Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
HOWTO: qmail vpopmail courier-imap qmail-scanner (02/2007)
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3, 4, 5, 6  Next  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
radulucian
Apprentice
Apprentice


Joined: 05 Jan 2004
Posts: 151
Location: Bucharest Romania

PostPosted: Sat Feb 24, 2007 9:19 am    Post subject: Reply with quote

i remember i've had this problem and used a solution that was reffering to
/var/vpopmail/etc/lib_deps
which now, for me, reads:
Code:

-L/var/vpopmail/lib -lvpopmail -L/usr/lib/mysql  -lmysqlclient -lz -lm -lcrypt


see if it's the same for you and if not try to move the deps files somewhere else and recompile vpopmail once more.

and i guess you could also try revdep-rebuild, but if the problem it's related to the above file it's probably not going to help.

-----------------------------------

now i have a new issue :)
if i enable the plugin i get this in the logs when sending email to the account here:
Quote:

qmaild
/usr/bin/sudo -u vpopmail /var/qmail/plugins/chkuser_pg/vpopchk.sh service.account somedomain.com
sudo return: 101
Rejected by .qmail-default: service.account@somedomain.com


and i get back a delivery failure on the other end.
Quote:

Delivery to the following recipient failed permanently:

service.account@somedomain.com

Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 9): 511 Sorry, no mailbox here by that name (#5.1.1)


i guess it's related to the same issue.
what i did to get my mail through (and might be usefull for others for the time being) is disable the plugin altogether . then everything works fine.

any clues?
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 459
Location: Oslo, Norway

PostPosted: Sat Feb 24, 2007 2:04 pm    Post subject: Reply with quote

radulucian wrote:

now i have a new issue :)
if i enable the plugin i get this in the logs when sending email to the account here:
Quote:

qmaild
/usr/bin/sudo -u vpopmail /var/qmail/plugins/chkuser_pg/vpopchk.sh service.account somedomain.com
sudo return: 101
Rejected by .qmail-default: service.account@somedomain.com


and i get back a delivery failure on the other end.
Quote:

Delivery to the following recipient failed permanently:

service.account@somedomain.com

Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 9): 511 Sorry, no mailbox here by that name (#5.1.1)


i guess it's related to the same issue.
what i did to get my mail through (and might be usefull for others for the time being) is disable the plugin altogether . then everything works fine.

any clues?


Sounds like you've set up some open relay or your server has not taken the settings from /etc/tcprules/tcp-smtp.
Refresh the cdb build and restart the smtp service might be all that is required.

Do you run into the same problem both with and without having the client run smtp-auth?
Back to top
View user's profile Send private message
PabOu
Veteran
Veteran


Joined: 11 Feb 2004
Posts: 1073
Location: Hélécine - Belgium

PostPosted: Mon Feb 26, 2007 10:17 pm    Post subject: Reply with quote

Nice guide !

However, I've found a problem with chkuser_pg :

I've created only one domain with vadddomain, let's say domain.com. This domain got only one user : postmaster, the default one.

Code:
pabou@chocolat ~ $ telnet smtphost.domain.com 25
Trying xxx.xxx.xxx.xxx...
Connected to smtphost.domain.com.
Escape character is '^]'.
220 smtphost.domain.com  ESMTP
HELO paboutest.pabou.com
250 smtphost.domain.com
MAIL FROM: anyuser@anydomain.com
250 ok
RCPT TO: postmaster@domain.com
250 ok


Result is OK.

another try, new telnet connexion :
Code:
RCPT TO: pabou@domain.com
511 Sorry, no mailbox here by that name (#5.1.1)


Result is OK, chkuser works great !


another try, new telnet connexion :
Code:
RCPT TO: pabou@pabou.com
511 Sorry, no mailbox here by that name (#5.1.1)


There is the problem. vpopmail doesn't have the domain pabou.com and I'm not registered with smtp-auth --> I can't use this server as a relay server. The error message should be "553 sorry, that domain isn't in my list of allowed rcpthosts" and not 511
_________________
Mangez du poulet !
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 459
Location: Oslo, Norway

