Re: [courier-users] SMTP TLS, mta sends to our mta
InterNetworX | Michael Rößler writes: Hello @ll, I have sometimes problems when somebody send us email over starttls (sometimes it works). As followed a snippet from mail.log: Mar 6 13:38:08 localhost courieresmtpd: started,ip=[:::x.x.x.x] Mar 6 13:38:09 localhost courieresmtpd: courieresmtpd: STARTTLS failed: couriertls: accept: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number These are the config-files #/etc/courier/esmtpd TLS_PROTOCOL=TLS1 TLS_CIPHER_LIST is unconfigured PORT=smtp #/etc/courier/esmtpd-ssl ESMTPDSSLSTART="NO" TLS_PROTOCOL=TLS1 TLS_CIPHER_LIST is unconfigured SSLPORT=465 ESMTPDSSLSTART="NO" I am not sure if senders mta is the problem or our configuration (Maybe TLS_CIPHER_LIST)? Could it be that some ciphers of TLS1 and SSLv3 are the same? The recommended setting for 0.74 is "TLSv1.1+", as TLSv1, and below are currently considered insecure. You're running an older version, your only option is "SSL23", which accepts all ciphers, including insecure ones. Doesn't really matter, for SMTP, since the default is a fallback to an unsecured connection. pgpbfFfbLH6s1.pgp Description: PGP signature -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] SMTP TLS, mta sends to our mta
Hello @ll, I have sometimes problems when somebody send us email over starttls (sometimes it works). As followed a snippet from mail.log: Mar 6 13:38:08 localhost courieresmtpd: started,ip=[:::x.x.x.x] Mar 6 13:38:09 localhost courieresmtpd: courieresmtpd: STARTTLS failed: couriertls: accept: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number These are the config-files #/etc/courier/esmtpd TLS_PROTOCOL=TLS1 TLS_CIPHER_LIST is unconfigured PORT=smtp #/etc/courier/esmtpd-ssl ESMTPDSSLSTART="NO" TLS_PROTOCOL=TLS1 TLS_CIPHER_LIST is unconfigured SSLPORT=465 ESMTPDSSLSTART="NO" I am not sure if senders mta is the problem or our configuration (Maybe TLS_CIPHER_LIST)? Could it be that some ciphers of TLS1 and SSLv3 are the same? Cheers Michael -- InterNetworX Ltd. & Co. KG Prinzessinnenstr. 30 10969 Berlin Germany Phone +49 30 983 212 - 0 Fax +49 30 983 212 - 90 supp...@inwx.de www.inwx.de Amtsgericht: Berlin-Charlottenburg, HRA 36889 B Geschäftsführung: InterNetworX Ltd. vertreten durch Mario Peschel USt-IdNr.: DE814537105 -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtp starttls problems on "old" server
Matthias Leopold writes: now the server basically works fine, but when i want to use starttls on the smtp connection i get "errno=104" (using openssl s_client). with "openssl s_client -debug" i get 6138:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: A handshake failure is probably a protocol mismatch. Try fiddling with TLS_PROTOCOL. pgpZlD9xhlvyD.pgp Description: PGP signature -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] smtp starttls problems on "old" server
hi, i compiled courier-mta 0.64 on a _rather_ old server (Red Hat Linux release 7.3). i tried to use system libraries as far as possible, for openssl support i had to use a selfcompiled openssl-0.9.8t. after some tweaking the rpsm compiled, including the /usr/lib/courier/bin/couriertls binary. i put the path to my openssl in /etc/ld.so.conf (and used ldconfig). a TLS_CERTFILE does exist and has the right permissions, STARTTLS is correctly advertised. now the server basically works fine, but when i want to use starttls on the smtp connection i get "errno=104" (using openssl s_client). with "openssl s_client -debug" i get 6138:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: 104 is "Connection reset by peer", which is also what thunderbird is telling me. in courier mail log i don't see any errors (except outgoing starttls connections arent working too). i know i have a freaky setup, but since i got so far i really would like to know why starttls isnt working and what else i could do to debug the problem thx very much for any advice matthias -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtp auth howto
David Benfell writes: Hi all, Is there a reasonably up to date HOWTO on getting SMTP authentication working? I don't know of any HOWTO, perhaps that's because there's not really much to document here. It's not clear what you're trying to do. You could mean either Courier using a smarthost for outgoing mail and authenticating to it. Or, having clients authenticate to Courier in order to gain relaying privileges. These are two completely separate things, and have nothing to do with each other. To have Courier authenticate to a smarthost, see "esmtpauthclient" in the courier man page. To enable authentication for relaying privileges, there are instructions in INSTALL, copied here: http://www.courier-mta.org/install.html#esmtpauth. The same code that authenticates IMAP, POP3, and webmail logins also does SMTP authentication, so if you can log into your IMAP mailbox, you can authenticate for relaying privilege, after enabling. That's pretty much it. pgpyiXWGtrbwa.pgp Description: PGP signature -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] smtp auth howto
Hi all, Is there a reasonably up to date HOWTO on getting SMTP authentication working? In the past, I've bypassed this problem by using OpenVPN, and just including my laptop and other systems on the VPN, so that the SMTP daemon could treat them as being on the local network. That doesn't seem to be an option with my Android tablet, which requires root access to install OpenVPN, and for which no exploit seems to be currently working (and even if there were, it might be overridden with the Ice Cream Sandwich upgrade due out shortly). What I'm finding on the web so far just leaves me with the same failure to authenticate I get without having done anything. Thanks! -- David Benfell http://www.parts-unknown.org/ signature.asc Description: Digital signature -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtp auth and blacklists
>> Sorry, but what You mean by "client provides valid SMTP authentication"? User providing correct username/password? It means that if user provide a valid authentication (Username/Pass) then courier will apply Relay privileges and thus he/she will be able to send email to internal and externals domains. Are you using port 25 or secure port? -- This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtp auth and blacklists
Vytautas Kasparavicius writes: Sorry, but what You mean by "client provides valid SMTP authentication"? User providing correct username/password? That's what authentication means. On 2010.06.30 14:08, Sam Varshavchik wrote: Vytautas Kasparavicius writes: Hello, Some of my users reading/sending mail from mobile(GSM) phones. They sending via authenticated smtp sessions. Problem is that most of our provider ip addresses is blacklisted, so users have problems sending mail. Is in courier possibility not to check authenticated smtp sessions ip addresses against blacklists? If the sending IP client provides valid SMTP authentication, Courier should accept mail even if the client's IP address is on some DNSBL. pgpv3or4oGdrK.pgp Description: PGP signature -- This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtp auth and blacklists
Sorry, but what You mean by "client provides valid SMTP authentication"? User providing correct username/password? On 2010.06.30 14:08, Sam Varshavchik wrote: Vytautas Kasparavicius writes: Hello, Some of my users reading/sending mail from mobile(GSM) phones. They sending via authenticated smtp sessions. Problem is that most of our provider ip addresses is blacklisted, so users have problems sending mail. Is in courier possibility not to check authenticated smtp sessions ip addresses against blacklists? If the sending IP client provides valid SMTP authentication, Courier should accept mail even if the client's IP address is on some DNSBL. -- This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users -- This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtp auth and blacklists
Vytautas Kasparavicius writes: Hello, Some of my users reading/sending mail from mobile(GSM) phones. They sending via authenticated smtp sessions. Problem is that most of our provider ip addresses is blacklisted, so users have problems sending mail. Is in courier possibility not to check authenticated smtp sessions ip addresses against blacklists? If the sending IP client provides valid SMTP authentication, Courier should accept mail even if the client's IP address is on some DNSBL. pgpxqQlJSSOSK.pgp Description: PGP signature -- This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] smtp auth and blacklists
Hello, Some of my users reading/sending mail from mobile(GSM) phones. They sending via authenticated smtp sessions. Problem is that most of our provider ip addresses is blacklisted, so users have problems sending mail. Is in courier possibility not to check authenticated smtp sessions ip addresses against blacklists? Thanks. -- This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Blocking order
Lisa Muir writes: Hi Guys, Which check happens first in an SMTP transaction, blacklist checks for sending IP or if the recipient user exists? For example, am I making blacklist lookups for mail to non existent local users? The blacklist is checked first. pgpsIjoHbkr9p.pgp Description: PGP signature -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] SMTP Blocking order
Hi Guys, Which check happens first in an SMTP transaction, blacklist checks for sending IP or if the recipient user exists? For example, am I making blacklist lookups for mail to non existent local users? Thanks, Lisa. -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtp log entries (was: configuration error: mail loops back to myself (MX problem) and smtp log entries)
Peer Oliver Schmidt writes: Sam Varshavchik wrote: Peer Oliver Schmidt writes: Hi, using courier for quite a bit now. Now, I added another mail server on my hosted system, at ip address 88.198.72.26 You need to add an explicit esmtproutes entry for this. Courier sees that this is one of the IP addresses on this machine, however the domain is not recognized as a local domain, hence the error. What actual IP address couriertcpd is configured to listen on, is not relevant. Thank you! Works a treat. Any idea on the smtp logging issue? I only see pop3 messages in mail.log Courier sends all log messages to syslog. Check your syslog configuration. pgpFrYSeLDSPz.pgp Description: PGP signature -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] smtp log entries (was: configuration error: mail loops back to myself (MX problem) and smtp log entries)
Sam Varshavchik wrote: > Peer Oliver Schmidt writes: > >> Hi, >> >> using courier for quite a bit now. >> >> Now, I added another mail server on my hosted system, at ip address >> 88.198.72.26 > > You need to add an explicit esmtproutes entry for this. Courier sees > that this is one of the IP addresses on this machine, however the domain > is not recognized as a local domain, hence the error. What actual IP > address couriertcpd is configured to listen on, is not relevant. Thank you! Works a treat. Any idea on the smtp logging issue? I only see pop3 messages in mail.log -- Best regards Peer Oliver Schmidt PGP Key ID: 0x83E1C2EA -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Smtp auth
mattias writes: Wich account database are use by auth? System users? The same accounts you configured courier-authlib to use. pgpjuTUY4AUM7.pgp Description: PGP signature -- This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Smtp auth
Wich account database are use by auth? System users? -Ursprungligt meddelande- Från: Sam Varshavchik [mailto:mr...@courier-mta.com] Skickat: den 17 januari 2009 02:08 Till: courier-users@lists.sourceforge.net Ämne: Re: [courier-users] Smtp auth mattias writes: > A new try > Are smtp auth active by default in courier smtp? Yes. -- This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Smtp auth
mattias wrote: > A new try > Are smtp auth active by default in courier smtp? You'll have to adjust the ESMTPAUTH and ESMTPAUTH_TLS settings in the esmtpd file. -- This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Smtp auth
mattias writes: A new try Are smtp auth active by default in courier smtp? Yes. pgp48gRr2jMSj.pgp Description: PGP signature -- This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Smtp auth
A new try Are smtp auth active by default in courier smtp? -- This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Auth via SSL/TLS required
Marcus Ilgner pisze: > On Tue, Dec 9, 2008 at 10:16 AM, Paweł Tęcza <[EMAIL PROTECTED]> wrote: >> Sam Varshavchik pisze: >>> Clients are not supposed to authenticate unless the server advertises this >>> capability, however it's possible that buggy clients will blindly try to >>> authenticate even if the server doesn't advertise AUTH support. >> >> But all clients, buggy and not, will not send message via my server if >> they try to use non-encrypted connections. Then they should see an error >> message like "513 Relaying denied.". Right? > > Yes but if I understand correctly the problem in this case is that by > then the password has already been sent over the network without > issuing STARTTLS. Hello Marcus, You're right. It's security problem, but I can't see any good solution here. Probably I can only ask a user to change his password when he will raport us that he is not able to send message without TLS/SSL. My best regards, Pawel -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Auth via SSL/TLS required
On Tue, Dec 9, 2008 at 10:16 AM, Paweł Tęcza <[EMAIL PROTECTED]> wrote: > Sam Varshavchik pisze: >> [UTF-8]Pawe T™cza writes: >> >>> Hello People, >>> >>> Is it possible to force authenticated SMTP relaying only via SSL/TLS? >>> >>> We need to protect the passwords of our users strongly, so they should >>> use secure connection (via SSL) to ESMTP/POP3/IMAP servers. But how can >>> we force the users to use STARTTLS for "normal" ESMTP server which >>> listens on port 25? STARTTLS is only option here, so some users can >>> bypass our security policy. >> >> You can make it a mandatory setting only if it's a dedicated server, by >> setting ESMTP_TLS_REQUIRED. You can't do that if you share the same server >> for incoming mail, and smarthosted mail for your clients. > > Hi Sam, > > Thanks a lot for your reply! I have that server, but I'm affraid that > ESMTP_TLS_REQUIRED setting is too restrictive for me, because I'm not > quite sure that all clients support TLS. > >> An option that may work for you is to remove the ESMTPAUTH setting, and put >> it into ESMTPAUTH_TLS. Courier will advertise no support for authentication >> in non-encrypted connections, and will advertise AUTH support only after >> STARTTLS. This setting only turns off the advertisement for AUTH support. > > I like that option, so I choose it :) > >> Clients are not supposed to authenticate unless the server advertises this >> capability, however it's possible that buggy clients will blindly try to >> authenticate even if the server doesn't advertise AUTH support. > > But all clients, buggy and not, will not send message via my server if > they try to use non-encrypted connections. Then they should see an error > message like "513 Relaying denied.". Right? > > My best regards, > > Pawel > Yes but if I understand correctly the problem in this case is that by then the password has already been sent over the network without issuing STARTTLS. Regards Marcus -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Auth via SSL/TLS required
Sam Varshavchik pisze: > [UTF-8]Pawe T™cza writes: > >> Hello People, >> >> Is it possible to force authenticated SMTP relaying only via SSL/TLS? >> >> We need to protect the passwords of our users strongly, so they should >> use secure connection (via SSL) to ESMTP/POP3/IMAP servers. But how can >> we force the users to use STARTTLS for "normal" ESMTP server which >> listens on port 25? STARTTLS is only option here, so some users can >> bypass our security policy. > > You can make it a mandatory setting only if it's a dedicated server, by > setting ESMTP_TLS_REQUIRED. You can't do that if you share the same server > for incoming mail, and smarthosted mail for your clients. Hi Sam, Thanks a lot for your reply! I have that server, but I'm affraid that ESMTP_TLS_REQUIRED setting is too restrictive for me, because I'm not quite sure that all clients support TLS. > An option that may work for you is to remove the ESMTPAUTH setting, and put > it into ESMTPAUTH_TLS. Courier will advertise no support for authentication > in non-encrypted connections, and will advertise AUTH support only after > STARTTLS. This setting only turns off the advertisement for AUTH support. I like that option, so I choose it :) > Clients are not supposed to authenticate unless the server advertises this > capability, however it's possible that buggy clients will blindly try to > authenticate even if the server doesn't advertise AUTH support. But all clients, buggy and not, will not send message via my server if they try to use non-encrypted connections. Then they should see an error message like "513 Relaying denied.". Right? My best regards, Pawel -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Auth via SSL/TLS required
Bernd Wurst pisze: > Hallo. > > Am Montag, 8. Dezember 2008 schrieb Paweł Tęcza: >> We need to protect the passwords of our users strongly, so they should >> use secure connection (via SSL) to ESMTP/POP3/IMAP servers. But how can >> we force the users to use STARTTLS for "normal" ESMTP server which >> listens on port 25? STARTTLS is only option here, so some users can >> bypass our security policy. > > Yes, same policy here. :) > We do not offer *any* login without secure connection. > > For SMTP, we have set: > > $ grep ^ESMTPAUTH /etc/courier/esmtpd > ESMTPAUTH="" > ESMTPAUTH_TLS="PLAIN LOGIN" > > > So courier does not offer any authentication methods before switching to TLS > mode. > > Gruß, Bernd Guten Tag Bernd :) Thank you very much for your feedback! I've just noticed that I forgot to say about ESMTPAUTH_TLS setting in my second post. It's very important. Probably Courier will not switch to TLS mode without it. Sam, could you please add that "howto" to "OPTIONAL: Configure ESMTP authentication and SSL" section at your Courier-MTA website [1]? Have a nice day, Pawel [1] http://www.courier-mta.org/install.html#esmtpauth -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Auth via SSL/TLS required
[UTF-8]Pawe Tcza writes: Hello People, Is it possible to force authenticated SMTP relaying only via SSL/TLS? We need to protect the passwords of our users strongly, so they should use secure connection (via SSL) to ESMTP/POP3/IMAP servers. But how can we force the users to use STARTTLS for "normal" ESMTP server which listens on port 25? STARTTLS is only option here, so some users can bypass our security policy. You can make it a mandatory setting only if it's a dedicated server, by setting ESMTP_TLS_REQUIRED. You can't do that if you share the same server for incoming mail, and smarthosted mail for your clients. An option that may work for you is to remove the ESMTPAUTH setting, and put it into ESMTPAUTH_TLS. Courier will advertise no support for authentication in non-encrypted connections, and will advertise AUTH support only after STARTTLS. This setting only turns off the advertisement for AUTH support. Clients are not supposed to authenticate unless the server advertises this capability, however it's possible that buggy clients will blindly try to authenticate even if the server doesn't advertise AUTH support. pgpar3gFZPnyN.pgp Description: PGP signature -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Auth via SSL/TLS required
Hallo. Am Montag, 8. Dezember 2008 schrieb Paweł Tęcza: > We need to protect the passwords of our users strongly, so they should > use secure connection (via SSL) to ESMTP/POP3/IMAP servers. But how can > we force the users to use STARTTLS for "normal" ESMTP server which > listens on port 25? STARTTLS is only option here, so some users can > bypass our security policy. Yes, same policy here. :) We do not offer *any* login without secure connection. For SMTP, we have set: $ grep ^ESMTPAUTH /etc/courier/esmtpd ESMTPAUTH="" ESMTPAUTH_TLS="PLAIN LOGIN" So courier does not offer any authentication methods before switching to TLS mode. Gruß, Bernd -- Hängt die Grünen, solange es noch Bäume gibt! - Mehmet Scholl (dt. Fußballer) signature.asc Description: This is a digitally signed message part. -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Auth via SSL/TLS required
Paweł Tęcza pisze: > Hello People, > > Is it possible to force authenticated SMTP relaying only via SSL/TLS? > > We need to protect the passwords of our users strongly, so they should > use secure connection (via SSL) to ESMTP/POP3/IMAP servers. But how can > we force the users to use STARTTLS for "normal" ESMTP server which > listens on port 25? STARTTLS is only option here, so some users can > bypass our security policy. I've found the solution. It seems that I have full effect if I disable all ESMTP authentication mechanisms supported by Courier: sudo vim /etc/courier/esmtpd ESMTPAUTH="" I hope it can be interesting tip for you. Cheers, P. -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] SMTP Auth via SSL/TLS required
Hello People, Is it possible to force authenticated SMTP relaying only via SSL/TLS? We need to protect the passwords of our users strongly, so they should use secure connection (via SSL) to ESMTP/POP3/IMAP servers. But how can we force the users to use STARTTLS for "normal" ESMTP server which listens on port 25? STARTTLS is only option here, so some users can bypass our security policy. My best regards, Pawel -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Delay
Glenn Martin a écrit : > I was wondering if im missing something with SMTP. There appears to be a > delay when sending mail. I bet its trying to resolve the incoming IP because > if you send 2 emails at once or within a certain time frame theres no delay, > any idea what this is or how to delete it? > > Thanks > Glenn R. Martin > http://www.courier-mta.org/FAQ.html#esmtptimeout - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Delay
DNS problems could be related to your local DNS resolver having trouble reverse-resolving incoming SMTP client relay connection, finding MX records of your destination host, or remote hosts having trouble reversing the source of your outgoing messages. Try testmxlookup(8) on your Courier system: $ time testmxlookup expedient.net Domain expedient.net: Relay: mx.expedient.net, Priority: 0, Address: 209.166.161.227 real0m0.016s user0m0.004s sys 0m0.001s Also, any warinings / errors in your maillog (look for information about delayed deliveries/warnings)? ~BAS On Thu, 25 Sep 2008, Glenn Martin wrote: > I was wondering if im missing something with SMTP. There appears to be a > delay when sending mail. I bet its trying to resolve the incoming IP > because if you send 2 emails at once or within a certain time frame > theres no delay, any idea what this is or how to delete it? > > Thanks > Glenn R. Martin > > - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] SMTP Delay
I was wondering if im missing something with SMTP. There appears to be a delay when sending mail. I bet its trying to resolve the incoming IP because if you send 2 emails at once or within a certain time frame theres no delay, any idea what this is or how to delete it? Thanks Glenn R. Martin - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtp speed
Am 2008-08-06 22:32:27, schrieb Jan Müller: > I also have this "problem". Sending mail takes about 10 seconds. Weird > thing is, that it takes 9 of those 10 seconds before anything appears > in the log, then it works quickly. I am runnin Debian GNU/Linux 4.0/Etch and mail:~# apt-cache policy courier-mta courier-mta: Installed: 0.53.3-5 Candidate: 0.53.3-5 Version table: *** 0.53.3-5 0 500 file: etch/main Packages 100 /var/lib/dpkg/status And have exactly the same problem. > Server is modern dual core system, 1g ram. server is lightly loaded, 5 > users. Imap is very swift. I tried the -noidentlookup switch, also > nodnslookup, no change. I run a Quad-Xeon with 8 GByte of memory and Raid-1 plus Hotfix > Recieving mail from outside host is quite fast, no problems there. I > have no spam filtering, only blacklist, but quering is not working on > internal conections, which is OK. I have spam filtering (spamassassin) plus virus filtering (clamav-new) and the Server handel over 20 messages per second... where I receive arround 50.000 legitim messages and over 400.000 spam currently. Even if I stop "inbound" smtp, wnd reboot the machine, it is the same result. I have tested it on my Intranet Server "samba3" which is an older Zenith Data Systems "Express 5800MH" (Quad-Xeaon 500 MHz with 4 GByte) with "apache2", "php5", "nfs-kernel-server", "sshd", "pootle" and "courier-mta/imap" and it is the same problem. Running "bind9" on the same machine is VERY fast (only 1-3ms to access). Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 +49/177/935194750, rue de Soultz MSN LinuxMichi +33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtp speed
