View previous topic :: View next topic |
Author |
Message |
salk n00b
Joined: 05 Aug 2003 Posts: 37 Location: Johannesburg, South Africa
|
Posted: Tue Dec 30, 2003 6:06 am Post subject: |
|
|
The other option is to make use of the pop3d daemon that is now included in the qmail ebuild.
I have also got the login error with courier-imap and activated the pop3d from qmail and was sorted out.
I do not make use of IMAP atm ... so its easier for me to do it that way. _________________ Steven Mac Intyre
http://steven.macintyre.name |
|
Back to top |
|
|
salk n00b
Joined: 05 Aug 2003 Posts: 37 Location: Johannesburg, South Africa
|
Posted: Tue Dec 30, 2003 7:26 am Post subject: |
|
|
*had enough*
I have got everything up and actually running ... wow
I moved to qmail-pop3d because courier-imap was not authenticating ... I tried to login and got messages saying $HOME/Maildir did not exist.
I went into the run script for pop3d and changed .maildir to Maildir and it now logs in ...
I am firstly puzzled at why it logs in with steven and not steven@domain ... since its on a virtual setup.
BUT ... mail is not getting delivered to the Maildir in /var/vpopmail/domains/domain.net/steven/Maildir ... smtpd accepts the mail ... processes the queue ... but where does that mail go ?
The Maildir is a proper maildir created by vpopmail.
I have been through logs and all and cannot find any errors or notices that will have any impact on this.
Does anyone have any idea's ? _________________ Steven Mac Intyre
http://steven.macintyre.name |
|
Back to top |
|
|
Sh4d0w n00b
Joined: 26 Nov 2003 Posts: 28
|
Posted: Wed Dec 31, 2003 12:53 am Post subject: |
|
|
Good tutorial, thanks |
|
Back to top |
|
|
guitard00d Tux's lil' helper
Joined: 19 Dec 2003 Posts: 81 Location: Minatare, NE, USA, Earth
|
Posted: Fri Jan 02, 2004 8:11 pm Post subject: Re: clamav |
|
|
sabrex wrote: | Ritter wrote: | I cant seem to prove that the clamav is really doing anything, I can send myself all forms of the eicar test virus signature and always get:
<snip>
Any help figuring this out would be greatly appreciated. |
Go through step 5 again. I have made some changes recently that may accomplish this, although I haven't tested it much. Tell me if making those changes makes a difference. |
I'm noticing the same thing here, it looks like clamav is loading and running, but it's not detecting viruses. I have sent several known viruses to myself from a separate server and they get right through. When I look at the message header, I see this:
Received: from administrator@*****.biz by server1 by uid 201 with qmail-scanner-1.16
(clamscan: 0.60. Clear:.
Processed in 0.123831 secs); 02 Jan 2004 19:55:25 -0000
Looks like clamav is actually running and processing the messages, it's just not detecting viruses. _________________ I know you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant...
--Richard Nixon |
|
Back to top |
|
|
Gatak Apprentice
Joined: 04 Jan 2004 Posts: 174
|
Posted: Mon Jan 05, 2004 6:33 pm Post subject: Thanks for a great guide... |
|
|
EDIT: I found the problem with qmail-pop3d. I am now using courier-pop3d and courier-imapd and both work fine. There is still the question from below:
How do I enable "SMTP AUTH" so mobile users can still send mail out from the server and unknown users (everyone on internet) can still mail into the server?
When I try to do "SMTP AUTH" I get a error in /var/log/messages: Code: | vpopmail[4628]: vchkpw: password fail testuser (at) moment22.mine.nu:192.168.0.1 | This only seem to happen when I use anything but plain-text authentication. The Bat! that I test with tries first with CRAM-MD5 and that seem to fail.
Thanks again for a great guide. |
|
Back to top |
|
|
sabrex n00b
Joined: 28 Nov 2003 Posts: 45
|
Posted: Mon Jan 05, 2004 11:52 pm Post subject: Re: Thanks for a great guide... |
|
|
Gatak wrote: | How do I enable "SMTP AUTH" so mobile users can still send mail out from the server and unknown users (everyone on internet) can still mail into the server?