PostPosted: Tue Feb 27, 2007 10:02 am    Post subject: Reply with quote

PabOu wrote:

There is the problem. vpopmail doesn't have the domain pabou.com and I'm not registered with smtp-auth --> I can't use this server as a relay server. The error message should be "553 sorry, that domain isn't in my list of allowed rcpthosts" and not 511


Fixed - new version of chkuser_pg out on S.F.
Thanx for pointing this out.
Back to top
View user's profile Send private message
malty
n00b
n00b


Joined: 25 Aug 2004
Posts: 37
Location: France Nice

PostPosted: Fri Mar 02, 2007 1:34 pm    Post subject: Reply with quote

My errors :
@4000000045e8274e23ddb97c delivery 17: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
_________________
http://www.cremantec.com/
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 459
Location: Oslo, Norway

PostPosted: Sun Mar 04, 2007 4:33 pm    Post subject: Reply with quote

malty wrote:
My errors :
@4000000045e8274e23ddb97c delivery 17: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/


Is that for incomming or outgoing mail?
Try telnet'ing in the same direction from the same host. My first guess is a firewall issue with your ISP.
Back to top
View user's profile Send private message
malty
n00b
n00b


Joined: 25 Aug 2004
Posts: 37
Location: France Nice

PostPosted: Sun Mar 04, 2007 6:53 pm    Post subject: Reply with quote

That relates to the outgoing mail (smtp), I tested with telnet it walks.
But with my customer email that does not function.

Code:
cat /var/log/qmail/qmail-send/current


Code:
@4000000045eb1126259c2e74 delivery 51: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
@4000000045eb1126259c41fc status: local 0/10 remote 0/20


I have to carry out the order:
Code:
echo teste | /var/qmail/bin/qmail-inject -a nom@domain.com


On the other hand locally that functions
_________________
http://www.cremantec.com/
Back to top
View user's profile Send private message
malty
n00b
n00b


Joined: 25 Aug 2004
Posts: 37
Location: France Nice

PostPosted: Wed Mar 07, 2007 7:21 pm    Post subject: Reply with quote

My error :

Code:
sva-01 files # ebuild /usr/local/portage/mail-mta/netqmail/netqmail-1.05-r4.ebuild digest
/usr/local/portage/mail-mta/netqmail/netqmail-1.05-r4.ebuild: line 284: syntax error near unexpected token `fi'
/usr/local/portage/mail-mta/netqmail/netqmail-1.05-r4.ebuild: line 284: `   fi if use ssl; then'

!!! ERROR: mail-mta/netqmail-1.05-r4 failed.
Call stack:
  ebuild.sh, line 1511:   Called die

!!! error sourcing ebuild
!!! If you need support, post the topmost build error, and the call stack if relevant.

_________________
http://www.cremantec.com/


Last edited by malty on Thu Mar 08, 2007 6:20 am; edited 1 time in total
Back to top
View user's profile Send private message
malty
n00b
n00b


Joined: 25 Aug 2004
Posts: 37
Location: France Nice

PostPosted: Wed Mar 07, 2007 8:30 pm    Post subject: Reply with quote

I found the error :
Code:
Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/


One should not add :
Code:
echo ":smtp.ISP.NET" > /var/qmail/control/smtproutes


And all functions perfectly.
_________________
http://www.cremantec.com/
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 459
Location: Oslo, Norway

PostPosted: Thu Mar 08, 2007 1:23 am    Post subject: Reply with quote

malty wrote:
I found the error :
Code:
Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/


One should not add :
Code:
echo ":smtp.ISP.NET" > /var/qmail/control/smtproutes


And all functions perfectly.


So, apparently your ISP is blocking outbound smtp connections to anywhere but their own smtp server. I'll put a note about this in the guide
Back to top
View user's profile Send private message
malty
n00b
n00b


Joined: 25 Aug 2004
Posts: 37
Location: France Nice

PostPosted: Thu Mar 08, 2007 6:25 am    Post subject: Reply with quote

Why I have this error when I sendings an email?

Code:
vchkpw-smtp: password fail


Code:

Mar  7 22:30:09 sva-01 vpopmail[15299]: vchkpw-smtp: password fail -----------@------------.com:192.168.1.1
Mar  7 22:30:14 sva-01 vpopmail[15301]: vchkpw-smtp: (PLAIN) login success -----------@-----------.com:192.168.1.1

_________________
http://www.cremantec.com/
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 459
Location: Oslo, Norway

PostPosted: Thu Mar 08, 2007 9:17 am    Post subject: Reply with quote

malty wrote:
Why I have this error when I sendings an email?

Code:
vchkpw-smtp: password fail


Code:

Mar  7 22:30:09 sva-01 vpopmail[15299]: vchkpw-smtp: password fail -----------@------------.com:192.168.1.1
Mar  7 22:30:14 sva-01 vpopmail[15301]: vchkpw-smtp: (PLAIN) login success -----------@-----------.com:192.168.1.1


Set your client to not use cram authentication. It's probably set to auto, then it will try cram first.

The problem is that the server anounces that it supports cram. There should be a way to make it not announce this. I'm not sure how.
Back to top
View user's profile Send private message
CzesLaW
n00b
n00b


Joined: 20 Feb 2007
Posts: 13

PostPosted: Thu Mar 08, 2007 5:06 pm    Post subject: Reply with quote

I have the same problem... it makes sending mails really slow.

Maby USE="noauthcram" when doing emerge netqmail ??

OK I've fix it:

Quote:
Setting up clear passwords for vpopmail after the fact
If you, like me, installed vpopmail without clear passwords and then realized that clear passwords are required for Cram-MD5 encryption for authentication and want to update your database, here is how I did it. Its not automatic, but it works.
Kod:
> echo "net-mail/vpopmail clearpasswd" >> /etc/portage/package.use
> emerge vpopmail qmailadmin
> mysql -u vpopmail -p
vpopmail password is in /etc/vpopmail.conf if you have forgotten it

mysql> use vpopmail;
mysql> ALTER TABLE vpopmail ADD pw_clear_passwd char(16) default NULL AFTER pw_shell;

Query OK, xx rows affected (0.01 sec)
xx denotes the number of rows (users) you have.

mysql> quit

If you have qmailadmin or vqadmin you can change the password and these will update the database with the clear password. Or you can do it the old fashioned way, the command line:
Kod:
> ~vpopmail/bin/vchangepw
Please enter the email address: user@domain.tld
Enter old password: oldPassword
Please enter password for user@domain.tld: newPassword
enter password again: newPassword
Password successfully changed.

Even if you don't update the database, you can still send and receive mail, but until you update it cram-md5 encryption for authenticating with the smtp server won't work (as it was doing before).


I found it here: https://forums.gentoo.org/viewtopic-t-527246-highlight-vchkpw+crammd5.html
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 459
Location: Oslo, Norway

PostPosted: Mon Mar 12, 2007 11:17 pm    Post subject: Reply with quote

CzesLaW wrote:


Quote:
Setting up clear passwords for vpopmail after the fact
If you, like me, installed vpopmail without clear passwords and then realized that clear passwords are required for Cram-MD5 encryption for authentication and want to update your database, here is how I did it. Its not automatic, but it works.
Kod:
> echo "net-mail/vpopmail clearpasswd" >> /etc/portage/package.use
> emerge vpopmail qmailadmin



That is the way to go to make authcram work. The disadvantage is that passwords are stored in the mysql db in clear text. If there are more users on the server than myself I would not go this way.

The better way is to make the clients not use authcram. Eighter by disabeling the methode in the client config or make the server not announce authcram. The later way would be the better. But I don't know how to do it.
Back to top
View user's profile Send private message
Wavyx
n00b
n00b


Joined: 19 Mar 2007
Posts: 5

PostPosted: Mon Mar 19, 2007 1:44 pm    Post subject: Reply with quote

Just for your interest, I have valias like "firstname.name@domain.tld". The problem is with the vpopchk.sh, such user are not recognised, and outputs a "101" exit code, meaning bounce no-mailbox. This is due to the "." (dot) in the USER parameter.
ex: /var/qmail/plugins/chkuser_pg/vpopchk.sh firstname.name domain.tld

To fix this, just comment the line 46 in /var/qmail/plugins/chkuser_pg/vpopchk.sh
#Change "." to ":" and all to lowercase
#USER=`echo ${USER} | ${TR} . : `

BTW, thanks a lot for the HOWTO
Back to top
View user's profile Send private message
CzesLaW
n00b
n00b


Joined: 20 Feb 2007
Posts: 13

PostPosted: Mon Mar 19, 2007 1:52 pm    Post subject: Reply with quote

I am using also aliases with dot in the name and I don't have any problems...

But I am confused with the case when I want to use more than one domain with ssl encryption. How can I setup one certificate for every domain ?!?
Back to top
View user's profile Send private message
Wavyx
n00b
n00b


Joined: 19 Mar 2007
Posts: 5

PostPosted: Mon Mar 19, 2007 10:07 pm    Post subject: Reply with quote

Hi,

I guess my problem is probably related to the mysql feature. My valias are stored in the base, and I don't "need" to converte "." to ":" for the usual .qmail files.

About your certificate problem, I get your point but:
1) I'm not sure the courier-imapd is able to use multiple ssl certifs according to the requested TLD (on a specific single IP address)
2) As for Apache, my opinion is you can only have a single SSL certificate by IP. I guess you can still use your main "hosting" domain as valid ssl certificate (like mail.hoster.com) for all your customers. Or maybe there is a solution with mapping a specific daemon for each IP you've got and distribute your ssl certificates along your IP's.

Does it make sense? I'm waiting for your advices.
Back to top
View user's profile Send private message
CzesLaW
n00b
n00b


Joined: 20 Feb 2007
Posts: 13

PostPosted: Mon Mar 19, 2007 10:40 pm    Post subject: Reply with quote

OK, I am just using one domain for receiving and sending mails because it's a small server ... but thanks for the reply.

About your problem... am I thinking correctly, You are trying to log in using an alias for one of your mailboxes? If yes.. I think there is no option to do it.
Back to top
View user's profile Send private message
Wavyx
n00b
n00b


Joined: 19 Mar 2007
Posts: 5

PostPosted: Tue Mar 20, 2007 10:23 am    Post subject: Reply with quote

No, I had just some delivering issues with valias containing "." (dots) in the the user part. The real user and simple alias (without dot) works perfectly. But as I said, with mysql valias storage, if you keep the line in vpopchk.sh the "." is replaced by ":" for the check and this never works. So, for eg, every alias with dots like "firstname.name@mydomain.com" would be bounced since vpopchk.sh will not find firstname:name@mydomain.com in the mysql database.

Another "bug" is about the clamav configuration. Since we changed the owner/group of /var/log/clamav to qscand:qscand, we should update the logrotate configuration as well:
Code:

nano -w /etc/logrotate.d/clamav
/var/log/clamav/clamd.log {
        missingok
        create 640 qscand qscand
        postrotate
             /bin/kill -HUP `cat /var/run/clamav/clamd.pid 2> /dev/null` 2>/dev/null || true
        endscript
}

/var/log/clamav/freshclam.log {
        missingok
        create 640 qscand qscand
        postrotate
                /bin/kill -HUP `cat /var/run/clamav/freshclam.pid 2> /dev/null` 2>/dev/null || true
        endscript
}
Back to top
View user's profile Send private message
malty
n00b
n00b


Joined: 25 Aug 2004
Posts: 37
Location: France Nice

PostPosted: Thu Mar 22, 2007 6:42 am    Post subject: Reply with quote

My errors :
Code:
Mar 22 02:04:04 sva-01 spamd[5719]: bayes: locker: safe_lock: cannot create lockfile /etc/mail/spamassassin/bayes.mutex: Permission denied

_________________
http://www.cremantec.com/
Back to top
View user's profile Send private message
CzesLaW
n00b
n00b


Joined: 20 Feb 2007
Posts: 13

PostPosted: Thu Mar 22, 2007 9:34 am    Post subject: Reply with quote

I'm thinking that my spamassassin is not working at all... but my qmail-scanner installation went all right :/
I don't see any msgs marked with X-Spam header or with changed topic name ... strange :/

How to check if it's ok ?!


Last edited by CzesLaW on Thu Mar 22, 2007 10:30 am; edited 1 time in total
Back to top
View user's profile Send private message
malty
n00b
n00b


Joined: 25 Aug 2004
Posts: 37
Location: France Nice

PostPosted: Thu Mar 22, 2007 10:28 am    Post subject: Reply with quote

thank you it goes
_________________
http://www.cremantec.com/
Back to top
View user's profile Send private message
malty
n00b
n00b


Joined: 25 Aug 2004
Posts: 37
Location: France Nice

PostPosted: Thu Mar 22, 2007 10:30 am    Post subject: Reply with quote

I have another problem, when I sendings of the emails only on hotmail.fr I have an error:

Code:
@40000000460258f90dbf37ec info msg 311496: bytes 1128 from <postmaster@cremantec.com> qp 10509 uid 201
@40000000460258f90e652094 starting delivery 1: msg 311496 to remote ______@hotmail.fr
@40000000460258f90e653034 status: local 0/10 remote 1/20
@40000000460258fd0d51b8ac delivery 1: success: 205.248.106.64_accepted_message./Remote_host_said:_250_2.6.0_<460258EB.2040002@cremantec.com>_Queued_mail_for_delivery/
@40000000460258fd0d51cc34 status: local 0/10 remote 0/20

_________________
http://www.cremantec.com/
Back to top
View user's profile Send private message
vklimovs
n00b
n00b


Joined: 15 Dec 2005
Posts: 20

PostPosted: Mon Mar 26, 2007 3:30 pm    Post subject: Reply with quote

petterg,great guide. Everything is fine. But, i think there is a slight problem in script:
Code:

mail chkuser_pg # ./rcptchk-pg.sh ivars.bruveris@domain.lv
E511 Sorry, no mailbox here by that name (#5.1.1)

mail chkuser_pg # vuserinfo ivars.bruveris@domain.lv
name:   ivars.bruveris
passwd: $1$5MsKnvuH$slq5Vy4YxzfGs2hpyHyVw.
clear passwd: cpwd
comment/gecos: Ivars Bruveris
uid:    0
gid:    0
flags:  0
gecos: Ivars Bruveris
limits: No user limits set.
dir:       /var/vpopmail/domains/domain.lv/0/ivars.bruveris
quota:     524288000S
usage:     0%
last auth: Mon Mar 26 18:23:36 2007
last auth ip: pop3
mail chkuser_pg #


As you see, checking does not work for usernames which contain dot.
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 459
Location: Oslo, Norway

PostPosted: Wed Mar 28, 2007 12:29 am    Post subject: Reply with quote

I'll look into the valias "dot" check. I think the way to go is to make sure it returns OK for valias before the part when changing . to :

Hopefully i'll find time this weekend.

Regarding mulit-certificates on one IP - it is not posible. The reason is that the hostname that the client is connecting to has to be decrypted using the certificate.

Regarding those permission denied problems - try su to the user the process is runing as, and see if the user actually has access. I've noticed that permission denied errors sometimes occure when using symlinks.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page Previous  1, 2, 3, 4, 5, 6  Next
Page 2 of 6

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum