Solved. It was a softlimit problem.

> On 2006-04-19, at 1231, [EMAIL PROTECTED] wrote:
>> I am having trouble with user authentication. I am running Fedora
>> Core 5 on a Dell PowerEdge blade server with the latest (as of a
>> few days ago) versions of qmail, vpopmail, and qmailadmin.
> specific version numbers? any patches applied on top of the source?
>> I can log into qmailadmin just fine through Apache and I have
>> added a virtual domain and some virtual users. This is reflected
>> in my /var/qmail/ rchphosts and virtualdomain files. It is also
>> reflected in /home/vpopmail/.
>> The passwords for various users work in vpopmail but no where
>> else. I have tried telnetting to port 110 on the box and applying
>> crudentials but it always reports:
>> -ERR authorization failed
> even for the same "[EMAIL PROTECTED]" account that you used with
> qmailadmin?
>> Here are my run scripts. Let me know what other information you
>> require. It may be important to note that this box does not have a
>> FQHN, instead, I have lied to it that it's name is
>> "", when there is in actuality another box
>> with that name (our old mail server). I cannot give it that proper
>> name until this box works, because we support hundreds of users
>> and cannot have an e-mail downage. The new blade's hostname is
>> stormtrooper and if I ping that name according to the box it
>> thinks it's, so I _think_ it's not a problem.
> that's an /etc/hosts issue. both of the "run" scripts are using "0"
> as the IP address, so the hostname shouldn't be an issue for starting
> the services. the one thing to note is that when you do "throw the
> switch", i'm assuming that part of the process will be changing the
> machine's IP address to be the same as the old server... when you
> change the IP, you should restart any services which are listening
> for incoming connections.
> your pop3 service is running as root, so it shouldn't be a
> permissions issue... very strange.
> the smtp service is running as "qmaild", which means that when qmail-
> smtpd runs vchkpw, it will try to run vchkpw as the qmaild user,
> which doesn't have permissions to read the vpasswd.cdb files (which
> contain the mailbox names and encrypted passwords.) there are two
> solutions for this problem:
> (1) run the qmail-smtpd service as the vpopmail user, which can cause
> issues with other qmail-smtpd add-ons (qmail-scanner, simscan, etc.)
> (2) make the ~vpopmail/bin/vchkpw binary setuid, so that no matter
> which userid starts it, it runs as the vpopmail user.
>       # cd ~vpopmail/bin
>       # chown vpopmail:vchkpw vchkpw
>       # chmdo 6711 vchkpw
> neither solution is the best for everybody- the first one can cause
> issues with other programs, and the second one opens a hole which
> could potentially allow a local user to conduct a dictionary attack
> against mailbox passwords by running vchkpw directly. if you don't
> allow non-trusted people to run arbitrary commands on your machine
> (this includes CGI or PHP scripts as part of a web site) then the
> second option is a non-issue, and is in fact what i've been doing on
> my own server for several years.
> however, i have modified qmail-smtpd to check a cdb file when
> validating an AUTH command. i will be rolling a patch file for it,
> and writing a web page to document it, later this week.
> --------------------------------------------------
> | John M. Simpson - KG4ZOW - Programmer At Large |
> |           <[EMAIL PROTECTED]> |
> --------------------------------------------------
> | Mac OS X proves that it's easier to make UNIX  |
> | pretty than it is to make Windows secure.      |
> --------------------------------------------------

Reply via email to