RE: [qmailtoaster] Qmail reject email from several domain Reason TIMEOUT

2016-11-08 Thread marek 
I have absolutly nothing in logs even use recordio

This is a submission log when I try send test message from outlook.

When I try send any message to other server the mail hang on sending folder
and after several time show error: None of the authentication methods
supported by this client are supported by your server.  And nothing appear
in log file  (/var/log/qmail/smtp/current)

 

 

From: ma...@demod.pl [mailto:ma...@demod.pl] 
Sent: Wednesday, November 09, 2016 12:25 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

I use Dovecot. in outlook smtp outgoing server use the same authentications
setting is checked but i every variation of settings 

When I try send by squiremail I have error 502 unimplemented (#5.5.1)

When I copy back old qmail-smtpd ever work fine but email from dupont.com is
rejectet L

 

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Wednesday, November 09, 2016 12:15 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

Marek,

What are the SMTP settings you are using in Outlook?

Are you using Courier or Dovecot?

Can you send from Squirrelmail?

What logs are you checking, and have you looked in /var/log/maillog, and if
using, Dovecot /var/log/dovecot.log?

If after checking all of these logs and nothing is found add
/usr/bin/recordio to /var/qmail/supervise/submission/run if you are using
port 587 in Outlook.

Eric

On 11/8/2016 3:54 PM, ma...@demod.pl wrote:

I don’t have any error in logs. The error appear in outlook or other email
client when I try send test mail. I think is the authentication reason. But
I don’t see any advice in logs L 

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Tuesday, November 08, 2016 11:18 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: ***SPAM***[ds] RE: [qmailtoaster] Qmail reject
email from several domain Reason TIMEOUT

 

In what log are you getting the error?

 

On 11/8/2016 12:38 PM, ma...@demod.pl wrote:

The  TLS test on   https://www.checktls.com/
works for me ok without error. Even on old qmail-smtpd with spamdyke. But I
can recive emai from dupont.com only on patched qmail-smtpd. But on patched
qmail-smtpd I can’t send any mail. In outlook I have error . no
authentication method is supported by the server. In log file I don’t have
any info even I run excessive log. What I do wrong L

 

From: ma...@demod.pl [mailto:ma...@demod.pl] 
Sent: Tuesday, November 08, 2016 4:34 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

Forgive me if i lamer . i'am afraid i don’t have knowledge enough

I download netqmail 1.06 from qmail.org site. Just apply
netqmail-1.05-tls-20060104.patch by patch < netqmail-1.05-tls-20060104.patch
and compile by make. Next copy new compiled qmail-smtpd to may  ./qmail/bin
directory and restart qmailctl

 

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Tuesday, November 08, 2016 3:59 PM
To: qmailtoaster-list@qmailtoaster
 .com
Subject: Re: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

Marek,

I apologize for my ignorance of this (TLS) feature inherent in the
Qmailtoaster package. In fact your setup should be able to negotiate a TLS
connection if the client utilizes STARTTLS over the SMTP.

I tested my own setup (stock qmailtoaster) here:
(https://www.checktls.com/). And it seems to work, and I do have Spamdyke in
place although it does not test complete delivery.

"But I can’t send mail from my server. no authentication method is supported
by the server. when I try through the web I have message: 502 unimplemented
(#5.5.1)"

Are you using stock qmailtoaster setup?

Eric

 

 

On 11/7/2016 4:06 PM, ma...@demod.pl wrote:

Thx a lot for you help

When i compile and replace qmail-smtpd and qmail-remote, mails from
dupont.com come without problem.

But I can’t send mail from my server. no authentication method is supported
by the server. when I try through the web I have message: 502 unimplemented
(#5.5.1)

And another trouble. The log file smtp is very poor L I don’t know why. I
thing is some compilation option.
when I copy old smtpd back. Log file is ok and can send mail but no recive
from dupont.com

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Monday, November 07, 2016 11:09 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

Marek,

OK, It seems that the older version of this patch
(netqmail-1.06-tls-20160918.patch) is already implemented on the current
Qmailtoaster package, but I'm not sure how to implement it or how to stop
SPAMDYKE from blocking it.

