Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
HOWTO: qmail vpopmail courier-imap qmail-scanner etc (NEW)
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3 ... 5, 6, 7 ... 23, 24, 25  Next  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
Crymson
Apprentice
Apprentice


Joined: 21 Mar 2004
Posts: 200
Location: Flagstaff, AZ

PostPosted: Thu Jun 03, 2004 10:00 pm    Post subject: Reply with quote

Ok, here's an error log from the person I had testing this out.

To begin, here's my tcp.smtp file:
Code:

127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
:allow
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
192.168.1.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
68.xxx.69.xxx:allow,REPLAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue.pl"

The last line in the above is the IP for the computer trying to send mail through me.

Per your instructions, I ran the tcprules command, even rebooted the machine.

Now on to his error: (Names have been changed, and IPs have been edited)

Code:

name@trogdor src $ telnet mail.****.org 25
Trying xx.121.xx.160...
Connected to mail.****.org.
Escape character is '^]'.
220 enterprise.****.org ESMTP
helo 68.xxx.69.xxx
250 enterprise.****.org
user temp1234@****.org
502 unimplemented (#5.5.1)
passwd temp1234
502 unimplemented (#5.5.1)
mail from: XXX.YYY@68.xxx.69.xxx
250 ok
mail to: crymson@syscraft.org
250 ok
data
503 RCPT first (#5.5.1)
rcpt to: crymson@syscraft.org
553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
mail from: XXX.YYY@68.xxx.69.xxx
250 ok
rcpt to: crymson@syscraft.org
553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
quit
221 enterprise.****.org
Connection closed by foreign host.


No user/passwd stuff is implemented? Obviously, the standard 553 error is in there, when he tries to give it a rcpt- so where does the smtp-auth come in? Since he couldn't indentify himself, shouldn't the server have let him send mail anyway, since he's on the relay list?

I'm not really sure what to make of this. If there's something else I need to post/do, please let me know, I'll be happy to do it.

Thanks!!
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 500
Location: Oslo, Norway

PostPosted: Fri Jun 04, 2004 12:20 pm    Post subject: Reply with quote

Does it matter if the line
:allow

is on to or bottom of the /etc/tcp.smtp file?

Sorry I don't have a lot of ideas of what's gone worng for you. But I'm sure I've never seen the :allow in the middle of the file before.
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 500
Location: Oslo, Norway

PostPosted: Fri Jun 04, 2004 1:04 pm    Post subject: Reply with quote

Now I'm fucked!

For some reason mail is nolonger delivered into the mailboxes.
It's been working great for the past 2 weeks. All of a sudden it stopped.

All I've done with the system today is to install NTP.

I can see in the log that incomming mails are checked by clamav and spamd, but then they disapare!

Any ideas of where to start debugging?
Back to top
View user's profile Send private message
Crymson
Apprentice
Apprentice


Joined: 21 Mar 2004
Posts: 200
Location: Flagstaff, AZ

PostPosted: Fri Jun 04, 2004 11:17 pm    Post subject: Reply with quote

I took out the :allow line that was just sitting there- didn't seem to do anything.

I suppose the problem could be in /var/qmail/control/conf-smtpd - the HOWTO isn't very explicit on what it should look like. There are several QMAIL_SMTP_POST lines. There's one at the beginning, there's two in the section you're supposed to uncomment at the bottom to enable SMTP-AUTH.

Maybe someone who has this working could post their conf-smtpd file?
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil
Back to top
View user's profile Send private message
nuxman
n00b
n00b


Joined: 04 Feb 2004
Posts: 17
Location: Porto Velho/Brasil

PostPosted: Fri Jun 04, 2004 11:40 pm    Post subject: i have the same problem? Reply with quote

ARC2300 wrote:
Okay, I've read this and read the old guide, and have a working mail server.

