DAve wrote:
DAve wrote:
Tom Collins wrote:

I think you've found a bug in vchkpw.

Bug? After running this entire situation through my thick head, again, I more suspect I am trying to do something with vchkpw it was never intended to do.


>> I think... that vchkpw will not work without a complete working
>> install. It seems to need to have access to the domains,
>> virtualdomains, and users/cdb file.

Exactly. vchkpw expects to run on a system with a full vpopmail installation.

For some reason, it wants to create the user's directory if it doesn't already exist. This could be related to updating the lastauth file in the user's directory. Disabling AUTH_LOGGING on that system will help, but you'll still have code trying to create the directory.

If auth logging is enabled then the attempt to authenticate needs to be logged. If the users directory doesn't exist, it needs to be created so the log file can be created.

Let me know if that works, and I'll make changes to the release version. That code could probably be permanently removed -- the user's directory is created by vdelivermail when necessary. vchkpw doesn't need to be doing it.

Bill: I have to disagree. The authentication attempt needs to be logged, even if there is no mail to deliver. If MySQL is holding the auth log info, then it should be be removed with another ifdef. There may be some 'combination of configure option' bugs here, but if auth-logging is enabled and the directory does not exist it needs to be created. At least for cdb.

Is no one else using a physically separate outbound smtp server? I am open to suggestions on how to auth using my vpopmail DB.

John Simpson has a validrcptto patch which modifies qmail-smtp to verify
email addresses against a cdb file, and the latest vpopmail provides an
onchange script that lets you update the cdb files when users are added
or removed.


vpopmaild can be used to verify a vpopmail login. Just attempt to login to the daemon with the user and password, using the silent option. If the user is valid the login attempt will succeed. I am not aware of a program to do this, but if you write one, I would consider adding it to the contrib directory of vpopmail.

This morning I hacked up a quick Perl script to do the authentication and it is working fine. This confirms that my qmail-auth installation is working, and my remote vpopmail DB is reachable.

If you have any other uses for Perl (spamassassin) on the machine and keep it loaded in RAM, this may well be the most efficient method... You are directly opening the database and looking up the info you need. Anything else you do just adds another layer, and the program you use still has to open the database.

PHP might be able to do the same thing with a slightly smaller memory footprint.

Reply via email to