Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
HOWTO: qmail vpopmail courier-imap qmail-scanner (02/2007)
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3, 4, 5, 6  Next  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
Wavyx
n00b
n00b


Joined: 19 Mar 2007
Posts: 5

PostPosted: Wed Mar 28, 2007 6:40 am    Post subject: Reply with quote

Wavyx wrote:
Just for your interest, I have valias like "firstname.name@domain.tld". The problem is with the vpopchk.sh, such user are not recognised, and outputs a "101" exit code, meaning bounce no-mailbox. This is due to the "." (dot) in the USER parameter.
ex: /var/qmail/plugins/chkuser_pg/vpopchk.sh firstname.name domain.tld

To fix this, just comment the line 46 in /var/qmail/plugins/chkuser_pg/vpopchk.sh
#Change "." to ":" and all to lowercase
#USER=`echo ${USER} | ${TR} . : `

BTW, thanks a lot for the HOWTO


I suggest you the following solution (in my little post ;)
Back to top
View user's profile Send private message
vklimovs
n00b
n00b


Joined: 15 Dec 2005
Posts: 20

PostPosted: Wed Mar 28, 2007 7:01 am    Post subject: Reply with quote

Wavyx wrote:
Wavyx wrote:
Just for your interest, I have valias like "firstname.name@domain.tld". The problem is with the vpopchk.sh, such user are not recognised, and outputs a "101" exit code, meaning bounce no-mailbox. This is due to the "." (dot) in the USER parameter.
ex: /var/qmail/plugins/chkuser_pg/vpopchk.sh firstname.name domain.tld

To fix this, just comment the line 46 in /var/qmail/plugins/chkuser_pg/vpopchk.sh
#Change "." to ":" and all to lowercase
#USER=`echo ${USER} | ${TR} . : `

BTW, thanks a lot for the HOWTO


I suggest you the following solution (in my little post ;)


I tried that one. Can not explain why, but after that scripts starts to accept (or better say, verify) every address on domain.
Back to top
View user's profile Send private message
Wavyx
n00b
n00b


Joined: 19 Mar 2007
Posts: 5

PostPosted: Wed Mar 28, 2007 9:36 am    Post subject: Reply with quote

not sure about your last comment...
this is the very goal of this script: to check if user/alias is correct for a domain.
the explanation of the "dot problem", is that when you use a mysql database you the "." in aliases are not translated into ":" (but this is the regular way for .qmail configuration files: .qmail-firstname:name )

Sounds good ?
Back to top
View user's profile Send private message
juiceseep
n00b
n00b


Joined: 08 May 2006
Posts: 4

PostPosted: Thu Mar 29, 2007 5:29 pm    Post subject: Reply with quote

i really badly need you help.. i followed the previous how tos configuring qmail and it worked out "no smtp authentication"
only allowing certain ips in my /etc/tcprules.d/tcp.qmail-smtp

Code:

#CREATED NOV 7 2006

#LOOPBACK ADDRESS
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/simscan"
216.86.153.124:allow,RELAYCLIENT="",RBLSMTPD=""

#SPAMMER IP ADDRESSES
210.213.157.73:deny,RELAYCLIENT=""
210.213.252.137:deny,RELAYCLIENT=""
210.213.76.35:deny,RELAYCLIENT=""
124.104.103.:deny,RELAYCLIENT=""


#SIMSCAN SCANNER
:allow,QMAILQUEUE="/var/qmail/bin/simscan"
#EXPLICIT ALLO POLICY
:allow


But now we have remote users (using there laptop) and they are using MS Outlook and its bugging me
2weeks ago how to deal with SMTP authentication.. there the boss so i must fix it right a way.. if i make my
mail server open.. (i just did once) we were bombarded by alot of spammers (another pain) but now
i revert from the original configuration.

