Sorry, we were talking about 2 different things. :) I was talking about relaying. Not local delivery. My bad.
From: Antti Kanes [mailto:antti.ka...@innoventum.fi] Sent: September-02-09 8:34 AM To: vchkpw@inter7.com Subject: RE: [vchkpw] Re: chkuser random rejects Cheers, I didn't know this, sorry; is that default behaviour nowadays for local domains? Our servers need to be able to accept email from SMTP servers around the world, and adding them all really isn't an option. Is this a compile-time option? Why would you want to only accept mail from trusted hosts to the domains the server is acting as MX for? This information will be helpful to me as we'll be renewing our qmail servers in the near future and will upgrade to a recent version at that point. My intention was actually to help by ruling out something that shouldn't be the cause of the problem, in my understanding, sorry if you found it offensive. ++antti ________________________________ From: Tren Blackburn [mailto:t...@eotnetworks.com] Sent: 2. syyskuuta 2009 18:22 To: vchkpw@inter7.com Subject: RE: [vchkpw] Re: chkuser random rejects Unless I missed it he doesn't mention if he's trying to submit mail via localhost/telnet. You still need authorization for local domains if you're trying to submit mail from an untrusted IP address (ie. not explicitly trusted via tcp.smtp). If he did mention it then I guess all I did was provide a possible answer that isn't applicable. I'm sure that someone with mail dead would prefer to have more people helping then less. t. From: Antti Kanes [mailto:antti.ka...@innoventum.fi] Sent: September-02-09 8:17 AM To: vchkpw@inter7.com Subject: RE: [vchkpw] Re: chkuser random rejects Wouldn't this be unnecessary if the domain was local, though? (In which case the domain would/should be listed in rcpthosts / morercpthosts configuration file) ________________________________ From: Tren Blackburn [mailto:t...@eotnetworks.com] Sent: 2. syyskuuta 2009 18:02 To: vchkpw@inter7.com Subject: RE: [vchkpw] Re: chkuser random rejects Are you sending mail from an authorized host? Either explicitly via tcp.smtp or via SMTP-Auth or POP-before-SMTP/IMAP-before-SMTP? From: Bogdan Motoc - CRC [mailto:bogdan.mo...@crcnet.ro] Sent: September-02-09 7:54 AM To: vchkpw@inter7.com Subject: Re: [vchkpw] Re: chkuser random rejects The assign file has all the domains that have been added via vaddaliasdomain I only have one set of users and the other domains are aliases to domain.com Here's what that file looks like: +domain.com-:domain.com:89:89:/home/vpopmail/domains/domain.com:-:: +domain.eu-:domain.com:89:89:/home/vpopmail/domains/domain.com:-:: . Removing ",QMAILQUEUE="/var/qmail/bin/simscan"" from tcp.smtp and doing qmailctl cdb gives this error when sending to a legitimate user: Remote host said: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3 - chkuser) Eric Shubert wrote: What's in your /var/qmail/users/assign file? Bogdan Motoc - CRC wrote: I'm really sorry about bothering you again about this problem, but I'm really at wits' end here. I have removed the mail.domain.tld from every file I could find. Now mail is not received at all. At least now it's consistent, which is good. No more flapping. (have to keep my sense of humor while users can't receive any mail) I think chkuser can be ruled out as the problem. Sending to legitimateu...@domain.tld produces a bounce with the error listed below (#5.1.1), while sending to nonexistentu...@domain.tld makes chkuser kick in and reject the message as it should as soon as I type rcpt to: badu...@domain.tld 511 sorry, no mailbox here by that name (#5.1.1 - chkuser) So my conclusion is that qmail accepts the message but when it wants to deliver it locally to the vpopmail user, something causes it to bounce. Can you give me any advice on how to test the path traversed by the message once it is accepted by qmail-smtpd ? Bogdan Motoc - CRC wrote: I seem to have broken things really bad. I tried to make mail.domain.tld an alias of domain.tld Now authentication only works from time to time. The bounce says: <u...@domain.tld> <mailto:u...@domain.tld> : Sorry, no mailbox here by that name. (#5.1.1) Of course, that account exists. Where are domain aliases stored? Can I manually delete a domain alias? I'm using vpopmail 5.4.17 with users stored in a cdb file. Bogdan Tonix (Antonio Nati) wrote: Bogdan Motoc - CRC ha scritto: Tonix (Antonio Nati) wrote: Bogdan Motoc - CRC ha scritto: This most probably is not a vpopmail problem, but a chkuser one. The support page of chkuser (http://www.interazioni.it/opensource/chkuser/support/mailing_lists.html ) points to this mailing list, so that's why I'm posting this here. chkuser is simply using basic qmail checks, giving a better log. It is giving back what qmail would give back. Check carefully qmail configuration and files availability. nothing changed between the two events (rejecting a legitimate message and allowing a similar one) all files are world-readable, except the .lock files The mail server in question runs: netqmail 1.05 vpopmail 5.4.17 chkuser 2.0.8b simscan 1.1 install chkuser 2.09, has more checks, new features and solves minor bugs (not related to your question). hard to do on a production server. I've set this one up more than two years ago, and I remember there was a rigid order in which patches were supposed to be applied to qmail, and some of them had to be manually added (thinking of simscan, smtp-auth, chkuser) It should be easy. Copy new chkuser files over old files, check chkuser_settings.h (some have changed) and recompile. In the meantime, I've googled a bit and found an alternative. I'll post a "what's your experience with ... ?" message later about it. Messages sent to existing and not overquota users on this server randomly (as far as I can tell) are rejected with this message: Remote host said: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3 - chkuser) I've checked and double checked that the user exists and there was no typo when entering the destination email address. Sending again after a while to the same user ends up with the message into his mailbox without any issues. The server's /var/log/qmail/smtpd/current log file shows this about the rejected message: 2009-07-24 12:28:19.035629500 CHKUSER rejected relaying: from <sender's_email_address::> remote <remote_mail_server:unknown:remote_ip> rcpt <valid_u...@mail.domain.tld> <mailto:valid_u...@mail.domain.tld> : client not allowed to relay The mailboxes on this machine are all respecting this pattern: u...@domain.tld You say general pattern is u...@domain.tld, while log says u...@mail.domain.tld. Are you sure 100% domain names do not include blank, DEL, strange not visible chars? It could happen when spaces or strange invisible characters are inside mail addresses. Yes, the recipient mail address I've typed correctly (I double-checked it, having faced stupid users before who think that spaces in email adresses can't hurt that much, can they?) Basically, i replied to a user on that server and got the bounce back imidiately. Cursed at the binary gods for allowing functions to return different results when fed the same input, had to leave the office, and when i got back replied again to the same message, checked and it arrived in the users's mailbox. The log shows this: 2009-07-24 18:09:48.389030500 CHKUSER accepted rcpt: from <my_email_address::> remote <my_email_server:unknown:my_ip> rcpt <u...@domain.tld> <mailto:u...@domain.tld> : found existing recipient Check if any limit is reached. Like max open files or max MySQL connections. It could happen in a peaik moment you reach some limits. chkuser version you have does not handle mysql refused connections, while 2.0.9 does. What i don't understand is why vpopmail is sometimes being asked to authenticate /u...@domain.tld/ and sometimes /u...@mail.domain.tld/ ? probably some users put the wrong username in Outlook... missing the domain part, so automatically you have the "me" file added to address... or? Ciao, Tonino Of course, possible solutions to my problem are: 1. getting rid of "mail." part completely 2. making mail.domain.tld an alias of domain.tld, so both would work Thanks a lot for any ideeas you might have. Regards, Tonino The /var/qmail/control/me file lists this: mail.domain.tld, which is also the MX for domain.tld /var/qmail/control/rcpthosts lists both domain.tld and mail.domain.tld /var/qmail/control/virtualdomains shows domain.tld /var/qmail/control/locals shows only mail.domain.tld /var/qmail/control/defaultdomain only shows domain.tld What could be wrong, but most of all, why is the error occurring only rarely (but often enough to be annoying)? Thanks in advance for any answers you might be able to provide. Bogdan Motoc -- ------------------------------------------------------------ in...@zioni Interazioni di Antonio Nati http://www.interazioni.it to...@interazioni.it ------------------------------------------------------------ -- ------------------------------------------------------------ in...@zioni Interazioni di Antonio Nati http://www.interazioni.it to...@interazioni.it ------------------------------------------------------------ !DSPAM:4a9e91b632711488312672!
