Re: [courier-users] zdkimfilter
Hi, On Wed 24/Jul/2013 00:17:17 +0200 Anders wrote: So, now comes to testing it all... To summarize, no mails are signed because I think that zdkimfilter can't find anything suitable to match domain/selector against. What can be the cause? I think that's because you set RELAYCLIENT based on the IP address, and have no authsender in the control file (a control record starting with 'i'). The signing domain is derived from the user id, if it has a '@'. Courier can work both ways, zdkimfilter should do so as well. I have a test.mail file == Message-ID: 51eee029.8070...@lechevalier.se Date: Tue, 23 Jul 2013 21:57:29 +0200 From: Anders and...@lechevalier.se User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7 MIME-Version: 1.0 To: anders crimsoncott...@gmail.com Subject: test Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit test == I run dkimsign test.mail and get the following output: == WARN: zfilter: zdkimfilter[27853]:Mismatched library versions: compile=0X2020200 link=0X2080400 (That warning is due to a mismatch between libopendkim-dev and the actual libopendkim library. It might cause hiccups when verifying signatures --not the current issue. INFO: zfilter: zdkimfilter: running for dkimsign on 1 ctl + 1 mail files INFO: zfilter: zdkimfilter[27854]: started child DEBUG: zfilter: zdkimfilter[27854]:reading 2 names completed by first call INFO: zfilter: zdkimfilter[27854]:id=dkimsign: not signing for postmaster: no domain INFO: zfilter: zdkimfilter[27854]:id=dkimsign: response: 250 not filtered. == What is the mismatched library versions? dkimsign doesn't see the domain in FROM: or Message-ID: fields. Is this normal? I run dkimsign --domain lechevalier.se test.mail Yes, dkimsign needs the domain to create a control file similar to those supplied by Courier. zdkimfilter.conf: == all_mode = Y verbose = 8 domain_keys = /etc/courier/filters/keys selector = s == That looks fine. A default_domain = lechevalier.se would be needed only if it is needed for Courier too. That is, if your Courier user id is anders rather than and...@lechevalier.se. I have a symlink /etc/courier/filters/keys/lechevalier.se - s.private Correct. So, when sending emails, I get only the following in my mail log: == Jul 24 00:09:42 e350 courierfilter: zdkimfilter[29197]: started child Jul 24 00:09:42 e350 courierfilter: zdkimfilter[29197]:reading 2 names completed by first call Jul 24 00:09:42 e350 courierfilter: zdkimfilter[29197]:id=00C81E83.51EEFF26.720B: response: 250 not filtered. == I'm at a loss now what could be the root cause here. How can I debug this problem? It seems as the verbosity in the log is too low, even though I have verbosity=8. You should have got at least a not signing for /user id/: no /something/ message if it had entered signing mode. That's why I think you don't authenticate on sending. Please confirm that. I'll add a message for that case anyway. -- See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Mails Copy
On Wed 24/Jul/2013 06:10:15 +0200 Direct Logic wrote: Is there any method to save copy of users email on other location with courier just like exim shadow copy save. when mail is fetched by user its copy stores in location define by admin. Check ARCHIVEDIR in your courierd config file. -- See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Mails Copy
Thanks for reply i install courier 4.9 from rpm in centos 5.8 unable to find the ARCHIVEDIR in my pop3d and imapd file From: Alessandro Vesely ves...@tana.it To: courier-users@lists.sourceforge.net Sent: Wednesday, July 24, 2013 2:50 PM Subject: Re: [courier-users] Mails Copy On Wed 24/Jul/2013 06:10:15 +0200 Direct Logic wrote: Is there any method to save copy of users email on other location with courier just like exim shadow copy save. when mail is fetched by user its copy stores in location define by admin. Check ARCHIVEDIR in your courierd config file. -- See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users-- See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Mails Copy
Direct Logic writes: Thanks for reply i install courier 4.9 from rpm in centos 5.8 unable to find the ARCHIVEDIR in my pop3d and imapd file This is the IMAP and the POP3 server only (and an old version, too). If you want your mail server to make an archival copy of all mail, then check your mail server's documentation. Courier mail server's setting is the ARCHIVEDIR setting, in the courierd configuration file. If you're using some other mail server, check its documentation, for more information. pgpWkYWNBjKCm.pgp Description: PGP signature -- See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] zdkimfilter
Hi, I'll comment in-line. I am using zdkimfilter-1.2 , provided by gentoo ebuild/portage. Compiler is gcc 4.7.3 Thank you very much. ~A On 2013-07-24 11:13, Alessandro Vesely wrote: Hi, On Wed 24/Jul/2013 00:17:17 +0200 Anders wrote: So, now comes to testing it all... To summarize, no mails are signed because I think that zdkimfilter can't find anything suitable to match domain/selector against. What can be the cause? I think that's because you set RELAYCLIENT based on the IP address, and have no authsender in the control file (a control record starting with 'i'). The signing domain is derived from the user id, if it has a '@'. Courier can work both ways, zdkimfilter should do so as well. I am using courier with virtual users mapped through mysql. The full email address is the user name. What is a control record, and where/how do I find how they are created and looks like? I have a test.mail file == Message-ID: 51eee029.8070...@lechevalier.se Date: Tue, 23 Jul 2013 21:57:29 +0200 From: Anders and...@lechevalier.se User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7 MIME-Version: 1.0 To: anders crimsoncott...@gmail.com Subject: test Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit test == I run dkimsign test.mail and get the following output: == WARN: zfilter: zdkimfilter[27853]:Mismatched library versions: compile=0X2020200 link=0X2080400 (That warning is due to a mismatch between libopendkim-dev and the actual libopendkim library. It might cause hiccups when verifying signatures --not the current issue. OK, does this happen at compile time, or is it something predefined by zdkimfiler code? Looks like it was compiled against opendkim 2.2.2, but I actually have only opendkim 2.8.4 installed (Gentoo mail-filter/opendkim-2.8.4). # ls -l /usr/lib64/libopendkim* lrwxrwxrwx 1 root root 20 Jul 24 12:51 /usr/lib64/libopendkim.so - libopendkim.so.9.0.1 lrwxrwxrwx 1 root root 20 Jul 24 12:51 /usr/lib64/libopendkim.so.9 - libopendkim.so.9.0.1 -rwxr-xr-x 1 root root 136200 Jul 24 12:50 /usr/lib64/libopendkim.so.9.0.1 I did notice a segmentation fault with courier/zdkimfilter once I have started with filterctl. It happens on every received email: Jul 24 13:09:14 e350 courieresmtpd: started,ip=[:::216.34.181.88] Jul 24 13:09:17 e350 courierfilter: zdkimfilter[13997]: started child Jul 24 13:09:17 e350 courieresmtpd: error,relay=:::216.34.181.88,from=courier-users-boun...@lists.sourceforge.net: 432 Mail filters temporarily unavailable. Jul 24 13:09:17 e350 submit: Bad file descriptor Jul 24 13:09:17 e350 submit: Connection closed when processing: Jul 24 13:09:17 e350 courierfilter: zdkimfilter[13997]:reading 2 names completed by first call Jul 24 13:09:17 e350 courierfilter: zdkimfilter[13997]:id=00C804F7.51EFB5DC.36A7: verifying dkim_eoh: No signature (stat=2) ...and kernel log [2329247.997445] zdkimfilter[12231]: segfault at e ip 7f41ffb36411 sp 7fff9d08ce00 error 4 in libopendkim.so.9.0.1[7f41ffb25000+2] [2329937.290754] zdkimfilter[13997]: segfault at e ip 7f41ffb36411 sp 7fff9d08ce00 error 4 in libopendkim.so.9.0.1[7f41ffb25000+2] INFO: zfilter: zdkimfilter: running for dkimsign on 1 ctl + 1 mail files INFO: zfilter: zdkimfilter[27854]: started child DEBUG: zfilter: zdkimfilter[27854]:reading 2 names completed by first call INFO: zfilter: zdkimfilter[27854]:id=dkimsign: not signing for postmaster: no domain INFO: zfilter: zdkimfilter[27854]:id=dkimsign: response: 250 not filtered. == What is the mismatched library versions? dkimsign doesn't see the domain in FROM: or Message-ID: fields. Is this normal? I run dkimsign --domain lechevalier.se test.mail Yes, dkimsign needs the domain to create a control file similar to those supplied by Courier. OK, so all seems OK so far then? zdkimfilter.conf: == all_mode = Y verbose = 8 domain_keys = /etc/courier/filters/keys selector = s == That looks fine. A default_domain = lechevalier.se would be needed only if it is needed for Courier too. That is, if your Courier user id is anders rather than and...@lechevalier.se. No, default domain would not work since courier is providing email for several different domain names. But, each user must login with the full email address. Login is over TLS or SSL connection. I have a symlink /etc/courier/filters/keys/lechevalier.se - s.private Correct. So, when sending emails, I get only the following in my mail log: == Jul 24 00:09:42 e350 courierfilter: zdkimfilter[29197]: started child Jul 24 00:09:42 e350
Re: [courier-users] Mails Copy
Thanks Sam, i want to do the following setup Main courier Server --- Secondary Courier Server --- Client I want user connect with Secondary courier server to fetch mails and secondary server contact with main server and fetch mail on behalf of client and deliver mails to client with a copy of all mails in secondary server as well. Thanks From: Sam Varshavchik mr...@courier-mta.com To: courier-users@lists.sourceforge.net courier-users@lists.sourceforge.net Sent: Wednesday, July 24, 2013 4:35 PM Subject: Re: [courier-users] Mails Copy Direct Logic writes: Thanks for reply i install courier 4.9 from rpm in centos 5.8 unable to find the ARCHIVEDIR in my pop3d and imapd file This is the IMAP and the POP3 server only (and an old version, too). If you want your mail server to make an archival copy of all mail, then check your mail server's documentation. Courier mail server's setting is the ARCHIVEDIR setting, in the courierd configuration file. If you're using some other mail server, check its documentation, for more information. -- See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users-- See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] zdkimfilter
On Wed 24/Jul/2013 13:39:37 +0200 Anders wrote: I'll comment in-line. Yup :-) I am using zdkimfilter-1.2 , provided by gentoo ebuild/portage. Compiler is gcc 4.7.3 I haven't been able to find that version --see below. I think that's because you set RELAYCLIENT based on the IP address, and have no authsender in the control file (a control record starting with 'i'). The signing domain is derived from the user id, if it has a '@'. Courier can work both ways, zdkimfilter should do so as well. I am using courier with virtual users mapped through mysql. The full email address is the user name. So do I. What is a control record, and where/how do I find how they are created and looks like? Control files only exist in the mail queue. They are named Cnnn and correspond to the Dnnn mail file with the same number. They are loosely documented in http://www.courier-mta.org/queue.html I run dkimsign test.mail and get the following output: == WARN: zfilter: zdkimfilter[27853]:Mismatched library versions: compile=0X2020200 link=0X2080400 (That warning is due to a mismatch between libopendkim-dev and the actual libopendkim library. It might cause hiccups when verifying signatures --not the current issue. OK, does this happen at compile time, or is it something predefined by zdkimfiler code? Looks like it was compiled against opendkim 2.2.2, but I actually have only opendkim 2.8.4 installed (Gentoo mail-filter/opendkim-2.8.4). Yes, it is a compile time conditional. I checked http://packages.gentoo.org/package/mail-filter/opendkim http://packages.gentoo.org/package/mail-filter/zdkimfilter I found opendkim-2.8.4 (that was released on the 16th this month), but zdkimfilter-1.1 not 1.2 The opendkim-2.2.2 version they used to build zdkimfilter seems to be lost. # ls -l /usr/lib64/libopendkim* lrwxrwxrwx 1 root root 20 Jul 24 12:51 /usr/lib64/libopendkim.so - libopendkim.so.9.0.1 lrwxrwxrwx 1 root root 20 Jul 24 12:51 /usr/lib64/libopendkim.so.9 - libopendkim.so.9.0.1 -rwxr-xr-x 1 root root 136200 Jul 24 12:50 /usr/lib64/libopendkim.so.9.0.1 I did notice a segmentation fault with courier/zdkimfilter once I have started with filterctl. It happens on every received email: Jul 24 13:09:14 e350 courieresmtpd: started,ip=[:::216.34.181.88] Jul 24 13:09:17 e350 courierfilter: zdkimfilter[13997]: started child Jul 24 13:09:17 e350 courieresmtpd: error,relay=:::216.34.181.88,from=courier-users-boun...@lists.sourceforge.net: 432 Mail filters temporarily unavailable. Jul 24 13:09:17 e350 submit: Bad file descriptor Jul 24 13:09:17 e350 submit: Connection closed when processing: Jul 24 13:09:17 e350 courierfilter: zdkimfilter[13997]:reading 2 names completed by first call Jul 24 13:09:17 e350 courierfilter: zdkimfilter[13997]:id=00C804F7.51EFB5DC.36A7: verifying dkim_eoh: No signature (stat=2) ...and kernel log [2329247.997445] zdkimfilter[12231]: segfault at e ip 7f41ffb36411 sp 7fff9d08ce00 error 4 in libopendkim.so.9.0.1[7f41ffb25000+2] [2329937.290754] zdkimfilter[13997]: segfault at e ip 7f41ffb36411 sp 7fff9d08ce00 error 4 in libopendkim.so.9.0.1[7f41ffb25000+2] We should file a bug report. I would have done it myself if the version matched. There is a function, dkim_policy(), which takes three parameters in opendkim 2.2.2, but takes four in version 2.8.4. Depending on the optimizations used at compile time, it might cause such behavior. In fact, zdkimfilter calls that function when it verifies signatures in received messages. I run dkimsign --domain lechevalier.se test.mail Yes, dkimsign needs the domain to create a control file similar to those supplied by Courier. OK, so all seems OK so far then? Yeah, I use dkimsign that way to sign messages going out through sqwebmail. Possibly, you could prepend it to the mail pipe, until this issue is cleared. You should have got at least a not signing for /user id/: no /something/ message if it had entered signing mode. That's why I think you don't authenticate on sending. Please confirm that. I'll add a message for that case anyway. No all users must authenticate to be able to send emails (relaying denied otherwise). It could be that my courier config is completely wrong, should I post it here? In that case, which of the config files are interresting for you? Output from sending a test email from and...@lechevalier.se to crimsoncott...@gmail.com. At least from= is clearly defined in the log file. There is a key_choice_header parameter that can be tweaked in order to derive the signing domain. Currently, it can be derived from a header field, from the authenticated user-id, or from the default domain. Hence it misses the
Re: [courier-users] zdkimfilter
On 2013-07-24 18:10, Alessandro Vesely wrote: On Wed 24/Jul/2013 13:39:37 +0200 Anders wrote: I'll comment in-line. Yup :-) I am using zdkimfilter-1.2 , provided by gentoo ebuild/portage. Compiler is gcc 4.7.3 I haven't been able to find that version --see below. I think that's because you set RELAYCLIENT based on the IP address, and have no authsender in the control file (a control record starting with 'i'). The signing domain is derived from the user id, if it has a '@'. Courier can work both ways, zdkimfilter should do so as well. I am using courier with virtual users mapped through mysql. The full email address is the user name. So do I. What is a control record, and where/how do I find how they are created and looks like? Control files only exist in the mail queue. They are named Cnnn and correspond to the Dnnn mail file with the same number. They are loosely documented in http://www.courier-mta.org/queue.html I run dkimsign test.mail and get the following output: == WARN: zfilter: zdkimfilter[27853]:Mismatched library versions: compile=0X2020200 link=0X2080400 (That warning is due to a mismatch between libopendkim-dev and the actual libopendkim library. It might cause hiccups when verifying signatures --not the current issue. OK, does this happen at compile time, or is it something predefined by zdkimfiler code? Looks like it was compiled against opendkim 2.2.2, but I actually have only opendkim 2.8.4 installed (Gentoo mail-filter/opendkim-2.8.4). Yes, it is a compile time conditional. I checked http://packages.gentoo.org/package/mail-filter/opendkim http://packages.gentoo.org/package/mail-filter/zdkimfilter I found opendkim-2.8.4 (that was released on the 16th this month), but zdkimfilter-1.1 not 1.2 The opendkim-2.2.2 version they used to build zdkimfilter seems to be lost. I realise I have a local overlay with zdkimfilter-1.2. I will revert to 1.1. Should I downgrade opendkim-2.2.2? # ls -l /usr/lib64/libopendkim* lrwxrwxrwx 1 root root 20 Jul 24 12:51 /usr/lib64/libopendkim.so - libopendkim.so.9.0.1 lrwxrwxrwx 1 root root 20 Jul 24 12:51 /usr/lib64/libopendkim.so.9 - libopendkim.so.9.0.1 -rwxr-xr-x 1 root root 136200 Jul 24 12:50 /usr/lib64/libopendkim.so.9.0.1 I did notice a segmentation fault with courier/zdkimfilter once I have started with filterctl. It happens on every received email: Jul 24 13:09:14 e350 courieresmtpd: started,ip=[:::216.34.181.88] Jul 24 13:09:17 e350 courierfilter: zdkimfilter[13997]: started child Jul 24 13:09:17 e350 courieresmtpd: error,relay=:::216.34.181.88,from=courier-users-boun...@lists.sourceforge.net: 432 Mail filters temporarily unavailable. Jul 24 13:09:17 e350 submit: Bad file descriptor Jul 24 13:09:17 e350 submit: Connection closed when processing: Jul 24 13:09:17 e350 courierfilter: zdkimfilter[13997]:reading 2 names completed by first call Jul 24 13:09:17 e350 courierfilter: zdkimfilter[13997]:id=00C804F7.51EFB5DC.36A7: verifying dkim_eoh: No signature (stat=2) ...and kernel log [2329247.997445] zdkimfilter[12231]: segfault at e ip 7f41ffb36411 sp 7fff9d08ce00 error 4 in libopendkim.so.9.0.1[7f41ffb25000+2] [2329937.290754] zdkimfilter[13997]: segfault at e ip 7f41ffb36411 sp 7fff9d08ce00 error 4 in libopendkim.so.9.0.1[7f41ffb25000+2] We should file a bug report. I would have done it myself if the version matched. There is a function, dkim_policy(), which takes three parameters in opendkim 2.2.2, but takes four in version 2.8.4. Depending on the optimizations used at compile time, it might cause such behavior. In fact, zdkimfilter calls that function when it verifies signatures in received messages. I run dkimsign --domain lechevalier.se test.mail Yes, dkimsign needs the domain to create a control file similar to those supplied by Courier. OK, so all seems OK so far then? Yeah, I use dkimsign that way to sign messages going out through sqwebmail. Possibly, you could prepend it to the mail pipe, until this issue is cleared. You should have got at least a not signing for /user id/: no /something/ message if it had entered signing mode. That's why I think you don't authenticate on sending. Please confirm that. I'll add a message for that case anyway. No all users must authenticate to be able to send emails (relaying denied otherwise). It could be that my courier config is completely wrong, should I post it here? In that case, which of the config files are interresting for you? Output from sending a test email from and...@lechevalier.se to crimsoncott...@gmail.com. At least from= is clearly defined in the log file. There is a key_choice_header parameter that can be tweaked in order to derive the signing
Re: [courier-users] zdkimfilter
On Wed 24/Jul/2013 20:51:06 +0200 Anders wrote: On 2013-07-24 18:10, Alessandro Vesely wrote: The opendkim-2.2.2 version they used to build zdkimfilter seems to be lost. I realise I have a local overlay with zdkimfilter-1.2. I will revert to 1.1. It won't get things better. Knowing the source of the bad built is only useful for reporting the bug where it belongs to. Should I downgrade opendkim-2.2.2? I'd expect that will avoid the segmentation fault. Can you still find it? We'd need to change the code slightly to obtain such feature. Seems like a possible future feature, but I do want authentication, so the problem must be my courier setup. That the best option, IMHO. I must say I am at loss about the the auth=userid@domain. Never seen it in my logs... I do use port 587 with TLS and authentication with username/password to submit email. Perhaps here is where my problem is and I need to correct sigh =( I do not want relayclient based on IP, though that is needed for some local scripting stuff, but not my normal users since we should do auth... I added DEBUG_LOGIN=1 to authdaemondrc and I see authentication when logging in with imap, but nothing when submitting on smtp... Not sure where to look now. any ideas? Thanks! It should be configured in esmtpd-msa, and run its own couriertcpd that listens on that port. -- See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] zdkimfilter
Alright, it works now. Here is what I did: * Install zdkimfilter-1.1 (perhaps not needed, but still) * fix permissions on /etc/courier/filters/keys to be accessible by courier user * add ESMTPAUTH=PLAIN LOGIN to esmptd-msa... Now it seems to work, both for verifying and signing! yay :) ~A On 2013-07-24 20:51, Anders wrote: On 2013-07-24 18:10, Alessandro Vesely wrote: On Wed 24/Jul/2013 13:39:37 +0200 Anders wrote: I'll comment in-line. Yup :-) I am using zdkimfilter-1.2 , provided by gentoo ebuild/portage. Compiler is gcc 4.7.3 I haven't been able to find that version --see below. I think that's because you set RELAYCLIENT based on the IP address, and have no authsender in the control file (a control record starting with 'i'). The signing domain is derived from the user id, if it has a '@'. Courier can work both ways, zdkimfilter should do so as well. I am using courier with virtual users mapped through mysql. The full email address is the user name. So do I. What is a control record, and where/how do I find how they are created and looks like? Control files only exist in the mail queue. They are named Cnnn and correspond to the Dnnn mail file with the same number. They are loosely documented in http://www.courier-mta.org/queue.html I run dkimsign test.mail and get the following output: == WARN: zfilter: zdkimfilter[27853]:Mismatched library versions: compile=0X2020200 link=0X2080400 (That warning is due to a mismatch between libopendkim-dev and the actual libopendkim library. It might cause hiccups when verifying signatures --not the current issue. OK, does this happen at compile time, or is it something predefined by zdkimfiler code? Looks like it was compiled against opendkim 2.2.2, but I actually have only opendkim 2.8.4 installed (Gentoo mail-filter/opendkim-2.8.4). Yes, it is a compile time conditional. I checked http://packages.gentoo.org/package/mail-filter/opendkim http://packages.gentoo.org/package/mail-filter/zdkimfilter I found opendkim-2.8.4 (that was released on the 16th this month), but zdkimfilter-1.1 not 1.2 The opendkim-2.2.2 version they used to build zdkimfilter seems to be lost. I realise I have a local overlay with zdkimfilter-1.2. I will revert to 1.1. Should I downgrade opendkim-2.2.2? # ls -l /usr/lib64/libopendkim* lrwxrwxrwx 1 root root 20 Jul 24 12:51 /usr/lib64/libopendkim.so - libopendkim.so.9.0.1 lrwxrwxrwx 1 root root 20 Jul 24 12:51 /usr/lib64/libopendkim.so.9 - libopendkim.so.9.0.1 -rwxr-xr-x 1 root root 136200 Jul 24 12:50 /usr/lib64/libopendkim.so.9.0.1 I did notice a segmentation fault with courier/zdkimfilter once I have started with filterctl. It happens on every received email: Jul 24 13:09:14 e350 courieresmtpd: started,ip=[:::216.34.181.88] Jul 24 13:09:17 e350 courierfilter: zdkimfilter[13997]: started child Jul 24 13:09:17 e350 courieresmtpd: error,relay=:::216.34.181.88,from=courier-users-boun...@lists.sourceforge.net: 432 Mail filters temporarily unavailable. Jul 24 13:09:17 e350 submit: Bad file descriptor Jul 24 13:09:17 e350 submit: Connection closed when processing: Jul 24 13:09:17 e350 courierfilter: zdkimfilter[13997]:reading 2 names completed by first call Jul 24 13:09:17 e350 courierfilter: zdkimfilter[13997]:id=00C804F7.51EFB5DC.36A7: verifying dkim_eoh: No signature (stat=2) ...and kernel log [2329247.997445] zdkimfilter[12231]: segfault at e ip 7f41ffb36411 sp 7fff9d08ce00 error 4 in libopendkim.so.9.0.1[7f41ffb25000+2] [2329937.290754] zdkimfilter[13997]: segfault at e ip 7f41ffb36411 sp 7fff9d08ce00 error 4 in libopendkim.so.9.0.1[7f41ffb25000+2] We should file a bug report. I would have done it myself if the version matched. There is a function, dkim_policy(), which takes three parameters in opendkim 2.2.2, but takes four in version 2.8.4. Depending on the optimizations used at compile time, it might cause such behavior. In fact, zdkimfilter calls that function when it verifies signatures in received messages. I run dkimsign --domain lechevalier.se test.mail Yes, dkimsign needs the domain to create a control file similar to those supplied by Courier. OK, so all seems OK so far then? Yeah, I use dkimsign that way to sign messages going out through sqwebmail. Possibly, you could prepend it to the mail pipe, until this issue is cleared. You should have got at least a not signing for /user id/: no /something/ message if it had entered signing mode. That's why I think you don't authenticate on sending. Please confirm that. I'll add a message for that case anyway. No all users must authenticate to be able to send emails (relaying denied otherwise). It could be that my courier config is completely
Re: [courier-users] Mails Copy
Direct Logic writes: Thanks Sam, i want to do the following setup Main courier Server --- Secondary Courier Server --- Client I want user connect with Secondary courier server to fetch mails and secondary server contact with main server and fetch mail on behalf of client and deliver mails to client with a copy of all mails in secondary server as well. Although there are several different ways to do that, you should, instead, explain what problem you're trying to solve. Quite often, instead of explaining what the problem is, one thinks that there's only one way to solve a problem, and tries to figure out how to do that, when there's really a better, different way to solve the problem that's going to work much better. But, to narrow down the answer precisely to this, the best way would be to use mail aliases. See ALIAS SPECIFICATIONS in the makealiases man page. An alias entry of address1: address2, address3 forwards mail addressed to one address to two different address, and you'll just need to carefully configure domains, host names, and server configuration to end up with the desired results. So, with a mail domain of @example.com, and two servers host1.example.com and host2.example.com, each server would configure example.com as a hosted domain, with each host's name, and a local domain, set to host[n].example.com. Then, on host1, it's a matter of defining aliases of the form u...@example.com: user, u...@host2.example.com, so each mail gets forwarded to a local mailbox, and to the same mailbox on host2.example.com. That's it. But, you're probably trying to solve a completely different problem, for which a better solution probably exists, as I said. pgpInc0AAUe_3.pgp Description: PGP signature -- See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] zdkimfilter
On 2013-07-24 21:25, Alessandro Vesely wrote: On Wed 24/Jul/2013 20:51:06 +0200 Anders wrote: On 2013-07-24 18:10, Alessandro Vesely wrote: The opendkim-2.2.2 version they used to build zdkimfilter seems to be lost. I realise I have a local overlay with zdkimfilter-1.2. I will revert to 1.1. It won't get things better. Knowing the source of the bad built is only useful for reporting the bug where it belongs to. Have now tried zdkimfilter-1.2 the same segfault happens. Otherwise it works to sign outgoing and verify incoming emails. Should I downgrade opendkim-2.2.2? I'd expect that will avoid the segmentation fault. Can you still find it? Yes, it did resolve the issue. tar -xzvf opendkim-2.2.2.tar.gz ./configure make make install reinstall zdkimfilter-1.2 (emerge zdkimfilter) We'd need to change the code slightly to obtain such feature. Seems like a possible future feature, but I do want authentication, so the problem must be my courier setup. That the best option, IMHO. I must say I am at loss about the the auth=userid@domain. Never seen it in my logs... I do use port 587 with TLS and authentication with username/password to submit email. Perhaps here is where my problem is and I need to correct sigh =( I do not want relayclient based on IP, though that is needed for some local scripting stuff, but not my normal users since we should do auth... I added DEBUG_LOGIN=1 to authdaemondrc and I see authentication when logging in with imap, but nothing when submitting on smtp... Not sure where to look now. any ideas? Thanks! It should be configured in esmtpd-msa, and run its own couriertcpd that listens on that port. It is now, and that works nice. Not sure why the setting got missing - probably due to upgrading too many times and not checking... Thanks for pointing it out. ~ A -- See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Mails Copy
Main mail server has Exim + Courier and not provide feature of mail archiving so we want to save all outgoing and incoming mails of user in our Intermediate server with exim+courier which will listen users requests and forward to main mail server with a copy of mail in Intermediate server . From: Sam Varshavchik mr...@courier-mta.com To: courier-users@lists.sourceforge.net courier-users@lists.sourceforge.net Sent: Thursday, July 25, 2013 3:31 AM Subject: Re: [courier-users] Mails Copy Direct Logic writes: Thanks Sam, i want to do the following setup Main courier Server --- Secondary Courier Server --- Client I want user connect with Secondary courier server to fetch mails and secondary server contact with main server and fetch mail on behalf of client and deliver mails to client with a copy of all mails in secondary server as well. Although there are several different ways to do that, you should, instead, explain what problem you're trying to solve. Quite often, instead of explaining what the problem is, one thinks that there's only one way to solve a problem, and tries to figure out how to do that, when there's really a better, different way to solve the problem that's going to work much better. But, to narrow down the answer precisely to this, the best way would be to use mail aliases. See ALIAS SPECIFICATIONS in the makealiases man page. An alias entry of address1: address2, address3 forwards mail addressed to one address to two different address, and you'll just need to carefully configure domains, host names, and server configuration to end up with the desired results. So, with a mail domain of @example.com, and two servers host1.example.com and host2.example.com, each server would configure example.com as a hosted domain, with each host's name, and a local domain, set to host[n].example.com. Then, on host1, it's a matter of defining aliases of the form u...@example.com: user, u...@host2.example.com, so each mail gets forwarded to a local mailbox, and to the same mailbox on host2.example.com. That's it. But, you're probably trying to solve a completely different problem, for which a better solution probably exists, as I said. -- See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users-- See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users