (press enter when prompted for a password)
  cvs -z3 -d:pserver:[EMAIL PROTECTED]:/cvsroot/vpopmail
checkout -r stable-5_4 vpopmail

or to get the lastest 5.5 build (5.5.1 pre-release)

  cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/vpopmail login
  (press enter when prompted for a password)
  cvs -z3 -d:pserver:[EMAIL PROTECTED]:/cvsroot/vpopmail
checkout vpopmail

One other thing to note about courier-imap and vpopmail roaming users... If
you enable authdaemon in courier, then imap-before-smtp will not work, as
when courier is running in authdaemon mode, the IP address of the client is
not available to the vchkpw code in courier. If you want to be able do
imap-before-smtp, you have to compile
courier --with-authvchkpw --without-authdaemon

Michael.