Mailing List Archive

Thus said Vahid Moghaddasi on Wed, 23 Jan 2013 16:34:13 -0500:

> We have a few server with about 1000 local users. All the e-mails for
> those users are defined in /var/qmail/alias/.qmail-<user> file and all
> the users have an entery in /var/qmail/users/assign file in the
> following format: =user1:user1:12345:300:/var/qmail/alias:-:user1:

This entry is wrong.

If you want the alias user to be in control of deliveries for the
local address user1, then you need something more like:

=user1:alias:200:200:/var/qmail/alias:-:user1:

Where 200:200 is the uid:gid of the alias user.

What then do you have in /var/qmail/alias/.qmail-user1 ?

Andy

On Wed, Jan 23, 2013 at 9:02 PM, Andy Bradford <
amb-sendok-1361584938.bpihibgnalfebandfali@bradfords.org> wrote:

> Thus said Vahid Moghaddasi on Wed, 23 Jan 2013 16:34:13 -0500:
>
> > We have a few server with about 1000 local users. All the e-mails for
> > those users are defined in /var/qmail/alias/.qmail-<user> file and all
> > the users have an entery in /var/qmail/users/assign file in the
> > following format: =user1:user1:12345:300:/var/qmail/alias:-:user1:
>
> This entry is wrong.
>
> If you want the alias user to be in control of deliveries for the
> local address user1, then you need something more like:
>
> =user1:alias:200:200:/var/qmail/alias:-:user1:
>
> Where 200:200 is the uid:gid of the alias user.
>
> What then do you have in /var/qmail/alias/.qmail-user1 ?
>
But your format is the same as what I have in assign.
=user1:user1:12345:300:/var/qmail/alias:-:user1:
first user1 is the unix username
second user1 is the alias I am assigning to user1 which happened to be the
same, 12345:300 is the real unix uid/gid of user1 in /etc/passwd file and
the contents of /var/qmail/alias/.qmail-user1 is user1's corporate e-mail
address e.g. &vahid@example.com
Shouldn't 'mailx -s test1 user1 < /dev/null be delivered to
vahid@example.com based on the above rule?

Thus said Vahid Moghaddasi on Thu, 24 Jan 2013 08:59:39 -0500:

> > =user1:alias:200:200:/var/qmail/alias:-:user1:
> >
> But your format is the same as what I have in assign.

The format is the same, but the meaning is not. The second field is not
the name of an alias, but is the literal word ``alias'' (the owner of
/var/qmail/alias); the handler for that address.

> =user1:user1:12345:300:/var/qmail/alias:-:user1:
> first user1 is the unix username

The first field is the name of the local address, not the unix username.

> second user1 is the alias I am assigning to user1 which happened to be
> the same,

The second field is the Unix account that will handle the email address.
So, user1 is wrong if you want the ``alias'' user to handle that email
address. It should be the literal word ``alias'' and not user1.

> 12345:300 is the real unix uid/gid of user1 in /etc/passwd file and

This too is wrong. As I said, they must be the uid:gid of the ``alias''
user, not the local email address.

By they way, you don't need to use qmail-users (e.g. users/{assign,cdb})
to do aliases in /var/qmail/alias. And if you do use it, all you need is
a wildcard entry that redirect all local addresses to the alias user.

> Shouldn't 'mailx -s test1 user1 < /dev/null be delivered to
> vahid@example.com based on the above rule?

No. This entry:

> =user1:user1:12345:300:/var/qmail/alias:-:user1:

Says that a local email address of user1@<locals> is to be delivered
to a unix account user1 with a uid of 12345 and a gid of
300 in /var/qmail/alias. Does the user1 account have access to
/var/qmail/alias? Can user1 read /var/qmail/alias/.qmail-user1?

Here is what the man page says:

=local:user:uid:gid:homedir:dash:ext:

Here local is an address; user, uid, and gid are the
account name, uid, and gid of the user in charge of
local; and messages to local will be controlled by
homedir/.qmaildashext.

Finally, what do the logs say? When you inject a message for user1, what
do the qmail-send logs say happened to the message?

Andy

On Thu, Jan 24, 2013 at 8:03 PM, Andy Bradford <
amb-sendok-1361667782.eaogmhpplgndlmfcdjcd@bradfords.org> wrote:

> Thus said Vahid Moghaddasi on Thu, 24 Jan 2013 08:59:39 -0500:
>
> > > =user1:alias:200:200:/var/qmail/alias:-:user1:
> > >
> > But your format is the same as what I have in assign.
>
> The format is the same, but the meaning is not. The second field is not
> the name of an alias, but is the literal word ``alias'' (the owner of
> /var/qmail/alias); the handler for that address.
>
>
yes, but this is working for many users, I can't fugur out why.


> > =user1:user1:12345:300:/var/qmail/alias:-:user1:
> > first user1 is the unix username
>
> The first field is the name of the local address, not the unix username.
>
> > second user1 is the alias I am assigning to user1 which happened to be
> > the same,
>
> The second field is the Unix account that will handle the email address.
> So, user1 is wrong if you want the ``alias'' user to handle that email
> address. It should be the literal word ``alias'' and not user1.
>
>
This operation (creating unix user/ email alias, etc..) is all automated so
what would we put for user1's alias? All users have an e-mail that we send
alerts to.

> > 12345:300 is the real unix uid/gid of user1 in /etc/passwd file and
>
> This too is wrong. As I said, they must be the uid:gid of the ``alias''
> user, not the local email address.\
>

but why some users with the exact situation have no problem such as myself.


>
> By they way, you don't need to use qmail-users (e.g. users/{assign,cdb})
> to do aliases in /var/qmail/alias. And if you do use it, all you need is
> a wildcard entry that redirect all local addresses to the alias user.
>
>
How do you mean? I have many .qmail-usre files in /var/qmail/alias/
directory you are saying I can a avoid that? Of course without giving the
choice to users to change their e-mail address in ~/dot-qmail

> > Shouldn't 'mailx -s test1 user1 < /dev/null be delivered to
> > vahid@example.com based on the above rule?
>
> No. This entry:
>

ironically that works! the contents of /var/qmail/alias/.qmail.user1 is
&vahid@example.com and 'mailx -s test user1 < /dev/null' works fine.

>
> > =user1:user1:12345:300:/var/qmail/alias:-:user1:
>
> Says that a local email address of user1@<locals> is to be delivered
> to a unix account user1 with a uid of 12345 and a gid of
> 300 in /var/qmail/alias. Does the user1 account have access to
> /var/qmail/alias? Can user1 read /var/qmail/alias/.qmail-user1?
>

yes it can, I double checked it just now, the dir /var/qmail/alias/ is 2755
and all .qmail-* files are 644.

>
> Here is what the man page says:
>
> =local:user:uid:gid:homedir:dash:ext:
>
> Here local is an address; user, uid, and gid are the
> account name, uid, and gid of the user in charge of
> local; and messages to local will be controlled by
> homedir/.qmaildashext.
>
> Finally, what do the logs say? When you inject a message for user1, what
> do the qmail-send logs say happened to the message?
>
no error in log, just local deliverey to user1's ~/Mailbox file and the
e-mail is there in Mailbox file.
For those users which we dont have problem with such as myself, the log
shows a local delivery and immediately a remote delivery to the address in
/var/qmail/alias/.qmail-user1 file.

>
> Andy
>

thanks Andy

Thus said Vahid Moghaddasi on Thu, 24 Jan 2013 22:14:40 -0500:

> but why some users with the exact situation have no problem such as
> myself.

Hard to say without looking at the configuration directly. Off-hand I'd
say that there is missing information in what you have reported, or some
step that you have forgotten. Did you forget to rebuild the cdb by
running /var/qmail/bin/qmail-newu ?

Perhaps an exact description of what you would like to accomplish would
be in order? It sounds to me like you're trying to override some
Unix accounts to disallow direct delivery to their mailbox by using
qmail-users.

> How do you mean? I have many .qmail-usre files in /var/qmail/alias/
> directory you are saying I can a avoid that? Of course without giving
> the choice to users to change their e-mail address in ~/dot-qmail

No, I'm suggesting that you don't need qmail-users (e.g. users/assign
and users/cdb) to control email delivery unless you have some reason to
override local Unix user accounts. It sounds like you do if I understand
what you are saying below, in which case you *do* need qmail-users.

At any rate, you could avoid many files in ~alias it if you were to use
fastforward:

http://cr.yp.to/fastforward.html

Then you wouldn't have thousands of files in ~alias.

> no error in log, just local deliverey to user1's ~/Mailbox file and
> the e-mail is there in Mailbox file.

I see, so you *don't* want the email to be delivered to ~user1/Mailbox?

As long as the user can read ~alias it should work as you've described,
however, I would still recommend using:

=user1:alias:200:200:/var/qmail/alias:-::

So it is a little more clear just what is happening. Is this pedantic?
Yes, but better to be explicit than guess about how things are working.

Andy

On Fri, Jan 25, 2013 at 12:52 AM, Andy Bradford <
amb-sendok-1361685139.cfpcpapjfbmenlefippk@bradfords.org> wrote:

> Thus said Vahid Moghaddasi on Thu, 24 Jan 2013 22:14:40 -0500:
>
> Did you forget to rebuild the cdb by running /var/qmail/bin/qmail-newu
> ?
>
This process is automated and qmail-newu is run after every change to
assign file.

