Claudio Jeker | 1 Jun 04:04 2005

Re: ICMP problem

On Tue, May 31, 2005 at 12:28:22PM +0200, Jose Javier Sianes Ruiz wrote:
> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> <html>
> <head>
>   <meta content="text/html;charset=ISO-8859-15"
>  http-equiv="Content-Type">
>   <title></title>
> </head>
> <body bgcolor="#ffffff" text="#000000">
> Hi. From network departament I have been noticed that my Qmail-ldap
> servers are trying to send ICMP request to Internet mail servers.
> Dumping on one of them:<br>
> <br>
> <blockquote><tt>root <at> qmail-ldap-server:/root&gt; tcpdump -i eth1 |grep
> icmp</tt><br>
>   <tt>tcpdump: listening on eth1</tt><br>
>   <tt>12:16:03.100137 192.168.204.150 &gt; mxa.mail.ukl.yahoo.com:
> icmp: host 192.168.204.150 unreachable - admin prohibited [tos 0xc0]</tt><br>
>   <tt>12:16:39.888951 192.168.204.150 &gt; mxa.mail.ukl.yahoo.com:
> icmp: host 192.168.204.150 unreachable - admin prohibited [tos 0xc0]</tt><br>
>   <tt>12:17:07.106519 192.168.204.150 &gt; mxa.mail.ukl.yahoo.com:
> icmp: host 192.168.204.150 unreachable - admin prohibited [tos 0xc0]</tt><br>
>   <tt>12:17:43.890120 192.168.204.150 &gt; mxa.mail.ukl.yahoo.com:
> icmp: host 192.168.204.150 unreachable - admin prohibited [tos 0xc0]</tt><tt></tt><br>
>   <tt>12:18:11.100234 192.168.204.150 &gt; mxa.mail.ukl.yahoo.com:
> icmp: host 192.168.204.150 unreachable - admin prohibited [tos 0xc0]</tt><tt></tt><br>
>   <tt>12:18:47.891328 192.168.204.150 &gt; mxa.mail.ukl.yahoo.com:
> icmp: host 192.168.204.150 unreachable - admin prohibited [tos 0xc0]</tt><br>
>   <tt>12:19:15.105347 192.168.204.150 &gt; mxa.mail.ukl.yahoo.com:
> icmp: host 192.168.204.150 unreachable - admin prohibited [tos 0xc0]</tt><br>
(Continue reading)

Harald Finnås | 1 Jun 16:38 2005
Picon

Change search attrib for smtp_auth


I'm using the controls patch, and have decided to reference my users with the mail attribute rather that uid.

Today I've been having a hard time getting SMTPAUTH to work, and I just figured why; auth_smtp want to use uid for it's searches.

The question then is how I can get auth_smtp to use a different attribute than uid?

Regards,
Harald
Cristiano Cumer | 1 Jun 16:56 2005
Picon

qmail-send bind address

Hi!

It's possible to force qmail-send to bind to a specific address on an  
interface with multiple ip?

Thanks

C.
Attachment (smime.p7s): application/pkcs7-signature, 3190 bytes
Jose Javier Sianes Ruiz | 1 Jun 17:17 2005
Picon

Re: Change search attrib for smtp_auth

I changed LDAP_UID definition on qmail-ldap.h file. From this moment, 
qmail-ldap used mail atribute instead of uid to refer users, and works 
perfectly with auth_smtp. Only modify the define line to this:

#define LDAP_UID                "mail"

Harald Finnås wrote:

>
> I'm using the controls patch, and have decided to reference my users 
> with the mail attribute rather that uid.
>
> Today I've been having a hard time getting SMTPAUTH to work, and I 
> just figured why; auth_smtp want to use uid for it's searches.
>
> The question then is how I can get auth_smtp to use a different 
> attribute than uid?
>
> Regards,
> Harald

--

-- 
------------------------------------------------------------------------
*José Javier Sianes Ruiz*
*DSF Almariya
AIE Tecnología Cajamar*
Telf: 950.18.03.50 - ext. 2333
Movil: 637.72.72.55
email: jsianes <at> tecnologia.cajamar.es <mailto:jsianes <at> tecnologia.cajamar.es>

Harald Finnås | 1 Jun 18:16 2005
Picon

Re: Change search attrib for smtp_auth


Jose Javier Sianes Ruiz <jsianes <at> tecnologia.cajamar.es> wrote on 01.06.2005 17:17:15:

> I changed LDAP_UID definition on qmail-ldap.h file. From this moment,
> qmail-ldap used mail atribute instead of uid to refer users, and works
> perfectly with auth_smtp. Only modify the define line to this:

Thanks. I noticed the setting, but I was afraid I'd might break something else if I changed it. :)

Works like a charm!

Regards,
Harald
Claudio Jeker | 1 Jun 17:44 2005

Re: qmail-send bind address

On Wed, Jun 01, 2005 at 04:56:26PM +0200, Cristiano Cumer wrote:
> Hi!
> 
> It's possible to force qmail-send to bind to a specific address on an  
> interface with multiple ip?
> 

From QLDAPINSTALL:
~control/outgoingip

 This file contains the IP qmail-remote should bind to.
 Default: 0.0.0.0
 Example: 192.168.12.88

~control/qmqpcip

 This file contains the IP qmail-qmqpc should bind to.
 Default: 0.0.0.0
 Example: 192.168.12.88

qmail-send does not send out mail. It is qmail-remote that does the remote
smtp delivery.

--

-- 
:wq Claudio

Andy Milleville | 1 Jun 22:38 2005

RE: New install problems

Does anybody have any insight into this problem? What I want to do is possible with qmail-ldap, right?

From: Andy Milleville [mailto:andy.milleville <at> kayakinteractive.com]
Sent: Thursday, May 26, 2005 2:36 PM
To: qmail-ldap <at> qmail-ldap.org
Subject: New install problems

OK, I've devoted about the last four or five days to installing and configuring this beast. I have one question that I can't find an answer to.
 
In what configuration file, environment variable, or other flag do I put the instruction to get the q-mail server to relay the mail to?
 
In other words, we have two qmail servers, and one ldap server (for now). Both are built with qmail-ldap. One (called doc) sits in the DMZ and is Internet-facing. It just runs qmail and qmail-smtpd. The other (sneezy) is strictly internal, and runs qmail, qmail-pop3d, openldap, and qmail-smtpd. I have holes poked through the firewall so it can talk to the server on the inside on 389 and 25.
 
What I want to do is have doc receive a piece of mail, lookup in LDAP which pop toaster it needs to forward the mail to, and then do it. Everything looks like it's working perfectly. qmail-ldaplookup queries and returns the proper information, but it always tries to deliver the mail locally. I don't know if I'm missing an attribute in ldap or I'm missing a qmail config file.
 
I haven't posted any logs because I'm not getting an error message. The ldif looks like:
 
dn: uid=andym, ou=accounts, dc=domain, dc=com
cn: Andy Testuser
sn: Testuser
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: qmailUser
mail: [e-mail address protected]
mailAlternateAddress: [e-mail address protected]
mailHost: internal.mail.host
mailMessageStore: /var/qmail/maildirs/andym
uid: andym
userPassword:
/var/qmail/control files:
 
[root <at> doc control]# more *
::::::::::::::
defaultdelivery
::::::::::::::
./Maildir/
::::::::::::::
ldapbasedn
::::::::::::::
dc=domain,dc=com
::::::::::::::
ldapgid
::::::::::::::
2110
::::::::::::::
ldaplocaldelivery
::::::::::::::
0
::::::::::::::
ldapmessagestore
::::::::::::::
/var/qmail/maildirs
::::::::::::::
ldapserver
::::::::::::::
internal.mail.host:389
::::::::::::::
ldapuid
::::::::::::::
11184
::::::::::::::
locals
::::::::::::::
domain.com
::::::::::::::
me
::::::::::::::
mail.domain.com
::::::::::::::
qmail-qmqpd.rules
::::::::::::::
#
# QMQP (qmail mail queueing protocol) server rules.
# QMQP is mainly used in clusters to forward mails. The protocol accepts all
# mails by default and so it is necessary to disable this service by default.
# Only allow it for cluster hosts.
# Currently there are no useful env vars for qmail-qmqpd.
#
#192.168.0.2:allow
:deny
 
::::::::::::::
rcpthosts
::::::::::::::
domain.com
::::::::::::::
[root <at> doc control]# id vmail
uid=11184(vmail) gid=2110(vmail) groups=2110(vmail)
Thanks!
Steve Roemen | 1 Jun 23:26 2005

Re: New install problems

Have you tried setting the attribute mailHost to sneezy for all the users who have email stored there?

attributetype ( 1.3.6.1.4.1.7914.1.2.1.6 NAME 'mailHost'
        DESC 'On which qmail server the messagestore of this user is located.'
        EQUALITY caseIgnoreIA5Match
        SUBSTR caseIgnoreIA5SubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE)


steve

on 06/01/05 15:38 Andy Milleville wrote the following:
Does anybody have any insight into this problem? What I want to do is possible with qmail-ldap, right?

