I emerge relay-ctrl-3.1.1-r1 without problem under Gentoo 1.4. I follow the guide to enable it. But during the tests I see in /var/log/qmail/qmail-pop3d/current: relay-ctrl-allow[5483]: Warning: $RELAY_CTRL_DIR is not set.. TO avoid this problem I have put the RELAY_CTRL_DIR=/var/spool/relay-ctrl/allow in /etc/env.d/99qmail. After this I have another problem: relay-ctrl-allow[5873]: Warning: Could not change directory to '/var/spool/relay-ctrl/allow': Permission denied. And to avoid this problem I have to change permission to /var/spool/relay-ctrl to 755. Reproducible: Always Steps to Reproduce: 1.emerge relay-ctrl 2.Enable it 3.tail -f /var/log/qmail/qmail-pop3d/current 4.try to connect via pop3 Actual Results: I have: relay-ctrl-allow[5483]: Warning: $RELAY_CTRL_DIR is not set.. and relay-ctrl-allow[5873]: Warning: Could not change directory to '/var/spool/relay-ctrl/allow': Permission denied. Expected Results: Put the IP address coming from POP3 into /var/spool/relay-ctrl/allow. Portage 2.0.49-r21 (default-1.0-gcc3, gcc-3.2.3, glibc-2.2.5-r4,2.3.1-r5, 2.6.1-rc3) ================================================================= System uname: 2.6.1-rc3 i686 AMD Athlon(tm) MP 1500+ Gentoo Base System version 1.4.3.13 ccache version 2.3 [enabled] ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-mcpu=athlon-mp -O3 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-mcpu=athlon-mp -O3 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs ccache sandbox" GENTOO_MIRRORS="http://gentoo.linux.no/ http://gentoo.oregonstate.edu/ http://www.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow apache2 avi berkdb crypt cups encode gdbm gif gpm imlib java jpeg libg++ libwww mikmod mmx motif mpeg mysql ncurses nls oggvorbis opengl oss pam pdflib perl png python quicktime readline sdl slang spell ssl svga tcpd truetype x86 xml xml2 xmms xv zlib"
'/var/spool/relay-ctrl/allow' should have perms 1777 (and the ebuild sets it to this). Please check that /var, /var/spool, /var/spool/relay-ctrl, /etc/relay-ctrl/* have reasonable permissions (post them up here if they do and you still get problems).
I still have the problem. The directory permissions are: drwxr-xr-x 18 root root 456 Feb 23 17:42 /var drwxr-xr-x 6 root root 176 Mar 2 10:42 /var/spool/ drwx------ 3 root root 96 Mar 2 10:42 /var/spool/relay-ctrl/ drwxrwxrwt 2 root root 72 Mar 2 10:42 /var/spool/relay-ctrl/allow/ drwxr-xr-x 2 root root 120 Mar 2 10:42 /etc/relay-ctrl/ -rw-r--r-- 1 root root 28 Mar 2 10:42 /etc/relay-ctrl/RELAY_CTRL_DIR -rw-r--r-- 1 root root 5 Mar 2 10:42 /etc/relay-ctrl/RELAY_CTRL_EXPIRY
"chmod 711 /var/spool/relay-ctrl" that should fix it
Yes, it seemes to work fine. Thanks
Hello, sorry this fix will not working for me. if a user send a email to me -> works fine if I send a email to user will get this error: @400000004046677e1db867f4 tcpserver: pid 29464 from 212.114.239.129 @400000004046677e205609bc tcpserver: ok 29464 :195.49.172.35:25 dsl01.212.114.239.129.nefkom.net:212.114.239.129::37719 @400000004046677e205c2c0c relay-ctrl-check[29464]: Warning: Could not open IP file '212.114.239.129': Permission denied. @40000000404667a7213a2c14 tcpserver: end 29464 status 256 @40000000404667a7213a3bb4 tcpserver: status: 0/40 my system: drwxr-xr-x 2 root root 4096 Feb 29 17:52 /etc/relay-ctrl -rw-r--r-- 1 root root 28 Mar 3 22:47 /etc/relay-ctrl/RELAY_CTRL_DIR -rw-r--r-- 1 root root 5 Mar 3 20:06 /etc/relay-ctrl/RELAY_CTRL_EXPIRY airbus relay-ctrl # cat RELAY_CTRL_DIR /var/spool/relay-ctrl/allow airbus relay-ctrl # cat RELAY_CTRL_EXPIRY 1800 drwxr-xr-x 16 root root 4096 Feb 28 17:45 /var drwxr-xr-x 5 root root 4096 Mar 3 21:36 /var/spool drwxrwxrwx 3 root root 4096 Mar 3 21:36 /var/spool/relay-ctrl drwxrwxrwx 2 root root 4096 Mar 3 23:20 /var/spool/relay-ctrl/allow -rw------- 1 popuser popuser 13 Mar 3 23:20 /var/spool/relay-ctrl/allow/212.114.239.129 # Configuration file for qmail-smtpd # $Header: /home/cvsroot/gentoo-x86/net-mail/qmail/files/1.03-r13/conf-smtpd,v 1.2 2003/11/30 03:00:20 robbat2 Exp $ # Stuff to run before tcpserver #QMAIL_TCPSERVER_PRE="" # Stuff to run qmail-smtpd #QMAIL_SMTP_PRE="" # Stuff to after qmail-smtpd #QMAIL_SMTP_POST="" # this turns off the IDENT grab attempt on connecting TCPSERVER_OPTS="${TCPSERVER_OPTS} -R" # You might want to use rblsmtpd with this, but you need to fill in a RBL server here first # see http://cr.yp.to/ucspi-tcp/rblsmtpd.html for more details #QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} rblsmtpd -r RBL-SERVER" # If you are interested in providing POP or IMAP before SMTP type relaying, # emerge relay-ctrl, then uncomment the next 2 lines QMAIL_TCPSERVER_PRE="${QMAIL_TCPSERVER_PRE} envdir /etc/relay-ctrl relay-ctrl-chdir" QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} relay-ctrl-check" # In /etc/courier-imap/authdaemonrc add the next line to the end: #authmodulelist="${authmodulelist} relay-ctrl-allow" # Then in /etc/courier-imap/{imapd,imapd-ssl,pop3d,pop3d-ssl} # Add this at the end #PRERUN="${PRERUN} envdir /etc/relay-ctrl relay-ctrl-chdir" # This next block is for SMTP-AUTH # This provides the LOGIN, PLAIN and CRAM-MD5 types # the 'cmd5checkpw' used in $QMAIL_SMTP_AUTHCHECKPASSWORD supports CRAM-MD5 # and reads it's data from /etc/poppasswd # see the manpage for cmd5checkpw for details on the passwords # uncomment the next four lines to enable SMTP-AUTH QMAIL_SMTP_AUTHHOST=$(<${QMAIL_CONTROLDIR}/me) [ -z "${QMAIL_SMTP_POST}" ] && QMAIL_SMTP_POST=/bin/true QMAIL_SMTP_CHECKPASSWORD="/bin/checkpoppasswd" QMAIL_SMTP_POST="${QMAIL_SMTP_AUTHHOST} ${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}" airbus control # emerge info Portage 2.0.50-r1 (default-x86-1.4, gcc-3.3.2, glibc-2.3.2-r9, 2.4.25) ================================================================= System uname: 2.4.25 i686 Intel(R) Pentium(R) 4 CPU 2.80GHz Gentoo Base System version 1.4.3.13 Autoconf: sys-devel/autoconf-2.58-r1 Automake: sys-devel/automake-1.7.7 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=pentium4 -mcpu=pentium4 -O2 -pipe -mmmx -msse -msse2" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/alias /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=pentium4 -mcpu=pentium4 -O2 -pipe -mmmx -msse -msse2" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs ccache sandbox" GENTOO_MIRRORS="ftp://ftp.tu-clausthal.de/pub/linux/gentoo/" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="berkdb crypt curl freetype gd gdbm gif gpm imagemagick imap imlib jpeg libg++ libwww memlimit mmx mmx2 mysql ncurses nls pam pdflib perl php png pwdb python quota readline sdl slang spell sse sse2 ssl tcpd threads tiff truetype x86 xml2 xv zlib" very big thanks for help me.
alex: your permissions are wrong as well. chmod 700 /var/spool/relay-ctrl/ chmod 1777 /var/spool/relay-ctrl/allow rm /var/spool/relay-ctrl/allow/* then restart qmail
thanks, is see no me error under /var/log/qmail/qmail-smtpd/current a new error is under /var/log/qmail/qmail-pop3d/current: @40000000404678d004b6b01c tcpserver: pid 32344 from 212.114.239.129 @40000000404678d119c2fe5c tcpserver: ok 32344 :195.49.172.35:110 dsl01.212.114.239.129.nefkom.net:212.114.239.129::37819 @40000000404678d122981634 relay-ctrl-allow[32345]: Warning: Could not change directory to '/var/spool/relay-ctrl/allow/': Permission denied. @40000000404678d1229b6dac relay-ctrl-allow[32345]: Warning: Could not open '.1078360263.580396:32345' for writing: Permission denied. @40000000404678d125ea4e74 tcpserver: end 32344 status 256 @40000000404678d125ea5a2c tcpserver: status: 0/20
alex: did you do the permissions fixes I said? this message "Warning: Could not change directory to '/var/spool/relay-ctrl/allow/': Permission denied." suggests that you haven't. if you did do them, please ensure all of qmail (smtp, pop3, send etc. is restarted. use /etc/init.d/svscan stop ; sleep 2s; /etc/init.d/svscan start ) if it persists, include the permissions listing of the direcroties + files as before.
yes i make you permissions: airbus root # chmod 700 /var/spool/relay-ctrl/ airbus root # chmod 1777 /var/spool/relay-ctrl/allow airbus root # rm /var/spool/relay-ctrl/allow/* rm: cannot remove `/var/spool/relay-ctrl/allow/*': No such file or directory airbus root # ls -al /var/spool total 20 drwxr-xr-x 5 root root 4096 Mar 4 00:53 . drwxr-xr-x 16 root root 4096 Feb 28 17:45 .. -rw-r--r-- 1 root root 0 Feb 28 01:23 .keep drwxr-x--- 4 root cron 4096 Feb 27 23:27 cron drwxrwxrwt 2 root mail 4096 Feb 27 23:26 mail drwx------ 3 root root 4096 Mar 4 00:53 relay-ctrl airbus root # ls -al /var/spool/relay-ctrl total 12 drwx------ 3 root root 4096 Mar 4 00:53 . drwxr-xr-x 5 root root 4096 Mar 4 00:53 .. drwxrwxrwt 2 root root 4096 Mar 4 00:53 allow airbus root # ls -al /var/spool/relay-ctrl/allow total 8 drwxrwxrwt 2 root root 4096 Mar 4 00:53 . drwx------ 3 root root 4096 Mar 4 00:53 .. airbus root # tail -f /var/log/qmail/qmail-pop3d/current airbus root # /etc/init.d/svscan stop ; sleep 2s; /etc/init.d/svscan start * Stopping service scan... [ ok ] * Stopping services... [ ok ] * Stopping service logging... [ ok ] * Starting service scan... [ ok ] airbus root # tail -f /var/log/qmail/qmail-pop3d/current @4000000040467cef2cf0d83c tcpserver: end 969 status 256 @4000000040467cef2cf12e2c tcpserver: status: 0/20 @4000000040467d1003ce4fd4 tcpserver: status: 1/20 @4000000040467d1003d014f4 tcpserver: pid 972 from 212.114.239.129 @4000000040467d100590a114 tcpserver: ok 972 :195.49.172.35:110 dsl01.212.114.239.129.nefkom.net:212.114.239.129::37878 @4000000040467d100e1bcf0c relay-ctrl-allow[975]: Warning: Could not change directory to '/var/spool/relay-ctrl/allow/': No such file or directory. @4000000040467d100e1c5f94 relay-ctrl-allow[975]: Warning: Could not open '.1078361350.236697:975' for writing: Permission denied. @4000000040467d10113a60a4 tcpserver: end 972 status 256 @4000000040467d10113a6874 tcpserver: status: 0/20 @4000000040467eed0aa7fd3c tcpserver: status: 0/20 @4000000040467efd1b52fccc tcpserver: status: 1/20 @4000000040467efd1b54d18c tcpserver: pid 1112 from 212.114.239.129 @4000000040467efd1d44e5a4 tcpserver: ok 1112 :195.49.172.35:110 dsl01.212.114.239.129.nefkom.net:212.114.239.129::37894 @4000000040467efd2762ae04 relay-ctrl-allow[1113]: Warning: Could not change directory to '/var/spool/relay-ctrl/allow/': Permission denied. @4000000040467efd27652ea4 relay-ctrl-allow[1113]: Warning: Could not open '.1078361843.660772:1113' for writing: Permission denied. @4000000040467efd2a82c63c tcpserver: end 1112 status 256 @4000000040467efd2a82ce0c tcpserver: status: 0/20 airbus control # cat conf-common # Common Configuration file for all qmail daemons # $Header: /home/cvsroot/gentoo-x86/net-mail/qmail/files/1.03-r13/conf-common,v 1.1 2003/10/27 09:42:54 robbat2 Exp $ # Qmail User IDS to run daemons as QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` # Qmail Control Dir (this is actually set in /etc/env.d/99qmail) #QMAIL_CONTROLDIR=/var/qmail/control # Host and port to listen on # We listen on the IPv4 local ip by default TCPSERVER_HOST=195.49.172.35 TCPSERVER_PORT=${SERVICE} # you do not need to specify -x, -c, -u or -g in this variable as those are # added later TCPSERVER_OPTS="-v" # we limit data and stack segments to 8mbytes, you may need to raise this if # you are using a filter in QMAILQUEUE SOFTLIMIT_OPTS="-m 8000000" # We don't have anything to set QMAILQUEUE to at the moment, so we leave it alone #QMAILQUEUE="" # tcpserver maximum concurrency, defaults to 40 in tcpserver # this controls the maximum number of incoming connections that it will accept [ -e ${QMAIL_CONTROLDIR}/concurrencyincoming ] && MAXCONN=$(<${QMAIL_CONTROLDIR}/concurrencyincoming) || MAXCONN=40 airbus control # cat conf-pop3d # Configuration file for qmail-pop3d # $Header: /home/cvsroot/gentoo-x86/net-mail/qmail/files/1.03-r13/conf-pop3d,v 1.1 2003/10/27 09:42:54 robbat2 Exp $ # Stuff to run before tcpserver #QMAIL_TCPSERVER_PRE="" # Stuff to run before the authenticator #QMAIL_POP3_PREAUTH="" # Stuff to run after the user has authenticated successfully #QMAIL_POP3_POSTAUTH="" # this should contain the FQDN of your server # by default it pulls the value from qmail # which should be correct QMAIL_POP3_POP3HOST="$(<${QMAIL_CONTROLDIR}/me)" # If you want POP3 before SMTP, and you are using this POP3 daemon # uncomment the next two lines QMAIL_TCPSERVER_PRE="${QMAIL_TCPSERVER_PRE} envdir /etc/relay-ctrl relay-ctrl-chdir" QMAIL_POP3_POSTAUTH="${QMAIL_POP3_POSTAUTH} /usr/bin/relay-ctrl-allow" # This controls what password authentication tool POP3 uses # It must support DJB's checkpassword interface (http://cr.yp.to/checkpwd.html) QMAIL_POP3_CHECKPASSWORD="/bin/checkpoppasswd" # cmd5checkpw only validates passwords from /etc/poppasswd #QMAIL_POP3_CHECKPASSWORD="/bin/cmd5checkpw" # Configuration file for qmail-smtpd # $Header: /home/cvsroot/gentoo-x86/net-mail/qmail/files/1.03-r13/conf-smtpd,v 1.2 2003/11/30 03:00:20 robbat2 Exp $ # Stuff to run before tcpserver #QMAIL_TCPSERVER_PRE="" # Stuff to run qmail-smtpd #QMAIL_SMTP_PRE="" # Stuff to after qmail-smtpd #QMAIL_SMTP_POST="" # this turns off the IDENT grab attempt on connecting TCPSERVER_OPTS="${TCPSERVER_OPTS} -R" # You might want to use rblsmtpd with this, but you need to fill in a RBL server here first # see http://cr.yp.to/ucspi-tcp/rblsmtpd.html for more details #QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} rblsmtpd -r RBL-SERVER" # If you are interested in providing POP or IMAP before SMTP type relaying, # emerge relay-ctrl, then uncomment the next 2 lines QMAIL_TCPSERVER_PRE="${QMAIL_TCPSERVER_PRE} envdir /etc/relay-ctrl relay-ctrl-chdir" QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} relay-ctrl-check" # In /etc/courier-imap/authdaemonrc add the next line to the end: #authmodulelist="${authmodulelist} relay-ctrl-allow" # Then in /etc/courier-imap/{imapd,imapd-ssl,pop3d,pop3d-ssl} # Add this at the end #PRERUN="${PRERUN} envdir /etc/relay-ctrl relay-ctrl-chdir" # This next block is for SMTP-AUTH # This provides the LOGIN, PLAIN and CRAM-MD5 types # the 'cmd5checkpw' used in $QMAIL_SMTP_AUTHCHECKPASSWORD supports CRAM-MD5 # and reads it's data from /etc/poppasswd # see the manpage for cmd5checkpw for details on the passwords # uncomment the next four lines to enable SMTP-AUTH QMAIL_SMTP_AUTHHOST=$(<${QMAIL_CONTROLDIR}/me) [ -z "${QMAIL_SMTP_POST}" ] && QMAIL_SMTP_POST=/bin/true QMAIL_SMTP_CHECKPASSWORD="/bin/checkpoppasswd" QMAIL_SMTP_POST="${QMAIL_SMTP_AUTHHOST} ${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}" i hope this not too long...
I follow the last suggestions to /var/spool/relay-ctrl permissions and everything seems to work fine but it isn't so. I follow the next steps to test the configuration: a) from outside of my domain, I do: $ telnet mymailserver.mydomain.it 110 and I authenticate me. b) check in my mail server that in /var/spool/relay-ctrl/allow if there is the IP of the external system. Ok, there is. c) from outside: $ telnet mymailserver.mydomain.it 25 and I try to send an email to an email address external to mydomain, but I receive: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) d) I try my old supervise run script for qmail-pop3d and qmail-smtpd and all works fine using also the initial directory permissions (700 for /var/spool/relay-ctrl and 777 for /var/spool/relay-ctrl/allow). Follow my run script: /var/qmail/supervise/qmail-pop3d/run: -------------------------------------- #!/bin/sh exec /usr/bin/softlimit -m 3000000 \ envdir /etc/relay-ctrl \ relay-ctrl-chdir \ /usr/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb \ 0 pop-3 /var/qmail/bin/qmail-popup `hostname --fqdn` \ /bin/checkpassword \ relay-ctrl-allow \ /var/qmail/bin/qmail-pop3d .maildir 2>&1 ---------------------------------------- /var/qmail/supervise/qmail-smtpd/run: ------------------------------------- #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` exec /usr/bin/softlimit -m 29000000 \ envdir /etc/relay-ctrl \ relay-ctrl-chdir \ /usr/bin/tcpserver -H -R -v -p -x /etc/tcp.smtp.cdb \ -u $QMAILDUID -g $NOFILESGID 0 smtp relay-ctrl-check /var/qmail/bin/qmail-smtpd 2>&1 ------------------------------------------- Another thing that seems to not work for the new configuration files and scripts is the qmail-scanner use. If I follow the new instructions to enable qmail-scanner, it doesnt' works. Also in this case I have to use my old /etc/tcp.smtp file where the :allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" line is the first line of the file before all IPs.
Enrico: after having another bug very similar to this pointed out to me by a friend, and hacking at it on his box, he had something very similar, but he was using the ipv6 use flag, and it went away when the flag was removed. could you please details on your version of qmail (emerge -pv qmail), as well as ATTACH your /var/qmail/control/conf-* files.
Created attachment 26834 [details] conf-* tar archive
[ebuild R ] net-mail/qmail-1.03-r13 +ssl
enrico: as one other test could you try the ~x86 versions of ucspi-tcp and qmail together? i'm trying to eliminate variables in the problems you see happening, to find out what the hell it is. no need to do it soon, as i'm just heading to bed now (4am here) and I won't be around for the next 8 hours at least.
I had install the ~x86 version of qmail in another machine and it's seems to work fine. I post in attachment my conf-* files and runs file that works fine, because I think that in qmail-pop3d/run there is a QMAIL_TCPSERVER_PRE missing. [ebuild R ] net-mail/qmail-1.03-r15 -noauthcram -notlsbeforeauth +ssl
Created attachment 26890 [details] conf-* tar archive
Created attachment 26891 [details] qmail-pop3d and qmail-smtpd run
Personally I had more luck with courier-pop3d then qmail-pop3d because of the ways permissions are handled on the file. I'm not exactly sure under which permissions qmail-smtpd will check the ips in allow, but the files are created by user vpopmail and permissions 666. As I side note, be very careful when changing permissions on /var/spool/relay-ctrl as even just turning on the execute (x) (711) bit will make it possible for anyone to create files with the name of the ip and open relays to anyone from that ip.
closing old bugs that should be fixed already.