Re: [courier-users] Pythonfilter attachments

[Gordon Messmer]

On 07/25/2017 09:53 AM, Alessandro Vesely wrote:

I've published my alternative version here:
https://www.tana.it/sw/pythonfilter_attachments/



I'll take a look at that shortly.  Thanks.


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] sendmail removes bcc header unconditionally

[Gordon Messmer]

Just tested my sentfolder filter, and the new Bcc: support works 
nicely.  Thanks for your help, Sam.


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] sendmail removes bcc header unconditionally

[Gordon Messmer]

On 07/06/2017 05:09 PM, Sam Varshavchik wrote:
Yeah, github was a couple of commits behind. Just pushed everything 
out, and it's up to date now. 



Thanks, again.  Is this an accurate update to the sendmail document?


diff --git a/courier/courier/doc/sendmail.sgml 
b/courier/courier/doc/sendmail.sgml

index 634b262..6f956c3 100644
--- a/courier/courier/doc/sendmail.sgml
+++ b/courier/courier/doc/sendmail.sgml
@@ -74,8 +74,8 @@ message and builds the recipient list from the 
To: Cc: and moreinfo="none">Bcc: headers.


 
-sendmail always removes all moreinfo="none">Bcc:

-headers before sending the message.
+sendmail removes moreinfo="none">Bcc:
+headers before sending the message if recipients are not specified on 
the command line.


 
 Some of the functionality described below is actually implemented by other
@@ -194,7 +194,7 @@ information.
 Read Bcc: headers only. Normally, if no
 recipients are specified, sendmail 
obtains the list of
 recipients by reading the To:, 
Cc: and
-Bcc: headers (moreinfo="none">Bcc: headers are always
+Bcc: headers (moreinfo="none">Bcc: headers are then

 removed).
 The -bcc option ignores moreinfo="none">To: and

 Cc:


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] sendmail removes bcc header unconditionally

[Gordon Messmer]

On 07/06/2017 01:58 PM, Sam Varshavchik wrote:

This is a reasonable position to make, so I'll change this.



Thanks very much, Sam.  If you push a patch into git (github looks a bit 
out of date?) I'll test it.  Or, if you'd rather, I can modify sendmail 
and send a patch.



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] sendmail removes bcc header unconditionally

[Gordon Messmer]

On 07/06/2017 03:54 AM, Sam Varshavchik wrote:
Would it work to simply use a custom header name instead of "Bcc:". 
Most email clients won't show it by default, but it's going to be 
there and can be looked at, in some way; and the email clients will 
also ignore it if the message is replied to. 



That's the other option I'm looking at, and I'm more likely to go that 
route than introduce another message delivery code path in the 
framework.  Some record is better than no record, but I feel like that 
path would still be very slightly inferior to the solutions that Gmail 
and Courier IMAP provide.  Is there a logical reason why sendmail should 
remove the Bcc: header when headers aren't used to indicate recipients?



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] sendmail removes bcc header unconditionally

[Gordon Messmer]

I'm working on improving my "sentfolder" mail filter.  This filter works 
like GMail's SMTP system, copying messages that a user sends into their 
sent folder, so that messages only need to traverse the network once.  
Courier IMAP has a better option, but no client support to speak of.


I've updated the sendfolder filter to examine the recipients in the 
control files and the message file headers, and add a Bcc: header for 
any addresses that don't appear in the message headers.  It then uses 
sendmail to send a copy to the user, along with a header that marks it 
for delivery to their sent folder. The problem here is that sendmail 
unconditionally removes the bcc: header.  I think it might be better if 
sendmail removed the bcc header only if it uses headers for the 
destination addresses, and left the bcc header if it uses destinations 
given as command line arguments.  Would that be an acceptable change?


I could work around the problem by using SMTP rather than sendmail, but 
I prefer to use sendmail to avoid passing through the courier filters 
(at least, in the default configuration).



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] setuid/setgid problem, mail from website not sent

[Gordon Messmer]

On 07/05/2017 11:33 AM, Bernd Plagge wrote:

What can I do to solve this problem?



First, "setenforce permissive" and send a message, or examine 
/var/log/audit/audit.log to see if this is an SELinux denial.


Next, in permissive mode, use "tail -f /var/log/audit/audit.log | grep 
AVC" to watch the log while you send another message.  Take all of the 
output and pass it as input to "audit2allow -M lighttpd_sendmail".  That 
will create a new SELinux policy module that you can load to allow 
lighttpd to send email.



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] szmlink counts as quota

[Gordon Messmer]

On 05/18/2017 06:31 PM, SZÉPE Viktor wrote:

Could it be that that Courier counts Sent folder size three time while
calculating quota?



Can you test this patch?


diff --git a/maildir/maildirquota.c b/maildir/maildirquota.c
index 3f3e0bd..3ff78f1 100644
--- a/maildir/maildirquota.c
+++ b/maildir/maildirquota.c
@@ -454,6 +454,9 @@ static int docheckquota(struct maildirsize *info,
 	dirp=opendir(info->maildir);
 	while (dirp && (de=readdir(dirp)) != 0)
 	{
+#ifdef _DIRENT_HAVE_D_TYPE
+		if (de->d_type == DT_LNK) continue;
+#endif
 		if (countsubdir(info->maildir, de->d_name,
 &maxtime, &maildirsize_size,
 			&maildirsize_cnt))
@@ -520,6 +523,9 @@ static int docheckquota(struct maildirsize *info,
 	dirp=opendir(info->maildir);
 	while (dirp && (de=readdir(dirp)) != 0)
 	{
+#ifdef _DIRENT_HAVE_D_TYPE
+		if (de->d_type == DT_LNK) continue;
+#endif
 		if (statsubdir(info->maildir, de->d_name, &tm))
 		{
 			errno=EIO;
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Loading / reloading Pythonfilter

[Gordon Messmer]

On 06/07/2017 04:32 AM, Alessandro Vesely wrote:

Last time I issued courierfilter stop, and then start.
However, that way I have to reload also clamav databases, which takes a long
time.  Is there any better way to upgrade the running Python process?


That should only be the case if you were running pyclamav, which is no 
longer available or supported.  The supported means of using clamav is 
to run an instance of clamd as the courier user, and use pyclamd to scan 
messages.  In that configuration, you should be able to "filterctl stop 
pythonfilter/start pythonfilter" without significant delays.



BTW, in order to tell distributed filter from home-brewed ones, I install sym
links in the dist-package/pythonfilter directory, which point to the source
file.  I note that Python does not produce any .pyc in that case.


That's true, but that only means that python will take slightly longer 
to parse those files when they're imported.  Since that only happens on 
startup, it's hard to make the case that producing pyc files will 
significantly impact performance at all.



Since the pyc is what should get loaded when loading a module, an idea could be
to reload modules if they have been recompiled since the last time they were
loaded.  Let me attach the idea.  Beware: I did'n run it, not even once, and
didn't fully understand the caveats about using reload(), see e.g.:

https://stackoverflow.com/questions/437589/how-do-i-unload-reload-a-python-module#answer-438845


pythonfilter uses threads in order to allow modules to keep statistics 
in memory.  As far as I can tell, reloading isn't going to be safe.



One more question, about virtualenv.  Has anyone had experience loading
Pythonfilter that way under Courier?  Another possibility is to install
Pythonfilter globally, but keep additional packages in a virtualenv, just to
ease tracking requirements.


I haven't, personally.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] 456 Address temporarily unavailable

[Gordon Messmer]

On 05/13/2017 12:53 AM, Lucio Crusca wrote:
> Now for the problem. Out of 6 accounts. 5 do work correctly. For one of
> them Courier replies "456 Address temporarily unavailable".
> "courier clear" on maxwell does not change the reply I get afterwards.

In case it helps: you probably want to look at log entries matching 
"courierlocal:" and the address that's failing in /var/log/maillog (or 
Debian's equivalent.  I'm unsure if they use that path).  You're looking 
for a failure that occurred before the earliest of your 456 errors, so 
it might be useful to identify when the first of those occurred.

grep courierlocal: /var/log/maillog | grep address # look for a failure 
earlier than the first 456


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Latest Courier+Amavisd-new+clamav install guide

[Gordon Messmer]

On 03/27/2017 12:14 AM, Vytautas Kasparavičius wrote:
> Is somwhere guide to integrate latest versions amavisd-new and clamav
> into courier?

The README included in the amavisd distribution looks like it's still 
relevant.