Code:


TCPSERVER_OPTS="${TCPSERVER_OPTS} -R"
QMAIL_SMTP_AUTHHOST=$(<${QMAIL_CONTROLDIR}/me)
QMAIL_SMTP_CHECKPASSWORD="/var/vpopmail/bin/vchkpw"
QMAIL_SMTP_POST="${QMAIL_SMTP_AUTHHOST} ${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}"

[[ -n "${QMAIL_SMTP_CHECKPASSWORD}" ]] && {
        [[ -z "${QMAIL_SMTP_POST}" ]] && QMAIL_SMTP_POST=/bin/true
        QMAIL_SMTP_POST="${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}"



also adding this line to my conf-smtpd seems no effect, i have enabled TSL (in thunderbird) and using MS Outlook 2003 the TSL but seems it wont get thru

could you help me step by step what is what to install and its configs that i have to enable..
in the installation there are options like ssl and enabling this and this... seems optional and i cant find a way in smtp authentication.

hope you help me before i get laid off

thanks
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 500
Location: Oslo, Norway

PostPosted: Fri Mar 30, 2007 7:43 pm    Post subject: Reply with quote

juiceseep wrote:
i really badly need you help.. i followed the previous how tos configuring qmail and it worked out "no smtp authentication"
only allowing certain ips in my /etc/tcprules.d/tcp.qmail-smtp


You'll need to recompile qmail with smtp-auth enabled. Then configure smtp-auth according to the guide. If you have an old version of qmail installed you should concider recompiling with the same version for a temporary fast solution. When you get the time, do a fresh install.
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 500
Location: Oslo, Norway

PostPosted: Sat Mar 31, 2007 12:07 am    Post subject: Reply with quote

New release of chkuser is out.
Should fix the issues related to mailaddresses including dots before the @
Back to top
View user's profile Send private message
vklimovs
n00b
n00b


Joined: 15 Dec 2005
Posts: 20

PostPosted: Wed Apr 04, 2007 7:22 am    Post subject: Reply with quote

Ok, great, dots get accepted. Thank you!
I found a little issue, which may not be an issue at all, i do not know. Here is part of SMTP dialogue:

>>> RSET
<<< 250 flushed
>>> MAIL FROM: <spamtest@mail.mydomain.lv>
<<< 250 ok
>>> RCPT TO: <"relaytest%antispam-ufrj.pads.ufrj.br">
<<< invalid addressformat

As you see, "invalid addressformat" message does not have error number at the start of the string. That is perfectly ok with real spamers, but for some reason it does break some open relay testers, like

http://www.abuse.net/relay.html
http://www.antispam-ufrj.pads.ufrj.br/test-relay.html
Back to top
View user's profile Send private message
stripe
n00b
n00b


Joined: 04 Jan 2004
Posts: 72
Location: Prague

PostPosted: Wed Apr 04, 2007 10:11 am    Post subject: Reply with quote

Quote:
Unverified tricks from readers
Here I'll put a collection of good ideas, hints and tricks posted by readers. I have not tried these myself.

Mindstab wrote:
I've also now found that something like
Code:
echo "#" > /var/qmail/control/doublebounceto

should route all double bounce messages to /dev/null hopefully
I just looked into this as I was getting a lot


Should be clean first line instead. This will prevent to queue the doublebounces at all.

If you enter "#" sign, Qmail will queue the bounces to #@defaultdomain.tld. This has two effects:

a) very huge load of local queue with result no existing user for delivery
b) if you have enabled catching all incoming email addresses in default domain to some user, he will get thousands of bounces

This trick comes from Qmail control files manual
Code:

doublebounceto
    User to receive double-bounces. Default: postmaster. If a single-bounce notice is permanently undeliverable, qmail-send sends a double-bounce notice to doublebounceto@doublebouncehost. (If that bounces, qmail-send gives up.) As a special case, if the first line of doublebounceto is blank (contains a single linefeed), qmail-send will not queue the double-bounce at all.

_________________
Sick of computers? Well, Czech girls and beer solve it! Trust me :-)
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 500
Location: Oslo, Norway

PostPosted: Wed Apr 04, 2007 4:18 pm    Post subject: Reply with quote

NS wrote:

As you see, "invalid addressformat" message does not have error number at the start of the string. That is perfectly ok with real spamers, but for some reason it does break some open relay testers, like


That is a "me" bug. The idea is to give error on characters not listed as accepted to prevent injection of commands to the scripts. (similar to sql injects)
Would there be any reason to accept the <, >, " and % charachters?

Which error code would be appropiate for invalide charachters?

Edit: Temparary I set error 511.... new release out. If anyone think other code is better, let me know.


Last edited by petterg on Wed Apr 04, 2007 8:44 pm; edited 1 time in total
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 500
Location: Oslo, Norway

PostPosted: Wed Apr 04, 2007 7:28 pm    Post subject: Reply with quote

stripe wrote:

Should be clean first line instead. This will prevent to queue the doublebounces at all.

If you enter "#" sign, Qmail will queue the bounces to #@defaultdomain.tld. This has two effects:


Updated. Thanks
Back to top
View user's profile Send private message
olau
n00b
n00b


Joined: 25 Nov 2004
Posts: 7
Location: Norway

PostPosted: Tue Apr 10, 2007 8:02 pm    Post subject: Upgrade from old "setup" Reply with quote

When I installed my server in dec 2005. I'd not install mysql support in vqmail. Is it possible to uppgrade?
the qmail-scanner ebuilt is beeing bloked

Code:

emerge qmail-scanner -va
[ebuild  N    ] mail-mta/qmail-mysql-1.03  57 kB
[ebuild     U ] mail-filter/qmail-scanner-2.01 [1.25-r2] USE="spamassassin (-qmailstats%*)" 222 kB [1]
[blocks B     ] mail-mta/qmail-mysql (is blocking mail-mta/qmail-1.03-r16)
[blocks B     ] mail-mta/qmail (is blocking mail-mta/qmail-mysql-1.03)


I have compared the qmail-scanner-2.01 manualy.
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 500
Location: Oslo, Norway

PostPosted: Tue Apr 10, 2007 9:22 pm    Post subject: Re: Upgrade from old "setup" Reply with quote

olau wrote:
When I installed my server in dec 2005. I'd not install mysql support in vqmail. Is it possible to uppgrade?
the qmail-scanner ebuilt is beeing bloked


I would guess you could just unemerge qmail before you upgrade. I'm sure there are some flags to emerge to only unemerge qmail, not everything that depends on it. (Run with -p first to make sure)

Anyhow, I would not upgrade to qmail-scanner-2 without upgrading to net-qmail and upgrade all dependencies. Basically do a clean install of the mailserver related software.
Back to top
View user's profile Send private message
Vieri
l33t
l33t


Joined: 18 Dec 2005
Posts: 870

PostPosted: Wed Apr 11, 2007 8:32 pm    Post subject: Re: HOWTO: qmail vpopmail courier-imap qmail-scanner (02/200 Reply with quote

petterg wrote:

2) "access denied", "permission denied" or "no such file"
There might be a reason why qmail-scanner-2.01.ebuild is ~masked.
I ran into access denied errors or missing file errors at a few places. You might do so as well. So: (if you don't get access denied errors or missing file errors, don't do this step!)
Code:

> mkdir -p /var/spool/qscan/quarantine/viruses/tmp /var/spool/qscan/quarantine/viruses/cur /var/spool/qscan/quarantine/viruses/new
> mkdir -p /var/spool/qscan/quarantine/spam/tmp /var/spool/qscan/quarantine/spam/cur /var/spool/qscan/quarantine/spam/new
> mkdir -p /var/spool/qscan/quarantine/policy/tmp /var/spool/qscan/quarantine/policy/cur /var/spool/qscan/quarantine/policy/new
> mkdir -p /var/spool/qscan/working/tmp /var/spool/qscan/working/cur /var/spool/qscan/working/new
> mkdir -p /var/spool/qscan/archive/tmp /var/spool/qscan/archive/cur /var/spool/qscan/archive/new
> chown -R qscand:qscand /var/spool/qscan/

FEATURES="keepwork keeptemp" emerge qmail-scanner
cp /var/tmp/portage/mail-filter/qmail-scanner-2.01/work/qmail-scanner-2.01/quarantine-events.txt /var/spool/qscan/
chown -R qscand:qscand /var/spool/qscan/
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z



Wouldn't it be simpler and cleaner NOT to create /var/spool/qscan and just modify /var/qmail/bin/qmail-scanner-queue.pl and search&replace the following lines?

Code:

my $scandir = '/var/spool/qmailscan';
my $configdir = '/var/spool/qmailscan';
my $logdir = '/var/spool/qmailscan';


Then just add
Code:

doins quarantine-events.txt

to the ebuild postinst function. Then digest and re-emerge it.

Actually the ebuild should be reviewed and all /var/spool/qmailscan should be replaced with /var/spool/qscan.
Also, files such as quarantine-attachments.txt don't seem to exist anymore.
Back to top
View user's profile Send private message
olau
n00b
n00b


Joined: 25 Nov 2004
Posts: 7
Location: Norway

PostPosted: Thu Apr 12, 2007 4:26 pm    Post subject: Re: Upgrade from old "setup" Reply with quote

OK, but how do I get the user acconts form a non MySQL to a instalation with MySQL.
Has any one done this?



petterg wrote:
olau wrote:
When I installed my server in dec 2005. I'd not install mysql support in vqmail. Is it possible to uppgrade?
the qmail-scanner ebuilt is beeing bloked


I would guess you could just unemerge qmail before you upgrade. I'm sure there are some flags to emerge to only unemerge qmail, not everything that depends on it. (Run with -p first to make sure)

Anyhow, I would not upgrade to qmail-scanner-2 without upgrading to net-qmail and upgrade all dependencies. Basically do a clean install of the mailserver related software.
Back to top
View user's profile Send private message
Cottonee
n00b
n00b


Joined: 23 Sep 2003
Posts: 73
Location: Palmerston North, New Zealand

PostPosted: Fri Apr 13, 2007 12:07 am    Post subject: Reply with quote

Hi everyone
I have a problem after following up this guide. SMTP is not working but I can see smtp port 25 opening from "nmap" command also with imaps and pop3s. Both imaps and pop3s are working great I can access server from local network and from Internet. So I think my vpopmail is working. Here is the problem with smtp:

1) smtp can send mail relay via my ISP's smtp server
2) smtp cannot receive any mail from outside, it said connection timeout. (send-receive local mail is fine)

qmail didn't produce any error log from smtp connection. So, I have no idea where to checking problem.
Any suggestion? ... :cry:
Back to top
View user's profile Send private message
vklimovs
n00b
n00b


Joined: 15 Dec 2005
Posts: 20

PostPosted: Fri Apr 13, 2007 8:51 am    Post subject: Reply with quote

Check rules of tcp server.
Code:
nano -w /etc/tcprules.d/tcp.qmail-smtp
Back to top
View user's profile Send private message
Cottonee
n00b
n00b


Joined: 23 Sep 2003
Posts: 73
Location: Palmerston North, New Zealand

PostPosted: Fri Apr 13, 2007 9:08 am    Post subject: Reply with quote

NS wrote:
Check rules of tcp server.
Code:
nano -w /etc/tcprules.d/tcp.qmail-smtp


Here is my smtp rule: my local IP is 192.168.1.x and my smtp server IP is aaa.aaa.aaa.aaa
Code:

127.0.0.:allow,RELAYCLIENT="",RBLSMTPD=""
192.168.1.:allow,RELAYCLIENT="",RBLSMTPD=""
aaa.aaa.aaa.aaa:allow,RELAYCLIENT="",RBLSMTPD=""
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue"

Is it correct?
Back to top
View user's profile Send private message
vklimovs
n00b
n00b


Joined: 15 Dec 2005
Posts: 20

PostPosted: Fri Apr 13, 2007 9:19 am    Post subject: Reply with quote

Yes, it looks correct. Do you think there may be a firewall between you box and internet, which may block connections to port 25?
Back to top
View user's profile Send private message
Cottonee
n00b
n00b


Joined: 23 Sep 2003
Posts: 73
Location: Palmerston North, New Zealand

PostPosted: Fri Apr 13, 2007 9:37 am    Post subject: Reply with quote

NS wrote:
Yes, it looks correct. Do you think there may be a firewall between you box and internet, which may block connections to port 25?

I have setup my router to open and forward port 25, 993, 995 to local smtp server. As I mentioned in my previous mail that pop3s and imaps work from Internet. I am suspecting that my ISP might block incoming to port 25. In guide, he suggest to change smtp port to other port. However, the question is if I change smtp port to other rather than 25. How could other smtp server send mail to my smtp server? How could they know that my smtp is on what port?...
Back to top
View user's profile Send private message
vklimovs
n00b
n00b


Joined: 15 Dec 2005
Posts: 20

PostPosted: Fri Apr 13, 2007 9:47 am    Post subject: Reply with quote

If you change port, other smtp servers will not be able to connect. And, if ISP blocks incoming connections to port 25, which is probably the case, you can not do much about that. Personally you still can use your server from outside, either on port or over STARTTLS.
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 500
Location: Oslo, Norway

PostPosted: Sat Apr 14, 2007 5:43 pm    Post subject: Reply with quote

Cottonee wrote:
NS wrote:
Yes, it looks correct. Do you think there may be a firewall between you box and internet, which may block connections to port 25?

I have setup my router to open and forward port 25, 993, 995 to local smtp server. As I mentioned in my previous mail that pop3s and imaps work from Internet. I am suspecting that my ISP might block incoming to port 25. In guide, he suggest to change smtp port to other port. However, the question is if I change smtp port to other rather than 25. How could other smtp server send mail to my smtp server? How could they know that my smtp is on what port?...


Try telnet from the internet to your server on port 25. If it does not work try the same from the wan side of your router.
(Your ISP might block port 25.)
Back to top
View user's profile Send private message
Cottonee
n00b
n00b


Joined: 23 Sep 2003
Posts: 73
Location: Palmerston North, New Zealand

PostPosted: Wed Apr 18, 2007 5:31 am    Post subject: Reply with quote

petterg wrote:
Cottonee wrote:
NS wrote:
Yes, it looks correct. Do you think there may be a firewall between you box and internet, which may block connections to port 25?

I have setup my router to open and forward port 25, 993, 995 to local smtp server. As I mentioned in my previous mail that pop3s and imaps work from Internet. I am suspecting that my ISP might block incoming to port 25. In guide, he suggest to change smtp port to other port. However, the question is if I change smtp port to other rather than 25. How could other smtp server send mail to my smtp server? How could they know that my smtp is on what port?...


Try telnet from the internet to your server on port 25. If it does not work try the same from the wan side of your router.
(Your ISP might block port 25.)

Thanks a lot guys, I found out that my ISP has blacked port 25. :( that how they can make money form mail server.
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 500
Location: Oslo, Norway

PostPosted: Thu Apr 19, 2007 7:21 pm    Post subject: Reply with quote

Honestly, I think all ISP's should block port 25 for private customers. There are so many unprotected networks / hosts on this kind of connections.
Back to top
View user's profile Send private message
harlanb
n00b
n00b


Joined: 01 May 2005
Posts: 40

PostPosted: Mon Apr 23, 2007 2:53 pm    Post subject: unable to get smtp connection Reply with quote

Hello Everyone,
I have been arguing with this setup for more than a week.

I've edited the tcp.qmail-smtp file, below:

127.0.0.:allow,RELAYCLIENT="",RBLSMTPD=""
10.8.0.:allow,RELAYCLIENT="",RBLSMTPD=""
192.168.0.200:allow,RELAYCLIENT="",RBLSMTPD=""
192.168.0.201:allow,RELAYCLIENT="",RBLSMTPD=""
172.16.0.:allow,RELAYCLIENT="",RBLSMTPD=""
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue"

$ telnet mail.<server>.org 8001
Trying 12.214.202.15...
Connected to mail.<server>.org.
Escape character is '^]'.

I have intentionally changed the port; I'm using a service to get around the cable blocking problem. I did have a working server at one time, so cable is not the issue and this telnet is from outside my cable provider; I decided to upgrade to the current qmail software and followed this guide - I messed up the backups, so restoring is not an option.

A few times, I was able to get an SMTP reply from the server, but just to test, I restarted netqmail, and I can longer connect. Even when it connected, there were errors, but I need to get a reliable connection going, then I'll post about the errors.

I believe that I have smtp-auth compiled in, but I'm not 100% sure of that. Here is the settings from emerge:

# ACCEPT_KEYWORDS="~x86" emerge -pv netqmail

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild R ] mail-mta/netqmail-1.05-r7 USE="qmail-spp ssl -gencertdaily -highvolume -mailwrapper -noauthcram -vanilla" 0 kB

Total: 1 package (1 reinstall), Size of downloads: 0 kB

If you need any more information, please post and I'll provide what I can.

Any ideas or suggestions?

Thanks,

Harlan...
Back to top
View user's profile Send private message
biatch0
n00b
n00b


Joined: 25 May 2004
Posts: 40

PostPosted: Tue Apr 24, 2007 4:33 am    Post subject: Reply with quote

I'm probably going to update my old mailserver to run netqmail in a couple of days... is there anything I should know before doing so? I'm hoping that just doing an "emerge --unmerge qmail" and then following the guide will give me a working mailserver...
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page Previous  1, 2, 3, 4, 5, 6  Next
Page 3 of 6

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum