On 2006-10-25, at 1756, Howard Jones wrote:

I've just started using qpsmtpd to do SMTP AUTH against my vpopmail
users with vchkpw, to avoid running a patched qmail-smtpd[1]...

[1] actually, it's to avoid having to reconcile SMTP AUTH patches with
chkuser, which I already use, and couldn't live without. I run
qmail-smtpd with chkuser for the 'public' MX SMTP service, and qpsmtpd
for my local user's relay SMTP server, with auth and SSL.

you are aware that there are other patches out there which do the same thing that "chkuser" does, which do work with AUTH, TLS, and SSL, and which don't rely specifically on vpopmail (i.e. when you upgrade vpopmail you don't have to re-compile qmail)?

i mention this because i wrote such a patch- instead of looking directly at vpopmail's files (or mysql database, or however you have vpopmail configured) it reads a single cdb file where the keys are email addresses, and the values (for now) are ignored. it also handles "-default" addresses in the expected manner (i.e. if the validrcptto.cdb file contains "[EMAIL PROTECTED]", qmail-smtpd will accept "[EMAIL PROTECTED]".)

i also have a combined patch which includes this one, plus all of the other standard things people seem to look for when patching qmail- TLS (both inbound and outbound), AUTH (both inbound and outbound), SPF with logging, my AUTH_SET patch (which allows you to add, change, or delete environment variables when a successful AUTH command is sent, and have those changes take effect where appropriate), badmailfrom/badrcptto with regular expressions, the "ext_todo" patch (which breaks qmail-send into two programs so that classifications and deliveries don't hold each other up, the so-called "silly qmail syndrome"), a patch which i've written but not yet documented which handles the AUTH command using a cdb file rather than calling an external program, and more.

my server has been very happily using this combined patch for several months, rejecting messages sent to non-existent mailboxes while still supporting STARTTLS and AUTH.

i have an entire web site devoted to this stuff, here are two pages to start with:


you may have other reasons for wanting to stick with chkuser, but you should at least look at other options (if you haven't already done so.)

| John M. Simpson - KG4ZOW - Programmer At Large |
| http://www.jms1.net/           <[EMAIL PROTECTED]> |
| Mac OS X proves that it's easier to make UNIX  |
| pretty than it is to make Windows secure.      |

Attachment: PGP.sig
Description: This is a digitally signed message part

Reply via email to