The only problem being, though, that to log in (with SquirrelMail or remotely from something like thunderbird), I have to login as user@domain.net. Why?


how to change this??
Back to top
View user's profile Send private message
Crymson
Apprentice
Apprentice


Joined: 21 Mar 2004
Posts: 200
Location: Flagstaff, AZ

PostPosted: Fri Jun 04, 2004 11:42 pm    Post subject: Re: i have the same problem? Reply with quote

nuxman wrote:
ARC2300 wrote:
Okay, I've read this and read the old guide, and have a working mail server.

The only problem being, though, that to log in (with SquirrelMail or remotely from something like thunderbird), I have to login as user@domain.net. Why?


how to change this??


Your guess is as good as ours- if you read the previous pages, you'll know that Ryker and I are both trying to figure out why this is the case, and that we still don't have an answer.
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil
Back to top
View user's profile Send private message
nuxman
n00b
n00b


Joined: 04 Feb 2004
Posts: 17
Location: Porto Velho/Brasil

PostPosted: Sat Jun 05, 2004 12:07 am    Post subject: Re: i have the same problem? Reply with quote

Crymson wrote:
nuxman wrote:
ARC2300 wrote:
Okay, I've read this and read the old guide, and have a working mail server.

The only problem being, though, that to log in (with SquirrelMail or remotely from something like thunderbird), I have to login as user@domain.net. Why?


how to change this??


Your guess is as good as ours- if you read the previous pages, you'll know that Ryker and I are both trying to figure out why this is the case, and that we still don't have an answer.


maybe i know, the squirrelmail has a file redirect.php, in this file change a line 98 $username = $login_username; for $username = $login_username . "@yourdomain.com"; maybe work
Back to top
View user's profile Send private message
Crymson
Apprentice
Apprentice


Joined: 21 Mar 2004
Posts: 200
Location: Flagstaff, AZ

PostPosted: Sat Jun 05, 2004 12:12 am    Post subject: Reply with quote

That may work in squirrelmail, but it won't for any other mail client. It would be a setting in courier, or qmail I'd guess. Maybe even vpopmail. I've seen some stuff about "default domain" - but I haven't been able to figure out how to set it.

All in all, it's a small problem.
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil
Back to top
View user's profile Send private message
nuxman
n00b
n00b


Joined: 04 Feb 2004
Posts: 17
Location: Porto Velho/Brasil

PostPosted: Sat Jun 05, 2004 12:53 am    Post subject: Reply with quote

Crymson wrote:
That may work in squirrelmail, but it won't for any other mail client. It would be a setting in courier, or qmail I'd guess. Maybe even vpopmail. I've seen some stuff about "default domain" - but I haven't been able to figure out how to set it.

All in all, it's a small problem.


Yes my squirrelmail is work fine ...
change this line 81 in redirect.php for imapd connection
Quote:
$imapConnection = sqimap_login($login_username."@yourdomain.com", $key, $imapServerAddress, $imapPort, 0);

change this line 90 for
Quote:
$username = $login_username. "@yourdomain.com";


vhost for all clients.. work is fine :-)
[/quote]
Back to top
View user's profile Send private message
Crymson
Apprentice
Apprentice


Joined: 21 Mar 2004
Posts: 200
Location: Flagstaff, AZ

PostPosted: Sat Jun 05, 2004 12:56 am    Post subject: Reply with quote

You're saying that now you can use ANY client (not just squirrelmail) and only supply the user, instead of user@host.com for login, and it works?? Wow, who knew?
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil
Back to top
View user's profile Send private message
nuxman
n00b
n00b


Joined: 04 Feb 2004
Posts: 17
Location: Porto Velho/Brasil

PostPosted: Sat Jun 05, 2004 12:59 am    Post subject: Reply with quote

Crymson wrote:
You're saying that now you can use ANY client (not just squirrelmail) and only supply the user, instead of user@host.com for login, and it works?? Wow, who knew?


no i say work is fine only imapd :-)
Back to top
View user's profile Send private message
Crymson
Apprentice
Apprentice


