Thanks for the answer

qmail-smtpd is trying to run the checkpassword program, and can't.

check the permissions on your checkpassword program (specified on your qmail-smtpd command line- if the example you sent is accurate, this will be "/home/vpopmail/bin/vchkpw".) and here's the part a lot of people forget- also check the permissions of each directory which contains it. for example, if the program is "/home/vpopmail/bin/ vchkpw", you need to make sure that "/home", "/home/vpopmail", and "/ home/vpopmail/bin" all have AT LEAST "x" permission for "group" and "other" (i.e. "chmod go+x /home /home/vpopmail /home/vpopmail/bin".)

drwxrwsr-x   5 root staff  4096 2006-02-06 15:55 home
drwxr-xr-x  8 vpopmail vchkpw  4096 2006-02-06 15:55 vpopmail
drwxr-xr-x 2 vpopmail vchkpw 4096 2006-02-06 15:58 bin

the next problem you're going to run into is that (according to the smtp run script you sent) qmail-smtpd is running as the userid "qmaild", and in order for "vchkpw" to read the vpasswd.cdb files and do its job, it has to be run as either the vpopmail user, or as root.

   I already saw that error, and now this is the run file:
tsuki:/var/qmail/supervise/qmail-smtpd# cat run

QMAILDUID=`id -u vpopmail`

NOFILESGID=`id -g vpopmail`

MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`

exec /usr/bin/softlimit -m 6000000 /usr/bin/tcpserver -H -R -l 0 -c "$MAXSMTPD" -x /etc/tcp.smtp.cdb -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true 2>&1

the easiest way to make this happen is to make the vchkpw binary setuid, like so:

    # chmod 6711 /home/vpopmail/bin/vchkpw

-rws--s--x 1 vpopmail vchkpw 73124 2006-02-06 15:55 /home/vpopmail/bin/vchkpw

however, this could potentially be dangerous if normal users have access to run commands on the machine- a user could run vchkpw over and over, for example, in an attempt to do brute-force guessing of other peoples' passwords. there are other options- a popular one is to make qmail-smtpd run as the vpopmail user, however if you're using qmail-scanner, simscan or any other QMAILQUEUE program, this will also cause those programs to run as the vpopmail user as well. i'm not saying this is a good or a bad thing, just something to be aware of- as long as you understand what's going on, it can be handled.

   For the moment only want see smtp auth run.
   But the result is the same:

tsuki:/var/qmail/supervise/qmail-smtpd# telnet localhost 25
Connected to localhost.
Escape character is '^]'.
ehlo prueba
250-SIZE 0
auth login
334 VXNlcm5hbWU6
334 UGFzc3dvcmQ6
454 oops, unable to write pipe and I can't auth (#4.3.0)


Reply via email to