This is the version used now:

http://inoa.net/qmail-tls/netqmail-1.05-tls-20060104.patch

RE: [qmailtoaster] Qmail reject email from several domain Reason TIMEOUT

2016-11-08 Thread marek 
I use Dovecot. in outlook smtp outgoing server use the same authentications
setting is checked but i every variation of settings 

When I try send by squiremail I have error 502 unimplemented (#5.5.1)

When I copy back old qmail-smtpd ever work fine but email from dupont.com is
rejectet L

 

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Wednesday, November 09, 2016 12:15 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

Marek,

What are the SMTP settings you are using in Outlook?

Are you using Courier or Dovecot?

Can you send from Squirrelmail?

What logs are you checking, and have you looked in /var/log/maillog, and if
using, Dovecot /var/log/dovecot.log?

If after checking all of these logs and nothing is found add
/usr/bin/recordio to /var/qmail/supervise/submission/run if you are using
port 587 in Outlook.

Eric

On 11/8/2016 3:54 PM, ma...@demod.pl wrote:

I don’t have any error in logs. The error appear in outlook or other email
client when I try send test mail. I think is the authentication reason. But
I don’t see any advice in logs L 

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Tuesday, November 08, 2016 11:18 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: ***SPAM***[ds] RE: [qmailtoaster] Qmail reject
email from several domain Reason TIMEOUT

 

In what log are you getting the error?

 

On 11/8/2016 12:38 PM, ma...@demod.pl wrote:

The  TLS test on   https://www.checktls.com/
works for me ok without error. Even on old qmail-smtpd with spamdyke. But I
can recive emai from dupont.com only on patched qmail-smtpd. But on patched
qmail-smtpd I can’t send any mail. In outlook I have error . no
authentication method is supported by the server. In log file I don’t have
any info even I run excessive log. What I do wrong L

 

From: ma...@demod.pl [mailto:ma...@demod.pl] 
Sent: Tuesday, November 08, 2016 4:34 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

Forgive me if i lamer . i'am afraid i don’t have knowledge enough

I download netqmail 1.06 from qmail.org site. Just apply
netqmail-1.05-tls-20060104.patch by patch < netqmail-1.05-tls-20060104.patch
and compile by make. Next copy new compiled qmail-smtpd to may  ./qmail/bin
directory and restart qmailctl

 

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Tuesday, November 08, 2016 3:59 PM
To: qmailtoaster-list@qmailtoaster
 .com
Subject: Re: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

Marek,

I apologize for my ignorance of this (TLS) feature inherent in the
Qmailtoaster package. In fact your setup should be able to negotiate a TLS
connection if the client utilizes STARTTLS over the SMTP.

I tested my own setup (stock qmailtoaster) here:
(https://www.checktls.com/). And it seems to work, and I do have Spamdyke in
place although it does not test complete delivery.

"But I can’t send mail from my server. no authentication method is supported
by the server. when I try through the web I have message: 502 unimplemented
(#5.5.1)"

Are you using stock qmailtoaster setup?

Eric

 

 

On 11/7/2016 4:06 PM, ma...@demod.pl wrote:

Thx a lot for you help

When i compile and replace qmail-smtpd and qmail-remote, mails from
dupont.com come without problem.

But I can’t send mail from my server. no authentication method is supported
by the server. when I try through the web I have message: 502 unimplemented
(#5.5.1)

And another trouble. The log file smtp is very poor L I don’t know why. I
thing is some compilation option.
when I copy old smtpd back. Log file is ok and can send mail but no recive
from dupont.com

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Monday, November 07, 2016 11:09 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

Marek,

OK, It seems that the older version of this patch
(netqmail-1.06-tls-20160918.patch) is already implemented on the current
Qmailtoaster package, but I'm not sure how to implement it or how to stop
SPAMDYKE from blocking it.

This is the version used now:

http://inoa.net/qmail-tls/netqmail-1.05-tls-20060104.patch

The claim in the qmailtoaster patch (qmailtoaster-1.3.2.patch), below, is
that it has been used successfully since 1999.

"This patch implements RFC 3207 (was RFC 2487) in qmail.
This means you can get SSL or TLS encrypted and
authenticated SMTP between the MTAs and from MUA to MTA.
The code is considered experimental (but has worked for
many since its first release on 1999-03-21)."

If anyone has any information on this please chime in.

Thanks

Eric

 

 

On 11/7/2016 12:10 PM, Eric Broch wrote:

I think this (http://inoa.net/qmail-tls/) is the patch you're looking for.
I'll check into it when I

RE: [qmailtoaster] Re: ***SPAM***[ds] RE: [qmailtoaster] Qmail reject email from several domain Reason TIMEOUT

2016-11-08 Thread marek 
I don’t have any error in logs. The error appear in outlook or other email
client when I try send test mail. I think is the authentication reason. But
I don’t see any advice in logs L 

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Tuesday, November 08, 2016 11:18 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: ***SPAM***[ds] RE: [qmailtoaster] Qmail reject
email from several domain Reason TIMEOUT

 

In what log are you getting the error?

 

On 11/8/2016 12:38 PM, ma...@demod.pl wrote:

The  TLS test on   https://www.checktls.com/
works for me ok without error. Even on old qmail-smtpd with spamdyke. But I
can recive emai from dupont.com only on patched qmail-smtpd. But on patched
qmail-smtpd I can’t send any mail. In outlook I have error . no
authentication method is supported by the server. In log file I don’t have
any info even I run excessive log. What I do wrong L

 

From: ma...@demod.pl [mailto:ma...@demod.pl] 
Sent: Tuesday, November 08, 2016 4:34 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

Forgive me if i lamer . i'am afraid i don’t have knowledge enough

I download netqmail 1.06 from qmail.org site. Just apply
netqmail-1.05-tls-20060104.patch by patch < netqmail-1.05-tls-20060104.patch
and compile by make. Next copy new compiled qmail-smtpd to may  ./qmail/bin
directory and restart qmailctl

 

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Tuesday, November 08, 2016 3:59 PM
To: qmailtoaster-list@qmailtoaster
 .com
Subject: Re: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

Marek,

I apologize for my ignorance of this (TLS) feature inherent in the
Qmailtoaster package. In fact your setup should be able to negotiate a TLS
connection if the client utilizes STARTTLS over the SMTP.

I tested my own setup (stock qmailtoaster) here:
(https://www.checktls.com/). And it seems to work, and I do have Spamdyke in
place although it does not test complete delivery.

"But I can’t send mail from my server. no authentication method is supported
by the server. when I try through the web I have message: 502 unimplemented
(#5.5.1)"

Are you using stock qmailtoaster setup?

Eric

 

 

On 11/7/2016 4:06 PM, ma...@demod.pl wrote:

Thx a lot for you help

When i compile and replace qmail-smtpd and qmail-remote, mails from
dupont.com come without problem.

But I can’t send mail from my server. no authentication method is supported
by the server. when I try through the web I have message: 502 unimplemented
(#5.5.1)

And another trouble. The log file smtp is very poor L I don’t know why. I
thing is some compilation option.
when I copy old smtpd back. Log file is ok and can send mail but no recive
from dupont.com

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Monday, November 07, 2016 11:09 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

Marek,

OK, It seems that the older version of this patch
(netqmail-1.06-tls-20160918.patch) is already implemented on the current
Qmailtoaster package, but I'm not sure how to implement it or how to stop
SPAMDYKE from blocking it.

This is the version used now:

http://inoa.net/qmail-tls/netqmail-1.05-tls-20060104.patch

The claim in the qmailtoaster patch (qmailtoaster-1.3.2.patch), below, is
that it has been used successfully since 1999.

"This patch implements RFC 3207 (was RFC 2487) in qmail.
This means you can get SSL or TLS encrypted and
authenticated SMTP between the MTAs and from MUA to MTA.
The code is considered experimental (but has worked for
many since its first release on 1999-03-21)."

