chkuser does not check for local users when domain is defined into locals.
In such a case it simply accept any recipient for local domains. Reason is simple. For checking local domains users it should have root privileges, which is not wanted for a lot of reasons.


I suggest to abandon any local domain, and use only virtual domains.

You have to delete that domain from locals, and create it again as a normal virtual domain. In such a way you can have complete control using vpopmail.

I did in this way for any of my local domains, where a virtual domain has been created for each local domain, or a global alias has been defined to route local recipients to virtual users.

Regards,

Tonino

Il 17/08/2012 19:33, Allan Dukat ha scritto:
Hi everyone
I am about to migrate to a new netqmail-1.06 + chkuser-2.0.9release + dovecot-2.1.9 + ezmlm-idx-7.1.1 + httpd-2.4.2 + qmailadmin-1.2.16 + sqwebmail-5.5.3 + vpopmail-5.4.33 + vqadmin-2.3.7-server, which I have compiled, and is now testing.
On my current server I am using the netqmail-1.05-validrcptto.cdb.patch
but I have decided to switch to chkuser.patch, so chkuser is new to me.
I have trouble making chkuser behave as desired:
When I send a mail to apa...@domain.dk, which is present in /etc/passwd, I want chkuser to reject the mail at smtp-level, but it is accepted as seen here:
/var/log/qmail/smtpd/current:
@40000000502e3f3009a4be0c CHKUSER accepted sender: from <allan.du...@otherdomain.dk::> remote <:mail3.otherdomail.dk> rcpt <> : sender accepted @40000000502e3f3009a60244 CHKUSER accepted rcpt: from <allan.du...@otherdomain.dk::> remote <:mail3.otherdomail.dk> rcpt <apa...@domain.dk> : found existing recipient
/var/log/mail.log:
Aug 17 14:55:02 jmail qmail: 1345208102.166587 new msg 1573938
Aug 17 14:55:02 jmail qmail: 1345208102.166746 info msg 1573938: bytes 1532 from <allan.du...@otherdomain.dk> qp 1679 uid 1002 Aug 17 14:55:02 jmail qmail: 1345208102.168480 starting delivery 11: msg 1573938 to local apa...@domain.dk Aug 17 14:55:02 jmail qmail: 1345208102.168563 status: local 1/10 remote 0/20 Aug 17 14:55:02 jmail qmail: 1345208102.171362 delivery 11: failure: Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/ Aug 17 14:55:02 jmail qmail: 1345208102.171569 status: local 0/10 remote 0/20
Aug 17 14:55:02 jmail qmail: 1345208102.177127 bounce msg 1573938 qp 1682
Aug 17 14:55:02 jmail qmail: 1345208102.177233 end msg 1573938
$ grep ^# chkuser_settings.h
#define CHKUSER_VPOPMAIL
#define CHKUSER_DOMAIN_WANTED
#define CHKUSER_ENABLE_USERS
#define CHKUSER_ENABLE_ALIAS
#define CHKUSER_EZMLM_DASH '-'
#define CHKUSER_BOUNCE_STRING "bounce-no-mailbox"
#define CHKUSER_ENABLE_LOGGING
#define CHKUSER_LOG_VALID_RCPT
#define CHKUSER_MIN_DOMAIN_LEN 4
#define CHKUSER_LOG_VALID_SENDER
#define CHKUSER_RCPT_LIMIT_VARIABLE "CHKUSER_RCPTLIMIT"
#define CHKUSER_WRONGRCPT_LIMIT_VARIABLE "CHKUSER_WRONGRCPTLIMIT"
#define CHKUSER_MBXQUOTA_VARIABLE "CHKUSER_MBXQUOTA"
#define CHKUSER_ERROR_DELAY 1000
#define CHKUSER_RCPT_DELAY_ANYERROR
#define CHKUSER_SENDER_DELAY_ANYERROR
#define CHKUSER_ENABLE_EZMLM_LISTS
#define CHKUSER_IDENTIFY_REMOTE_VARIABLE "CHKUSER_IDENTIFY"
#define CHKUSER_USERS_DASH '-'
#define CHKUSER_MAILMAN_STRING "mailman"
#define CHKUSER_MAILMAN_DASH '-'
#define CHKUSER_DB_CLEANUP
#define CHKUSER_ERROR_DELAY_INCREASE 300
#define CHKUSER_NORCPT_STRING "550 5.1.1 sorry, no mailbox here by that name (chkuser)\r\n" #define CHKUSER_RESOURCE_STRING "451 4.3.0 system temporary unavailable, try again later (chkuser)\r\n" #define CHKUSER_MBXFULL_STRING "552 5.2.2 sorry, recipient mailbox is full (chkuser)\r\n" #define CHKUSER_MAXRCPT_STRING "550 5.5.3 sorry, reached maximum number of recipients allowed in one session (chkuser)\r\n" #define CHKUSER_MAXWRONGRCPT_STRING "550 5.5.3 sorry, you are violating our security policies (chkuser)\r\n" #define CHKUSER_DOMAINMISSING_STRING "550 5.1.2 sorry, you must specify a domain (chkuser)\r\n" #define CHKUSER_RCPTFORMAT_STRING "553 5.1.3 sorry, mailbox syntax not allowed (chkuser)\r\n" #define CHKUSER_RCPTMX_STRING "550 5.1.2 sorry, can't find a valid MX for rcpt domain (chkuser)\r\n" #define CHKUSER_SENDERFORMAT_STRING "553 5.1.7 sorry, mailbox syntax not allowed (chkuser)\r\n" #define CHKUSER_SENDERMX_STRING "550 5.1.8 sorry, can't find a valid MX for sender domain (chkuser)\r\n" #define CHKUSER_INTRUSIONTHRESHOLD_STRING "550 5.7.1 sorry, you are violating our security policies (chkuser)\r\n" #define CHKUSER_NORELAY_STRING "553 5.7.1 sorry, that domain isn't in my list of allowed rcpthosts (chkuser)\r\n" #define CHKUSER_RCPTMX_TMP_STRING "451 4.4.0 DNS temporary failure (chkuser)\r\n" #define CHKUSER_SENDERMX_TMP_STRING "451 4.4.0 DNS temporary failure (chkuser)\r\n" #define CHKUSER_MUSTAUTH_STRING "530 5.7.0 Authentication required (chkuser)\r\n"
#define CHKUSER_ENABLE_DOUBLEBOUNCE_VARIABLE "CHKUSER_DOUBLEBOUNCE"
I have googled for an hour, and not found anything relevant, so please help.
Thanks in advance
Kind regards
Allan Dukat






--
------------------------------------------------------------
        Inter@zioni            Interazioni di Antonio Nati
   http://www.interazioni.it      to...@interazioni.it
------------------------------------------------------------


!DSPAM:5030b3bf34215279020957!

Reply via email to