>
> Perhaps an exact description of what you would like to accomplish would
> be in order?
>
I would like to be able to send e-mail to users' local unix id and forward
the mail to their external address.


> At any rate, you could avoid many files in ~alias it if you were to use
> fastforward:
>
> http://cr.yp.to/fastforward.html
>
> Then you wouldn't have thousands of files in ~alias.
>
I can look at that route, of course I have to comvert all of my .qmail-user
file to /etc/alias format, should be simple.

>
>
> I see, so you *don't* want the email to be delivered to ~user1/Mailbox?
>
That is correct.

>
> As long as the user can read ~alias it should work as you've described,
> however, I would still recommend using:
>
> =user1:alias:200:200:/var/qmail/alias:-::
>
The process is automated and we don't know what to put in place of :alias:
e.g. if my name to be added, =vahid:???:200:200:/var/qmail/alias:-:: so i
don't know how to pupolate that field.

>
> So it is a little more clear just what is happening. Is this pedantic?
> Yes, but better to be explicit than guess about how things are working.
>
> Andy
>
>
Thank you much for helping.

Thus said Vahid Moghaddasi on Fri, 25 Jan 2013 12:06:28 -0500:

> I would like to be able to send e-mail to users' local unix id and
> forward the mail to their external address.

Yes, then you will need to use qmail-users(5) because normally qmail
will deliver based on the information returned by:

qmail-getpw <localusername>

> The process is automated and we don't know what to put
> in place of :alias: e.g. if my name to be added,
> =vahid:???:200:200:/var/qmail/alias:-:: so i don't know how to
> pupolate that field.

You don't put anything in place of :alias: because if you are delivering
to the Unix account by the name of alias, that is what goes there
when delivering to a directory owned by alias (e.g. the owner of
/var/qmail/alias). Again, it probably won't matter much as long as
whatever you put there has the ability to read /var/qmail/alias (owned
by the Unix user named alias).

$ id alias

That will give you the uid and gid that should be in the line following
:alias: (I used 200:200 as an example only, I don't know what they are
in your environment).

Everything you've said would seem to indicate that it should be working.
Without detailed logs, and configuration details (e.g. actual logs and
configuration files) there probably isn't much else that can be done in
email.

Andy

On Fri, Jan 25, 2013 at 2:30 PM, Andy Bradford <
amb-sendok-1361734216.jfenhloolllmnglebcjc@bradfords.org> wrote:

> Thus said Vahid Moghaddasi on Fri, 25 Jan 2013 12:06:28 -0500:
>
> qmail-getpw <localusername>
>
qmail-getpw retuns uidgid of the user for working and non-working user.

>
>
> You don't put anything in place of :alias: because if you are delivering
> to the Unix account by the name of alias, that is what goes there
> when delivering to a directory owned by alias (e.g. the owner of
> /var/qmail/alias). Again, it probably won't matter much as long as
> whatever you put there has the ability to read /var/qmail/alias (owned
> by the Unix user named alias).
>
> I modified the line to:
=user1:alias:30001:15:/var/qmail/alias:-::
still no luck.
I noticed that only users that we added whithin a year ago have this
problem not everyone. All the users who have problem have their unix user
name starting with xbbkNNN where NNN is a number.
I am wondering is assign has a size or number of lines limit which we
passed.
we have about 2000 lines there.


> Everything you've said would seem to indicate that it should be working.
> Without detailed logs, and configuration details (e.g. actual logs and
> configuration files) there probably isn't much else that can be done in
> email.
>
Thank you for your help Andy.

Thus said Vahid Moghaddasi on Fri, 25 Jan 2013 17:28:30 -0500:

> > qmail-getpw <localusername>
> >
> qmail-getpw retuns uidgid of the user for working and non-working user.

That's correct. It will return information for Unix users. You use
qmail-users to override this information. qmail-getpw will only show
information found in /etc/passwd.

> > I modified the line to:
> =user1:alias:30001:15:/var/qmail/alias:-::
> still no luck.

Will you paste the logs into an email showing a delivery to one of these
addresses?

> I am wondering is assign has a size or number of lines limit which we
> passed. we have about 2000 lines there.

No, there is no limit that I am aware of. There is a 4GB limit on a CDB,
but 2000 qmail-users lines is not nearly enough to generate that large
of a file.

It would be helpful if you installed the cdb package and then you could
use cdbdump to look at the actual entries for the users as they have
been compiled by qmail-newu.

http://cr.yp.to/cdb/install.html

Andy