>-----Original Message----- >From: Rick Macdougall [mailto:[EMAIL PROTECTED] >Sent: Wednesday, January 19, 2005 3:29 PM >To: email@example.com >Subject: Re: [vchkpw] chkuser 2.0 and vpopmail w/mysql > > > >Brian Lanier wrote: >>>-----Original Message----- >>>From: Jeremy Kitchen [mailto:[EMAIL PROTECTED] >>>Sent: Tuesday, January 18, 2005 3:03 PM >>>To: firstname.lastname@example.org >>>Subject: Re: [vchkpw] chkuser 2.0 and vpopmail w/mysql >>> >>>On Tuesday 18 January 2005 03:23 pm, Brian Lanier wrote: >>> >>> >>>>This is where I am not clear and would love to be >>>>corrected. I don't want delivery to happen on my public facing mail >>> >>>server, >>> >>>>but I would like to run chkuser there to prevent bad mail from even >>> >>>coming >>> >>>>into my mail system. >>> >>>that's a little trickier, and requires a certain type of setup. >>> >> >> Any examples of this type of setup? Any docs or postings of anyone have >used >> this type of setup? With our setup, we use a first layer to knock down >all >> the easy/obvious email and then pass on to our scanning layers to reduce >the >> load on our AV setup. This dependency on using the virtualdomains file >kills >> this type of setup. I have heard a lot of success stories using chkuser >and >> would like to implement it on our setup. I thought I had seen people >using >> this tiered approach with vpopmail and chkuser, just no details on >> implementation. >> > >I'm pretty sure vpopmail verifies the domain exists as a vpopmail domain >by looking at the qmail/users/assign file (at least it does here with >5.4.6), so you should be able to do what you want if the chkusr patch >relies on vpopmail calls (which it did in 1.0, I haven't used the 2.0 >version yet). > >I missed the earlier messages on this topic so I'm not quite sure what >you want to do but if you want a primary MX to accept mail and then >forward it on to a second machine that does local delivery, adding the >domain on the primary MX, then removing it from virtualdomains and >adding into smtproutes *should* work. > >I did do a similar setup for a client but I was using cdb not mysql, and >duplicating the vpasswd files for each domain and that did work. > >Should be easy enough to do the same thing with mysql although I think >you'll have to manually add the domains to the assign file and rebuild >it yourself if you are using the mysql server of the local delivery >machine, plus add the domains vpopmail directory and .qmail-default file >and any user .qmail files... yesh. Ummm, manually add the domain to >assign, rebuild and nfs mount the vpopmail domains/ directory :) > >Did that make any sense at all ? > >Regards, > >Rick Thanks Rick, That makes perfect sense in a convoluted sort of way. We actually have our primary mx's setup identical to our local delivery boxes for various network topology reasons. The difference is of course the use of smtproutes vs. virtualdomains and a few different patches to qmail at that level. Our customers use these servers as the outbound server for their mail clients as well and it works out great. Also, for our internal scripts and process, all of the vpopmail commands work because we sync the control files across all of our boxes when we add/delete domains. So based on what you have said, if chkuser relies on vpopmail commands to determine existence then my current setup should work just fine. If chkuser directly reads the virtualdomains file, then I will have problems. Thanks for all of the great info. If anyone can confirm or deny that last item that would be great(vpopmail commands vs. reading the file directly. If I could read C, I could figure this out ;-)), but I will probably give this a try when I can and report back for anyone else that has this same question.
Also, thanks again for all of you who provide such excellent support on this list. I have been following the list for a long time but never had a need to post since my questions have always already been answered. Thanks to the developers and contributors and those of you who just help. Brian