Which are ownership and privileges of domain directories and mailboxes?
chkuser simply checks mysql or cdb, while qmail in delivery checks also
for directories.

Tonino

Tren Blackburn ha scritto:
>
> Can you paste the output of the command:
>
>  
>
> /var/qmail/bin/qmail-showctl
>
>  
>
> Thanks :)
>
>  
>
> *From:* Bogdan Motoc - CRC [mailto:bogdan.motoc@crcn...]
> *Sent:* September-02-09 8:26 AM
> *To:* vchkpw@inte...
> *Subject:* Re: [vchkpw] Re: chkuser random rejects
>
>  
>
> No. Users on the internal network are able to relay their messages
> because tcp.smtp has this line:
> local_subnet:allow,RELAYCLIENT=""
>
> Just tested right now, even roaming users are able to relay messages
> via smtp-auth.
> (haven't tested if the pop-before-smtp function of vpopmail works, as
> i just configured an imap account in my mail client. if you think it's
> relevant to know, i'll do it)
> Funny thing is, when sending to the postmaster account on that server
> from my client configured to authenticate via smtp-auth via a valid
> user and pass from that server, the message doesn't arrive anywhere.
> Here's the log:
> @400000004a9e8c3518c0efdc info msg 30983061: bytes 837 from
> <test@doma...> <mailto:test@doma...> qp 3674 uid 89
> @400000004a9e8c351937391c starting delivery 12: msg 30983061 to local
> postmaster@doma... <mailto:postmaster@doma...>
> @400000004a9e8c35193744d4 status: local 1/10 remote 0/20
> @400000004a9e8c351959d864 delivery 12: failure:
> Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/
> @400000004a9e8c351959e41c status: local 0/10 remote 0/20
> @400000004a9e8c3519b47b84 bounce msg 30983061 qp 3677
> @400000004a9e8c3519b4873c end msg 30983061
> @400000004a9e8c3519b71394 new msg 30983148
> @400000004a9e8c3519b7177c info msg 30983148: bytes 1355 from <> qp
> 3677 uid 1007
> @400000004a9e8c351a367cc4 starting delivery 13: msg 30983148 to local
> test@doma... <mailto:test@doma...>
> @400000004a9e8c351a368494 status: local 1/10 remote 0/20
> @400000004a9e8c351a581e24 delivery 13: failure:
> Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/
> @400000004a9e8c351a582dc4 status: local 0/10 remote 0/20
> @400000004a9e8c351aa9ff14 bounce msg 30983148 qp 3680
> @400000004a9e8c351aaa0acc end msg 30983148
> @400000004a9e8c351aacba4c new msg 30983093
> @400000004a9e8c351aacbe34 info msg 30983093: bytes 1789 from <#@[]> qp
> 3680 uid 1007
> @400000004a9e8c351b1d69f4 starting delivery 14: msg 30983093 to local
> postmaster@doma... <mailto:postmaster@doma...>
> @400000004a9e8c351b1d71c4 status: local 1/10 remote 0/20
> @400000004a9e8c351b381614 delivery 14: failure:
> Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/
> @400000004a9e8c351b3825b4 status: local 0/10 remote 0/20
> @400000004a9e8c351b38299c triple bounce: discarding bounce/30983093
> @400000004a9e8c351b382d84 end msg 30983093
>
> Same thing happens when sending to every user on the server, not just
> to postmaster.
>
>
>
>
> Tren Blackburn wrote:
>
> Are you sending mail from an authorized host? Either explicitly via
> tcp.smtp or via SMTP-Auth or POP-before-SMTP/IMAP-before-SMTP?
>
>  
>
> *From:* Bogdan Motoc - CRC [mailto:bogdan.motoc@crcn...]
> *Sent:* September-02-09 7:54 AM
> *To:* vchkpw@inte... <mailto:vchkpw@inte...>
> *Subject:* Re: [vchkpw] Re: chkuser random rejects
>
>  
>
> The assign file has all the domains that have been added via
> vaddaliasdomain
> I only have one set of users and the other domains are aliases to
> domain.com
> Here's what that file looks like:
> +domain.com-:domain.com:89:89:/home/vpopmail/domains/domain.com:-::
> +domain.eu-:domain.com:89:89:/home/vpopmail/domains/domain.com:-::
> .
>
>
> Removing ",QMAILQUEUE="/var/qmail/bin/simscan"" from tcp.smtp and
> doing qmailctl cdb gives this error when sending to a legitimate user:
>
>
> Remote host said: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3 - chkuser)
>  
>
>
>
>
> Eric Shubert wrote:
>
> What's in your /var/qmail/users/assign file?
>
> Bogdan Motoc - CRC wrote:
>
>
> I'm really sorry about bothering you again about this problem, but I'm
> really at wits' end here.
> I have removed the mail.domain.tld from every file I could find.
> Now mail is not received at all. At least now it's consistent, which
> is good. No more flapping. (have to keep my sense of humor while users
> can't receive any mail)
> I think chkuser can be ruled out as the problem. Sending to
> legitimateuser@doma... <mailto:legitimateuser@doma...> produces
> a bounce with the error listed below (#5.1.1), while sending to
> nonexistentuser@doma... <mailto:nonexistentuser@doma...> makes
> chkuser kick in and reject the message as it should as soon as I type
> rcpt to: baduser@doma... <mailto:baduser@doma...>
> 511 sorry, no mailbox here by that name (#5.1.1 - chkuser)
> So my conclusion is that qmail accepts the message but when it wants
> to deliver it locally to the vpopmail user, something causes it to
> bounce.
>
> Can you give me any advice on how to test the path traversed by the
> message once it is accepted by qmail-smtpd ?
>
>
>
> Bogdan Motoc - CRC wrote:
>
>
> I seem to have broken things really bad. I tried to make
> mail.domain.tld an alias of domain.tld
> Now authentication only works from time to time.
> The bounce says:
>
> <user@doma...> <mailto:user@doma...>:
> Sorry, no mailbox here by that name. (#5.1.1)
>
> Of course, that account exists.
>
> Where are domain aliases stored? Can I manually delete a domain alias?
> I'm using vpopmail 5.4.17 with users stored in a cdb file.
>
>
> Bogdan
>
> Tonix (Antonio Nati) wrote:
>
>
> Bogdan Motoc - CRC ha scritto:
>
>
>
>
> Tonix (Antonio Nati) wrote:
>
>
> Bogdan Motoc - CRC ha scritto:
>
>
> This most probably is not a vpopmail problem, but a chkuser one.
> The support page of chkuser
> (http://www.interazioni.it/opensource/chkuser/support/mailing_lists.html)
> points to this mailing list, so that's why I'm posting this here.
>
>
> chkuser is simply using basic qmail checks, giving a better log. It is
> giving back what qmail would give back.
> Check carefully qmail configuration and files availability.
>
> nothing changed between the two events (rejecting a legitimate message
> and allowing a similar one)
> all files are world-readable, except the .lock files
>
>
>
>     The mail server in question runs:
>
>     netqmail 1.05
>     vpopmail 5.4.17
>     chkuser 2.0.8b
>     simscan 1.1
>
>
> install chkuser 2.09, has more checks, new features and solves minor
> bugs (not related to your question).
>
> hard to do on a production server. I've set this one up more than two
> years ago, and I remember there was a rigid order in which patches
> were supposed to be applied to qmail, and some of them had to be
> manually added (thinking of simscan, smtp-auth, chkuser)
>
>
> It should be easy. Copy new chkuser files over old files, check
> chkuser_settings.h (some have changed) and recompile.
>
>
>
> In the meantime, I've googled a bit and found an alternative. I'll
> post a "what's your experience with ... ?" message later about it.
>
>
>
>
>
>
> Messages sent to existing and not overquota users on this server
> randomly (as far as I can tell) are rejected with this message:
>
> Remote host said: 553 sorry, that domain isn't in my list of allowed
> rcpthosts (#5.5.3 - chkuser)
>
> I've checked and double checked that the user exists and there was no
> typo when entering the destination email address.
> Sending again after a while to the same user ends up with the message
> into his mailbox without any issues.
> The server's /var/log/qmail/smtpd/current log file shows this about
> the rejected message:
>
> 2009-07-24 12:28:19.035629500 CHKUSER rejected relaying: from
> <sender's_email_address::> remote
> <remote_mail_server:unknown:remote_ip> rcpt
> <valid_user@mail...> <mailto:valid_user@mail...> :
> client not allowed to relay
>
> The mailboxes on this machine are all respecting this pattern:
> user@doma... <mailto:user@doma...>
>
>
> You say general pattern is user@doma... <mailto:user@doma...>,
> while log says user@mail... <mailto:user@mail...>.
> Are you sure 100% domain names do not include blank, DEL, strange not
> visible chars? It could happen when spaces or strange invisible
> characters are inside mail addresses.
>
> Yes, the recipient mail address I've typed correctly (I double-checked
> it, having faced stupid users before who think that spaces in email
> adresses can't hurt that much, can they?)
> Basically, i replied to a user on that server and got the bounce back
> imidiately.  Cursed at the binary gods for allowing  functions to
> return different results when fed the same input, had to leave the
> office, and when i got back replied again to the same message, checked
> and it arrived in the users's mailbox. The log shows this:
> 2009-07-24 18:09:48.389030500 CHKUSER accepted rcpt: from
> <my_email_address::> remote <my_email_server:unknown:my_ip> rcpt
> <user@doma...> <mailto:user@doma...> : found existing recipient
>
>
> Check if any limit is reached. Like max open files or max MySQL
> connections. It could happen in a peaik moment you reach some limits.
> chkuser version you have does not handle mysql refused connections,
> while 2.0.9 does.
>
>
>
> What i don't understand is why vpopmail is sometimes being asked to
> authenticate /user@doma.../ and sometimes /user@mail.../ ?
>
>
> probably some users put the wrong username in Outlook... missing the
> domain part, so automatically you have the "me" file added to
> address... or?
>
> Ciao,
>
> Tonino
>
>
>
> Of course, possible solutions to my problem are:
> 1. getting rid of "mail." part completely
> 2. making mail.domain.tld an alias of domain.tld, so both would work
>
> Thanks a lot for any ideeas you might have.
>
>
>
>
> Regards,
>
> Tonino
>
>
>
> The /var/qmail/control/me file lists this: mail.domain.tld, which is
> also the MX for domain.tld
>
> /var/qmail/control/rcpthosts lists both domain.tld and mail.domain.tld
> /var/qmail/control/virtualdomains shows domain.tld
> /var/qmail/control/locals shows only mail.domain.tld
> /var/qmail/control/defaultdomain only shows domain.tld
>
> What could be wrong, but most of all, why is the error occurring only
> rarely (but often enough to be annoying)?
>
>
> Thanks in advance for any answers you might be able to provide.
>
>
>
> Bogdan Motoc
>
>
>
> --
> ------------------------------------------------------------
>         Inter@zioni            Interazioni di Antonio Nati    
> http://www.interazioni.it      tonix@inte...
> <mailto:tonix@inte...>          
> ------------------------------------------------------------
>  
>
>
>
> --
> ------------------------------------------------------------
>         Inter@zioni            Interazioni di Antonio Nati    
> http://www.interazioni.it      tonix@inte...
> <mailto:tonix@inte...>          
> ------------------------------------------------------------
>  
>
>
>
>
>
>  
>
>  
>
>  


--
------------------------------------------------------------
        Inter@zioni            Interazioni di Antonio Nati
   http://www.interazioni.it      tonix@inte...          
------------------------------------------------------------



!DSPAM:4a9e93d032715331986021!