Re: load balanced emails servers pair

2017-02-09 Thread Alex 
Another approach is to load balance with DNS. You setup a domain that resolves 
to the set of IP addresses of your mail servers. You might even imploy priority 
in the DNS records for weighted load sharing. You have the persistence of the 
session as a bonus. Not so efficient always but way more simple.

Alex

On February 10, 2017 1:07:45 AM GMT+02:00, Alex  wrote:
>One approach could be to setup a load balancer (lvs, haproxy) in front
>of the servers to share the IMAP load. Make also the sessions
>persistent to avoid issues with authentication.
>
>Alex
>
>On February 9, 2017 11:57:09 AM GMT+02:00, Patrick Chemla
> wrote:
>>Thanks all for your answers.
>>
>>I have at last setup the NAS, and mails are received there.
>>
>>So I will set the second server and second MTA, and both will receive 
>>emails.
>>
>>Next step is to give users access to both servers to retreive emails.
>>
>>As a load-balancer could help easily for http/https access, how to
>deal
>>
>>with IMAP ports? How to load-balance IMAP ports?
>>
>>Thanks
>>Patrick
>>
>>Le 29/01/2017 à 14:29, rightkicktech.gmail.com a écrit :
>>> A shared storage with glusterfs seems a nice approach.
>>> In this way, it doesn't matter which server receives the mail, as
>>long 
>>> as the MDAs of each server write on the shared storage.
>>>
>>> Alex
>>>
>>> On January 25, 2017 6:08:59 PM EET, Patrick Domack 
>>>  wrote:
>>>
>>> All options, assuming your imap/pop/lmtp are compatable and
>>friendly using it.
>>>
>>> I know dovecot you should only access a mailstore from one host
>>at a
>>> time, don't just randomly balance things, or it can corrupt the
>>index
>>> files.
>>>
>>> Quoting Eero Volotinen :
>>>
>>> how about mounting ceph or glusterfs disk to message store?
>>> eero 25.1.2017 5.18 ap. "Patrick Domack"
>>>  kirjoitti:
>>>
>>> This would not be a good thing to do, as deleted email
>>> will magically reappear. Using unison to sync it worked
>>> for me, over 10years ago. But these days, just use dsync
>>> part of dovecot, and your life will be happy. Quoting
>>> Patrick Chemla : Hi
>>Wietse,
>>>
>>> Of course I thought about such NAS solution, but I
>>> wanted to check if there is a way with 2 separate
>>> disks, with a kind of that could be aware of emails
>>> files changes. Actually, the mail server run onto a
>>> VM, on a big server. I have another big server with
>>> same emails VM, and I just rsync --delete --update
>>> from the first one to the second. So I have a full
>>> image copy every 5 minutes, but only one real MTA. I
>>> will check the NAS option, if there is no other way.
>>> Thanks Patrick Le 24/01/2017 à 13:45, Wietse Venema
>a
>>> écrit :
>>>
>>> Patrick Chemla:
>>>
>>> Hi, I have a running Fedora 24 emails server
>>> using postfix 3.1.3, with courier. I wonder
>>> how to build a pair of MTAs to secure emails
>>> at all time, having 2 servers receiving the
>>> emails, and users could connect to either
>>> server to get emails, maybe on a load
>>balanced
>>> way. Problems are with synchronization when
>>> receiving emails from outside, or emails
>>read,
>>> emails moved,
>>>
>>> You need a redundant message store. In pre-cloud
>>> times, people would use a NAS filer with
>>redundant
>>> disks, store email as maildir files (one per
>>> message) and MDAs would mount that store via
>NFS.
>>> Perhaps that model still works for you. Does
>>> someone have a good guide, howto, doc to achieve
>>> this?
>>>
>>> Thanks for help. Patrick
>>>
>>>
>>>
>>>
>>>
>>> -- 
>>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
>
>-- 
>Sent from my Android device with K-9 Mail. Please excuse my brevity.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: load balanced emails servers pair

2017-02-09 Thread Alex 
One approach could be to setup a load balancer (lvs, haproxy) in front of the 
servers to share the IMAP load. Make also the sessions persistent to avoid 
issues with authentication.

Alex

On February 9, 2017 11:57:09 AM GMT+02:00, Patrick Chemla 
 wrote:
>Thanks all for your answers.
>
>I have at last setup the NAS, and mails are received there.
>
>So I will set the second server and second MTA, and both will receive 
>emails.
>
>Next step is to give users access to both servers to retreive emails.
>
>As a load-balancer could help easily for http/https access, how to deal
>
>with IMAP ports? How to load-balance IMAP ports?
>
>Thanks
>Patrick
>
>Le 29/01/2017 à 14:29, rightkicktech.gmail.com a écrit :
>> A shared storage with glusterfs seems a nice approach.
>> In this way, it doesn't matter which server receives the mail, as
>long 
>> as the MDAs of each server write on the shared storage.
>>
>> Alex
>>
>> On January 25, 2017 6:08:59 PM EET, Patrick Domack 
>>  wrote:
>>
>> All options, assuming your imap/pop/lmtp are compatable and
>friendly using it.
>>
>> I know dovecot you should only access a mailstore from one host
>at a
>> time, don't just randomly balance things, or it can corrupt the
>index
>> files.
>>
>> Quoting Eero Volotinen :
>>
>> how about mounting ceph or glusterfs disk to message store?
>> eero 25.1.2017 5.18 ap. "Patrick Domack"
>>  kirjoitti:
>>
>> This would not be a good thing to do, as deleted email
>> will magically reappear. Using unison to sync it worked
>> for me, over 10years ago. But these days, just use dsync
>> part of dovecot, and your life will be happy. Quoting
>> Patrick Chemla : Hi
>Wietse,
>>
>> Of course I thought about such NAS solution, but I
>> wanted to check if there is a way with 2 separate
>> disks, with a kind of that could be aware of emails
>> files changes. Actually, the mail server run onto a
>> VM, on a big server. I have another big server with
>> same emails VM, and I just rsync --delete --update
>> from the first one to the second. So I have a full
>> image copy every 5 minutes, but only one real MTA. I
>> will check the NAS option, if there is no other way.
>> Thanks Patrick Le 24/01/2017 à 13:45, Wietse Venema a
>> écrit :
>>
>> Patrick Chemla:
>>
>> Hi, I have a running Fedora 24 emails server
>> using postfix 3.1.3, with courier. I wonder
>> how to build a pair of MTAs to secure emails
>> at all time, having 2 servers receiving the
>> emails, and users could connect to either
>> server to get emails, maybe on a load
>balanced
>> way. Problems are with synchronization when
>> receiving emails from outside, or emails
>read,
>> emails moved,
>>
>> You need a redundant message store. In pre-cloud
>> times, people would use a NAS filer with
>redundant
>> disks, store email as maildir files (one per
>> message) and MDAs would mount that store via NFS.
>> Perhaps that model still works for you. Does
>> someone have a good guide, howto, doc to achieve
>> this?
>>
>> Thanks for help. Patrick
>>
>>
>>
>>
>>
>> -- 
>> Sent from my Android device with K-9 Mail. Please excuse my brevity. 

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: BBC mapping

2017-02-09 Thread Noel Jones 
On 2/9/2017 11:47 AM, @lbutlr wrote:
> 
>> On Feb 7, 2017, at 5:10 PM, Wietse Venema  wrote:
>>
>> @lbutlr:
>>> if !/backup.*@/
>>> /^([^+_]*).*@(.*)/   backup+${1}.${2}@domain.tld
>>> endif
>>>
>>> […]
>>>
>>> However, I would like to exclude a specific domain from this backup =
>>> including all mail TO and FROM the domain.
>>
>> if !/backup.*@/
>> if !/@example\.com$/
>> /^([^+_]*).*@(.*)/   backup+${1}.${2}@domain.tld
>> endif
>> endif
> 
> And if a second domain wants the same exclusion? I can’t do multiple tests in 
> the map, right?

I think you'll have to nest more if..endif statements for the
negative matching to work.

if !/backup.*@/
if !/@example\.com$/
if !/@example\.org$/
/^([^+_]*).*@(.*)/   backup+${1}.${2}@domain.tld
endif
endif
endif



  -- Noel Jones

Re: BBC mapping

2017-02-09 Thread @lbutlr 

> On Feb 7, 2017, at 5:10 PM, Wietse Venema  wrote:
> 
> @lbutlr:
>> if !/backup.*@/
>> /^([^+_]*).*@(.*)/   backup+${1}.${2}@domain.tld
>> endif
>> 
>> […]
>> 
>> However, I would like to exclude a specific domain from this backup =
>> including all mail TO and FROM the domain.
> 
> if !/backup.*@/
> if !/@example\.com$/
> /^([^+_]*).*@(.*)/   backup+${1}.${2}@domain.tld
> endif
> endif

And if a second domain wants the same exclusion? I can’t do multiple tests in 
the map, right?

> However the first pattern doesn't seem robust to me. It excludes
> something that has 'backup' in the middle of the localpart.

That’s a feature! Or a kuludge, more likely. (If someone is already sending to 
a ‘backup’ account then the message isn’t backed up again).


-- 
Apple broke AppleScripting signatures in Mail.app, so no random signatures.

AW: The "from" header looks like paypal but it is coming from somewhere else.

2017-02-09 Thread Uwe Drießen 
Im Auftrag von P.V.Anthony
> Since the email contains the following.
> 
> From: =?utf-8?Q?service=40paypaI=2Ecom=2Esg?=
> 
> 
> What do you all think about that?
> 
> P.V.Anthony
> 

Perhaps 


if /^From:.*paypal.*/
   if !/\<.+@(.\.)?paypal\.(de|com)\>$/
#!/\<.+@(.\.)paypal\.(de|com)\>$/i
 /^/ REJECT Your Mailaccount was hacked
  endif
endif





Mit freundlichen Grüßen

Uwe Drießen
--
Software & Computer

Netzwerke, Server. 
Wir vernetzen Sie und Ihre Rechner !

Uwe Drießen
Lembergstraße 33
67824 Feilbingert

Tel.: 06708660045

Re: SASL LOGIN authentication failed: no mechanism available

2017-02-09 Thread Nick 

Hi Viktor,

I switched to dovecot and the email went through fine this time! You rock!

Thanks so much for the help!


Viktor Dukhovni wrote:

On Thu, Feb 09, 2017 at 04:05:25PM +, Viktor Dukhovni wrote:

  

On Thu, Feb 09, 2017 at 12:45:44PM -0300, Nick wrote:



I have just tried adding multiple symlinks, restarted postfix and saslauthd
but the same error persists,
  

Time to configure "debug_peer_list" to include the IP address of
the client that is triggering the errors.  More may become apparent
from verbose logs.  Be aware that the client may send base64-encoded
plaintext passwords to the server.  Excise any password-bearing
base64 payload from any logs you post.  Since the passwords end up
in syslog output files, you may want to change any password used
after you get this working.



Also, you seem to be trying to use "rimap".  If your IMAP server
is dovecot, it is much simpler to use the dovecot SASL backend
instead.

Indeed you may in fact be configured to use Dovecot, since I
don't see:

smtpd_sasl_type = cyrus

in your "postconf -n" output.  That could explain why the Cyrus
smtpd.conf is not used...

Re: SASL LOGIN authentication failed: no mechanism available

2017-02-09 Thread Viktor Dukhovni 
On Thu, Feb 09, 2017 at 04:05:25PM +, Viktor Dukhovni wrote:

> On Thu, Feb 09, 2017 at 12:45:44PM -0300, Nick wrote:
> 
> > I have just tried adding multiple symlinks, restarted postfix and saslauthd
> > but the same error persists,
> 
> Time to configure "debug_peer_list" to include the IP address of
> the client that is triggering the errors.  More may become apparent
> from verbose logs.  Be aware that the client may send base64-encoded
> plaintext passwords to the server.  Excise any password-bearing
> base64 payload from any logs you post.  Since the passwords end up
> in syslog output files, you may want to change any password used
> after you get this working.

Also, you seem to be trying to use "rimap".  If your IMAP server
is dovecot, it is much simpler to use the dovecot SASL backend
instead.

Indeed you may in fact be configured to use Dovecot, since I
don't see:

smtpd_sasl_type = cyrus

in your "postconf -n" output.  That could explain why the Cyrus
smtpd.conf is not used...

-- 
Viktor.

Re: SASL LOGIN authentication failed: no mechanism available

2017-02-09 Thread Viktor Dukhovni 
On Thu, Feb 09, 2017 at 12:45:44PM -0300, Nick wrote:

> I have just tried adding multiple symlinks, restarted postfix and saslauthd
> but the same error persists,

Time to configure "debug_peer_list" to include the IP address of
the client that is triggering the errors.  More may become apparent
from verbose logs.  Be aware that the client may send base64-encoded
plaintext passwords to the server.  Excise any password-bearing
base64 payload from any logs you post.  Since the passwords end up
in syslog output files, you may want to change any password used
after you get this working.

-- 
Viktor.

Re: SASL LOGIN authentication failed: no mechanism available

2017-02-09 Thread Nick 

Hi Viktor,

Thanks for the help!

Postfix is from Ubuntu apt official repo, version is 2.11.

# postconf -d | grep mail_version
mail_version = 2.11.0

I have just tried adding multiple symlinks, restarted postfix and 
saslauthd but the same error persists,


# ls -lah /usr/lib/sasl2/smtpd.conf
lrwxrwxrwx 1 root root 28 Feb  9 10:35 /usr/lib/sasl2/smtpd.conf -> 
/etc/postfix/sasl/smtpd.conf


# ls -lah /etc/sasl2/smtpd.conf
lrwxrwxrwx 1 root root 28 Feb  9 10:40 /etc/sasl2/smtpd.conf -> 
/etc/postfix/sasl/smtpd.conf


# ls -lah /var/lib/sasl2/smtpd.conf
lrwxrwxrwx 1 root root 28 Feb  9 10:41 /var/lib/sasl2/smtpd.conf -> 
/etc/postfix/sasl/smtpd.conf


Im running chroot'ed postfix:

root@server:~# grep smtp /etc/postfix/master.cf
smtp  inet  n   -   -   -   -   smtpd
#smtp  inet  n   -   -   -   1   postscreen
#smtpd pass  -   -   -   -   -   smtpd
#submission inet n   -   -   -   -   smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#smtps inet  n   -   -   -   -   smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
smtp  unix  -   -   -   -   -   smtp
relay unix  -   -   -   -   -   smtp
#   -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
bsmtp unix  -   n   n   -   -   pipe
 flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender 
$recipient



saslauthd option is configured with the chroot'ed path.

root@server:~# cat /etc/default/saslauthd
START=yes
NAME=saslauthd
MECHANISMS="rimap"
#imap server address
MECH_OPTIONS="localhost"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

# ls -lah /var/spool/postfix/var/run/saslauthd
total 976K
drwx--x--- 2 root sasl 4.0K Feb  9 10:41 .
drwxr-xr-x 3 root root 4.0K Feb  8 23:46 ..
-rw--- 1 root root0 Feb  9 10:41 cache.flock
-rw--- 1 root root 963K Feb  9 10:41 cache.mmap
srwxrwxrwx 1 root root0 Feb  9 10:41 mux
-rw--- 1 root root0 Feb  9 10:41 mux.accept
-rw--- 1 root root6 Feb  9 10:41 saslauthd.pid

Not sure if Im missing anything.

Thank you so much guys!

Viktor Dukhovni wrote:

On Thu, Feb 09, 2017 at 12:05:08PM -0300, Nick wrote:

  

Hi Chris,

Thank you for the prompt reply, package its already installed.



What Postfix version?  Is Postfix from the Debian package, or
your own build?

Upthread you mention /etc/postfix/sasl/smtpd.conf, that would not
be used if your Postfix is not modified (e.g. by the Debian release
maintainers) to do that (or perhaps a symlink is expected from
the default location to /etc/postfix/sasl/):

SASL_README:

  * Cyrus SASL version 2.x searches for the configuration file in /usr/lib/
sasl2/.

  * Cyrus SASL version 2.1.22 and newer additionally search in /etc/sasl2/.

  * Some Postfix distributions are modified and look for the Cyrus SASL
configuration file in /etc/postfix/sasl/, /var/lib/sasl2/ etc. See the
distribution-specific documentation to determine the expected location.

Note

Cyrus SASL searches /usr/lib/sasl2/ first. If it finds the specified
configuration file there, it will not examine other locations.

And of course you need to make sure that any chroot settings in
master.cf are compatible with the saslauthd mux socket location.

Re: SASL LOGIN authentication failed: no mechanism available

2017-02-09 Thread Nick 

Hi chaouche,

I appreciate the quick help, I provided the config files on my very 
first email, below is the smtpd.conf file, let me know if you want me to 
paste all the config files again,


# cat /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
auxprop_plugin: rimap
log_level: 7

Kind Regards,

SB-Nick.
Certified System and Network Administrator.

http://www.serverbuddies.com
Technical Support Manager

n...@serverbuddies.com

Providing Dedicated Server Solutions Just a Click AWAY!
---



chaouche yacine wrote:
Hi Nick, 



I'm curious to know what's inside your /etc/postfix/sasl/smtpd.conf file ?

Re: SASL LOGIN authentication failed: no mechanism available

2017-02-09 Thread Viktor Dukhovni 
On Thu, Feb 09, 2017 at 12:05:08PM -0300, Nick wrote:

> Hi Chris,
> 
> Thank you for the prompt reply, package its already installed.

What Postfix version?  Is Postfix from the Debian package, or
your own build?

Upthread you mention /etc/postfix/sasl/smtpd.conf, that would not
be used if your Postfix is not modified (e.g. by the Debian release
maintainers) to do that (or perhaps a symlink is expected from
the default location to /etc/postfix/sasl/):

SASL_README:

  * Cyrus SASL version 2.x searches for the configuration file in /usr/lib/
sasl2/.

  * Cyrus SASL version 2.1.22 and newer additionally search in /etc/sasl2/.

  * Some Postfix distributions are modified and look for the Cyrus SASL
configuration file in /etc/postfix/sasl/, /var/lib/sasl2/ etc. See the
distribution-specific documentation to determine the expected location.

Note

Cyrus SASL searches /usr/lib/sasl2/ first. If it finds the specified
configuration file there, it will not examine other locations.

And of course you need to make sure that any chroot settings in
master.cf are compatible with the saslauthd mux socket location.

-- 
Viktor.

Re: SASL LOGIN authentication failed: no mechanism available

2017-02-09 Thread chaouche yacine 
Hi Nick, 


I'm curious to know what's inside your /etc/postfix/sasl/smtpd.conf file ?

Re: SASL LOGIN authentication failed: no mechanism available

2017-02-09 Thread Nick 

Hi Chris,

Thank you for the prompt reply, package its already installed.

root@server:~# dpkg --get-selections | grep -i sasl2
libsasl2-2:amd64install
libsasl2-modules:amd64install
libsasl2-modules-db:amd64install
sasl2-bininstall

root@server:~# apt-get install libsasl2-modules
Reading package lists... Done
Building dependency tree  
Reading state information... Done

libsasl2-modules is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 225 not upgraded.
root@server:~#

Any guidance will be appreciated!


Christian Kivalo wrote:



On 2017-02-09 09:09, Nick - ServerBuddies Support wrote:

Hello guys,

For some reason Im unable to send any email from this postfix server,
Im getting the following error:

Feb  9 03:00:35 buf postfix/smtpd[6424]: warning: SASL PLAIN
authentication failed: no mechanism available


For debian install the package libsasl2-modules

Re: The "from" header looks like paypal but it is coming from somewhere else. [signed]

2017-02-09 Thread Sebastian Nielsen 
It is a DKIM issue. Google "strict DKIM alignment"

This is something usually defined in DMARC, but you could have a local 
definition that forces strict DKIM alignment for sensitive domains, like "all 
domains containing *paypal* or *bank*".

Dominic Raferd  skrev: (9 februari 2017 12:11:11 CET)
>On 9 Feb 2017 12:53,  wrote:
>
>That is the mailchimp server. (Technically rocketsciencegroup.com) So
>has
>the email originator figured out some sort of unintended use of
>mailchimp?
>
>
>
>*From: *Sebastian Nielsen
>*Sent: *Thursday, February 9, 2017 2:24 AM
>*To: *postfix-users@postfix.org
>*Subject: *Re: The "from" header looks like paypal but it is coming
>from
>somewhere else. [signed]
>
>The problem here is that DKIM isn't aligned to paypal.com
>Enforce strict DKIM alignment on sensitive domains like paypal
>
>I don't think this is a DKIM issue. A bespoke regex as check_header
>should
>be able to trap this specific faking attempt - if it relates as I think
>to
>the internal From header not the envelope sender (client).
>
>More generally, are there legitimate cases where a sender shows a
>different
>but apparently valid email address as the (whole) to text of the From
>compared with the actual address which follows it? If not, can a pcre
>regex
>match such situations or is something more sophisticated needed?


smime.p7s
Description: S/MIME Cryptographic Signature

Re: The "from" header looks like paypal but it is coming from somewhere else. [signed]

2017-02-09 Thread Dominic Raferd 
On 9 Feb 2017 12:53,  wrote:

That is the mailchimp server. (Technically rocketsciencegroup.com) So has
the email originator figured out some sort of unintended use of mailchimp?



*From: *Sebastian Nielsen
*Sent: *Thursday, February 9, 2017 2:24 AM
*To: *postfix-users@postfix.org
*Subject: *Re: The "from" header looks like paypal but it is coming from
somewhere else. [signed]

The problem here is that DKIM isn't aligned to paypal.com
Enforce strict DKIM alignment on sensitive domains like paypal

I don't think this is a DKIM issue. A bespoke regex as check_header should
be able to trap this specific faking attempt - if it relates as I think to
the internal From header not the envelope sender (client).

More generally, are there legitimate cases where a sender shows a different
but apparently valid email address as the (whole) to text of the From
compared with the actual address which follows it? If not, can a pcre regex
match such situations or is something more sophisticated needed?

Re: The "from" header looks like paypal but it is coming from somewhere else. [signed]

2017-02-09 Thread lists 
  That is the mailchimp server. (Technically rocketsciencegroup.com) So has the email originator figured out some sort of unintended use of mailchimp? From: Sebastian NielsenSent: Thursday, February 9, 2017 2:24 AMTo: postfix-users@postfix.orgSubject: Re: The "from" header looks like paypal but it is coming from somewhere else. [signed]The problem here is that DKIM isn't aligned to paypal.com
Enforce strict DKIM alignment on sensitive domains like paypal

Re: The "from" header looks like paypal but it is coming from somewhere else. [signed]

2017-02-09 Thread Sebastian Nielsen 
The problem here is that DKIM isn't aligned to paypal.com
Enforce strict DKIM alignment on sensitive domains like paypal

smime.p7s
Description: S/MIME Cryptographic Signature

Re: load balanced emails servers pair

2017-02-09 Thread Patrick Chemla 

Thanks all for your answers.

I have at last setup the NAS, and mails are received there.

So I will set the second server and second MTA, and both will receive 
emails.


Next step is to give users access to both servers to retreive emails.

As a load-balancer could help easily for http/https access, how to deal 
with IMAP ports? How to load-balance IMAP ports?


Thanks
Patrick

Le 29/01/2017 à 14:29, rightkicktech.gmail.com a écrit :

A shared storage with glusterfs seems a nice approach.
In this way, it doesn't matter which server receives the mail, as long 
as the MDAs of each server write on the shared storage.


Alex

On January 25, 2017 6:08:59 PM EET, Patrick Domack 
 wrote:


All options, assuming your imap/pop/lmtp are compatable and friendly using 
it.

I know dovecot you should only access a mailstore from one host at a
time, don't just randomly balance things, or it can corrupt the index
files.

Quoting Eero Volotinen :

how about mounting ceph or glusterfs disk to message store?
eero 25.1.2017 5.18 ap. "Patrick Domack"
 kirjoitti:

This would not be a good thing to do, as deleted email
will magically reappear. Using unison to sync it worked
for me, over 10years ago. But these days, just use dsync
part of dovecot, and your life will be happy. Quoting
Patrick Chemla : Hi Wietse,

Of course I thought about such NAS solution, but I
wanted to check if there is a way with 2 separate
disks, with a kind of that could be aware of emails
files changes. Actually, the mail server run onto a
VM, on a big server. I have another big server with
same emails VM, and I just rsync --delete --update
from the first one to the second. So I have a full
image copy every 5 minutes, but only one real MTA. I
will check the NAS option, if there is no other way.
Thanks Patrick Le 24/01/2017 à 13:45, Wietse Venema a
écrit :

Patrick Chemla:

Hi, I have a running Fedora 24 emails server
using postfix 3.1.3, with courier. I wonder
how to build a pair of MTAs to secure emails
at all time, having 2 servers receiving the
emails, and users could connect to either
server to get emails, maybe on a load balanced
way. Problems are with synchronization when
receiving emails from outside, or emails read,
emails moved,

You need a redundant message store. In pre-cloud
times, people would use a NAS filer with redundant
disks, store email as maildir files (one per
message) and MDAs would mount that store via NFS.
Perhaps that model still works for you. Does
someone have a good guide, howto, doc to achieve
this?

Thanks for help. Patrick





--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: SASL LOGIN authentication failed: no mechanism available

2017-02-09 Thread Christian Kivalo 



On 2017-02-09 09:09, Nick - ServerBuddies Support wrote:

Hello guys,

For some reason Im unable to send any email from this postfix server,
Im getting the following error:

Feb  9 03:00:35 buf postfix/smtpd[6424]: warning: SASL PLAIN
authentication failed: no mechanism available


For debian install the package libsasl2-modules

--
 Christian Kivalo

SASL LOGIN authentication failed: no mechanism available

2017-02-09 Thread Nick - ServerBuddies Support 

Hello guys,

For some reason Im unable to send any email from this postfix server, Im 
getting the following error:


Feb  9 03:00:35 buf postfix/smtpd[6424]: warning: SASL PLAIN 
authentication failed: no mechanism available


No more errors than the one below appears on logs.
Im using rimap for checking valid mailbox accounts, receiving email 
through POP3/IMAP works just fine.

Im able to get a Success when testing the mailbox with testsaslauth:

# testsaslauthd -u t...@domain.tld -p passwd -f 
/var/spool/postfix/var/run/saslauthd/mux

0: OK "Success.

Adding typos on file /etc/postfix/sasl/smtpd.conf doesnt return any 
error from postfix so Im wondering if its really loading it.
Additionally, have tried to run saslauthd in debug/verbose mode when 
sending an email from my email client but I dont see any connection 
attempt or error in there, just the "no mechanism available" error on 
the postfix log.


Below is my postconf, master.cf and saslauthd config, please let me know 
if you need further details to help me find the cause of the problem, 
any help is highly appreciated!


root@server:~# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
inet_protocols = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = localhost.localdomain, localhost
mynetworks = 138.128.20.50/32 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relay_domains = mysql:/etc/postfix/mysql_relay_domains.cf
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_mynetworks reject_invalid_hostname 
reject_non_fqdn_sender reject_non_fqdn_recipient 
reject_unknown_recipient_domain reject_unknown_sender_domain 
reject_unauth_pipelining permit_sasl_authenticated reject_unauth_destination

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = 
mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf

virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

# cat /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
auxprop_plugin: rimap
log_level: 7

# cat /etc/default/saslauthd
START=yes
NAME=saslauthd
MECHANISMS="rimap"
#imap server address
MECH_OPTIONS="localhost"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

root@server:~# cat /etc/postfix/master.cf
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==
# service type  private unpriv  chroot  wakeup  maxproc command + args
#   (yes)   (yes)   (yes)   (never) (100)
# ==
smtp  inet  n   -   -   -   -   smtpd
#smtp  inet  n   -   -   -   1   postscreen
#smtpd pass  -   -   -   -   -   smtpd
#dnsblog   unix  -   -   -   -   0   dnsblog
#tlsproxy  unix  -   -   -   -   0   tlsproxy
#submission inet n   -   -   -   -   smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps inet  n   -   -   -   -   smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628   inet  n   -   -   -   -   qmqpd
pickupunix  n   -   -   60  1   pickup
cleanup   unix  n   -   -   -