Your other options for Clamav integration are Courier::Filter and 
pythonfilter:
http://search.cpan.org/~jmehnle/Courier-Filter-v0.200/lib/Courier/Filter/Overview.pod
https://pypi.python.org/pypi/courier-pythonfilter/


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] monitoring prgram times out

[Gordon Messmer]

On 03/26/2017 09:44 AM, SZÉPE Viktor wrote:

Running bind is too expensive for me.


I'll note that Red Hat's bind package installs with an ideal 
configuration for a localhost-only caching DNS server.  There's 
virtually no administrative cost, there.



I usually use the caching DNS
resolver in the given datacenter plus µnscd
https://busybox.net/~vda/unscd/  which does local caching for Name
Service - which Courier apparently is not using.



Nope.  nscd (and unscd) are not DNS servers, they're caches for the libc 
nss functions (gethostbyaddr, etc) that aren't used in Courier.


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] journald logging

[Gordon Messmer]

On 03/22/2017 01:32 AM, Bernd Plagge wrote:
> It seems that you're running journal without syslog, rsyslog or syslog-ng. Is 
> this correct?

The default configuration for CentOS 7 runs journald as the primary log 
recipient ("lsof /dev/log" will show systemd and systemd-journal), and 
rsyslogd using journald as a message source ("sModLoad imjournal" 
appears in rsyslog.conf).

The journal's content doesn't depend on rsyslogd running.  I see the 
same log patterns with rsyslogd running that I do when rsyslogd is stopped.

> Does this require particular journald.conf settings?

It shouldn't.

> Do you happen to have a link to the configuration description.


Not that I can find.



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Spam filtering on SMTP level

[Gordon Messmer]

On 03/21/2017 09:27 AM, Bernd Wurst wrote:
> I pushed my changes to the greylist filter in my github-repo
> https://github.com/bwurst/courier-pythonfilter
>
> Gordon has received a pull request.


I see the PR, yes, but the pythonfilter repo is on bitbucket:

https://bitbucket.org/gordonmessmer/courier-pythonfilter

Your PR was sent to szepeviktor.

Regarding the IPv6 code: The greylist module was originally written by 
Mickael Marchand, and parses IPv4 addresses with a regex.  That's not 
ideal.  Rather than perpetuate that code, I'd prefer to use a validating 
library to get the addresses (especially with IPv6).  Python 3 has such 
a library, and it's been ported to earlier releases, so that seems like 
the obvious solution:

https://pypi.python.org/pypi/ipaddress

Regarding whitelisting networks: it's probably a good idea.  I'd like to 
think about that a bit and see if there's any less complex way to do that.

I'll get these changes made shortly, but I want to clean them up a bit 
first.


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] journald logging

[Gordon Messmer]

On 03/21/2017 02:12 AM, Bernd Plagge wrote:
> Now I find imap and pop messages in the log but no delivery result or 
> messages about incoming mails. It seems that half of the Courier messages 
> does not make it into the journal.


I'm seeing all of the expected logs, including courierd entries, in the 
journal on CentOS 7 hosts.  Courier was built and installed using rpm 
and its included spec file.


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Build 20170309 of Courier packages

[Gordon Messmer]

No problems seen yet, on a test host.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Build 20170309 of Courier packages

[Gordon Messmer]

On 03/15/2017 06:17 PM, Sam Varshavchik wrote:
> Ok, this actually turned out to be a small typo. Fixed in the 
> just-uploaded 20170315, and it builds for me. 


courier-unicode does build.  However, I'm unable to build the new 
courier package with it installed (also under mock).

https://paste.fedoraproject.org/paste/X1s-KLD0Eaiz9otZerh-wl5M1UNdIGYhyRLivL9gydE=


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Build 20170309 of Courier packages

[Gordon Messmer]

On 03/11/2017 11:20 AM, Sam Varshavchik wrote:
> • A few more tweaks to the courier-unicode configuration script. 


Building in mock fails on CentOS 7:

https://paste.fedoraproject.org/paste/knoYv8gNHfxhfF3flIz6EF5M1UNdIGYhyRLivL9gydE=


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] RBL answers

[Gordon Messmer]

On 03/10/2017 11:00 AM, SZÉPE Viktor wrote:
> CloudFlare is also retiring ANY queries.
>
> https://blog.cloudflare.com/deprecating-dns-any-meta-query-type/

"We aware of only two programs that issue ANY queries:
 Un-patched versions qmaild..."

I laughed at that one.  :)

--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] RBL answers

[Gordon Messmer]

I was checking the RBL queries and answers on a server this morning, 
when I noticed this in the responses:
 Please stop asking for ANY.See draft-ietf-dnsop-refuse-any

Both spamhaus and abuseat provide this text in their replies to 
Courier's RBL lookups.

Is it worth considering A and TXT record lookups rather than ANY, given 
the request to stop sending requests for ANY result?  Might that request 
indicate that requests for ANY will not be supported in the future?

--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Spam filtering on SMTP level

[Gordon Messmer]

On 03/02/2017 09:58 PM, Bernd Wurst wrote:
> But I'd still like to know where to submit patches when We extend something.


You can email them to me directly, or you can fork the code on bitbucket 
and send a pull request:

https://bitbucket.org/gordonmessmer/courier-pythonfilter


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Spam filtering on SMTP level

[Gordon Messmer]

On 02/28/2017 08:27 AM, Lindsay Haisley wrote:
> Gordon Messmer has done an excellent job with this package, its API, and with 
> the documentation for it.


That's very kind.  I'll note that as much as possible, the pythonfilter 
API is simply a direct reflection of the mechanisms used in Courier.


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Future of Courier MTA

[Gordon Messmer]

On 02/18/2017 04:45 PM, Mark Constable wrote:

Is Ondřej still the package
maintainer?

Not really, this explains Ondřej's position...


I'd seen that, but I'm not intimately familiar with the Debian 
maintenance process.  I'm not sure if, to adopt the package, we should 
contact Ondřej, or if there's another path to adoption.
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Future of Courier MTA

[Gordon Messmer]

On 02/16/2017 03:36 PM, SZÉPE Viktor wrote:
> Is anyone willing to cooperate with me on fixing Debian-related errors?
> https://github.com/szepeviktor/courier


Well, I just sent some more patches to the FreeBSD maintainer to bring 
the package up to date.  I think I can put in some effort to help 
maintain Courier for Debian.  Is Ondřej still the package maintainer?


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Pythonfilter attachments

[Gordon Messmer]

On 02/08/2017 10:24 AM, Alessandro Vesely wrote:
> I revamped attachments.py in order to catch Javascript Trojans inside 
> a zip, which were driving me crazy.


The current version supports libarchive, which should allow you to 
blacklist file types inside zip files, as well.


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Error message from Remote Server

[Gordon Messmer]

On 01/27/2017 11:33 PM, Michelle Konzack wrote:
> On 2017-01-27 15:13:39 Gordon Messmer hacked into the keyboard:
>> What TLS settings have you specified in /etc/courier/courierd? 
> [ c 'grep TLS /etc/courier/courierd' ]--
>
> TLS_PROTOCOL=TLS1
> 

TLS_PROTOCOL isn't set by default, at least in the current version. Try 
unsetting that and checking delivery.

Note that SSL3 support is disabled in the current version.


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Error message from Remote Server

[Gordon Messmer]

On 01/27/2017 02:59 PM, Michelle Konzack wrote:
>   <<< 500 couriertls: connect: error:14094410:SSL 
> routines:SSL3_READ_BYTES:sslv3 alert handshake failure

What TLS settings have you specified in /etc/courier/courierd?



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Patches from FreeBSD

[Gordon Messmer]

While working on updating the FreeBSD port, I noticed a few patches that 
may be appropriate for merging.


First, the test for -lcourier-unicode seems to be slightly deficient.  
All of the AC_CHECK_LIB checks successfully locate libs in 
/usr/local/lib, but AC_LINK_IFELSE doesn't seem to.I think that's 
because that part of configure.ac stashes $LIBS where -L/usr/local/lib 
will be?  Regardless, maybe this section can be refactored to use 
AC_CHECK_LIB...


Second, courier/perms.sh.in sets a number of executables to 555, and 
others to 755.  The FreeBSD maintainer makes those consistent, removing 
write access.


The last patch appears to clarify an error message when messages exceed 
the administrative limit.


Could you check these over, Sam?

--- configure.orig  2017-01-25 20:41:21.217193416 -0800
+++ configure   2017-01-25 20:41:52.000581482 -0800
@@ -16418,7 +16418,7 @@
 
 
 save_LIBS="$LIBS"
-LIBS="-lcourier-unicode"
+LIBS="-lcourier-unicode -L/usr/local/lib"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
--- courier/perms.sh.in.orig2007-07-01 11:36:31.0 -0400
+++ courier/perms.sh.in 2007-07-01 11:36:31.0 -0400
@@ -11,9 +11,6 @@
 datarootdir="@datarootdir@"
 
 PERMS="
-.  755
-
-@localstatedir@755 x   bin bin
 @localstatedir@/tmp770
 @localstatedir@/msgs   750
 @localstatedir@/msgq   750
@@ -47,7 +44,6 @@
 @sysconfdir@/rfcerr2046.txt444 config
 @sysconfdir@/rfcerr2047.txt444 config
 
-@libexecdir@   755 x   bin bin
 @libexecdir@/courier   755 x   bin bin
 @libexecdir@/courier/modules   755 x   bin bin
 @libexecdir@/courier/submitmkdir   4550
@@ -61,14 +57,13 @@
 @libexecdir@/courier/makedatprog   555
 @libexecdir@/courier/imaplogin 555 x   bin bin
 @libexecdir@/courier/pcpd  555 x   bin bin
-@libexecdir@/courier/webmail   700 x   rootbin
+@libexecdir@/courier/webmail   500 x   rootbin
 @libexecdir@/courier/webmail/webmail   555 x   rootbin
 @libexecdir@/courier/webmail/webmlm555 x   rootbin
 @libexecdir@/courier/sqwebmaild555
-@libexecdir@/courier/sqwebpasswd   2755
-@libexecdir@/courier/webmail/webadmin  4555x   rootbin
+@libexecdir@/courier/sqwebpasswd   2555
+@libexecdir@/courier/webmail/webadmin  4511x   rootbin
 
-@sbindir@  755 x   bin bin
 @sbindir@/courier  555
 @sbindir@/showconfig   555
 @sbindir@/showmodules  550
@@ -82,7 +77,6 @@
 @datadir@/imapd555 x   bin bin
 @datadir@/imapd-ssl555 x   bin bin
 
-@bindir@   755 x   bin bin
 @bindir@/cancelmsg 6555
 @bindir@/courier-config555
 @bindir@/mailq 2555
@@ -109,10 +109,10 @@
 @sbindir@/makehosteddomains555
 @datadir@/makeimapaccess   555
 @sbindir@/makeimapaccess   555
-@datadir@/pop3d755
-@sbindir@/pop3d755
-@datadir@/pop3d-ssl755
-@sbindir@/pop3d-ssl755
+@datadir@/pop3d555
+@sbindir@/pop3d555
+@datadir@/pop3d-ssl555
+@sbindir@/pop3d-ssl555
 @sbindir@/webgpg   555
 
 @datadir@  755 x   bin bin
@@ -226,7 +220,7 @@
 if test "@HAVE_LDAP@" != 0
 then
echo @sysconfdir@/ldapaliasrc.dist 640 @mailuser@ @mailgroup@ config
-   echo @sbindir@/courierldapaliasd 700 @mailuser@ @mailgroup@
+   echo @sbindir@/courierldapaliasd 500 @mailuser@ @mailgroup@
 fi
 
 echo @datadir@/sqwebmail/images 755 @mailuser@ @mailgroup@
--- courier/submit2.C.orig  2008-01-29 13:06:47.0 +0100
+++ courier/submit2.C   2009-10-03 22:34:47.0 +0200
@@ -860,7 +860,7 @@
if (sizelimit && bytecount > sizelimit)
{
std::cout << "523 Message length (" <<
-   sizelimit << " bytes) exceeds administrative limit."
+   bytecount << " bytes) exceeds administrative limit(" << 
sizelimit << ")."
<< std::endl << std::flush;
return (1);
}
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Configure Scripts Not Finding Resources Installed on FreeBSD

[Gordon Messmer]

On 12/26/2016 08:57 PM, Michael S. Scaramella, Esq. wrote:
My project to install and configure Courier on our DigitalOcean hosted 
FreeBSD 11.0 based VPS is now substantially further along.



It's a little late to be of help, but I've sent patches for the 
courier-authlib and courier "ports" to their respective maintainers.  
Hopefully they'll be up to date soon.




ports-courier.patch.gz
Description: application/gzip


ports-courier-authlib.patch.gz
Description: application/gzip


ports-courier-files.patch.gz
Description: application/gzip
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Disable adding own hostname to sender's address

[Gordon Messmer]

On 01/23/2017 08:08 AM, Michelle Konzack wrote:

The documentation for this is buried in the submit(8) man page.

...but not in my manpage!



What version are you running?

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Best practize for $USER -> EMail

[Gordon Messmer]

On 01/20/2017 04:22 AM, Michelle Konzack wrote:
> All the users where created on  as "normal"  UNIX  users  and
> there login name is also there email address.  So, now you can  imagine,
> that this give problems if  is responsable for different  domains,
> where maybe two users have the same names...
>
> So my idea is, to use a script an rename all UNIX users

I assume you mean that their login name is the left-hand-side of their 
email address.  Is that right?

If your users are currently logging in with the username only, not the 
domain, then regardless of how you store usernames in the password 
files, you would need to change all of the clients if you want a 
consistent work-around to the basic problem of having a different 
"user1" in "example1.com" than in "example2.com".

Alternatively, you could leave your existing systems unchanged, and 
engineer a new process for future domains.  If you have "user1" in 
"example1.com" now and want to set up a separate user to receive "user1" 
in "example2.com", you could create a user named "user1-example2.com" 
and an alias that directs "us...@example.com" to that address.  You'd 
lose the ability to use .courier files within those user accounts, but 
it'd be a non-invasive change.

On the other hand, if you're OK with the idea of changing all of your 
client configurations to use the full email address as a login name, you 
still don't need to rewrite your password files.  If you can map 
"arbitr...@example.com" to "user0001", you can just as easily map the 
existing accounts without changing them, and start using sequentially 
numbered usernames for future accounts.  You'd just need to convert all 
of your domains from local domains to virtual domains.

> I mean, I do absolutely not want  to  use  LDAP.   But  I  can  use  the
> PostgreSQL to use the mapping or whatever is required.  I  mean,  I  can
> use pam_pgsql and courier authpgsql.

Why PAM?  Are those users logging in to non-courier services?  Shell 
accounts, maybe?



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] DNS, was lo is down

[Gordon Messmer]

On 12/29/2016 02:16 AM, Alessandro Vesely wrote:

  From that, I derive that production mail servers should run a caching[*] DNS
server/locally/.  That's also necessary for DNSxL, SPF, DKIM, and the like.
Do you agree?



I think that a caching DNS server should be as near as possible to the 
email server, but I don't personally run them on the same host in most 
cases.  I know plenty of people who think it's best practice, but I 
don't have any strong feelings on the topic.


--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] lo is down

[Gordon Messmer]

On 12/28/2016 02:07 PM, Lindsay Haisley wrote:
> This generally removes any dependency on DNS for resolving "localhost".


Courier uses DNS for everything that comes to mind.  Modifying 
/etc/hosts won't resolve the problem in question.


--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] lo is down

[Gordon Messmer]

On 12/28/2016 01:38 PM, SZÉPE Viktor wrote:
> Thank you Gordon!
>
> After a quick tcpdump.
> Monit sends:
>
> EHLO localhost
> QUIT

What is the value for TCPDOPTS in /etc/courier/esmtpd?  That test should 
work if you have -nodnslookup set (though I don't recommend that).  If 
it's not set, as in the default case, then couriertcpd will spend a very 
long time trying to look up the hostname of the connecting host in DNS, 
and Monit will timeout.

Courier won't be able to do much without an internet connection. You can 
probably get it to accept local messages by providing a DNS server on 
the host running Courier, but any mail submitted bound for domains that 
aren't available in that DNS server is likely to be permanently lost, so 
I'm not sure I'd recommend any changes.

--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] lo is down

[Gordon Messmer]

On 12/28/2016 11:02 AM, SZÉPE Viktor wrote:
> Could it be that Courier unbinds from localhost when eth0 is down?


If Monit is testing SMTP on localhost, there are a bunch of possible 
causes of failure.  The most likely, I would think, is that DNS is not 
available so one of the SMTP commands issued by Monit fails.

Check the mail logs for errors at the time the test fails. You're likely 
to find the answer there.


--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] maildrop: Timeout quota exceeded

[Gordon Messmer]

On 12/11/2016 10:47 AM, Mike - st257 wrote:
> The user's mailbox is large enough (my opinion, at a few Gigabytes) 
> that crawling the entire maildir will take an extremely long time.


If you want to measure this (approximately), wait for an off-peak time 
of day, flush the caches, and measure how long it takes to compute the 
quota for that Maildir:

# sync
# q=$(head -1 Maildir/maildirsize)
# mv Maildir/maildirsize /tmp
# echo 3 > /proc/sys/vm/drop_caches
# time maildirmake -q "$q" Maildir > /dev/null

That should give you some idea how long it takes to recompute the quota 
for that Maildir, though load on system storage may cause significant 
variance in that time.


--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] maildrop: Timeout quota exceeded

[Gordon Messmer]

On 12/09/2016 07:55 AM, Mike - st257 wrote:
> I don't yet have an answer why that file was present (doesn't exist in 
> my mailbox on that system), but moving it aside resolves the present 
> mail delivery problem.


That file's presence indicates that a Maildir++ has a quota, and is used 
to track the quota and usage.  Periodically, a maildir reader must crawl 
the entire maildir to re-calculate usage, which could explain the 
timeout if an uncached read of all of the directories for that Maildir 
take a *really* long time.


--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Release quarantine messages - pythonfilter

[Gordon Messmer]

On 12/07/2016 01:12 AM, Bernd Plagge wrote:
> However, I always got a message saying that the message was not found
> So, I wrote a small program to list the keys in the database:
>
> /var/lib/pythonfilter/quarantine# ./dbmtest.pl msgs.db
> 203720L

Seems you've hit a bug in pythonfilter.  I haven't seen inodes 
represented that way on any of the systems I've used.  What platform and 
what release of python are you using?

I think you can work around this by patching quarantine.py:

diff -r 20cc13ea1a4b courier/quarantine.py
--- a/courier/quarantine.pyFri Nov 25 16:38:07 2016 -0800
+++ b/courier/quarantine.pyWed Dec 07 18:59:32 2016 -0800
@@ -187,6 +187,8 @@
  (dbm, lock) = _getDb()
  if requestedId in dbm:
  quarantinePaths = pickle.loads(dbm[requestedId])[1]
+elif requestedId + 'L' in dbm:
+quarantinePaths = pickle.loads(dbm[requestedId + 'L'])[1]
  else:
  quarantinePaths = None
  # Unlock the DB

> As the program reads the 'r' headers it will never match the 'R' header 
> Or am I wrong??

getControlData()['r'] isn't just the "r" lines.  It's a list of lists, 
each of which contains the rewritten recipient address, the original 
recipient address, and zero or more characters indicating DSN behavior.


--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] How to test imap idle

[Gordon Messmer]

On 11/16/2016 05:05 PM, David Niklas wrote:
> There is a read, write and execute bit what is the t bit?


As explained in the chmod(1) man page, the t bit is the restricted 
deletion flag.  More information is available in the man page.


--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] catch all for one domain only

[Gordon Messmer]

On 11/02/2016 11:36 AM, Lucio Crusca wrote:
> Could you please help me understand what's wrong with my configuration?


You probably want to start with the "VIRTUAL DOMAINS" section of the 
"makealiases" man page.  In general, though, catch-all addresses are 
going to receive so much spam that they're useless at best.


--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] A pythonfilter module for recent gibberish spam

[Gordon Messmer]

On 09/22/2016 02:11 PM, Lindsay Haisley wrote:
> Gordon, take a look at this code and if you have any suggestions please
> post them.


Do you have a sample of the messages this targets?


--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Verify sender email only for hosted domains

[Gordon Messmer]

On 09/06/2016 08:04 AM, Lucio Crusca wrote:
> Is it possibile to block messages apparently coming from one of the
> hosted domains that use a non existing address as sender?


courier-pythonfilter includes a filter named "localsenders" which does 
exactly that.


--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Management of maildir structures

[Gordon Messmer]

On 07/23/2016 12:05 PM, Lindsay Haisley wrote:

the Wikipedia article at
  on maildirs which state that
the internal management of files in the new, tmp and cur directories is
the responsibility of the client's MUA ("When the mail user agent (MUA)



In this case, I think that "MUA" simply means "the process that's 
reading the mail dir."  In particular, it refers to Dovecot in the same 
paragraph.


--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Blocking Brute Force Auth Attacks

[Gordon Messmer]

On 07/08/2016 03:04 PM, Alexei Batyr' wrote:
>
> Unfortunately spamers/fishers et al. already mastered SSL and STARTTLS and
> successfully use them in brute force and other attacks.

I'd expect so.  I didn't recommend TLS as a measure against brute-force 
attacks, I recommended it to protect passwords from leaking on untrusted 
networks.  Authentication should always be done on a secure channel.

> Account locking seems not a good idea: attacker could easily and quickly
> block all known to him user accounts on particular server.

And yet, temporary lockout is still a fairly standard practice.  The 
lockouts don't need to be very long to be effective if your passwords 
aren't based on dictionary words.

> Fail2ban blocks
> attacker's IPs instead, leaving legitimate user access to his mail.

Yes, fail2ban is a good tool and I advocate its use.  However, it should 
be noted that fail2ban does not support IPv6, so attackers can use that 
network to avoid blacklisting for now.

Your toolbox should have more than one tool.


--
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Blocking Brute Force Auth Attacks

[Gordon Messmer]

On 07/08/2016 09:54 AM, Nathan Harris wrote:
> Gordon, first let me start with a big thank you for pythonfilter which I
> have used for years.

Cool.  Glad to hear it!

> As far as rejecting/disabling smtp authentication, I was not aware there was 
> a setting for this.



Authentication over plain text is only allowed if ESMTPAUTH is set in 
etc/courier/esmtpd.  To maintain password security, that setting should 
be empty.  Instead, use ESMTPAUTH_TLS to enable authentication only 
after TLS is initialized.

I wrote earlier that protecting authentication with encryption would 
leave you with only tools like fail2ban.  I should have mentioned that 
the other good option is using an authentication backend that'll lock 
accounts temporarily when there are repeated auth failures.


--
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Blocking Brute Force Auth Attacks

[Gordon Messmer]

On 07/08/2016 06:49 AM, Nathan Harris wrote:
> Is there anything more
> sophisticated or a better approach to solving this problem?


I'd recommend that you not allow authentication on any non-encrypted 
protocols, and that'll only leave log analysis tools like fail2ban as 
options.


--
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Disable SSL for esmtpd on port 25

[Gordon Messmer]

On 05/27/2016 05:39 AM, Matus UHLAR - fantomas wrote:
> Aha... doesn't couriertls produce an error when too low tls version is tried
> by the client?


It should, but the "SSL23" message that Mark originally mentioned don't 
really indicate that the clients are using SSL2 or SSL3 (as best I can 
tell).  The message "tlsv1 alert decode error" should indicate that the 
peer is using TLS v1, but didn't understand some extension that's 
present in OpenSSL, used by Courier.


--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Disable SSL for esmtpd on port 25

[Gordon Messmer]

On 05/27/2016 11:02 AM, Alessandro Vesely wrote:
> but wait, why do I miss the STARTTLS=server part?


Logs will look slightly different for builds on OpenSSL and those on 
gnutls.  That'd be my guess.


--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Courier sourcing during test

[Gordon Messmer]

On 05/24/2016 12:30 PM, David Niklas wrote:
> I've successfully run the tests of courier 0.75.0 up to the part where
> the msg writes info into the ID and ENV files.
> Strangely, id output no info into the ID file though sh wrote
> "/root/.profile" Permission denied.


You're talking about the user/group ID check at the end of the 
post-install check section?

http://www.courier-mta.org/install.html#checks

To what user are you delivering mail?  Does that user receive mail if 
there are no .courier files in its home directory?

(Note that, below, the install document also says: "The Courier mail 
server does NOT deliver any mail to root.")


--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] handle spam

[Gordon Messmer]

On 04/09/2016 02:53 AM, SZÉPE Viktor wrote:
> I've just read onhttp://psky.me/
> ...
> How is it possible to implement deferring with Courier MTA?


Before I remove this from my todo list, I wanted to note that I 
attempted to contact the site for clarification on their recommended 
use.  In recommending that messages be deferred, it isn't clear whether 
they mean that messages should be deferred until the listing is removed 
from their RBL (or what the lifetime of such records will be), or some 
other deferral strategy.

I received no response to my query, so I'm deferring any effort to 
implement a module for this RBL.  I'm not sure if the list is even being 
maintained.



--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] quarantine configuration - need advice

[Gordon Messmer]

On 05/20/2016 06:43 PM, Bernd Plagge wrote:
> When I set the quarantine system up with this data I did receive notification 
> containing a link to "postmas...@serv99.mydomain.com".
>
> This bounces because the address should be postmas...@mydomain.com.

It shouldn't.  If you have a "me" file, you should also list the domain 
in that file in your "locals" file.

> Quarantine notifications were created with the link: 
> "postmas...@mydomain.com" and basically the release process worked (basically 
> means that I received a message that the mail was not found in the DB but 
> that is probably a unrelated problem).

You'll get a failure notice if the message isn't found in the 
quarantine, or if you send the request to release from an address which 
wasn't one of the original recipients.


--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] vacation notices

[Gordon Messmer]

On 05/19/2016 04:14 AM, Harry Duncan wrote:
> I have just deployed courier 0.76 and tested this feature, but it 
> doesn't seem to work. Am I testing right or this was taken back out of 
> the server?


That feature (which I was previously unaware of) requires some setup, 
which you haven't described.  See the "Autoreplies from a maildir 
folder" section in the mailbot man page.



--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] DNS lookup problem

[Gordon Messmer]

On 05/11/2016 12:31 PM, Bowie Bailey wrote:
> $ testmxlookup westportyachtsales.com
> westportyachtsales.com: soft error.


Have you checked for errors in your DNS server's logs?


--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] pythonfilter

[Gordon Messmer]

On 05/11/2016 02:28 AM, Jérôme Blion wrote:
> eg:
> attachments
> auto_whitelist whitelist_auth whitelist relayclients greylist
> clamav
> spamassassin
>
> What will happen when whitelist_auth will send a 2xx code ?


Multiple words on a single line are only used if the second word is 
"for".  In that case, the words which follow are the names of filters 
that will be bypassed if the filter named by the first word returns a 
2xx code.  Since there is no "for" in the second line of the example, 
the remaining words on that line are ignored.

If you name filters after the "for" keyword, you still have to list them 
on their own line, as was always required.


--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Migrating old messages

[Gordon Messmer]

On 05/11/2016 03:46 AM, MK wrote:
> What are my options here?


The one I'd recommend is: Set up the IMAP account on each client.  
Create a folder structure on the IMAP server that matches the client.  
Copy the content of each folder from the old, local folders into the new 
IMAP folders.


--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] pythonfilter

[Gordon Messmer]

https://bitbucket.org/gordonmessmer/courier-pythonfilter

A new release of pythonfilter is available with two new features.  A new 
"sentfolder" module allows a site to copy messages sent by authenticated 
users to those users' Sent maildir, and whitelist modules can now bypass 
specific filters, rather than all filters that follow in the configuration.


--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Manipulating outgoing messages

[Gordon Messmer]

On 05/06/2016 09:44 AM, SZÉPE Viktor wrote:
> Thank you!
>
> How will the message land in the Sent folder?

https://bitbucket.org/gordonmessmer/courier-pythonfilter/src/3ac9d9109e808bfe1f3df7582cff30e139397795/README?at=default&fileviewer=file-view-default

The documentation includes a section on "sentfolder", and a maildrop rule.


--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Manipulating outgoing messages

[Gordon Messmer]

On 05/04/2016 07:09 PM, Gordon Messmer wrote:
> Seems reasonably straightforward.  I'll give it a shot. 

https://bitbucket.org/gordonmessmer/courier-pythonfilter/

A "sentfolder" module has been added for anyone else who wants to test it.


--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Manipulating outgoing messages

[Gordon Messmer]

On 05/04/2016 06:27 PM, Mark Constable wrote:
> We can do almost anything with incoming mail using maildrop but is
> there anything we can do to manipulate outgoing mail, per user?


That's an interesting idea.  Courier implements send-by-IMAP, but I 
don't know of any clients that support it.  This would be the inverse, I 
suppose.

I think you'd have to do this with a courierfilter, since the delivery 
commands are disabled by mailfilter in embedded mode. Check if the 
message was sent with authentication.  If so, copy the message, add a 
header to indicate that this is a copy intended for the Sent folder, and 
send it to the authenticated user. Maildrop would need to check for that 
header and deliver to the Sent folder.

Seems reasonably straightforward.  I'll give it a shot.


--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] ./configure option to install sendmail in /usr/sbin

[Gordon Messmer]

On 04/14/2016 02:38 AM, cour...@rcdrun.com wrote:
> only that does not install sendmail in /usr/sbin where most other
> software expects it to be.

On rpm based systems, the "alternatives" tool will be used to put 
several links where they're expected:

/usr/sbin/alternatives --install /usr/sbin/sendmail mta 
/usr/lib/courier/bin/sendmail 91 \
--slave /usr/bin/mailq mta-mailq /usr/lib/courier/bin/mailq \
--slave /usr/bin/rmail mta-rmail /usr/lib/courier/bin/rmail \
--slave /usr/bin/newaliases mta-newaliases 
/usr/lib/courier/sbin/makealiases


--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] to much error DNS lookup failed, but testsmxloookup show good

[Gordon Messmer]

On 04/13/2016 03:06 PM, PICCORO McKAY Lenz wrote:
> a question, why before was working and then now not? the only change 
> was a ip change, due are dhcp!

I don't know, but I might guess that the IP address that was previously 
assigned to your host had a PTR record in DNS that contained a fully 
qualified hostname.  When the system booted, it may have got an address 
from DHCP, looked up the PTR using DNS, and then set the hostname.  
That's the standard behavior for Red Hat derived systems.

--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] to much error DNS lookup failed, but testsmxloookup show good

[Gordon Messmer]

On 04/13/2016 03:23 PM, PICCORO McKAY Lenz wrote:
> hi again, setup hostname to localhost.localdomian

Clearly, I should have been more specific.

You must use a fully qualified hostname that resolves in DNS.

/etc/hosts is not used.  localhost.localdomain is not valid.

--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] to much error DNS lookup failed, but testsmxloookup show good

[Gordon Messmer]

On 04/13/2016 02:14 PM, PICCORO McKAY Lenz wrote:
> vnxpos00:/home/lavka# cat /etc/courier/defaultdomain
> vnxpos00
>
> this its correct?

Nope, it requires a fully-qualified hostname.

--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] to much error DNS lookup failed, but testsmxloookup show good

[Gordon Messmer]

On 04/13/2016 12:23 PM, PICCORO McKAY Lenz wrote:
> Apr 13 14:01:36 vnxpos00 courieresmtp: 
> id=4109.570E8E30.68BC,from=,addr=  
> >: DNS lookup failed.
>
> i got ERROR DNS lookup failed, but i'm browsing web with that machine, 
> and with that machine i send this mail!

Set your domain name in /etc/courier/defaultdomain, or properly set your 
host's hostname, or both.

--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Best practice for SMTP level spam filter

[Gordon Messmer]

On 04/11/2016 03:56 PM, Sam Varshavchik wrote:
> maildrop's embedded mode runs for RCPT TO, and DATA commands. 
> Additionally, when using the embedded in the default configuration, 
> Courier will defer, using 4xx, recipients that do not have the 
> embedded mode filter activated. 

Thanks for clarification.  Obviously, I don't work with the 
localmailfilter much.

So, Courier runs the localmailfilter API for users who have it enabled, 
and defers the rest, so there are two deliveries expected, right?  How 
does it handle the return code for the content filter if only one of a 
set of recipients rejects the content?

--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] handle spam

[Gordon Messmer]

On 04/09/2016 09:25 AM, SZÉPE Viktor wrote:
> Looking at Gordon's greylist.py that would be the "remember" part, and
> combining it with DNSBL lookup from whitelist_dnswl.py ...
> but:(  I am not a python developer.

Sounds like another use case for making individual filters conditional.  
It's on my list, but I haven't put a lot of time into that code lately.

--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Best practice for SMTP level spam filter

[Gordon Messmer]

On 04/11/2016 12:22 PM, Jeff Potter wrote:
> Gordon, could one potentially change the replies after the first RCPT TO to 
> 4xx responses, to ensure the incoming message is being delivered to exactly 
> one user?

Not exactly.  Courier's mail filtering API only issues one call, after 
the body is available.  There's a separate API to run users' mail 
filters with maildrop's embedded mode, but unlike Sendmail's milter API, 
Courier's API isn't available at every stage of the SMTP conversation.

Could it be?  You could probably patch milter support into the Courier 
SMTP server, sure.

> Admittedly, this would require a change inside courier itself (unless MAXRCPT 
> applies to incoming SMTP transactions too?), and I could see poorly 
> implemented SMTP servers trying to deliver getting gummed up by it…

Well implemented or poorly, you'd be forcing retransmissions for every 
user.  If there were no delays, that'd merely increase your bandwidth 
utilization.  Proper implementations are going to back off on 
retransmissions, though, so every user after the first is going to get 
that message much later than the first delivery.


--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Best practice for SMTP level spam filter

[Gordon Messmer]

On 04/09/2016 09:19 PM, Bernd Wurst wrote:
> We use delivery by .courier files for both, local user accounts /
> aliases and virtualdomains. Spam filtering happens with some custom
> scripts inside the .courier files and therefore only deletion, sorting
> or bouncing is available.

Bouncing mail, especially spam, after it's accepted is a terrible idea.  
In .courier and .mailfilter, you should only deliver or drop mail.

> We need to give users a choice about spam filtering, so the filter must
> have some "don't scan for these recipients" list. If the filter could
> use custom spamassassin config and bayes-DB, this would be great but
> it'll also work without that.

SMTP doesn't really work that way.

It's possible to scan the message during SMTP.  It's possible to deliver 
or drop on a per-recipient basis, as well.  You simply mark the message 
delivered for those recipients who wouldn't want to receive it.  
However, there's only one response to the sender.  If you reject the 
message, which was your stated goal, then no one gets the message.

Most mail gateways that I've worked with deal with this by rejecting 
mail when no recipients would accept the message.  For messages with 
mixed results, the message is accepted and delivered to some and 
quarantined for others.

pythonfilter has support for quarantining messages.


--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/
gampad/clk?id=1444514301&iu=/ca-pub-7940484522588532
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] How to disable ipv6

[Gordon Messmer]

On 03/30/2016 05:02 PM, Sam Varshavchik wrote:
> As such, in order for IPv6 reverse DNS to work, your internet provider 
> has to delegate reverse DNS to you.

They could, but I'm not sure why they would have to.

Most of the ISPs and hosting providers that I've worked with (Integra, 
Qwest, Comcast Business, NetRiver, etc) do not delegate reverse DNS, but 
do update PTRs for their customers upon request.

--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] error setting STARTTLS when send, unable to set security mode

[Gordon Messmer]

On 03/17/2016 09:44 AM, PICCORO McKAY Lenz wrote:
> 2016-03-17 11:49 GMT-04:30 Gordon Messmer  <mailto:gordon.mess...@gmail.com>>:
>
> Is it executable by the user that esmtpd is running as?  Use "ps aux |
> grep esmtpd.pid" to check the UID of the esmtpd process.
>
> yes verified, but i not taking on the server side, i'm taking on the 
> client side, on server side all are ok and are STARTTLS required and 
> cappable

If the server offers STARTTLS, then you need to make sure that the 
executable referenced in the "COURIERTLS" setting in 
/etc/courier/courierd on the client is executable by the user that 
courierd runs as, and ESMTP_USE_STARTTLS is set to "1".

Those are the only settings that matter here.  If it's not working, look at:

$ egrep 'userid|^COURIERTLS|^ESMTP_USE_STARTTLS' /etc/courier/courierd
# permissions, with only userid/groupid changed to match the account's.
#  yourself, and it must be owned by the "daemon" userid.
ESMTP_USE_STARTTLS=1
COURIERTLS=/usr/lib/courier/bin/couriertls

$ ls -l /usr/lib/courier/bin/couriertls
-r-xr-xr-x. 1 bin bin 77552 Jul  5  2015 /usr/lib/courier/bin/couriertls*

And if that looks fine, then you probably need to resort to dumping 
network traffic.  Something is broken, and you haven't given us enough 
information to know what:

tcpdump -nn -s0 -A port 25 and host eldominio.net.ve


--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] error setting STARTTLS when send, unable to set security mode

[Gordon Messmer]

On 03/17/2016 01:37 PM, PICCORO McKAY Lenz wrote:
> i researching, whell i used the 0.62 version, seems here startls are 
> not the default

Looks like it's on by default in 
http://packages.ubuntu.com/wily/amd64/courier-mta/download

--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] error setting STARTTLS when send, unable to set security mode

[Gordon Messmer]

On 03/17/2016 07:10 AM, PICCORO McKAY Lenz wrote:
>
> but either /usr/lib/courier/bin/couriertls (specified in COURIERTLS in
> the esmtpd file) is not executable,
>
> verified and its executable! works perfectly i read manual about if 
> this program are not present in installation will not work, and i have 
> it and works!

Is it executable by the user that esmtpd is running as?  Use "ps aux | 
grep esmtpd.pid" to check the UID of the esmtpd process.
>
> or /usr/lib/courier/share/esmtpd.pem
> (specified in TLS_CERTFILE in the esmtpd file) does not exist, or
> cannot
>
> are readed and works! inclusive! i used (to test) in the web server! 
> works!

The web server's ability to read the certificate tells us nothing about 
whether esmtpd can read it.  Check the UID of the process, and the 
permissions of the file.

> I read about the option "ESMTP_TLS_REQUIRED" ummm there's other that 
> maybe set to always encrypt all the mail send to other servers?

I think you're missing the fact that Courier uses one process to send 
mail and another to receive mail.

The ESMTP_TLS_REQUIRED setting affects courieresmtpd, which receives 
mail.  If you set it, you will refuse mail from clients that don't STARTTLS.

Mail is sent by courierd (actually courieresmtp), which gets its 
configuration from /etc/courier/courierd.  As far as I know, there is no 
setting to *require* that recipients have TLS.  Courier uses 
opportunistic encryption.  If the recipient server advertises TLS, it 
will be used.  If the recipient doesn't have TLS, it will be sent 
without encryption.

A long time ago, I wrote a patch that did provide such a setting, but I 
have no idea if it works any more:
http://phantom.dragonsdawn.net/~gordon/courier-patches/courier.reqtls.patch

In any case, you should start troubleshooting by verifying that the 
destination can STARTTLS.  Log in to the server where you're sending 
mail and use openssl's s_client to try to connect.  Make sure you use 
the hostname of the server which is the MX for eldominio.net.ve:

openssl s_client -connect eldominio.net.ve:25 -starttls smtp -crlf


--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] error setting STARTTLS when send, unable to set security mode

[Gordon Messmer]

On 03/17/2016 11:34 AM, PICCORO McKAY Lenz wrote:
>
> ESMTP_USE_STARTTLS=1
>
> That's was the solution, setting that solved the problem!

Perfect.  Note that this *is* the default configuration.  Did you change 
it previously, or is the Ubuntu maintainer turning that off for some reason?


--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] error setting STARTTLS when send, unable to set security mode

[Gordon Messmer]

On 03/16/2016 06:16 AM, PICCORO McKAY Lenz wrote:
> Mar 10 07:35:40 vnxpos00 courieresmtp: 
> id=00094183.56E08E51.488D,from= .
> ve>,addr= >: 400 STARTTLS is required 
> first.

The server at "eldominio.net.ve" appears to be a Courier server, correct?

If so, you have probably set ESMTP_TLS_REQUIRED in /etc/courier/esmtpd, 
but either /usr/lib/courier/bin/couriertls (specified in COURIERTLS in 
the esmtpd file) is not executable, or /usr/lib/courier/share/esmtpd.pem 
(specified in TLS_CERTFILE in the esmtpd file) does not exist, or cannot 
be read by the user as which courieresmtpd runs.

--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] error setting STARTTLS when send, unable to set security mode

[Gordon Messmer]

On 03/15/2016 02:29 PM, PICCORO McKAY Lenz wrote:
> i intall as i mention as standar with all features, when i send a mail 
> without the -S parameter, got also and error that said starttls its 
> required!

Please include the complete entry from the log.

--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] error setting STARTTLS when send, unable to set security mode

[Gordon Messmer]

On 03/15/2016 01:51 PM, PICCORO McKAY Lenz wrote:
> i compiled with all supported featured then install and then try7 to 
> send and got the error that i mention in my firts mail

I wish I knew hot to be more clear about this.

Your first email documents a failure that happened because you used "-S 
STARTTLS."

Don't use "-S STARTTLS"

Just send an email normally.  If the remote side advertises STARTTLS, 
Courier will use it.

If it doesn't work, then tell us what the logs said when you don't use 
"-S STARTTLS"


--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] error setting STARTTLS when send, unable to set security mode

[Gordon Messmer]

On 03/14/2016 06:34 PM, PICCORO McKAY Lenz wrote:
> i mean, i
> need to send a mail to a mail domain that requires message must be
> encrypted .. ashttps://en.wikipedia.org/wiki/STARTTLS  ?

If the remote domain is capable of STARTTLS, it will be used.  You don't 
have to take any special steps.

--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] error setting STARTTLS when send, unable to set security mode

[Gordon Messmer]

On 03/11/2016 05:23 PM, PICCORO McKAY Lenz wrote:
> my remote dain has startls, so from other server cannot send to that domain..

I'm sorry, I don't know what you mean.

> and in my documentation does not said that!
> was always propietary?

The man page for sendmail, where I assume you find "-S STARTTLS" to 
begin with says, "This is a Courier-specific extension that uses a 
Courier-specific SMTP extension."

...which is another way of saying that it is proprietary.  And as far as 
I know, it has always said that.

--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] error setting STARTTLS when send, unable to set security mode

[Gordon Messmer]

On 03/10/2016 07:21 AM, PICCORO McKAY Lenz wrote:
> How can i send main with courier wrapper sendmail due i cannot send
> using starttls mails to servers that need this!!!
> echo "Subject: tests" | /usr/sbin/sendmail -S starttlsreceivedm...@gmail.com

As described in the documentation, that is a proprietary Courier extension.

STARTTLS will be used whenever it is available on a remote domain. You 
don't need to specify "-S STARTTLS"

--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] [courier-pythonfilter] comeagain proposed patch

[Gordon Messmer]

On 03/08/2016 05:21 PM, Jérôme Blion wrote:
> What do you think about that? 

I'd like to do something more general to make filters conditional on the 
results of others, but I haven't given it the time...

Maybe something like:

whitelist_auth conditional
comeagain if not whitelist_auth
attachments
spamassassin
clamav
log_aliases
noduplicates

Wouldn't be very hard to parse.  Any better ideas?

--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] blacklist for courier how?

[Gordon Messmer]

On 03/03/2016 06:32 PM, PICCORO McKAY Lenz wrote:
2016-03-02 21:38 GMT-04:30 Gordon Messmer <mailto:gordon.mess...@gmail.com>>:

my courier used the OS pam authentication

...

my port 25 its authenticated by default... and also the ssl port too


I'm not sure what you mean by "authenticated by default."  It either 
allows authentication, or it does not.  And if it allows authentication, 
then it also allows relaying.


The simple solution would be to disable authentication on port 25. If 
users aren't going to relay, there's probably no reason to authenticate 
themselves.  It modifies a header, but it otherwise not useful.


Leave authentication on port 587, and modify /etc/pam.d/esmtp.  You 
could add pam_access to restrict authentication to specific users.


I want to CLARIFY THAT THE FILTER MANPAGE ARE VERY VAGE OR GENERIC and 
laks of examples.. so thanks for the examples u put to me below


I don't think that's true.  They accurately describe a complex 
interface.  Most of that complexity is handled in the perl and python 
APIs, but I still think the simplest way to accomplish your goal is 
simply to filter authentication with existing components, rather than 
writing your own.


--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] blacklist for courier how?

[Gordon Messmer]

On 03/01/2016 05:35 PM, PICCORO McKAY Lenz wrote:
> 2016-03-01 14:05 GMT-04:30 Gordon Messmer  <mailto:gordon.mess...@gmail.com>>:
>
> Any user that authenticates is allowed to relay, so I'd think
> that's the
> part you need to protect.
>
> any user can sent to internal domain so that no so "so" protected but
> yes, in this part i need to filter as u suggested in the next part
>
> One option would be to disallow ESMTP authentication entirely on
> whatever server the users are using, and to set up a separate mail
> relay
> server where you can filter authentication to only specific
> whitelisted
> users.
>
> This solution its too complicated, inplicts another server, we must 
> keep simple and single..

Writing  a courierfilter is more complicated than putting up an instance 
of Courier's SMTP server whose only purpose is to relay mail for select 
authenticated users.

In fact, you might not even need a separate instance, depending on how 
your users are configured now.  If your users aren't using SMTP MSA, 
then edit /etc/courier/esmtp-msa and configure the service for 
authentication.  The method by which you filter users in the 
authentication depends on which auth service you use.

Everyone else, who doesn't need to relay, should use SMTP on port 25.  
/etc/courier/esmtpd should have ESMTPAUTH set to "" so that 
authentication is disabled.

> THIS IST LIKE I NEED:
>
>
> Another would be to allow authentication, but use a courierfilter to
> check the sender and recipients and apply a local policy to allow or
> deny relaying messages.
>
>
> NOW: my SMTP courier-mta its all authenticated, noone can sent without 
> auth,
>
> so as u mention i need to setup that "courierfilter" how could i do 
> this!!!

See "MAIL FILTER IMPLEMENTATION":
http://www.courier-mta.org/courierfilter.html

I maintain a python framework for writing filters.  There's a perl 
framework as well.  Courier ships with a couple of examples that don't 
use either.

http://phantom.dragonsdawn.net/~gordon/courier-pythonfilter/
http://search.cpan.org/dist/Courier-Filter/

--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] How do I make BLOCK2 available to maildrop in delivery mode?

[Gordon Messmer]

On 03/01/2016 05:01 AM, Christopher Rüprich wrote:
> I'd like to make
> the result available to a maildrop-script in delivery mode, so I can
> deliver junk-mails directly to the users junk-folder.

No such feature exists, AFAIK.

While it's slightly ugly, the least amount of work will probably be to 
extract the sender's address from the headers and look up the RBL 
again.  At least the result is likely to be cached...

--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] blacklist for courier how?

[Gordon Messmer]

On 03/01/2016 07:51 AM, PICCORO McKAY Lenz wrote:
> i mean, user"pepet...@dominio.co"  can send mails to externals but
> rest of users does not able to send outside domain ...

Any user that authenticates is allowed to relay, so I'd think that's the 
part you need to protect.

One option would be to disallow ESMTP authentication entirely on 
whatever server the users are using, and to set up a separate mail relay 
server where you can filter authentication to only specific whitelisted 
users.

Another would be to allow authentication, but use a courierfilter to 
check the sender and recipients and apply a local policy to allow or 
deny relaying messages.

--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Re-processing dropped mail (in /var/mail/$USER) through Courier/procmail

[Gordon Messmer]

On 02/29/2016 03:56 AM, Greg Earle wrote:
> (Forgive the Senior Moment - I know I was able to do this once before,
> but I've forgotten how.)

I believe you were looking for "formail -s" which is also part of the 
procmail package.  You could use Courier's sendmail to re-inject the 
messages in the queue, but since you know the delivery command and are 
operating on just one user, I can't think of a reason to do that rather 
than "formail -s /usr/local/bin/procmail"

(I'd think preline would not be required at this point, but I might be 
wrong.)

--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] problem with authentication modules

[Gordon Messmer]

On 02/18/2016 09:49 AM, György Kövesdi wrote:
>   An error occurred while sending mail. The mail server responded:
>   Mailbox unavailable .

Sounds like a delivery failed to that mailbox.  Check your logs for 
messages that were accepted and then failed to deliver to the maildir.  
Figure out what caused the failure and prevent it from happening again.  
When the message is delivered, the mailbox should be available again.

--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] using .mailfilters

[Gordon Messmer]

On 02/09/2016 10:55 AM, André Rothe wrote:
> The .mailfilter calls a Bash script, which builds a current list of
> ruleset files, which the .mailfilter includes again.

And if you have two simultaneous deliveries, there is some risk that 
mailfilters/list will be empty when one of the maildrop processes opens 
it to "include" it.



--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] using .mailfilters

[Gordon Messmer]

On 02/09/2016 07:19 AM, André Rothe wrote:
> My first idea was to include the files witin .mailfilter:
> include "/path/to/my/home/.mailfilters/*"

.mailfilters is used by maildrop's embedded mode.  Those files should 
not be mixed with delivery mode instructions (the .mailfilter file), AFAIK.

As far as I can tell, "include" doesn't support globs, either.

--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] What config option controls -access=

[Gordon Messmer]

On 01/01/2016 07:48 PM, Mark Constable wrote:
> I'm actually helping the guy putting some 0.75
> *buntu packages together

... while we're talking about it, why is he re-writing the init script, 
anyway?  It seems to me that most of the problems that Debian and Ubuntu 
users have with Courier are packaging bugs.  I think it'd be easier to 
help them if the package maintainer provided Courier with minimal or no 
changes, and addressed any issues that they have with the scripts 
upstream (here).

--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] setgid(1) and setuid(1)

[Gordon Messmer]

On 01/02/2016 01:22 AM, Mark Constable wrote:
> My question; does that setgid(1) and setuid(1) mean to change to the
> uid:gid of 1:1?

Yes.

> Which probably means the packages I am testing are built with some kind
> of internal daemon:daemon permissions whereas all external files are
> given courier:courier, ie;...
>
> ./esmtpd:MAILGROUP=courier
> ./esmtpd:MAILUSER=courier

That's correct.  The uid and gid that Courier will use are set at 
compile time.

--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] What config option controls -access=

[Gordon Messmer]

On 01/01/2016 07:48 PM, Mark Constable wrote:
> These new 0.75 deb packages for "wily" (15.10) are proving ornery
> because the packager has changed uid:gid from the previous "daemon"
> user that Debian has used for a decade to the more common "courier"
> user (in line with Archlinux and maybe RH/Centos). IMAP is working
> okay but I'm seeing strange behavior with esmtpd.

Yeah, switching UIDs is not to be taken lightly.  It will probably break 
working installations, and I tend to think that sort of thing drives 
users away.

If the maintainer is intent on this, you'll need to include a 
post-install script that fixes the uid and gid of everything that the 
various pieces of courier have created, including files in /etc/courier, 
/usr/lib/courier, and /var/spool/courier, or whatever layout is used on 
Debian.

And for what it's worth, the rpm packages use "daemon" unless there's a 
courier user present in the build environment.  If you use mock (and you 
should), that means that "daemon" is the standard user.

--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] What config option controls -access=

[Gordon Messmer]

On 12/31/2015 10:01 PM, Mark Constable wrote:
> My /etc/courier/imapd file has ACCESSFILE=/etc/courier/smtpaccess and yet
> these 2 daemon instance below show -access=.dat.
>
> Where do I set whatever affects the -access argument?

/usr/lib/courier/sbin/imapd references $IMAPACCESSFILE

--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Storing the original recipient

[Gordon Messmer]

On 12/21/2015 04:31 PM, Ángel González wrote:
> The Received line would be an unobstrusive place to put it (written in
> submit.C:getrcpts(), where it's available), at least for single-
> recipient mails. But just a line at mail.log would work, too.

pythonfilter has a filter that does exactly that:
http://phantom.dragonsdawn.net/~gordon/courier-pythonfilter/latest/filters/log_aliases.py

--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] too few deliveries

[Gordon Messmer]

On 12/11/2015 05:15 AM, Szépe Viktor wrote:
> I've set MAXDELS to 100 and I expect Courier to deliver to 100 servers
> simultaneously.
> But I cannot reach it.

Try "courier flush"

The "MAX" setting is just that: a cap.  It doesn't mean that courier 
will always attempt 100 deliveries simultaneously.  The only time you'd 
expect that to happen is when 100 or more messages were queued, at 
approximately the same time, to 100 or more domains.

Courier pipelines messages to the same domain through the same pipe.  
That optimization can cut out a lot of overhead, including fewer 
processes on your server handling messages to that domain.

You should also know that each message has its own schedule.  If 
delivery is attempted and fails, that message will be left in the queue, 
idle, for a period specified by the "esmtpdelay" setting. Read the 
"courier" man page section on "esmtpdelay" for lots of information about 
message handling.  In short, though, courier won't keep its MAXDELS full 
if the messages not currently active have their next delivery attempt 
scheduled at some time in the future.



--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] performance question

[Gordon Messmer]

On 11/12/2015 04:45 AM, Jan Müller wrote:
> 13gb email in user inboxes (6 users)
...
> Also, we are having problems with Thunderbird, our current imap 
> client. It's slow. It's global index, which should speed up searching, 
> has many UX problems and does not find every message. Any suggestions 
> for good windows imap client would be appreciated too.

As you evaluate other clients, you should keep in mind the possibility 
that the problem isn't in Thunderbird, at all.

When an IMAP client synchronizes with a server, it retrieves a complete 
list of messages in the folder that it's synchronizing from the server.  
It compares that list to the data on disk, removes messages from disk 
that aren't on the server any longer, and fetches individual messages 
that it doesn't have.

There are a couple of things that could be very slow about that. The 
first is that Thunderbird defaults to an mbox storage for mail folders.  
In order to do anything but append new messages, it has to re-write the 
entire file.  That'll happen occasionally when Thunderbird "compacts 
folders," and when that happens it's going to be a prolonged, 
disk-intensive process for multi-gigabyte folders. The other is that 
every time Thunderbird opens a folder with tens of thousands of 
messages, the sync process can create a lot of network traffic, and a 
lot of disk activity on the server.

You might be able to find a client with better local storage than 
Thunderbird, but you can't avoid the latter problem as long as you're 
using IMAP.  Big folders will always suck.  There's really only one good 
way to use IMAP:  The Inbox should have only messages that require 
action.  Once a message has been handled, or read with no required 
action, it should be archived.

Thunderbird makes that process easy.  Just press 'a' on the keyboard 
when you're done with a message.  And used in that way, I've seen very 
large accounts perform very well and have no problems with the search tool.

No matter what your client is, huge Inboxes are difficult to support.

Good luck.

--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Pythonfilter - Variation in spammer NS behavior

[Gordon Messmer]

On 09/24/2015 08:00 AM, Lindsay Haisley wrote:
> Gordon, your thoughts?

The one thing that consistently seems to be missing from your analyses 
is a review of legitimate mail.

name-services.com appears to be used by eNom, Name Cheap, and 
Rackspace.  I'm sure that it's used by a lot of spammers, but I'd 
imagine that a good number of legitimate domains use those servers as well.

In order to reduce the effect of false positives, I think this should 
probably be a module for SpamAssassin, so that it can contribute to a 
robust scoring system.  pythonfilter doesn't do that sort of thing.

Other than that, rate limiting based on the DNS servers is probably 
fine.  I'd suggest a few items for implementation: cache the value of 
your lookups, limit the depth of your recursion, and watch for loops.

--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Messages to a non-existing address

[Gordon Messmer]

On 09/18/2015 01:23 PM, Alexey Mishustin wrote:
> But why is it being delivered to /var/spool/mail?

Because you have a user named "mail" and that is its home directory:

$ getent passwd mail
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

As a standard practice, you should make that address a spamtrap. Edit 
/etc/courier/bofh and add one line:

spamtrap mail@YOUR.HOSTNAME

Run courier restart, then test to verify that mail to that address is 
rejected.

--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] courier-pythonfilter with Python3

[Gordon Messmer]

On 07/25/2015 01:12 AM, Szépe Viktor wrote:
> Does anyone have experience with courier-pythonfilter in Python3?
> Modern OS-es have Python3 as a standard package.

Sorry about no answer earlier.  I've been very busy lately, and just 
returned home from my honeymoon.

pythonfilter hasn't been ported to Python 3 yet, sadly.  I target 
deployment on RHEL/CentOS, where Python 2 is still the only version 
installed by default.  Python 3 is available, of course, but I'm slow to 
make changes where there's not a compelling reason to do so.

If you're interested in contributing patches, I'd like to maintain 
Python 2 compatibility for the near future.  That might mean using the 
"six" module, as Django does.  Otherwise, I'll probably get to porting 
at some point, but don't have a time frame.  pythonfilter is pretty 
small, so it probably won't take very long once someone starts.

--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] fetchmail + maildrop to virtual user

[Gordon Messmer]

On 07/12/2015 10:37 AM, Lucio Crusca wrote:
>   mda '/usr/bin/maildrop -dlu...@sulweb.org'
...
> How do I configure fetchmail and maildrop with virtual users?

'-d' might be restricted?  Try running fetchmail without the "mda" 
specified at all.  Fetchmail will deliver through SMTP, where we presume 
your virtual users are working correctly.

--
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Icedove + Roundcube don't get along anymore with Courier

[Gordon Messmer]

On 07/08/2015 09:32 AM, Julien Patriarca wrote:
> // --
> // IMAP
> // --
> $rcmail_config['default_host'] = 'ssl://localhost';

That's not going to work unless "localhost" is in the certificate 
SubjectAltName or CN.  Use the hostname that appears in the certificate.

--
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users