When I try to do "SMTP AUTH" I get a error in /var/log/messages: Code: | vpopmail[4628]: vchkpw: password fail testuser (at) moment22.mine.nu:192.168.0.1 | This only seem to happen when I use anything but plain-text authentication. The Bat! that I test with tries first with CRAM-MD5 and that seem to fail.
Thanks again for a great guide. |
Did you follow step 8? Activating smtp-auth is outlined in that step. |
|
Back to top |
|
|
Gatak Apprentice
Joined: 04 Jan 2004 Posts: 174
|
Posted: Mon Jan 05, 2004 11:56 pm Post subject: |
|
|
Yes I followed that step too...
Maybe I misunderstood something because plain-text SMTP AUTH works but not CRAM-MD5. |
|
Back to top |
|
|
sabrex n00b
Joined: 28 Nov 2003 Posts: 45
|
Posted: Tue Jan 06, 2004 4:38 am Post subject: |
|
|
Gatak wrote: | Yes I followed that step too...
Maybe I misunderstood something because plain-text SMTP AUTH works but not CRAM-MD5. |
I don't think vpopmail uses CRAM-MD5 for authentication. It uses something similar, but I'm not sure what it is. The only thing that (I know of) that can encrypt to and read from the vpopmail database is the vchkpw program ... I don't know how to get vchkpw to accept cram-md5 encrypted passwords. |
|
Back to top |
|
|
Gatak Apprentice
Joined: 04 Jan 2004 Posts: 174
|
Posted: Tue Jan 06, 2004 6:37 am Post subject: |
|
|
sabrex wrote: | I don't think vpopmail uses CRAM-MD5 for authentication. It uses something similar, but I'm not sure what it is. The only thing that (I know of) that can encrypt to and read from the vpopmail database is the vchkpw program ... I don't know how to get vchkpw to accept cram-md5 encrypted passwords. |
At least the plain text authentication with the clients work. Perhaps it is up to us to ask the developers of vpopmail or vchkpw to implement it?
I read in the docks that there is a checkpassword (cmd5checkpw) included in qmail that does support. This is from the /var/qmail/control/conf-smtpd Code: |
# This next block is for SMTP-AUTH
# This provides the LOGIN, PLAIN and CRAM-MD5 types
# the 'cmd5checkpw' used in $QMAIL_SMTP_AUTHCHECKPASSWORD supports CRAM-MD5
# and reads it's data from /etc/poppasswd
# see the manpage for cmd5checkpw for details on the passwords
# uncomment the next four lines to enable SMTP-AUTH
#QMAIL_SMTP_AUTHHOST=$(<${QMAIL_CONTROLDIR}/me)
#[ -z "${QMAIL_SMTP_POST}" ] && QMAIL_SMTP_POST=/bin/true
#QMAIL_SMTP_CHECKPASSWORD="/bin/cmd5checkpw"
#QMAIL_SMTP_POST="${QMAIL_SMTP_AUTHHOST} ${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}" |
Problem here is that it is not using vpopmail but /etc/poppasswd instead. Maybe it is possible to create some work around? |
|
Back to top |
|
|
zend Tux's lil' helper
Joined: 10 Apr 2002 Posts: 112 Location: Shanghai,China
|
Posted: Tue Jan 06, 2004 7:17 am Post subject: |
|
|
i can't see any code |
|
Back to top |
|
|
sabrex n00b
Joined: 28 Nov 2003 Posts: 45
|
Posted: Tue Jan 06, 2004 5:55 pm Post subject: |
|
|
Gatak wrote: | At least the plain text authentication with the clients work. Perhaps it is up to us to ask the developers of vpopmail or vchkpw to implement it?
