RE: [qmailtoaster] Re: Mails are still being marked as spam - Reg.
Eric, Earlier I have set the same parameter as below: score FH_DATE_PAST_201X 0 Now I have done the changes as per your recommendations. Let me check it out for a day or two. -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Thursday, June 03, 2010 9:30 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: Mails are still being marked as spam - Reg. Atul Paralikar wrote: Even after applying all the recommendations for the problem addressing 2010 date. Mails are still marked as SPAM. Below is the part of the header of a genuine email from a genuine user. Have I missed anything? How to I check if the setting I applied are indeed working? Any command? = Received: (qmail 17534 invoked from network); 2 Jun 2010 07:14:41 -0500 Received: from mail.etisbew.com (74.55.177.18) by mail.etisbew.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 2 Jun 2010 07:14:41 -0500 Received: (qmail 27525 invoked by uid 89); 2 Jun 2010 12:14:43 - Received: by simscan 1.4.0 ppid: 27519, pid: 27520, t: 0.4738s scanners: attach: 1.4.0 clamav: 0.95.2/m:51/d:9865 spam: 3.2.5 X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.etisbew.com */X-Spam-Level: */* */X-Spam-Status: Yes, score=5.3 required=5.0 tests=AWL,FB_ALMOST_SEX,/* */FH_DATE_PAST_20XX,HTML_MESSAGE,RDNS_NONE autolearn=no version=3.2.5/* */X-Spam-Report: /* */* 3.4 FH_DATE_PAST_20XX The date is grossly in the future./* */* 3.1 FB_ALMOST_SEX BODY: It's almost sex, but not!/* * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS * -1.3 AWL AWL: From: address is in the auto white-list Received: from unknown (HELO mail32.elabs7.com) (208.66.204.244) by mail.etisbew.com with SMTP; 2 Jun 2010 12:14:43 - Received-SPF: pass (mail.etisbew.com: SPF record at elabs7.com designates 208.66.204.244 as permitted sender) = Regards, Atul Paralikar It appears that the FH_DATE_PAST_20XX rule is still firing for you, so your fix appears to not have taken effect. You didn't say specifically what you did, so I'll simply tell you what you need. Add the following to /etc/mail/spamassassin/local.cf: # temporary fix for this rule score FH_DATE_PAST_20XX 0.0 Then restart spamassassin: # qmail-spam restart (qmail-spam command is part of QTP, in case you don't have that yet) That should do it. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: Mails are still being marked as spam - Reg.
I have to do this trick for every new installation. Has this been fixed with new RPMS? So that this is fixed in every new toaster install? On Fri, Jun 4, 2010 at 2:22 PM, Atul Paralikar a...@etisbew.com wrote: Eric, Earlier I have set the same parameter as below: score FH_DATE_PAST_201X 0 Now I have done the changes as per your recommendations. Let me check it out for a day or two. -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Thursday, June 03, 2010 9:30 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: Mails are still being marked as spam - Reg. Atul Paralikar wrote: Even after applying all the recommendations for the problem addressing 2010 date. Mails are still marked as SPAM. Below is the part of the header of a genuine email from a genuine user. Have I missed anything? How to I check if the setting I applied are indeed working? Any command? = Received: (qmail 17534 invoked from network); 2 Jun 2010 07:14:41 -0500 Received: from mail.etisbew.com (74.55.177.18) by mail.etisbew.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 2 Jun 2010 07:14:41 -0500 Received: (qmail 27525 invoked by uid 89); 2 Jun 2010 12:14:43 - Received: by simscan 1.4.0 ppid: 27519, pid: 27520, t: 0.4738s scanners: attach: 1.4.0 clamav: 0.95.2/m:51/d:9865 spam: 3.2.5 X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.etisbew.com */X-Spam-Level: */* */X-Spam-Status: Yes, score=5.3 required=5.0 tests=AWL,FB_ALMOST_SEX,/* */ FH_DATE_PAST_20XX,HTML_MESSAGE,RDNS_NONE autolearn=no version=3.2.5/* */X-Spam-Report: /* */ * 3.4 FH_DATE_PAST_20XX The date is grossly in the future./* */ * 3.1 FB_ALMOST_SEX BODY: It's almost sex, but not!/* * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS * -1.3 AWL AWL: From: address is in the auto white-list Received: from unknown (HELO mail32.elabs7.com) (208.66.204.244) by mail.etisbew.com with SMTP; 2 Jun 2010 12:14:43 - Received-SPF: pass (mail.etisbew.com: SPF record at elabs7.com designates 208.66.204.244 as permitted sender) = Regards, Atul Paralikar It appears that the FH_DATE_PAST_20XX rule is still firing for you, so your fix appears to not have taken effect. You didn't say specifically what you did, so I'll simply tell you what you need. Add the following to /etc/mail/spamassassin/local.cf: # temporary fix for this rule score FH_DATE_PAST_20XX 0.0 Then restart spamassassin: # qmail-spam restart (qmail-spam command is part of QTP, in case you don't have that yet) That should do it. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] UpdateScript error
When I run the update script getting below error.Have you any idea? Issuing command: qtp-newmodel qtp-newmodel v0.3.15 starting Fri Jun 4 09:50:02 EEST 2010 qtp-whatami v0.3.6 DISTRO=CentOS OSVER=5.4 QTARCH=i686 QTKERN=2.6.18-164.15.1.el5 BUILD_DIST=cnt50 BUILD_DIR=/usr/src/redhat This machine's OS is supported and has been tested Let's get on with it! The following packages have already been selected: squirrelmail-toaster-1.4.20-1.3.17.src.rpm clamav-toaster-0.96.0-1.3.35.src.rpm Do you want to process this selection? Shall we continue? (yes, no|skip, batch, quit) [y] / n|s / b / q : b Getting source packages ...(this may take a while) squirrelmail-toaster-1.4.20-1.3.17.src.rpm is already downloaded, bypassed clamav-toaster-0.96.0-1.3.35.src.rpm is already downloaded, bypassed qtp-newmodel - updating toaster (mostly spamassassin) dependencies ... Loaded plugins: fastestmirror Determining fastest mirrors * addons: mirror.vit.com.tr * base: mirror.vit.com.tr * extras: mirror.vit.com.tr * updates: mirror.vit.com.tr addons | 951 B 00:00 addons/primary | 202 B 00:00 base | 1.1 kB 00:00 base/primary | 920 kB 00:04 base 2599/2599 extras | 2.1 kB 00:00 qtp-nodist | 951 B 00:00 updates | 1.9 kB 00:00 updates/primary_db | 142 kB 00:02 Setting up Update Process Error: No Package Matching perl(Archive::Tar) Shall we build a new sandbox at /mnt/qtp-sandbox? [y]/n: Running in background, replied 'yes' Removing sandbox at /mnt/qtp-sandbox ... qtp-umount-sandbox v0.3.2 qtp-umount-sandbox: sandbox not mounted Would you like a unionfs/overlay sandbox? (recommended) [y]/n: Running in background, replied 'yes' Using FUSE union filesystem ... qtp-mount-sandbox v0.3.3 qtp-mount-sandbox - updating dependencies ... Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * addons: mirror.vit.com.tr * base: mirror.vit.com.tr * extras: mirror.vit.com.tr * rpmforge: apt.sw.be * updates: mirror.vit.com.tr qtp-CentOS | 951 B 00:00 rpmforge | 1.1 kB 00:00 rpmforge/primary | 3.8 MB 01:02 rpmforge 10436/10436 Setting up Update Process No Packages marked for Update qtp-mount-sandbox: sandbox mounted successfully Starting to build the binary rpms ...(pizza anyone?) If you want to view compile messages, you can open another terminal and: # tail -f /mnt/qtp-sandbox/usr/src/qtp-upgrade/log/build-recent.log qtp-build-rpms v0.3.5 qtp-remove-pkgs v0.3.1 Building squirrelmail-toaster-1.4.20-1.3.17 ... qtp-build-rpms - rpmbuild failed for squirrelmail-toaster-1.4.20-1.3.17 qtp-build-rpms - here are the last 10 messages from the log: Building for target i686 Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.75838 + umask 022 + cd /usr/src/redhat/BUILD /var/tmp/rpm-tmp.75838: line 23: cd: /usr/src/redhat/BUILD: No such file or directory error: Bad exit status from /var/tmp/rpm-tmp.75838 (%prep) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.75838 (%prep) end of log messages qtp-build-rpms - see /mnt/qtp-sandbox/usr/src/qtp-upgrade/log/build-recent.log for more details Build failed, Exiting. --- Hit ENTER to return to menu --- Bilgehan POYRAZ Software Engineer Logicom Bilgi Teknolojileri Dagitim Ltd. Sti. Member of the Logicom Group Tel: +90 212 276 2720 Fax: +90 212 276 2750 URL: www.logicom-group.com http://www.logicom-group.com/ P Please consider the environment. Do you really need to print this email? image001.jpg
Re: [qmailtoaster] Re: Webmail SSL
No, not at this time.
On Jun 3, 2010, at 11:06 PM, Maxwell Smart c...@yother.com wrote:
Are you using virtual hosts?
Quoting Scott Hughes sonicscott9...@gmail.com:
I've decided to change things up a bit. I've email all of my users
and told them that the webmail address is changing effective
tomorrow evening. While my workaround was working, I didn't like
that it was a bit of a hack.
I've told them to use the standard https://mail.SERVERNAME.net/webmail
(also works with /horde, too).
While using the straighter mail.SERVERNAME.net is simple, it does
not lend itself to proper security.
Scott
On 6/3/10 8:51 PM, Eric Broch wrote:
CJ,
I secure three sites (domains) on the same server. None of my
other clients
use webmail
Eric B.
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 6:05 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
Eric,
Have you been successful in securing more than one site?
CJ
Quoting Eric Brochebr...@whitehorsetc.com:
Maxwell Smart wrote:
I realize that it's a bit of a hack and I don't like it, but I
cannot get it to work correctly otherwise. I just tried your
config and it didn't work either.
You are using the webmail suffix where I am not. I am trying to
get mail.myserver.com to work using SNI. I should be able to have
multiple virtual servers using https and I cannot get it to work.
I think part of the problem is openssl 0.9.8e SNI requires f and
newer. I upgraded on my test server, but I'm still having
problems
getting it to work correctly.
I'll figure it out, it's just frustrating when you read the
documentation and it doesn't quite work that way. Then where do
you start to troubleshoot.
Quoting Eric Shuberte...@shubes.net:
I'm not saying that ErrorDocument won't work, just that it's a
bit
of a hack.
The conventional way (and 'better' for a number of reasons) is to
use the RewriteEngine. I seem to recall that there's a way to
turn
on logging for the rewrite engine if you're having a problem with
it.
Here's the RewriteRule I'm presently using:
RewriteRule ^/(webmail.*)$ https://%{SERVER_NAME}/$1 [R=301,L]
Upon closer examination, I see that
RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R]
appears to be missing a period after webmail. I believe that it
should
be:
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]
Subtle, but big difference. I believe this would work, the same
as
the one I'm using above.
--
-Eric 'shubes'
Maxwell Smart wrote:
That's exactly where I am having problems and that's the only
way
I can get it to work. If I have the welcome.conf enabled it
goes
to the apache welcome page instead of redirecting and the log
file says failed, reason: SSL connection required. If I disable
the welcome.conf and include the Error 403 line it works. I was
just testing it with the variable when I received this e
mail.Quoting Eric Shuberte...@shubes.net:
Maxwell Smart wrote:
It appears as though you have a default configuration.
Replace
this in your squirrelmail.conf file.
Directory /usr/share/squirrelmail
Options None
Order allow,deny
allow from all
/Directory
with this
Directory /usr/share/squirrelmail
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R]
allow from all
Options
SSLRequireSSL
ErrorDocument 403 https://your.server.com/webmail/;
/Directory
You will need to change the your.server.com to your server
name.
CJ
You shouldn't need the ErrorDocument line.
In addision, if you were to use that hack, it'd be better to
use
the %{SERVER_NAME} variable instead of hard coding your domain
name.
--
-Eric 'shubes'
---
---
---
---
- Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them
today!
---
---
---
---
- Please visit qmailtoaster.com for the latest news,
updates, and
packages.
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
Cecil Yother, Jr. cj
cj's
2318 Clement Ave
Alameda, CA 94501
tel 510.865.2787
http://yother.com
This message was sent using IMP, the Internet Messaging Program.
---
---
---
---
- Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them
today!
---
---
Re: [qmailtoaster] Re: where's the site?
Thanks for the links. That's exactly what I was missing out here... Didn't know that I can download the repo directly from there. Good luck with the recovery of trac, Greets, Casper Eric Shubert wrote: GHS Toaster List account wrote: Hi all, I'd like to install qmailtoaster plus; done that a few times before, but... The site is down? I get a server 500 error: The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, [no address given] and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. Apache/2.2 Server at qtp.qmailtoaster.com Port 80 So, what do I do? Thanx, Casper The trac portion of the site is still being rebuilt. The recovery process is partially out of our hands, so is taking longer than we'd like. We appreciate your patience with this, and will be taking measures to prevent such delays in the future. In the meantime, the qtp yum repo is up and running, so you can get the packages there. I would install the qtp repo first: # rpm -Uvh \ http://qtp.qmailtoaster.com/repos/nodist/qmailtoaster-plus.repo-0.2-2.noarch.rpm Then install QTP: # yum install qmailtoaster-plus Or you can get the package directly from the nodist directory. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: Webmail SSL
Eric,
Sounds like the exact same configuration as mine.
SNI is Server Name Includes and it allows multiple secure connections
with a single IP. I am having trouble getting mine to work.
Do you use multiple certificates? One for each top level domain?
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
CJ,
Virtual hosts (yes, 5 domains on 1 server),
SNI (I don't think so, I'm not really sure what it is???),
openssl-0.9.8e-12.el5_4.6 (yes) (i386 and x86_64),
gnutls-1.4.1-3.el5_4.8 (yes) (i386 and x86_64).
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 10:10 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL's
Eric,
Virtual Hosts? Are you using SNI? GnuTLS or SSL? What version OpenSSL?
Sorry for so many questions, but a few of us on this list are trying
to sort this.
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
CJ,
I secure three sites (domains) on the same server. None of my other
clients
use webmail
Eric B.
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 6:05 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
Eric,
Have you been successful in securing more than one site?
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
Maxwell Smart wrote:
I realize that it's a bit of a hack and I don't like it, but I
cannot get it to work correctly otherwise. I just tried your
config and it didn't work either.
You are using the webmail suffix where I am not. I am trying to
get mail.myserver.com to work using SNI. I should be able to have
multiple virtual servers using https and I cannot get it to work.
I think part of the problem is openssl 0.9.8e SNI requires f and
newer. I upgraded on my test server, but I'm still having problems
getting it to work correctly.
I'll figure it out, it's just frustrating when you read the
documentation and it doesn't quite work that way. Then where do
you start to troubleshoot.
Quoting Eric Shubert e...@shubes.net:
I'm not saying that ErrorDocument won't work, just that it's a bit
of a hack.
The conventional way (and 'better' for a number of reasons) is to
use the RewriteEngine. I seem to recall that there's a way to turn
on logging for the rewrite engine if you're having a problem with
it.
Here's the RewriteRule I'm presently using:
RewriteRule ^/(webmail.*)$ https://%{SERVER_NAME}/$1 [R=301,L]
Upon closer examination, I see that
RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R]
appears to be missing a period after webmail. I believe that it should
be:
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]
Subtle, but big difference. I believe this would work, the same as
the one I'm using above.
--
-Eric 'shubes'
Maxwell Smart wrote:
That's exactly where I am having problems and that's the only way
I can get it to work. If I have the welcome.conf enabled it goes
to the apache welcome page instead of redirecting and the log
file says failed, reason: SSL connection required. If I disable
the welcome.conf and include the Error 403 line it works. I was
just testing it with the variable when I received this e
mail.Quoting Eric Shubert e...@shubes.net:
Maxwell Smart wrote:
It appears as though you have a default configuration. Replace
this in your squirrelmail.conf file.
Directory /usr/share/squirrelmail
Options None
Order allow,deny
allow from all
/Directory
with this
Directory /usr/share/squirrelmail
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R]
allow from all
Options
SSLRequireSSL
ErrorDocument 403 https://your.server.com/webmail/;
/Directory
You will need to change the your.server.com to your server name.
CJ
You shouldn't need the ErrorDocument line.
In addision, if you were to use that hack, it'd be better to use
the %{SERVER_NAME} variable instead of hard coding your domain
name.
--
-Eric 'shubes'
- Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
- Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
Cecil Yother, Jr. cj
cj's
2318 Clement Ave
Alameda, CA 94501
tel 510.865.2787
http://yother.com
This message was sent using IMP, the Internet Messaging Program.
- Qmailtoaster is
RE: [qmailtoaster] Re: Webmail SSL
CJ,
I don't use multiple certificates, but I did, in times past, try to find a
way to implement it and was glad to see the tutorial posted here for it.
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Friday, June 04, 2010 9:12 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL
Eric,
Sounds like the exact same configuration as mine.
SNI is Server Name Includes and it allows multiple secure connections
with a single IP. I am having trouble getting mine to work.
Do you use multiple certificates? One for each top level domain?
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
CJ,
Virtual hosts (yes, 5 domains on 1 server),
SNI (I don't think so, I'm not really sure what it is???),
openssl-0.9.8e-12.el5_4.6 (yes) (i386 and x86_64),
gnutls-1.4.1-3.el5_4.8 (yes) (i386 and x86_64).
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 10:10 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL's
Eric,
Virtual Hosts? Are you using SNI? GnuTLS or SSL? What version OpenSSL?
Sorry for so many questions, but a few of us on this list are trying
to sort this.
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
CJ,
I secure three sites (domains) on the same server. None of my other
clients
use webmail
Eric B.
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 6:05 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
Eric,
Have you been successful in securing more than one site?
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
Maxwell Smart wrote:
I realize that it's a bit of a hack and I don't like it, but I
cannot get it to work correctly otherwise. I just tried your
config and it didn't work either.
You are using the webmail suffix where I am not. I am trying to
get mail.myserver.com to work using SNI. I should be able to have
multiple virtual servers using https and I cannot get it to work.
I think part of the problem is openssl 0.9.8e SNI requires f and
newer. I upgraded on my test server, but I'm still having problems
getting it to work correctly.
I'll figure it out, it's just frustrating when you read the
documentation and it doesn't quite work that way. Then where do
you start to troubleshoot.
Quoting Eric Shubert e...@shubes.net:
I'm not saying that ErrorDocument won't work, just that it's a bit
of a hack.
The conventional way (and 'better' for a number of reasons) is to
use the RewriteEngine. I seem to recall that there's a way to turn
on logging for the rewrite engine if you're having a problem with
it.
Here's the RewriteRule I'm presently using:
RewriteRule ^/(webmail.*)$ https://%{SERVER_NAME}/$1 [R=301,L]
Upon closer examination, I see that
RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R]
appears to be missing a period after webmail. I believe that it should
be:
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]
Subtle, but big difference. I believe this would work, the same as
the one I'm using above.
--
-Eric 'shubes'
Maxwell Smart wrote:
That's exactly where I am having problems and that's the only way
I can get it to work. If I have the welcome.conf enabled it goes
to the apache welcome page instead of redirecting and the log
file says failed, reason: SSL connection required. If I disable
the welcome.conf and include the Error 403 line it works. I was
just testing it with the variable when I received this e
mail.Quoting Eric Shubert e...@shubes.net:
Maxwell Smart wrote:
It appears as though you have a default configuration. Replace
this in your squirrelmail.conf file.
Directory /usr/share/squirrelmail
Options None
Order allow,deny
allow from all
/Directory
with this
Directory /usr/share/squirrelmail
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R]
allow from all
Options
SSLRequireSSL
ErrorDocument 403 https://your.server.com/webmail/;
/Directory
You will need to change the your.server.com to your server name.
CJ
You shouldn't need the ErrorDocument line.
In addision, if you were to use that hack, it'd be better to use
the %{SERVER_NAME} variable instead of hard coding your domain
name.
--
-Eric 'shubes'
- Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them
today!
- Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail:
[qmailtoaster] Re: Webmail SSL
Maxwell Smart wrote: Eric, Have you been successful in securing more than one site? CJ Yes, and no. Yes to the extent of SSL/TLS limitations w/out SNI. Otherwise no. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Mails are still being marked as spam - Reg.
Atul, I believe that should be 20XX, not 201X. That could be your problem. -- -Eric 'shubes' Atul Paralikar wrote: Eric, Earlier I have set the same parameter as below: score FH_DATE_PAST_201X 0 Now I have done the changes as per your recommendations. Let me check it out for a day or two. -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Thursday, June 03, 2010 9:30 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: Mails are still being marked as spam - Reg. Atul Paralikar wrote: Even after applying all the recommendations for the problem addressing 2010 date. Mails are still marked as SPAM. Below is the part of the header of a genuine email from a genuine user. Have I missed anything? How to I check if the setting I applied are indeed working? Any command? = Received: (qmail 17534 invoked from network); 2 Jun 2010 07:14:41 -0500 Received: from mail.etisbew.com (74.55.177.18) by mail.etisbew.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 2 Jun 2010 07:14:41 -0500 Received: (qmail 27525 invoked by uid 89); 2 Jun 2010 12:14:43 - Received: by simscan 1.4.0 ppid: 27519, pid: 27520, t: 0.4738s scanners: attach: 1.4.0 clamav: 0.95.2/m:51/d:9865 spam: 3.2.5 X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.etisbew.com */X-Spam-Level: */* */X-Spam-Status: Yes, score=5.3 required=5.0 tests=AWL,FB_ALMOST_SEX,/* */FH_DATE_PAST_20XX,HTML_MESSAGE,RDNS_NONE autolearn=no version=3.2.5/* */X-Spam-Report: /* */* 3.4 FH_DATE_PAST_20XX The date is grossly in the future./* */* 3.1 FB_ALMOST_SEX BODY: It's almost sex, but not!/* * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS * -1.3 AWL AWL: From: address is in the auto white-list Received: from unknown (HELO mail32.elabs7.com) (208.66.204.244) by mail.etisbew.com with SMTP; 2 Jun 2010 12:14:43 - Received-SPF: pass (mail.etisbew.com: SPF record at elabs7.com designates 208.66.204.244 as permitted sender) = Regards, Atul Paralikar It appears that the FH_DATE_PAST_20XX rule is still firing for you, so your fix appears to not have taken effect. You didn't say specifically what you did, so I'll simply tell you what you need. Add the following to /etc/mail/spamassassin/local.cf: # temporary fix for this rule score FH_DATE_PAST_20XX 0.0 Then restart spamassassin: # qmail-spam restart (qmail-spam command is part of QTP, in case you don't have that yet) That should do it. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Mails are still being marked as spam - Reg.
I don't know that it's been fixed in the rpms. I expect that Jake's waiting for an upstream fix. Jake can confirm this. -- -Eric 'shubes' Eli Edwin Casimero wrote: I have to do this trick for every new installation. Has this been fixed with new RPMS? So that this is fixed in every new toaster install? On Fri, Jun 4, 2010 at 2:22 PM, Atul Paralikar a...@etisbew.com wrote: Eric, Earlier I have set the same parameter as below: score FH_DATE_PAST_201X 0 Now I have done the changes as per your recommendations. Let me check it out for a day or two. -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Thursday, June 03, 2010 9:30 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: Mails are still being marked as spam - Reg. Atul Paralikar wrote: Even after applying all the recommendations for the problem addressing 2010 date. Mails are still marked as SPAM. Below is the part of the header of a genuine email from a genuine user. Have I missed anything? How to I check if the setting I applied are indeed working? Any command? = Received: (qmail 17534 invoked from network); 2 Jun 2010 07:14:41 -0500 Received: from mail.etisbew.com (74.55.177.18) by mail.etisbew.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 2 Jun 2010 07:14:41 -0500 Received: (qmail 27525 invoked by uid 89); 2 Jun 2010 12:14:43 - Received: by simscan 1.4.0 ppid: 27519, pid: 27520, t: 0.4738s scanners: attach: 1.4.0 clamav: 0.95.2/m:51/d:9865 spam: 3.2.5 X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.etisbew.com */X-Spam-Level: */* */X-Spam-Status: Yes, score=5.3 required=5.0 tests=AWL,FB_ALMOST_SEX,/* */FH_DATE_PAST_20XX,HTML_MESSAGE,RDNS_NONE autolearn=no version=3.2.5/* */X-Spam-Report: /* */* 3.4 FH_DATE_PAST_20XX The date is grossly in the future./* */* 3.1 FB_ALMOST_SEX BODY: It's almost sex, but not!/* * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS * -1.3 AWL AWL: From: address is in the auto white-list Received: from unknown (HELO mail32.elabs7.com) (208.66.204.244) by mail.etisbew.com with SMTP; 2 Jun 2010 12:14:43 - Received-SPF: pass (mail.etisbew.com: SPF record at elabs7.com designates 208.66.204.244 as permitted sender) = Regards, Atul Paralikar It appears that the FH_DATE_PAST_20XX rule is still firing for you, so your fix appears to not have taken effect. You didn't say specifically what you did, so I'll simply tell you what you need. Add the following to /etc/mail/spamassassin/local.cf: # temporary fix for this rule score FH_DATE_PAST_20XX 0.0 Then restart spamassassin: # qmail-spam restart (qmail-spam command is part of QTP, in case you don't have that yet) That should do it. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news,
[qmailtoaster] Re: Traps for young players
Mike Canty wrote: This is just a heads up. I am not sure if I am the only one doing this, or others have come across this as well. I have done many remote installs of Qmail Toaster and in a number of cases I get a non IT person at the remote site to complete a very base install of CentOS and once I can get a SSH session, I take over. This has worked very well on a number of sites in several countries. Just through circumstances, I have recently installed a remote QMT machine in South Africa, from Australia. This happened to be a 64Bit install, all my previous ones were 32Bit. Due to time differences, most of the build was done in the early hours of the morning, their time, so no support at the client site was available. During the install, I lost connection to the machine, so I had to wait until someone arrived to reboot the server. Initially I though this may have been hardware or local power issues, but as I went back to the install I lost connection again. What I found was a difference in the firewall.sh script. The 64Bit version drops all packets to the C class address range (192.168.0.0), which just happened to be my address range. Here is the differences in the 32Bit and 64Bit firewall.sh files [r...@server QMT]# diff 32Bit/firewall.sh 64Bit/firewall.sh 26,27c26,27 #iptables -A INPUT -s 10.0.0.0/8 -i ! lo -j DROP #iptables -A INPUT -s 192.168.0.0/16 -i ! lo -j DROP --- iptables -A INPUT -s 10.0.0.0/8 -i ! lo -j DROP iptables -A INPUT -s 192.168.0.0/16 -i ! lo -j DROP Does the script need to have this? The one in the 32Bit version works fine. Cheers Mike Canty - I was bit by this on my very first QMT install, before it was commented out of the 32-bit version. I imagine that whoever commented out the 32-bit version (Erik or Jake) simply forgot about the separate 64-bit one. I'd suggest filing a bug report at http://mantis.qmailtoaster.com/ but it looks like that hasn't been recovered yet. Please keep an eye open here, and do so when the ticket system is back online. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: UpdateScript error
Bilgehan Poyraz wrote: When I run the update script getting below error.Have you any idea? Issuing command: qtp-newmodel qtp-newmodel v0.3.15 starting Fri Jun 4 09:50:02 EEST 2010 qtp-whatami v0.3.6 DISTRO=CentOS OSVER=5.4 QTARCH=i686 QTKERN=2.6.18-164.15.1.el5 BUILD_DIST=cnt50 BUILD_DIR=/usr/src/redhat This machine's OS is supported and has been tested Let's get on with it! The following packages have already been selected: squirrelmail-toaster-1.4.20-1.3.17.src.rpm clamav-toaster-0.96.0-1.3.35.src.rpm Do you want to process this selection? Shall we continue? (yes, no|skip, batch, quit) [y] / n|s / b / q : b Getting source packages ...(this may take a while) squirrelmail-toaster-1.4.20-1.3.17.src.rpm is already downloaded, bypassed clamav-toaster-0.96.0-1.3.35.src.rpm is already downloaded, bypassed qtp-newmodel - updating toaster (mostly spamassassin) dependencies ... Loaded plugins: fastestmirror Determining fastest mirrors * addons: mirror.vit.com.tr * base: mirror.vit.com.tr * extras: mirror.vit.com.tr * updates: mirror.vit.com.tr addons | 951 B 00:00 addons/primary | 202 B 00:00 base | 1.1 kB 00:00 base/primary | 920 kB 00:04 base 2599/2599 extras | 2.1 kB 00:00 qtp-nodist | 951 B 00:00 updates | 1.9 kB 00:00 updates/primary_db | 142 kB 00:02 Setting up Update Process Error: No Package Matching perl(Archive::Tar) Shall we build a new sandbox at /mnt/qtp-sandbox? [y]/n: Running in background, replied 'yes' Removing sandbox at /mnt/qtp-sandbox ... qtp-umount-sandbox v0.3.2 qtp-umount-sandbox: sandbox not mounted Would you like a unionfs/overlay sandbox? (recommended) [y]/n: Running in background, replied 'yes' Using FUSE union filesystem ... qtp-mount-sandbox v0.3.3 qtp-mount-sandbox - updating dependencies ... Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * addons: mirror.vit.com.tr * base: mirror.vit.com.tr * extras: mirror.vit.com.tr * rpmforge: apt.sw.be * updates: mirror.vit.com.tr qtp-CentOS | 951 B 00:00 rpmforge | 1.1 kB 00:00 rpmforge/primary | 3.8 MB 01:02 rpmforge 10436/10436 Setting up Update Process No Packages marked for Update qtp-mount-sandbox: sandbox mounted successfully Starting to build the binary rpms ...(pizza anyone?) If you want to view compile messages, you can open another terminal and: # tail -f /mnt/qtp-sandbox/usr/src/qtp-upgrade/log/build-recent.log qtp-build-rpms v0.3.5 qtp-remove-pkgs v0.3.1 Building squirrelmail-toaster-1.4.20-1.3.17 ... qtp-build-rpms - rpmbuild failed for squirrelmail-toaster-1.4.20-1.3.17 qtp-build-rpms - here are the last 10 messages from the log: Building for target i686 Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.75838 + umask 022 + cd /usr/src/redhat/BUILD /var/tmp/rpm-tmp.75838: line 23: cd: /usr/src/redhat/BUILD: No such file or directory error: Bad exit status from /var/tmp/rpm-tmp.75838 (%prep) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.75838 (%prep) end of log messages qtp-build-rpms - see /mnt/qtp-sandbox/usr/src/qtp-upgrade/log/build-recent.log for more details Build failed, Exiting. --- Hit ENTER to return to menu --- * * *Bilgehan POYRAZ Software Engineer Logicom Bilgi Teknolojileri Dagitim Ltd. Sti. Member of the Logicom Group* *Tel: +90 212 276 2720 Fax: +90 212 276 2750*** *CA_Banner* *URL: www.logicom-group.com http://www.logicom-group.com/* P Please consider the environment. Do you really need to print this email? Here's the pertinent part: /var/tmp/rpm-tmp.75838: line 23: cd: /usr/src/redhat/BUILD: No such file or directory That directory is part of the rpm-build package. If the package is not installed, install it. If the package is installed but the directory does not exist, re-install the package. If the package is installed and the directory exists, then something weird is going on. Let us know which. In any case, when you rerun qtp-newmodel after fixing the problem, choose to use a fresh sandbox. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers
[qmailtoaster] qtp-backup
I am having a little trouble with the backup script not backing up all the accounts in one of my oldest domains. One of the accounts is the postmaster account. So when I do a restore I have to manually copy the account over to the new server. there are some other accounts missing too. There should be 272 accounts but only 120 show up after restore. Did something break or did I break it:) This is the version QMT for the old machine:qmail-toaster-1.03-1.3.15 ;centos 4.8 with latest updates. This is the version QMT for the new machine:qmail-toaster-1.03-1.3.20 ;centos 5.4 with latest updates. I have 4 blow away servers to test these caveats on before I mess with the production machine again. Thanks -- David Milholen Project Engineer 501-318-1300 Wireless Etc
[qmailtoaster] Re: qtp-backup
David Milholen wrote: I am having a little trouble with the backup script not backing up all the accounts in one of my oldest domains. One of the accounts is the postmaster account. So when I do a restore I have to manually copy the account over to the new server. there are some other accounts missing too. There should be 272 accounts but only 120 show up after restore. Did something break or did I break it:) This is the version QMT for the old machine:qmail-toaster-1.03-1.3.15 ;centos 4.8 with latest updates. This is the version QMT for the new machine:qmail-toaster-1.03-1.3.20 ;centos 5.4 with latest updates. I have 4 blow away servers to test these caveats on before I mess with the production machine again. Thanks -- David Milholen Project Engineer 501-318-1300 Wireless Etc Which part(s) of the accounts are missing? The account folders under /home/vpopmail/domains/? The MySQL entries? -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: Webmail SSL
@Eric Broch
So are all of your current secure sites subdomains? ie
https://www.example.com/example or TLD https://www.example.com?
If they are all TLD's how are you traversing the fact that the
certificates aren't specific to those domains?
@ Eric Shubes
We're going to get this figured out!
On 06/04/2010 08:38 AM, Eric Broch wrote:
CJ,
I don't use multiple certificates, but I did, in times past, try to find a
way to implement it and was glad to see the tutorial posted here for it.
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Friday, June 04, 2010 9:12 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL
Eric,
Sounds like the exact same configuration as mine.
SNI is Server Name Includes and it allows multiple secure connections
with a single IP. I am having trouble getting mine to work.
Do you use multiple certificates? One for each top level domain?
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
CJ,
Virtual hosts (yes, 5 domains on 1 server),
SNI (I don't think so, I'm not really sure what it is???),
openssl-0.9.8e-12.el5_4.6 (yes) (i386 and x86_64),
gnutls-1.4.1-3.el5_4.8 (yes) (i386 and x86_64).
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 10:10 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL's
Eric,
Virtual Hosts? Are you using SNI? GnuTLS or SSL? What version OpenSSL?
Sorry for so many questions, but a few of us on this list are trying
to sort this.
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
CJ,
I secure three sites (domains) on the same server. None of my other
clients
use webmail
Eric B.
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 6:05 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
Eric,
Have you been successful in securing more than one site?
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
Maxwell Smart wrote:
I realize that it's a bit of a hack and I don't like it, but I
cannot get it to work correctly otherwise. I just tried your
config and it didn't work either.
You are using the webmail suffix where I am not. I am trying to
get mail.myserver.com to work using SNI. I should be able to have
multiple virtual servers using https and I cannot get it to work.
I think part of the problem is openssl 0.9.8e SNI requires f and
newer. I upgraded on my test server, but I'm still having problems
getting it to work correctly.
I'll figure it out, it's just frustrating when you read the
documentation and it doesn't quite work that way. Then where do
you start to troubleshoot.
Quoting Eric Shubert e...@shubes.net:
I'm not saying that ErrorDocument won't work, just that it's a bit
of a hack.
The conventional way (and 'better' for a number of reasons) is to
use the RewriteEngine. I seem to recall that there's a way to turn
on logging for the rewrite engine if you're having a problem with
it.
Here's the RewriteRule I'm presently using:
RewriteRule ^/(webmail.*)$ https://%{SERVER_NAME}/$1 [R=301,L]
Upon closer examination, I see that
RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R]
appears to be missing a period after webmail. I believe that it should
be:
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]
Subtle, but big difference. I believe this would work, the same as
the one I'm using above.
--
-Eric 'shubes'
Maxwell Smart wrote:
That's exactly where I am having problems and that's the only way
I can get it to work. If I have the welcome.conf enabled it goes
to the apache welcome page instead of redirecting and the log
file says failed, reason: SSL connection required. If I disable
the welcome.conf and include the Error 403 line it works. I was
just testing it with the variable when I received this e
mail.Quoting Eric Shubert e...@shubes.net:
Maxwell Smart wrote:
It appears as though you have a default configuration. Replace
this in your squirrelmail.conf file.
Directory /usr/share/squirrelmail
Options None
Order allow,deny
allow from all
/Directory
with this
Directory /usr/share/squirrelmail
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R]
allow from all
Options
SSLRequireSSL
ErrorDocument 403 https://your.server.com/webmail/;
/Directory
You will need to change the your.server.com to your server name.
CJ
You shouldn't need the ErrorDocument line.
In addision, if you were to use that hack, it'd be better to use
the %{SERVER_NAME} variable instead of hard coding your domain
name.
--
-Eric 'shubes'
Re: [qmailtoaster] Re: Webmail SSL
Scott,
This is all still new to me, but you may have wanted to set it up as
SERVERNAME.net Maybe someone else with more experience can chime in.
CJ
On 06/04/2010 01:58 PM, Scott Hughes wrote:
Quick question about certificates. I set up my certificate (via
GoDaddy) with my correct hostname (mail.SERVERNAME.net). Now I notice
if I go to: www.SERVERNAME.net via https, I get a certificate
warning. Any way around this or did I mess up with I signed up for
the certificate?
Thanks,
Scott
On 6/4/10 10:38 AM, Eric Broch wrote:
CJ,
I don't use multiple certificates, but I did, in times past, try to find a
way to implement it and was glad to see the tutorial posted here for it.
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Friday, June 04, 2010 9:12 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL
Eric,
Sounds like the exact same configuration as mine.
SNI is Server Name Includes and it allows multiple secure connections
with a single IP. I am having trouble getting mine to work.
Do you use multiple certificates? One for each top level domain?
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
CJ,
Virtual hosts (yes, 5 domains on 1 server),
SNI (I don't think so, I'm not really sure what it is???),
openssl-0.9.8e-12.el5_4.6 (yes) (i386 and x86_64),
gnutls-1.4.1-3.el5_4.8 (yes) (i386 and x86_64).
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 10:10 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL's
Eric,
Virtual Hosts? Are you using SNI? GnuTLS or SSL? What version OpenSSL?
Sorry for so many questions, but a few of us on this list are trying
to sort this.
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
CJ,
I secure three sites (domains) on the same server. None of my other
clients
use webmail
Eric B.
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 6:05 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
Eric,
Have you been successful in securing more than one site?
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
Maxwell Smart wrote:
I realize that it's a bit of a hack and I don't like it, but I
cannot get it to work correctly otherwise. I just tried your
config and it didn't work either.
You are using the webmail suffix where I am not. I am trying to
get mail.myserver.com to work using SNI. I should be able to have
multiple virtual servers using https and I cannot get it to work.
I think part of the problem is openssl 0.9.8e SNI requires f and
newer. I upgraded on my test server, but I'm still having problems
getting it to work correctly.
I'll figure it out, it's just frustrating when you read the
documentation and it doesn't quite work that way. Then where do
you start to troubleshoot.
Quoting Eric Shubert e...@shubes.net:
I'm not saying that ErrorDocument won't work, just that it's a bit
of a hack.
The conventional way (and 'better' for a number of reasons) is to
use the RewriteEngine. I seem to recall that there's a way to turn
on logging for the rewrite engine if you're having a problem with
it.
Here's the RewriteRule I'm presently using:
RewriteRule ^/(webmail.*)$ https://%{SERVER_NAME}/$1 [R=301,L]
Upon closer examination, I see that
RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R]
appears to be missing a period after webmail. I believe that it should
be:
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]
Subtle, but big difference. I believe this would work, the same as
the one I'm using above.
--
-Eric 'shubes'
Maxwell Smart wrote:
That's exactly where I am having problems and that's the only way
I can get it to work. If I have the welcome.conf enabled it goes
to the apache welcome page instead of redirecting and the log
file says failed, reason: SSL connection required. If I disable
the welcome.conf and include the Error 403 line it works. I was
just testing it with the variable when I received this e
mail.Quoting Eric Shubert e...@shubes.net:
Maxwell Smart wrote:
It appears as though you have a default configuration. Replace
this in your squirrelmail.conf file.
Directory /usr/share/squirrelmail
Options None
Order allow,deny
allow from all
/Directory
with this
Directory /usr/share/squirrelmail
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R]
allow from all
Options
SSLRequireSSL
ErrorDocument 403 https://your.server.com/webmail/;
/Directory
You will need to change the your.server.com to your server name.
CJ
You shouldn't need the ErrorDocument line.
In
Re: [qmailtoaster] Re: Webmail SSL
Scott,
When you go to your URL check the certificate details in your browser.
This will give you the domain name and valid dates. If these look good,
it could be something with the setup. Maybe missing an intermediate
certificate or something similar.
George
On 6/5/2010 6:58 AM, Scott Hughes wrote:
Quick question about certificates. I set up my certificate (via
GoDaddy) with my correct hostname (mail.SERVERNAME.net). Now I notice
if I go to: www.SERVERNAME.net via https, I get a certificate
warning. Any way around this or did I mess up with I signed up for
the certificate?
Thanks,
Scott
On 6/4/10 10:38 AM, Eric Broch wrote:
CJ,
I don't use multiple certificates, but I did, in times past, try to find a
way to implement it and was glad to see the tutorial posted here for it.
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Friday, June 04, 2010 9:12 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL
Eric,
Sounds like the exact same configuration as mine.
SNI is Server Name Includes and it allows multiple secure connections
with a single IP. I am having trouble getting mine to work.
Do you use multiple certificates? One for each top level domain?
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
CJ,
Virtual hosts (yes, 5 domains on 1 server),
SNI (I don't think so, I'm not really sure what it is???),
openssl-0.9.8e-12.el5_4.6 (yes) (i386 and x86_64),
gnutls-1.4.1-3.el5_4.8 (yes) (i386 and x86_64).
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 10:10 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL's
Eric,
Virtual Hosts? Are you using SNI? GnuTLS or SSL? What version OpenSSL?
Sorry for so many questions, but a few of us on this list are trying
to sort this.
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
CJ,
I secure three sites (domains) on the same server. None of my other
clients
use webmail
Eric B.
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 6:05 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
Eric,
Have you been successful in securing more than one site?
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
Maxwell Smart wrote:
I realize that it's a bit of a hack and I don't like it, but I
cannot get it to work correctly otherwise. I just tried your
config and it didn't work either.
You are using the webmail suffix where I am not. I am trying to
get mail.myserver.com to work using SNI. I should be able to have
multiple virtual servers using https and I cannot get it to work.
I think part of the problem is openssl 0.9.8e SNI requires f and
newer. I upgraded on my test server, but I'm still having problems
getting it to work correctly.
I'll figure it out, it's just frustrating when you read the
documentation and it doesn't quite work that way. Then where do
you start to troubleshoot.
Quoting Eric Shubert e...@shubes.net:
I'm not saying that ErrorDocument won't work, just that it's a bit
of a hack.
The conventional way (and 'better' for a number of reasons) is to
use the RewriteEngine. I seem to recall that there's a way to turn
on logging for the rewrite engine if you're having a problem with
it.
Here's the RewriteRule I'm presently using:
RewriteRule ^/(webmail.*)$ https://%{SERVER_NAME}/$1 [R=301,L]
Upon closer examination, I see that
RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R]
appears to be missing a period after webmail. I believe that it should
be:
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]
Subtle, but big difference. I believe this would work, the same as
the one I'm using above.
--
-Eric 'shubes'
Maxwell Smart wrote:
That's exactly where I am having problems and that's the only way
I can get it to work. If I have the welcome.conf enabled it goes
to the apache welcome page instead of redirecting and the log
file says failed, reason: SSL connection required. If I disable
the welcome.conf and include the Error 403 line it works. I was
just testing it with the variable when I received this e
mail.Quoting Eric Shubert e...@shubes.net:
Maxwell Smart wrote:
It appears as though you have a default configuration. Replace
this in your squirrelmail.conf file.
Directory /usr/share/squirrelmail
Options None
Order allow,deny
allow from all
/Directory
with this
Directory /usr/share/squirrelmail
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R]
allow from all
Options
SSLRequireSSL
ErrorDocument 403 https://your.server.com/webmail/;
/Directory
You will need to change the
Re: [qmailtoaster] Re: Webmail SSL
Scott,
Guess I answered too quickly. Just noticed different subdomains (www and
mail). Unless you have a multi-domain certificate or a wildcard
certificate then the certificate is most probably only good for
mail.SERVERNAME.net
George
On 6/5/2010 6:58 AM, Scott Hughes wrote:
Quick question about certificates. I set up my certificate (via
GoDaddy) with my correct hostname (mail.SERVERNAME.net). Now I notice
if I go to: www.SERVERNAME.net via https, I get a certificate
warning. Any way around this or did I mess up with I signed up for
the certificate?
Thanks,
Scott
On 6/4/10 10:38 AM, Eric Broch wrote:
CJ,
I don't use multiple certificates, but I did, in times past, try to find a
way to implement it and was glad to see the tutorial posted here for it.
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Friday, June 04, 2010 9:12 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL
Eric,
Sounds like the exact same configuration as mine.
SNI is Server Name Includes and it allows multiple secure connections
with a single IP. I am having trouble getting mine to work.
Do you use multiple certificates? One for each top level domain?
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
CJ,
Virtual hosts (yes, 5 domains on 1 server),
SNI (I don't think so, I'm not really sure what it is???),
openssl-0.9.8e-12.el5_4.6 (yes) (i386 and x86_64),
gnutls-1.4.1-3.el5_4.8 (yes) (i386 and x86_64).
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 10:10 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL's
Eric,
Virtual Hosts? Are you using SNI? GnuTLS or SSL? What version OpenSSL?
Sorry for so many questions, but a few of us on this list are trying
to sort this.
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
CJ,
I secure three sites (domains) on the same server. None of my other
clients
use webmail
Eric B.
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 6:05 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
Eric,
Have you been successful in securing more than one site?
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
Maxwell Smart wrote:
I realize that it's a bit of a hack and I don't like it, but I
cannot get it to work correctly otherwise. I just tried your
config and it didn't work either.
You are using the webmail suffix where I am not. I am trying to
get mail.myserver.com to work using SNI. I should be able to have
multiple virtual servers using https and I cannot get it to work.
I think part of the problem is openssl 0.9.8e SNI requires f and
newer. I upgraded on my test server, but I'm still having problems
getting it to work correctly.
I'll figure it out, it's just frustrating when you read the
documentation and it doesn't quite work that way. Then where do
you start to troubleshoot.
Quoting Eric Shubert e...@shubes.net:
I'm not saying that ErrorDocument won't work, just that it's a bit
of a hack.
The conventional way (and 'better' for a number of reasons) is to
use the RewriteEngine. I seem to recall that there's a way to turn
on logging for the rewrite engine if you're having a problem with
it.
Here's the RewriteRule I'm presently using:
RewriteRule ^/(webmail.*)$ https://%{SERVER_NAME}/$1 [R=301,L]
Upon closer examination, I see that
RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R]
appears to be missing a period after webmail. I believe that it should
be:
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]
Subtle, but big difference. I believe this would work, the same as
the one I'm using above.
--
-Eric 'shubes'
Maxwell Smart wrote:
That's exactly where I am having problems and that's the only way
I can get it to work. If I have the welcome.conf enabled it goes
to the apache welcome page instead of redirecting and the log
file says failed, reason: SSL connection required. If I disable
the welcome.conf and include the Error 403 line it works. I was
just testing it with the variable when I received this e
mail.Quoting Eric Shubert e...@shubes.net:
Maxwell Smart wrote:
It appears as though you have a default configuration. Replace
this in your squirrelmail.conf file.
Directory /usr/share/squirrelmail
Options None
Order allow,deny
allow from all
/Directory
with this
Directory /usr/share/squirrelmail
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R]
allow from all
Options
SSLRequireSSL
ErrorDocument 403 https://your.server.com/webmail/;
/Directory
You will need to change the your.server.com to your server name.
Re: [qmailtoaster] Re: Webmail SSL
So how does one do a 'wildcard' certificate? I'm getting close to
bringing a new QMT server online and would like to have better
certificate results.
Thanks,
Scott
On 6/4/10 6:04 PM, George Varagas wrote:
Scott,
Guess I answered too quickly. Just noticed different subdomains (www
and mail). Unless you have a multi-domain certificate or a wildcard
certificate then the certificate is most probably only good for
mail.SERVERNAME.net
George
On 6/5/2010 6:58 AM, Scott Hughes wrote:
Quick question about certificates. I set up my certificate (via
GoDaddy) with my correct hostname (mail.SERVERNAME.net). Now I
notice if I go to: www.SERVERNAME.net via https, I get a certificate
warning. Any way around this or did I mess up with I signed up for
the certificate?
Thanks,
Scott
On 6/4/10 10:38 AM, Eric Broch wrote:
CJ,
I don't use multiple certificates, but I did, in times past, try to find a
way to implement it and was glad to see the tutorial posted here for it.
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Friday, June 04, 2010 9:12 AM
To:qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL
Eric,
Sounds like the exact same configuration as mine.
SNI is Server Name Includes and it allows multiple secure connections
with a single IP. I am having trouble getting mine to work.
Do you use multiple certificates? One for each top level domain?
CJ
Quoting Eric Brochebr...@whitehorsetc.com:
CJ,
Virtual hosts (yes, 5 domains on 1 server),
SNI (I don't think so, I'm not really sure what it is???),
openssl-0.9.8e-12.el5_4.6 (yes) (i386 and x86_64),
gnutls-1.4.1-3.el5_4.8 (yes) (i386 and x86_64).
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 10:10 PM
To:qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL's
Eric,
Virtual Hosts? Are you using SNI? GnuTLS or SSL? What version OpenSSL?
Sorry for so many questions, but a few of us on this list are trying
to sort this.
CJ
Quoting Eric Brochebr...@whitehorsetc.com:
CJ,
I secure three sites (domains) on the same server. None of my other
clients
use webmail
Eric B.
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 6:05 PM
To:qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
Eric,
Have you been successful in securing more than one site?
CJ
Quoting Eric Brochebr...@whitehorsetc.com:
Maxwell Smart wrote:
I realize that it's a bit of a hack and I don't like it, but I
cannot get it to work correctly otherwise. I just tried your
config and it didn't work either.
You are using the webmail suffix where I am not. I am trying to
get mail.myserver.com to work using SNI. I should be able to have
multiple virtual servers using https and I cannot get it to work.
I think part of the problem is openssl 0.9.8e SNI requires f and
newer. I upgraded on my test server, but I'm still having problems
getting it to work correctly.
I'll figure it out, it's just frustrating when you read the
documentation and it doesn't quite work that way. Then where do
you start to troubleshoot.
Quoting Eric Shuberte...@shubes.net:
I'm not saying that ErrorDocument won't work, just that it's a bit
of a hack.
The conventional way (and 'better' for a number of reasons) is to
use the RewriteEngine. I seem to recall that there's a way to turn
on logging for the rewrite engine if you're having a problem with
it.
Here's the RewriteRule I'm presently using:
RewriteRule ^/(webmail.*)$https://%{SERVER_NAME}/$1 [R=301,L]
Upon closer examination, I see that
RewriteRule ^(.*/webmail*)$https://%{SERVER_NAME}$1 [L,R]
appears to be missing a period after webmail. I believe that it should
be:
RewriteRule ^(.*/webmail.*)$https://%{SERVER_NAME}$1 [L,R]
Subtle, but big difference. I believe this would work, the same as
the one I'm using above.
--
-Eric 'shubes'
Maxwell Smart wrote:
That's exactly where I am having problems and that's the only way
I can get it to work. If I have the welcome.conf enabled it goes
to the apache welcome page instead of redirecting and the log
file says failed, reason: SSL connection required. If I disable
the welcome.conf and include the Error 403 line it works. I was
just testing it with the variable when I received this e
mail.Quoting Eric Shuberte...@shubes.net:
Maxwell Smart wrote:
It appears as though you have a default configuration. Replace
this in your squirrelmail.conf file.
Directory /usr/share/squirrelmail
Options None
Order allow,deny
allow from all
/Directory
with this
Directory /usr/share/squirrelmail
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail*)$https://%{SERVER_NAME}$1 [L,R]
allow from all
Options
SSLRequireSSL
ErrorDocument
Re: [qmailtoaster] Re: Webmail SSL
You buy one. Go look at your certificate provider. I costs a lot more
though, but offers unlimited subdomain usage.
George
On 6/5/2010 9:14 AM, Scott Hughes wrote:
So how does one do a 'wildcard' certificate? I'm getting close to
bringing a new QMT server online and would like to have better
certificate results.
Thanks,
Scott
On 6/4/10 6:04 PM, George Varagas wrote:
Scott,
Guess I answered too quickly. Just noticed different subdomains (www
and mail). Unless you have a multi-domain certificate or a wildcard
certificate then the certificate is most probably only good for
mail.SERVERNAME.net
George
On 6/5/2010 6:58 AM, Scott Hughes wrote:
Quick question about certificates. I set up my certificate (via
GoDaddy) with my correct hostname (mail.SERVERNAME.net). Now I
notice if I go to: www.SERVERNAME.net via https, I get a
certificate warning. Any way around this or did I mess up with I
signed up for the certificate?
Thanks,
Scott
On 6/4/10 10:38 AM, Eric Broch wrote:
CJ,
I don't use multiple certificates, but I did, in times past, try to find a
way to implement it and was glad to see the tutorial posted here for it.
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Friday, June 04, 2010 9:12 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL
Eric,
Sounds like the exact same configuration as mine.
SNI is Server Name Includes and it allows multiple secure connections
with a single IP. I am having trouble getting mine to work.
Do you use multiple certificates? One for each top level domain?
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
CJ,
Virtual hosts (yes, 5 domains on 1 server),
SNI (I don't think so, I'm not really sure what it is???),
openssl-0.9.8e-12.el5_4.6 (yes) (i386 and x86_64),
gnutls-1.4.1-3.el5_4.8 (yes) (i386 and x86_64).
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 10:10 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL's
Eric,
Virtual Hosts? Are you using SNI? GnuTLS or SSL? What version OpenSSL?
Sorry for so many questions, but a few of us on this list are trying
to sort this.
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
CJ,
I secure three sites (domains) on the same server. None of my other
clients
use webmail
Eric B.
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 6:05 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
Eric,
Have you been successful in securing more than one site?
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
Maxwell Smart wrote:
I realize that it's a bit of a hack and I don't like it, but I
cannot get it to work correctly otherwise. I just tried your
config and it didn't work either.
You are using the webmail suffix where I am not. I am trying to
get mail.myserver.com to work using SNI. I should be able to have
multiple virtual servers using https and I cannot get it to work.
I think part of the problem is openssl 0.9.8e SNI requires f and
newer. I upgraded on my test server, but I'm still having problems
getting it to work correctly.
I'll figure it out, it's just frustrating when you read the
documentation and it doesn't quite work that way. Then where do
you start to troubleshoot.
Quoting Eric Shubert e...@shubes.net:
I'm not saying that ErrorDocument won't work, just that it's a bit
of a hack.
The conventional way (and 'better' for a number of reasons) is to
use the RewriteEngine. I seem to recall that there's a way to turn
on logging for the rewrite engine if you're having a problem with
it.
Here's the RewriteRule I'm presently using:
RewriteRule ^/(webmail.*)$ https://%{SERVER_NAME}/$1 [R=301,L]
Upon closer examination, I see that
RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R]
appears to be missing a period after webmail. I believe that it should
be:
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]
Subtle, but big difference. I believe this would work, the same as
the one I'm using above.
--
-Eric 'shubes'
Maxwell Smart wrote:
That's exactly where I am having problems and that's the only way
I can get it to work. If I have the welcome.conf enabled it goes
to the apache welcome page instead of redirecting and the log
file says failed, reason: SSL connection required. If I disable
the welcome.conf and include the Error 403 line it works. I was
just testing it with the variable when I received this e
mail.Quoting Eric Shubert e...@shubes.net:
Maxwell Smart wrote:
It appears as though you have a default configuration. Replace
this in your squirrelmail.conf file.
Directory /usr/share/squirrelmail
Re: [qmailtoaster] where's the site?
On 06/03/2010 10:43 AM, GHS Toaster List account wrote: Hi all, I'd like to install qmailtoaster plus; done that a few times before, but... The site is down? I get a server 500 error: The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, [no address given] and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. Apache/2.2 Server at qtp.qmailtoaster.com Port 80 So, what do I do? Thanx, Casper It will be some time before I have the QTP website working again. For everyone who is interested, here's what happened: Joe Smith of Nebraska Networks offered me hosting a year or so ago, in exchange for support and working on special projects (customer ISOs, help when his company's servers were down, etc.). At some point the bandwidth usage of the Qmailtoaster project impacted his paying customers, so he disconnected the entire Qmailtoaster project to save his livelihood. He will not plug the Qmailtoaster server back into his network, because whenever he does it starts to send data out and buries his 3M connection. I did not have any advance warning of the disconnection, and was only backing up some items off-site. At this point, I can make requests for dirs to be tar'ed up and in about a week Joe will get them to me. Unfortunately QTP uses Trac, which is spread across several directories on the filesystem, so it's difficult to get the entire things, coupled with it running on a slightly customized copy of Trac. I will work on it as I get time, but the Qmailtoaster project was my first concern. Once I have all of that working I can begin to look a little more at QTP. That's it in a nutshell. If anyone has any questions, please let me know. Thanks. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: ClamAV Update Issue wth QTP
On 06/03/2010 03:48 PM, Eric Shubert wrote: Thomas M. Jaeger wrote: Just a head’s up... I just tried to do an update through qtp-menu (running latest qtp) and it said no new packages available when running the up2date script and “Newer clamav-toaster-0.96.0-1.3.35 is already installed, clamav-toaster-0.96.1-1.3.35 bypassed” when trying through the newmodel script. Maybe this is because the newer version of ClamAV was just posted today and there’s been a typo when calling for the packages with qtp? I will wait to update tomorrow or late tonight. Thanks, again, for all the hard work you are doing! Thomas M. Jaeger Computer Technician, A.A.S. tho...@barharbor.com mailto:tho...@barharbor.com thomasmjae...@roadrunner.com mailto:thomasmjae...@roadrunner.com The convention in the past has been that when the package version upticks, the QMT portion upticks as well. Looks as though Jake didn't uptick the QMT portion this time. Here's the deal. qtp-newmodel only looks at the QMT portion of the version number, because it's consistent and thus easier to deal with. qtp-newmodel (perhaps erroneously) sees 0.96.1-1.3.35 as not newer than 0.96.0-1.3.35 since they're both 1.3.35, but since as a whole they're not equal it then concludes that the installed version is newer. Sorta goofy, but that's what it does. Hey Jake, would you like to recreate the 0.96.1 package as 1.3.36? I think that'll be simpler than trying to re-do how QTP does version comparisons. Actually this is wrong. I did increment the QMT version, but did not update it in the current.txt file. I missed it. While I think the newmodel script has a defect in ignoring the first portion of the package version, this particular instance was because I made a mistake. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] QMT Admin Question
On 06/03/2010 06:50 PM, Scott Hughes wrote: One of the utilities that the QMT Admin has is a 'Send Email to Users (Email Users-0.5)' button. Does this email ALL users on ALL domains? Thanks, Scott It does, but there was an issue in the PHP code at some point in the past, which is why it's not installed by default. Look back in the archives and you should find where the corrected code was posted (I believe this was Lucian that posted the diff code)
[qmailtoaster] Re: Webmail SSL
Might be time to start a new thread. This one's getting pretty long. ;)
--
-Eric 'shubes'
Maxwell Smart wrote:
@Eric Broch
So are all of your current secure sites subdomains? ie
https://www.example.com/example or TLD https://www.example.com?
If they are all TLD's how are you traversing the fact that the
certificates aren't specific to those domains?
@ Eric Shubes
We're going to get this figured out!
On 06/04/2010 08:38 AM, Eric Broch wrote:
CJ,
I don't use multiple certificates, but I did, in times past, try to find a
way to implement it and was glad to see the tutorial posted here for it.
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Friday, June 04, 2010 9:12 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL
Eric,
Sounds like the exact same configuration as mine.
SNI is Server Name Includes and it allows multiple secure connections
with a single IP. I am having trouble getting mine to work.
Do you use multiple certificates? One for each top level domain?
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
CJ,
Virtual hosts (yes, 5 domains on 1 server),
SNI (I don't think so, I'm not really sure what it is???),
openssl-0.9.8e-12.el5_4.6 (yes) (i386 and x86_64),
gnutls-1.4.1-3.el5_4.8 (yes) (i386 and x86_64).
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 10:10 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL's
Eric,
Virtual Hosts? Are you using SNI? GnuTLS or SSL? What version OpenSSL?
Sorry for so many questions, but a few of us on this list are trying
to sort this.
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
CJ,
I secure three sites (domains) on the same server. None of my other
clients
use webmail
Eric B.
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 6:05 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
Eric,
Have you been successful in securing more than one site?
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
Maxwell Smart wrote:
I realize that it's a bit of a hack and I don't like it, but I
cannot get it to work correctly otherwise. I just tried your
config and it didn't work either.
You are using the webmail suffix where I am not. I am trying to
get mail.myserver.com to work using SNI. I should be able to have
multiple virtual servers using https and I cannot get it to work.
I think part of the problem is openssl 0.9.8e SNI requires f and
newer. I upgraded on my test server, but I'm still having problems
getting it to work correctly.
I'll figure it out, it's just frustrating when you read the
documentation and it doesn't quite work that way. Then where do
you start to troubleshoot.
Quoting Eric Shubert e...@shubes.net:
I'm not saying that ErrorDocument won't work, just that it's a bit
of a hack.
The conventional way (and 'better' for a number of reasons) is to
use the RewriteEngine. I seem to recall that there's a way to turn
on logging for the rewrite engine if you're having a problem with
it.
Here's the RewriteRule I'm presently using:
RewriteRule ^/(webmail.*)$ https://%{SERVER_NAME}/$1 [R=301,L]
Upon closer examination, I see that
RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R]
appears to be missing a period after webmail. I believe that it should
be:
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]
Subtle, but big difference. I believe this would work, the same as
the one I'm using above.
--
-Eric 'shubes'
Maxwell Smart wrote:
That's exactly where I am having problems and that's the only way
I can get it to work. If I have the welcome.conf enabled it goes
to the apache welcome page instead of redirecting and the log
file says failed, reason: SSL connection required. If I disable
the welcome.conf and include the Error 403 line it works. I was
just testing it with the variable when I received this e
mail.Quoting Eric Shubert e...@shubes.net:
Maxwell Smart wrote:
It appears as though you have a default configuration. Replace
this in your squirrelmail.conf file.
Directory /usr/share/squirrelmail
Options None
Order allow,deny
allow from all
/Directory
with this
Directory /usr/share/squirrelmail
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R]
allow from all
Options
SSLRequireSSL
ErrorDocument 403 https://your.server.com/webmail/;
/Directory
You will need to change the your.server.com to your server name.
CJ
You shouldn't need the ErrorDocument line.
In addision, if you were to use that hack, it'd be better to use
the %{SERVER_NAME} variable instead of hard coding your domain
name.
--
-Eric 'shubes'
[qmailtoaster] Re: ClamAV Update Issue wth QTP
Jake Vickers wrote: On 06/03/2010 03:48 PM, Eric Shubert wrote: Thomas M. Jaeger wrote: Just a head’s up... I just tried to do an update through qtp-menu (running latest qtp) and it said no new packages available when running the up2date script and “Newer clamav-toaster-0.96.0-1.3.35 is already installed, clamav-toaster-0.96.1-1.3.35 bypassed” when trying through the newmodel script. Maybe this is because the newer version of ClamAV was just posted today and there’s been a typo when calling for the packages with qtp? I will wait to update tomorrow or late tonight. Thanks, again, for all the hard work you are doing! Thomas M. Jaeger Computer Technician, A.A.S. tho...@barharbor.com mailto:tho...@barharbor.com thomasmjae...@roadrunner.com mailto:thomasmjae...@roadrunner.com The convention in the past has been that when the package version upticks, the QMT portion upticks as well. Looks as though Jake didn't uptick the QMT portion this time. Here's the deal. qtp-newmodel only looks at the QMT portion of the version number, because it's consistent and thus easier to deal with. qtp-newmodel (perhaps erroneously) sees 0.96.1-1.3.35 as not newer than 0.96.0-1.3.35 since they're both 1.3.35, but since as a whole they're not equal it then concludes that the installed version is newer. Sorta goofy, but that's what it does. Hey Jake, would you like to recreate the 0.96.1 package as 1.3.36? I think that'll be simpler than trying to re-do how QTP does version comparisons. Actually this is wrong. I did increment the QMT version, but did not update it in the current.txt file. I missed it. While I think the newmodel script has a defect in ignoring the first portion of the package version, this particular instance was because I made a mistake. - I guess I presumed that the current.txt file matched the packages that were there. The current.txt file used to be generated with the ls command, so any variation wasn't possible. Doing it manually introduces that possibility of error though. ;) I'm glad to see you fixed it. Thanks. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: qtp-backup
On 6/4/2010 5:12 PM, Eric Shubert wrote: David Milholen wrote: I am having a little trouble with the backup script not backing up all the accounts in one of my oldest domains. One of the accounts is the postmaster account. So when I do a restore I have to manually copy the account over to the new server. there are some other accounts missing too. There should be 272 accounts but only 120 show up after restore. Did something break or did I break it:) This is the version QMT for the old machine:qmail-toaster-1.03-1.3.15 ;centos 4.8 with latest updates. This is the version QMT for the new machine:qmail-toaster-1.03-1.3.20 ;centos 5.4 with latest updates. I have 4 blow away servers to test these caveats on before I mess with the production machine again. Thanks -- David Milholen Project Engineer 501-318-1300 Wireless Etc Which part(s) of the accounts are missing? The account folders under /home/vpopmail/domains/? The MySQL entries? sorry I should have mentioned that part... It is the /home/vpopmail/domains/mydomain/these folders are missing :) The funny thing all of the mysql data is intact including the postmaster account. --Thanks Dave - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