If anyone has any information on this please chime in.

Thanks

Eric

 

 

On 11/7/2016 12:10 PM, Eric Broch wrote:

I think this (http://inoa.net/qmail-tls/) is the patch you're looking for.
I'll check into it when I have a little time.

Explanation of the patch @ http://www.memoryhole.net/qmail/#starttls  :

SSL (STARTTLS)

SMTP transmits email unencrypted. Other than privacy concerns, this is not
typically a problem. However, if you use SMTP AUTH, you are sending your
username and password across the network in plain text (which is easy for a
hacker or spammer to extract if they wanted to). The solution is to use
encryption in SMTP — in other words, make qmail support the STARTTLS ESMTP
extension. Frederik Vermeulen wrote a patch to get it to work. It adds one
minor step to the compilation of qmail: you must create a server certificate
(run make cert before running make setup check). Also, you must create a
cron job to rebuild the certs daily (because otherwise, over time, an
attacker could figure out what they are). Commonly, when someone indicates
that they want qmail to support SSL/STARTTLS they will be referred to a
project like mailfront

RE: [qmailtoaster] Qmail reject email from several domain Reason TIMEOUT

2016-11-08 Thread marek 
This not work. I have standard qmailtoaster installation on centos 5.8

And when i try compile netqmail-1.06 with this path and copy qmail-send to
my ./qmai/bin directory I can’t send any mail 

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Tuesday, November 08, 2016 11:17 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

If you install netqmail you should use this patch:

http://inoa.net/qmail-tls/netqmail-1.06-tls-20160918.patch

 

On 11/8/2016 8:33 AM, ma...@demod.pl wrote:

Forgive me if i lamer . i'am afraid i don’t have knowledge enough

I download netqmail 1.06 from qmail.org site. Just apply
netqmail-1.05-tls-20060104.patch by patch < netqmail-1.05-tls-20060104.patch
and compile by make. Next copy new compiled qmail-smtpd to may  ./qmail/bin
directory and restart qmailctl

 

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Tuesday, November 08, 2016 3:59 PM
To: qmailtoaster-list@qmailtoaster
 .com
Subject: Re: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

Marek,

I apologize for my ignorance of this (TLS) feature inherent in the
Qmailtoaster package. In fact your setup should be able to negotiate a TLS
connection if the client utilizes STARTTLS over the SMTP.

I tested my own setup (stock qmailtoaster) here:
(https://www.checktls.com/). And it seems to work, and I do have Spamdyke in
place although it does not test complete delivery.

"But I can’t send mail from my server. no authentication method is supported
by the server. when I try through the web I have message: 502 unimplemented
(#5.5.1)"

Are you using stock qmailtoaster setup?

Eric

 

 

On 11/7/2016 4:06 PM, ma...@demod.pl wrote:

Thx a lot for you help

When i compile and replace qmail-smtpd and qmail-remote, mails from
dupont.com come without problem.

But I can’t send mail from my server. no authentication method is supported
by the server. when I try through the web I have message: 502 unimplemented
(#5.5.1)

And another trouble. The log file smtp is very poor L I don’t know why. I
thing is some compilation option.
when I copy old smtpd back. Log file is ok and can send mail but no recive
from dupont.com

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Monday, November 07, 2016 11:09 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

Marek,

OK, It seems that the older version of this patch
(netqmail-1.06-tls-20160918.patch) is already implemented on the current
Qmailtoaster package, but I'm not sure how to implement it or how to stop
SPAMDYKE from blocking it.

This is the version used now:

http://inoa.net/qmail-tls/netqmail-1.05-tls-20060104.patch

The claim in the qmailtoaster patch (qmailtoaster-1.3.2.patch), below, is
that it has been used successfully since 1999.

"This patch implements RFC 3207 (was RFC 2487) in qmail.
This means you can get SSL or TLS encrypted and
authenticated SMTP between the MTAs and from MUA to MTA.
The code is considered experimental (but has worked for
many since its first release on 1999-03-21)."

If anyone has any information on this please chime in.

Thanks

Eric

 

 

On 11/7/2016 12:10 PM, Eric Broch wrote:

I think this (http://inoa.net/qmail-tls/) is the patch you're looking for.
I'll check into it when I have a little time.

Explanation of the patch @ http://www.memoryhole.net/qmail/#starttls  :

SSL (STARTTLS)

SMTP transmits email unencrypted. Other than privacy concerns, this is not
typically a problem. However, if you use SMTP AUTH, you are sending your
username and password across the network in plain text (which is easy for a
hacker or spammer to extract if they wanted to). The solution is to use
encryption in SMTP — in other words, make qmail support the STARTTLS ESMTP
extension. Frederik Vermeulen wrote a patch to get it to work. It adds one
minor step to the compilation of qmail: you must create a server certificate
(run make cert before running make setup check). Also, you must create a
cron job to rebuild the certs daily (because otherwise, over time, an
attacker could figure out what they are). Commonly, when someone indicates
that they want qmail to support SSL/STARTTLS they will be referred to a
project like mailfront  . While mailfront
is a worthy project, it doesn't always solve the entire problem.
Specifically, it doesn't enable qmail to use SSL for sending mail to other
servers that support STARTTLS (this is a problem of privacy; but keep in
mind that if the email is being relayed, it may be transmitted via an
unencrypted communication later---if you're really worried, use PGP). This
patch, however, does enable qmail to do that. (local copy
 )
(inoa.net  )


On 11/7/2016 9:45 AM, Eric

RE: [qmailtoaster] Fetchmail install and configure on qmailtoaster system

2016-11-08 Thread Dan McAllister - QMT DNS Admin 
Apologies to the group – my outlook took eric’s email and applied the group 
address to it.

 

My bad (would belong on the developer group anyway!)

 

Dan

 

From: Dan McAllister - QMT DNS Admin [mailto:q...@it4soho.com] 
Sent: Tuesday, November 8, 2016 3:41 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Fetchmail install and configure on qmailtoaster 
system

 

Eric:

 

I took a moment today and looked over your install scripts for QMT on COS 6 and 
noted you had a way to switch between BIND & Daniel’s DJBDNS… to that end, I 
have some thoughts. (I’m assuming you and I – and hopefully a 3rd – can start 
moving forward on re-setting this project in a forward motion!)

 

The use/presence of a DNS “server” in a QMT “server” was an issue Shubes and I 
went around and around on – the gist (from my perspective) being that we (as-in 
the QMT service) don’t need a DNS “server” so-to-speak, rather we need a fast 
and efficient DNS “resolver”. Along those lines, my default COS 6 install uses 
PowerDNS (pdns-recursor from EPEL), and I’ve found it to be REMARKABLY fast and 
light-weight.

 

I have a NUMBER of config settings I think you might agree make sense to be 
defaults. Here are some examples:

-  qmail-smtp on port 25 uses spamdyke to REMOVE SMTPAUTH (so users 
CANNOT submit mail on port 25)

-  qmail-smtp on port 587 is ENABLED by default, and ALLOWS encryption 
and REQUIRES login (SMTPAUTH)

-  qmail-smtp on port 465 is ENABLED by default, and REQUIRES both 
SMTPAUTH and encryption

-  POP and IMAP are enabled by default, but ONLY on the SSL ports (993 
& 993).

-  I install and enable BOTH squirrelmail (mail.domain.com) AND 
roundcube (webmail.domain.com) by default

 

NOTE: I still use COURIER IMAP – tho I’m trying to get into DoveCot on my next 
system.

 

 

More later

 

Dan

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Monday, November 7, 2016 12:52 AM
To: qmailtoaster-list@qmailtoaster.com 
 
Subject: Re: [qmailtoaster] Fetchmail install and configure on qmailtoaster 
system

 

If I understand you correctly here are some examples (just a little googling): 

Maildrop: https://bbs.archlinux.org/viewtopic.php?id=147058

Dovecot LDA:

poll  with proto POP3
user u...@domain.tld   there with pass 
options fetchall
mda "/usr/libexec/dovecot/deliver -d u...@domain.tld  "
 
 
 
 

 

On 11/6/2016 10:16 PM, Chandran Manikandan wrote:

Dear Friends, 

 

I have running qmailtoaster in centos 6.6 system and kept in datacenter.

 

I am planning to keep one more server in our office with the same domain.

All the emails want to store both server with the same domain .

Is it possible to do fetchmail installation in my local office server to 
configure the same domain with the email accounts.

Anyone have the experience.

Could you help me to provide the installation and configuration steps.

-- 

Thanks, 

Manikandan.C

System Administrator

RE: [qmailtoaster] Fetchmail install and configure on qmailtoaster system

2016-11-08 Thread Dan McAllister - QMT DNS Admin 
Eric:

 

I took a moment today and looked over your install scripts for QMT on COS 6 and 
noted you had a way to switch between BIND & Daniel’s DJBDNS… to that end, I 
have some thoughts. (I’m assuming you and I – and hopefully a 3rd – can start 
moving forward on re-setting this project in a forward motion!)

 

The use/presence of a DNS “server” in a QMT “server” was an issue Shubes and I 
went around and around on – the gist (from my perspective) being that we (as-in 
the QMT service) don’t need a DNS “server” so-to-speak, rather we need a fast 
and efficient DNS “resolver”. Along those lines, my default COS 6 install uses 
PowerDNS (pdns-recursor from EPEL), and I’ve found it to be REMARKABLY fast and 
light-weight.

 

I have a NUMBER of config settings I think you might agree make sense to be 
defaults. Here are some examples:

-  qmail-smtp on port 25 uses spamdyke to REMOVE SMTPAUTH (so users 
CANNOT submit mail on port 25)

-  qmail-smtp on port 587 is ENABLED by default, and ALLOWS encryption 
and REQUIRES login (SMTPAUTH)

-  qmail-smtp on port 465 is ENABLED by default, and REQUIRES both 
SMTPAUTH and encryption

-  POP and IMAP are enabled by default, but ONLY on the SSL ports (993 
& 993).

-  I install and enable BOTH squirrelmail (mail.domain.com) AND 
roundcube (webmail.domain.com) by default

 

NOTE: I still use COURIER IMAP – tho I’m trying to get into DoveCot on my next 
system.

 

 

More later

 

Dan

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Monday, November 7, 2016 12:52 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Fetchmail install and configure on qmailtoaster 
system

 

If I understand you correctly here are some examples (just a little googling): 

Maildrop: https://bbs.archlinux.org/viewtopic.php?id=147058

Dovecot LDA:

poll  with proto POP3
user u...@domain.tld   there with pass 
options fetchall
mda "/usr/libexec/dovecot/deliver -d u...@domain.tld  "
 
 
 
 

 

On 11/6/2016 10:16 PM, Chandran Manikandan wrote:

Dear Friends, 

 

I have running qmailtoaster in centos 6.6 system and kept in datacenter.

 

I am planning to keep one more server in our office with the same domain.

All the emails want to store both server with the same domain .

Is it possible to do fetchmail installation in my local office server to 
configure the same domain with the email accounts.

Anyone have the experience.

Could you help me to provide the installation and configuration steps.

-- 

Thanks, 

Manikandan.C

System Administrator

RE: [qmailtoaster] Qmail reject email from several domain Reason TIMEOUT

2016-11-08 Thread marek 
The  TLS test on   https://www.checktls.com/
works for me ok without error. Even on old qmail-smtpd with spamdyke. But I
can recive emai from dupont.com only on patched qmail-smtpd. But on patched
qmail-smtpd I can’t send any mail. In outlook I have error . no
authentication method is supported by the server. In log file I don’t have
any info even I run excessive log. What I do wrong L

 

From: ma...@demod.pl [mailto:ma...@demod.pl] 
Sent: Tuesday, November 08, 2016 4:34 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

Forgive me if i lamer . i'am afraid i don’t have knowledge enough

I download netqmail 1.06 from qmail.org site. Just apply
netqmail-1.05-tls-20060104.patch by patch < netqmail-1.05-tls-20060104.patch
and compile by make. Next copy new compiled qmail-smtpd to may  ./qmail/bin
directory and restart qmailctl

 

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Tuesday, November 08, 2016 3:59 PM
To: qmailtoaster-list@qmailtoaster
 .com
Subject: Re: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

Marek,

I apologize for my ignorance of this (TLS) feature inherent in the
Qmailtoaster package. In fact your setup should be able to negotiate a TLS
connection if the client utilizes STARTTLS over the SMTP.

I tested my own setup (stock qmailtoaster) here:
(https://www.checktls.com/). And it seems to work, and I do have Spamdyke in
place although it does not test complete delivery.

"But I can’t send mail from my server. no authentication method is supported
by the server. when I try through the web I have message: 502 unimplemented
(#5.5.1)"

Are you using stock qmailtoaster setup?

Eric

 

 

On 11/7/2016 4:06 PM, ma...@demod.pl wrote:

Thx a lot for you help

When i compile and replace qmail-smtpd and qmail-remote, mails from
dupont.com come without problem.

But I can’t send mail from my server. no authentication method is supported
by the server. when I try through the web I have message: 502 unimplemented
(#5.5.1)

And another trouble. The log file smtp is very poor L I don’t know why. I
thing is some compilation option.
when I copy old smtpd back. Log file is ok and can send mail but no recive
from dupont.com

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Monday, November 07, 2016 11:09 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

Marek,

OK, It seems that the older version of this patch
(netqmail-1.06-tls-20160918.patch) is already implemented on the current
Qmailtoaster package, but I'm not sure how to implement it or how to stop
SPAMDYKE from blocking it.

This is the version used now:

http://inoa.net/qmail-tls/netqmail-1.05-tls-20060104.patch

The claim in the qmailtoaster patch (qmailtoaster-1.3.2.patch), below, is
that it has been used successfully since 1999.

"This patch implements RFC 3207 (was RFC 2487) in qmail.
This means you can get SSL or TLS encrypted and
authenticated SMTP between the MTAs and from MUA to MTA.
The code is considered experimental (but has worked for
many since its first release on 1999-03-21)."

If anyone has any information on this please chime in.

Thanks

Eric

 

 

On 11/7/2016 12:10 PM, Eric Broch wrote:

I think this (http://inoa.net/qmail-tls/) is the patch you're looking for.
I'll check into it when I have a little time.

Explanation of the patch @ http://www.memoryhole.net/qmail/#starttls  :

SSL (STARTTLS)

SMTP transmits email unencrypted. Other than privacy concerns, this is not
typically a problem. However, if you use SMTP AUTH, you are sending your
username and password across the network in plain text (which is easy for a
hacker or spammer to extract if they wanted to). The solution is to use
encryption in SMTP — in other words, make qmail support the STARTTLS ESMTP
extension. Frederik Vermeulen wrote a patch to get it to work. It adds one
minor step to the compilation of qmail: you must create a server certificate
(run make cert before running make setup check). Also, you must create a
cron job to rebuild the certs daily (because otherwise, over time, an
attacker could figure out what they are). Commonly, when someone indicates
that they want qmail to support SSL/STARTTLS they will be referred to a
project like mailfront  . While mailfront
is a worthy project, it doesn't always solve the entire problem.
Specifically, it doesn't enable qmail to use SSL for sending mail to other
servers that support STARTTLS (this is a problem of privacy; but keep in
mind that if the email is being relayed, it may be transmitted via an
unencrypted communication later---if you're really worried, use PGP). This
patch, however, does enable qmail to do that. (local copy
 )
(inoa.net

RE: [qmailtoaster] Qmail reject email from several domain Reason TIMEOUT

2016-11-08 Thread marek 
Forgive me if i lamer . i'am afraid i don’t have knowledge enough

I download netqmail 1.06 from qmail.org site. Just apply
netqmail-1.05-tls-20060104.patch by patch < netqmail-1.05-tls-20060104.patch
and compile by make. Next copy new compiled qmail-smtpd to may  ./qmail/bin
directory and restart qmailctl

 

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Tuesday, November 08, 2016 3:59 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

Marek,

I apologize for my ignorance of this (TLS) feature inherent in the
Qmailtoaster package. In fact your setup should be able to negotiate a TLS
connection if the client utilizes STARTTLS over the SMTP.

I tested my own setup (stock qmailtoaster) here:
(https://www.checktls.com/). And it seems to work, and I do have Spamdyke in
place although it does not test complete delivery.

"But I can’t send mail from my server. no authentication method is supported
by the server. when I try through the web I have message: 502 unimplemented
(#5.5.1)"

Are you using stock qmailtoaster setup?

Eric

 

 

On 11/7/2016 4:06 PM, ma...@demod.pl wrote:

Thx a lot for you help

When i compile and replace qmail-smtpd and qmail-remote, mails from
dupont.com come without problem.

But I can’t send mail from my server. no authentication method is supported
by the server. when I try through the web I have message: 502 unimplemented
(#5.5.1)

And another trouble. The log file smtp is very poor L I don’t know why. I
thing is some compilation option.
when I copy old smtpd back. Log file is ok and can send mail but no recive
from dupont.com

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Monday, November 07, 2016 11:09 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

Marek,

OK, It seems that the older version of this patch
(netqmail-1.06-tls-20160918.patch) is already implemented on the current
Qmailtoaster package, but I'm not sure how to implement it or how to stop
SPAMDYKE from blocking it.

This is the version used now:

http://inoa.net/qmail-tls/netqmail-1.05-tls-20060104.patch

The claim in the qmailtoaster patch (qmailtoaster-1.3.2.patch), below, is
that it has been used successfully since 1999.

"This patch implements RFC 3207 (was RFC 2487) in qmail.
This means you can get SSL or TLS encrypted and
authenticated SMTP between the MTAs and from MUA to MTA.
The code is considered experimental (but has worked for
many since its first release on 1999-03-21)."

If anyone has any information on this please chime in.

Thanks

Eric

 

 

On 11/7/2016 12:10 PM, Eric Broch wrote:

I think this (http://inoa.net/qmail-tls/) is the patch you're looking for.
I'll check into it when I have a little time.

Explanation of the patch @ http://www.memoryhole.net/qmail/#starttls  :

SSL (STARTTLS)

SMTP transmits email unencrypted. Other than privacy concerns, this is not
typically a problem. However, if you use SMTP AUTH, you are sending your
username and password across the network in plain text (which is easy for a
hacker or spammer to extract if they wanted to). The solution is to use
encryption in SMTP — in other words, make qmail support the STARTTLS ESMTP
extension. Frederik Vermeulen wrote a patch to get it to work. It adds one
minor step to the compilation of qmail: you must create a server certificate
(run make cert before running make setup check). Also, you must create a
cron job to rebuild the certs daily (because otherwise, over time, an
attacker could figure out what they are). Commonly, when someone indicates
that they want qmail to support SSL/STARTTLS they will be referred to a
project like mailfront  . While mailfront
is a worthy project, it doesn't always solve the entire problem.
Specifically, it doesn't enable qmail to use SSL for sending mail to other
servers that support STARTTLS (this is a problem of privacy; but keep in
mind that if the email is being relayed, it may be transmitted via an
unencrypted communication later---if you're really worried, use PGP). This
patch, however, does enable qmail to do that. (local copy
 )
(inoa.net  )


On 11/7/2016 9:45 AM, Eric Broch wrote:

After further review are you looking for Secure Inbound Email (SMTP TLS)?

 

On 11/7/2016 9:28 AM, Eric Broch wrote:

Again, I ask, is there a reason that they (104.47.42.63) are using TLS to
connect to port 25 and transfer email to your server (192.168.0.25)   :
See "encryption: TLS" in your log (below).

Again, why are they using TLS to connect to your server over port 25 for
standard email transfer???

This is the problem and the reason for the error! 

Someone correct me if I'm missing something.

If they (104.47.42.63) know the username and password of the recipient on
your server