Aleks,

sorry to repeat what has been already said, but to make it short use Shupp's Toaster. There inside chkuser + TLS + auth work fine together (since years). You'll build it in minuts, and will never regret of making this step.


Ciao,

Tonino

At 13.18 22/09/2005, you wrote:
Just for the fun of it; If I was to, (in this lifetime) get tls/auth
to work with chkuser, what/who's tls and auth code should i use?
Since jms obvious dont need to make he's patches compatible since he's
got the needed stuff for himself in validrcptto, i was hoping someone
knew what works or not. I stand corrected about the hole auth and no
tls security breach jms pointed out. If you want auth you should use
tls i guess.

Thanks,

/Aleks

On 9/22/05, John Simpson <[EMAIL PROTECTED]> wrote:
> On 2005-09-21, at 0623, tonix (Antonio Nati) wrote:
>
> >
> > Why are you running it with -u $QMAILDUID ?
> >
> > You should run it as vpopmail, excluding any uidswitching (if you
> > enabled uidswitching within chkuser_settings.h, comment it).
> >
> > Cert must be owned by vpopmail as well.
>
> qmail is, and has always been, designed to have qmail-smtpd run as
> qmaild. the only reason to make it run as the vpopmail user is so
> that you can us "vchkpw" to support AUTH, and the solution there is
> to make the "vchkpw" binary setuid so it always runs as the vpopmail
> user.
>
> the servercert.pem file should be owned by root and readable to the
> group "nofiles" (which is the group qmaild belongs to.) the
> clientcert.pem file (if you have one) should also be owned by root,
> but readable to the group "qmail".
>
> --------------------------------------------------
> | John M. Simpson - KG4ZOW - Programmer At Large |
> | http://www.jms1.net/           <[EMAIL PROTECTED]> |
> --------------------------------------------------
> | Mac OS X proves that it's easier to make UNIX  |
> | pretty than it is to make Windows secure.      |
> --------------------------------------------------
>
>
>
>
>


Reply via email to