Comment 1 Robin Johnson 2004-03-02 11:15:57 UTC

'/var/spool/relay-ctrl/allow' should have perms 1777 (and the ebuild sets it to this).

Please check that /var, /var/spool, /var/spool/relay-ctrl, /etc/relay-ctrl/* have reasonable permissions (post them up here if they do and you still get problems).

I still have the problem.
The directory permissions are:

drwxr-xr-x   18 root     root  456 Feb 23 17:42 /var
drwxr-xr-x    6 root     root  176 Mar  2 10:42 /var/spool/
drwx------    3 root     root   96 Mar  2 10:42 /var/spool/relay-ctrl/
drwxrwxrwt    2 root     root   72 Mar  2 10:42 /var/spool/relay-ctrl/allow/
drwxr-xr-x    2 root     root  120 Mar  2 10:42 /etc/relay-ctrl/
-rw-r--r--    1 root     root   28 Mar  2 10:42 /etc/relay-ctrl/RELAY_CTRL_DIR
-rw-r--r--    1 root     root    5 Mar  2 10:42 /etc/relay-ctrl/RELAY_CTRL_EXPIRY

Comment 3 Robin Johnson 2004-03-03 04:54:13 UTC

"chmod 711 /var/spool/relay-ctrl"
that should fix it

Yes, it seemes to work fine.

Thanks

Hello,

sorry this fix will not working for me.
if a user send a email to me -> works fine
if I send a email to user will get this error:
@400000004046677e1db867f4 tcpserver: pid 29464 from 212.114.239.129
@400000004046677e205609bc tcpserver: ok 29464 :195.49.172.35:25 dsl01.212.114.239.129.nefkom.net:212.114.239.129::37719
@400000004046677e205c2c0c relay-ctrl-check[29464]: Warning: Could not open IP file '212.114.239.129': Permission denied.
@40000000404667a7213a2c14 tcpserver: end 29464 status 256
@40000000404667a7213a3bb4 tcpserver: status: 0/40

my system:
drwxr-xr-x    2 root     root         4096 Feb 29 17:52 /etc/relay-ctrl
-rw-r--r--    1 root     root           28 Mar  3 22:47 /etc/relay-ctrl/RELAY_CTRL_DIR
-rw-r--r--    1 root     root            5 Mar  3 20:06 /etc/relay-ctrl/RELAY_CTRL_EXPIRY

airbus relay-ctrl # cat RELAY_CTRL_DIR
/var/spool/relay-ctrl/allow
airbus relay-ctrl # cat RELAY_CTRL_EXPIRY
1800
drwxr-xr-x   16 root     root         4096 Feb 28 17:45 /var
drwxr-xr-x    5 root     root         4096 Mar  3 21:36 /var/spool
drwxrwxrwx    3 root     root         4096 Mar  3 21:36 /var/spool/relay-ctrl
drwxrwxrwx    2 root     root         4096 Mar  3 23:20 /var/spool/relay-ctrl/allow
-rw-------    1 popuser  popuser        13 Mar  3 23:20 /var/spool/relay-ctrl/allow/212.114.239.129

# Configuration file for qmail-smtpd
# $Header: /home/cvsroot/gentoo-x86/net-mail/qmail/files/1.03-r13/conf-smtpd,v 1.2 2003/11/30 03:00:20 robbat2 Exp $

# Stuff to run before tcpserver
#QMAIL_TCPSERVER_PRE=""
# Stuff to run qmail-smtpd
#QMAIL_SMTP_PRE=""
# Stuff to after qmail-smtpd
#QMAIL_SMTP_POST=""

# this turns off the IDENT grab attempt on connecting
TCPSERVER_OPTS="${TCPSERVER_OPTS} -R"

# You might want to use rblsmtpd with this, but you need to fill in a RBL server here first
# see http://cr.yp.to/ucspi-tcp/rblsmtpd.html for more details
#QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} rblsmtpd -r RBL-SERVER"

# If you are interested in providing POP or IMAP before SMTP type relaying,
# emerge relay-ctrl, then uncomment the next 2 lines
QMAIL_TCPSERVER_PRE="${QMAIL_TCPSERVER_PRE} envdir /etc/relay-ctrl relay-ctrl-chdir"
QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} relay-ctrl-check"
# In /etc/courier-imap/authdaemonrc add the next line to the end:
#authmodulelist="${authmodulelist} relay-ctrl-allow"
# Then in /etc/courier-imap/{imapd,imapd-ssl,pop3d,pop3d-ssl}
# Add this at the end
#PRERUN="${PRERUN} envdir /etc/relay-ctrl relay-ctrl-chdir"

# This next block is for SMTP-AUTH
# This provides the LOGIN, PLAIN and CRAM-MD5 types
# the 'cmd5checkpw' used in $QMAIL_SMTP_AUTHCHECKPASSWORD supports CRAM-MD5
# and reads it's data from /etc/poppasswd
# see the manpage for cmd5checkpw for details on the passwords
# uncomment the next four lines to enable SMTP-AUTH
QMAIL_SMTP_AUTHHOST=$(<${QMAIL_CONTROLDIR}/me)
[ -z "${QMAIL_SMTP_POST}" ] && QMAIL_SMTP_POST=/bin/true
QMAIL_SMTP_CHECKPASSWORD="/bin/checkpoppasswd"
QMAIL_SMTP_POST="${QMAIL_SMTP_AUTHHOST} ${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}"

airbus control # emerge info
Portage 2.0.50-r1 (default-x86-1.4, gcc-3.3.2, glibc-2.3.2-r9, 2.4.25)
=================================================================
System uname: 2.4.25 i686 Intel(R) Pentium(R) 4 CPU 2.80GHz
Gentoo Base System version 1.4.3.13
Autoconf: sys-devel/autoconf-2.58-r1
Automake: sys-devel/automake-1.7.7
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-march=pentium4 -mcpu=pentium4 -O2 -pipe -mmmx -msse -msse2"
CHOST="i686-pc-linux-gnu"
COMPILER="gcc3"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/alias /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=pentium4 -mcpu=pentium4 -O2 -pipe -mmmx -msse -msse2"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache sandbox"
GENTOO_MIRRORS="ftp://ftp.tu-clausthal.de/pub/linux/gentoo/"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="berkdb crypt curl freetype gd gdbm gif gpm imagemagick imap imlib jpeg libg++ libwww memlimit mmx mmx2 mysql ncurses nls pam pdflib perl php png pwdb python quota readline sdl slang spell sse sse2 ssl tcpd threads tiff truetype x86 xml2 xv zlib"

very big thanks for help me.

Comment 6 Robin Johnson 2004-03-03 15:14:41 UTC

alex:
your permissions are wrong as well.

chmod 700 /var/spool/relay-ctrl/
chmod 1777 /var/spool/relay-ctrl/allow
rm /var/spool/relay-ctrl/allow/*

then restart qmail

thanks,  is see no me error under /var/log/qmail/qmail-smtpd/current a new error is under 
/var/log/qmail/qmail-pop3d/current:

@40000000404678d004b6b01c tcpserver: pid 32344 from 212.114.239.129
@40000000404678d119c2fe5c tcpserver: ok 32344 :195.49.172.35:110 dsl01.212.114.239.129.nefkom.net:212.114.239.129::37819
@40000000404678d122981634 relay-ctrl-allow[32345]: Warning: Could not change directory to '/var/spool/relay-ctrl/allow/': Permission denied.
@40000000404678d1229b6dac relay-ctrl-allow[32345]: Warning: Could not open '.1078360263.580396:32345' for writing: Permission denied.
@40000000404678d125ea4e74 tcpserver: end 32344 status 256
@40000000404678d125ea5a2c tcpserver: status: 0/20

Comment 8 Robin Johnson 2004-03-03 15:45:23 UTC

alex: did you do the permissions fixes I said?
this message "Warning: Could not change directory to '/var/spool/relay-ctrl/allow/': Permission denied." suggests that you haven't.

if you did do them, please ensure all of qmail (smtp, pop3, send etc. is restarted. use /etc/init.d/svscan stop ; sleep 2s; /etc/init.d/svscan start )

if it persists, include the permissions listing of the direcroties + files as before.

yes i make you permissions:

airbus root # chmod 700 /var/spool/relay-ctrl/
airbus root # chmod 1777 /var/spool/relay-ctrl/allow
airbus root # rm /var/spool/relay-ctrl/allow/*
rm: cannot remove `/var/spool/relay-ctrl/allow/*': No such file or directory
airbus root # ls -al /var/spool
total 20
drwxr-xr-x    5 root     root         4096 Mar  4 00:53 .
drwxr-xr-x   16 root     root         4096 Feb 28 17:45 ..
-rw-r--r--    1 root     root            0 Feb 28 01:23 .keep
drwxr-x---    4 root     cron         4096 Feb 27 23:27 cron
drwxrwxrwt    2 root     mail         4096 Feb 27 23:26 mail
drwx------    3 root     root         4096 Mar  4 00:53 relay-ctrl
airbus root # ls -al /var/spool/relay-ctrl
total 12
drwx------    3 root     root         4096 Mar  4 00:53 .
drwxr-xr-x    5 root     root         4096 Mar  4 00:53 ..
drwxrwxrwt    2 root     root         4096 Mar  4 00:53 allow
airbus root # ls -al /var/spool/relay-ctrl/allow
total 8
drwxrwxrwt    2 root     root         4096 Mar  4 00:53 .
drwx------    3 root     root         4096 Mar  4 00:53 ..
airbus root # tail -f /var/log/qmail/qmail-pop3d/current
airbus root # /etc/init.d/svscan stop ; sleep 2s; /etc/init.d/svscan start
 * Stopping service scan...                                                                                                                                                 [ ok ]
 * Stopping services...                                                                                                                                                     [ ok ]
 * Stopping service logging...                                                                                                                                              [ ok ]
 * Starting service scan...                                                                                                                                                 [ ok ]
airbus root # tail -f /var/log/qmail/qmail-pop3d/current
@4000000040467cef2cf0d83c tcpserver: end 969 status 256
@4000000040467cef2cf12e2c tcpserver: status: 0/20
@4000000040467d1003ce4fd4 tcpserver: status: 1/20
@4000000040467d1003d014f4 tcpserver: pid 972 from 212.114.239.129
@4000000040467d100590a114 tcpserver: ok 972 :195.49.172.35:110 dsl01.212.114.239.129.nefkom.net:212.114.239.129::37878
@4000000040467d100e1bcf0c relay-ctrl-allow[975]: Warning: Could not change directory to '/var/spool/relay-ctrl/allow/': No such file or directory.
@4000000040467d100e1c5f94 relay-ctrl-allow[975]: Warning: Could not open '.1078361350.236697:975' for writing: Permission denied.
@4000000040467d10113a60a4 tcpserver: end 972 status 256
@4000000040467d10113a6874 tcpserver: status: 0/20
@4000000040467eed0aa7fd3c tcpserver: status: 0/20
@4000000040467efd1b52fccc tcpserver: status: 1/20
@4000000040467efd1b54d18c tcpserver: pid 1112 from 212.114.239.129
@4000000040467efd1d44e5a4 tcpserver: ok 1112 :195.49.172.35:110 dsl01.212.114.239.129.nefkom.net:212.114.239.129::37894
@4000000040467efd2762ae04 relay-ctrl-allow[1113]: Warning: Could not change directory to '/var/spool/relay-ctrl/allow/': Permission denied.
@4000000040467efd27652ea4 relay-ctrl-allow[1113]: Warning: Could not open '.1078361843.660772:1113' for writing: Permission denied.
@4000000040467efd2a82c63c tcpserver: end 1112 status 256
@4000000040467efd2a82ce0c tcpserver: status: 0/20
airbus control # cat conf-common
# Common Configuration file for all qmail daemons
# $Header: /home/cvsroot/gentoo-x86/net-mail/qmail/files/1.03-r13/conf-common,v 1.1 2003/10/27 09:42:54 robbat2 Exp $

# Qmail User IDS to run daemons as
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`

# Qmail Control Dir (this is actually set in /etc/env.d/99qmail)
#QMAIL_CONTROLDIR=/var/qmail/control

# Host and port to listen on
# We listen on the IPv4 local ip by default
TCPSERVER_HOST=195.49.172.35
TCPSERVER_PORT=${SERVICE}

# you do not need to specify -x, -c, -u or -g in this variable as those are
# added later
TCPSERVER_OPTS="-v"

# we limit data and stack segments to 8mbytes, you may need to raise this if
# you are using a filter in QMAILQUEUE
SOFTLIMIT_OPTS="-m 8000000"

# We don't have anything to set QMAILQUEUE to at the moment, so we leave it alone
#QMAILQUEUE=""

# tcpserver maximum concurrency, defaults to 40 in tcpserver
# this controls the maximum number of incoming connections that it will accept
[ -e ${QMAIL_CONTROLDIR}/concurrencyincoming ] && MAXCONN=$(<${QMAIL_CONTROLDIR}/concurrencyincoming) || MAXCONN=40
airbus control # cat conf-pop3d
# Configuration file for qmail-pop3d
# $Header: /home/cvsroot/gentoo-x86/net-mail/qmail/files/1.03-r13/conf-pop3d,v 1.1 2003/10/27 09:42:54 robbat2 Exp $

# Stuff to run before tcpserver
#QMAIL_TCPSERVER_PRE=""
# Stuff to run before the authenticator
#QMAIL_POP3_PREAUTH=""
# Stuff to run after the user has authenticated successfully
#QMAIL_POP3_POSTAUTH=""

# this should contain the FQDN of your server
# by default it pulls the value from qmail
# which should be correct
QMAIL_POP3_POP3HOST="$(<${QMAIL_CONTROLDIR}/me)"

# If you want POP3 before SMTP, and you are using this POP3 daemon
# uncomment the next two lines
QMAIL_TCPSERVER_PRE="${QMAIL_TCPSERVER_PRE} envdir /etc/relay-ctrl relay-ctrl-chdir"
QMAIL_POP3_POSTAUTH="${QMAIL_POP3_POSTAUTH} /usr/bin/relay-ctrl-allow"

# This controls what password authentication tool POP3 uses
# It must support DJB's checkpassword interface (http://cr.yp.to/checkpwd.html)
QMAIL_POP3_CHECKPASSWORD="/bin/checkpoppasswd"
# cmd5checkpw only validates passwords from /etc/poppasswd
#QMAIL_POP3_CHECKPASSWORD="/bin/cmd5checkpw"
# Configuration file for qmail-smtpd
# $Header: /home/cvsroot/gentoo-x86/net-mail/qmail/files/1.03-r13/conf-smtpd,v 1.2 2003/11/30 03:00:20 robbat2 Exp $

# Stuff to run before tcpserver
#QMAIL_TCPSERVER_PRE=""
# Stuff to run qmail-smtpd
#QMAIL_SMTP_PRE=""
# Stuff to after qmail-smtpd
#QMAIL_SMTP_POST=""

# this turns off the IDENT grab attempt on connecting
TCPSERVER_OPTS="${TCPSERVER_OPTS} -R"

# You might want to use rblsmtpd with this, but you need to fill in a RBL server here first
# see http://cr.yp.to/ucspi-tcp/rblsmtpd.html for more details
#QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} rblsmtpd -r RBL-SERVER"

# If you are interested in providing POP or IMAP before SMTP type relaying,
# emerge relay-ctrl, then uncomment the next 2 lines
QMAIL_TCPSERVER_PRE="${QMAIL_TCPSERVER_PRE} envdir /etc/relay-ctrl relay-ctrl-chdir"
QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} relay-ctrl-check"
# In /etc/courier-imap/authdaemonrc add the next line to the end:
#authmodulelist="${authmodulelist} relay-ctrl-allow"
# Then in /etc/courier-imap/{imapd,imapd-ssl,pop3d,pop3d-ssl}
# Add this at the end
#PRERUN="${PRERUN} envdir /etc/relay-ctrl relay-ctrl-chdir"

# This next block is for SMTP-AUTH
# This provides the LOGIN, PLAIN and CRAM-MD5 types
# the 'cmd5checkpw' used in $QMAIL_SMTP_AUTHCHECKPASSWORD supports CRAM-MD5
# and reads it's data from /etc/poppasswd
# see the manpage for cmd5checkpw for details on the passwords
# uncomment the next four lines to enable SMTP-AUTH
QMAIL_SMTP_AUTHHOST=$(<${QMAIL_CONTROLDIR}/me)
[ -z "${QMAIL_SMTP_POST}" ] && QMAIL_SMTP_POST=/bin/true
QMAIL_SMTP_CHECKPASSWORD="/bin/checkpoppasswd"
QMAIL_SMTP_POST="${QMAIL_SMTP_AUTHHOST} ${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}"

i hope this not too long...

I follow the last suggestions to /var/spool/relay-ctrl
permissions and everything seems to work fine but it isn't so.

I follow the next steps to test the configuration:

a) from outside of my domain, I do:

$ telnet mymailserver.mydomain.it 110

and I authenticate me.

b) check in my mail server that in /var/spool/relay-ctrl/allow
if there is the IP of the external system. Ok, there is.

c) from outside:

$ telnet mymailserver.mydomain.it 25

and I try to send an email to an email address external to mydomain,

but I receive:
553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)

d) I try my old supervise run script for qmail-pop3d and qmail-smtpd and 
all works fine using also the initial directory permissions 
(700 for /var/spool/relay-ctrl and 777 for /var/spool/relay-ctrl/allow).

Follow my run script:
/var/qmail/supervise/qmail-pop3d/run:
--------------------------------------
#!/bin/sh
exec /usr/bin/softlimit -m 3000000 \
    envdir /etc/relay-ctrl \
    relay-ctrl-chdir \
    /usr/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb \
    0 pop-3 /var/qmail/bin/qmail-popup `hostname --fqdn` \
    /bin/checkpassword \
    relay-ctrl-allow \
    /var/qmail/bin/qmail-pop3d .maildir 2>&1
----------------------------------------
/var/qmail/supervise/qmail-smtpd/run:
-------------------------------------
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
exec /usr/bin/softlimit -m 29000000 \
        envdir /etc/relay-ctrl \
        relay-ctrl-chdir \
        /usr/bin/tcpserver -H -R -v -p -x /etc/tcp.smtp.cdb \
        -u $QMAILDUID -g $NOFILESGID 0 smtp relay-ctrl-check /var/qmail/bin/qmail-smtpd 
2>&1
-------------------------------------------

Another thing that seems to not work for the new configuration files and
scripts is the qmail-scanner use. If I follow the new instructions to
enable qmail-scanner, it doesnt' works.
Also in this case I have to use my old /etc/tcp.smtp file
where the 
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"

line is the first line of the file before all IPs.

Comment 11 Robin Johnson 2004-03-04 03:34:40 UTC

Enrico:
after having another bug very similar to this pointed out to me by a friend, and hacking at it on his box, he had something very similar, but he was using the ipv6 use flag, and it went away when the flag was removed.

could you please details on your version of qmail (emerge -pv qmail), as well as ATTACH your /var/qmail/control/conf-* files.

Created attachment 26834 [details]
conf-* tar archive

[ebuild   R   ] net-mail/qmail-1.03-r13  +ssl 

Comment 14 Robin Johnson 2004-03-04 03:58:29 UTC

enrico:
as one other test
could you try the ~x86 versions of ucspi-tcp and qmail together?

i'm trying to eliminate variables in the problems you see happening, to find out what the hell it is.

no need to do it soon, as i'm just heading to bed now (4am here) and I won't be around for the next 8 hours at least.

I had install the ~x86 version of qmail in another machine
and it's seems to work fine. I post in attachment my conf-* files and
runs file that works fine, because I think that in qmail-pop3d/run there is a QMAIL_TCPSERVER_PRE missing.

[ebuild   R   ] net-mail/qmail-1.03-r15  -noauthcram -notlsbeforeauth +ssl

Created attachment 26890 [details]
conf-* tar archive

Created attachment 26891 [details]
qmail-pop3d and qmail-smtpd run

Personally I had more luck with courier-pop3d then qmail-pop3d because of the ways permissions are handled on the file. I'm not exactly sure under which permissions qmail-smtpd will check the ips in allow, but the files are created by user vpopmail and permissions 666. 

As I side note, be very careful when changing permissions on /var/spool/relay-ctrl as even just turning on the execute (x) (711) bit will make it possible for anyone to create files with the name of the ip and open relays to anyone from that ip. 

Comment 19 Robin Johnson 2005-02-13 22:15:57 UTC

closing old bugs that should be fixed already.