Re: [vchkpw] vchkpw works manually but not from vpopmail-authlib
On Friday 01 December 2006 12:34, Michael Richardson wrote: > > Incidentally, how would I discover what user the authdaemond is running as? usually by running a command like this: ps auxww | grep authdaemond -- -- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ <[EMAIL PROTECTED]> | -- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | --
Re: [vchkpw] vchkpw works manually but not from vpopmail-authlib
Thanks gents. Why, oh why, do the logs report "vchkpw: some message" if it isn't running vchkpw... what is a noob to do when his system lies to him? I can't very well reprimand it. Based on your advice of the compile order, I recompiled each package, in this order: qmail vpopmail couriour-authlib courier-imap Whether by compiling them in the correct order, accidentally fixing permissions, or by grace of God, it works. Incidentally, how would I discover what user the authdaemond is running as?
Re: [vchkpw] vchkpw works manually but not from vpopmail-authlib
On Nov 30, 2006, at 4:27 PM, Rick Macdougall wrote: Off Topic: Tom: Did that qmail patch for simscan work for you when your server gets overloaded (regarding duplicate messages when simscan takes to long to get back to the remote server and the remote server times out ?) I'm pretty sure it did -- I haven't heard anything from my users since installing it. I also installed a ucspi-tcp (tcpserver) patch from linux.voyager.hr/ucspi-tcp/> that lets me limit simultaneous connections per IP or class C netblock, and based on server load. Right now, if the server load hits 7.00, I stop accepting mail on port 25. I continue to accept it on port 587 (which now requires AUTH, thanks to another patch) regardless of the system load. I've been able to up my concurrencyincoming from 10 to 25, since it will throttle under load but continue to accept connections if the current connections are slow. I also set up another server as backup MX with simscan/sa/clamav, mirrored vpopmail/domains and most qmail/control files (so chkuser works), and trust the mail that comes from that server. The backup MX also handles mail that we simply forward to some clients' Exchange servers, so that helped reduce my load as well. -- Tom Collins - [EMAIL PROTECTED] Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/ QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/
Re: [vchkpw] vchkpw works manually but not from vpopmail-authlib
Tom Collins wrote: On Nov 30, 2006, at 1:39 PM, Michael Richardson wrote: However, if I run vchkpw manually, it works great: vpopmail-authlib from Courier-IMAP doesn't actually run the vchkpw program. Make sure you compiled authlib AFTER compiling and installing vpopmail. If you changed anything in your vpopmail config, you need to recompile and reinstall authlib. Or courier-imap if you are running an older version. Off Topic: Tom: Did that qmail patch for simscan work for you when your server gets overloaded (regarding duplicate messages when simscan takes to long to get back to the remote server and the remote server times out ?) Regards, Rick
Re: [vchkpw] vchkpw works manually but not from vpopmail-authlib
On Nov 30, 2006, at 1:39 PM, Michael Richardson wrote: However, if I run vchkpw manually, it works great: vpopmail-authlib from Courier-IMAP doesn't actually run the vchkpw program. Make sure you compiled authlib AFTER compiling and installing vpopmail. If you changed anything in your vpopmail config, you need to recompile and reinstall authlib. -- Tom Collins - [EMAIL PROTECTED] Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/ QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/
Re: [vchkpw] vchkpw works manually but not from vpopmail-authlib
On 2006-11-30, at 1639, Michael Richardson wrote: I thought I might drop in and bug you with a problem. I recently upgraded my linux packages (including mysql) and now my qmail/vpopmail/imap- courier setup has stopped working. When I check my mail, the email client reports "Login Failed". The server reports: - Dec 2 14:13:56 mydomain pop3d-ssl: Connection, ip=[::: 71.92.162.12] Dec 2 14:13:59 mydomain pop3d-ssl: LOGIN FAILED, user= [EMAIL PROTECTED], ip=[:::71.92.162.12] Dec 2 14:13:59 mydomain authdaemond: received auth request, service=pop3, authtype=login Dec 2 14:13:59 mydomain authdaemond: authvchkpw: trying this module Dec 2 14:13:59 mydomain authdaemond: vchkpw: user does not exist Dec 2 14:13:59 mydomain authdaemond: authvchkpw: REJECT - try next module Dec 2 14:13:59 mydomain authdaemond: FAIL, all modules rejected - what userid is authdaemond running as? does this userid have read access to ~vpopmail/domains/*/vpasswd.cdb ? if it can't read the files, then EVERYTHING will However, if I run vchkpw manually, it works great: that's nice, but it has nothing to do with the problem at hand. authdaemond doesn't work by running vchkpw. when you compile courier- authlib, it uses the vpopmail headers and libraries, and in fact calls the same internal functions that vchkpw does (i.e. vauth_getpw () and friends) which means that those functions are running, and the files they read are accessed, as whatever userid that authdaemond itself is running as. and if authdaemond isn't running as either root or the vpopmail user, this is what happens. when i first ran into this, i wanted to fix authdaemond so that it has different error messages for "unable to access the vpasswd.cdb file" and "userid does not exist". however, the vauth_getpw() function isn't written with a way for the caller to tell the difference. the way it was written, if the userid is found, it returns a pointer to their information in memory. otherwise (and this word "otherwise" is a very big term- it could mean "user not found", it could mean "file not found", it could mean "can't read the file because the permissions are wrong", it could mean "the file is corrupt", it could mean "low-level disk I/O error"...) it returns a NULL pointer (i.e. the number zero.) this isn't something which can be fixed with a quick patch- it's a fundamental error in how the vpopmail API was originally designed. it's something that people (myself included) have been dealing with for several years. if somebody seriously wanted to fix it, they would basically have to start over and write a new generation of vpopmail from scratch... certainly a bigger project than i want to tackle on my own. -- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ <[EMAIL PROTECTED]> | -- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | -- PGP.sig Description: This is a digitally signed message part
