Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Qmail: users

Virtual domain setup

  

 
Qmail users RSS feed   Index | Next | Previous | View Threaded


p.pisati at oltrelinux

Sep 4, 2009, 8:58 AM

Post #1 of 9 (2205 views)
Permalink
Virtual domain setup
Dear qmailers,

i'm trying to setup a simple virtual domain (as outlined in
http://cr.yp.to/qmail/faq/incominghost.html#virtual), but for some reason,
it doesn't work:

root [at] famp:/var/qmail# cat control/virtualdomains
progetti.pear.it:progetti
root [at] famp:/var/qmail# cat control/rcpthosts
famp5.pear.lan
progetti.pear.it

root [at] famp:/var/qmail# svc -t /var/service/qmail-send/
root [at] famp:/var/qmail# svc -t /var/service/qmail-smtpd/
root [at] famp:/var/qmail# svstat /var/service/*
/var/service/qmail-send: up (pid 58190) 7 seconds
/var/service/qmail-smtpd: up (pid 58202) 3 seconds

root [at] famp:/var/qmail# grep progetti /etc/passwd
progetti:*:1004:1004:User
&:/usr/local/www/vhosts/clockingit/httpdocs:/sbin/nologin

root [at] famp:/var/qmail# ls -la
/usr/local/www/vhosts/clockingit/httpdocs/.qmail*
-rw-r--r-- 1 root www 13 Sep 4 15:45
/usr/local/www/vhosts/clockingit/httpdocs/.qmail
-rw-r--r-- 1 root www 13 Sep 4 17:32
/usr/local/www/vhosts/clockingit/httpdocs/.qmail-default
-rw-r--r-- 1 root www 13 Sep 4 17:37
/usr/local/www/vhosts/clockingit/httpdocs/.qmail-infa

root [at] famp:/var/qmail# cat
/usr/local/www/vhosts/clockingit/httpdocs/.qmail-default
/tmp/mboxami
root [at] famp:/var/qmail# cat
/usr/local/www/vhosts/clockingit/httpdocs/.qmail-infa
/tmp/mboxami
root [at] famp:/var/qmail# ls -la /tmp/mboxami
-rwxrwxrwx 1 root wheel 0 Sep 4 17:48 /tmp/mboxami

root [at] famp:/var/qmail# ./bin/qmail-showctl
qmail home directory: /var/qmail.
user-ext delimiter: -.
paternalism (in decimal): 2.
silent concurrency limit: 120.
subdirectory split: 23.
user ids: 81, 82, 83, 0, 84, 85, 86, 87.
group ids: 81, 82.

badmailfrom: (Default.) Any MAIL FROM is allowed.

bouncefrom: (Default.) Bounce user name is MAILER-DAEMON.

bouncehost: (Default.) Bounce host name is famp5.pear.lan.

concurrencylocal: (Default.) Local concurrency is 10.

concurrencyremote: (Default.) Remote concurrency is 20.

databytes: (Default.) SMTP DATA limit is 0 bytes.

defaultdomain: Default domain name is pear.lan.

defaulthost: (Default.) Default host name is famp5.pear.lan.

doublebouncehost: (Default.) 2B recipient host: famp5.pear.lan.

doublebounceto: (Default.) 2B recipient user: postmaster.

envnoathost: (Default.) Presumed domain name is famp5.pear.lan.

helohost: (Default.) SMTP client HELO host name is famp5.pear.lan.

idhost: (Default.) Message-ID host name is famp5.pear.lan.

localiphost: (Default.) Local IP address becomes famp5.pear.lan.

locals:
Messages for famp5.pear.lan are delivered locally.

me: My name is famp5.pear.lan.

percenthack: (Default.) The percent hack is not allowed.

plusdomain: Plus domain name is pear.lan.

qmqpservers: (Default.) No QMQP servers.

queuelifetime: (Default.) Message lifetime in the queue is 604800 seconds.

rcpthosts:
SMTP clients may send messages to recipients at famp5.pear.lan.
SMTP clients may send messages to recipients at progetti.pear.it.

morercpthosts: (Default.) No effect.

morercpthosts.cdb: (Default.) No effect.

smtpgreeting: (Default.) SMTP greeting: 220 famp5.pear.lan.

smtproutes:
SMTP route: :172.16.XXX.XXX

timeoutconnect: (Default.) SMTP client connection timeout is 60 seconds.

timeoutremote: (Default.) SMTP client data timeout is 1200 seconds.

timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds.

virtualdomains:
Virtual domain: progetti.pear.it:progetti


from my box:
piso [at] ferre:~$ telnet 172.162.162.2 25
Trying 172.162.162.2...
Connected to 172.162.162.2.
Escape character is '^]'.
220 famp5.pear.lan ESMTP
helo localhost
250 famp5.pear.lan
mail from: piso [at] pear
250 ok
rcpt to: infa [at] progetti
250 ok
data
354 go ahead
ggg
.
250 ok 1252079469 qp 58331

while qmail-send log file says:

@400000004aa137773497573c info msg 53110449: bytes 190 from
<piso [at] pear> qp 58331 uid 82
@400000004aa1377734e10e54 starting delivery 3: msg 53110449 to local
progetti-infa [at] progetti
@400000004aa1377734e37b6c status: local 1/10 remote 0/20
@400000004aa1377735bf6c1c delivery 3: failure:
Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/
@400000004aa1377735cdcbcc status: local 0/10 remote 0/20
@400000004aa13777367c631c bounce msg 53110449 qp 58334
@400000004aa137773680c434 end msg 53110449

any idea?


kyle-qmail at memoryhole

Sep 4, 2009, 9:48 AM

Post #2 of 9 (2115 views)
Permalink
Re: Virtual domain setup [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Friday, September 4 at 05:58 PM, quoth Paolo Pisati:
>i'm trying to setup a simple virtual domain (as outlined in
>http://cr.yp.to/qmail/faq/incominghost.html#virtual), but for some
>reason, it doesn't work:

Huh, okay. Let's see the error message:

>@400000004aa1377734e10e54 starting delivery 3: msg 53110449 to local
>progetti-infa [at] progetti
>@400000004aa1377734e37b6c status: local 1/10 remote 0/20
>@400000004aa1377735bf6c1c delivery 3: failure:
>Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/

This means that the virtualdomain stuff is all working as intended:
the infa [at] progetti address is being treated as local, as if it
were addressed to progetti-infa@... The failure is actually happening
at the progetti user level.

>root [at] famp:/var/qmail# grep progetti /etc/passwd
>progetti:*:1004:1004:User
>&:/usr/local/www/vhosts/clockingit/httpdocs:/sbin/nologin

Okay...

>root [at] famp:/var/qmail# ls -la
>/usr/local/www/vhosts/clockingit/httpdocs/.qmail*
>-rw-r--r-- 1 root www 13 Sep 4 15:45
>/usr/local/www/vhosts/clockingit/httpdocs/.qmail

I notice that all these files are owned by root. Does progetti own its
own home directory? It's possible that the progetti user cannot read
these files because it cannot read one of the parent directories. For
example, try this:

setuidgid progetti cat /usr/local/www/vhosts/clockingit/httpdocs/.qmail-default

My guess is that that will fail.

~Kyle
- --
The government of the United States is not in any sense founded on the
Christian Religion.
-- US Treaty with Tripoly, 1797
-----BEGIN PGP SIGNATURE-----
Comment: Thank you for using encryption!

iQIcBAEBCAAGBQJKoUT7AAoJECuveozR/AWe6LIP/jAPYLQxDiZQjKsKoa6H19kx
WC3DOM9LAUdq+o0RAQcU0mzzPHsUla385m1wYOwAIIK27uYUQ+G0I8lHAXu1TYhE
a7lePO1d1mlgQ4m7IPvvFI3MgqGa+VX3hiGtmdif1vLx4XEWHdaoi9kVviKkhOOX
2sjqwVtkrBtGrwZsGCz4rwDDZ9HXtKAhtIzIbfwstalxVJtIKT1xK1Wm2UHVAd/j
2sunL38I1QeUKcFMlTARbnsq81eWXSeH4I7rTPZ1Bl6w2+l9HjNN+vlDeqQ3yjmF
50u5obZazPtUrE8CTPpjKJyDzPzYJ15HlIoxJKM67pwVaslsr/X7y3IFv1DEhL/r
HYIwedCjphtF6MW2rhda6A+XpiJgGQZL2Y5JzJOw/XnCL99mK8mHZmJK4l3tIHgJ
zJ1xy86ajqhY45qcOPfBOQBFxpA/HPgwgZRKBEiiG3QWDKQjeOB3y+7CrZ7XjVRD
SpLZ/fmK5BrZheGGCXfQYek1jHRgbn5cKnhoxLgvlBmJBW5NPijb3/bFUYS7APCW
nRUv9hPcrfpqrs2UFCz8RGXQKOSjW8W+f7Tf1echm+0VEo0cPw4kQIdN7feyGO8a
QoRF6GLOJWiH5C0osdhoR+misCTKFY5o02QCbkaEdTR6gAh3HGG0lWc9BjiIo+eT
e6CdzVzoij84yUXHK0X6
=ecZB
-----END PGP SIGNATURE-----


lists-qmail at maexotic

Sep 4, 2009, 10:14 AM

Post #3 of 9 (2104 views)
Permalink
Re: Virtual domain setup [In reply to]
Hoi Paolo,

thanks for the detailed report.

Do you have a
users/assign
or users/cdb

file that might prevent /etc/password lookups?

\Maex

--
Markus Stumpf


p.pisati at oltrelinux

Sep 7, 2009, 12:38 AM

Post #4 of 9 (2086 views)
Permalink
Re: Virtual domain setup [In reply to]
Kyle Wheeler wrote:
>> root [at] famp:/var/qmail# ls -la
>> /usr/local/www/vhosts/clockingit/httpdocs/.qmail*
>> -rw-r--r-- 1 root www 13 Sep 4 15:45
>> /usr/local/www/vhosts/clockingit/httpdocs/.qmail
>>
>
> I notice that all these files are owned by root. Does progetti own its
> own home directory? It's possible that the progetti user cannot read
> these files because it cannot read one of the parent directories. For
> example, try this:
>
> setuidgid progetti cat /usr/local/www/vhosts/clockingit/httpdocs/.qmail-default
>
> My guess is that that will fail.
>
unfortunately, it works:

root [at] famp:/var/qmail# setuidgid progetti cat
/usr/local/www/vhosts/clockingit/httpdocs/.qmail-default
/tmp/mboxami

root [at] famp:/var/qmail# setuidgid progetti cat
/usr/local/www/vhosts/clockingit/httpdocs/.qmail
/tmp/mboxami

root [at] famp:/var/qmail# setuidgid progetti cat
/usr/local/www/vhosts/clockingit/httpdocs/.qmail-infa
/tmp/mboxami

root [at] famp:/var/qmail# ls -la /tmp/mboxami
-rwxrwxrwx 1 root wheel 0 Sep 4 17:48 /tmp/mboxami


p.pisati at oltrelinux

Sep 7, 2009, 12:38 AM

Post #5 of 9 (2080 views)
Permalink
Re: Virtual domain setup [In reply to]
Markus Stumpf wrote:
> Hoi Paolo,
>
> thanks for the detailed report.
>
> Do you have a
> users/assign
> or users/cdb
>
> file that might prevent /etc/password lookups?
>
nope, no assign or cdb:

root [at] famp:/var/qmail# ls -la users/
total 8
drwxr-xr-x 2 root qmail 512 Sep 4 17:30 .
drwxr-xr-x 12 root qmail 512 Jun 8 15:23 ..


p.pisati at oltrelinux

Sep 7, 2009, 3:58 AM

Post #6 of 9 (2076 views)
Permalink
Re: Virtual domain setup [In reply to]
Paolo Pisati wrote:
> Kyle Wheeler wrote:
>>> root [at] famp:/var/qmail# ls -la
>>> /usr/local/www/vhosts/clockingit/httpdocs/.qmail*
>>> -rw-r--r-- 1 root www 13 Sep 4 15:45
>>> /usr/local/www/vhosts/clockingit/httpdocs/.qmail
>>>
>>
>> I notice that all these files are owned by root. Does progetti own
>> its own home directory? It's possible that the progetti user cannot
>> read these files because it cannot read one of the parent
>> directories. For example, try this:
>>
>> setuidgid progetti cat
>> /usr/local/www/vhosts/clockingit/httpdocs/.qmail-default
>>
>> My guess is that that will fail.
>>
> unfortunately, it works:
>
> root [at] famp:/var/qmail# setuidgid progetti cat
> /usr/local/www/vhosts/clockingit/httpdocs/.qmail-default
> /tmp/mboxami
>
> root [at] famp:/var/qmail# setuidgid progetti cat
> /usr/local/www/vhosts/clockingit/httpdocs/.qmail
> /tmp/mboxami
>
> root [at] famp:/var/qmail# setuidgid progetti cat
> /usr/local/www/vhosts/clockingit/httpdocs/.qmail-infa
> /tmp/mboxami
>
> root [at] famp:/var/qmail# ls -la /tmp/mboxami
> -rwxrwxrwx 1 root wheel 0 Sep 4 17:48 /tmp/mboxami

i wrote a little qmail-local wrapper that just prints out the calling
arguments, environment variables and the message body, and i found that
qmail-local is invoked these arguments:

-- alias /var/qmail/alias progetti-infa - progetti-infa progetti.pear.it
piso [at] pear ./Maildir/

and with:

pwd: /var/qmail
id: uid=81(alias) gid=81(qnofiles) groups=81(qnofiles)

I then added some printfs in qmail-local, and i found that it failed in
open_read() (invoked by qmeexists()), when it tries to open the .qmail*
files in /var/qmail/alias.
At this point i copied the .qmail-default from progetti's home dir to
/var/qmail/alias, and guess what? it works now :)

Obviously it's an hack, and i would really like to know why it goes in
alias's homedir instead of progetti's homedir.
i guess the problem is somewhat precedent to qmail-local since
qmail-local receives "alias" as user and "/var/qmail/alias" as homedir.

any idea?


lists-qmail at maexotic

Sep 7, 2009, 5:17 AM

Post #7 of 9 (2077 views)
Permalink
Re: Virtual domain setup [In reply to]
On Mon, Sep 07, 2009 at 12:58:46PM +0200, Paolo Pisati wrote:
> open_read() (invoked by qmeexists()), when it tries to open the .qmail*
> files in /var/qmail/alias.

This is an indication that qmail is unable to find the user.
(That's why I asked for the users/* files).

What gives
$ id progetti
and did you add the user also to /etc/shadow or /etc/spwd.db
If not maybe because of this getpwnam(2) fails in qmail-getpw.c ...

\Maex


p.pisati at oltrelinux

Sep 7, 2009, 5:55 AM

Post #8 of 9 (2074 views)
Permalink
Re: Virtual domain setup [In reply to]
Markus Stumpf wrote:
> On Mon, Sep 07, 2009 at 12:58:46PM +0200, Paolo Pisati wrote:
>
>> open_read() (invoked by qmeexists()), when it tries to open the .qmail*
>> files in /var/qmail/alias.
>>
>
> This is an indication that qmail is unable to find the user.
> (That's why I asked for the users/* files).
>
> What gives
> $ id progetti
> and did you add the user also to /etc/shadow or /etc/spwd.db
> If not maybe because of this getpwnam(2) fails in qmail-getpw.c ...
>
unfortunately, everything work as expected:

root [at] famp:~# id progetti
uid=1004(progetti) gid=1004(progetti) groups=1004(progetti)

root [at] famp:~# cat pwnam.c
#include <stdio.h>
#include <sys/types.h>
#include <pwd.h>

int main(void) {
struct passwd *p;

p = getpwnam("progetti");
if (p) {
printf("name: %s\n", p->pw_name);
printf("uid: %d\n", p->pw_uid);
printf("gid: %d\n", p->pw_gid);
printf("dir: %s\n", p->pw_dir);
}

}

root [at] famp:~# gcc pwnam.c
root [at] famp:~# ./a.out
name: progetti
uid: 1004
gid: 1004
dir: /usr/local/www/vhosts/clockingit/httpdocs


p.pisati at oltrelinux

Sep 7, 2009, 7:38 AM

Post #9 of 9 (2073 views)
Permalink
Re: Virtual domain setup [In reply to]
problem found and solved.

from the qmail-getpw man page:

qmail-getpw considers an account in /etc/passwd to be a user if (1) the
account has a nonzero uid, (2) the account's home directory exists (and
is visible to qmail-getpw), and (3) the account owns its home
directory.
^^^^^^^^^^^^^^^^^^^^^^^^^^

thanks & bye.

Qmail users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.