Jan Müller writes: I also have this "problem". Sending mail takes about 10 seconds. Weird thing is, that it takes 9 of those 10 seconds before anything appears in the log, then it works quickly. This must be a stalled DNS lookup. Recieving mail from outside host is quite fast, no problems there. I have no spam filtering, only blacklist, but quering is not working on internal conections, which is OK. No, it's not OK. That's precisely the problem. Courier tries to resolve your internal IP's reverse DNS, and probably ends up waiting until your local DNS server gives up on getting an answer from IANA's DNS servers, for IANA's reserved IP address space. Define reverse DNS records in your DNS server for your internal IPs, and that should fix it. pgph7BKscfyM6.pgp Description: PGP signature - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtp speed
> I also have this "problem". Sending mail takes about 10 seconds. Weird > thing is, that it takes 9 of those 10 seconds before anything appears > in the log, then it works quickly. you might have some blacklists in place. These are consulted (DNS queries) before your mail will be further processed. Of course these DNS queries take some time. Manuel -- - All-Things-Open Projektgruppe [EMAIL PROTECTED] - -BEGIN GEEK CODE BLOCK- Version: 3.1 GCM d-- s:- a? C++$ UL P+> L+++>$ E- W+++$ N+ o-- K- w--$ O+ M+ V PS+ PE- Y+ PGP+ t 5 X R UF !tv b+> DI D+ G+ e> h r y++ --END GEEK CODE BLOCK-- - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtp speed
> In file /etc/courier/esmtpd you will find a line which looks like > this, > TCPDOPTS="-stderrlogger=/usr/sbin/courierlogger" > Change this to look like > TCPDOPTS="-stderrlogger=/usr/sbin/courierlogger -noidentlookup" > This may save some time at the expense of not being able to set the > remote identification string. I also have this "problem". Sending mail takes about 10 seconds. Weird thing is, that it takes 9 of those 10 seconds before anything appears in the log, then it works quickly. Server is modern dual core system, 1g ram. server is lightly loaded, 5 users. Imap is very swift. I tried the -noidentlookup switch, also nodnslookup, no change. Recieving mail from outside host is quite fast, no problems there. I have no spam filtering, only blacklist, but quering is not working on internal conections, which is OK. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtp
thanks this was better -Ursprungligt meddelande- Fran: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Avinash Sultanpur Skickat: den 6 augusti 2008 12:56 Till: courier-users@lists.sourceforge.net Amne: Re: [courier-users] smtp On Wed, Aug 06, 2008 at 12:00:22PM +0200, mattias wrote: > where to add the line > -noidentlookup > In file /etc/courier/esmtpd you will find a line which looks like this, TCPDOPTS="-stderrlogger=/usr/sbin/courierlogger" Change this to look like TCPDOPTS="-stderrlogger=/usr/sbin/courierlogger -noidentlookup" This may save some time at the expense of not being able to set the remote identification string. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtp
On Wed, Aug 06, 2008 at 12:00:22PM +0200, mattias wrote: > where to add the line > -noidentlookup > In file /etc/courier/esmtpd you will find a line which looks like this, TCPDOPTS="-stderrlogger=/usr/sbin/courierlogger" Change this to look like TCPDOPTS="-stderrlogger=/usr/sbin/courierlogger -noidentlookup" This may save some time at the expense of not being able to set the remote identification string. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtp
i not rely understand what do you meen -Ursprungligt meddelande- Fran: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Avinash Sultanpur Skickat: den 6 augusti 2008 11:32 Till: courier-users@lists.sourceforge.net Amne: Re: [courier-users] smtp On Wed, Aug 06, 2008 at 11:13:27AM +0200, mattias wrote: > my smtp are verry slow to accept incomming connections > how to speed up this? You can try adding "-noidentlookup" to the "TCPDOPTS" in /etc/courier/esmtpd. -avinash - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] smtp
where to add the line -noidentlookup - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtp
On Wed, Aug 06, 2008 at 11:13:27AM +0200, mattias wrote: > my smtp are verry slow to accept incomming connections > how to speed up this? You can try adding "-noidentlookup" to the "TCPDOPTS" in /etc/courier/esmtpd. -avinash - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] smtp
my smtp are verry slow to accept incomming connections how to speed up this? - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] [] SMTP FROM Syntax (WAS: RE: DRAC 5 From Line)
Page 30 of rfc821.txt actually indicates that "[123.255.37.2]" is a valid SMTP FROM syntax: ftp://ftp.rfc-editor.org/in-notes/rfc821.txt ::= | "." ::= | "#" | "[" "]" " Sometimes a host is not known to the translation function and communication is blocked. To bypass this barrier two numeric forms are also allowed for host "names". One form is a decimal integer prefixed by a pound sign, "#", which indicates the number is the address of the host. Another form is four small decimal integers separated by dots and enclosed by brackets, e.g., "[123.255.37.2]", which indicates a 32-bit ARPA Internet Address in four 8-bit fields." I'm not surprised that modern MTAs reject it, though. Courier wants nothing to do with it, and I can't blame it. ~BAS On Thu, 2008-04-17 at 15:05 -0400, Brian A. Seklecki wrote: > Also there is a thread on this on the OpenManage forums, but the reply > button is broken so no one can follow-up (Or more likely my PowerConnect > bashing has earned me a read-only status) > > http://www.dellcommunity.com/supportforums/board/message?board.id=pes_othersft&message.id=2542&query.id=196364 > > > ~BAS > > > On Wed, 2008-04-16 at 12:22 -0400, John Bown wrote: > > Now that's old school!!! > > > > -Original Message- > > From: Brian A. Seklecki [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, April 16, 2008 12:17 PM > > To: John Bown > > Cc: linux-poweredge > > Subject: RE: DRAC 5 From Line > > > > > > On Wed, 2008-04-16 at 12:11 -0400, John Bown wrote: > > > Speaking on behalf of the proud citizens of Cleveland, we cordially > > > invite you to send that "stuff" straight up your...Duquesne Incline. > > > > You should have been there when I compared a functional FreeBSD binary > > for Nagios to when Archie Gemmill scored on Holland in 1978. > > > > ~BAS > > > > > > > (I am, of course, kidding. Believe it or not, there are a few > > > Cleveland-ers, like myself, who actually enjoy visiting > > > Pittsburgh...except during football season!) > > > > > > John > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Brian A. > > Seklecki > > > (Mobile) > > > Sent: Sunday, April 13, 2008 1:34 PM > > > To: gregorcy > > > Cc: linux-poweredge > > > Subject: Re: DRAC 5 From Line > > > > > > > > > On Fri, 2008-04-11 at 14:49 -0600, gregorcy wrote: > > > > > > > > >> --Brian > > > > >> > > > > > > I filed bugs with the OpenManage team, the hardware teams, and we even > > > called our sales engineer who sold on the virtues of 9th gen. > > > > > > Ignored by all. > > > > > > The solution is to move away from SMTP event/notification as a > > delivery > > > system and move to SNMP and Syslog. > > > > > > Another solution is to push all of the 9th gen stuff into the Ohio > > River > > > and send it down to Cleveland. > > > > > > ~BAS > > > > > > > where do you file bugs at, it would be really nice to get this to > > > > work. > > > > > > > > > > > > > > > > > > > IMPORTANT: This message contains confidential information and is > > > intended only for the individual named. If the reader of this message > > is > > > not an intended recipient (or the individual responsible for the > > > delivery of this message to an intended recipient), please be advised > > > that any re-use, dissemination, distribution or copying of this > > message > > > is prohibited. Please notify the sender immediately by e-mail if you > > > have received this e-mail by mistake and delete this e-mail from your > > > system. > > > > > > > > > ___ > > > Linux-PowerEdge mailing list > > > [EMAIL PROTECTED] > > > http://lists.us.dell.com/mailman/listinfo/linux-poweredge > > > Please read the FAQ at http://lists.us.dell.com/faq - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Relay
MrOzone writes: Sorry for asking this again, but I am having issues with configuring a box to allow relaying only for specific users. This box will not be listed as a mx server but when we are out of town, it will allow us to authenicate to send email through. Also there are a servers on the same network who need to send email through it but do not need to authenicate to send. So I have done the following changes: Set Auth_login=1 Set where? There is no such setting in any Courier configuration file. under smtpaccess in a file called default i have added the following line 192.168.0 allow,relayclient So when I run makesmtpaccess Then restart courier and everything is required to auth (which is what I want). But I thought that listing that ip range listed in smtpaccess will allow those servers to send without authenicating, but alas they are also required to auth also. Is there a setting that I am missing? If you set AUTH_REQUIRED (and not "Auth_login") in the esmtpd configuration file, remove that setting. You misunderstood its purpose. Authentication is always required for using the server to relay, and is not required to receive mail for local mail delivery. AUTH_REQUIRED forces authentication even for mail addressed to local domains. Furthermore, all settings are case sensitive. The correct setting in smtpaccess is "allow,RELAYCLIENT", and not "allow,relayclient". That disables the requirement to authenticate in order to relay mail. That's the only thing that you need to do. pgphCQdjXVE07.pgp Description: PGP signature - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] SMTP Relay
Sorry for asking this again, but I am having issues with configuring a box to allow relaying only for specific users. This box will not be listed as a mx server but when we are out of town, it will allow us to authenicate to send email through. Also there are a servers on the same network who need to send email through it but do not need to authenicate to send. So I have done the following changes: Set Auth_login=1 under smtpaccess in a file called default i have added the following line 192.168.0 allow,relayclient So when I run makesmtpaccess Then restart courier and everything is required to auth (which is what I want). But I thought that listing that ip range listed in smtpaccess will allow those servers to send without authenicating, but alas they are also required to auth also. Is there a setting that I am missing? Thank you, William - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Auth
Thank you all for the help. The one fact I forgot to mention (and its the most inportant and I apologize) this server should only allow customers to send email through it from outside the network. This is not our main mx/smtp servers. The configuration emtpd for AUTH_REQUIRED is what I needed. I read the documentation, but didnt catch it. Sorry all. Thanks, William On Thu, Apr 17, 2008 at 10:06 AM, Jeff Jansen <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > MrOzone <[EMAIL PROTECTED]> wrote on 2008-Apr-18: > > Ok that's good. But the problem that I'm seeing is someone externally > > can connect to this box and spam to our local domain. But to spam > > through this box you need to auth. Is it possible I am just missing a > > setting to say sendine internaly or externally needs to auth? > > What do you mean by "spam to our local domain"? Courier won't stop > anyone from sending spam if the recipient's address is valid. But > courier will reject mail to non-existent users and will stop you from > relaying if you haven't authenticated. > > Telnet into your box on port 25 and send a "RCPT TO" command for an > invalid user on your domain. It should be rejected as no such user. > Then do the same thing with a user at a different domain, and it should > be rejected as not allowed to relay. > > Jeff Jansen > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.3 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFIB4OoGfIHDMaiC9cRAi9hAJ4zfcUgxZmM475vR2xHEAS4kSSWLgCgqk/a > 18qdR6W3eP6lB14WNH6ikWU= > =3816 > -END PGP SIGNATURE- > > - > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > ___ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users > - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Auth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MrOzone <[EMAIL PROTECTED]> wrote on 2008-Apr-18: > Ok that's good. But the problem that I'm seeing is someone externally > can connect to this box and spam to our local domain. But to spam > through this box you need to auth. Is it possible I am just missing a > setting to say sendine internaly or externally needs to auth? What do you mean by "spam to our local domain"? Courier won't stop anyone from sending spam if the recipient's address is valid. But courier will reject mail to non-existent users and will stop you from relaying if you haven't authenticated. Telnet into your box on port 25 and send a "RCPT TO" command for an invalid user on your domain. It should be rejected as no such user. Then do the same thing with a user at a different domain, and it should be rejected as not allowed to relay. Jeff Jansen -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIB4OoGfIHDMaiC9cRAi9hAJ4zfcUgxZmM475vR2xHEAS4kSSWLgCgqk/a 18qdR6W3eP6lB14WNH6ikWU= =3816 -END PGP SIGNATURE- - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Auth
>> But the problem that I'm seeing is someone externally can >> connect to this box and spam to our local domain. That is normal - that's the definition of SPAM. Someone can connect and send mail to your local users. There's no way to prevent this per se unless you force all connections to autenticate - but that's not very practical. To limit the spam you receive, take a look at: 1) Turning on blacklisting 2) Turning on greylisting 3) Adding a spam filter like spamassassin I use a combination of #1 and #3, and block like 95% of the spam I receive, with very few false positives. (I am blocking like 85% of ALL mail I recieve ironically, which says something about the amount of garbage email floating around.) Matt > Ok that's good. But the problem that I'm seeing is someone externally can > connect to this box and spam to our local domain. But to spam through this > box you need to auth. Is it possible I am just missing a setting to say > sendine internaly or externally needs to auth? > > Thanks, > William > > On Thu, Apr 17, 2008 at 8:41 AM, Jay Lee <[EMAIL PROTECTED]> wrote: > >> MrOzone wrote: >> >> > Im having a bit of trouble trying to configure smtp so Im not a open >> > relay to send email externally but also internally too. >> > I have a server setup for users on the outside to send email through >> > it, but im trying to configure it so that everyone needs to do smtp >> > authentication except 1 ip range. Is this possible? >> > Users do need to smtp auth to send email through it, but the biggest >> > problem is spammers can connect to it and spam our company (to send to >> our >> > local domain you dont need to smtp auth). >> > >> >> Requiring smtp auth to relay is the default for Courier. You can add a >> range of IP's that are always allowed to relay by modifying the >> smtpaccess >> file. See the man page at: >> >> http://www.courier-mta.org/makesmtpaccess.html >> >> for details on the format of smtpaccess files and the making the data >> file. My suggestion though is to require auth for relaying on all but >> the >> dumbest of smtp clients which don't support smtp authentication (i.e. >> leave >> the smtpaccess file as a last ditch workaround). >> >> Jay >> >> -- >> Jay Lee >> Network/Systems Administrator >> Information Technology Department >> Philadelphia Biblical University >> >> > - > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users > - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Auth
Beat me by a minute... I think they key misunderstanding here is the difference between being an "open relay", which means that anyone can use your mail server to deliver mail to anywhere and which Courier doesn't do by default, and allowing unauthenticated relaying for your domains, which is vital because otherwise no one could deliver mail to you. Again, for this problem, think filtering not authentication. Matt Miller IT Freedom direct 512.351.4978 [EMAIL PROTECTED] helpdesk 512.419.0070 : fax 512.419.0080 On Apr 17, 2008, at 12:06 PM, Jay Lee wrote: MrOzone wrote: Ok that's good. But the problem that I'm seeing is someone externally can connect to this box and spam to our local domain. That would be normal, SMTP auth prevents open relays, it can't do anything to prevent spam. If you require all servers to authorize then how in the world is legitmate, non-local mail supposed to get through? But to spam through this box you need to auth. Which unless you've screwed up elsewhere the spammers should not have the ability to auth, thus you're not an open relay. Is it possible I am just missing a setting to say sendine internaly or externally needs to auth? I think you're missing the point of SMTP auth... Jay -- Jay Lee Network/Systems Administrator Information Technology Department Philadelphia Biblical University < jlee .vcf > - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier- users - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Auth
The problem that others were trying to point out is that if you enable SMTP AUTH across the board, no other mail servers on the Internet will be able to deliver mail to any mailbox on the server since they too would have to authenticate with credentials that they don't possess. For a mail server to receive email from other mail servers, it has to have unauthenticated delivery to local domains running on port 25. So, unless you're just trying to exchange email amongst users all on this server (doubtful), you'll have to leave that open. If the issue is spam then you need filtering, not authentication. On Apr 17, 2008, at 11:33 AM, MrOzone wrote: Ok that's good. But the problem that I'm seeing is someone externally can connect to this box and spam to our local domain. But to spam through this box you need to auth. Is it possible I am just missing a setting to say sendine internaly or externally needs to auth? Thanks, William On Thu, Apr 17, 2008 at 8:41 AM, Jay Lee <[EMAIL PROTECTED]> wrote: MrOzone wrote: Im having a bit of trouble trying to configure smtp so Im not a open relay to send email externally but also internally too. I have a server setup for users on the outside to send email through it, but im trying to configure it so that everyone needs to do smtp authentication except 1 ip range. Is this possible? Users do need to smtp auth to send email through it, but the biggest problem is spammers can connect to it and spam our company (to send to our local domain you dont need to smtp auth). Requiring smtp auth to relay is the default for Courier. You can add a range of IP's that are always allowed to relay by modifying the smtpaccess file. See the man page at: http://www.courier-mta.org/makesmtpaccess.html for details on the format of smtpaccess files and the making the data file. My suggestion though is to require auth for relaying on all but the dumbest of smtp clients which don't support smtp authentication (i.e. leave the smtpaccess file as a last ditch workaround). Jay -- Jay Lee Network/Systems Administrator Information Technology Department Philadelphia Biblical University - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier- users - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Auth
MrOzone wrote: Ok that's good. But the problem that I'm seeing is someone externally can connect to this box and spam to our local domain. That would be normal, SMTP auth prevents open relays, it can't do anything to prevent spam. If you require all servers to authorize then how in the world is legitmate, non-local mail supposed to get through? But to spam through this box you need to auth. Which unless you've screwed up elsewhere the spammers should not have the ability to auth, thus you're not an open relay. Is it possible I am just missing a setting to say sendine internaly or externally needs to auth? I think you're missing the point of SMTP auth... Jay -- Jay Lee Network/Systems Administrator Information Technology Department Philadelphia Biblical University begin:vcard fn:Jay Lee n:Lee;Jay org:Philadelphia Biblical University;Information Technology Department adr;dom:;;;Langhorne, PA email;internet:[EMAIL PROTECTED] title:Network/Systems Administrator x-mozilla-html:TRUE url:http://www.pbu.edu version:2.1 end:vcard - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Auth
Ok that's good. But the problem that I'm seeing is someone externally can connect to this box and spam to our local domain. But to spam through this box you need to auth. Is it possible I am just missing a setting to say sendine internaly or externally needs to auth? Thanks, William On Thu, Apr 17, 2008 at 8:41 AM, Jay Lee <[EMAIL PROTECTED]> wrote: > MrOzone wrote: > > > Im having a bit of trouble trying to configure smtp so Im not a open > > relay to send email externally but also internally too. > > I have a server setup for users on the outside to send email through > > it, but im trying to configure it so that everyone needs to do smtp > > authentication except 1 ip range. Is this possible? > > Users do need to smtp auth to send email through it, but the biggest > > problem is spammers can connect to it and spam our company (to send to our > > local domain you dont need to smtp auth). > > > > Requiring smtp auth to relay is the default for Courier. You can add a > range of IP's that are always allowed to relay by modifying the smtpaccess > file. See the man page at: > > http://www.courier-mta.org/makesmtpaccess.html > > for details on the format of smtpaccess files and the making the data > file. My suggestion though is to require auth for relaying on all but the > dumbest of smtp clients which don't support smtp authentication (i.e. leave > the smtpaccess file as a last ditch workaround). > > Jay > > -- > Jay Lee > Network/Systems Administrator > Information Technology Department > Philadelphia Biblical University > > - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Auth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MrOzone <[EMAIL PROTECTED]> wrote on 2008-Apr-17: > I have a server setup for users on the outside to send email through it, > but im trying to configure it so that everyone needs to do smtp > authentication except 1 ip range. Is this possible? By default, courier is set up the way you want. You didn't tell us which version of courier on which OS, but assuming you didn't change anything, it probably handles SMTP AUTH correctly. Look in the 'esmtpd' file in your courier 'etc' directory (normally '/etc/courier' or /usr/lib/courier/etc') and find the lines which says "ESMTPAUTH" and "ESMTPAUTH_TLS". That's where you set which types of authentication you allow under which circumstances. There are examples in the file which you can follow. Do *NOT* set "AUTH_REQUIRED" if this is a publicly facing mail server. To allow an ip address range, use the file in the 'smtpaccess' directory. Read the 'makesmtpaccess' man page to see the syntax. You want to set something like 192.168.1 allow,RELAYCLIENT This will allow the entire 192.168.1.0/24 network work to connect and relay mail without authenticating. HTH Jeff Jansen -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIB3VkGfIHDMaiC9cRAkHOAJ9snUFdUsy3w1HrUYi4leGeXShP9ACfRtzR bur/9aDGbZzIpJEV3MUdmfQ= =KasZ -END PGP SIGNATURE- - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Auth
MrOzone wrote: Im having a bit of trouble trying to configure smtp so Im not a open relay to send email externally but also internally too. I have a server setup for users on the outside to send email through it, but im trying to configure it so that everyone needs to do smtp authentication except 1 ip range. Is this possible? Users do need to smtp auth to send email through it, but the biggest problem is spammers can connect to it and spam our company (to send to our local domain you dont need to smtp auth). Requiring smtp auth to relay is the default for Courier. You can add a range of IP's that are always allowed to relay by modifying the smtpaccess file. See the man page at: http://www.courier-mta.org/makesmtpaccess.html for details on the format of smtpaccess files and the making the data file. My suggestion though is to require auth for relaying on all but the dumbest of smtp clients which don't support smtp authentication (i.e. leave the smtpaccess file as a last ditch workaround). Jay -- Jay Lee Network/Systems Administrator Information Technology Department Philadelphia Biblical University begin:vcard fn:Jay Lee n:Lee;Jay org:Philadelphia Biblical University;Information Technology Department adr;dom:;;;Langhorne, PA email;internet:[EMAIL PROTECTED] title:Network/Systems Administrator x-mozilla-html:TRUE url:http://www.pbu.edu version:2.1 end:vcard - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] SMTP Auth
Im having a bit of trouble trying to configure smtp so Im not a open relay to send email externally but also internally too. I have a server setup for users on the outside to send email through it, but im trying to configure it so that everyone needs to do smtp authentication except 1 ip range. Is this possible? Users do need to smtp auth to send email through it, but the biggest problem is spammers can connect to it and spam our company (to send to our local domain you dont need to smtp auth). thanks in advance. William - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtp error logging
Enda writes: Sam Varshavchik wrote: That says to me that courier is trying to deliver this message to host studioalp.it even though its not listed as a mail exchanger for the domain. No, it doesn't say that. Ok, so I can then assume then that courier is connecting to the correct mx host to send the mail. I cannot see much from the logs that is going to help me track down the problem. I can telnet into port 25 of the remote host and queue a message. The only oddity that I see is when I manually connect to the remote mx, I must issue a carraige return before I get the 220 banner greeting. Would this be a likely cause of the standoff between the two mta's ?? Yes. If that's the case, the remote host does not implement SMTP, but rather some other unknown protocol. SMTP servers do not require any CRs before responding with their greeting. pgpwLmS1mBmVr.pgp Description: PGP signature - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtp error logging
Sam Varshavchik wrote: >> >> That says to me that courier is trying to deliver this message to host >> studioalp.it even though its not listed as a mail exchanger for the >> domain. > > No, it doesn't say that. Ok, so I can then assume then that courier is connecting to the correct mx host to send the mail. I cannot see much from the logs that is going to help me track down the problem. I can telnet into port 25 of the remote host and queue a message. The only oddity that I see is when I manually connect to the remote mx, I must issue a carraige return before I get the 220 banner greeting. Would this be a likely cause of the standoff between the two mta's ?? Remote host is "Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713" :-( -Enda. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtp error logging
Enda writes: Hi Guys, Have an outgoing message which courier is now close on 40 hours trying to send, got the following logging: Jan 23 23:00:37 webmail courierd: started,id=002AC436.4794FC14.462B, from=<[EMAIL PROTECTED]>, module=esmtp, host=studioalp.it, [EMAIL PROTECTED] Jan 23 23:05:37 webmail courieresmtp: id=002AC436.4794FC14.462B, from=<[EMAIL PROTECTED]>, addr=<[EMAIL PROTECTED]>: Connection refused Jan 23 23:05:37 webmail courieresmtp: id=002AC436.4794FC14.462B, from=<[EMAIL PROTECTED]>, addr=<[EMAIL PROTECTED]>,status: deferred if I dig the mx for studioalp.it I get: ;; ANSWER SECTION: studioalp.it. 66382 IN MX 10 mail.studioalp.it. studioalp.it. 66382 IN MX 20 mail2.mdsnet.it. That says to me that courier is trying to deliver this message to host studioalp.it even though its not listed as a mail exchanger for the domain. No, it doesn't say that. pgpDhGLN9bODf.pgp Description: PGP signature - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] smtp error logging
Hi Guys, Have an outgoing message which courier is now close on 40 hours trying to send, got the following logging: Jan 23 23:00:37 webmail courierd: started,id=002AC436.4794FC14.462B, from=<[EMAIL PROTECTED]>, module=esmtp, host=studioalp.it, [EMAIL PROTECTED] Jan 23 23:05:37 webmail courieresmtp: id=002AC436.4794FC14.462B, from=<[EMAIL PROTECTED]>, addr=<[EMAIL PROTECTED]>: Connection refused Jan 23 23:05:37 webmail courieresmtp: id=002AC436.4794FC14.462B, from=<[EMAIL PROTECTED]>, addr=<[EMAIL PROTECTED]>,status: deferred if I dig the mx for studioalp.it I get: ;; ANSWER SECTION: studioalp.it. 66382 IN MX 10 mail.studioalp.it. studioalp.it. 66382 IN MX 20 mail2.mdsnet.it. That says to me that courier is trying to deliver this message to host studioalp.it even though its not listed as a mail exchanger for the domain. Is it possible to zap couriers cache of mx lookups, or how do I address this error. If I manually smtp to the target address to one of the listed mx's for the domain, the message gets accepted no problem. Or am I wrong to deduce from the logs that courier is using the wrong host? Thanks, -Enda. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtp access question
O/H Arturo 'Buanzo' Busleiman ??: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Thodoris wrote: > | MX in) the server is accepting to transmit the mail without > | authentication. Perhaps I should do some more reading on the matter (how > | SMTP protocol works in detail) but I can't find something useful while > | googling. > > I don't understand, you want your mail servers to require the rest of > Internet to authenticate > before sending you an email? > > Maybe you should read about SMTP, as you suggest. And DNS. And about open > relays. And anti-spam. > > - -- > Arturo "Buanzo" Busleiman > BUSCO Baterista para estilo brit-pop Zona Norte BsAs > Independent Security Consultant - SANS - OISSG > http://www.buanzo.com.ar/pro/ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHg3NDAlpOsGhXcE0RCqZzAJ9jeEgIKVdAzUN120RzNk8+gqr88wCfcEUH > +9acOUfXJ+Ttb+rmZ8TSH20= > =GTko > -END PGP SIGNATURE- > > - > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > ___ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users > Thanks man I was at a point that I could not see the obvious. -- Thodoris - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtp access question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Thodoris wrote: | MX in) the server is accepting to transmit the mail without | authentication. Perhaps I should do some more reading on the matter (how | SMTP protocol works in detail) but I can't find something useful while | googling. I don't understand, you want your mail servers to require the rest of Internet to authenticate before sending you an email? Maybe you should read about SMTP, as you suggest. And DNS. And about open relays. And anti-spam. - -- Arturo "Buanzo" Busleiman BUSCO Baterista para estilo brit-pop Zona Norte BsAs Independent Security Consultant - SANS - OISSG http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHg3NDAlpOsGhXcE0RCqZzAJ9jeEgIKVdAzUN120RzNk8+gqr88wCfcEUH +9acOUfXJ+Ttb+rmZ8TSH20= =GTko -END PGP SIGNATURE- - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] smtp access question
Hello, I was wondering if it is possible to configure courier in order to allow clients to send their mails using authentication in a right way. I have managed to configure the server to accept mail (smtp) only if a user uses authentication (it works for other domains) but when someone tries to mail something to my domain (meaning the domain the server is MX in) the server is accepting to transmit the mail without authentication. Perhaps I should do some more reading on the matter (how SMTP protocol works in detail) but I can't find something useful while googling. Thodoris - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP STARTTLS and mail queue
Thanks a lot this should help. On 12/21/07, Jeff Jansen <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > "Robert Zajda" <[EMAIL PROTECTED]> wrote on 2007-Dec-21: > > But there are many servers with broken TLS, so if it's possible I > > wan't to disable delivering with STARTTLS. How to do that ? > > In the 'courierd' file in your courier's 'etc' directory (usually > '/etc/courier' or '/usr/lib/courier/etc') look for the variable > 'ESMTP_USE_STARTTLS' Change it from '1' to '0' and courier will never > use STARTTLS when sending mail to another server. > > HTH > > Jeff Jansen > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.3 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHa525GfIHDMaiC9cRAtfgAJ0ZLf1zgQzPKt+E52tlkUza4NaZ0QCgpjIj > wswJXl5WPLy/V+eBXaGgX+A= > =IcRG > -END PGP SIGNATURE- > > - > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ > ___ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users > - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP STARTTLS and mail queue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 "Robert Zajda" <[EMAIL PROTECTED]> wrote on 2007-Dec-21: > But there are many servers with broken TLS, so if it's possible I > wan't to disable delivering with STARTTLS. How to do that ? In the 'courierd' file in your courier's 'etc' directory (usually '/etc/courier' or '/usr/lib/courier/etc') look for the variable 'ESMTP_USE_STARTTLS' Change it from '1' to '0' and courier will never use STARTTLS when sending mail to another server. HTH Jeff Jansen -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHa525GfIHDMaiC9cRAtfgAJ0ZLf1zgQzPKt+E52tlkUza4NaZ0QCgpjIj wswJXl5WPLy/V+eBXaGgX+A= =IcRG -END PGP SIGNATURE- - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP STARTTLS and mail queue
Thanks for your answer But there are many servers with broken TLS, so if it's possible I wan't to disable delivering with STARTTLS. How to do that ? On 12/21/07, Bernd Wurst <[EMAIL PROTECTED]> wrote: > Hallo. > > Am Freitag, 21. Dezember 2007 schrieb Bambero: > > <[EMAIL PROTECTED]>: > > mail.test.pl [11.11.11.11]: > > >>> STARTTLS > > <<< 454 TLS currently unavailable > > [...] > > I can see that there is PLAIN LOGIN auth available so I want to > > courier use one of them when STARTTLS fails, or temporary fails. > > Never use fantasy-hostnames and -addresses. Use real ones. > > This behaviour is intended and cannot be solved the way you want. If you > enable TLS, messages should be transferred using TLS (as long as the opposite > server supports it). > > You test.pl-Server says "hey, here, I can do STARTTLS". After requsting it, he > says "ehm, sorry, some temporary trouble with my configuration". > > Blame the remote administrator for his broken setup. To work around this > temporarily, you can set > test.pl: /SECURITY=NONE > in esmtpaccess to disable TLS for this domain entirely. > > > > Second quation: > > How long defered/delayed mails stay in queue. > > For me 1 day is enough, becouse I have long queue now. > > from "man courier": > > queuetime > > This file specifies how long Courier normally tries to repeatedly deliver > a message, before giving up and returning it as undeliverable. Messages are > immediately returned as undeliverable when a permanent failure is encountered > (such as the recipient address not being valid). Attempts to deliver the > message when there's a temporary, transient, error (such as the network being > down) will be repeatedly made for the duration of time specified by this > configuration file. This file contains a number followed by the letter 'w' > for weeks, or 'd' for days. It is also possible to use 'h' for hours, 'm' for > minutes, or 's' for seconds. Only integers are allowed, fractions are > prohibited. However, you can use '1w2d' to specify one week and two days. If > queuetime is missing, Courier makes repeated delivery attempts for one week. > > > cu, Bernd > > - > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ > ___ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users > > > - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP STARTTLS and mail queue
Hallo. Am Freitag, 21. Dezember 2007 schrieb Bambero: > <[EMAIL PROTECTED]>: > mail.test.pl [11.11.11.11]: > >>> STARTTLS > <<< 454 TLS currently unavailable > [...] > I can see that there is PLAIN LOGIN auth available so I want to > courier use one of them when STARTTLS fails, or temporary fails. Never use fantasy-hostnames and -addresses. Use real ones. This behaviour is intended and cannot be solved the way you want. If you enable TLS, messages should be transferred using TLS (as long as the opposite server supports it). You test.pl-Server says "hey, here, I can do STARTTLS". After requsting it, he says "ehm, sorry, some temporary trouble with my configuration". Blame the remote administrator for his broken setup. To work around this temporarily, you can set test.pl: /SECURITY=NONE in esmtpaccess to disable TLS for this domain entirely. > Second quation: > How long defered/delayed mails stay in queue. > For me 1 day is enough, becouse I have long queue now. from "man courier": queuetime This file specifies how long Courier normally tries to repeatedly deliver a message, before giving up and returning it as undeliverable. Messages are immediately returned as undeliverable when a permanent failure is encountered (such as the recipient address not being valid). Attempts to deliver the message when there's a temporary, transient, error (such as the network being down) will be repeatedly made for the duration of time specified by this configuration file. This file contains a number followed by the letter 'w' for weeks, or 'd' for days. It is also possible to use 'h' for hours, 'm' for minutes, or 's' for seconds. Only integers are allowed, fractions are prohibited. However, you can use '1w2d' to specify one week and two days. If queuetime is missing, Courier makes repeated delivery attempts for one week. cu, Bernd signature.asc Description: This is a digitally signed message part. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] SMTP STARTTLS and mail queue
Hello I have two quastions about of courier configuration. I got a following error: <[EMAIL PROTECTED]>: mail.test.pl [11.11.11.11]: >>> STARTTLS <<< 454 TLS currently unavailable But after telnet: EHLO test 250-serv1.test.pl Hello test [112.112.112.112] 250-SIZE 1047527424 250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP I can see that there is PLAIN LOGIN auth available so I want to courier use one of them when STARTTLS fails, or temporary fails. Second quation: How long defered/delayed mails stay in queue. For me 1 day is enough, becouse I have long queue now. Thanks for any help Regards, Bambero - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP
Bernd Wurst a écrit : Hallo. Am Dienstag, 24. Juli 2007 schrieb Bambero: I need to run courier on two different IP's. One of them with smtp-auth for outgoing mail, two of them without smtp-auth only for accepting incomming mail. Is it possible to do that without two instances of smtp server ? What is the best way to do that ? What would be the benefit over just providing all features to all IP-addresses? cu, Bernd I would take this problem by the other side... I think Bambera want to force smtp-auth on an interface and let it disable (for incoming mails) on the other ones. What I would suggest is the following: iptables ! Just block ports you don't want users to connect to. What is the mechanism that identifies if a mail is incoming or outcoming? Except "Received: " headers, that can be faked, I don't know how to distinguish these two flows client ==> server ( ==> server) server ==> server ( ==> mailbox) Am I right in my guesses? HTH. Jerome. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP
Hallo. Am Dienstag, 24. Juli 2007 schrieb Bambero: > I need to run courier on two different IP's. One of them with > smtp-auth for outgoing mail, two of them without smtp-auth only for > accepting incomming mail. Is it possible to do that without two > instances of smtp server ? What is the best way to do that ? What would be the benefit over just providing all features to all IP-addresses? cu, Bernd -- Ich kann ja nicht singen, nicht tanzen... und im Gegensatz zu Anderen, lass ich das dann auch. - Dieter Nuhr (dt. Comedian) signature.asc Description: This is a digitally signed message part. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP
Bambero writes: Hello I need to run courier on two different IP's. One of them with smtp-auth for outgoing mail, two of them without smtp-auth only for accepting incomming mail. Is it possible to do that without two instances of smtp server ? No. What is the best way to do that ? What exactly are you trying to accomplish? pgpBIsADmjEUR.pgp Description: PGP signature - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] SMTP
Hello I need to run courier on two different IP's. One of them with smtp-auth for outgoing mail, two of them without smtp-auth only for accepting incomming mail. Is it possible to do that without two instances of smtp server ? What is the best way to do that ? Thanx Bambero - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP AUTH for not-hsoteddomain account
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Sam Varshavchik wrote: > Create something that looks like an ordinary account in userdb. The [...] > keep imap, pop3, and webmail logins from working. Great! Thank you Sam! - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Creative Commons Punk-Rock Band: http://www.music.com/futurabanda (by-sa 2.5-ar) Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGZfCPAlpOsGhXcE0RCjD1AJ9hhYJQnN6k/2bODSH9Wsd230rKmQCfeYuQ Ef2SUFaXXlW2aTT41+dGlAk= =pv5/ -END PGP SIGNATURE- - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP AUTH for not-hsoteddomain account
Arturo 'Buanzo' Busleiman writes: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi group! I was wondering, how can I provide one of my users with authenticated SMTP relay when the user belongs to a domain that is not locally hosted, but only relayed? (I'm acting as a public relay for a private mail server). I was planning on using userdb, but I don't know which home/maildir values I should use (if any!). Any ideas? Create something that looks like an ordinary account in userdb. The name of the account should be in the format "@auth". The "@auth" part will keep you from actually accepting mail to such an E-mail address. Create a dummy home directory, but don't create the maildir. This'll keep imap, pop3, and webmail logins from working. pgpKmkPvanKyf.pgp Description: PGP signature - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] SMTP AUTH for not-hsoteddomain account
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi group! I was wondering, how can I provide one of my users with authenticated SMTP relay when the user belongs to a domain that is not locally hosted, but only relayed? (I'm acting as a public relay for a private mail server). I was planning on using userdb, but I don't know which home/maildir values I should use (if any!). Any ideas? - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Creative Commons Punk-Rock Band: http://www.music.com/futurabanda (by-sa 2.5-ar) Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGZWV3AlpOsGhXcE0RCiywAJ9cBuc+m/EYsGJtI/1OWx5q10Z96QCeMSCC Oh8994uJAtaprgbpKs2GFro= =n4Tr -END PGP SIGNATURE- - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP relay from a given IP address and a given sender
Olivier Sannier wrote: > Gordon Messmer wrote: > >> If you're able to get a list of the valid addresses on somedomain.org, >> then you can: >> * add somedomain.org to esmtpacceptmailfor and hosteddomains >> * create an alias file mapping all of the somedomain.org addresses to >> somedomain.com >> > Sounds good. I assume the "alias" file is described in the > documentation, I'll look it up. It is. You just need to generate a file in /etc/courier/aliases/ that looks more or less like: [EMAIL PROTECTED]: [EMAIL PROTECTED] [EMAIL PROTECTED]: [EMAIL PROTECTED] ... After you've generated the alias file, run "makealiases". >> You'll also want to make arrangements on the MX for somedomain.org >> server so that it never rejects messages from the MX from >> somedomain.com. If it does, your queue and postmaster account are going >> to fill up with spam, and the server will be difficult to manage properly. >> > How do I setup this? You'd have to work that out with your provider. The risk you run is that if your .org mail server rejects a mail for "[EMAIL PROTECTED]" because it's spam or a virus, then courier will start rejecting mail for "[EMAIL PROTECTED]" until that issue is resolved. You could turn off backscatter suppression, but then you'd run in to the problem where your queue fills up and postmaster gets a lot of mail it need not. Generally, you need to make sure that either your .com server has the same protections that your .org server has, or the .org server has to whitelist the .com server and never check anything that comes in that way. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP relay from a given IP address and a given sender
Gordon Messmer wrote: > Olivier Sannier wrote: > >> My courierd server is set as the MX for SomeDomain.com >> When it's for SomeDomain.com, anything that gets delivered to it gets >> forwarded transparently to the same address at SomeDomain.org >> > > That's fairly simple. Do you have access to "somedomain.org"? I'm > assuming it's on another host. The easiest thing to do would be to add > somedomain.com to that host, but I'm also assuming you have some reason > to not to that... > I don't have full control over somedomain.org, but I do have the list of all valid email addresses. And yes, it's on another host where I cannot access any configuration files. I have a web interface to configure the valid accounts, but I'm not even aware of what's behind the scenes in terms of mail server. > If you're able to get a list of the valid addresses on somedomain.org, > then you can: > * add somedomain.org to esmtpacceptmailfor and hosteddomains > * create an alias file mapping all of the somedomain.org addresses to > somedomain.com > Sounds good. I assume the "alias" file is described in the documentation, I'll look it up. > You'll also want to make arrangements on the MX for somedomain.org > server so that it never rejects messages from the MX from > somedomain.com. If it does, your queue and postmaster account are going > to fill up with spam, and the server will be difficult to manage properly. > How do I setup this? > What you want is actually courier's default configuration. Set up > accounts for the users that you want to be able to relay mail, and then > configure their mail clients to authenticate themselves (and use SSL). > Fair enough, I'll do that. Thanks for the help Olivier - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP relay from a given IP address and a given sender
Olivier Sannier wrote: > > My courierd server is set as the MX for SomeDomain.com > When it's for SomeDomain.com, anything that gets delivered to it gets > forwarded transparently to the same address at SomeDomain.org That's fairly simple. Do you have access to "somedomain.org"? I'm assuming it's on another host. The easiest thing to do would be to add somedomain.com to that host, but I'm also assuming you have some reason to not to that... If you're able to get a list of the valid addresses on somedomain.org, then you can: * add somedomain.org to esmtpacceptmailfor and hosteddomains * create an alias file mapping all of the somedomain.org addresses to somedomain.com You'll also want to make arrangements on the MX for somedomain.org server so that it never rejects messages from the MX from somedomain.com. If it does, your queue and postmaster account are going to fill up with spam, and the server will be difficult to manage properly. It's possible to do a wildcard forward, but there are serious disadvantages to doing so. > On top of that, I'd like to act as an open relay for a selected list of > accounts, provided they identify themselves during the STMP transfer. That's not an open relay. An open relay is a machine that relays mail without any checks on the origin or destination. What you want is actually courier's default configuration. Set up accounts for the users that you want to be able to relay mail, and then configure their mail clients to authenticate themselves (and use SSL). > So in the end, none of the accounts actually receive any mail. > Do you think that's feasible with courier? Yes. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP relay from a given IP address and a given sender
Gordon Messmer wrote: Olivier Sannier wrote: What would be the best would be to have a specific user/password combination for this, and that this user cannot actually receive any email. Sending anything to him gets bounced back. Can using a virtual user without actually creating its directory work for this? Out of curiosity, why are you trying so hard to avoid using the "normal" relay mechanisms? To answer your question: yes, there are a couple of ways that you can prevent a user from receiving mail. You could label that address a spamtrap in 'bofh'. (Actually, you should probably have just one spamtrap, and alias all of the accounts which you don't want to receive mail to that account. That usually includes local users like 'apache'.) You could also use maildrop filters (see maildropfilter(7)) in that account's home directory to refuse mail from all senders. Well, I'm trying so hard because here is the overall setup I'd like to achieve : My courierd server is set as the MX for SomeDomain.com When it's for SomeDomain.com, anything that gets delivered to it gets forwarded transparently to the same address at SomeDomain.org On top of that, I'd like to act as an open relay for a selected list of accounts, provided they identify themselves during the STMP transfer. So in the end, none of the accounts actually receive any mail. Do you think that's feasible with courier? - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP relay from a given IP address and a given sender
Olivier Sannier wrote: > What would be the best would be to have a specific user/password > combination for this, and that this user cannot actually receive any > email. Sending anything to him gets bounced back. Can using a virtual > user without actually creating its directory work for this? Out of curiosity, why are you trying so hard to avoid using the "normal" relay mechanisms? To answer your question: yes, there are a couple of ways that you can prevent a user from receiving mail. You could label that address a spamtrap in 'bofh'. (Actually, you should probably have just one spamtrap, and alias all of the accounts which you don't want to receive mail to that account. That usually includes local users like 'apache'.) You could also use maildrop filters (see maildropfilter(7)) in that account's home directory to refuse mail from all senders. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP relay from a given IP address and a given sender
Sam Varshavchik wrote: > Olivier Sannier writes: > >> Hi all, >> >> I'd like to use courier as a SMTP relay in the following conditions : >> >> - the From header must be equal to a predefined value >> - the IP address of the connected server must be equal to a >> predefined value >> >> If those conditions are met, then the email is accepted and then >> relayed to whatever destination domain was specified in the email. >> Relaying should not be done for any other case. >> I'm quite sure this is possible with courier, but I couldn't manage >> to find this in the documentation nor through the webadmin CGI script. > > Courier does not support granting of relaying privileges based on the > contents of the From: header. And I do not know if any mail server > that does this. > > Absolute relaying privileges can be given to any range of IP > addresses. Also, relaying privileges are given after any successful > SMTP authentication. > > You probably want to use authenticated SMTP. Nothing needs to be > configured. Courier will give relaying privileges to anyone who > provides a valid userid and password. Ok, fair enough. What would be the best would be to have a specific user/password combination for this, and that this user cannot actually receive any email. Sending anything to him gets bounced back. Can using a virtual user without actually creating its directory work for this? Thanks for any help - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP relay from a given IP address and a given sender
Olivier Sannier writes: Hi all, I'd like to use courier as a SMTP relay in the following conditions : - the From header must be equal to a predefined value - the IP address of the connected server must be equal to a predefined value If those conditions are met, then the email is accepted and then relayed to whatever destination domain was specified in the email. Relaying should not be done for any other case. I'm quite sure this is possible with courier, but I couldn't manage to find this in the documentation nor through the webadmin CGI script. Courier does not support granting of relaying privileges based on the contents of the From: header. And I do not know if any mail server that does this. Absolute relaying privileges can be given to any range of IP addresses. Also, relaying privileges are given after any successful SMTP authentication. You probably want to use authenticated SMTP. Nothing needs to be configured. Courier will give relaying privileges to anyone who provides a valid userid and password. pgpnlllTOB73W.pgp Description: PGP signature - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] SMTP relay from a given IP address and a given sender
Hi all, I'd like to use courier as a SMTP relay in the following conditions : - the From header must be equal to a predefined value - the IP address of the connected server must be equal to a predefined value If those conditions are met, then the email is accepted and then relayed to whatever destination domain was specified in the email. Relaying should not be done for any other case. I'm quite sure this is possible with courier, but I couldn't manage to find this in the documentation nor through the webadmin CGI script. Any help is greatly appreciated Olivier - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP-Auth and match a username/password
Michelle Konzack wrote: > Am 2007-02-21 09:43:16, schrieb Gordon Messmer: > >> Are you trying to solve an actual problem, or just make your >> configuration more complicated? > > Maybe trying to solve a problem AND making my config > more complicate. > > The problem is, that spamers have detected the E-Mail > <[EMAIL PROTECTED]> in the Received-Headers of my > mails and since arround two years the spam has increased > to over 12.000 per day on this account (~250 MByte/day). Honestly, that sounds unlikely. (Spammers are more likely to extract the address from a message like the one you just sent than from the message headers) Even if it were so, how would using multiple logins make the situation better? Afterward, *all* of your accounts on freenet.de would have their addresses scattered about the internet. Instead of one address getting 12,000 messages per day, all of your addresses would get 12k messages per day. I don't think your proposed solution would actually solve the problem that you're facing. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP-Auth and match a username/password
Am 2007-02-21 09:43:16, schrieb Gordon Messmer: > Michelle Konzack wrote: > > > > But what I like to see is the possibility to install different uid/passwd > > for each E-Mail I use. > > > > Is this possibel? > > No. So I must stay with a "fake" account to autenticate my Network at my ISP... not realy good. > Are you trying to solve an actual problem, or just make your > configuration more complicated? Maybe trying to solve a problem AND making my config more complicate. :-/ The problem is, that spamers have detected the E-Mail <[EMAIL PROTECTED]> in the Received-Headers of my mails and since arround two years the spam has increased to over 12.000 per day on this account (~250 MByte/day). Greetings Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP auth and the From header
On Fri, Feb 16, 2007 at 02:58:48AM -0600, Otto Solares wrote: > On Fri, Feb 16, 2007 at 12:30:33AM -0600, Otto Solares wrote: > > On Thu, Feb 15, 2007 at 09:47:19PM -0800, Gordon Messmer wrote: > > > Otto Solares wrote: > > > > > > > > I am a happy courier-mta user for a long time, I'm using it in > > > > a large University (60k users), now we are facing a problem > > > > where users connect to SMTP with authentication in order to > > > > send a mail (we don't allow sending email without auth) and > > > > some users are changing the From: header, it is possible to > > > > tell courier so it'll check the From: header to conform to > > > > the auth user? > > > > > > No, but you could write a courierfilter to do that. Frameworks for > > > Python and Perl exist, if you're comfortable with either of those > > > languages. > > > > Excellent! Although I am not versed in perl here is my first > > filter attempt, dunno why it doesn't work, when printing > > (for debugging) any message->* variable, all the message is > > shown. Does somebody knows what I am missing? > > Finally it works, this just checks that MAIL FROM conforms to > the AUTH LOGIN, hopefully next version will check the From: > header too as originally intended as I presume this is > insufficient for my purposes. Thanks. To close this thread I succesfully solve my original problem writing a courier-filter-perl module which I have being using for several days without a problem, it have being improved over this days so the one posted here is outdated, for future reference I plan to mantain it here: http://home.galileo.edu/~solca/contrib/AuthMailFrom.pm.txt -otto - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP-Auth and match a username/password
Michelle Konzack wrote: > > But what I like to see is the possibility to install different uid/passwd > for each E-Mail I use. > > Is this possibel? No. Are you trying to solve an actual problem, or just make your configuration more complicated? - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] SMTP-Auth and match a username/password
Hello *, I need to send messages via courier-mta to my ISP's which requires smtp-auth. Currently I have installed a new "free" E-Mail on my ISP and use it for global authentification if messages are send over Freenet. But what I like to see is the possibility to install different uid/passwd for each E-Mail I use. Is this possibel? I mean, if I send with "From: [EMAIL PROTECTED]" it use this UID for the smtp-auth plus a password (which may be stored in a file or DB). My problem is that I have 171 Freenet-Accounts and I do not want to see my global "fake" smtp-auth E-Mail in it... Greetings Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP auth and the From header
On Fri, Feb 16, 2007 at 12:30:33AM -0600, Otto Solares wrote:
> On Thu, Feb 15, 2007 at 09:47:19PM -0800, Gordon Messmer wrote:
> > Otto Solares wrote:
> > >
> > > I am a happy courier-mta user for a long time, I'm using it in
> > > a large University (60k users), now we are facing a problem
> > > where users connect to SMTP with authentication in order to
> > > send a mail (we don't allow sending email without auth) and
> > > some users are changing the From: header, it is possible to
> > > tell courier so it'll check the From: header to conform to
> > > the auth user?
> >
> > No, but you could write a courierfilter to do that. Frameworks for
> > Python and Perl exist, if you're comfortable with either of those languages.
>
> Excellent! Although I am not versed in perl here is my first
> filter attempt, dunno why it doesn't work, when printing
> (for debugging) any message->* variable, all the message is
> shown. Does somebody knows what I am missing?
Finally it works, this just checks that MAIL FROM conforms to
the AUTH LOGIN, hopefully next version will check the From:
header too as originally intended as I presume this is
insufficient for my purposes. Thanks.
-otto
#
# Courier::Filter::Module::AuthMailFrom
#
# NOTE: module trusting must be disabled
#
# Copyright (C) 2007, Otto Solares <[EMAIL PROTECTED]>
# Under GPLv2.
package Courier::Filter::Module::AuthMailFrom;
use warnings;
use strict;
use base qw(Courier::Filter::Module);
use constant TRUE => (0 == 0);
use constant FALSE => not TRUE;
sub match;
sub match {
my ($module, $message) = @_;
my $class = ref($module);
return if not $message->authenticated;
#STDERR->print("AuthMailFrom: LOGIN: ", $message->authenticated_user, ", MAIL FROM: ", $message->sender, "\n");
$_ = $message->sender;
my $user = $message->authenticated_user;
return if (/[EMAIL PROTECTED]/);
return ($module->{response} || 'MAIL FROM does not match AUTH LOGIN');
}
TRUE;
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP auth and the From header
On Thu, Feb 15, 2007 at 09:47:19PM -0800, Gordon Messmer wrote:
> Otto Solares wrote:
> >
> > I am a happy courier-mta user for a long time, I'm using it in
> > a large University (60k users), now we are facing a problem
> > where users connect to SMTP with authentication in order to
> > send a mail (we don't allow sending email without auth) and
> > some users are changing the From: header, it is possible to
> > tell courier so it'll check the From: header to conform to
> > the auth user?
>
> No, but you could write a courierfilter to do that. Frameworks for
> Python and Perl exist, if you're comfortable with either of those languages.
Excellent! Although I am not versed in perl here is my first
filter attempt, dunno why it doesn't work, when printing
(for debugging) any message->* variable, all the message is
shown. Does somebody knows what I am missing?
-otto
package Courier::Filter::Module::AuthMailFrom;
use warnings;
use strict;
use base qw(Courier::Filter::Module);
use constant TRUE => (0 == 0);
use constant FALSE => not TRUE;
sub match;
sub match {
my ($module, $message) = @_;
my $class = ref($module);
STDERR->print("AuthMailFrom: MAIL FROM: \"$message->sender\", LOGIN: \"$message->authenticated_user\".\n");
return if not $message->authenticated;
STDERR->print("AuthMailFrom: message is authenticated.\n");
if ($message->authenticated_user =~ m/^($message->sender)/) {
STDERR->print("AuthMailFrom: authenticated user match the sender.\n");
return;
}
return $module->{response};
}
TRUE;
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP auth and the From header
Otto Solares wrote: > > I am a happy courier-mta user for a long time, I'm using it in > a large University (60k users), now we are facing a problem > where users connect to SMTP with authentication in order to > send a mail (we don't allow sending email without auth) and > some users are changing the From: header, it is possible to > tell courier so it'll check the From: header to conform to > the auth user? No, but you could write a courierfilter to do that. Frameworks for Python and Perl exist, if you're comfortable with either of those languages. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP auth and the From header
Otto Solares writes: Hi! I am a happy courier-mta user for a long time, I'm using it in a large University (60k users), now we are facing a problem where users connect to SMTP with authentication in order to send a mail (we don't allow sending email without auth) and some users are changing the From: header, it is possible to tell courier so it'll check the From: header to conform to the auth user? No. pgpIWoeCFQM9t.pgp Description: PGP signature - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] SMTP auth and the From header
Hi! I am a happy courier-mta user for a long time, I'm using it in a large University (60k users), now we are facing a problem where users connect to SMTP with authentication in order to send a mail (we don't allow sending email without auth) and some users are changing the From: header, it is possible to tell courier so it'll check the From: header to conform to the auth user? The documentation mentions a 'nochangingfrom' and 'usexsender' files but that is for the webmail service only. Thanks in advance. -otto - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Authentication Problem
Aldisa Admin writes: It seems the delay in submitting message is due to reverse lookup of my intranet ip address which is not resolvable. I was able to eliminate the delay by setting TCPDOPTS to -nodnslookup and -noidentlookup in esmtpd. However, I don't want to disable it globally and would prefer to set these options just for my local subnet and specific ip addresses. It is not clear from the documentation whether I can do this selectively in the smtpaccess file. If so, would the syntax be: my.sub.net-nodnslookup -noidentlookup and makesmtpaccess?? No. These are global flags that cannot be set on a per-IP address basis. pgpUUdGdd9hME.pgp Description: PGP signature - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Authentication Problem
It seems the delay in submitting message is due to reverse lookup of my intranet ip address which is not resolvable. I was able to eliminate the delay by setting TCPDOPTS to -nodnslookup and -noidentlookup in esmtpd. However, I don't want to disable it globally and would prefer to set these options just for my local subnet and specific ip addresses. It is not clear from the documentation whether I can do this selectively in the smtpaccess file. If so, would the syntax be: my.sub.net-nodnslookup -noidentlookup and makesmtpaccess?? Thanks in advance for your clarification. Abid Sam Varshavchik wrote: > Aldisa Admin writes: > >> Thank you for your advice gentlemen. >> >> I removed the CRAM authentication method from esmtpd. This has >> eliminated the authentication error from the log file. >> >> However, there is still a substantial delay in submitting messages to >> the server from Thunderbird. For example, it takes less than one >> second to submit a message to Gmail remote SMTP. Gmail uses port 587 >> for remote message submission with authentication. I have tried to >> submit to submit to Courier on 587 and 25, and am experiencing a delay >> of anywhere from 5 to 10 seconds for the server to accept the message. > > Check forward/reverse DNS resolution. > > > > > - > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > > > > > ___ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Authentication Problem
Aldisa Admin wrote: > > I have checked server response and network latency through various methods > (ping, http, pop3), and it is in the milliseconds. So, there is no > reason for a short test message to take 5 to 10 seconds for > transmission. There is nothing in the server logs to indicate that > anything unusual is happening. Did you check DNS/Identd lookups? - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Authentication Problem
Aldisa Admin writes: Thank you for your advice gentlemen. I removed the CRAM authentication method from esmtpd. This has eliminated the authentication error from the log file. However, there is still a substantial delay in submitting messages to the server from Thunderbird. For example, it takes less than one second to submit a message to Gmail remote SMTP. Gmail uses port 587 for remote message submission with authentication. I have tried to submit to submit to Courier on 587 and 25, and am experiencing a delay of anywhere from 5 to 10 seconds for the server to accept the message. Check forward/reverse DNS resolution. pgpN1qM5qqrqq.pgp Description: PGP signature - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Authentication Problem
Thank you for your advice gentlemen. I removed the CRAM authentication method from esmtpd. This has eliminated the authentication error from the log file. However, there is still a substantial delay in submitting messages to the server from Thunderbird. For example, it takes less than one second to submit a message to Gmail remote SMTP. Gmail uses port 587 for remote message submission with authentication. I have tried to submit to submit to Courier on 587 and 25, and am experiencing a delay of anywhere from 5 to 10 seconds for the server to accept the message. I have checked server response and network latency through various methods (ping, http, pop3), and it is in the milliseconds. So, there is no reason for a short test message to take 5 to 10 seconds for transmission. There is nothing in the server logs to indicate that anything unusual is happening. Some additional info: 1. Authdaemon is setup for only two processes - as my server is only used by a maximum of two people at any one time. 2. Daily mail throughput would less 200 to 300 messages per day!! 3. I do not have any local IP addresses setup in smptaccess except for the default localhost, so authentication is required to RELAY. Would appreciate any and all advice and guidance to troubleshoot and debug this issue. Thanks. Abid Sam Varshavchik wrote: Aldisa Admin writes: I have two problems that I need assistance with: 1. I am using Thunderbird mail client and setup SMTP with authentication. When I send a message it takes quite long for it to go through. The server logs are as follows: Dec 22 17:13:28 server courieresmtpd: started,ip=[xxx.xxx.xxx.xxx] Dec 22 17:13:29 server courieresmtpd: error,relay=xxx.xxx.xxx.xxx,msg="535 Authentication failed.",cmd: YWJpZCBlNDU2YTJkYWUwZjNhMzFjNGViMTEyMGMyMTc2ODJlYg== Dec 22 17:13:37 server courierd: newmsg,id=0024A81C.458C5891.97C8: I can't figure out what is causing the authentication error, as the email eventually goes through without any further action on my part. You may not be required to authenticate in the first place, from your IP address, so you can proceed to send mail, unauthenticated. You may not be able to authenticate either because you did not supply the correct userid/password, or you've enabled CRAM authentication, but you are storing encrypted passwords. CRAM authentication requires cleartext passwords. Gordon Messmer wrote: Aldisa Admin wrote: 1. I am using Thunderbird mail client and setup SMTP with authentication. When I send a message it takes quite long for it to go through. The server logs are as follows: Dec 22 17:13:28 server courieresmtpd: started,ip=[xxx.xxx.xxx.xxx] Dec 22 17:13:29 server courieresmtpd: error,relay=xxx.xxx.xxx.xxx,msg="535 Authentication failed.",cmd: YWJpZCBlNDU2YTJkYWUwZjNhMzFjNGViMTEyMGMyMTc2ODJlYg== You've probably enabled an authentication method that you don't support. Maybe CRAM-MD5, without the plain-text password in your userdb? Unless you're going to add the plain-text password, you'll need to turn off the CRAM-* methods, and just use LOGIN. 2. I would like to change to the default logging options. Currently each and every pop login gets written to my maillog file. I would prefer to have this written to a different file. I setup an entry in my syslog.conf: pop3d.*/var/log/pop3dlog Yeah, you can't do that. The "facility" field isn't free-form. There's no such thing as a "pop3d" facility. Read the man page for syslogd. You can probably do what you want if you run syslog-ng, but the configuration is fairly complex. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Authentication Problem
Aldisa Admin writes: I have two problems that I need assistance with: 1. I am using Thunderbird mail client and setup SMTP with authentication. When I send a message it takes quite long for it to go through. The server logs are as follows: Dec 22 17:13:28 server courieresmtpd: started,ip=[xxx.xxx.xxx.xxx] Dec 22 17:13:29 server courieresmtpd: error,relay=xxx.xxx.xxx.xxx,msg="535 Authentication failed.",cmd: YWJpZCBlNDU2YTJkYWUwZjNhMzFjNGViMTEyMGMyMTc2ODJlYg== Dec 22 17:13:37 server courierd: newmsg,id=0024A81C.458C5891.97C8: I can't figure out what is causing the authentication error, as the email eventually goes through without any further action on my part. You may not be required to authenticate in the first place, from your IP address, so you can proceed to send mail, unauthenticated. You may not be able to authenticate either because you did not supply the correct userid/password, or you've enabled CRAM authentication, but you are storing encrypted passwords. CRAM authentication requires cleartext passwords. pgpGwVwi6LlaI.pgp Description: PGP signature - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP Authentication Problem
Aldisa Admin wrote: > > 1. I am using Thunderbird mail client and setup SMTP with > authentication. When I send a message it takes quite long for it to go > through. The server logs are as follows: > > Dec 22 17:13:28 server courieresmtpd: started,ip=[xxx.xxx.xxx.xxx] > Dec 22 17:13:29 server courieresmtpd: > error,relay=xxx.xxx.xxx.xxx,msg="535 Authentication failed.",cmd: > YWJpZCBlNDU2YTJkYWUwZjNhMzFjNGViMTEyMGMyMTc2ODJlYg== You've probably enabled an authentication method that you don't support. Maybe CRAM-MD5, without the plain-text password in your userdb? Unless you're going to add the plain-text password, you'll need to turn off the CRAM-* methods, and just use LOGIN. > 2. I would like to change to the default logging options. Currently > each and every pop login gets written to my maillog file. I would > prefer to have this written to a different file. I setup an entry in my > syslog.conf: > > pop3d.*/var/log/pop3dlog Yeah, you can't do that. The "facility" field isn't free-form. There's no such thing as a "pop3d" facility. Read the man page for syslogd. You can probably do what you want if you run syslog-ng, but the configuration is fairly complex. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] SMTP Authentication Problem
Hello, I am using FreeBSD 6.1 with following setup: courier-0.53.2 Courier SMTP IMAP POP3 HTTP mail server suite courier-authlib-base-0.58_2 Courier authentication library base courier-authlib-userdb-0.58_2 Userdb support for the Courier authentication library I have two problems that I need assistance with: 1. I am using Thunderbird mail client and setup SMTP with authentication. When I send a message it takes quite long for it to go through. The server logs are as follows: Dec 22 17:13:28 server courieresmtpd: started,ip=[xxx.xxx.xxx.xxx] Dec 22 17:13:29 server courieresmtpd: error,relay=xxx.xxx.xxx.xxx,msg="535 Authentication failed.",cmd: YWJpZCBlNDU2YTJkYWUwZjNhMzFjNGViMTEyMGMyMTc2ODJlYg== Dec 22 17:13:37 server courierd: newmsg,id=0024A81C.458C5891.97C8: dns; [192.168.2.30] (my.domain.name.tld [xxx.xxx.xxx.xxx]) Dec 22 17:13:37 server courierd: started,id=0024A81C.458C5891.97C8,from=<[EMAIL PROTECTED]>,module=esmtp,host=gmail.com,addr=<[EMAIL PROTECTED]> Dec 22 17:13:37 server courierd: Waiting. shutdown time=none, wakeup time=none, queuedelivering=1, inprogress=1 Dec 22 17:13:37 server courieresmtp: id=0024A81C.458C5891.97C8,from=<[EMAIL PROTECTED]>,addr=<[EMAIL PROTECTED]>: 250 2.0.0 OK 1166825605 e14si3746237qba Dec 22 17:13:37 server courieresmtp: id=0024A81C.458C5891.97C8,from=<[EMAIL PROTECTED]>,addr=<[EMAIL PROTECTED]>,size=516,success: delivered: gmail-smtp-in.l.google.com [72.14.205.27] Dec 22 17:13:37 server courieresmtp: id=0024A81C.458C5891.97C8,from=<[EMAIL PROTECTED]>,addr=<[EMAIL PROTECTED]>,size=516,status: success Dec 22 17:13:37 server courierd: completed,id=0024A81C.458C5891.97C8 Dec 22 17:13:37 server courierd: Waiting. shutdown time=Fri Dec 22 17:21:24 2006, wakeup time=Fri Dec 22 17:21:24 2006, queuedelivering=0, inprogress=0 I can't figure out what is causing the authentication error, as the email eventually goes through without any further action on my part. 2. I would like to change to the default logging options. Currently each and every pop login gets written to my maillog file. I would prefer to have this written to a different file. I setup an entry in my syslog.conf: pop3d.* /var/log/pop3dlog But this didn't switch over the logging. I'm guessing that I need to alter something in one of the courier config files? If so, any guidance would be greatly appreciated. Thanks in advance for any and all help. Merry Xmas and Happy Holidays to all. Abid - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SMTP-Proxy configuration
Michelle Konzack writes: Hello, If I send an E-Mails from the Domain over an foreign ISP like , 80% of the E-Mails become bounced which is generaly a normal SPAM protection. If I send over I need to use "auth-smtp" in conjunction with TLS and SSL... The MTA in my Motorcaravan/Mobilhome is courier-mta-ssl. Now my question How must I configure the courier-mta to use an SMTP-Proxy like to send the messages to ? You need to initialize the esmtproutes and esmtpauthclient configuration files. esmtproutes defines your smarthost, and esmtpauthclient supplies the authentication information. pgpq1z7v2TWSk.pgp Description: PGP signature - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