I read in the docks that there is a checkpassword (cmd5checkpw) included in qmail that does support. This is from the /var/qmail/control/conf-smtpd Code: |
# This next block is for SMTP-AUTH
# This provides the LOGIN, PLAIN and CRAM-MD5 types
# the 'cmd5checkpw' used in $QMAIL_SMTP_AUTHCHECKPASSWORD supports CRAM-MD5
# and reads it's data from /etc/poppasswd
# see the manpage for cmd5checkpw for details on the passwords
# uncomment the next four lines to enable SMTP-AUTH
#QMAIL_SMTP_AUTHHOST=$(<${QMAIL_CONTROLDIR}/me)
#[ -z "${QMAIL_SMTP_POST}" ] && QMAIL_SMTP_POST=/bin/true
#QMAIL_SMTP_CHECKPASSWORD="/bin/cmd5checkpw"
#QMAIL_SMTP_POST="${QMAIL_SMTP_AUTHHOST} ${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}" |
Problem here is that it is not using vpopmail but /etc/poppasswd instead. Maybe it is possible to create some work around? |
Qmail itself supports cram-md5, as well as many other encryption methods ... you're right though, it is vpopmail that needs to handle the passwords, as the passwords are stored in the vpopmail mysql tables. However, those passwords are encrypted somehow. It looks like they are encrypted with CRAM-MD5, but they are not. I'm sure a workaround probably exists, but haven't really had the need (yet) to find one. Perhaps you will, and if you do, please post your results. |
|
Back to top |
|
|
dylanr n00b
Joined: 19 Nov 2003 Posts: 7
|
Posted: Wed Jan 07, 2004 8:52 pm Post subject: |
|
|
I'm also having the problem mentioned upthread with SA and Clam running but producing no results. All messages have this header:
Code: | X-Spam-Status: No, hits=0.0 required=4.0 |
Zero hits regardless of what's scanned, even blatant spam. The 4.0 score requirement is what I've set in /etc/mail/spamassassin/local.cf. That suggests to me that SA is running *and* reading the correct config file... it's just not scoring any spam. SA's local.cf file is set up exactly as the howto suggests and everything else is working just fine.
I'm not using vpopmail as I do smtp auth differently. If I understand correctly, this means that /etc/conf.d/spamd should be set up thus:
Code: | SPAMD_OPTS="-a -c -d -u qmailq -C /etc/mail/spamassassin/local.cf" |
BTW, I get the same score if I redirect a spam message to spamc:
Code: | # spamc -c < spammy_message
0.0/4.0 |
Am I missing something obvious?
Thanks for a great howto and TIA for any other help offered |
|
Back to top |
|
|
dylanr n00b
Joined: 19 Nov 2003 Posts: 7
|
Posted: Wed Jan 07, 2004 9:54 pm Post subject: |
|
|
dylanr wrote: | I'm also having the problem mentioned upthread with SA and Clam running but producing no results. All messages have this header:
Code: | X-Spam-Status: No, hits=0.0 required=4.0 |
|
I figured this out. For anyone else having this problem, the issue is that SA's rules are installed into /usr/share/spamassassin. Copy/move them to /etc/mail/spamassassin and all is well.
HTH |
|
Back to top |
|
|
ian! Bodhisattva
Joined: 25 Feb 2003 Posts: 3829 Location: Essen, Germany
|
Posted: Wed Jan 07, 2004 11:59 pm Post subject: |
|
|
Moved to 'Documentation, Tips & Tricks'. _________________ "To have a successful open source project, you need to be at least somewhat successful at getting along with people." -- Daniel Robbins |
|
Back to top |
|
|
sabrex n00b
Joined: 28 Nov 2003 Posts: 45
|
Posted: Fri Jan 09, 2004 2:36 am Post subject: Re: clamav |
|
|
guitard00d wrote: |
Looks like clamav is actually running and processing the messages, it's just not detecting viruses. |
It appears that you're both correct. clamav was not functioning, and after fiddling around with it, I could not get it to work. I instead switched to f-prot which worked immediately. Follow the updated steps 5 AND 6 again in that order (you must emerge qmail-scanner again for f-prot to work). You can also get rid of clamav for now until somebody figures out how to get it to work.