Joined: 21 Mar 2004
Posts: 200
Location: Flagstaff, AZ

PostPosted: Sat Jun 05, 2004 1:04 am    Post subject: Reply with quote

nuxman wrote:
no i say work is fine only imapd :-)


If you can get this working for pop3d as well, then I'll join in on the merryment.
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil
Back to top
View user's profile Send private message
Crymson
Apprentice
Apprentice


Joined: 21 Mar 2004
Posts: 200
Location: Flagstaff, AZ

PostPosted: Sat Jun 05, 2004 1:31 am    Post subject: Reply with quote

HOO-RAH! I found the problem with smtp-auth. Sabrex was half-right. SMTP-AUTH *was* working, kinda. As it turns out, with the newest release of vpopmail (5.4.0) which he has us install in this HOWTO, plain, and login authentication is supported. CRAM-MD5 is *NOT*. The only reason I'm having a problem, and noone else seems to be, is because Eudora (my fav winbloz client) uses CRAM-MD5 for authentication. Many of the program for linux use LOGIN. After searching the inter7 website for hours on end, I found this:

inter7.com wrote:
IF USING SMTP AUTH PATCH TO QMAIL-SMTPD

* This release of vpopmail includes fixes for vchkpw that may break
certain SMTP AUTH implementations. If SMTP AUTH fails after
installing vpopmail 5.4.x, you may need to use the
qmail-smtpd-auth-0.4.2 patch included in the contrib directory.

* If you do switch to the 0.4.2 SMTP AUTH patch, you may need to update
your qmail-smtpd run file (the first parameter to qmail-smtpd should
now be the path to vchkpw and not the hostname).


Now, the said patch file is where the guy said it should be, but I have *NO* clue how to install it. In fact, I believe there's a newer version. 0.4.3 now- at least according to http://www.fehcom.de/qmail/smtpauth.html

So here's my question, since I've been brought up the craptastic world of windows. How the hell do I install this patch? It's talking about re-making qmail. Since I used the ebuild, is this even possible?

Maybe someone with lots of smarts can educate me on how to install this patch, which would allow CRAM-MD5 auth to work with the current ver of vpopmail.

TIA
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil
Back to top
View user's profile Send private message
Crymson
Apprentice
Apprentice


Joined: 21 Mar 2004
Posts: 200
Location: Flagstaff, AZ

PostPosted: Sat Jun 05, 2004 11:56 pm    Post subject: Reply with quote

This is utterly stupid. I haven't been able to patch qmail, since the patch screws up the ebuild, and you can't even get a make install to work.

So, I tried turning off CRAM-MD5 authentication on the Eudora side, and then the log shows two errors that I can't readily explain, maybe someone else can:

Code:

Jun 5 15:34:33 enterprise vpopmail[7717]: vchkpw-smtp: (PLAIN) login success crymson@mydomain.org:192.168.1.1
Jun 5 15:34:33 enterprise vpopmail[7717]: vchkpw-smtp: null user name given :192.168.1.1


And then it gives me the typical 553 error, because I didn't auth properly. First I do, then it tries again, with a null user name?

I'm getting really pissed off here. Maybe someone should add in the vchkpw patch to vpopmail 5.4.0 ebuild so those of us who use CRAM-MD5 for auth can actually USE this. No offense Sabrex, but this is turning in to a nightmare.
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 500
Location: Oslo, Norway

PostPosted: Mon Jun 07, 2004 9:20 am    Post subject: Reply with quote

The last incomming mail to my server last friday came at 9.01am. At 9.17am I started ntp-client and ntpd for the first time. After that all incomming mail got deleted. From the log I could see incomming mail go through spamassassin before disaparing.
Stopping ntp and rebooting did not help.
I reemerged qmail and vpopmail, but still it didn't help.

Finally I unemerged all packages emerged in this guide, and emerged them all over. Now incomming mail works again. I have no clue what happened, but it must have something to do with ntp.

I'm not going to start ntp again before I have a complete system backup.


Anyone else got any experience with using NTP with the mailsystem in this guide?
Back to top
View user's profile Send private message
phaidros
n00b
n00b


Joined: 27 Jul 2003
Posts: 26
Location: germany

PostPosted: Mon Jun 07, 2004 10:29 am    Post subject: Re: HOWTO: qmail vpopmail courier-imap qmail-scanner etc (NE Reply with quote

first of all thanx very much for that nice HOWTO.

Its all running fine for me, except using an remote smtp for delivery.
adding my smtpserver into /var/qmail/control/smtproutes [as recommended by documentation]

:mail.domain.tld

I get in the logs:

[..]
@4000000040c4514d1e0d2b2c status: local 0/10 remote 1/20
@4000000040c4514d1e0d2f14 end msg 767803
@4000000040c4514d1e2961d4 delivery 2: deferral: Unable_to_read_control_files._(#4.3.0)/
[..]

same result when I replace servername by ip ..
any suggestions?
Back to top
View user's profile Send private message
blubbi
Guru
Guru


Joined: 27 Apr 2003
Posts: 555
Location: Halle (Saale), Germany

PostPosted: Tue Jun 08, 2004 11:00 am    Post subject: Reply with quote

checked the propper permissions on the file?

Code:
chmod 644 /var/qmail/control/smtproutes

_________________
-->Please add [solved] to the initial post's subject line if you feel your problem is resolved.
-->Help answer the unanswered

http://olausson.de
Back to top
View user's profile Send private message
blubbi
Guru
Guru


Joined: 27 Apr 2003
Posts: 555
Location: Halle (Saale), Germany

PostPosted: Tue Jun 08, 2004 11:07 am    Post subject: Reply with quote

Crymson wrote:
You're saying that now you can use ANY client (not just squirrelmail) and only supply the user, instead of user@host.com for login, and it works?? Wow, who knew?


I recommend to install the vlogin plugin its really coooool

Try this out. You'll find this plugin on the squirrelmail hompage.
_________________
-->Please add [solved] to the initial post's subject line if you feel your problem is resolved.
-->Help answer the unanswered

http://olausson.de
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 500
Location: Oslo, Norway

PostPosted: Wed Jun 09, 2004 9:11 am    Post subject: Reply with quote

Where's a list of stuff I'd like to change on my system. If anyone knows how to do any of these, please let me know.

1) Disable spamcheck of outgoing mail sent from foreign ip adresses. (Sender authorized by smpt-auth)

2) Mail sent to a non-existing-user@mydomain should bounce without any spam or viruscheck - unless the return adress is postmaster@anydomain or some-deamon@anydomain.

3) If the server receives several mails to random-non-existing-users@mydomain within a timeframe - just drop them. (Don't waste resources on bouncing or spam / virus check.)

4) This guide installs a spamfilter capable of learning what is and what is not spam. How to teach it? Which IMAP clients provide the user with a 'this is spam' button that teaches the server? (Most of them just teach a local filter on the clientside)

5) Why did the server start to drop all incomming mail (after spamcheck)after I ran ntpd? (Stoping ntpd didn't make it stop droping mail.)


Think that was all for now.
Back to top
View user's profile Send private message
darkcoder
Apprentice
Apprentice


Joined: 09 May 2003
Posts: 253
Location: Lynchburg, VA

PostPosted: Wed Jun 09, 2004 9:49 pm    Post subject: Reply with quote

image wrote:
Quote:
"setuidgid qmaild "/var/qmail/bin/qmail-scanner-queue.pl -g"


i think it would be better to do the following (also, the quotes were kinda messed up):
Code:

#recursively change the owner of the directory
chown qmaild:nofiles -R /var/spool/qmailscan

#set original permissions on symlinked viruslog
chown root:root /var/spool/qmailscan/viruses.log



After I do that, on the next step
Code:
#setuidgid qmaild "/var/qmail/bin/qmail-scanner-queue.pl" -z

I got this
Code:
cannot write to /var/spool/qmailscan/qmail-scanner-queue-version.txt - Permission denied at /var/qmail/bin/qmail-scanner-queue.pl line 1193.

_________________
Not bleeding edge.... No pain no game :twisted:
Back to top
View user's profile Send private message
darkcoder
Apprentice
Apprentice


Joined: 09 May 2003
Posts: 253
Location: Lynchburg, VA

PostPosted: Thu Jun 10, 2004 8:07 pm    Post subject: Reply with quote

Excellent guide. Everything is working now. But there are some steps that should be included / or modified.

1. the SOFTLIMIT_OPTS value in /var/qmail/control/conf-common must be increased to 10MB at least for this setup of f-prot/spamassassin or the qmail-scanner will fail with the error:
Code:
X-Qmail-Scanner-1.16: cannot open  /var/spool/qmailscan/quarantine-attachments - No such file or directory

2. the spamassassin options described on one of the first post, if use the options described in the guide, qmail-scanner will not find spamassassin.

But otherwise, excellent guide.
_________________
Not bleeding edge.... No pain no game :twisted:
Back to top
View user's profile Send private message
darkcoder
Apprentice
Apprentice


Joined: 09 May 2003
Posts: 253
Location: Lynchburg, VA

PostPosted: Thu Jun 10, 2004 8:14 pm    Post subject: Reply with quote

I have one question. Qmail-scanner is filtering my mails, and send the emails infected back to the sender, which are received normally, but in addition also I got an email error from postmaster with this text:
Code:
Subject: failure notice
                                                                               
Hi. This is the qmail-send program at pop.mydomain.net.
I tried to deliver a bounce message to this address, but the bounce bounced!
                                                                               
<root@localhost.mydomain.net>:
Sorry, I couldn't find any host named localhost.mydomain.net. (#5.1.2)


The body is the same rejected notice that was send to the sender's email address.

Since I am receiving the notice on my sender's account, why I´m getting this error here?
_________________
Not bleeding edge.... No pain no game :twisted:
Back to top
View user's profile Send private message
darkcoder
Apprentice
Apprentice


Joined: 09 May 2003
Posts: 253
Location: Lynchburg, VA

PostPosted: Thu Jun 10, 2004 8:20 pm    Post subject: Reply with quote

There is safe to do a cron job that calls a script to erase contents of the subfolders under quarantine folder (the email copies only)?
_________________
Not bleeding edge.... No pain no game :twisted:
Back to top
View user's profile Send private message
Crymson
Apprentice
Apprentice


Joined: 21 Mar 2004
Posts: 200
Location: Flagstaff, AZ

PostPosted: Fri Jun 11, 2004 12:15 am    Post subject: Reply with quote

darkcoder wrote:
There is safe to do a cron job that calls a script to erase contents of the subfolders under quarantine folder (the email copies only)?


Not sure what you mean here- if you mean Is there a safe way, then I would think so. Set up a normal cron job to empty out that folder. Depending on the permissions of the contents of that folder, the job may have to run as root, but I could be mistaken (don't have that problem myself)

Keep in mind though, whatever you erase, is gone for good. Don't erase your inbox on accident!
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil
Back to top
View user's profile Send private message
darkcoder
Apprentice
Apprentice


Joined: 09 May 2003
Posts: 253
Location: Lynchburg, VA

PostPosted: Fri Jun 11, 2004 12:18 am    Post subject: Reply with quote

No is not the inbox, its a place qmail-scanner use to store copies of the mails that it found infected. So I think it should be a good idea to create a cron job to erase the contents of those folders, i.e. the contents of /var/spool/qmailscan/quarantine/new that right now with my tests there are aprox. 15 emails stored.
_________________
Not bleeding edge.... No pain no game :twisted:
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page Previous  1, 2, 3 ... 5, 6, 7 ... 23, 24, 25  Next
Page 6 of 25

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum