Re: [courier-users] (no subject)
On 24.07.17 21:17, Sam Varshavchik wrote: - OpenSSL 1.1.0 update. Custom protocol level format selection has been deprecated. The TLS_PROTOCOL setting is removed from all configuration files, and the latest supported TLS version will always be used. No changes to the GnuTLS alternative option. do you want to say that we'll be unable to disable/enable some protocol versions as we did before? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #9: Out of error messages. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
Il 19/07/2017 15:46, PICCORO McKAY Lenz ha scritto: you sould recreate and then test it! On 19.07.17 15:57, Lucio Crusca wrote: Forgot to mention, but I did remove the courier packages, the /etc/courier folder, the APT package cache and reinstalled. Did you remove or purge the packages? The quite common problem on debian and derivatives is that you remove packages, but don't purge (clean up configuration files). Package management remembers that the configuration diles are installed and does not create them. When you remove them manually, they won't get installed either. This can lead to troubles similar to those you describe. During reinstallation the system created the self signed certificate again, but nothing changed. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Enter any 12-digit prime number to continue. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] setuid/setgid problem, mail from website not sent
On 06.07.17 12:43, Bernd Plagge wrote: thank you VERY much! This was the answer. Just for the record: I had to downgrade my Debian system due to issues with the new Debian packages. Seems that the permissions on the sendmail wrapper were not set correctly by the installation program. I believe debian developer either knows what permissions to set up, or should be informed if that causes troubles... On Thu, 06 Jul 2017 03:03:37 + courier-users-requ...@lists.sourceforge.net wrote: From: Sam Varshavchik To: courier-users@lists.sourceforge.net Subject: Re: [courier-users] setuid/setgid problem, mail from website not sent Date: Wed, 05 Jul 2017 17:55:26 -0400 Bernd Plagge writes: > Hi > > I'm trying to send mail from website mail, or webmail. > However, sending doesn't work, > > Log entries: > > Jul 06 00:25:45 linde lighttpd[1182]: setuid/setgid: Operation not permitted > Jul 06 00:25:45 linde lighttpd[1182]: /cgi-bin/FormMail.pl: close sendmail > pipe failed, mailprog=[/usr/lib/sendmail -oi -t] at (eval 9) line 108. > > The courier sendmail program: > s -l /usr/sbin/sendmail > -rwxr-sr-x 1 root courier 59120 Jan 26 2015 /usr/sbin/sendmail > > > What can I do to solve this problem? Permissions on the sendmail wrapper should be setuid root, not setgid. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows 2000: 640 MB ought to be enough for anybody -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] missing MX record
On 10.06.17 14:53, SZÉPE Viktor wrote: RFC 5321 states in https://tools.ietf.org/html/rfc5321#section-5 The lookup first attempts to locate an MX record associated with the name. ... If an empty list of MXs is returned, the address is treated as if it was associated with an implicit MX RR, with a preference of 0, pointing to that host. Were you a ware of that? I think it is very unusual and dangerous. Do modern MTA-s - including Courier - implement that? Idézem/Quoting Matus UHLAR - fantomas : This behaviour was described in rfc 821 and 2821. AFAIK all MTAs implement this behaviour since MX records were implemented. What and why exactly sounds unusual and dangerous to you? On 10.06.17 16:42, SZÉPE Viktor wrote: I think it gives us no means to stop emails for a domain. I thought removing the MX record and not listening on port 25 is enough. This way anyone my send an email to a mailserver-less sub/domain. This mechanism was created when MX records were introduced, to support host/domains without them. This is how things should be done - creating new standard and define how backwards compatibility should be implemented. Read rfc 7505 that tries to implement mechanism to archieve that as a new measurement, and don't blame us for implementign something that has existed even before MX and was never dropped since. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Nothing is fool-proof to a talented fool. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] missing MX record
On 10.06.17 14:53, SZÉPE Viktor wrote: RFC 5321 states in https://tools.ietf.org/html/rfc5321#section-5 The lookup first attempts to locate an MX record associated with the name. ... If an empty list of MXs is returned, the address is treated as if it was associated with an implicit MX RR, with a preference of 0, pointing to that host. Were you a ware of that? I think it is very unusual and dangerous. Do modern MTA-s - including Courier - implement that? This behaviour was described in rfc 821 and 2821. AFAIK all MTAs implement this behaviour since MX records were implemented. What and why exactly sounds unusual and dangerous to you? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Despite the cost of living, have you noticed how popular it remains? -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] monitoring prgram times out
>> On 26.03.17 18:44, SZÉPE Viktor wrote: >>> Running bind is too expensive for me. >Idézem/Quoting Matus UHLAR - fantomas : >> are you trying to say that it's more expensive than running courier mail >> server? On 29.03.17 13:30, SZÉPE Viktor wrote: >I'd like to use the DNS resolver from the given datacenter. >Optimizing and maintaining (thus learning) another linux daemon is >what really is expensive. 1. as I stated, the server should be able to resolve localhost 2. if you do any kind of spam detection (blacklist), using others' name server could result to worse spam detection. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759 -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] monitoring prgram times out
On 26.03.17 18:44, SZÉPE Viktor wrote: >Running bind is too expensive for me. are you trying to say that it's more expensive than running courier mail server? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. How does cat play with mouse? cat /dev/mouse -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] monitoring prgram times out
>SZÉPE Viktor writes: >>2) Is it possible for Courier to skip DNS lookups for "localhost"? >> >>I wonder why Courier is not using gethostbyname(). >>/etc/hosts contains: >>127.0.0.1 localhost.localdomain localhost all recursive DNS servers should have localhost defined. Also, mailservers should use own recursive DNS servers, topologically close, so resolving localhost should not be a problem. On 26.03.17 10:32, Sam Varshavchik wrote: >gethostbyname/gethostbyaddr can only look up A addresses. Courier >needs MX records, and so needs to use its own resolver; and with its >own DNS resolver code already in place, it makes no sense to use >different resolvers. Note that different MTAs do the same. AFAIK neither sendmail nor postfix support gethostbyname() or anything other to look up /etc/hosts. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. There's a long-standing bug relating to the x86 architecture that allows you to install Windows. -- Matthew D. Fuller -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] RBL answers
>On 03/10/2017(Fri) 15:35 >Sam Varshavchik wrote: >> SZÉPE Viktor writes: >> >> > Idézem/Quoting Sam Varshavchik : >> > >> > > In the long run this will be counterproductive, since the existing >> > > blacklists will now result in a generic "Access denied." bounces, >> > > instead of the blacklist-provided message that will point back to >> > > the blacklist. But, it's their decision to make. >> > >> > I think Courier should issue an A query and if it is positive than a >> > TXT one to get the description. >> > >> > What do you think about it? >> >> That's the other thing that the blacklists definitely don't want: >> excessi ve queries. Making two queries instead of one will put extra >> load on the blacklists, and slow down your mail delivery. >Well isn't that what they want, two quires instead of one? > >> That's why I think that getting rid of ANY is counter-productive. But, >> it 's their call to make, so we'll go with that. On 24.03.17 16:09, David Niklas wrote: >Why not tell them that courier has a valid use case for the ANY query? why do you think they would listen? They need to learn the hard way... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Emacs is a complicated operating system without good text editor. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] RBL answers
On 10.03.17 10:51, Gordon Messmer wrote: >I was checking the RBL queries and answers on a server this morning, >when I noticed this in the responses: > Please stop asking for ANY.See draft-ietf-dnsop-refuse-any > >Both spamhaus and abuseat provide this text in their replies to >Courier's RBL lookups. I have checked spamhaus now, and it returns: ;; QUESTION SECTION: ;242.241.43.39.zen.spamhaus.org.IN ANY ;; ANSWER SECTION: 242.241.43.39.zen.spamhaus.org. 900 IN TXT "https://www.spamhaus.org/query/ip/39.43.241.242"; 242.241.43.39.zen.spamhaus.org. 900 IN A 127.0.0.11 242.241.43.39.zen.spamhaus.org. 900 IN A 127.0.0.4 >Is it worth considering A and TXT record lookups rather than ANY, given >the request to stop sending requests for ANY result? Might that request >indicate that requests for ANY will not be supported in the future? I got angry in the past at cloudflare for the stupid draft and already blocked a domain using their DNS because of that. I really think I should publish "digany" script that will dig for any supported RRs so I _will_ be able to look at all configured records, if anyone's so stupid to disable ANY queries... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows found: (R)emove, (E)rase, (D)elete -- Announcing the Oxford Dictionaries API! The API offers world-renowned dictionary content that is easy and intuitive to access. Sign up for an account today to start using our lexical data to power your apps and projects. Get started today and enter our developer competition. http://sdm.link/oxford ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Preferred OS for Courier mail server
On 07.01.17 15:39, Dan Johansson wrote: >I am planning to setup a new Courier mail server and I was just >wondering what is the preferred OS/distribution for a Courier install. >Today I am using Gentoo (but the package in Gentoo is not really up to >date). I wonder here - gentoo is rolling distro, so it's expected to have very new versions of packages. However, the best distro is the one you can support as best. any unix compatible system should work OK. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. It's now safe to throw off your computer. -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courier-AuthLib Configure Script Not Finding Installed ltdl.h Files
>Michael S. Scaramella, Esq. writes: >>You mentioned that I could “pass CPPFLAGS to configure.” Unless you >>have a better suggestion about what to try next, please point me >>toward any documentation available about how to appropriately pass >>CPPFLAGS to the configure script. On 13.12.16 07:01, Sam Varshavchik wrote: >You do not appear to have a tecnical background. This isn't very >complicated, but some technical knowledge is needed to build software >from source. Perhaps you should ask someone else in your organization >for assistance, here. or, someone form FreeBSD to help you with installing libtool and courier packages the FreeBSD way (ports), not manually from sources. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "The box said 'Requires Windows 95 or better', so I bought a Macintosh". -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] How to test imap idle
>On 11/16/2016 05:05 PM, David Niklas wrote: >> There is a read, write and execute bit what is the t bit? https://en.wikipedia.org/wiki/Sticky_bit On 18.11.16 11:27, Gordon Messmer wrote: >As explained in the chmod(1) man page, the t bit is the restricted >deletion flag. More information is available in the man page. it has other use for maildrop, as specified in maildrop manual page: http://www.courier-mta.org/maildrop/maildrop.html -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. On the other hand, you have different fingers. -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] TLS_STARTTLS_PROTOCOL removed from pop3d-ssl.dist.in
On 26.09.16 16:13, Matus UHLAR - fantomas wrote: >I have noticed that between courier 0.72 and 0.73 the >"TLS_STARTTLS_PROTOCOL" option was removed off pop3d-ssl.dist.in, however it >still exists in imapd-ssl.dist.in > >after some digging it seems comes from the commit [37a74e] > >https://sourceforge.net/p/courier/courier-libs.git/ci/4d91075b1b90f68527304b45bb26637a17e1454d/log/?path=/imap/pop3d-ssl.dist.in > >2013-10-14 Sam Varshavchik > >* libs/tcpd/libcouriertls.c (tls_create): Add TLSv1_1_method() and >TLSv1_2 method(), based on patch by Rob Austein . > >* pop3d-ssl.dist.in, imapd-ssl.dist.in: Fix up differences in the >documentation of TLS options in various config files. > > >... seems at least one difference was created at the time ;-) >should it stay in pop3d-ssl script or should it be removed off imapd-ssl ? OTOH, the TLS_CIPHER_LIST appears two times in imapd-ssl.dist.in (I wasn't able to find out which commit caused that) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Microsoft dick is soft to do no harm -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] TLS_STARTTLS_PROTOCOL removed from pop3d-ssl.dist.in
Hello, I have noticed that between courier 0.72 and 0.73 the "TLS_STARTTLS_PROTOCOL" option was removed off pop3d-ssl.dist.in, however it still exists in imapd-ssl.dist.in after some digging it seems comes from the commit [37a74e] https://sourceforge.net/p/courier/courier-libs.git/ci/4d91075b1b90f68527304b45bb26637a17e1454d/log/?path=/imap/pop3d-ssl.dist.in 2013-10-14 Sam Varshavchik * libs/tcpd/libcouriertls.c (tls_create): Add TLSv1_1_method() and TLSv1_2 method(), based on patch by Rob Austein . * pop3d-ssl.dist.in, imapd-ssl.dist.in: Fix up differences in the documentation of TLS options in various config files. ... seems at least one difference was created at the time ;-) should it stay in pop3d-ssl script or should it be removed off imapd-ssl ? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux is like a teepee: no Windows, no Gates and an apache inside... -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] addcr name collission - can we rename it?
>> courier's addcr was historically intended to replace addcr from >> ucspi-tcp. [...] >> A solution that's usually used elsewhere is to simply put Courier's >> bindir somewhere else, and then add it to the system shells' default >> PATHs. That's the default configure setting, bindir >> is /usr/lib/courier/bin. >> >> Would that work here? On 19.09.16 13:13, Hanno Böck wrote: >I'd find that a very unclean solution, so I'd rather like to avoid it. > >Right now we simply don't allow parallel installation of courier and >ucspi-tcp, and if you're set on keeping addcr with this name I think >we'll keep it that way. if courier's addcr is a superset of ucspi-tcp's addcr, I believe adding a dpkg diversion is proper way to go. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. On the other hand, you have different fingers. -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Address literals
>>On 29.07.16 06:48, Sam Varshavchik wrote: >>>Courier should accept postmaster@[ipaddress], where ipaddress matches >>>the connection's IP address. It won't accept any other IP address. >Matus UHLAR - fantomas writes: >>what about servers behind DNAT? On 30.07.16 08:30, Sam Varshavchik wrote: >That's obviously a problem. But this problem is due to DNAT itself. > >If a mail server accepts any IP address, delivers locally for its own >IP address, and relays everything else, DNAT will still be a problem >there. A mail addressed to postmaster@[public ip address] which reach >the server, which will promptly attempt to relay it. hmmm list of local ip addresses could do that. maybe in the "hosteddomains" file, although I would prefer defining it in virtualdomains and only configured postmaster@ in those domains -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "One World. One Web. One Program." - Microsoft promotional advertisement "Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Address literals
>On Fri 29/Jul/2016 12:48:25 +0200 Sam Varshavchik wrote: >> Courier should accept postmaster@[ipaddress], where ipaddress matches the >> connection's IP address. It won't accept any other IP address. On 29.07.16 18:41, Alessandro Vesely wrote: >Irrespectively or RELAYCLIENT? I actually don't think tht RELAYCLIENT should be taken into account. if the client has relaying privileges, (s)he should know hot co contact the server admin(s) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Due to unexpected conditions Windows 2000 will be released in first quarter of year 1901 -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Address literals
>Alessandro Vesely writes: >>SMTP provides for: >> >>address-literal = "[" ( IPv4-address-literal / >> IPv6-address-literal / >> General-address-literal ) "]" >> ; See Section 4.1.3 >> >>Mailbox= Local-part "@" ( Domain / address-literal ) >> >>However, Courier gives a syntax error: >> >>>>> rcpt to: >><<< 513 Syntax error. >> >>Has it always been so? Why? On 29.07.16 06:48, Sam Varshavchik wrote: >Courier should accept postmaster@[ipaddress], where ipaddress matches >the connection's IP address. It won't accept any other IP address. what about servers behind DNAT? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Christian Science Programming: "Let God Debug It!". -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Vhost certificates
On 08.07.16 16:38, Mark Constable wrote:
>FWIW I finally got around to testing 0.76.1 with a virtual vhost SSL
>(letsencrypt) certificate and it worked!
>
>All I did was create symlinks from /etc/courier/{esmtpd,imapd}.pem.DOMAIN
>to the right combined privkey.pem + fullchain.pem for the particular
>vhost and Thunderbird worked perfectly.
>
>Brilliant! Thank you Sam :-)
>
>Just checked, Outlook for Android did not work. Anyone know of an Android
>mail app that might work with IMAP/ESMTP SNA?
do you mean, SNI?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture some people have.
--
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courier sourcing during test
On 02.06.16 21:19, do...@mail.com wrote: >Ok, your right, this is strange. >less wants to read /root/.profile but the ID file is blank. maybe LESSOPEN variable causes less execute a sh script. maybe your shell tries to source ~/.profile >Soruced /etc/profile. Now less does not try to read /root/.profile, ID is >still blank. So su probably did not fully clean the enviroment (that's >how I got into the test account). there may be bunch of mess in your users' or system bashrc ... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. REALITY.SYS corrupted. Press any key to reboot Universe. -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Disable SSL for esmtpd on port 25
>On Fri 27/May/2016 14:39:59 +0200 Matus UHLAR - fantomas wrote: >> % grep relay= /var/log/mail | grep sm-mta | grep -c STARTTLS=server >> 261 >> % grep relay= /var/log/mail | grep sm-mta | grep -c from= >> 1007 On 27.05.16 20:02, Alessandro Vesely wrote: >Cute, I guess sm-mta is the machine name... but wait, why do I miss the >STARTTLS=server part? Also, doesn't the from= include errors? Most errors and >unencrypted sessions seem to be related to spammers... this is sendmail log... I have tls turned on for years. yeah, I think I should disable ssl23 :) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Posli tento mail 100 svojim znamim - nech vidia aky si idiot Send this email to 100 your friends - let them see what an idiot you are -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Disable SSL for esmtpd on port 25
>On 27/05/16 02:20, Matus UHLAR - fantomas wrote: >>> Some lame govt mailservers are still using SSL23... >>> "SSL23_GET_SERVER_HELLO:tlsv1 alert decode error" >>> and rather than whitelist them I'm sure I used to just disable SSL >>> via /etc/courier/esmtpd altogether (currently using v0.68.2)... >> >> why not whitelisting? Why to avoid security just because some can't >> cope with it? On 27.05.16 13:07, Mark Constable wrote: >We only use authenticated relaying via 465/SSL and 587/TLS so none >of our clients use port 25 for auth/relay. The problem is our client >recipient has to contact our support which then asks them for a copy >of the error, then I get it, then I have to squirrel around in the >mail logs to determine IP/hosts and hope a dig mx finds the right >mailserver etc then whitelists that server/mx and cross my fingers >I got all that right and our client can continue on their merry way. Aha... doesn't couriertls produce an error when too low tls version is tried by the client? >I don't know how to check what percentage of port 25 mailserver to >mailserver connections may be SSL encrypted to justify leaving SSL >on port 25 for server to server connections. Would you (or anyone) >have any idea how many mailservers are successfully connecting to >each other via SSL these days? % grep relay= /var/log/mail | grep sm-mta | grep -c STARTTLS=server 261 % grep relay= /var/log/mail | grep sm-mta | grep -c from= 1007 % grep relay= /var/log/mail.1 | grep sm-mta | grep -c from= 1349 % grep relay= /var/log/mail.1 | grep sm-mta | grep -c STARTTLS=server 296 that gives some 25% -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759 -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Disable SSL for esmtpd on port 25
On 26.05.16 17:12, Mark Constable wrote: >I just set up a new server and I can't for the life of me remember, >or find, how to disable SSL on port 25 for general incoming mail? > >Some lame govt mailservers are still using SSL23... > >SSL23_GET_SERVER_HELLO:tlsv1 alert decode error > >and rather than whitelist them I'm sure I used to just disable SSL >via /etc/courier/esmtpd altogether (currently using v0.68.2)... why not whitelisting? Why to avoid security just because some can't cope with it? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist "So does syphillis. Good thing we have penicillin." - Matthew Alton -- Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] How to force quota recalculation ?
>On 25/05/16 16:10, Matus UHLAR - fantomas wrote: >> On 25.05.16 12:41, Mark Constable wrote: >>> There may be more elegant solutions but I just simply delete that >>> file and quotawarn. The maildirsize file will be rebuilt soon >>> enough. >> >> isn't quota lost when you lose maildirsize? >> I thought the first line sets the quota... On 25.05.16 16:21, Mark Constable wrote: >The quota comes from an authdaemon lookup... > >May 25 16:16:01 s2 authdaemond[23816]: >Authenticated: sysusername=, sysuserid=, sysgroupid=, >homedir=/xxx/xxx/markc, address=ma...@renta.net, fullname=, >maildir=, quota=2097152000S, options= > >so when there is no maildirsize it gets rebuilt. The proof is that >when maildirmake first creates a users maildir area there is no >maildirsize file and everything works fine, it simply gets created >if it doesn't exist. so this depends on authdaemon providing that information, e.g. this won't work with standard user accounts other that removing quota at all... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Support bacteria - they're the only culture some people have. -- Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] How to force quota recalculation ?
>On 25/05/16 01:48, chaouche yacine wrote: >> maildirsize shows 200Mb+ of disk usage while du shows only 64Mb. how could this happen? Did someone modify the maildir's data manually (not by courier's sw)? >> How >> can I ask courier to recaclculate the quota and allow this poor user >> to receive mail again ? I have used rebuilsing quota with "maildirmake -q209715200S ./" in order to rebuild quota, but Sam's recommendation should be easier for users. On 25.05.16 12:41, Mark Constable wrote: >There may be more elegant solutions but I just simply delete that file >and quotawarn. The maildirsize file will be rebuilt soon enough. isn't quota lost when you lose maildirsize? I thought the first line sets the quota... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I intend to live forever - so far so good. -- Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Let's encrypt
>On 14/05/16 06:30, SZÉPE Viktor wrote: >> Let's Encrypt also provides you 3 certs: intermediate, public and >> private. Just install them (symlink them) as any other certificate. >> The order is: >> >> # cat "$PRIV" "$PUB" "$INT" > "$COURIER_COMBINED" On 14.05.16 12:32, Mark Constable wrote: >FWIW I find that only privkey.pem and fullchain.pem are necessary. maybe because fullchain.pem consists of $PUB and $INT ? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows found: (R)emove, (E)rase, (D)elete -- Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] I need working nginx configuration for webadmin
>On 05/02/16 19:19, Matus UHLAR - fantomas wrote: >>> A couple of more points, apache with libapache2-mod-php requires >>> the slower pre-forking version of apache and because that module is >>> always loaded for every access >> is it? iiuc it's only loaded on apache reload... (unless you tune >> MaxRequestsPerChild/2.2 or MaxConnectionsPerChild/2.4) On 02.05.16 19:57, Mark Constable wrote: >I meant the entire libapache2-mod-php module is loaded into ram for >every access to every file no matter if it's a non-php static file >or a php file. and I mean, apache process loads all modules at startup time, which means that mod-php is loaded only at the start or reconfigure time, and all child processes are created by forking only when servers are spawned at: - startup - increating number of server processes - restarting after MaxRequestsPerChild or MaxConnectionsPerChild hit. (note that forking is quite cheap operation on linux, don't know other OSes) This is quite different than what you are saying. > Each apache process (+ mod-php) is from 20Mb to 100Mb >regardless of whether it's about to parse a PHP script or not. A nginx >instance is about ~9Mb and delivers a static file up to twice as fast >as apache with mod-php (according to ab testing I did 1/2 dozen years >ago). > >I find php-fpm usually runs at 3Mb to 30Mb but sometimes up to 100Mb >for Wordpress with massively complex themes and plugins. So nginx + >php-fpm generally uses less ram than apache + mod-php for PHP scripts >but up to 10 times less ram for static files (css, js, images) and >static files (until cached) far outnumber PHP script access. I'm not telling that your claims about speed are wrong, just that your claims about how mod_php works apparently are... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Have you got anything without Spam in it? - Well, there's Spam egg sausage and Spam, that's not got much Spam in it. -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] I need working nginx configuration for webadmin
>On 05/02/16 03:16, Matus UHLAR - fantomas wrote: >>> Perl kludge suggested on nginx site for runnig CGI scripts as >>> FastCGI much worse than time-honoured apache. >> >> but what's the point of proxying it from apache? Apache can run cgi >> (and fastcgi, even php as module, not as fastcgi, so php should be >> even faster under apache) too, you don't need nginx. >> >> if you want nginx, what's the point of apache proxying? On 02.05.16 13:27, Mark Constable wrote: >A couple of more points, apache with libapache2-mod-php requires the >slower pre-forking version of apache and because that module is always >loaded for every access is it? iiuc it's only loaded on apache reload... (unless you tune MaxRequestsPerChild/2.2 or MaxConnectionsPerChild/2.4) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. One OS to rule them all, One OS to find them, One OS to bring them all and into darkness bind them -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] I need working nginx configuration for webadmin
>> On 01.05.16 01:58, Alexei Batyr' wrote: >>>I've realized that most reliable way to execute CGI scripts in nginx >>>environment is proxying to apache with following minimal config: >> does THIS make sense? On 01.05.16 17:10, Alexei Batyr' wrote: >It wouldn't make sense if Courier web part (Sqwebmail, Webadmin) could work >as FastCGI scripts. I'm using this strange construction exclusively for >running Sqwebmail on the server with nginx frontend and PHP as FastCGI >server. Perl kludge suggested on nginx site for runnig CGI scripts as >FastCGI much worse than time-honoured apache. but what's the point of proxying it from apache? Apache can run cgi (and fastcgi, even php as module, not as fastcgi, so php should be even faster under apache) too, you don't need nginx. if you want nginx, what's the point of apache proxying? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] I need working nginx configuration for webadmin
On 01.05.16 01:58, Alexei Batyr' wrote: >I've realized that most reliable way to execute CGI scripts in nginx >environment is proxying to apache with following minimal config: does THIS make sense? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist "So does syphillis. Good thing we have penicillin." - Matthew Alton -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] sending IP
On 29.04.16 17:51, SZÉPE Viktor wrote: >How should I tell Courier that it should connect on eth1 (not on eth0) >while sending? courier can't select outgoing network interface. it only can control outgoing IP: http://www.courier-mta.org/courier.html#multihomed http://www.courier-mta.org/courier.html#maybemultihomed -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Support bacteria - they're the only culture some people have. -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Soft quotas for Maildir++?
On 14.04.16 11:03, Jeff Potter wrote: >Is there a way to create soft quotas with a grace period for quota limits > on a maildir? not (yet) >We’re seeing too many cases of users coming up against their quotas where > we’d like them to be able to go over for some period of time, before > enforcing. As for “why not just set the quota larger?”, we want the quota > warnings and email clients that display quota status to show the expected > usage to based on the true hard quota. maildrop currently supports hard quota and warning limit. they should be enough in most cases... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I just got lost in thought. It was unfamiliar territory. -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] to much error DNS lookup failed, but testsmxloookup show good
On 14.04.16 10:09, PICCORO McKAY Lenz wrote: >Subject: Re: [courier-users] to much error DNS lookup failed, but > testsmxloookup show good > >lavka@vnxpos00:~$ dig mx gmail.com > >; <<>> DiG 9.6-ESV-R1 <<>> mx gmail.com >;; global options: +cmd >;; Got answer: >;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 34452 >;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 >;; WARNING: recursion requested but not available > >;; QUESTION SECTION: >;gmail.com. IN MX no answer: your DNS is not working. get working DNS servers. and you did not answer: >> what does "dig mx intranet1.net.ve" say? btw, why does your subject say "testsmxloookup show good", when you get "Soft error."? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Save the whales. Collect the whole set. -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] to much error DNS lookup failed, but testsmxloookup show good
On 14.04.16 08:48, PICCORO McKAY Lenz wrote: >3) if setup new linux box EQUAL AS THE PREVIOUS, got many errors with >default, only courier-mta ist installed, from sources compiled >standaralone, SAME if used oficial debian packages: >vnxpos00:/home/lavka/Descargas# testmxlookup intranet1.net.ve >Soft error. what does "dig mx intranet1.net.ve" say? >Apr 14 08:37:43 vnxpos00 courieresmtp: >id=4247.570F961F.735D,from=,addr=: >DNS lookup failed. >Apr 14 08:37:43 vnxpos00 courieresmtp: >id=4247.570F961F.735D,from=,addr=,status: >deferred what does "dig mx gmail.com" say? the message looks like DNS problem resolving gmail.com, and when you have problem resolving your domain, that looks like DNS error. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "They say when you play that M$ CD backward you can hear satanic messages." "That's nothing. If you play it forward it will install Windows." -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] to much error DNS lookup failed, but testsmxloookup show good
>> On 04/13/2016 03:06 PM, PICCORO McKAY Lenz wrote: >> > a question, why before was working and then now not? the only change >> > was a ip change, due are dhcp! >2016-04-13 18:09 GMT-04:30 Gordon Messmer : >> I don't know, but I might guess that the IP address that was previously >> assigned to your host had a PTR record in DNS that contained a fully >> qualified hostname. When the system booted, it may have got an address >> from DHCP, looked up the PTR using DNS, and then set the hostname. >> That's the standard behavior for Red Hat derived systems. On 13.04.16 22:00, PICCORO McKAY Lenz wrote: >but in firts installation theres no dns or valid domain, only sendmail >command was used, no configuration only default sendmail command is not smtpd and has different behaviour in some cases. >i used courier-mta only for send mails not for received well, it's very hard to say why something did work. Maybe you could revert to the previous state and check again? (just joking). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Saving Private Ryan... Private Ryan exists. Overwrite? (Y/N) -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] error setting STARTTLS when send, unable to set security mode
On 17.03.16 16:07, PICCORO McKAY Lenz wrote: >i researching, whell i used the 0.62 version, seems here startls are not >the default > >i hear version are now in 0.75 that's a bit old, which os/distribution do you use? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I intend to live forever - so far so good. -- Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] dhparam only in certfile?
>>On Fri, Mar 11, 2016 at 03:35:26PM +0100, Matus UHLAR - fantomas wrote: >>> it seems that older courier versions need dhparam file included in the >>> all-in-one certificate file... >>> >>> can anyone confirm this, just for evidence? so, was I right about this, everything including dhparams in TLS_CERTFILE? >On 11.03.16 15:58, Julien Patriarca wrote: >>In my view, there is no need for that. The >>"TLS_DHPARAMS=/etc/courier/dhparams.pem" directive, is available for >>that. On 11.03.16 17:16, Matus UHLAR - fantomas wrote: >this seems to be available since courier 4.15. >http://www.courier-mta.org/imap/INSTALL.html#upgrading -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Eagles may soar, but weasels don't get sucked into jet engines. -- Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] dhparam only in certfile?
>On Fri, Mar 11, 2016 at 03:35:26PM +0100, Matus UHLAR - fantomas wrote: >> it seems that older courier versions need dhparam file included in the >> all-in-one certificate file... >> >> can anyone confirm this, just for evidence? On 11.03.16 15:58, Julien Patriarca wrote: >In my view, there is no need for that. The >"TLS_DHPARAMS=/etc/courier/dhparams.pem" directive, is available for >that. this seems to be available since courier 4.15. http://www.courier-mta.org/imap/INSTALL.html#upgrading -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Honk if you love peace and quiet. -- Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] dhparam only in certfile?
Hello, it seems that older courier versions need dhparam file included in the all-in-one certificate file... can anyone confirm this, just for evidence? Thank you -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I wonder how much deeper the ocean would be without sponges. -- Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] maildrop log filename
>Matus UHLAR - fantomas writes: >>is it possible for maildrop to log filename of message stored to maildir? On 22.02.16 21:42, Sam Varshavchik wrote: >Nope. The filenames are randomly generates, and are completely meaningless. yes, but later could be used to avoid searching through mailbox... Of course it only applies for mail delivered via maildrop, not IMAP. But even so it could help much sometimes. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Have you got anything without Spam in it? - Well, there's Spam egg sausage and Spam, that's not got much Spam in it. -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] maildrop log filename
Hello, is it possible for maildrop to log filename of message stored to maildir? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. One OS to rule them all, One OS to find them, One OS to bring them all and into darkness bind them -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] no noreply
>> On 03.02.16 12:24, SZÉPE Viktor wrote: >>> How is it possible to prevent sending messages to non-local noreply@* >>> addresses? On 03.02.16 13:01, SZÉPE Viktor wrote: >I think your answer is for hosted domains. >I am talking about non-local address and all domains. aha... well you should not do that. But you can write courierfilter that will reject such mail... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I don't have lysdexia. The Dog wouldn't allow that. -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] no noreply
On 03.02.16 12:24, SZÉPE Viktor wrote: >How is it possible to prevent sending messages to non-local noreply@* >addresses? you could configure user noreply's courierfilter to reject all mail. alternatively, you can configure noreply as spamtrap address that will prevent them all from however, I would put it to kind of trash, sometimes helpful to filter out non-existing addresses of lists you send mail to... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759 -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SPF failing again
On 28.01.16 17:41, Mark Constable wrote: >Jan 21 15:49:18 s1 courieresmtpd: error, >relay=:::136.147.176.7, >from=: >517 SPF fail >bounce-4814_html-122269605-10348-7213380-5...@bounce.s7.exacttarget.com: >Address does not pass the Sender Policy Fr... > >~ dig txt bounce.s7.exacttarget.com >bounce.s7.exacttarget.com. 14399 IN TXT "spf2.0/pra >include:cust-senderid.exacttarget.com -all" >bounce.s7.exacttarget.com. 14399 IN TXT "v=spf1 >include:cust-spf.exacttarget.com -all" > >~ dig txt cust-senderid.exacttarget.com >cust-spf.exacttarget.com. 190 IN TXT "v=spf1 ip4:64.132.92.0/24 >ip4:64.132.88.0/23 ip4:66.231.80.0/20 ip4:68.232.192.0/20 ip4:199.122.120.0/21 >ip4:207.67.38.0/24 " "ip4:207.67.98.192/27 ip4:207.250.68.0/24 >ip4:209.43.22.0/28 ip4:198.245.80.0/20 ip4:136.147.128.0/20 >ip4:136.147.176.0/20 ip4:13.111.0.0/20 -all" don't check for cust-senderid.exacttarget.com fro the "spf2.0/pra" - courier does not support SenderID - SenderID sucks. check the one from "v=spf1": % txt cust-spf.exacttarget.com cust-spf.exacttarget.com descriptive text "v=spf1 ip4:64.132.92.0/24 ip4:64.132.88.0/23 ip4:66.231.80.0/20 ip4:68.232.192.0/20 ip4:199.122.120.0/21 ip4:207.67.38.0/24 " "ip4:207.67.98.192/27 ip4:207.250.68.0/24 ip4:209.43.22.0/28 ip4:198.245.80.0/20 ip4:136.147.128.0/20 ip4:136.147.176.0/20 ip4:13.111.0.0/20 -all" >Is that 'ip4:207.67.38.0/24 " "ip4:207.67.98.192/27' part allowed in a SPF >record? it's DNS RR with multiple strings, it's allowed in the DNS, but must be supported by courier - as Sam said, version older than 0.74 can have problem. Which courier MTA version do you use? >~ dig bounce.s7.exacttarget.com >bounce.s7.exacttarget.com. 4753 IN A 66.231.91.54 > >~ dig -x 66.231.91.54 >54.91.231.66.in-addr.arpa. 8133 IN PTR mx-in-2.exacttarget.com. > >So is it possible courier is rejecting the mismatched forward and reverse >records >for the originating domain (but that would be nothing to do with SPF)? no, this is clearly SPF error; couries afaik does not support rejecting because of reverse DNS mismatch. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Spam = (S)tupid (P)eople's (A)dvertising (M)ethod -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Gamin or FAM outdated
On 01.01.16 20:28, Szépe Viktor wrote: >Is it planned that Gamin and FAM (~10 years old softwares) are >replaced with a modern one? windows are 30 years old. Have they been replaced already? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. (R)etry, (A)bort, (C)ancer -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courier build 20150619 released
>On 10.06.15 06:51, Sam Varshavchik wrote: >>Download: http://www.courier-mta.org/download.html >> >>Changes: >> >>- Added AUTH_MKHOMEDIR_SKEL to several config files, first login or >>message to an account creates the account's home directory. On 21.07.15 16:35, Matus UHLAR - fantomas wrote: >I finally managed to do the backporting to debian wheezy versions >(I prefer to patch debian packages to benefit from the packaging system etc) > >and I can happily confirm it works with imap, pop3 and maildrop >- I haven't tried squirrelmail nor module.local but i believe are OK too. > >just a small footnote: using read/write functions would be more effective >imho. if anyone is interested, patches should be available on: http://test.fantomas.sk/courier/ I think I have avoided sqwebmail and courier-maildrop (the version for sqwebmail) which could be done too... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist "So does syphillis. Good thing we have penicillin." - Matthew Alton -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] slow transactions
>Il 2015-08-17 01:59 Ángel González ha scritto: >> Are you checking incoming connections in a blacklist > >No, I'm not. > >> / performing ident lookups? On 18.08.15 09:17, lu...@sulweb.org wrote: >How do I tell if Courier is performing ident lookups? you don't have -noidentlookup in config files. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Support bacteria - they're the only culture some people have. -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] OpenSSL or GnuTLS?
On 18.08.15 09:09, lu...@sulweb.org wrote: >how do I tell if my Courier was compiled against OpenSSL or GnuTLS when >my distro packaged it? (just in case, it's a Debian GNU/Linux 8, but I'm >more interested in how to discover the information than in the >information itself). ldd `which couriertls` >Is it possible it has support for both? hardly -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The only substitute for good manners is fast reflexes. -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Unexpected SSL connection shutdown
>> Bowie Bailey writes: >>> I have the protocol set to SSL23, which should allow everything >>> according to the comments in the file. Any suggestions? >>On 7/31/2015 5:54 PM, Sam Varshavchik wrote: >> Run the mkdhparams script, with the DH_BITS environment variable set >> to 2048. On 03.08.15 14:08, Bowie Bailey wrote: >I already did that. Thunderbird's IMAP client won't connect otherwise. > >I see that the default protocol setting is now "TLSv1+". Would I be >risking any problems if I changed from "SSL23" to "TLSv1+"? How many >servers out there are incapable of doing TLS? note that with older courier versions and OpenSSL, anything that is not understood means "tls1.0 only". I've ancountered this some time ago (and reported it here). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #9: Out of error messages. -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Unexpected SSL connection shutdown
>On Fri, 31 Jul 2015 01:07:38 PM Bowie Bailey wrote: >> Apparently, Outlook doesn't like something about my SSL setup. These >> errors and the bounceback errors I have been provided by the sender >> don't give any clues to the actual problem. >> >> I have the protocol set to SSL23, which should allow everything >> according to the comments in the file. Any suggestions? On 01.08.15 12:35, Mark Constable wrote: >There was a patch update to W8-ish a few months ago that disabled >support for SSL3 and we found we had to remove SSL3 altogether to >overcome that problem. I think Sam has dropped SSL3 by default in >the later releases. This is from 0.73.1... > >courierd : TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" >esmtpd : TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" AFAIK this does not disable SSLv3. This only configures what ciphers tie server may use, no matter with which protocol. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. (R)etry, (A)bort, (C)ancer -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courier build 20150619 released
>>>Matus UHLAR - fantomas writes: >>>>...now I only need to extract the patch from github and apply to maildrop. >>>>I'll try, thank you. >>On 20.06.15 12:02, Sam Varshavchik wrote: >>>Not just maildrop, but also courier-authlib. The actual code that >>>creates the home directory is shared across the line, in the >>>courier-authlib package. >Matus UHLAR - fantomas writes: >>Well, I got patches for the last two commits: >> >> courier-authlib: autocreate home directory. >> Added AUTH_MKHOMEDIR_SKEL setting. >> >>but I don't see patches on github for maildrop yet... On 20.06.15 16:22, Sam Varshavchik wrote: >Look in the courier-libs repo. got it now, just wondering if the homedir shouldn't be created later, after checking of username etc... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. There's a long-standing bug relating to the x86 architecture that allows you to install Windows. -- Matthew D. Fuller -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courier build 20150619 released
On 10.06.15 06:51, Sam Varshavchik wrote: >Download: http://www.courier-mta.org/download.html > >Changes: > >- Added AUTH_MKHOMEDIR_SKEL to several config files, first login or >message to an account creates the account's home directory. excellent job. I finally managed to do the backporting to debian wheezy versions (I prefer to patch debian packages to benefit from the packaging system etc) and I can happily confirm it works with imap, pop3 and maildrop - I haven't tried squirrelmail nor module.local but i believe are OK too. just a small footnote: using read/write functions would be more effective imho. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Holmes, what kind of school did you study to be a detective? - Elementary, Watson. -- Daffy Duck & Porky Pig -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Received-SPF header
>On Wed 15/Jul/2015 22:41:30 +0200 Bowie Bailey wrote: >> Unfortunately, SA ignores the header since it is placed at the bottom of >> the header list rather than inline with the rest of the Received headers. On 16.07.15 09:19, Alessandro Vesely wrote: >SA behavior is not affected by the field position within the header, AFAIK. It >looks rather like a design decision, since SA behaves the same with >Authentication-Results fields (which are often placed before the topmost >Received:). I don't think SA trusts SPF header below last trusted Received: -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist "So does syphillis. Good thing we have penicillin." - Matthew Alton -- Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Icedove + Roundcube don't get along anymore with Courier
>On 07/08/2015 09:32 AM, Julien Patriarca wrote: >> // -- >> // IMAP >> // -- >> $rcmail_config['default_host'] = 'ssl://localhost'; On 08.07.15 14:41, Gordon Messmer wrote: >That's not going to work unless "localhost" is in the certificate >SubjectAltName or CN. Use the hostname that appears in the certificate. You can in fact avoid SSL connections with localhost. They are rarely needed -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. My mind is like a steel trap - rusty and illegal in 37 states. -- Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] slow transactions
>Sam Varshavchik writes: >> If you have poor network connectivity, your DNS lookups could take >> several seconds, each, to complete. one could use this for bot detection (input before smtp greeting) I have used ident lookups for this. On 03.07.15 02:25, Lucio Crusca wrote: >I've tried to dig some random domains and it turns out that my local >Bind fails most of the time... fails how? > however I've changed DNS address in >/etc/resolv.conf and I've made it point to 8.8.8.8, just for a test. Dig >now replies instantly to every query. I would prefer fixing local nameserver instead of using publics. you may get blocked by some blacklists when using google servers. (may cause problems if you are filtering spam). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Atheism is a non-prophet organization. -- Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courier build 20150619 released
>Matus UHLAR - fantomas writes: >>...now I only need to extract the patch from github and apply to maildrop. >>I'll try, thank you. On 20.06.15 12:02, Sam Varshavchik wrote: >Not just maildrop, but also courier-authlib. The actual code that >creates the home directory is shared across the line, in the >courier-authlib package. Well, I got patches for the last two commits: courier-authlib: autocreate home directory. Added AUTH_MKHOMEDIR_SKEL setting. but I don't see patches on github for maildrop yet... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows 2000: 640 MB ought to be enough for anybody -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] calling session PAM modules
Hello,
On 08.06.15 20:01, Sam Varshavchik wrote:
>But let's try the other way, first. Can you try patching
>courier-authlib as follows, and see how well it works. If this works,
>then all that needs to be done is make this part conditional upon a
>setting.
works with authdaemon, thank you.
>diff --git a/courier-authlib/authpam.c b/courier-authlib/authpam.c
>index 9d40e69..49d9bb6 100644
>--- a/courier-authlib/authpam.c
>+++ b/courier-authlib/authpam.c
>@@ -150,6 +150,25 @@ static int dopam(pam_handle_t **pamh, int *started)
> DPRINTF("pam_acct_mgmt failed, result %d", retval);
> }
> }
>+
>+ if (retval == PAM_SUCCESS)
>+ {
>+ retval=pam_open_session(*pamh, 0);
>+ if (retval != PAM_SUCCESS)
>+ {
>+ DPRINTF("pam_open_session failed, result %d", retval);
>+ }
>+ }
>+
>+ if (retval == PAM_SUCCESS)
>+ {
>+ retval=pam_close_session(*pamh, 0);
>+ if (retval != PAM_SUCCESS)
>+ {
>+ DPRINTF("pam_close_session failed, result %d", retval);
>+ }
>+ }
>+
> if (retval == PAM_SUCCESS)
> {
> DPRINTF("dopam successful");
>
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Your mouse has moved. Windows NT will now restart for changes to take
to take effect. [OK]
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courier build 20150619 released
>>On 10.06.15 06:51, Sam Varshavchik wrote: >>>- Added AUTH_MKHOMEDIR_SKEL to several config files, first login or >>>message to an account creates the account's home directory. >Matus UHLAR - fantomas writes: >>nice to see, but it seems it wasn't added to maildrop. Unfortunately we >>don't run courier-mta here, only imap/pop3/maildrop, so I's like to see is >>in maildrop too, if possible >> >>...it seems that maildrop does ask authdaemon for homedir, but does not call >>pam_session (yeah, no wonder here...) On 19.06.15 19:15, Sam Varshavchik wrote: >It's the same fundamental problem, authdaemon is an independent >process. PAM handles acquired by authdamon can only be used by that >proces. > >Also, maildrop does not use any kind of a configuration file. The >configuration file really sets environment variables. So you'd have >to modify your mail server's environment, so that maildrop gets to >inherit these environment variables. That's something maildrop can't >solve on its own. > >It should be possible to add something to maildrop to do this, but >setting up the environment variable would be something that must be >done on its own. of course, this is precisely what I expected as solution. I'll try to push the variable to postfix (export_environment should do that) ...now I only need to extract the patch from github and apply to maildrop. I'll try, thank you. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #98652: Operation completed successfully. -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courier build 20150619 released
On 10.06.15 06:51, Sam Varshavchik wrote: >Download: http://www.courier-mta.org/download.html > >Changes: > >- Added AUTH_MKHOMEDIR_SKEL to several config files, first login or >message to an account creates the account's home directory. nice to see, but it seems it wasn't added to maildrop. Unfortunately we don't run courier-mta here, only imap/pop3/maildrop, so I's like to see is in maildrop too, if possible ...it seems that maildrop does ask authdaemon for homedir, but does not call pam_session (yeah, no wonder here...) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Christian Science Programming: "Let God Debug It!". -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Different esmtproutes for ipv6 and ipv4 domains?
On 16.06.15 09:50, m...@lechevalier.se wrote: >Subject: [courier-users] Different esmtproutes for ipv6 and ipv4 domains? there are not ipv6 and ipv4 domains. There are only ipv6 and ipv4 hosts. >Is it possible to have a different relay in (or none) for ipv6 capable hosts >than ipv4 only hosts? > >Normally I would have > >: relay.com > >Some hosts, like gmail, support ipv6 and I want to use no/another relay for >them. you can check and set up esmtproutes for gmail and others manually, but I don't see reason why should someone produce code that will compare how many hosts in MX RRs have A and AAAA records and compare those... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "The box said 'Requires Windows 95 or better', so I bought a Macintosh". -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] calling session PAM modules
>On 06/09/2015 12:54 AM, Matus UHLAR - fantomas wrote: >> Although all other services do run those calls too, I found it still better >> to let admins load the system when they need it. On 09.06.15 09:54, Gordon Messmer wrote: >I don't think it's true that all other services run the session calls. >Typically, non-interactive services don't. For instance, "cvs," >"postgresql," and "smtp" (from Postfix) don't include any session >directives on the first server I looked at. mod_auth_pam for Apache >httpd doesn't invoke the session. I still don't get your point - where exactly do you see the problem? >It might be safe to do this in an authdaemon child process, but >typically the session calls would be invoked in the process that >actually becomes the user's session. In this case, imapd or pop3d. afaik, there ARE more authdaemon processes, and since the pam code is already in authdaemon, it apparently should not be put into imapd/pop3d. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Posli tento mail 100 svojim znamim - nech vidia aky si idiot Send this email to 100 your friends - let them see what an idiot you are -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] calling session PAM modules
>On 06/08/2015 05:01 PM, Sam Varshavchik wrote: >> That's another option. If that's all that pam session is used for, is to >> invoke the pam_mkhomedir.so module, this should work. On 08.06.15 22:34, Gordon Messmer wrote: >That's probably not a great idea while the pam configurations include >system-auth. It's standard setup on CentOS 7 looks like: [deleted] I agree - that's why I said "of course, only if admin sets it up, to prevent others from useless pam calls" Although all other services do run those calls too, I found it still better to let admins load the system when they need it. maybe env. variable (courier-style) that allows pam-session? >It might work better if authdaemond forked and ran the session bits in >the child process? But especially with systemd, it's worth benchmarking >the number of auth calls / second authdaemond can handle with and >without the session calls. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759 -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] calling session PAM modules
>Matus UHLAR - fantomas writes: >>could courier-authlib use PAM session functions? >> >>We use AD authentication so we can't create home directories when users are >>created (because on client we don't know when a user is created). >> >>I would like to create homedir/maildir at first access, either from >>maildrop, or from courier, whichever happens first. However courier-authlib >>does not call session functions, so we currently can not use courier, unless >>we find OK that users' logins will fail before first mail is received... >>we do not. >> >>this was discussed already few years ago, but I believe here we have proper >>reason to support PAM sessions. On 08.06.15 08:30, Sam Varshavchik wrote: >Unfortunately, this is not architecturely possible. authdaemond runs >as a standalone daemon, and it handles all authentication requests. >It has no direct knowledge of when individual processes get created, >and when they terminate. but it could call session init after successful verification, and session close immediately after, right? (of course, only if admin sets it up, to prevent others from useless pam calls) >However, it might be possible to implement this directly. do you mean directly in smtp/imap/pop3 servers? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. How does cat play with mouse? cat /dev/mouse -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] calling session PAM modules
Hello, could courier-authlib use PAM session functions? We use AD authentication so we can't create home directories when users are created (because on client we don't know when a user is created). I would like to create homedir/maildir at first access, either from maildrop, or from courier, whichever happens first. However courier-authlib does not call session functions, so we currently can not use courier, unless we find OK that users' logins will fail before first mail is received... we do not. this was discussed already few years ago, but I believe here we have proper reason to support PAM sessions. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. There's a long-standing bug relating to the x86 architecture that allows you to install Windows. -- Matthew D. Fuller -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] TLS1_1 or higher ONLY?
On 03.06.15 17:05, Matus UHLAR - fantomas wrote: >What would be best done, is to backport TLS1_1 and TLS1_2 support to the >version in wheezy (that should be supported for 5 years since release). > > >Sam, would you find that possible? > >Are there any commits updating openssl and tls1+ available on github >(or anywhere else)? I see two commits that could help the issue, could either one help? 2014-10-15 Rob Austein * libs/tcpd/libcouriertls.c (tls_create): Set SSL_OP_NOSSLv3 flag, to disable SSL3 support. 2013-10-14 Sam Varshavchik * libs/tcpd/libcouriertls.c (tls_create): Add TLSv1_1_method() and TLSv1_2 method(), based on patch by Rob Austein . * courier/module.esmtp/esmtpd.dist.in, courier/module.esmtp/esmtpd-ssl.dist.in, courier/courierd.dist.in, libs/imap/pop3d-ssl.dist.in, libs/imap/imapd-ssl.dist.in: Fix up differences in the documentation of TLS options in various config files. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Spam is for losers who can't get business any other way. -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] TLS1_1 or higher ONLY?
HEllo, hope I won't be blamed for necroposting. >On Thu, Mar 26, 2015 at 4:41 PM, Matus UHLAR - fantomas >wrote: >> no matter what I have tried to put into "TLS_PROTOCOL" (even clear >> nonsense), it only accepted TLS version 1.0. I have tried to work around this by setting TLS_CIPHER_LIST to exclude SSL3 ciphers, without any luck (unsurprisingly). >> apparently couriertls only supports tls1.0, while underlying openssl >> library supports 1.2. On 26.03.15 17:05, Jan Ingvoldstad wrote: >And that's with Courier 0.74.1? no, that's with imap 4.10.0 and pop 0.68.2, as they appear in Debian 7 (Wheezy), released on 2013/05/04. Note that Debian, like many other (non-rolling) distributions, prefers to maintain one release and backport security fixes to it. That prevents from unexpected surprises and backward incompatibilities when upgrading to newer versions. What would be best done, is to backport TLS1_1 and TLS1_2 support to the version in wheezy (that should be supported for 5 years since release). Sam, would you find that possible? Are there any commits updating openssl and tls1+ available on github (or anywhere else)? Thank you -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Spam = (S)tupid (P)eople's (A)dvertising (M)ethod -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Maildroprc not being read
On 25.05.15 11:20, Alexey Mishustin wrote: >Thanks for the suggestions, Gordon, Matus. > >"There is more than one way to do it". I will consider it, it's useful. > >Now it's a "cc" command in my maildroprc - works correctly. after sending the mail I got the feeling that I was too terse. at my former job we used .mailfilter that tested and optionally included other mailfilters, e.g. spam filter or forward/vacation. This way users could independently turn spam filtering and forwarding off and still have filter for putting mail to separate folders. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. On the other hand, you have different fingers. -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Maildroprc not being read
>>> But when maildrop is called from courier, it behaves as if there is no >>> configuration files at all (maildroprc not being read): messages go >>> always to Maildir; no echoes, no new lines in var/log/maildrop.log. >>> >>> What could I have missed? >> >> My guess is that your user has a .courier file, so DEFAULTDELIVERY isn't >> being used. In that case, maildrop probably isn't called from courier >> at all. > >Really! I had created a .courier file for forwarding. After deleting >it maildrop is working as intented. > >Thank you very much, Gordon! On 23.05.15 22:14, Alexey Mishustin wrote: >What is the best way to combine maildrop delivery with forwarding (to >an external e-mail)? cc? forwading from ~/.mailfilter probably. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Saving Private Ryan... Private Ryan exists. Overwrite? (Y/N) -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Recent Windows 8.1 update problem
On 18.05.15 15:43, Mark Constable wrote: >FWIW we found a workaround for now and that is to disable tls/ssl. I believe you understand that this is very bad workaround >ie; IMAP port 143/none and SMTP port 587/none works for those Windows >8.1 users who have had updates since the 12th May 2015. does the problem apply when trying imap/143/starttls and imaps/993, smtp/587/starttls and smtp/465/ssl ? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Silvester Stallone: Father of the RISC concept. -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] mailbox management
>Alexei Yu. Batyr' writes: > >>Bowie Bailey wrote on 30.04.2015 19:48: >>> No, main check is the mtime of Maildir/cur folder. It's exactly the time >>> when user last checked mail by IMAP or POP. Check for >>> sqwebmail-timestamp - only for those who use Sqwebmail and not use IMAP >>> or POP. >>> Didn't notice that. That actually works better than what I suggested >>> since you only get a single result per mailbox. >>> >>> Why do the check for sqwebmail-timestamp? Doesn't a login to sqwebmail >>> also result in new messages being moved to the cur folder and updating >>> the mtime? >>> >>Good question. I wrote this script more then 10 years ago and remember >>only that added sqwebmail-timestamp check later for some reason. On 30.04.15 21:15, Sam Varshavchik wrote: >If you have maildrop filtering enabled, you could have a mail filter >that delivers all or most of the mail to some folder. So the main >maildir's cur and new directories may not actually be touched for a >while. > >However, sqwebmail-timestamp will always get updated with every login. if a user does log in once per time, using IMAP_EMPTYTRASH for automatic deletion from some (trash, spam) folders and compiling --with-trashquota should help the issue -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Holmes, what kind of school did you study to be a detective? - Elementary, Watson. -- Daffy Duck & Porky Pig -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Forwarding mail with SPF
On 11.04.15 21:10, Szépe Viktor wrote: >When a local address - having no local delivery - is forwarded to >another mail server which strictly checks SPF, >it could be that the sender's domain has "-all" in SPF thus it is not >possible to forward that message. >BTW it causes backscatter. the point of SPF is that you should not send mail using someone other's from address, since the original sender sent the mail to you - it's you who is sending it now, so you should send it under your ID. >On forwarding Courier MTA sets MAIL FROM: to the same address as in >the original message's From: header (or the original MAIL FROM:, I do >not know) and this - the forwarding - mail server is not on the >allowed hosts' list in SPF. > >Could we have a new option for setting a fixed MAIL FROM: on >forwarding to make forwarding possible in these cases? havce you tried couriersrs? https://couriersrs.com/ -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #98652: Operation completed successfully. -- BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] TLS1_1 or higher ONLY?
On 25.03.15 17:23, Matus UHLAR - fantomas wrote: >I have tried with debian wheezy 7.8, courier 0.68.2, openssl 1.0.1e >and I can confirm the same Gerald encountered - ssl3, tls1, tls1_1 and >tls1_2 are allowed by default, but whatever I have tried, i was not able to >disable ssl3 while keeping tls1_1 and tls1_2 allowed... Here I should add: no matter what I have tried to put into "TLS_PROTOCOL" (even clear nonsense), it only accepted TLS version 1.0. apparently couriertls only supports tls1.0, while underlying openssl library supports 1.2. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. One OS to rule them all, One OS to find them, One OS to bring them all and into darkness bind them -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] TLS1_1 or higher ONLY?
>Matus UHLAR - fantomas writes: >>I have tried with debian wheezy 7.8, courier 0.68.2, openssl 1.0.1e >>and I can confirm the same Gerald encountered - ssl3, tls1, tls1_1 and >>tls1_2 are allowed by default, but whatever I have tried, i was not able to >>disable ssl3 while keeping tls1_1 and tls1_2 allowed... On 25.03.15 18:55, Sam Varshavchik wrote: >That version of Courier is too old to know about the appropriate >calls, and flags, to implement this particular protocol >configuration. I'll fill a bugreport against courier-ssl. due to way how stable debian works, a patch will be apparently needed to backport the support for newer TLS versions. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. How does cat play with mouse? cat /dev/mouse -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] TLS1_1 or higher ONLY?
Hello, >>>> So, that's OpenSSL. The documentation in the file you're editing >>>> indicates that "TLSv1.1" and "TLSv1.2" are valid settings for OpenSSL. >>>> It doesn't indicate whether multiple values can be set. >>On 2/27/2015 6:27 PM, Sam Varshavchik wrote: >>> In the current version, there's a "TLSv1.1+" setting. >Gerald Drouillard writes: >>With ubuntu version 14.04 results in tls1 only. Same with TLS1+ and TLSv1+ On 28.02.15 12:36, Sam Varshavchik wrote: >The "current version" in my previous statement refers to the current >version of all Courier packages. I don't know which versions are >included in Ubuntu 14.04; most likely older versions. > >Contact the maintainer of the Ubuntu package, and ask to have the >package updated to the current version. I have tried with debian wheezy 7.8, courier 0.68.2, openssl 1.0.1e and I can confirm the same Gerald encountered - ssl3, tls1, tls1_1 and tls1_2 are allowed by default, but whatever I have tried, i was not able to disable ssl3 while keeping tls1_1 and tls1_2 allowed... how does couriertls pass list of allowed protocols to openssl? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Fucking windows! Bring Bill Gates! (Southpark the movie) -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Planning migration
On 19.03.15 11:24, Lucio Crusca wrote: >I have a production courier-mta server (along with imap and pop) with a number >of domains and mailboxes, authentication through userdb. It's a old Debian >GNU/Linux 6.0 server with packaged courier-mta 0.65. I plan to migrate it to a >new server with Debian GNU/Linux 8.0 and packaged courier-mta 0.73. > >What's the best live migration path that ensures no messages are lost in the >move? My idea is: > >1. Install new server & configure all domains & accounts >2. Make old server send a copy of incoming messages to the new server >3. manually copy old messages >4. switch DNS records & wait propagation >5. shutdown old server > >Assuming my idea makes sense, what's the simplest way to configure courier-mta >for point 2? Do you _need_ to move to new hardware? In-place upgrade of debian is usually quite eaqsy thing. You can do that inb one step (apt-get dist-upgrade) or in many steps (manually upgrade single packages with their dependencies). If you need to upgraqde your hardware, you can set up the new server, copy user settings and data, and configure it as backuprelay for the old host, so the mail stuck in queue get sent within a few hours. however, you must avoid receiving new mail on old server, by turning it off. you can do that by disabling services (and thus be unreachable), or moving password database first, switching DNS and copying user data finally. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. He who laughs last thinks slowest. -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Aliasing
On 25.02.15 22:21, Mark Constable wrote: >I have a 3rd party app that produces a reply-to address like this... > >ciab+605e46207a16cd9170493949c2684fb1-...@renta.net what do you mean "like that"? Does the string after "+" change? That means that the app is compatibile with sendmail and postfix that both use "+" sign to separate username from additional information. >What would be the best alias method to land this in the mailbox of >c...@renta.net? If not an alias, any possible workarounds like pipe >to command or smtp/rcptfilter suggestions? courier uses "-" as the separator, so if you could force the application to use "-" instead of "+", you could use .courier-default in the ciab's home directory. Otherwise, maybe you could switch the application or try switching to sendmail/postfix. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux is like a teepee: no Windows, no Gates and an apache inside... -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courier failing to connect to other servers
On 09.02.15 12:17, Ryta Kashemire wrote: > Iam running an inbound server with courier > >I have noticed that it has connectivity issues. > > >Bellow is part of the logs iam getting > >- >Feb 9 11:34:05 pop courieresmtp: >id=00A407D7.54D42D5B.2006,from=,addr=< >u...@xxx.com>: Connection refused >Feb 9 11:34:05 pop courieresmtp: >id=00A407D7.54D42D5B.2006,from=,addr=< >u...@xxx.com>,status: deferred >- "connection refused" is an error courier gets when it's not able to connect to remote server. This may indicate that the remote mail server is down, firewalled or there's a misconfiguration on your side (wrong port, wrong smarthost etc) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Eagles may soar, but weasels don't get sucked into jet engines. -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] MX should not point to a CNAME?
>On Thu, Jan 22, 2015 at 3:06 PM, Jeff Potter >wrote: >> The other issue: a sending server can resolve the CNAME and rewrite the >> address on you. I saw this years ago. >> >> E.g.: >> >> foo.com with a CNAME of “bar.com” >> foo.com with an MX of “some-good-mailserver.example.com” On 22.01.15 19:23, Jan Ingvoldstad wrote: >Well, this is in direct violation of the DNS specification for CNAME. When >foo.com is a CNAME, it CANNOT have any other records, so the behaviour of >that MX record is undefined, whether it breaks in the way you describe or >foo.com simply won't resolve, is too risky to rely on. I believe that was supposed to be: foo.com with a CNAME of “bar.com” I have also seen the mailserver to rewrite the domain when CNAME was found, unrelated to other records... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 2B|!2B, that's a question! -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] MX should not point to a CNAME?
>> My understanding of why CNAMEs are prohibited for MX hosts is that they can >> introduce loops. The last paragraph of Section 5.1 explains how a sender >> should attempt to locate itself in the list of MXes, ordered by preference. >> You may want to compare that paragraph with the historic discussion in RFC >> 974, >> which, under "Minor Special Issues", says: On 22.01.15 09:06, Jeff Potter wrote: >The other issue: a sending server can resolve the CNAME and rewrite the >address on you. I saw this years ago. > >E.g.: > >foo.com with a CNAME of “bar.com” >foo.com with an MX of “some-good-mailserver.example.com” > >Sending email to “j...@foo.com” resulted in an email to “j...@bar.com” — the > sending MUA / MTA resolved the cname on me. (I think it was qmail at the > time.) I've seen this, seems it's described in RFC 1123, section 5.2.2. However, it's a different issue. Still, NS and MX must not point to a CNAME. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows found: (R)emove, (E)rase, (D)elete -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] kitchen sink
On 19.01.15 13:28, Szépe Viktor wrote: >Is there a way to "drop" (as in iptables) mail for certain addresses >(not for an entire domain), so do receive it but do not save it >anywhere? bofh "spamtrap" option should be what you need. It drops all mail that it sent to the configured addreses. Note that it mail has multiple recipients, and one of them is spamtrap account, the mail is not delivered anywhere... >I would prefer a solution without a local user. bofh requires local account, however you can use one acount for multiple addresses - just alias them to the account. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "To Boot or not to Boot, that's the question." [WD1270 Caviar] -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Format of Received headers when running in IPv4
On 05.01.15 11:12, Jeff Potter wrote: >When running courier compiled with “--without-ipv6”, submit.C still formats >the Received headers with brackets around the IP address, like so: > > Received: from mail-qa0-f47.google.com ([209.85.216.47]) > >Most mail systems format would format it without the brackets in IPv4 cases: > > Received: from mail-qa0-f47.google.com (209.85.216.47) how did you come to this? looking through my mail, seems that most of systems does add brackets... >Our spam filtering software is chocking on the brackets (SpamAssassin’s >RDNS_NONE gets triggered). it's not triggered because of the brackets. It's triggered because your MTA does not reverse-resolve sender. my system adds: Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) >Admittedly, the true fix is getting SpamAssassin to be more tolerant in its >parsing. Maybe you should remove -nodnslookup from TCPDOPTS in your esmtpd file? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. If Barbie is so popular, why do you have to buy her friends? -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Added whitespace breaks DKIM signatures
On 12.12.14 13:13, Alessandro Vesely wrote: >I tentatively installed the following patch. It prevents wrapping without >apparently causing any blatant malfunction. What would you say about it? >(I didn't explore what unexpected effects it might sort.) I think that RFC 5322 section 2.1.1 explains that nicely. I also prefer lines up to 70 chars long, so they with into one line (indented by tab character). just my €.01 >--- courier/libs/comrwheader.c.orig2013-08-25 20:44:47.0 +0200 >+++ courier/libs/comrwheader.c 2014-12-12 09:03:44.0 +0100 >@@ -98,7 +98,7 @@ > unsigned i, l; > char*p; > >- new_header=rfc822_getaddrs_wrap(rfca, 70); >+ new_header=rfc822_getaddrs_wrap(rfca, 700); > if (!new_header)clog_msg_errno(); > > for (i=l=0; new_header[i]; i++) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Enter any 12-digit prime number to continue. -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courierfilter on gentoo
>>On 09.12.14 14:54, Gordon Messmer wrote: >>>IIRC, the gentoo ebuild for courier includes its own init script, and >>>people have complained about it repeatedly in the past. >>> >>>I don't know if it's possible to use Courier's own init script, or why >>>the gentoo maintainer doesn't do so, but that would probably be the >>>place to start. It might be worth tracking the maintainer down and >>>getting his input. >Matus UHLAR - fantomas writes: >>apparently because uses openrc init system which is much different from >>plain shell init scripts... On 10.12.14 06:49, Sam Varshavchik wrote: >So what. It all boils down to just a start, and a stop. > >The Fedora package installs a systemd unit. Which simply runs the >init script, as a start and a stop function. it's also about running status and dependencies, e.g. packages depending on courier should be restarted with it. Unfortunately it does not apply when only courierfilter is restarted... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved! -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courierfilter on gentoo
>On 12/08/2014 08:04 PM, Ben Kennedy wrote: >> I have been running courier and a couple of filters to run rudimentary spam >> blocking (pythonfilter, courierfilter, courier-filter-perl) for many years, >> but the setup has always been a bailing-wire-and-gum pain in the ass; every >> time that the courier process goes down and comes back up, these processes >> need to be killed by hand (courierfilter stop does not work) and then >> relaunched. My installation, for what should be commonplace requirements, >> has never felt smooth or properly-designed. On 09.12.14 14:54, Gordon Messmer wrote: >IIRC, the gentoo ebuild for courier includes its own init script, and >people have complained about it repeatedly in the past. > >I don't know if it's possible to use Courier's own init script, or why >the gentoo maintainer doesn't do so, but that would probably be the >place to start. It might be worth tracking the maintainer down and >getting his input. apparently because uses openrc init system which is much different from plain shell init scripts... It would be better to post patches to gentoo, or maybe here. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "To Boot or not to Boot, that's the question." [WD1270 Caviar] -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtpaccess and 517 rejects woes
>Am 30.11.2014 um 20:09 schrieb Matus UHLAR - fantomas: >> The problem is refusing because of HELO not matching RDNS. On 01.12.14 13:29, Bernd Wurst wrote: >Just a sidenote: >The mentioned check does not check RDNS but simply if the DNS-Hostname >resolves to the connecting IP address. oh, sorry for a little misunderstanding. Yes, it's THIS one check that violates the RFCs. Thus, I don't consider it for use and would prefer avoiding it in BOFHCHECKHELO maybe courier could have build option like squid's --enable-rfc-violations? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I'm not interested in your website anymore. If you need cookies, bake them yourself. -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtpaccess and 517 rejects woes
>Matus UHLAR - fantomas writes: >>I noted that it is an RFC violation: you MUST NOT refuse connection because >>HELO string does not match reverse DNS. >>...you may reject the connection because of different HELO issue. On 30.11.14 09:19, Sam Varshavchik wrote: >I'll confirm that a HELO check blocks a lot of junk. >The default settings do not enable SPF checking at all; so the >default configuration does not check the HELO. > >But, if someone wants to do that, this setting is available; and, >since it's their server, and if they wish to ignore the requirement >to not validate the HELO, it's their prerogative to do so. as I said before, the problem is not to block at HELO stage or for the invalid HELO string (invalid hostname, local IP address, local hostname etc). The problem is refusing because of HELO not matching RDNS. refusing would also block much connections and would not violate RFCs... I have just checked my SA logs for a few weeks and have found no RCVD_HELO_IP_MISMATCH hit... either the rule does not work, or the cvheck is not as important as it seems -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Posli tento mail 100 svojim znamim - nech vidia aky si idiot Send this email to 100 your friends - let them see what an idiot you are -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtpaccess and 517 rejects woes
>> if BOFHCHECKHELO really does what it's documented to do, and what >> indicates this message, then you should not use it, since it violates RFC >> 821 and all its successors. It may cause troubles to you (well, it just >> did...) On 28.11.14 22:09, Marcin 'Rambo' Roguski wrote: >Actually, it also slashed about 30% of incoming spam, and I didn't notice any >illogical behaviour of my courier when analyzing the logs. I noted that it is an RFC violation: you MUST NOT refuse connection because HELO string does not match reverse DNS. such a thing may happen in case of IP or DNS change, even for hammy senders. ...you may reject the connection because of different HELO issue. > This gem is just one >of hundreds hosts that connect to my server every day, and they don't have >issues >(unless, of course, they do, but 99.9% of these are either dynamic IPs or shady >mailing servers). don't you run other checks that refuse those spammers? >I sumbit to you: > >$ host mx1.evo.pl >mx1.evo.pl A 178.63.45.155 > >However, I'm being reached by 178.63.50.70, thus HELO is mismatched, >which suits my aggressive antispam policy - mail is rejected. usually, it does not only matter hof much of spam gets rejected, but also how much of ham is rejected. It's not wise to violate the RFC standard, if you want to use it for communication. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I don't have lysdexia. The Dog wouldn't allow that. -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtpaccess and 517 rejects woes
On 28.11.14 13:34, Marcin 'Rambo' Roguski wrote: >opt BOFHCHECKHELO=1 > >Nov 28 12:31:04 goldsmith courieresmtpd: >error,relay=:::178.63.50.70,from=<-[edited]-@platon.com.pl>: 517 HELO >mx1.evo.pl does not match :::178.63.50.70 if BOFHCHECKHELO really does what it's documented to do, and what indicates this message, then you should not use it, since it violates RFC 821 and all its successors. It may cause troubles to you (well, it just did...) I don't recommend using BOFHCHECKHELO unless it relaxes this check (hostname in helo string points to connecting IP) to for example requiring FQDN with valid A/ record, maybe with addition that it must NOT match or resolv to the local IP address (which is quite common for spamming clients). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Fucking windows! Bring Bill Gates! (Southpark the movie) -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Violation to RFC1035 (IP in MX)
On 19.11.14 16:36, Bernd Wurst wrote: >But I recently found out that the freaky "is my MX set up right" tool at >MX Toolbox (and no other tool I know) complains about IP address in MX >records. They state that this is completely ok. Not even a warning: >http://mxtoolbox.com/SuperTool.aspx?action=mx%3aisoloc.com&run=toolpage should be fixed apparently. as someone said in bind-users mailing list, such tools often exist to sell DNS service to customers... >That lead my to the question: WHY is it so bad to have IP addresses in >MX? the MX record points to a hostname by definition. The hostname (and only the hostname) points to address (by definition). >My current example is mail from the Domain "isoloc.com": >isoloc.com.600 IN MX 10 217.160.79.52. >isoloc.com.600 IN MX 10 smtp.isoloc.com. there is no TLD named 52. in fact, the MX points to nonexistent host "217.160.79.52." (see the trailing dot?). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. He who laughs last thinks slowest. -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Deny relay
>Stephan Knorr writes: >>I am trying to deny authenticated esmtp (on port 587) for local users who >>have configured their email-client with a foreign from-adress (not in our >>local domain). On 12.11.14 08:13, Sam Varshavchik wrote: >What would be possible is writing a custom mail filter that rejects >messages from authenticated connections that do not have a matching >From: header: > >http://www.courier-mta.org/courierperlfilter.html > >Some documentation to get started on writing a custom filter in Perl. ... and I would just recommend not to block foreign domains, but even foreigh addresses - block any address user does not own, e.g. is not same as its login name or is not in aliases. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Save the whales. Collect the whole set. -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courier and rfc 4408 spf
On 05.11.14 08:59, mariobe...@bol.com.br wrote: >Date: Wed, 05 Nov 2014 08:59:01 -0200 >From: mariobe...@bol.com.br >To: Matus UHLAR - fantomas please, don't mail privately to me. We have mailing list for this... >Cc: courier-users@lists.sourceforge.net >Subject: Re: [courier-users] Courier and rfc 4408 spf >My mail server is banning the email's algartelecom.com.br domain with SPF >NEUTRAL, even though >FAIL with the SPF record. BANNING with NEUTRAL result? Did you configure courier to reject mail when SPF result is NEUTRAL? >algartelecom.com.br is the ISP in my area. > >ISP support states that the SPF record is in accordance with RFC 4408, >paragraph 3.1.3. >http://www.openspf.org/RFC_4408#multiple-records your question was already answered: http://sourceforge.net/p/courier/mailman/message/33002315/ >I believe that the SPF record of ISP is overloaded ... this was also already said: http://sourceforge.net/p/courier/mailman/message/33005246/ >Soon, the mail server is that is the problem and I'm currently adding the >whitelis for various subnets. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #98652: Operation completed successfully. -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courier and rfc 4408 spf
>Am Tue, 4 Nov 2014 13:23:25 +0100 >schrieb Matus UHLAR - fantomas : >> you should be glad you are receiving neutral, the SPF checker at >> http://www.kitterman.com/spf/validate.html gives something different: >> >> >> Results - PermError SPF Permanent Error: Too many DNS lookups On 04.11.14 21:48, Hanno Böck wrote: >I get this for all my domains. >They use a single include for spf. I don't think that's unreasonable. give us an example... I have already seen problems when spf.protection.outlook.com itself caused 9 lookups >Looks to me as this tool is broken, not the spf config. algartelecom.com.br includes 4 records, 3 of which include another record (luckily, one of them repeats). That makes 7 lookups only for getting the SPF records. Further there are 'a' and 'mx' lookups and with 'ptr' lookups from spf.protection.outlook.com it gives 11 (PTR must be validated)... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Christian Science Programming: "Let God Debug It!". -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courier and rfc 4408 spf
On 04.11.14 09:08, mariobe...@bol.com.br wrote: > Hi, please, turn off HTML mail for mailing lists. > The problem occurs when the domain is in your SPF record on multiple lines > for the TXT record. > > Domain: algartelecom.com.br > > TXT record: > > "v = spf1 ip4: 189.112.116.20 ip4: 200.170.137.98 ip4: 200 170 > 169 128 ip4: 20 > 0.225.197.0/24 ip4: 200 225 223 133 ip4: 201.16.216.25 ip4: 201.48.140.94 > " > "include: 17386.meuspf.com include: 21316.meuspf.com include: > spf.protectio > n.outlook.com include: spf.virtualtarget.com.br a mx -all " ... thanks fo HTML this record is horribly broken. > > Error courier: > > Nov 3 12:38:07 mail courieresmtpd: error, relay = :: : 65.55.169.54, > from = : 517 SPF neutral > marc...@algartelecom.com.br: Address does not pass the Sender Policy > Framework you should be glad you are receiving neutral, the SPF checker at http://www.kitterman.com/spf/validate.html gives something different: Results - PermError SPF Permanent Error: Too many DNS lookups ...no wonder, there are too many included records... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 2B|!2B, that's a question! -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] problems when enabling tls only for pop3s/imaps
On 28.10.14 13:11, Alexander Lehmann wrote: >Following the poodle issue I disabled SSLv3 in my courier mail server by >setting > >TLS_PROTOCOL=TLS1 > >According the sslscan this disables all sslv3 connections, but allows tls1 >connections on port 993. This works for most mail software, but is >apparently failing for different versions of Outlook and Outlook Express. > >I assume that Outlook in Windows XP will not support tls since it is too >old, but it seems that newer Outlook versions do not work either. > >I am currently using 4.8, maybe that is too old. windows XP support TLS1, although it's disabled by default IIRC (not sure abour service packs). Yes, the question is whether it works on implicit-ssl connections -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "The box said 'Requires Windows 95 or better', so I bought a Macintosh". -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] MYSQL_MAILDIR_FIELD missing
>Mark Constable writes: >>~ grep DEFAULT /etc/courier/courierd (truncated) >>courierd:DEFAULTDELIVERY="| /usr/bin/maildrop" >>courierd:MAILDROPDEFAULT=./Maildir On 02.10.14 22:30, Sam Varshavchik wrote: >What's courierd doing here? You said that you are running the >courier-imap package, at the beginning. Mark means that the "courierd" file is config file for courierd, the MTA, not for courier-imap. >This is probably a packaging issue with different/duplicated >packages, using different configuration directories. >The pristine tarball's default configuration should be putting all >the configuration files in /usr/local/etc/authlib. The RPM package >configure courier-authlib to use /etc/authlib. > >You need to double-check where the Ubuntu package puts things. for debian/ubuntu the config dir is /etc/courier/ for all courier packages except maildrop... (there's no reason to use /usr/local when the package is installed within the OS distribution) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Save the whales. Collect the whole set. -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Remove Received headers in outgoing authed email?
On 24.09.14 08:37, Jeff Potter wrote: >How do we remove the initial Received header in outgoing email from our > servers, or at least mask out the IP address of our sending user? why? it's much easier to track problems (both by you and remote admins) if you don't remove those information. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. REALITY.SYS corrupted. Press any key to reboot Universe. -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] building courier with nonstandard --prefix
>> That's not the real error. >> >> There was an error when the configure script ran earlier, but it >> didn't abort, and kept going. >> >> Run the configure script again, and search for errors related to >> executing "courierauthconfig". KOn 17.09.14 08:30, Christopher Rüprich wrote: >I still have the config.log. I ran "cat -n config.log|grep -C4 error" ( >http://pastebin.com/G21itVS9 ) and "cat -n config.log|grep -C4 failed" ( >http://pastebin.com/iyvFfJhY ), but the results don't tell me much. re-run the configure script as Sam said. extracting error lines from config.log rarely helps, because the errors usually appear on other lines. (btw, using "grep -n -C4" would be more effective. see http://www.smallo.ruhr.de/award.html) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I'm not interested in your website anymore. If you need cookies, bake them yourself. -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Email forwarding problem
>>> On 9/9/2014 7:45 PM, Sam Varshavchik wrote: >>>> maildrop should be adding the From_ header only if it's delivering mail >>>> to an mbox mailbox. Actually, maildrop will also emit a From_ line if >>>> a message is sent to an external filter via xfilter. >>>> >>>> I think the message is being filtered through an xfilter command. The >>>> command executed by xfilter emits an extra blank line before the >>>> contents of the filtered message, and maildrop reads it back in, like >>>> that. On 11.09.14 10:33, Bowie Bailey wrote: >A little more digging found preline in my default delivery >instructions. I am using this to get the Delivered-To header. > >DEFAULTDELIVERY="| /usr/lib/courier/bin/preline >/usr/lib/courier/bin/maildrop -w 90" > >This seems to be what is adding the From_ header. The header does not >appear if I remove the preline call. > >Yes, I do realize that preline is expected to add a From_ header... > >However, this is not a recent change -- it has been in place for years. >But the From_ headers only started appearing after I upgraded to >0.73.1. Older messages only show the Delivered-To and Return-Path >headers. Was there a change in preline? Or perhaps maildrop was >previously removing the unnecessary From_ header and is no longer doing so? preline should not cause problems. Also, imho, forwarding a mail starting with "From " header should not cause this kind of problems. The question is, whether there's one empty line at the start, if courier adds it when fed with "From " or something else causes that issue. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Posli tento mail 100 svojim znamim - nech vidia aky si idiot Send this email to 100 your friends - let them see what an idiot you are -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] mailing list filters through sqwebmail
On 10.09.14 08:27, Sam Varshavchik wrote: >Harry Duncan writes: > >>mailing list addresses can be added to sqwebmail through the >>preferences, not sure what the purpose of this is for, was it >>intended for future use? > >It drives the logic for selecting which email addresses are included >when you reply to a message. > >If a message is addressed to an address that's listed as one of your >mailing lists, replying to the message will reply only to that >address, ignoring any other CCs of the original message. no autodetection of mailing list using List-Post or similar? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Emacs is a complicated operating system without good text editor. -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
