Sorry, we were talking about 2 different things. :) I was talking about
relaying. Not local delivery. My bad. 


From: Antti Kanes [] 
Sent: September-02-09 8:34 AM
Subject: RE: [vchkpw] Re: chkuser random rejects




I didn't know this, sorry; is that default behaviour nowadays for local
domains? Our servers need to be able to accept email from SMTP servers
around the world, and adding them all really isn't an option. Is this a
compile-time option? 

Why would you want to only accept mail from trusted hosts to the domains
the server is acting as MX for?

This information will be helpful to me as we'll be renewing our qmail
servers in the near future and will upgrade to a recent version at that

My intention was actually to help by ruling out something that shouldn't
be the cause of the problem, in my understanding, sorry if you found it





        From: Tren Blackburn [] 
        Sent: 2. syyskuuta 2009 18:22
        Subject: RE: [vchkpw] Re: chkuser random rejects

        Unless I missed it he doesn't mention if he's trying to submit
mail via localhost/telnet. You still need authorization for local
domains if you're trying to submit mail from an untrusted IP address
(ie. not explicitly trusted via tcp.smtp). If he did mention it then I
guess all I did was provide a possible answer that isn't applicable. I'm
sure that someone with mail dead would prefer to have more people
helping then less.




        From: Antti Kanes [] 
        Sent: September-02-09 8:17 AM
        Subject: RE: [vchkpw] Re: chkuser random rejects


        Wouldn't this be unnecessary if the domain was local, though?

        (In which case the domain would/should be listed in rcpthosts /
morercpthosts configuration file)



                From: Tren Blackburn [] 
                Sent: 2. syyskuuta 2009 18:02
                Subject: RE: [vchkpw] Re: chkuser random rejects

                Are you sending mail from an authorized host? Either
explicitly via tcp.smtp or via SMTP-Auth or


                From: Bogdan Motoc - CRC []

                Sent: September-02-09 7:54 AM
                Subject: Re: [vchkpw] Re: chkuser random rejects


                The assign file has all the domains that have been added
via vaddaliasdomain
                I only have one set of users and the other domains are
aliases to
                Here's what that file looks like:
                Removing ",QMAILQUEUE="/var/qmail/bin/simscan"" from
tcp.smtp and doing qmailctl cdb gives this error when sending to a
legitimate user:

                Remote host said: 553 sorry, that domain isn't in my
list of allowed rcpthosts (#5.5.3 - chkuser)

                Eric Shubert wrote: 

                What's in your /var/qmail/users/assign file? 
                Bogdan Motoc - CRC wrote: 

                I'm really sorry about bothering you again about this
problem, but I'm really at wits' end here. 
                I have removed the mail.domain.tld from every file I
could find. 
                Now mail is not received at all. At least now it's
consistent, which is good. No more flapping. (have to keep my sense of
humor while users can't receive any mail) 
                I think chkuser can be ruled out as the problem. Sending
to legitimateu...@domain.tld produces a bounce with the error listed
below (#5.1.1), while sending to nonexistentu...@domain.tld makes
chkuser kick in and reject the message as it should as soon as I type
rcpt to: badu...@domain.tld 
                511 sorry, no mailbox here by that name (#5.1.1 -
                So my conclusion is that qmail accepts the message but
when it wants to deliver it locally to the vpopmail user, something
causes it to bounce. 
                Can you give me any advice on how to test the path
traversed by the message once it is accepted by qmail-smtpd ? 
                Bogdan Motoc - CRC wrote: 

                I seem to have broken things really bad. I tried to make
mail.domain.tld an alias of domain.tld 
                Now authentication only works from time to time. 
                The bounce says: 
                <u...@domain.tld> <mailto:u...@domain.tld> : 
                Sorry, no mailbox here by that name. (#5.1.1) 
                Of course, that account exists. 
                Where are domain aliases stored? Can I manually delete a
domain alias? 
                I'm using vpopmail 5.4.17 with users stored in a cdb
                Tonix (Antonio Nati) wrote: 

                Bogdan Motoc - CRC ha scritto: 

                Tonix (Antonio Nati) wrote: 

                Bogdan Motoc - CRC ha scritto: 

                This most probably is not a vpopmail problem, but a
chkuser one. 
                The support page of chkuser
) points to this mailing list, so that's why I'm posting this here. 

                chkuser is simply using basic qmail checks, giving a
better log. It is giving back what qmail would give back. 
                Check carefully qmail configuration and files

                nothing changed between the two events (rejecting a
legitimate message and allowing a similar one) 
                all files are world-readable, except the .lock files 

                        The mail server in question runs: 
                        netqmail 1.05 
                        vpopmail 5.4.17 
                        chkuser 2.0.8b 
                        simscan 1.1 

                install chkuser 2.09, has more checks, new features and
solves minor bugs (not related to your question). 

                hard to do on a production server. I've set this one up
more than two years ago, and I remember there was a rigid order in which
patches were supposed to be applied to qmail, and some of them had to be
manually added (thinking of simscan, smtp-auth, chkuser) 

                It should be easy. Copy new chkuser files over old
files, check chkuser_settings.h (some have changed) and recompile. 

                In the meantime, I've googled a bit and found an
alternative. I'll post a "what's your experience with ... ?" message
later about it. 


                Messages sent to existing and not overquota users on
this server randomly (as far as I can tell) are rejected with this
                Remote host said: 553 sorry, that domain isn't in my
list of allowed rcpthosts (#5.5.3 - chkuser) 
                I've checked and double checked that the user exists and
there was no typo when entering the destination email address. 
                Sending again after a while to the same user ends up
with the message into his mailbox without any issues. 
                The server's /var/log/qmail/smtpd/current log file shows
this about the rejected message: 
                2009-07-24 12:28:19.035629500 CHKUSER rejected relaying:
from <sender's_email_address::> remote
<remote_mail_server:unknown:remote_ip> rcpt <valid_u...@mail.domain.tld>
<mailto:valid_u...@mail.domain.tld>  : client not allowed to relay 
                The mailboxes on this machine are all respecting this
pattern: u...@domain.tld 

                You say general pattern is u...@domain.tld, while log
says u...@mail.domain.tld. 
                Are you sure 100% domain names do not include blank,
DEL, strange not visible chars? It could happen when spaces or strange
invisible characters are inside mail addresses. 

                Yes, the recipient mail address I've typed correctly (I
double-checked it, having faced stupid users before who think that
spaces in email adresses can't hurt that much, can they?) 
                Basically, i replied to a user on that server and got
the bounce back imidiately.  Cursed at the binary gods for allowing
functions to return different results when fed the same input, had to
leave the office, and when i got back replied again to the same message,
checked and it arrived in the users's mailbox. The log shows this: 
                2009-07-24 18:09:48.389030500 CHKUSER accepted rcpt:
from <my_email_address::> remote <my_email_server:unknown:my_ip> rcpt
<u...@domain.tld> <mailto:u...@domain.tld>  : found existing recipient 

                Check if any limit is reached. Like max open files or
max MySQL connections. It could happen in a peaik moment you reach some
                chkuser version you have does not handle mysql refused
connections, while 2.0.9 does. 

                What i don't understand is why vpopmail is sometimes
being asked to authenticate /u...@domain.tld/ and sometimes
/u...@mail.domain.tld/ ? 

                probably some users put the wrong username in Outlook...
missing the domain part, so automatically you have the "me" file added
to address... or? 

                Of course, possible solutions to my problem are: 
                1. getting rid of "mail." part completely 
                2. making mail.domain.tld an alias of domain.tld, so
both would work 
                Thanks a lot for any ideeas you might have. 


                The /var/qmail/control/me file lists this:
mail.domain.tld, which is also the MX for domain.tld 
                /var/qmail/control/rcpthosts lists both domain.tld and
                /var/qmail/control/virtualdomains shows domain.tld 
                /var/qmail/control/locals shows only mail.domain.tld 
                /var/qmail/control/defaultdomain only shows domain.tld 
                What could be wrong, but most of all, why is the error
occurring only rarely (but often enough to be annoying)? 
                Thanks in advance for any answers you might be able to
                Bogdan Motoc 

                        in...@zioni            Interazioni di Antonio

                        in...@zioni            Interazioni di Antonio








Reply via email to