Frequently Asked Questions. Please send additions, comments, etc to Latest information at http://romana.now.ie/#vodmr $Id: FAQ,v 1.21 2004/12/21 14:58:44 james Exp $ 1. Command not found errors on startup. Is odmrd in the $PATH of the user starting it? If you used a full pathname, it is correct? The odmrd program ships with its perl interpreter set to /usr/bin/perl. If your perl binary is in some other location edit the first line of odmrd to specify the correct location of perl on your system. 2. Debugging output. odmrd is capable of generating a large amount of debugging information. Your options for enabling/disabling debugging are: - a -D flag on the command line starts odmrd with debugging on. - if $DEBUG is set in odmrd's environment at startup, debugging is enabled. - sending a USR1 signal to a running odmrd enables debugging. - sending a USR2 signal to a running odmrd disables debugging. 3. Control files. odmrd makes use of a number of qmail control files. Set $qmail in odmrd to reflect qmail's installation directory. $qmail/control, and the files within, must be readable by the user odmrd runs as. odmrd uses the following qmail control files: - bouncefrom - bouncehost - doublebouncehost - doublebounceto - helohost - me - smtpgreeting Each has the same meaning and default value as in qmail-control(5). odmrd uses the following control file which is not used by qmail: - odmrlifetime control/odmrlifetime is similar to control/queuelifetime for qmail. It specifies the maximum length of time, in seconds, a message may remain undeliverable. It defaults to 1209600 (two weeks). Set it to zero for messages to remain forever. 4. Messages older than odmrlifetime are still in mailboxes. Each message will always be permitted one delivery attempt. If a message is in a mailbox and a user requests an ATRN, one delivery will be tried regardless of age. If the delivery is unsuccessful the message's age is checked and it will be bounced if it's too old. Also, remember that messages are only checked when a user logs in and asks for ATRN. If they never login, messages will remain in the mailbox. Be sure to set quotas if that matters to you. 5. Received header added by odmrd looks wrong. -0000 is a time zone specification showing that the timestamp added is in Greenwich Mean Time (GMT). Tracking messages that use varying local time zones is difficult. odmrd timestamps in GMT. 6. What does the number in ``Timeout exceeded (4)'' mean? The number is the state odmrd was in when the timeout occurred. The states are outlined in INTERNALS. 7. odmrd says there's no mail in a mailbox. You disagree. This could be for any number of reasons. Here's some things to look into: - Was the mail delivered to a mailbox or is it in qmail's queue? Check qmail's logs. - Was it delivered to the correct mailbox? Check qmail's logs. - Are you logging in as the correct user -- one who has access to that mailbox? - Is that user set as the catch-all for the ODMR domain? - Is there _really_ mail there? Look in the appropriate maildir for message files. 8. How do I extend the life of a message in a mailbox? It's about to expire but I want it to be retried for longer. Use the touch(1) command to change the modification date of the message file. odmrd will bounce a message that was modified more than ``odmrlifetime'' seconds ago. You can use touch to change the modification date to something more recent. How recent depends on how long you want the message to persist. 9. Authentication failed. This could be for any number of reasons. Here's some things to look into: - Usernames and passwords are case-sensitive for authentication, even if they're not case sensitive when used as an email address. Are you using the right combination of upper and lower case? - If you are using the gecos field to store secrets, is the secret present and correct? Do not use colons in the secret! - If you are using the clear text field to store secrets, is the secret present and correct? Do not use colons in the secret! - If you are using the password field to store secrets, is the secret present and correct? Do not use colons in the secret! - Blank/empty secrets never authenticate. Set a real secret. - Is $secretfield set to correctly reflect your choice of storing the secret in the gecos, clear text or password field? - Have you enabled ODMR service for the mailbox? Use the vuserinfo command to check. It will say 'user flag 2 is set' if ODMR service is enabled. Use the vmoduser command to set it if necessary. See no. 17 below. - Are you using the correct flag? Verify the $require_flag variable against the output of the vuserinfo command. See no. 17 below. 10. ATRN request refused. The ATRN command sent by the ODMR client program requested mail for a domain to which the logged in user does not have access or requested mail for more than one domain. 11. How to use fetchmail. An example fetchmail invocation might be: fetchmail -p ODMR -S localhost -u postmaster@foo.ie \ --fetchdomains foo.ie odmrserver.isp.net That says: - Use ODMR - Give messages to the SMTP server on ``localhost'' - Login as ``postmaster@foo.ie'' - Request the email for ``foo.ie'' - The ODMR server is called ``odmrserver.isp.net'' See the fetchmail(1) man page for full instructions. 12. Your logs are full of ``Permission denied'' messages and nothing's working! odmrd needs to run as your vpopmail user -- this is usually ``vpopmail''. Make sure you have started tcpserver with the proper UID and GID or check the user specified in your [x]inetd.conf. Don't run odmrd as root. It doesn't need it. It'll log a warning if you do. 13. ``Can't locate .pm in @INC ...'' errors at startup. Either the perl module named in the error isn't installed in your system or perl can't find it in the places it thinks it should look (the error will list those places). So, if it's missing, install it. Otherwise you can add a ``use lib'' statement to odmrd to tell perl to look for modules in non-standard places. See the @INC entry in the perlvar(1) man page. Pick up any modules you need from http://search.cpan.org/ 14. Can qmailadmin be used to setup and maintain an ODMR domain? Yes, absolutely. With qmailadmin you can create a mailbox and set it to be the catch-all mailbox for the domain. Set the mailbox ``Real name'' to the secret you want to use for for gecos authentication or use its clear-text support. See http://www.inter7.com/qmailadmin/ for information about qmailadmin. The patch available from http://romana.now.ie/#qmailadmin-flags adds the ability for qmailadmin 1.0.15 or earlier to view and modify mailbox flags. qmailadmin 1.0.16 or later incorporates that patch. 15. Logging into syslog doesn't seem to be working. Have you set logging ("syslog"); in odmrd? If so, odmrd will attempt to log messages using the mail facility and info priority (a.k.a ``mail.info''). Ensure your syslogd selects these messages and logs them somewhere useful. Your syslogd configuration file, usually /etc/syslog.conf, should have a line something like mail.* /var/log/maillog Check your syslog/syslog.conf man page for exactly how to select and save mail.info messages on your system. 16. Resource limits. To run odmrd with resource limits run it under softlimit in a similar way to: softlimit -m 5000000 \ tcpserver -vHPR -u 89 -g 89 0 366 \ /usr/local/sbin/odmrd >>/var/log/odmr.log 2>&1 & You may need to increase the 5000000 (5MB) to accomodate the legitimate memory needs of tcpserver+perl on your particular system. The softlimit program is part of Dan J. Bernstein's daemontools package; http://cr.yp.to/daemontools.html Remember: the figure is a limit. odmrd will probably never use all of the amount allotted to it. 17. Disabling mailbox flags or using one other than V_USER2. Set the $require_flags variable in odmrd to the name of the flag you want to use -- V_USER{0,1,2,3} are available -- or set it to ``none'' to remove the need for a flag to be present. Be very careful about disabling the flag requirement. At least one mail control system built on vpopmail sets the gecos field to the name of the mailbox. In that environment it's trivial to know that foo@example.org's gecos (and, hence, shared secret) is ``foo''. Other gecos data is likely to be easily guessable also. 18. Authentication from MySQL, Oracle, LDAP, etc (i.e. not vpasswd.cdb) There is a limitation in the vpopmail.pm perl module. Essentially, it doesn't provide a calling program with all the fields from the user's passwd entry. It doesn't give the program a way to get at the GID or clear_text_passwd fields. The vodmr workaround for those limitations falls down when non-CDB authentication enters the fray. If you're looking for non-CDB authentication you should do two things. - Apply this patch to the vpopmail.pm sources and rebuild and reinstall the module: http://romana.now.ie/software/p5vpopmail-vauth_getpw.xtrafields.patch This fixes the root cause, and gives vpopmail.pm its missing abilities. - Apply this patch to vodmr (to 0.12): http://romana.now.ie/software/vodmr-0.12-with.fixed.p5vpopmail-patch This removes the workaround for the vpopmail.pm limitations (which are no longer present thanks to the patch above). The fix for vpopmail.pm has been submitted to its author but until he rolls a new release the patch above will be neccessary to use non-CDB authentication. To be added: svscan/supervise cyclog/multilog -x flag to tcpserver $Id: FAQ,v 1.21 2004/12/21 14:58:44 james Exp $