Chkuser 2.0
Features
Download
Documentation
chuser design
chkuser installation
Enabling chkuser
chkuser settings
Running qmail-smtpd
Logging format
Logging summary
FAQs
Credits
Support
chkusr 1.0

Frequently Asked Questions

Compile - customize

Why some features names are identified by an "EXTRA" label?

Usually all chkuser features are enabled by run time variables.
EXTRA features, when defined within chkuser_settings.h, are always enabled, despite of chkuser variables and settings.

Enabling chkuser

I have a standard installation, and chkuser seems not to work; what am I doing wrong?

First, run patched qmail-smtpd manually (as root) and check if chkuser works this way.

$ ./qmail-smtpd
mail from <wrong_sender>
mail from <right_sender>
rcpt to: <fake_user@your_domain>
rcpt to: <real_user@your_domain>

If it does not work, check if any domain has bouncing enabled. You may do this using qmailadmin, or you may set bouncing by yourself:

 

| /vpopmail/bin/vdelivermail '' bounce-no-mailbox

 

If it does work, then you must check carefully how qmail-smtpd is started; check carefully running instructions at: Chkuser 2.0 - running qmail-smtpd

How to enable chkuser always, for all domains?

Enable #define CHKUSER_ALWAYS_ON and recompile your qmail.

Install new qmail-smtpd. That's all.

This #define will override any other #define.

I'ld like to enable or disable chkuser for all the system without recompiling each time. How to make that?

Enable #define CHKUSER_STARTING_VARIABLE "CHKUSER_START" and recompile your qmail.

Then place the environment variable CHKUSER_START in your qmail-smtpd starting scripts or inside tcp.smtp, giving it the appropriate value:

  • NONE : chkuser will NOT work
  • ALWAYS : chkuser will ALWAYS work
  • DOMAIN : chkuser will work depending on domain's bouncing

In this way you may change easily default behaviou of chkuser.

If no variable is found, or variable is empty, chkuser will NOT work.

I have more qmail-smtpd running on different IP addresses, and I want to enable chkuser only on the external smtp server. How can I do?

Enable #define CHKUSER_STARTING_VARIABLE "CHKUSER_START" and recompile your qmail.

Then place the environment variable CHKUSER_START in your qmail-smtpd starting scripts, giving the appropriate value to the variable for each starting script:

  • NONE : chkuser will NOT work
  • ALWAYS : chkuser will ALWAYS work
  • DOMAIN : chkuser will work depending on domain's bouncing

If no variable is found, or variable is empty, chkuser will NOT work.

I don't use vdelivermail. How can I still enable chkuser per single domain?

You have two possibilities:

  • With standard settings, modify .qmail-default according to your needs, then add a comment line like
    # bounce-no-mailbox
    at beginning of file. chkuser will work if "bounce-no-mailbox" is found within leading 1023 characters.
  • uncomment #define CHKUSER_SPECIFIC_BOUNCING ".qmailchkuser-bouncing", set you specific custom file name if you don't like ".qmailchkuser-bouncing", and recompile and install qmail-smtpd.
    Create ".qmailchkuser-bouncing" in domain's dir.
    Now chkuser will execute checking if that file is found in domain's dir.
    Be carefull, that file must be read by vpopmail user!

I can't use "bounce-no-mailbox" in my .qmail-default. How do I change this string?

Simply edit chkuser_settings.h and modify

#define CHKUSER_BOUNCE_STRING "bounce-no-mailbox"

writing your appropriate string.

Recompile and reinstall qmail-smtpd.

General questions

Which domains are checked by chkuser?

chkuser handles all domains who are in rcpthosts (or morercpthosts) and inside virtualdomains.

If the domain is only inside rcpthosts (or morercpthosts), no checking is done.

So, if you are a backup MX domains, and want just to accept messages for some domains without checking any recipient, be sure your domain is in rcpthosts but not in virtualhosts (and create an entry in smtproutes if you need so).

How to disable SENDER checking for my private authorized senders?

Enable (uncomment) the following define, and set it to RELAYCLIENT.

#define CHKUSER_SENDER_NOCHECK_VARIABLE "RELAYCLIENT"

Thanks to Alex Pleiner for this tip.

How to disable chkuser for my private authorized senders?

Enable (uncomment) the following define, and set it to whatever value.

#define CHKUSER_DISABLE_VARIABLE "CHKUSER_DISABLE_VARIABLE"

How can I create a "submission port"?

chkuser feature CHKUSER_EXTRA_MUSTAUTH_VARIABLE can force qmail-smtpd to accept only messages from authenticated users (it happens when RELAYCLIENT is set).

In order to enable this feature, you must run qmail-smtpd on 587 port, and qmail-smtpd must be compiled with the following define set:

#define CHKUSER_EXTRA_MUSTAUTH_VARIABLE "CHKUSER_MUSTAUTH"

At run time, when CHKUSER_MUSTAUTH is defined, only authenticated messages are accepted.

Does chkuser accept xn-- (puny code) domains?

chkuser accepts such domains, but you must, as alternative options

  • comment

    #define CHKUSER_RCPT_FORMAT
    #define CHKUSER_SENDER_FORMAT

    within chkuser_settings.h

  • or comment two different occurrences of

    if (strncmp (domain->s, "xn--", 4) == 0) {
    if (strstr (&domain->s[4], "--") != NULL)
    return 0;
    } else {
    if (strstr (domain->s, "--") != NULL)
    return 0;
    }
    within chkuser.c;

Recompile after change.

Actually chkuser handles xn-- domains, but does not consider the possibility to have nested xn-- subdomains.