For reference, here are the old clamav instructions (step 5) ... REMEMBER, THESE INSTRUCTIONS DO NOT WORK, FOLLOW THE MAIN INSTRUCTIONS ON TOP OF THE THREAD:
5) install clamav and Mail-SpamAssassin. they must be running before installing qmail-scanner.
Code: | > emerge clamav Mail-SpamAssassin
> nano -w /etc/conf.d/spamd.conf
SPAMD_OPTS="-d -u vpopmail -v -x -C /etc/mail/spamassassin/local.cf"
> nano -w /etc/conf.d/clamd
START_CLAMD=yes
> nano -w /etc/clamav.conf
#Example (comment this line)
ScanMail (uncomment this line)
> rc-update add spamd default
> rc-update add clamd default
> /etc/init.d/spamd start
> /etc/init.d/clamd start
You'll want to set up a cron.daily job to update the clamav definitions automatically:
> nano -w /etc/cron.daily/virus-update.cron
#!/bin/bash
/usr/bin/freshclam --quiet
> chmod 755 /etc/cron.daily/virus-update.cron
> crontab -e
# min hour day month weekday command
0 1 * * * /etc/cron.daily/virus-update.cron
Now to set up spam processing rules:
> nano -w /etc/mail/spamassassin/local.cf
required_hits 5.0
rewrite_subject 1
subject_tag *****SPAM*****
report_safe 1
report_header 1
use_bayes 1
auto_learn 1
skip_rbl_checks 0
use_razor2 1
use_dcc 0
use_pyzor 1
ok_languages all
ok_locales all
|
|
|
Back to top |
|
|
wetkitty n00b
Joined: 26 Sep 2003 Posts: 16 Location: Baker City, OR
|
Posted: Fri Jan 09, 2004 11:03 pm Post subject: Great tutorial |
|
|
Thanks sabrex, this works just fine. I would like to add just a bit of info that took me several days of forum searching and googling to come up with.
I've added a mailfilter setup borrowed and modified from here:
https://forums.gentoo.org/viewtopic.php?t=109599
/var/vpopmail/domains/domain.com/.mailfilter
Code: | import EXT
import HOST
import HOME
SPAMBOX=".Trash"
VERBOSE=1
logfile "/var/log/maildrop-filter-log"
SHELL="/bin/sh"
VHOME=`/var/vpopmail/bin/vuserinfo -d $EXT@$HOST`
VDOMHOME=`/var/vpopmail/bin/vdominfo -d $HOST`
VPOP=`cat $VDOMHOME/.qmail-default`
#VPOP="$VHOME/Maildir/"
if (/^X-Spam-Status: Yes, hits=*!.* !.*/)
{
if ( $MATCH2 > 8 )
{
to /dev/null
}
}
if ((/^X-Spam-Status:.*YES/))
{
`test -d $VHOME/Maildir/.Trash`
if( $RETURNCODE == 1 )
{
`/usr/bin/maildirmake $VHOME/Maildir/.Trash;chown -R vpopmail.vpopmail $VHOME/Maildir/.Trash`
`echo "INBOX.Trash" >> $VHOME/Maildir/courierimapsubscribed`
}
to "$VHOME/Maildir/.Trash/"
}
to "$VHOME/Maildir/" |
and
/var/vpopmail/domains/domain.com/user/.qmail
Code: | | /var/qmail/bin/preline /usr/bin/maildrop /var/vpopmail/domains/domain.com/.mailfilter |
So, fetchmail pulls from their ISP provided POP3 accounts and runs it through my little server. Anything scoring above 3 gets moved to the Trash folder, anything scoring above 8 goes away . All clients run Thunderbird which tags any missed spam and moves it to the Junk folder ( I'm planning to set up a cron job to run sa learn against the Junk folders). The Trash folder is set to clear 3day and older email away thus keeping it from becoming a runaway and providing a place to check for false positives.
The particular reason I'm sharing this setup is this, Yes this is a very aggressive setup - most of the results I found while searching for this solution said the same thing "Don't delete anything" for the good reason of false positives. But, my customers want an aggressive setup, they don't know how the internet or messenging works and they don't care, they just want the spam to go away with as little effort as possible. Their ISP's are unable to (and rightly so) provide that, so I do.
Hopefully this is helpful and I'll add anything I can think off, again hats off to sabrex for the great how to.
ps. Clamav has been working fine and I followed your original instructions _________________ 2x Sony VAIO FX-215's w/Stage1 installs |
|
Back to top |
|
|
sabrex n00b
Joined: 28 Nov 2003 Posts: 45
|
Posted: Sat Jan 10, 2004 3:14 am Post subject: Re: Great tutorial |
|
|
Thank you very much, this mailfilter howto is very useful indeed. Have you figured out a way to automatically delete stuff from .Trash after it's been there for a while? A lot of my users are using regular pop3, and not imap, so they never even see the Trash folder. Would be nice if there was a way to automatically delete old stuff in that folder.
wetkitty wrote: | ps. Clamav has been working fine and I followed your original instructions |
Are you absolutely sure it's working? I thought it was too, until I tried to send myself a test virus. Get it from http://www.eicar.org/anti_virus_test_file.htm and then send it to one of your mail accounts. qmail-scanner should prevent the message from going through, and should send a response to the sender informing them of the infection. That didn't work with clamav, but works perfectly with f-prot. Let me know if the test still works with clam, I'd be interested in finding out why it works for you but not for so many others (including me).[/url] |
|
Back to top |
|
|
nianderson Guru
Joined: 06 May 2003 Posts: 369 Location: Lawrence, KS
|
Posted: Sat Jan 10, 2004 5:56 am Post subject: |
|
|
well when i goto http://domain.com/cgi-bin/qmailadmin i get
Code: |
file permission error /var/vpopmail/domains/domain.com/postmaster/Maildir/1073714040.qw
|
but when i goto that Maildir and ls i get just cur new and tmp ideas?
[edit]
on a side note i dont have any images on the login page either |
|
Back to top |
|
|
salk n00b
Joined: 05 Aug 2003 Posts: 37 Location: Johannesburg, South Africa
|
Posted: Sat Jan 10, 2004 6:32 am Post subject: |
|
|
Hi there,
Quote: | well when i goto http://domain.com/cgi-bin/qmailadmin i get
Code:
file permission error /var/vpopmail/domains/domain.com/postmaster/Maildir/1073714040.qw
but when i goto that Maildir and ls i get just cur new and tmp ideas?
|
I had exactly the same error. All I did was delete the qmailadmin binary from my cgi-bin and re install qmail admin. <-- sorted me out
Quote: | [edit]
on a side note i dont have any images on the login page either |
Did you make sure your paths to your htdocsdir are absolutly correct ? You did install qmailadmin as root ? _________________ Steven Mac Intyre
http://steven.macintyre.name |
|
Back to top |
|
|
destr0yr Tux's lil' helper
Joined: 29 Nov 2003 Posts: 80 Location: Kelowna, BC.
|
Posted: Sat Jan 10, 2004 7:11 am Post subject: |
|
|
salk wrote: | Hi there,
I had exactly the same error. All I did was delete the qmailadmin binary from my cgi-bin and re install qmail admin. <-- sorted me out |
by reinstall do you mean from the inter7 tar or re-emerged?
i tried emerge -C qmailadmin, followed by emerge /usr/portage/net-mail-qmailadmin/qmailadmin-1.2.0_rc2.ebuild and get that error "file permission error /var/vpopmail/domains/destr0yr.com/postmaster/Maildir/1073718800.qw"
suggestions?
Quote: | [edit]
on a side note i dont have any images on the login page either |
Did you make sure your paths to your htdocsdir are absolutly correct ? You did install qmailadmin as root ?[/quote]
He may have virtualhosts setup... in which he'll have to create an Alias in his commonapache2.conf... maybe like so:
Code: |
Alias /qmailadmin /var/www/localhost/htdocs/qmailadmin
|
|
|
Back to top |
|
|
nianderson Guru
Joined: 06 May 2003 Posts: 369 Location: Lawrence, KS
|
Posted: Sat Jan 10, 2004 7:18 am Post subject: |
|
|
i am using virtual hosts odly on an old instilation with a similar config it seemed to work out ok. ill alais the qmail dir and report back in a few
[edit]
btw i was not using emerge to install qmailadmin i did it exactly as in the stepbystep
i added an alias line but same results here is my vhost container
<VirtualHost *:80>
ServerName mailadmin.nanderson.com
DocumentRoot /var/www/nanderson.com
<Directory "/var/www/nanderson.com/">
Options Indexes FollowSymLinks MultiViews ExecCGI Includes
AddHandler cgi-script .cgi
DirectoryIndex index.html index.htm index.cgi index.php index.pl
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
ScriptAlias /cgi-bin/ /var/www/nanderson.com/cgi-bin/
Alias /qmailadmin /var/www/nanderson.com/htdocs/qmailadmin
</VirtualHost> |
|
Back to top |
|
|
destr0yr Tux's lil' helper
Joined: 29 Nov 2003 Posts: 80 Location: Kelowna, BC.
|
Posted: Sat Jan 10, 2004 11:27 am Post subject: |
|
|
anybody got this working with relay-ctrl? |
|
Back to top |
|
|
nianderson Guru
Joined: 06 May 2003 Posts: 369 Location: Lawrence, KS
|
Posted: Sat Jan 10, 2004 4:41 pm Post subject: |
|
|
this morning it hit me that i had installed the unstable vpopmail so i unmerged it and merged 5.2.1-r9
replaced /etc/vpopmail.conf and edited it accordingly
now i no longer get the error i was getting ut after adding a domain when i tryt o use qmailadming to loginto it it says invalid login. and i still dont have graphics so i dunno whats goin on now
[edit]
just noticed that vchkpw isnt in my path .... most of the vpopmail bins arnt they are in /var/vpopmail was that supposed to be added to my path and it was just overlooked?? |
|
Back to top |
|
|
Diggs Apprentice
Joined: 07 Oct 2003 Posts: 239 Location: LoSt In NeT SpAcE
|
Posted: Sun Jan 11, 2004 2:59 am Post subject: |
|
|
I have problems on login with all and i dont'know why (I followed completely the tutorial).
These are my confs:
/etc/hosts
Code: |
127.0.0.1 localhost.daemon localhost
192.168.1.1 gateway.daemon gateway
192.168.1.2 pc-01.daemon pc-01
192.168.1.3 pc-02.daemon pc-02
|
N.B: 192.168.1.1 is eth1 on internal lan, 192.168.1.2 and 192.168.1.3 are are others pc on internal lan
I have dynamic ip and vhost "gentoo.servebeer.com" from www.no-ip.com to the same ip.
I set the value localhost on /var/qmail/control/conf-smtpd = QMAIL_SMTP_POST="localhost /var/vpopmail/bin/vchkpw /bin/true".
I set always value "localhost" for squirrelmail's config.
I added "gentoo.servebeer.com" as virtual domain on vpopmail.
Result: I can't login, any connection is reject both imapd and qmailadmin.
Can someone tell me where i wrong?
Your sincerely,
Leonardo _________________ IRCNET NICK: diggs on IRCNET
http://leonardo.netsons.org/
Gioca a Tremulous! Player [!!!] Diggs [ITA] |
|
Back to top |
|
|
nianderson Guru
Joined: 06 May 2003 Posts: 369 Location: Lawrence, KS
|
Posted: Mon Jan 12, 2004 4:18 am Post subject: |
|
|
well irestarted from scratch only to get back to where i was before ... no graphics and says invalid login
ive got no clue what is wrong anyone have any ideas? |
|
Back to top |
|
|
|