From: Andy Milleville [mailto:andy.milleville <at> kayakinteractive.com]
Sent: Thursday, May 26, 2005 2:36 PM
To: qmail-ldap <at> qmail-ldap.org
Subject: New install problems

OK, I've devoted about the last four or five days to installing and configuring this beast. I have one question that I can't find an answer to.
 
In what configuration file, environment variable, or other flag do I put the instruction to get the q-mail server to relay the mail to?
 
In other words, we have two qmail servers, and one ldap server (for now). Both are built with qmail-ldap. One (called doc) sits in the DMZ and is Internet-facing. It just runs qmail and qmail-smtpd. The other (sneezy) is strictly internal, and runs qmail, qmail-pop3d, openldap, and qmail-smtpd. I have holes poked through the firewall so it can talk to the server on the inside on 389 and 25.
 
What I want to do is have doc receive a piece of mail, lookup in LDAP which pop toaster it needs to forward the mail to, and then do it. Everything looks like it's working perfectly. qmail-ldaplookup queries and returns the proper information, but it always tries to deliver the mail locally. I don't know if I'm missing an attribute in ldap or I'm missing a qmail config file.
 
I haven't posted any logs because I'm not getting an error message. The ldif looks like:
 
dn: uid=andym, ou=accounts, dc=domain, dc=com
cn: Andy Testuser
sn: Testuser
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: qmailUser
mail: [e-mail address protected]
mailAlternateAddress: [e-mail address protected]
mailHost: internal.mail.host
mailMessageStore: /var/qmail/maildirs/andym
uid: andym
userPassword:
/var/qmail/control files:
 
[root <at> doc control]# more *
::::::::::::::
defaultdelivery
::::::::::::::
./Maildir/
::::::::::::::
ldapbasedn
::::::::::::::
dc=domain,dc=com
::::::::::::::
ldapgid
::::::::::::::
2110
::::::::::::::
ldaplocaldelivery
::::::::::::::
0
::::::::::::::
ldapmessagestore
::::::::::::::
/var/qmail/maildirs
::::::::::::::
ldapserver
::::::::::::::
internal.mail.host:389
::::::::::::::
ldapuid
::::::::::::::
11184
::::::::::::::
locals
::::::::::::::
domain.com
::::::::::::::
me
::::::::::::::
mail.domain.com
::::::::::::::
qmail-qmqpd.rules
::::::::::::::
#
# QMQP (qmail mail queueing protocol) server rules.
# QMQP is mainly used in clusters to forward mails. The protocol accepts all
# mails by default and so it is necessary to disable this service by default.
# Only allow it for cluster hosts.
# Currently there are no useful env vars for qmail-qmqpd.
#
#192.168.0.2:allow
:deny
 
::::::::::::::
rcpthosts
::::::::::::::
domain.com
::::::::::::::
[root <at> doc control]# id vmail
uid=11184(vmail) gid=2110(vmail) groups=2110(vmail)
Thanks!
Cristiano Cumer | 2 Jun 00:24 2005
Picon

Re: qmail-send bind address

Oops, I missed it

Thanks

C.

On 01/giu/05, at 17:44, Claudio Jeker wrote:

> On Wed, Jun 01, 2005 at 04:56:26PM +0200, Cristiano Cumer wrote:
>
>> Hi!
>>
>> It's possible to force qmail-send to bind to a specific address on an
>> interface with multiple ip?
>>
>>
>
> From QLDAPINSTALL:
> ~control/outgoingip
>
>  This file contains the IP qmail-remote should bind to.
>  Default: 0.0.0.0
>  Example: 192.168.12.88
>
> ~control/qmqpcip
>
>  This file contains the IP qmail-qmqpc should bind to.
>  Default: 0.0.0.0
>  Example: 192.168.12.88
>
> qmail-send does not send out mail. It is qmail-remote that does the  
> remote
> smtp delivery.
>
> -- 
> :wq Claudio
>

Leonard Tulipan | 2 Jun 15:07 2005
Picon

qmailUID = uid - redundancy - why?

Hi!

I have an old qmail-ldap install running here in the company. For 
another location I wanted a similiar setup for which I'm using:

openldap-2.2.23 and
qmail-ldap-1.03-20050401a.patch

Now, apparently a few things changed from our setup (openldap-2.0 now 
also 2.2.23 and and old qmail-ldap)

What I'm basically talking about ist this error

# /var/qmail.ldap/bin/qmail-ldaplookup -u dieter
Searching ldap for: (&(objectClass=qmailuser)(uid=dieter))
under dn: dc=intra,dc=xxxxxxxxxxxxxxx
Found 1 entry:

dn: uid=dieter,ou=Users,dc=xxxxxxxxxxxxxxx
-------------------------------------------------------
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
objectClass: qmailUser
mail: dieter <at> xxxxxxxxxxxxxxx
uid: dieter
accountStatus: undefined -> active
mailHost: undefined
homeDirectory: /home/dieter
aliasEmpty: /home/dieter/Maildir
qmailDotMode: ldaponly
qmail-ldaplookup: fatal: qldap_get_uid: needed value is missing

which results in  (qmail log file)
 <at> 40000000429e06820a8c7e2c info msg 824161: bytes 2261 from 
<l.tulipan <at> mpwi.at> qp 25829 uid 503
 <at> 40000000429e06820ec74594 starting delivery 8: msg 824161 to local 
dieter <at> xxxxxxxxxxxxxxx
 <at> 40000000429e06820ec764d4 status: local 1/10 remote 0/20
 <at> 40000000429e06823578a304 delivery 8: failure: 
LDAP_attribute_is_not_given_but_mandatory._(#5.3.5)/
 <at> 40000000429e068236156bbc status: local 0/10 remote 0/20
 <at> 40000000429e068236925834 bounce msg 824161 qp 25831
 <at> 40000000429e06823692738c end msg 824161

when trying to the admin-account at first, I got this interesting thing

 <at> 40000000429e04fb14816d84 info msg 819244: bytes 2259 from 
<l.tulipan <at> mpwi.at> qp 25631 uid 503
 <at> 40000000429e04fb14fb6814 starting delivery 1: msg 819244 to local 
admin <at> xxxxxxxxxxxxxxx
 <at> 40000000429e04fb14fb836c status: local 1/10 remote 0/20
 <at> 40000000429e04fb14fe522c delivery 1: deferral: 
Sorry,_message_has_wrong_owner._(#4.3.5)/

All users are the same in LDAP and where normal /etc/passwd users a week 
ago.

Any ideas or pointers how I can circumvent making those 
attribute-additions to the users (qmailUID and qmailGID)? I'd really 
rather hat qmail-ldap use the normal uid of the user.

Cheers
Leonard

-- 

MAIER PÖTTINGER
Werbe und IT Consulting GmbH

Leonard Tulipan
IT Consultant

Anastasius-Grün-Gasse 22
A-1180 Wien

Tel.:  +43 / 1 / 479 48 08
Fax.:  +43 / 1 / 479 48 13
ISDN:  +43 / 1 / 479 48 08 99
E-Mail: l.tulipan <at> mpwi.at

www.mpwi.at

VERTRAULICHKEIT: Diese Nachricht ist ausschließlich für denjenigen bestimmt, an den sie adressiert
ist und kann vertrauliche Informationen enthalten. Falls Sie nicht der Adressat dieser Nachricht sind,
weisen wir Sie darauf hin, dass die unberechtigte Weitergabe oder Verwendung sowie das unberechtigte
Verteilen oder Kopieren dieser Nachricht strikt untersagt sind. Falls Sie diese Nachricht irrtümlich
erhalten haben, vernichten Sie sie bitte sofort.

CONFIDENTIALITY: This message is intended only for the use of the individual or entity to which it is
addressed and may contain information that is privileged, confidential and exempt from disclosure. If
you are not the intended recipient you are notified that any dissemination, distribution, use or copying
of this communication is strictly prohibited. If you received this message in error, please immediately
destroy this message


Gmane