vpopmail discussion

Allan Dukat | 17 Aug 2012 19:33

Picon

New server

Hi everyone 

I am about to migrate to a new netqmail-1.06 + chkuser-2.0.9release + 
dovecot-2.1.9 + ezmlm-idx-7.1.1 + httpd-2.4.2 + qmailadmin-1.2.16 + 
sqwebmail-5.5.3 + vpopmail-5.4.33 + vqadmin-2.3.7-server, which I have 
compiled, and is now testing. 

On my current server I am using the netqmail-1.05-validrcptto.cdb.patch
but I have decided to switch to chkuser.patch, so chkuser is new to me. 

I have trouble making chkuser behave as desired: 

When I send a mail to apache <at> domain.dk, which is present in /etc/passwd, I 
want chkuser to reject the mail at smtp-level, but it is accepted as seen 
here: 

/var/log/qmail/smtpd/current: 

 <at> 40000000502e3f3009a4be0c CHKUSER accepted sender: from 
<allan.dukat <at> otherdomain.dk::> remote <:mail3.otherdomail.dk> rcpt <> : 
sender accepted
 <at> 40000000502e3f3009a60244 CHKUSER accepted rcpt: from 
<allan.dukat <at> otherdomain.dk::> remote <:mail3.otherdomail.dk> rcpt 
<apache <at> domain.dk> : found existing recipient 

/var/log/mail.log: 

Aug 17 14:55:02 jmail qmail: 1345208102.166587 new msg 1573938
Aug 17 14:55:02 jmail qmail: 1345208102.166746 info msg 1573938: bytes 1532 
from <allan.dukat <at> otherdomain.dk> qp 1679 uid 1002

(Continue reading)

Eric Shubert | 18 Aug 2012 16:44

Re: New server

On 08/17/2012 10:33 AM, Allan Dukat wrote:
> Hi everyone
> I am about to migrate to a new netqmail-1.06 + chkuser-2.0.9release +
> dovecot-2.1.9 + ezmlm-idx-7.1.1 + httpd-2.4.2 + qmailadmin-1.2.16 +
> sqwebmail-5.5.3 + vpopmail-5.4.33 + vqadmin-2.3.7-server, which I have
> compiled, and is now testing.
> On my current server I am using the netqmail-1.05-validrcptto.cdb.patch
> but I have decided to switch to chkuser.patch, so chkuser is new to me.
> I have trouble making chkuser behave as desired:
> When I send a mail to apache <at> domain.dk, which is present in /etc/passwd,
> I want chkuser to reject the mail at smtp-level, but it is accepted as
> seen here:
> /var/log/qmail/smtpd/current:
>  <at> 40000000502e3f3009a4be0c CHKUSER accepted sender: from
> <allan.dukat <at> otherdomain.dk::> remote <:mail3.otherdomail.dk> rcpt <> :
> sender accepted
>  <at> 40000000502e3f3009a60244 CHKUSER accepted rcpt: from
> <allan.dukat <at> otherdomain.dk::> remote <:mail3.otherdomail.dk> rcpt
> <apache <at> domain.dk> : found existing recipient
> /var/log/mail.log:
> Aug 17 14:55:02 jmail qmail: 1345208102.166587 new msg 1573938
> Aug 17 14:55:02 jmail qmail: 1345208102.166746 info msg 1573938: bytes
> 1532 from <allan.dukat <at> otherdomain.dk> qp 1679 uid 1002
> Aug 17 14:55:02 jmail qmail: 1345208102.168480 starting delivery 11: msg
> 1573938 to local apache <at> domain.dk
> Aug 17 14:55:02 jmail qmail: 1345208102.168563 status: local 1/10 remote
> 0/20
> Aug 17 14:55:02 jmail qmail: 1345208102.171362 delivery 11: failure:
> Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/
> Aug 17 14:55:02 jmail qmail: 1345208102.171569 status: local 0/10 remote

(Continue reading)

Allan Dukat | 20 Aug 2012 14:26

Picon

Re: New server

Eric Shubert skriver: 

> Hey Allan.

Hey Eric 

Thanks for your reply. 

[Snip] 

> The server you've built is fairly close to a qmail-toaster
> (http://wiki.qmailtoaster.com). As the project leader there, I'm curious
> to know why you didn't choose to go that route. We aim to make QMT easy to
> build and suitable for as many situations as we can. Care to comment?

I use Ubuntu Server for this project, as for most others in the company, and
I want to have as much control of the application as possible, and I want to
migrate to the new server whith as few changes as possible, so I concluded
that the best way was to follow the procedure i used for the current
production server, which was inspired by http://www.lifewithqmail.org/ 

> Oh, and one more thing. You really should consider using spamdyke
> (http://spamdyke.org). It's the single most effective spam fighting tool
> available, and it only works with qmail (at this time).

I use an other company product as a spam firewall in front of my server. 

Kind regards 

Allan Dukat

(Continue reading)

Eric Shubert | 20 Aug 2012 16:44

Re: New server

On 08/20/2012 05:26 AM, Allan Dukat wrote:
> I use Ubuntu Server for this project, as for most others in the company,
> and
> I want to have as much control of the application as possible, and I
> want to
> migrate to the new server whith as few changes as possible, so I concluded
> that the best way was to follow the procedure i used for the current
> production server, which was inspired by http://www.lifewithqmail.org/

QMT is a descendant of lifewithqmail as well. QMT is an offshoot of 
qmailrocks, which is an offshoot of LWQ. So they have strong 
similarities, although LWQ and QMR are no longer active projects TTBOMK.

Unfortunately, QMT hasn't been ported to .deb based systems yet (rpm 
platforms only). We hope to do this in the future though, as we're in 
the process of moving sources to Github, and plan to build binary 
packages using the openSUSE Build Service, which will allow us to build 
binaries for all the major linux distros. We presently have a repository 
with 9 mirrors world wide provided by community members.

QMT has grown into a strong community project, and we welcome whoever 
would like to participate. People with qmail and debian based experience 
will be especially welcomed additions to the community at some point. 
Like I said though, we're not yet ready to be cranking out debian 
builds. When we are though, I'll try to remember to look you up.

Thanks Allan.

--

-- 
-Eric 'shubes'

(Continue reading)

Thibault Richard | 20 Aug 2012 17:04

RE: Re: New server

Hello,

>QMT is a descendant of lifewithqmail as well. QMT is an offshoot of
qmailrocks, which is an offshoot of LWQ. So they have strong similarities,
although >LWQ and QMR are no longer active projects TTBOMK.

QMR is not totally dead. 3 years ago, I've created the site
http://qmailrocks.thibs.com/ largely inspired by QMR but only with
instructions about Debian

Friendly Regards

Thibault 

!DSPAM:503251fb34212686318272!

Eric Shubert | 20 Aug 2012 18:34

Re: New server

On 08/20/2012 08:04 AM, Thibault Richard wrote:
> Hello,
>
>
>> QMT is a descendant of lifewithqmail as well. QMT is an offshoot of
> qmailrocks, which is an offshoot of LWQ. So they have strong similarities,
> although >LWQ and QMR are no longer active projects TTBOMK.
>
> QMR is not totally dead. 3 years ago, I've created the site
> http://qmailrocks.thibs.com/ largely inspired by QMR but only with
> instructions about Debian
>
> Friendly Regards
>
> Thibault
>

I'm glad to know that Thibault. I'm sure that your site will be an 
invaluable reference as QMT includes .deb.

Would you care to join us at QMT? We have a developers list that's low 
noise which I'd be glad to see you join.

Thanks.

--

-- 
-Eric 'shubes'

!DSPAM:5032673d34215775113463!

(Continue reading)

John M. Simpson | 19 Aug 2012 06:25

Re: New server

On 2012-08-17, at 13:33, Allan Dukat wrote:
> 
> On my current server I am using the netqmail-1.05-validrcptto.cdb.patch
> but I have decided to switch to chkuser.patch, so chkuser is new to me.

Is it okay for me (the author of the validrcptto.cdb code) to ask why you decided to switch?

--------------------------------------------------------
| John M. Simpson  --  KG4ZOW  --  Programmer At Large |
| http://www.jms1.net/                 <jms1 <at> jms1.net> |
--------------------------------------------------------

!DSPAM:50306ad934214591661863!

Allan Dukat | 20 Aug 2012 14:27

Picon

Re: New server

John M. Simpson skriver: 

> On 2012-08-17, at 13:33, Allan Dukat wrote:
> >
> > On my current server I am using the netqmail-1.05-validrcptto.cdb.patch
> > but I have decided to switch to chkuser.patch, so chkuser is new to me. 
>
> Is it okay for me (the author of the validrcptto.cdb code) to ask why you
> decided to switch?

Sure. It is not that I have had any problems whith your patches, which I
have used for years. 

But for a long time ago I made a note to my self, that chkuser was
recommended on this list, so I checked it up when I started the build of
this new server. 

I concluded that I did not need the pipe-watcher functionality if I used the
chkuser.patch, thus my system would be less complex. 

That's the only reason. 

Kind regards 

Allan Dukat

!DSPAM:50322d4334211847772022!

Tonix (Antonio Nati | 19 Aug 2012 11:38

Picon

Re: New server

chkuser does not check for local users when domain is defined into locals.
In such a case it simply accept any recipient for local domains. Reason 
is simple. For checking local domains users it should have root 
privileges, which is not wanted for a lot of reasons.

I suggest to abandon any local domain, and use only virtual domains.

You have to delete that domain from locals, and create it again as a 
normal virtual domain. In such a way you can have complete control using 
vpopmail.

I did in this way for any of my local domains, where a virtual domain 
has been created for each local domain, or a global alias has been 
defined to route local recipients to virtual users.

Regards,

Tonino

Il 17/08/2012 19:33, Allan Dukat ha scritto:
> Hi everyone
> I am about to migrate to a new netqmail-1.06 + chkuser-2.0.9release + 
> dovecot-2.1.9 + ezmlm-idx-7.1.1 + httpd-2.4.2 + qmailadmin-1.2.16 + 
> sqwebmail-5.5.3 + vpopmail-5.4.33 + vqadmin-2.3.7-server, which I have 
> compiled, and is now testing.
> On my current server I am using the netqmail-1.05-validrcptto.cdb.patch
> but I have decided to switch to chkuser.patch, so chkuser is new to me.
> I have trouble making chkuser behave as desired:
> When I send a mail to apache <at> domain.dk, which is present in 
> /etc/passwd, I want chkuser to reject the mail at smtp-level, but it

(Continue reading)

Allan Dukat | 20 Aug 2012 14:29

Picon

Re: New server

Tonix (Antonio Nati) skriver: 

> chkuser does not check for local users when domain is defined into locals.
> In such a case it simply accept any recipient for local domains. Reason is
> simple. For checking local domains users it should have root privileges,
> which is not wanted for a lot of reasons. 
>
> I suggest to abandon any local domain, and use only virtual domains. 
>
> You have to delete that domain from locals, and create it again as a
> normal virtual domain. In such a way you can have complete control using
> vpopmail. 
>
> I did in this way for any of my local domains, where a virtual domain has
> been created for each local domain, or a global alias has been defined to
> route local recipients to virtual users. 
>
> Regards, 
>
> Tonino

Thank you very much, for the answer, it clears things up. 

Kind regards 

Allan Dukat

!DSPAM:50322da734211017620695!

(Continue reading)

Return

Return to gmane.mail.vpopmail.

Advertisement

Search Archive

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane