Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Qmail>
  3. users
HELP! Server migration broke SMTP auth (FreeBSD)
up at 3
Apr 1, 2012, 9:49 PM
Post #1 of 5 (3706 views)
Permalink
This is embarrassing...I apologize in advance for this, but I am so fried, I need
help, despite having been a qmail user since '97 or so.

I just tried to migrate from a few years-old FreeBSD 7.2 to a new 8.2 server and I
have all the following working just like on the old one:

qmail, tcpserver, vpopmail, qmailadmin, dovecot (IMAP only) qmail-pop3d,
squirrelmail.

POP3 and IMAP auth fine against system passwords as well as vpopmail accounts.
However, SMTP auth does not. Here's the embarrassing part-I cannot remember which
patch(s) I used to get smtp auth working in the first place.

In an effort to get things up to date, I leaned heavily on FreeBSD ports this
time, which is supposed to have an SMTP-auth patch with qmail. I simply selected
"SMTP_AUTH_PATCH" and did a make install. However, vhckpw is failing to
authenticate SMTP. System users fail as follows:

vchkpw-submission: system password fail user:ip

vpopmail servers fail as follows:

vchkpw-submission: system user not found user:ip

I invoke tcpserver as follows (no SSL in this case):

/usr/local/bin/tcpserver -c 45 -l 0 -R -H -x/etc/tcp.smtp-auth.cdb -u 82 -g 81 0
587 \
/var/qmail/bin/qmail-smtpd server.name /home/vpopmail/bin/vchkpw true &
--------

# strings /etc/tcp.smtp-auth.cdb
+RBLSMTPD=
+QMAILQUEUE=/var/qmail/bin/qmail-queue

If somebody familiar with the FreeBSD patches for qmail smtp auth set me in the
right direction, I'd appreciate it!
Re: HELP! Server migration broke SMTP auth (FreeBSD) [ In reply to ]
up at 3
Apr 1, 2012, 10:23 PM
Post #2 of 5 (3586 views)
Permalink
To update this...I just found my old patch and the new one...they are the same:

qmail-smtpd-auth-0.31

In was in the ports source for qmail and also in my home directory on the old
server. The problem is not likely this patch, I assume.

So is this likely a problem with tcpserver, vpopmail? They both seem to work fine
for IMAP/POP...

> This is embarrassing...I apologize in advance for this, but I am so fried, I need
> help, despite having been a qmail user since '97 or so.
>
> I just tried to migrate from a few years-old FreeBSD 7.2 to a new 8.2 server and I
> have all the following working just like on the old one:
>
> qmail, tcpserver, vpopmail, qmailadmin, dovecot (IMAP only) qmail-pop3d,
> squirrelmail.
>
> POP3 and IMAP auth fine against system passwords as well as vpopmail accounts.
> However, SMTP auth does not. Here's the embarrassing part-I cannot remember which
> patch(s) I used to get smtp auth working in the first place.
>
> In an effort to get things up to date, I leaned heavily on FreeBSD ports this
> time, which is supposed to have an SMTP-auth patch with qmail. I simply selected
> "SMTP_AUTH_PATCH" and did a make install. However, vhckpw is failing to
> authenticate SMTP. System users fail as follows:
>
> vchkpw-submission: system password fail user:ip
>
> vpopmail servers fail as follows:
>
> vchkpw-submission: system user not found user:ip
>
> I invoke tcpserver as follows (no SSL in this case):
>
> /usr/local/bin/tcpserver -c 45 -l 0 -R -H -x/etc/tcp.smtp-auth.cdb -u 82 -g 81 0
> 587 \
> /var/qmail/bin/qmail-smtpd server.name /home/vpopmail/bin/vchkpw true &
> --------
>
> # strings /etc/tcp.smtp-auth.cdb
> +RBLSMTPD=
> +QMAILQUEUE=/var/qmail/bin/qmail-queue
>
> If somebody familiar with the FreeBSD patches for qmail smtp auth set me in the
> right direction, I'd appreciate it!
>
Re: HELP! Server migration broke SMTP auth (FreeBSD) [ In reply to ]
feh at fehcom
Apr 2, 2012, 12:22 AM
Post #3 of 5 (3579 views)
Permalink
Hi,

look here: http://www.fehcom.de/qmail.html

and then pick up my discussion about SMTP Authentication.

regards.
--eh.

On Mon, 2 Apr 2012 00:49:36 -0400, up@3.am wrote :

> This is embarrassing...I apologize in advance for this, but I am so fried, I need
> help, despite having been a qmail user since '97 or so.
>
> I just tried to migrate from a few years-old FreeBSD 7.2 to a new 8.2 server and I
> have all the following working just like on the old one:
>
> qmail, tcpserver, vpopmail, qmailadmin, dovecot (IMAP only) qmail-pop3d,
> squirrelmail.
>
> POP3 and IMAP auth fine against system passwords as well as vpopmail accounts.
> However, SMTP auth does not. Here's the embarrassing part-I cannot remember which
> patch(s) I used to get smtp auth working in the first place.
>
> In an effort to get things up to date, I leaned heavily on FreeBSD ports this
> time, which is supposed to have an SMTP-auth patch with qmail. I simply selected
> "SMTP_AUTH_PATCH" and did a make install. However, vhckpw is failing to
> authenticate SMTP. System users fail as follows:
>
> vchkpw-submission: system password fail user:ip
>
> vpopmail servers fail as follows:
>
> vchkpw-submission: system user not found user:ip
>
> I invoke tcpserver as follows (no SSL in this case):
>
> /usr/local/bin/tcpserver -c 45 -l 0 -R -H -x/etc/tcp.smtp-auth.cdb -u 82 -g 81 0
> 587 \
> /var/qmail/bin/qmail-smtpd server.name /home/vpopmail/bin/vchkpw true &
> --------
>
> # strings /etc/tcp.smtp-auth.cdb
> +RBLSMTPD=
> +QMAILQUEUE=/var/qmail/bin/qmail-queue
>
> If somebody familiar with the FreeBSD patches for qmail smtp auth set me in the
> right direction, I'd appreciate it!
>
>
>

--
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/
Re: HELP! Server migration broke SMTP auth (FreeBSD) [ In reply to ]
up at 3
Apr 2, 2012, 7:30 AM
Post #4 of 5 (3574 views)
Permalink
> On 02/04/2012 7:23, up@3.am wrote:
>>
>> To update this...I just found my old patch and the new one...they are the same:
>>
>> qmail-smtpd-auth-0.31
>>
>> In was in the ports source for qmail and also in my home directory on the old
>> server. The problem is not likely this patch, I assume.
>>
>> So is this likely a problem with tcpserver, vpopmail? They both seem to work
>> fine
>> for IMAP/POP...
>>
>>> This is embarrassing...I apologize in advance for this, but I am so fried, I
>>> need
>>> help, despite having been a qmail user since '97 or so.
>>>
>>> I just tried to migrate from a few years-old FreeBSD 7.2 to a new 8.2 server
>>> and I
>>> have all the following working just like on the old one:
>>>
>>> qmail, tcpserver, vpopmail, qmailadmin, dovecot (IMAP only) qmail-pop3d,
>>> squirrelmail.
>>>
>>> POP3 and IMAP auth fine against system passwords as well as vpopmail accounts.
>>> However, SMTP auth does not. Here's the embarrassing part-I cannot remember
>>> which
>>> patch(s) I used to get smtp auth working in the first place.
>>>
>>> In an effort to get things up to date, I leaned heavily on FreeBSD ports this
>>> time, which is supposed to have an SMTP-auth patch with qmail. I simply
>>> selected
>>> "SMTP_AUTH_PATCH" and did a make install. However, vhckpw is failing to
>>> authenticate SMTP. System users fail as follows:
>>>
>>> vchkpw-submission: system password fail user:ip
>>>
>>> vpopmail servers fail as follows:
>>>
>>> vchkpw-submission: system user not found user:ip
>>>
>>> I invoke tcpserver as follows (no SSL in this case):
>>>
>>> /usr/local/bin/tcpserver -c 45 -l 0 -R -H -x/etc/tcp.smtp-auth.cdb -u 82 -g 81
>>> 0
>>> 587 \
>>> /var/qmail/bin/qmail-smtpd server.name /home/vpopmail/bin/vchkpw true&
>>> --------
>>>
>>> # strings /etc/tcp.smtp-auth.cdb
>>> +RBLSMTPD=
>>> +QMAILQUEUE=/var/qmail/bin/qmail-queue
>>>
>>> If somebody familiar with the FreeBSD patches for qmail smtp auth set me in the
>>> right direction, I'd appreciate it!
>>>
>
> Hello,
>
> Did you try to do: telnet localhost 25?
> Do you get the next message "250-AUTH LOGIN CRAM_MD5 PLAIN" or
> "250-AUTH=LOGIN CRAM_MD5 PLAIN"?
>
> In this case, the patch is not applied. I had this problem and I solved
> it with qmail-tls port.
>

I get the same thing on both servers (one works):

EHLO domain.com
250-mail.domain.com
250-AUTH LOGIN CRAM-MD5 PLAIN
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-PIPELINING
250 8BITMIME

Note that I cannot require TLS or SSL on port 587; I have too many users doing
plain auth on it.

Again, this worked with what seems like the same config using slightly older
versions of most of this software. I cannot recall if I had to patch tcpserver
to do SMTP auth as well...

Thanks...
RE: HELP! Server migration broke SMTP auth (FreeBSD) [ In reply to ]
up at 3
Apr 2, 2012, 8:23 AM
Post #5 of 5 (3577 views)
Permalink
> I don't run FreeBSD, but I have seen something similar before; also, who
> owns the 'vchkpw' file in /home/vpopmail/bin?
>
> I prefer to respond off-list, but would be glad to offer any advice that may
> help you.

Unbelievable. That was it. Old server had vchkpw owned by root with the SUID bit
set. The new one did not. I didn't look too closely at it because I figured if
vchkpw auth was working for pop3, imap, both system and vpopmail users, that
couldn't be it.

Thank you for helping me! Perhaps if I wasn't so tired last night...sigh.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal