[courier-users] Fwd: Re: Looking for new Debian maintainers for courier-mta packages
Hi Markus, I hope you don't mind me forwarding your email to the courier-users mailing-list. There are some users their that wold be very interested in uptodate packages for stretch that would hopefully also filter down to the ubuntu repos. Forwarded Message Subject: Re: Looking for new Debian maintainers for courier-mta packages Date: Tue, 28 Mar 2017 18:56:58 +0200 From: Markus Wanner <mar...@bluegap.ch> To: Ondřej Surý <ond...@sury.org>, debian-de...@lists.debian.org, Willi Mann <wi...@debian.org>, courier-i...@lists.sourceforge.net CC: Mark Constable <ma...@renta.net> Hi, it's certainly a bit late, but I'd like to adopt the courier mta packages, as stated in the wnpp bugs. (Stumbled over this old mail only today.) On 12/06/2016 03:04 PM, Ondřej Surý wrote: > I have filled RFH (Request for Help) bug on courier package, but nobody > responded so far. Today I have changed that to RFA (Request for > Adoption) and I intend to properly orphan the packages before stretch > release and remove them from next Debian stable release. Well, unless > somebody comes up and makes a hard promise to take care of all Courier > MTA till Debian stretch (next stable) end-of-life and becomes > maintainers. Well, that's hard to promise, but I'll try to get courier ready for stretch, in the first place. If that effort isn't successful, it should better be dropped from stretch. > Please note that the bug list on src:courier is rather long: > https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no=courier > (143 filled bugs) and it will need some time to comb through the list, > close the non-issues, fix the Debian related bugs and forward the > appropriate bugs to upstream. I would suggest it might be better this > would be a team effort. While I'm a long-time courier user and DD, I clearly don't qualify as a team. I'd certainly appreciate help and would instantly hand over maintenance to one. Kind Regards Markus Wanner -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Future of Courier MTA
On 19/02/17 10:14, Gordon Messmer wrote: >> Is anyone willing to cooperate with me on fixing Debian-related >> errors? https://github.com/szepeviktor/courier > > Well, I just sent some more patches to the FreeBSD maintainer to > bring the package up to date. I think I can put in some effort to > help maintain Courier for Debian. Is Ondřej still the package > maintainer? Not really, this explains Ondřej's position... https://sourceforge.net/p/courier/mailman/message/35535235/ -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Best practize for $USER -> EMail
On 20/01/17 22:22, Michelle Konzack wrote: > All the users where created on as "normal" UNIX users > and there login name is also there email address. So, now you can > imagine, that this give problems if is responsable for > different domains, where maybe two users have the same names... You could go completely virtual and store j...@domain1.tld and j...@domain2.tld usernames in PG, MySQL or SQLite, along with different home/maildir paths, quotas and uid/gids. > Question: Is there a limitation in the number if files or symlinks > in the /etc/courier/aliases/ directory? I think also on using my > PostgreSQL for all this aliasses and generate only one file >automated which then run "makealiases" Any suggestions? System aliases are certainly efficient but if you would consider running maildrop as the delivery agent then you could "naturally" split up all user aliasing to each users home dir dictated by the above SQL query (not the /etc/passwd homedir, but could be the same.) maildrop also provides per-user mailfilters which allows for per-user vacation scripts along with a wide range of flexibility to do just about anything. -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] rspamd for courier-mta
On 17/01/17 06:59, Ben Kennedy wrote: >> Has anyone tried this with courier-mta? > > I have nothing to contribute except to add my interest to this as > well. I've been running SpamAssassin for years, but with poorer and > poorer results, and have been keen to find an alternative. FWIW atm I only use spamprobe via maildop using 2 IMAP retraining folders (super simple setup, no ram hogging daemons) and out of ~30 spams per day I get about 2 or 3 spams per week that get through to my Inbox. But its taken a year of training to get to this point. > I'd not heard of rspamd; looks like it could be the thing. It's a monster unto itself and the only way I've got it to work is by installing mailcow-dockerized which I'm trying to "flatten" out so it doesn't require docker containers. It's not as light as I hoped it might be but it should be fast being written in C by a Russian (shades of nginx.) This is it's startup state and it will spawn many more processes under load but it's still only half as much as spamassassin would use... ps -eo rss:10,vsz:10,cmd --sort=rss | grep rspamd 4580 327444 rspamd: hs_helper process 5648 327436 rspamd: main process 59664 402564 rspamd: controller process 60300 478416 rspamd: normal process In the postfix world it's called via rmilter (which also uses redis for caching so that is another ram sinkhole)... main.cf:smtpd_milters = unix:/var/run/rmilter/rmilter.sock which has this rspamd config option in /etc/rmilter.conf... spamd { extended_spam_headers = yes servers = r:localhost:11333; reject_message = "Spam message rejected; If this is not spam contact abuse"; whitelist = 127.0.0.1/32, 192.168.0.0/16, [::1]/128; [...]] }; so rspamd is expected on localhost:11333 and runs quite a range of tests including a baysean filter and also uses LUA to provide a huge level of configurability... classifier "bayes" { tokenizer { name = "osb"; } cache { path = "${DBDIR}/learn_cache.sqlite"; } statfile { symbol = "BAYES_HAM"; path = "${DBDIR}/bayes.ham.sqlite"; spam = false; } statfile { symbol = "BAYES_SPAM"; path = "${DBDIR}/bayes.spam.sqlite"; spam = true; } learn_condition =
[courier-users] rspamd for courier-mta
I've been looking for a lightweight faster amavisd/spamassassin replacement for years and generally rely on just SpamProbe so this is very interesting. Has anyone tried this with courier-mta? https://rspamd.com/doc/integration.html -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Fwd: Looking for new Debian maintainers for courier-mta packages
On 11/12/16 23:02, Alessandro Vesely wrote: > I'm not clear whether Ondřej's changes break compatibility with the > current package. If aiming at an incompatible repackaging, dropping > the existing packages and creating new ones can be easier. Call it > /renaming/ if you like. They are a significant departure from the original 0.68.2-1ubuntu7 packages in xenial:universe/mail. Not only are Ondřej's packages using almost current source (0.76.2-1+deb.sury.org~xenial+1) but they have changed the default user ID from "deamon" to "courier" which essentially means that a simple upgrade is not really possible. I spent a lot of time testing Ondřej's packages as he built them and I could never do a simple upgrade. I always had to completely uninstall the old packages and start a fresh courier install. He also amalgamated a few packages so that these ones became redundant... courier-imap-ssl - Courier mail server - IMAP over SSL [transitional] courier-maildrop - Courier mail server - mail delivery agent [transitional package] courier-pop-ssl - Courier mail server - POP3 over SSL [transitional] courier-ssl - Courier mail server - SSL/TLS Support [transitional] and their functionality incorporated into the "parent" packages. One fairly significant change is that the maildrop package binary works a little differently from the "old" courier-maildrop binary, ie; in /etc/courier/courierd if one wanted global maildrop delivery then this workaround was needed... #DEFAULTDELIVERY="|/usr/bin/maildrop -w 90 -V 1" DEFAULTDELIVERY='|/usr/bin/maildrop -w 90 -d "${RECIPIENT}"' Other than clearing out all remnants of the old "daemon" owned files and directories so the newer "courier" owned components would not be compromised it all seems to work. Ondřej did an amazing job... deb http://ppa.launchpad.net/ondrej/courier/ubuntu xenial main FWIW this is a fairly good history of what Ondřej did to the packages... https://github.com/oerdnj/deb.sury.org/issues?utf8=%E2%9C%93=is%3Aissue%20is%3Aclosed%20courier > I propose interested Ubuntu users subscribe here. I reckon > subscribers of this list, even if not interested in Debian packaging, > are more likely to occasionally lend some interest on the subject > than subscribers of Ububtu- or Debian- devel who are not interested > in Courier or mail. Am I wrong? The original packages list... Maintainer: Ubuntu DevelopersOriginal-Maintainer: Stefan Hornburg (Racke) ... so I presume ubuntu-devel-disc...@lists.ubuntu.com has some bearing on whether the newer packages could ever replace the old ones, which could only ever formally happen in post-xenial releases. On 12/12/16 01:03, Sam Varshavchik wrote: > Although Github's bug tracker is enabled, I don't link to it directly > from www.courier-mta.org/links.html, only to the mailing lists. > Courier is stable, and requires very little maintenance. Github's bug > tracker is there, for anyone that wants to use it. Well there we go. Maybe it is possible to ask Sam to include the /debian directories from Ondřejs' PPA packages into his Github and personal git repos so the issue of the canonical (not Canonical) upstream source is no longer ambiguous? That should satisfy the Debian/Ubuntu upstream requirements so whoever was the formal package maintainer would only have to build and submit the packages direct from Github and a "bunch of us deb using guys" only have to focus on the QA of that /debian directory which we could mainly coordinate via the Github issue tracker, and of course this list. -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Fwd: Looking for new Debian maintainers for courier-mta packages
On 11/12/16 03:09, SZÉPE Viktor wrote: > On 07/12/16 00:04, Ondřej Surý wrote: >> I have filled RFH (Request for Help) bug on courier package, but >> nobody responded so far. Today I have changed that to RFA (Request >> for Adoption) and I intend to properly orphan the packages before >> stretch release and remove them from next Debian stable release. >> Well, unless somebody comes up and makes a hard promise to take >> care of all Courier MTA till Debian stretch (next stable) >> end-of-life and becomes maintainers. This was one of the saddest emails I have ever received. If my servers ran Archlinux I'd have no problem building from source, and even maintaining a source package in AUR, but even though I am a staunch ubuntu-server user I really don't like debs (or rpm) packaging. I have little choice left but to start testing postfix/dovecot :-( And so far I really despise what I see after becoming so comfortable with courier. No SNI (SSL on a single IP) for a start and goodness knows what else will be awkward to impossible to achieve compared to the relative ease and unified sanity of the courier suite. And not least of all the superb effort put in by Sam, and others, on this list to provide a level of consistent free support rarely seen elsewhere (in my experience.) > I could lend a hand to the maintainer for couple of hours/month. I > am Courier user and I am able to put together simple, lintian-free > packages > > https://github.com/szepeviktor/debian-server-tools/tree/master/security/myattackers-ipsets/ipset-persistent/debian > > Though I've never used Debian's source/build infrastructure. That's very encouraging. I am less experienced with Debian packaging than you so I'm not sure I can do much to help. It looks like ra...@linuxia.de has retired from the original Debian packages and Ondřej put in an amazing effort to re-package the latest source to run under the "courier" user instead of the previous "daemon" user (more in line with original source). Some discussion on ubuntu-devel-disc...@lists.ubuntu.com might dig up some more support and help determine if Ondřejs' packages could replace the current way-to-old barely-on-life-support package set. > Two things: > The package has no git source https://packages.qa.debian.org/c/courier.html > Courier upstream has no bug-tracking system. > > I would choose GitHub as a place to store /debian and to communicate > with upstream. Unfortunately Sam doesn't seem interested in moving his whole development system over to Github. -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Fwd: Looking for new Debian maintainers for courier-mta packages
Apologies if this is a repost but I couldn't find it in the courier-users@ archives. Forwarded Message Subject: Looking for new Debian maintainers for courier-mta packages Date: Tue, 06 Dec 2016 15:04:59 +0100 From: Ondřej Surý <ond...@sury.org> To: debian-de...@lists.debian.org, Willi Mann <wi...@debian.org>, courier-i...@lists.sourceforge.net CC: Mark Constable <ma...@renta.net> Hi, TL;DR I am looking for prospective courier-mta maintainers for Courier MTA packages. a little history - Mark Constable asked me a while ago if I could prepare updated Courier MTA packages for Ubuntu PPA. As a part of that I whipped the courier-authlib, courier-unicode and courier packages up to modern Debian packages standard and did some more improvements to the packaging (as privilege separation on separate 'courier' user). I also merged non-TLS and TLS versions and did some more changes (most of it could be found in debian/changelog and/or in git log). I did my best to break as little things as possible, but the changes to the packages were massive. There's one problem though - I am not active Courier MTA user, so I can do my best from Debian point of view, but I am unable to do any extensive testing. Therefore I am looking for active Courier MTA users that happen to be either Debian Developers, Debian Maintainers, or just people that would be happy to learn the Debian Packaging - I would be more than happy to provide guidance in such case. I have filled RFH (Request for Help) bug on courier package, but nobody responded so far. Today I have changed that to RFA (Request for Adoption) and I intend to properly orphan the packages before stretch release and remove them from next Debian stable release. Well, unless somebody comes up and makes a hard promise to take care of all Courier MTA till Debian stretch (next stable) end-of-life and becomes maintainers. Please note that the bug list on src:courier is rather long: https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no=courier (143 filled bugs) and it will need some time to comb through the list, close the non-issues, fix the Debian related bugs and forward the appropriate bugs to upstream. I would suggest it might be better this would be a team effort. Cheers, -- Ondřej Surý <ond...@sury.org> -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Alternate and extra IMAP folders
I always set up a "standard" set of extra IMAP folders like Sent, Junk and Trash (plus Drafts, Templates and Archives for Thunderbird users) but some of our Outlook and Apple Mail user programs are creating, for instance, "Sent Items", "Junk E-mail" and "Deleted Items" folders. Some of these users are not capable of changing anything on their end other than read and delete messages. Some of them can't even tell use what program they are using let alone what version! This is a case in point this morning, this Outlook user can only see the "Sent Items" folder on her end but when she uses Roundcube it puts outgoing messages in the Sent folder so both it and "Sent Items" had messages in them. ~ cat courierimapsubscribed INBOX.Deleted Items INBOX.Drafts INBOX.Junk INBOX.Junk E-mail INBOX.Sent INBOX.Sent Items INBOX.Trash Can anyone suggest a sane method to normalize this situation so there is only a single set of IMAP folders that will work for all or most client mail programs? Ie; would it be possible to symlink "Sent Items" to "Sent" so the users Outlook/Mail program is happy, Roundcube is happy, and that courier-imap is happy dealing with one set of "real" folders? Is it possible to tell courier-imap PER CLIENT which folders to use? How do you guys deal with this situation? -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Ports 465 vs 587
Because of arguments like this, and that I do not even want to offer non-SSL options, I routinely disable ports 143 and 587 and only use ports 993 and 465 for authenticated user mail... https://www.agwa.name/blog/post/starttls_considered_harmful However just now I notice this comment and am now concerned that ie; port 465 might be deprecated and dropped by future Roundcube updates... https://github.com/roundcube/roundcubemail/blob/ee895a2c96a33b854c62a5835a7a1fcd24c02b39/config/defaults.inc.php#L251 I guess my question is; how safe is it to continue to rely on NOT using ports 143/587? -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://sdm.link/zohodev2dev ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Vhost certificates
FWIW I finally got around to testing 0.76.1 with a virtual vhost SSL (letsencrypt) certificate and it worked! All I did was create symlinks from /etc/courier/{esmtpd,imapd}.pem.DOMAIN to the right combined privkey.pem + fullchain.pem for the particular vhost and Thunderbird worked perfectly. Brilliant! Thank you Sam :-) Just checked, Outlook for Android did not work. Anyone know of an Android mail app that might work with IMAP/ESMTP SNA? -- Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] OpenSSL v1.1.0
Hi Sam, FWIW Debian "stretch" is currently rebuilding all SSL related packages based on OpenSSL v1.1.0 which will also flow through to Ubuntu packages pretty soon. Perhaps you could provide a tweak to help ondrej build new deb packages, and no doubt this will affect rpm packages too. > From: Kurt Roeckx> To: sub...@bugs.debian.org > Subject: courier: FTBFS with openssl 1.1.0 > Date: Sun, 26 Jun 2016 12:21:22 +0200 > > Source: courier Version: 0.76.1-3 Severity: important Control: block > 827061 by -1 > > Hi, > > OpenSSL 1.1.0 is about to released. During a rebuild of all packages > using OpenSSL this package failed to build. A log of that build can be > found at: > > https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/courier_0.76.1-3_amd64-20160529-1412 > > On https://wiki.openssl.org/index.php/1.1_API_Changes you can see > various of the reasons why it might fail. There are also updated man > pages at https://www.openssl.org/docs/manmaster/ that should contain > useful information. > > There is a libssl-dev package available in experimental that contains > a recent snapshot, I suggest you try building against that to see if > everything works. > > If you have problems making things work, feel free to contact us. > > Kurt https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828272 -- Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courier is malware
On 03/06/16 11:44, Sam Varshavchik wrote: > If Sourceforge doesn't resolve it tomorrow, or I get an unhelpful > response, they won't follow-up until Monday; and I'll just replace > all the links with the direct download links, bypassing Sourceforge's > banner ads, for now. FWIW how about replacing SF altogether with... https://help.github.com/articles/creating-releases/ scriptable API for above... https://developer.github.com/v3/repos/releases/#create-a-release and this could also be useful... https://help.github.com/articles/versioning-large-files/ -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Disable SSL for esmtpd on port 25
On 28/05/16 23:23, Sam Varshavchik wrote: >> We only use authenticated relaying via 465/SSL and 587/TLS so none >> of our clients use port 25 for auth/relay. The problem is our client >> recipient has to contact our support which then asks them for a copy >> of the error, then I get it, then I have to squirrel around in the >> mail logs to determine IP/hosts and hope a dig mx finds the right >> mailserver etc then whitelists that server/mx and cross my fingers >> I got all that right and our client can continue on their merry way. > > Do you know for sure that the sender bounces the mail if it can't > negotiate SSL; that the sender does not fallback to unencrypted? Our recipient client gets a bounce from our server when they try to send to, for instance, @dss.gov.au so I presume these servers are not falling back to an unencrypted connection. This is a recent example of our client trying to send to x...@dss.gov.au... May 24 12:12:26 s1 courierd: newmsg,id=xxx, auth=xxx: dns; [xxx] ([:::xxx]) May 24 12:12:26 s1 courierd: started,id=xxx,from=,module=esmtp,host=dss.gov.au,addr=May 24 12:12:27 s1 courieresmtp: id=xxx,from=,addr= : 500 couriertls: connect: error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error May 24 12:12:27 s1 courieresmtp: id=xxx,from=,addr= ,status: failure May 24 12:12:27 s1 courierd: completed,id=xxx May 24 12:12:27 s1 courierd: started,id=xxx,from=<>,module=dsn,host=,addr= May 24 12:12:27 s1 courierd: completed,id=xxx No real hint of a unencrypted connection in any of the examples I checked. Other failed domains are... orica.com network.pmc.gov.au bg-group.com jc.com.au ecanyons.com signature.asc Description: OpenPGP digital signature -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Disable SSL for esmtpd on port 25
On 27/05/16 02:20, Matus UHLAR - fantomas wrote: >> Some lame govt mailservers are still using SSL23... >> "SSL23_GET_SERVER_HELLO:tlsv1 alert decode error" >> and rather than whitelist them I'm sure I used to just disable SSL >> via /etc/courier/esmtpd altogether (currently using v0.68.2)... > > why not whitelisting? Why to avoid security just because some can't > cope with it? We only use authenticated relaying via 465/SSL and 587/TLS so none of our clients use port 25 for auth/relay. The problem is our client recipient has to contact our support which then asks them for a copy of the error, then I get it, then I have to squirrel around in the mail logs to determine IP/hosts and hope a dig mx finds the right mailserver etc then whitelists that server/mx and cross my fingers I got all that right and our client can continue on their merry way. I don't know how to check what percentage of port 25 mailserver to mailserver connections may be SSL encrypted to justify leaving SSL on port 25 for server to server connections. Would you (or anyone) have any idea how many mailservers are successfully connecting to each other via SSL these days? -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Disable SSL for esmtpd on port 25
I just set up a new server and I can't for the life of me remember, or find, how to disable SSL on port 25 for general incoming mail? Some lame govt mailservers are still using SSL23... SSL23_GET_SERVER_HELLO:tlsv1 alert decode error and rather than whitelist them I'm sure I used to just disable SSL via /etc/courier/esmtpd altogether (currently using v0.68.2)... ~ egrep -v "^(#|$)" /etc/courier/esmtpd PATH=/usr/bin:/bin:/usr/bin:/usr/local/bin SHELL=/bin/bash ULIMIT=32768 BOFHCHECKDNS=1 BOFHNOEXPN=1 BOFHNOVRFY=1 TARPIT=1 NOADDMSGID=1 NOADDDATE=1 ESMTP_LOG_DIALOG=0 AUTH_REQUIRED=0 COURIERTLS=/usr/bin/couriertls TLS_KX_LIST=ALL TLS_COMPRESSION=ALL TLS_CERTS=X509 TLS_CERTFILE=/etc/courier/esmtpd.pem TLS_TRUSTCERTS=/etc/ssl/certs TLS_VERIFYPEER=NONE MAILUSER=daemon MAILGROUP=daemon BLACKLISTS="-block=zen.spamhaus.org,BLOCK -block=cbl.abuseat.org,BLOCK" DROP="-drop" ACCESSFILE=${sysconfdir}/smtpaccess MAXDAEMONS=40 MAXPERC=5 MAXPERIP=5 PIDFILE=/var/run/courier/esmtpd.pid TCPDOPTS="-stderrlogger=/usr/sbin/courierlogger -nodnslookup -noidentlookup" ESMTPAUTH="LOGIN PLAIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256" ESMTPAUTH_WEBADMIN="LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256" ESMTPAUTH_TLS="" ESMTPAUTH_TLS_WEBADMIN="PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256" ESMTPDSTART=YES -- Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] How to force quota recalculation ?
On 25/05/16 19:00, chaouche yacine wrote: > I've move maildirsize to maildirsize- but quota is still shown as > 209715200 (instead of 64764) even after an authentification lookup > [...] > Authenticated: i.aitah...@domain.tld (uid 5000, gid 5000) > Home Directory: /var/vmail >Maildir: domain.tld/i.aitahmed > Quota: 209715200 > Encrypted Password: $1$j5tuqwxC$rsLuOD5v8DDBydp.kBEPf0 > Cleartext Password: (none) >Options: disableimap=n,disablepop3=n You are seeing the default quota setting, not the dynamic value determined by courier as to how full the mailbox currently is. If anyone is using Thunderbird then RMB on the Inbox and go to Properties -> Quota and that will give you a real time estimate AFTER removing the maildirsize file and restarting TB to enforce a fresh login and scan of the IMAP/POP folders. -- Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] How to force quota recalculation ?
On 25/05/16 16:38, Matus UHLAR - fantomas wrote: > so this depends on authdaemon providing that information, e.g. this > won't work with standard user accounts other that removing quota at > all... You're right, not with authpam (and maybe authpipe / authcustom depending what's returned), but I think all the others have a quota field... authmodulelistorig="authuserdb authpam authpgsql authldap authmysql authsqlite authcustom authpipe" -- Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] How to force quota recalculation ?
On 25/05/16 16:10, Matus UHLAR - fantomas wrote: > On 25.05.16 12:41, Mark Constable wrote: >> There may be more elegant solutions but I just simply delete that >> file and quotawarn. The maildirsize file will be rebuilt soon >> enough. > > isn't quota lost when you lose maildirsize? > I thought the first line sets the quota... The quota comes from an authdaemon lookup... May 25 16:16:01 s2 authdaemond[23816]: Authenticated: sysusername=, sysuserid=, sysgroupid=, homedir=/xxx/xxx/markc, address=ma...@renta.net, fullname=, maildir=, quota=2097152000S, options= so when there is no maildirsize it gets rebuilt. The proof is that when maildirmake first creates a users maildir area there is no maildirsize file and everything works fine, it simply gets created if it doesn't exist. -- Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] How to force quota recalculation ?
On 25/05/16 01:48, chaouche yacine wrote: > maildirsize shows 200Mb+ of disk usage while du shows only 64Mb. How > can I ask courier to recaclculate the quota and allow this poor user > to receive mail again ? There may be more elegant solutions but I just simply delete that file and quotawarn. The maildirsize file will be rebuilt soon enough. -- Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Let's encrypt
On 14/05/16 06:30, SZÉPE Viktor wrote: > Let's Encrypt also provides you 3 certs: intermediate, public and > private. Just install them (symlink them) as any other certificate. > The order is: > > # cat "$PRIV" "$PUB" "$INT" > "$COURIER_COMBINED" FWIW I find that only privkey.pem and fullchain.pem are necessary. I also use a simple shell wrapper around this to manage my LE certs... https://github.com/lukas2511/letsencrypt.sh.git as it has no dependencies on perl or python. -- Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Manipulating outgoing messages
We often have a problem with Thunderbird hanging when trying to send a copy of an outgoing email to the Sent folder. Using RMB -> Properties -> Repair Folder and Compact seems to generally fix it for a few months. However it occurred to me that if the original sent message could be squirreled away to the Sent folder on the server then it would both solve the hanging problem and save a second round trip to the server when saving a copy to the Sent folder. We can do almost anything with incoming mail using maildrop but is there anything we can do to manipulate outgoing mail, per user? -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courier-mta.org website down?
On 05/04/16 14:18, Harry Duncan wrote: > The usual site is missing and I get a cpanel message? Yikes. I'm not even getting that. Whois and dig/ping work okay but nothing on port 80 comes up for me. -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] TLS SNI when Courier is built with OpenSSL
Mini followup on success with using 0.76.0.20160430 SNI SSL. I'm happy to report that Windows10 Outlook works with SNI as does the Android Outlook client. The Android K9 mail app does not. -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] I need working nginx configuration for webadmin
On 05/02/16 20:14, Matus UHLAR - fantomas wrote: > and I mean, apache process loads all modules at startup time, which > means that mod-php is loaded only at the start or reconfigure time, > and all child processes are created by forking only when servers are > spawned at: > - startup > - increating number of server processes > - restarting after MaxRequestsPerChild or MaxConnectionsPerChild hit. And my point is that every apache process includes the full mod-php interpreter regardless of whether that process is about to handle a PHP script or a static file. It's not the startup time that is the issue (for me) but that a PHP interpreter is included within each process even if it is not going to be used to interpret a PHP script (in the case of delivering a non-php static resource). -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] I need working nginx configuration for webadmin
On 05/02/16 19:19, Matus UHLAR - fantomas wrote: >> A couple of more points, apache with libapache2-mod-php requires >> the slower pre-forking version of apache and because that module is >> always loaded for every access > > is it? iiuc it's only loaded on apache reload... (unless you tune > MaxRequestsPerChild/2.2 or MaxConnectionsPerChild/2.4) I meant the entire libapache2-mod-php module is loaded into ram for every access to every file no matter if it's a non-php static file or a php file. Each apache process (+ mod-php) is from 20Mb to 100Mb regardless of whether it's about to parse a PHP script or not. A nginx instance is about ~9Mb and delivers a static file up to twice as fast as apache with mod-php (according to ab testing I did 1/2 dozen years ago). I find php-fpm usually runs at 3Mb to 30Mb but sometimes up to 100Mb for Wordpress with massively complex themes and plugins. So nginx + php-fpm generally uses less ram than apache + mod-php for PHP scripts but up to 10 times less ram for static files (css, js, images) and static files (until cached) far outnumber PHP script access. -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] TLS SNI when Courier is built with OpenSSL
On 04/30/16 11:59, Sam Varshavchik wrote: >> - courier, courier-imap: add support for TLS SNI when Courier is >> built with OpenSSL. I'm happy to report that the 0.76.0.20160430 devel version does indeed support TLS SNI with OpenSSL. http://downloads.sourceforge.net/project/courier/courier-devel/20160430/courier-0.76.0.20160430.tar.bz2 ~ netstat -tanup | grep couriertcpd tcp6 0 0 :::993 :::* LISTEN 13053/couriertcpd <-- 13053 for imapd-ssl tcp6 0 0 :::465 :::* LISTEN 13033/couriertcpd tcp6 0 0 :::25 :::* LISTEN 13014/couriertcpd ~ strace -s 256 -f -p 13053 2>&1 | grep imapd.pem Then in another shell use something like this (ubuntu) with your own domain, OR use a regular mail client (Thunderbird 45.0 definitely works)... ~ TLS_TRUSTCERTS=/etc/ssl/certs TLS_VERIFYPEER=none couriertls \ -host=mrsam.goldcoast.org -port=993 -verify=mrsam.goldcoast.org and the result should be similar to this... 13250 access("/etc/courier/imapd.pem.192.168.0.2", R_OK) = -1 ENOENT (No such file or directory) 13250 open("/etc/courier/imapd.pem", O_RDONLY) = 5 13250 open("/etc/courier/imapd.pem", O_RDONLY) = 5 13250 access("/etc/courier/imapd.pem.mrsam.goldcoast.org", R_OK) = 0 13250 access("/etc/courier/imapd.pem.192.168.0.2", R_OK) = -1 ENOENT (No such file or directory) 13250 open("/etc/courier/imapd.pem", O_RDONLY) = 5 13250 open("/etc/courier/imapd.pem", O_RDONLY) = 5 13250 open("/etc/courier/imapd.pem.mrsam.goldcoast.org", O_RDONLY) = 5 13250 open("/etc/courier/imapd.pem.mrsam.goldcoast.org", O_RDONLY) = 5 13250 open("/etc/courier/imapd.pem.mrsam.goldcoast.org", O_RDONLY) = 5 And as a bonus, the above imapd.pem.mrsam.goldcoast.org is symlinked to a LetsEncrypt certificate that includes a SAN of www.mrsam.goldcoast.org. Subject: CN=mrsam.goldcoast.org X509v3 Subject Alternative Name: DNS:mrsam.goldcoast.org, DNS:www.mrsam.goldcoast.org Excellent work Sam and many many thanks. -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] I need working nginx configuration for webadmin
On 05/02/16 03:16, Matus UHLAR - fantomas wrote: >> Perl kludge suggested on nginx site for runnig CGI scripts as >> FastCGI much worse than time-honoured apache. > > but what's the point of proxying it from apache? Apache can run cgi > (and fastcgi, even php as module, not as fastcgi, so php should be > even faster under apache) too, you don't need nginx. > > if you want nginx, what's the point of apache proxying? A couple of more points, apache with libapache2-mod-php requires the slower pre-forking version of apache and because that module is always loaded for every access it makes sense to use the much faster and lighter nginx frontend to deliver static files and then proxy to apache just for php. Also, a lot of web apps expect, or are easier, to use a .htaccess file which nginx does not handle. As for running webadmin, and perhaps sqwebmail, the simplest solution is to use a dedicated instance of lighthttpd on another port (assuming nginx is already in use on 80/443). -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] TLS SNI when Courier is built with OpenSSL
On 29/04/16 22:36, Sam Varshavchik wrote: >>> I finally have a 0.76.0 ubuntu install to test and trying to get this to >>> work... >>> >>> > - courier, courier-imap: add support for TLS SNI when Courier is built >>> > with OpenSSL. >>> >>> I've added this vhost settings but no sign the LetsEncrypt certificate is >>> being delivered to Thunderbird. >>> >>> ~ ls -1 /etc/courier/*renta.net >>> defaultdomain.ded1649.renta.net >>> dsnfrom.ded1649.renta.net >>> esmtpd.pem.ded1649.renta.net -> ../ssl/ded1649.renta.net/mailserver.pem >>> imapd.pem.ded1649.renta.net -> ../ssl/ded1649.renta.net/mailserver.pem >>> vhost.ded1649.renta.net > > Find the pid that's listening on localhost, then run strace on it. In my case > it's pid 15018. > > # strace -s 256 -f -o z -p 15018 > > Then, use couriertls like this: > > TLS_TRUSTCERTS=/etc/pki/tls/cert.pem TLS_VERIFYPEER=none couriertls \ > -host=localhost -port=143 -protocol=imap -verify=localhost > > Fedora installs all trusted certs in /etc/pki/tls/cert.pem; use the > equivalent for Debian, Ubuntu, etc… > > The connection attempt will fail to verify the "localhost" certificate, of > course. That's fine. Then: > > # grep imapd.pem z > 2734 access("/usr/lib/courier-imap/share/imapd.pem.localhost", R_OK) = -1 > ENOENT (No such file or directory) > 2734 access("/usr/lib/courier-imap/share/imapd.pem", R_OK) = 0 > 2734 open("/usr/lib/courier-imap/share/imapd.pem", O_RDONLY) = 10 > > That shows that the server process tried to open imapd.pem.localhost, first. Excellent, thank you Sam! Every variation I tried results in... 21989 access("/etc/courier/imapd.pem.xxx.xxx.104.254", R_OK) = -1 ENOENT (No such file or directory) 21989 open("/etc/courier/imapd.pem", O_RDONLY) = 5 21989 open("/etc/courier/imapd.pem", O_RDONLY) = 5 I don't seem to be able to use the -host=localhost parameter to couriertls. My "netstat -tanup" gives me... tcp6 0 0 :::465 :::*LISTEN 21926/couriertcpd tcp6 0 0 :::25 :::*LISTEN 21895/couriertcpd tcp6 0 0 :::993 :::*LISTEN 21947/couriertcpd tcp6 0 1 xxx.xxx.104.254:993 xxx.xxx.99.177:54272FIN_WAIT1 - Which is odd but the last field does indeed show an ip4 connection. I used the below as I don't enable STARTTLS on 143 and -host=localhost results in an almost empty strace dump file (like it's not even hitting localhost at all)... ~ strace -s 256 -f -o z -p 21947 ~ TLS_TRUSTCERTS=/etc/ssl/certs TLS_VERIFYPEER=none couriertls -host=xxx.xxx.104.254 -port=993 -protocol=imap -verify=localhost And no matter if I use any combination of localhost, ded1649.renta.net or the IP for -host or -verify I always get the "imapd.pem.xxx.xxx.104.254" result above. - is a PTR record required for ded1649.renta.net? - is it possible the 0.76.0 package I am using is missing a build flag? - anything other than vhost.ded1649.renta.net and imapd.pem.ded1649.renta.net needed? -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] New courier and courier-imap release
I finally have a 0.76.0 ubuntu install to test and trying to get this to work... > - courier, courier-imap: add support for TLS SNI when Courier is built with > OpenSSL. I've added this vhost settings but no sign the LetsEncrypt certificate is being delivered to Thunderbird. ~ ls -1 /etc/courier/*renta.net defaultdomain.ded1649.renta.net dsnfrom.ded1649.renta.net esmtpd.pem.ded1649.renta.net -> ../ssl/ded1649.renta.net/mailserver.pem imapd.pem.ded1649.renta.net -> ../ssl/ded1649.renta.net/mailserver.pem vhost.ded1649.renta.net ../ssl/ded1649.renta.net/mailserver.pem does exist and the default one for the canonical host does work okay. Is there some other settings I am missing? -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] esmtproutes (SOLVED)
On 30/03/16 13:04, Sam Varshavchik wrote: >> Anyway, it almost worked... except that I am using LetsEncrypt certificates >> where I have a multiple subdomains of renta.net AND www.renta.net on the >> destination server and the source server said... >> 400 couriertls: Mismatched SSL certificate: CN=www.renta.net (expected >> renta.net) > > You need to either build Courier, on both servers, with GnuTLS, or > use the development builds I currently have up, that add the > necessary support when Courier is built with OpenSSL. Yes, I am waiting and hoping Ondřej Surý will build the latest release as a set of courier dev packages so I can start testing/using this virtual SSL feature. > You could also simply specify the smarthost, in both esmtproutes and > esmtpauthclient, as www.renta.net; this would be the path of least > resistance. Sam, you are a genius... so simple... thank you :) Mar 30 14:23:10 motd courieresmtp[10387]: id=blah, from=,addr= ,size=746,status: success Now that I can see something working I can tease it into a more sane state and look into getting a separate renta.net-only certificate. -- Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785471=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] esmtproutes (was How to disable ipv6)
On 30/03/16 01:13, Mark Constable wrote: > So it seems that maybe courier-mta is trying to use ipv6 and seeing that > I'm not sure how to deal set up ipv6 I would like to completely disable > courier-mta (and imap for that matter) using ipv6 and default to ipv4. So it seems; because outgoing ipv4 port 25 is now blocked by the hosting company that courier-mta managed to at least squeak through an ipv6 connection to the other end that happens to accept ipv6. Cool, but I have no idea how, or time, to set up ipv6 and most destinations won't accept ipv6 anyway. I have to set up a smarthost route to either one of my other courier based mailservers or mailgun/sendgrid but I've never had to stoop so low before. I have used ssmtp on a few really small VPSs and I guess that is an option for me in this case just but I am unsure how to integrate incoming port 25 using esmtpd with outgoing via ssmtp. In looking at esmtproutes I can't see how I can authenticate to port 587/TLS or 465/SSL on the other end so how do I use esmtproutes... domain:relay[,port][/SECURITY=STARTTLS][/SECURITY=REQUIRED][/SECURITY=SMTPS] to emulate something like this setting for ssmtp? mailhub=smtp.sendgrid.net:587 AuthUser=sendgridusername AuthPass=sendgridpassword UseSTARTTLS=YES -- Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785471=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] How to disable ipv6
I have a weird new install where mail comes in okay but trying to send out just hangs with no real feedback as to why but just now an attempt to send to Gmail gave me a hint... "Our system has detected that this message does not meet IPv6 sending guidelines regarding PTR records and authentication. Please review https://support.google.com/mail/?p=ipv6_authentication_error for more information." So it seems that maybe courier-mta is trying to use ipv6 and seeing that I'm not sure how to deal set up ipv6 I would like to completely disable courier-mta (and imap for that matter) using ipv6 and default to ipv4. I've set courierd:ESMTP_PREFER_IPV6_MX=0 but what other settings might influence using ipv6 over ipv4? Ubuntu xenial (16.04) using courier-mta 0.75.0-17+deb.sury.org~xenial+1 -- Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785471=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] maildrop vs courier-maildrop deb packages
I know this is about deb packaging details but someone here might know the answer to this question. The very latest ubuntu devel packages are dropping courier-maildrop in favour of just using the maildrop package and aside from the default /etc/courier/maildroprc moving to /etc/maildroprc I've noticed another slight difference... courier-maildrop package, where HOME is from the mysql homedir field... Mar 17 05:12:19 gc3 authdaemond[7616]: Authenticated: sysusername=, sysuserid=1001, sysgroupid=1001, homedir=/home/u/goldcoast.org/home/admin, address=ad...@goldcoast.org, fullname=, maildir=, quota=524288000S, options= Mar 17 05:12:19 gc3 courierlocal[7751]:id=blah, from=,addr= : maildrop: Changing to /home/u/goldcoast.org/home/admin maildrop package, where HOME now seems to be from getent passwd... Mar 17 06:11:29 gc3 courierlocal[7751]:id=blah, from= ,addr= : maildrop: Changing to /home/u/goldcoast.org I have uncommented this in /etc/maildroprc but the above getent HOME field remains the same... DEFAULT="$HOME/Maildir" How can I get back the previous maildrop behaviour where it treats HOME as from the virtual homedir field rather than the home field in /etc/passwd? -- Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785231=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] maildrop vs courier-maildrop deb packages
On 17/03/16 21:00, Sam Varshavchik wrote: >> How can I get back the previous maildrop behaviour where it treats >> HOME as from the virtual homedir field rather than the home field >> in /etc/passwd? > > Most likely by explicitly invoking maildrop with the -d option. I've read through most of this twice today... http://www.courier-mta.org/maildrop/maildropfilter.html but I can't seem to translate that info into how to "explicitly invoke" the -d option in this particular use case... ./courierd:DEFAULTDELIVERY="|/usr/bin/maildrop -w 90" Is something like this possible? DEFAULTDELIVERY="|/usr/bin/maildrop -w 90 -d ${RECIPIENT}" -- Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785231=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] maildrop vs courier-maildrop deb packages
On 18/03/16 12:20, Sam Varshavchik wrote: > Pedantically, it should be > > DEFAULTDELIVERY='|/usr/bin/maildrop -w 90 -V 9 -d "${RECIPIENT}"' > > to guard against a wildcard virtual domain alias allowing some clown > to use an address with shell special characters. Right, I tried that but when I did not get any debug output to tell me what "maildrop: Changing to /home/etc" was I assumed that it was not quite the right incarnation so I kept trying other combinations. Then I reread your maildrop page again and sure enough... -V is ignored when maildrop runs in delivery mode. http://www.courier-mta.org/maildrop/maildrop.html These 2 paragraphs seem to be the most relevant but at no point is it obvious WHICH $HOME var is going to be used (getent or virtual) but if I reread the 2nd parargraph a few more times then it could be obvious that it was referring to the virtual $HOME (the one I want). > If a filename is not specified on the command line, or if the -d > option is used, maildrop will run in delivery mode. In delivery mode, > maildrop changes to the home directory of the user specified by the > -d option (or the user who is running maildrop if the -d option was > not given) and reads $HOME/.mailfilter for filtering instructions. > $HOME/.mailfilter must be owned by the user, and have no group or > global permissions (maildrop terminates if it does). > The -d option can also specify a name of a virtual account or > mailbox. See the makeuserdb(1) manual page in the Courier > Authentication library's documentation for more information. Anyway, it seems to be working. I can set the getent $HOME to be root owned (so that I can use SFTP/SSH chroots) and still have mail delivered inside that area to the virtual $HOME as was possible with the courier-maildrop deb package. Sam, thank you once again... especially for your pedantic help :-) -- Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785231=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] maildrop vs courier-maildrop deb packages
On 17/03/16 22:27, Sam Varshavchik wrote: >> >> How can I get back the previous maildrop behaviour where it treats >> >> HOME as from the virtual homedir field rather than the home field >> >> in /etc/passwd? >> > >> > Most likely by explicitly invoking maildrop with the -d option. >> >> I've read through most of this twice today... >> >> http://www.courier-mta.org/maildrop/maildropfilter.html >> >> but I can't seem to translate that info into how to "explicitly invoke" >> the -d option in this particular use case... >> >> ./courierd:DEFAULTDELIVERY="|/usr/bin/maildrop -w 90" >> >> Is something like this possible? >> >> DEFAULTDELIVERY="|/usr/bin/maildrop -w 90 -d ${RECIPIENT}" > > Make them apostrophes. You don't want variable expansion at the time > this setting is read, but rather when this is executed at delivery > time. I guess you meant something like this? DEFAULTDELIVERY="|/usr/bin/maildrop -w 90 -V 9 -d '${RECIPIENT}'" No difference with every permutation of the above I could think of. *** To demonstrate the problem in case anyone else knows how to tweak the regular maildrop deb package to behave like the courier-maildrop package... courier-maildrop package Mar 17 05:12:19 gc3 authdaemond[7616]: Authenticated: sysusername=, sysuserid=1001, sysgroupid=1001, homedir=/home/u/goldcoast.org/home/admin, address=ad...@goldcoast.org, fullname=, maildir=, quota=524288000S, options= Mar 17 05:12:19 gc3 courierlocal[7751]:id=blah, from=,addr= : maildrop: Changing to /home/u/goldcoast.org/home/admin maildrop package Mar 17 06:11:29 gc3 courierlocal[7751]:id=blah, from= ,addr= : maildrop: Changing to /home/u/goldcoast.org -- Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785231=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SNI for SSL negotiations
>> Would mail clients like Thunderbird need to understand SNI as well >> or would it be up to only the server daemon to present the right >> certificate? > > Both. SNI is a protocol extension. Both the client and the server > have to be explicitly coded to support it. Thanks for the confirmation. According to this posting in 2011 the author noted that Thunderbird does initiate the SSL handshake with the hostname in plain text so it probably does do SNI. Promising. http://forums.mozillazine.org/viewtopic.php?f=39=2316281 I also found this reference so I'll give it a try, even though the custom Debian packages I use most likely do not use GnuTLS. *** SNI If the IMAP server is supposed to work for different domain names, the TLS extension SNI comes into play. The way how Courier implements this is: Set TLS_CERTFILE to a base path, e.g. TLS_CERTFILE=/etc/ssl/private/imap.pem The concrete certificates must then be stored in files that are formed by appending the domain name to the base path, e.g. /etc/ssl/private/imap.pem.example.com Courier will look up the correct certificate based on the host name advertised during the TLS/SNI exchange -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SNI for SSL negotiations
On 03/03/16 12:37, Sam Varshavchik wrote: >> Is there any possibility that SNI negotiation can take place when >> doing SSL handshakes with couriers daemons so that multiple SSL >> certificates can be used on the same IP? > > I haven't yet found the time to investigate what needs to be done >to support SNI with OpenSSL. OpenSSL's documentation was always > difficult to decipher overall, good examples are hard to come by. Okay, close with GnuTLS but not OpenSSL so not completely out of the question, perhaps. It's just that now LetsEncrypt is becoming popular it will be super easy to add real certificates to any and all vhosts on a single server with a single IP. Would mail clients like Thunderbird need to understand SNI as well or would it be up to only the server daemon to present the right certificate? Might be a vaguely related example here... https://github.com/nginx/nginx/blob/master/src/http/ngx_http_request.c#L822 -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] SNI for SSL negotiations
I think I may have asked this question many years ago but just in case things have changed. Is there any possibility that some of SNI negotiation can take place when doing SSL handshakes with couriers daemons so that multiple SSL certificates can be used on the same IP? -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] SPF failing again
I have another SPF fail and this time it could be courier-mta at fault because if I check with... http://mxtoolbox.com/SuperTool.aspx?action=spf%3abounce.s7.exacttarget.com%3a136.147.176.7 it indicates this one should work, but... Jan 21 15:49:18 s1 courieresmtpd: error, relay=:::136.147.176.7, from=: 517 SPF fail bounce-4814_html-122269605-10348-7213380-5...@bounce.s7.exacttarget.com: Address does not pass the Sender Policy Fr... ~ dig txt bounce.s7.exacttarget.com bounce.s7.exacttarget.com. 14399 IN TXT "spf2.0/pra include:cust-senderid.exacttarget.com -all" bounce.s7.exacttarget.com. 14399 IN TXT "v=spf1 include:cust-spf.exacttarget.com -all" ~ dig txt cust-senderid.exacttarget.com cust-spf.exacttarget.com. 190 IN TXT "v=spf1 ip4:64.132.92.0/24 ip4:64.132.88.0/23 ip4:66.231.80.0/20 ip4:68.232.192.0/20 ip4:199.122.120.0/21 ip4:207.67.38.0/24 " "ip4:207.67.98.192/27 ip4:207.250.68.0/24 ip4:209.43.22.0/28 ip4:198.245.80.0/20 ip4:136.147.128.0/20 ip4:136.147.176.0/20 ip4:13.111.0.0/20 -all" And sure enough we have a ip4:136.147.176.0/20 range which includes 136.147.176.7 so going by this I would have expected even the bounce above to pass SPF. It's what caused the bounce I am really trying to track down but this error is the only thing I have to go on so far. Is that 'ip4:207.67.38.0/24 " "ip4:207.67.98.192/27' part allowed in a SPF record? Or anything obvious I might have missed? *** Hmm, this is a bit odd... ~ dig bounce.s7.exacttarget.com bounce.s7.exacttarget.com. 4753 IN A 66.231.91.54 ~ dig -x 66.231.91.54 54.91.231.66.in-addr.arpa. 8133 IN PTR mx-in-2.exacttarget.com. So is it possible courier is rejecting the mismatched forward and reverse records for the originating domain (but that would be nothing to do with SPF)? -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Failing SPF from spf.protection.outlook.com
I can't quite work out why this particular example is failing an SPF check. Jan 27 10:49:46 s1 courieresmtpd: error, relay=:::104.47.126.51, from=: 517 SPF fail recept...@.com.au: Address does not pass the Sender Policy Framework The IP is owned by M$ and it returns an outlook.com PTR... ~ dig +short -x 104.47.126.51 mail-pu1apc01on0051.outbound.protection.outlook.com. Is it at all possible the google-site-verification TXT RR is confusing the issue? ~ dig +short txt .com.au "v=spf1 includes:spf.protection.outlook.com -all" "google-site-verification=IlCUVOxK5F8zXd5ATS9ffkVvBDS1ZkQJT-XXX" Is it possible that 104.47.126.51 is not part of includes:spf.protection.outlook.com ? Or is there something obvious I might be missing? -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Failing SPF from spf.protection.outlook.com
On 27/01/16 12:20, Sam Varshavchik wrote: > Use the full dig command. Is this two separate TXT records, or one > single TXT record with two strings. If google-site-verification is a > separate TXT record, it will definitely be ignored. Sorry, yes, it was 2 distinct TXT records... .com.au. 300 IN TXT "v=spf1 includes:spf.protection.outlook.com -all" .com.au. 300 IN TXT "google-site-verification=IlCUVOx... etc" > There are a bunch of nested includes here. Maybe one of them resulted > in a stalled DNS lookup, and this is configured to be treated as a > hard failure. The IP address looks fine to me. I think I see the problem, includes != include... v=spf1 includes:spf.protection.outlook.com -all should be... v=spf1 include:spf.protection.outlook.com -all The domain admin at.com.au has made a mistake setting up the TXT record. I hope you don't mind but while I am here would you/anyone mind giving me a reminder how to "whitelist" the above until they fix the TXT record? -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] setgid(1) and setuid(1)
I know this is not strictly a courier code issue but I'm trying to track down a permissions issue and from this strace I am getting... setgid(1) = 0 getuid()= 0 setgroups(1, [1]) = 0 setuid(1) = 0 chdir("/usr") = 0 chdir("/var/lib/courier/tmp") = 0 [... ending with ...] sendto(3, "<19>Jan 2 19:05:47 submit: Permission denied", 45, MSG_NOSIGNAL, NULL, 0) = 45 unlink("145172/1451725547.16796.goldcoast.org") = -1 EACCES (Permission denied) but there is nothing in /var/lib/courier/tmp. My question; does that setgid(1) and setuid(1) mean to change to the uid:gid of 1:1? That is daemon:daemon on Debian systems whereas it should be 114:117 on my system for the "courier" user. If so then it would explain why /var/lib/courier/tmp owned by courier:courier can't be written to by a program changing to daemon:daemon. Which probably means the packages I am testing are built with some kind of internal daemon:daemon permissions whereas all external files are given courier:courier, ie;... ./esmtpd:MAILGROUP=courier ./esmtpd:MAILUSER=courier -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] What config option controls -access=
On 01/01/16 23:39, Sam Varshavchik wrote: >> /usr/lib/courier/sbin/imapd references $IMAPACCESSFILE > > Right. Looks like a packaging bug. The imapd configuration file > should be setting IMAPACCESSFILE. Thanks Sam and Gordon, I'm actually helping the guy putting some 0.75 *buntu packages together, up from 0.73, and I could not find any reference to what the -access= arg should be for IMAP. It's only when I did a "which makeimapaccess" after Gordons message that the penny dropped. No doubt it works the same as smtpaccess. Could be handy. These new 0.75 deb packages for "wily" (15.10) are proving ornery because the packager has changed uid:gid from the previous "daemon" user that Debian has used for a decade to the more common "courier" user (in line with Archlinux and maybe RH/Centos). IMAP is working okay but I'm seeing strange behavior with esmtpd. I'll announce the packages here when they pass muster. -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] What config option controls -access=
courier-mta 0.75.0-2+deb.sury.org~wily+2 My /etc/courier/imapd file has ACCESSFILE=/etc/courier/smtpaccess and yet these 2 daemon instance below show -access=.dat. Where do I set whatever affects the -access argument? root 19325 0.0 0.0 4368 1268 ?S14:05 0:00 /usr/sbin/courierlogger -pid=/var/run/courier/imapd.pid -start -name=imapd /usr/sbin/couriertcpd -address=0.0.0.0 -maxprocs=400 -maxperip=200 -access=.dat -nodnslookup -noidentlookup 143 /usr/lib/courier/courier/imaplogin /usr/bin/imapd Maildir root 19326 0.0 0.0 6692 788 ?S14:05 0:00 /usr/sbin/couriertcpd -address=0.0.0.0 -maxprocs=400 -maxperip=200 -access=.dat -nodnslookup -noidentlookup 143 /usr/lib/courier/courier/imaplogin /usr/bin/imapd Maildir -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] More recent debian/buntu packages anywhere?
I've been using somewhat more recent packages available from here... deb http://ppa.launchpad.net/ondrej/courier/ubuntu vivid main but... courier-mta 0.73.1-1.3+deb.sury.org~vivid+2 courier-imap 4.15-1.3+deb.sury.org~vivid+2 courier-authlib 0.66.3-1+deb.sury.org~wily+2 are still a good deal behind the latest upstream source from Sam and it seems my plea to update them is not being looked into... https://github.com/oerdnj/deb.sury.org/issues/136 so is anyone aware of any (PPA of) uptodate pre-built debs? I'd normally build from source but the reason I stick to Courier is because I can whittle it down to run on really small VPS/containers which are way too small to do a compile. -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Unexpected SSL connection shutdown
On Fri, 31 Jul 2015 01:07:38 PM Bowie Bailey wrote: Apparently, Outlook doesn't like something about my SSL setup. These errors and the bounceback errors I have been provided by the sender don't give any clues to the actual problem. I have the protocol set to SSL23, which should allow everything according to the comments in the file. Any suggestions? There was a patch update to W8-ish a few months ago that disabled support for SSL3 and we found we had to remove SSL3 altogether to overcome that problem. I think Sam has dropped SSL3 by default in the later releases. This is from 0.73.1... courierd : TLS_CIPHER_LIST=TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH esmtpd : TLS_CIPHER_LIST=TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] PHP Control Panel
I've just spent a few days reviewing web control panels again and as anyone knows who has looked there is nothing that supports courier-mta out of the box, some support courier-imap (Froxlor, ISPConfig). I have some code I've written myself but it's such a huge job to write a web CP from scratch and I've been kicking my code along for 5 or 6 years now and it's still not to the point where I could use it. I'm at the point where I really can no longer justify not having either a free or pay-for (cPanel/WHMCS) web panel system and still remain in business much longer. The number of clients asking where is the cpanel is becoming a very real issue but to adopt any of the current crop of panels means giving up on courier-mta which I have resisted for over a decade now. If there is anyone out there that needs/wants a PHP control panel that includes support for courier-mta then please respond to this thread. -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] [SOLVED] Recent Windows 8.1 update problem
On Fri, 22 May 2015 07:07:13 AM Sam Varshavchik wrote: openssl dhparam -out /etc/ssl/dhparam.pem 2048 mkdhparams already defaults to 2048 bit DH keys. FWIW, maybe I have an old one but unless I do this I still get a 768bit DH param file... ~ rm /etc/courier/dhparams.pem ~ export DH_BITS=2048; mkdhparams 512 semi-random bytes loaded Generating DH parameters, 2048 bit long safe prime, generator 2 vs ~ rm /etc/courier/dhparams.pem ~ mkdhparams 512 semi-random bytes loaded Generating DH parameters, 768 bit long safe prime, generator 2 courier-ssl 0.73.1-1.3+deb.sury.org~utopic+2 -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] [SOLVED] Recent Windows 8.1 update problem
On Fri, 22 May 2015 07:07:13 AM Sam Varshavchik wrote: openssl dhparam -out /etc/ssl/dhparam.pem 2048 mkdhparams already defaults to 2048 bit DH keys. Right, good to know I can install courier first and just use it's dhparam.pem for nginx too. TLS_DHPARAMS=/etc/ssl/dhparam.pem TLS_CIPHER_LIST=TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH It's surprising that having SSLv3 in there makes MS-Windows client refuse to connect to the server. I haven't found any definitive info from them stating they have dropped support for SSL3 and it only applies to a recently updated Windows 8.1 machine (to mitigate the POODLE attack I guess.) All I know is I found an old 768 bit dhparam.pem in use (could have been 3 or 4 years old) so some combination of 2048 bit certificate, 2048 bit DH key and removal of SSL3 started working for upgraded 8.1 clients. But, if MS-Window is going to force everyone to finally drop SSL3, that's fine. I'll drop it from the default configuration too. FWIW when I use ssllabs.com to test the same certificate via nginx it lists emulated OS/browsers that rely on SSL3... Android 2.3.7 IE 6 / XP IE 8 / XP Java 6/7/8 No great loss as everything else seems to work with TLS 1.0 or TLS 1.2. A possible solution for ancient XP users is to insist they use Thunderbird. -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] [SOLVED] Recent Windows 8.1 update problem
A related followup. This looks like the actual MS patch that caused my particular problem with Outlook users not being able to connect via SSL after a recent MS update. For some reason I had an old 768 bit dhparams.pem file and this link clearly states that MS will now only accept a minimum of 1024 bit DH keys... https://technet.microsoft.com/library/security/MS15-055 So *maybe* it's nothing to do with SSL3 but I'm not game enough to put SSL3 back on a busy server just to test this out. -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] [SOLVED] Recent Windows 8.1 update problem
On Tue, 19 May 2015 10:07:32 AM Alessandro Vesely wrote: No, but admittedly just a cheap chained certificate... What's the key length? This article seems to imply it must be = 2048: https://www.sophos.com/en-us/support/knowledgebase/122327.aspx Thanks for this (and Sams) hint about an older certificate being at fault. It wasn't the first thing that occurred to because the cert had been working up until the W8.1 upgrade and still worked for all other clients. However, just installing a new 2048 bit certificate didn't fix our problem, it also required a 2048 bit DH key exchange and disabling SSL3 as well... openssl dhparam -out /etc/ssl/dhparam.pem 2048 and I modified these 2 settings in esmtpd and imapd... TLS_DHPARAMS=/etc/ssl/dhparam.pem TLS_CIPHER_LIST=TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH Getting the chained certificates in the right order for nginx and courier is yet another battle but that depends on the particular cert in use. -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Recent Windows 8.1 update problem
On Mon, 18 May 2015 07:03:21 AM Sam Varshavchik wrote: ie; IMAP port 143/none and SMTP port 587/none works for those Windows 8.1 users who have had updates since the 12th May 2015. Are you using self-signed certificates for IMAP and SMTP? No, but admittedly just a cheap chained certificate... openssl s_client -CApath /etc/ssl/certs -connect 202.6.248.6:465 openssl s_client -CApath /etc/ssl/certs -connect 202.6.248.6:993 openssl s_client -CApath /etc/ssl/certs -connect 202.6.248.6:143 -starttls imap openssl s_client -CApath /etc/ssl/certs -connect 202.6.248.6:587 -starttls smtp The IMAP logs you sent show nothing interesting except the Outlook is still not handling IMAP namespaces correctly, Duh. and getting some errors, but it does not appear to stop it, it continues on its merry way. Thanks for looking. I suspect the problem is before this at the authdaemon stage. I guess trying to strace authdaemon might help but getting W8.1 and Outlook and a similar not-so-busy test server set up is not going to be easy. -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Recent Windows 8.1 update problem
On Mon, 18 May 2015 11:35:07 AM Matus UHLAR - fantomas wrote: FWIW we found a workaround for now and that is to disable tls/ssl. I believe you understand that this is very bad workaround The only alternative was to ask users to downgrade and disable OS upgrades. One user had 2Gb of upgrades they were in the process of uninstalling when we finally got hold of a new laptop and could try various combinations until, as a last resort, we tried 143/none and 587/none and it worked! ie; IMAP port 143/none and SMTP port 587/none works for those Windows 8.1 users who have had updates since the 12th May 2015. does the problem apply when trying imap/143/starttls and imaps/993, smtp/587/starttls and smtp/465/ssl ? Yes, anything to do with encryption just stopped working immediately after these users accepted the W8.1 upgrade. -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Recent Windows 8.1 update problem
On Sun, 17 May 2015 09:41:47 PM Sam Varshavchik wrote: May 18 10:37:12 s1 courieresmtpd: error,relay=:::xx.xx.xx.xx,msg=502 ESMTP command error,cmd: DATA The SMTP error message would not have anything to do with the client's failure to talk IMAP. That's a dead end. Unless, for some reason, the client makes an smtp connection, for some reason. As far as I can tell it's happening for SMTP and IMAP but not for POP. Unfortunately I don't have W8.1 let alone Outlook myself. And to reiterate, it only started happening after the most recent updates last week... I guess one of M$s regular patch tuesday updates. It's true that there's not a lot to go by. In fact, without the actual error being shown – the actual error message, instead of meaningless dribble like error 0x800CCC0E – the only party here who could possibly know the answer is Microsoft. Looks like a generic error message... It is very common to receive the error message 0x800CCC0E when configuring an email account in Outlook and trying to send an e-mail, the reason why you get the error is because Outlook is not authenticating your account on the server while sending it, so the outgoing mail server rejects the message. The advice is to set up My server requires authentification but all our users already have this set up. The only way this can be investigated further, is have a controlled environment with IMAGDEBUGFILE turned on, to capture what the client is sending, and what the response is. Okay. I am waiting for the next client to call support with this problem so I can touch imaplog.dat and capture some IMAP transaction details. -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Recent Windows 8.1 update problem
Hi we are seeing everyone that updated their Windows 8.1 systems last week no longer be able to authenticate with courier, and it only seems to be courier at fault which may explain why we have not been able to google for any solutions other than to advise clients to undo last weeks updates. I've got a screenshot of the error so I'll manually type it in here... Task 'Syncronizing subscribed folders for user@domain' reported error (0x800CCC0E): 'Outlook cannot synchronize subscribed folders for user@domain. Error: Cannot connect to the server. If you continue to receive this message, contact your server administrator or ISP. I think I am seeing way too many of these but it's hard to nail down which user belongs to which IP when a lot of them are dynamic... May 18 10:37:12 s1 courieresmtpd: error,relay=:::xx.xx.xx.xx,msg=502 ESMTP command error,cmd: DATA There is not a lot in the logs to go by. courier-mta 0.73, imap 4.15 Is anyone else aware of this problem and or have any info, or better yet, some kind of workaround/solution? -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Recent Windows 8.1 update problem
FWIW we found a workaround for now and that is to disable tls/ssl. ie; IMAP port 143/none and SMTP port 587/none works for those Windows 8.1 users who have had updates since the 12th May 2015. -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] invalid UIDNEXT value
I have no idea if this is a real bug or not but there seems to be a lot of these in my local desktop logfile output from Kmail which uses the so called akonadi backend to fetch IMAP messages. This is a FWIW. akonadi_imap_resource_0(2620) RetrieveItemsTask::onFinalSelectDone: Server bug: Your IMAP Server delivered an invalid UIDNEXT value. This is a known problem with Courier IMAP. -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] invalid UIDNEXT value
On 02/04/15 09:52, Sam Varshavchik wrote: Next, someone pointed out the fact that the client should not assume that the client will get a UIDNEXT. This was explicitly documented: If this is missing, the client can not make any assumptions about the next unique identifier value. So clients should be prepared to deal, gracefully, with the absence of the additional messages. After this was pointed out there were two basic options: 1) Deal with it, 2) Reach out and inquire about the possibility of implementing the additional messages. The option chosen was a variation of doing #1, and then throwing an temper tantrum. No doubt a lack of IMAP expertise on their end and that the Kolab folks (where there is some expertise) seem to depend on cyrus, and most other people seem to use the postfix/dovecot combination. So are you saying if they tried 2) above that you may have been responsive with either workaround suggestions (for them) or even some future potential courier-imap modifications? If so then may I point to this thread in a KDE bugreport? I completely missed this because I have been using Thunderbird for a few years explicitly because their akonadi IMAP backend has been unusable. I only noticed a day or so ago on a fresh Kubuntu 15.04 install when I tried kmail/akonadi for a test to see if things have improved (as I have done 2 or 3 times a year for the last 3 or 4 years.) It has improved slightly but akonadi downloads all headers everything I change folders so it's still unusable. Kmail used to be a truly excellent client before they introduced this separate akonadi backend system. -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Aliasing
On 27/02/15 02:51, Alessandro Vesely wrote: https://github.com/r-a-y/bp-reply-by-email The 'tag' element of the settings can be changed without forking. Alessandro, you were dead right. When I went back into the BP Reply By Email dashboard I noticed an Address Tag Separator setting and when I obviously changed that from a + to a - it started working with my courier-mta installation, with a .courier-default in the target users home directory. So I'm pleased to report that Wordpress + BuddyPress + the Reply-By-Email plugin does indeed work with courier simply by flipping that Tag setting. -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Aliasing
On 26/02/15 11:40, Sam Varshavchik wrote: But the best course of action is to wrap that third party app, somehow, and change the return address to use dashes instead of pluses. That would make things much easier. Thanks, I can see that this is going to be the cleanest approach and have forked this repo for further investigation... https://github.com/r-a-y/bp-reply-by-email It's part of a BuddyPress plugin for Wordpress that extends the bbPress forum plugin component to allow posting back into a forum via email. I've just rediscovered Wordpress and am going to look into using it, or rather it's admin interface, to eventually manage anything to do with Courier. This reply-by-email functionality and this particular plugin seems like a good place to start. On 26/02/15 19:44, Matus UHLAR - fantomas wrote: ciab+605e46207a16cd9170493949c2684fb1-...@renta.net what do you mean like that? Does the string after + change? Yes. It's a key so the reply from the user can be matched with what's on the originating server. A bit like a one-time-password (OTP) I guess. That means that the app is compatibile with sendmail and postfix that both use + sign to separate username from additional information. I suspected as much. courier uses - as the separator, so if you could force the application to use - instead of +, you could use .courier-default in the ciab's home directory. I'm still unsure how to handle the variable key part... ciab-#key#-new Otherwise, maybe you could switch the application Yep, as noted above I will try this. or try switching to sendmail/postfix. That is not an option :-) On 26/02/15 23:26, Alessandro Vesely wrote: It is also possible to use an alternative localmailfilter program. Using one similar to the one published at http://www.tana.it/sw/rcptfilter/ Interesting code. It seems like a bit of a sledgehammer to solve this problem but it may come down to it so thanks for the link. -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Development
On 15/02/15 23:59, Sam Varshavchik wrote: Try adding line-height: 1.5 to the CSS for the navigation line, so when it wraps on a mobile screen there will be extra spacing between the multiple lines. Bingo! It took a line-height of 1.7 on the whole body to work but now it's 100/100 and no need for any inline-block buttons. but, after all, the web site isn't really targeted at mobile devices in the first place. Sure, but it could be. The point of chasing PageSpeed results is that it ensures the page will load as fast as possible over a 3G network and if it scores well there then it'll be blisteringly fast via nginx on a non-3G network... and that is indeed a reasonable goal to chase (page load speed). The javascript drop-down provides links for navigating between major website sub-sections. I'd like to preserve some way of doing that. See my latest suggestion... . the h1 logo becomes the Home link . Intro appended to the home index page . Install could be appended to the Download page . Links, Wiki and FAQ links could be added to the Docs page Compare. One of them does not require pinching and zooming... https://developers.google.com/speed/pagespeed/insights/?url=courier-mta.org https://developers.google.com/speed/pagespeed/insights/?url=renta.net/courier No initial Courier javascript link means that JS can go (better SEF/SEO) and the CSS is a fairly remarkable 9 lines. Small enough to paste into each page which avoids the above the fold issue (browser waiting for CSS to load before being able to render the first visible part of the page). -- body { font-family: sans-serif; line-height: 1.7; margin: 0 auto; width: 60em; } h1, h2, h3 { line-height: 1; } a { text-decoration: none; } a:hover { text-decoration: underline;} footer, .gplus { text-align: center; } .advert { clear: both; } .copyright { color: #7F7F7F; font-size: 75%; font-style: italic; } .flag { float: right; margin-left: 0.5em; } @media only screen and (max-width: 60em) { body { width: 92%; }} -- Strictly speaking, the a, a:hover, .advert and .copyright could go too, they're mostly just my personal preferences. If this is in anyway close to being acceptable then it's just the head header and footer tags that need to go into the other pages and I certainly don't mind doing that for the static pages. -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Development
On 15/02/15 01:46, Sam Varshavchik wrote: All of this is fixable with trivial CSS tweaking. [...] Right. The layout is simple enough so that a complete reengineering is overkill. Totally agree. It's not often I get a chance to work with static pages and page loading speed trumps glitz in this case. To me the main problem is what to do with the navigation at the top. If you check Google PageSpeed results you will see their only complaint (with CSS and JS inline) is that the buttons are too close together for a touch device, otherwise it would score 100 on my courier main page suggestion. I've tried making my buttons even bigger but PageSpeed still won't gimme 100. See size tap targets (passes everything else)... https://developers.google.com/speed/pagespeed/insights/?url=https://renta.net/courier I think it comes down to 2 issues, what style for the top nav and then that probably demands some rearrangment of those links. The first javascript courier dropdown should go (not bookmarkable or SEF) and those links get moved... somewhere else. Ie; the top nav links could be as simple as... Home | Download | Documentation (or just Docs) where Intro and Install get moved as links to the Download page and FAQ, Wiki (the github one), Links and current dropdown links all get moved to Documentation. For now, I pushed both git repos to github. We'll see what happens in the future. Woohoo, thank you, from me at least :-) There are still some Sourceforge services that github can't really replace, though. Initially when I looked at it, a while ago, they really didn't offer any means of downloading packaged tarballs, only tagging commits as releases. Looks like they might have something now. Github also doesn't have mailing lists. But not really needed because this current list works and I don't think there is any reason you can't keep using the SF download service. One tentative suggestion is to set up a cheap VPS that specializes in running the latest release of courier and then run these mailing lists from that instance of courier. It kind of seems appropriate to me to manage these courier lists using courier-mlm on top of courier-mta :) -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Development
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 14/02/15 12:19, Sam Varshavchik wrote: Sure, and I already link to a Japanese language site that someone maintains. Okay, cool. But out of curiosity – what exactly is the problem with viewing www.courier- mta.org from a mobile phone. I just tried it with Firefox mobile, and everything looks perfect. I had only been looking at it by making my FF browser window narrower. I didn't realize you had an adsense ad up the top! The top links are a problem and you've gone and added some funky javascript for a dropdown menu which I never noticed before :) . would you consider changing the doctype to HTML5? . would you be adverse to adding some CSS3 media queries? Here's one HTML5 and CSS3 validated attempt of just the front page... https://renta.net/courier/ My Nexus 5 approves and even Pagespeed is reasonable... https://developers.google.com/speed/pagespeed/insights/?url=https://renta.net/courier -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBAgAGBQJU3t8HAAoJELvfH8Y84sh4a/sP/26wzZ5mdXRFHR2cRrBfSa9F myqWsfsb6L+/2wiFCLQOmBSdrkIPkyFxAfiGcvRxgspJY3ZXOUPFE2WpujpTnM+m dlgw4+0/3ZbG/OdkSiI2mZx6KK20i8B4Nt7ltGE90S+p164eZxsZKvTvRsLuNRct 2E3YHg1PPQ86whgylkdWcl6POc8rtFYd/pCTiN9sv+U7ngOjLtMHreiFS2EsbdEC Y8nBRXvSIVrB8D6dXSkMKB0eAzZrCLI5ZFOuh5EYN65L7guqDroatsYjSVRjLlUe pHCqVz6fyv519ZXSC8s+tcqVyORrbOghvumsifJM79P0jiVBCpj/VgA53H3uEr6O 7c1ZYuIhu6MkdrF105IDh55BUmYQRW/aem/RC0ahmEpfsBvcl/ZMM9r9fAydBCqP SXDhFydDJ08BH7ULgqIT2SqmZkhh+gfLBTBE+1W9PpBr7izTibXCIelu4FJ8OewU cV302S1H+kQ1ezK+/Y1c2rbgpUP2zPQc/v0QwUtA8/JugdiFs1q5fIJ50vP9r5Rl FXy2TY3u1XnT9RQOVv9egIAsZQicGCkVYJE46MNueA0SVu9Q+J/nNc5fiZzsSQqO KHYTsErTQrnxtJgI3hK+j7yCIA+EulhJaqMQcSDp0y7lBI5M2nWnBuY/Ydc117JQ ntqvd1THE5n7zi3czsAx =LJAq -END PGP SIGNATURE- -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Development
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/02/15 23:42, Sam Varshavchik wrote: Would anyone entertain the possibility of updating the web site with a new design? That anyone would be me. In general, I'm happy to look at proposals for tweaks to the web site's appearance. However, two things need to be kept in mind: 1) I'm naturally resistant to radical, inside-out rewrites. I'll be more receptive to many, smaller changes, in steps. Except in the case where a mobile friendly site is required as that would involve serious re-engineering. I know you would argue it's not required but a good deal of the rest of us would suggest it is and/or will be in the coming years. How would you feel if a few of us took the docfiles and see if we can come up with a (most likely Bootstrap based) modern website? What I mean is if we could come up with some system that was mobile friendly and stay in sync with the canonical site that you could provide an official link to it from your site? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBAgAGBQJU3qfvAAoJELvfH8Y84sh4TfQQAJtYuPnU9sjJ8GIJK2QOxWso e8EeykqnTMm7ZxOhm1OJe408JMmrIYONpTRL14nBieMeXmYREhwN30n0CF+NtzUY PiutLH6gHKpmVOCxa4tkbWHOE78XYCddwq/rHhLKJBpC6fEU0C0fuo094Es30O49 JYqbFpZB9pHIxQMqvAgGIqH2Uhv/8aOR2sQvq2vUBBkFz1ecpqMv0rvf8n6pjdPT dHh69Rgnk77Nl4ODiKmliA2Mh8wt5/o0ZYd+qCvHpTbbixYecPu+gehrNvZyDOl4 bTI6UiGaSOdSbzb23HeAViZwV7zDFdbZHISCfnbcSzAlvetM0iUzBSMbmy1zxYcI Gg2bz8+CshZE6En6J8KcDGDAoF6Fc512SbPTBcu74k+N7eItsWMilUy7sj7BkQiv 3bRTXRdajG30LKPAoq34MzCMbYf0ej2qwMQOPiYEuZc2+ZxhkzwvVw1nNQqxMnUW Ovx+x4jbosvQ4CN34GdzAV8i9ooNp9iGyj9ieWSFKahnDyQR+3b9Of2IFjms9F1/ kP/PhTUYGgoX+K0Q52IGsgsenEhpRp5YzzqGSLPBoMZn8gVMlXCrSFlOS2++LryU 1CAM2q5811UIDi6vuHJoOWVJQlasF7zBKtB9yKPe+xc6N0xtld/d5SFkeqS5eJOK Y84fj6d0qd2E9bsgEmif =3YAA -END PGP SIGNATURE- -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courier IMAP connectivity issues with iOS devices
On 14/02/15 15:09, Abel Jeffcoat wrote: I was wondering if anyone has seen the issue when iOS devices cannot connect to the IMAP server? I’m running a Plesk v12 server with Courier IMAP. So many different versions etc. One thing we've been caught out with is that an incorrect profile can get stuck so try asking the client to completely remove whatever profile it is an set it up from scratch. -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Development
On 14/02/15 12:47, Zachary Grafton wrote: On my mobile at least, with Chrome, the menu is extremely tiny and practically impossible to use without zooming in about 15 times. Yep, that was my main problem too. And slightly annoying was the lack of a bit of padding down the sides of the body text. The nice thing about Bootstrap is that everything is much more consistent, especially with fonts and the menu is much easier to use. I love Bootstrap but the downside is loading time bloat. A CDN can help but it doesn't avoid having to pull in ~200k inc jQuery at some point. In the case of Sams site there are no forms and that is one of the main benefits of using BS3. A few 100 bytes extra of CSS can provide simple buttons and a single media query to toggle the body width. I was hoping when I asked my initial question that courier was on github and I just couldn't find it. There is actually a courier-contrib repo on Github. I have asked in the past if Sam would move from Sourceforge to Github but he seems to prefer the Sourceforge arrangement. It's easier for him to produce the tarballs. I think it would be practical to ask Sam to at least move the SF wiki to the courier-contrib project at Github. That might get some more contributions to much needed how-to documentation (beyond the excellent but terse reference docs Sam already provides.) -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Ports, SSL and STARTTLS for ESMTP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/02/15 01:29, Hanno Böck wrote: But not sure this is the right place to discuss it, hope we don't annoy others with offtopic discussions. I'm sure there are quite a few of us interested in current best practices. It's certainly a surprise to me that the old school SSL port 465 is now basically un-depreciated and has a serious advantage of avoiding the STRIPSSL attack. I'm now considering avoiding STARTSSL as a default setup and, if this proves to be the right strategy, then I thank this thread for the heads up. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBAgAGBQJU1jeHAAoJELvfH8Y84sh4erUP/2D/BfDg97LOH8SsAmhf5Z7d paEz+TdUEKEmqEedCprVHeqlCecasd0YeKEvPFtJVrSub+FUJhABef3reHEgf/aS NKSe3ROipELX2nzaRLuAo+g+/mp98J0khCQWfGADuGThyAjjCefy4bbkts9vWmLI 2hmQ3JrtuDDl/5GvWJyfA1mu6xfKwdoRceeDDocsXZ0ZWiYFqGGN1pizXwlDAs5S KS01Q51adzm1Vqroyoeky/sPtb3iTcxPB2XdxXM6mOAcRBgmGDXqKT+m5nHlF+pP rStOcDpSG3Z5QA5DeuQsqNl0+3AKy2SNrggMbfuV7Isli0AGujT9hMqpqqoNa/d2 7OHnzx/pEiJ2gYRi1h7za+vY97uzGMmwK5yk01dibH+dNg7i/8Am0rfD8ybzRE1N qnnI69ZagZT82kOPdjXlvkmb4k+2rCx6lWisftrFsj1zm3HXZ2wWYCG0SeNvu0u1 NonagzOY8mfvv6BWluKZ64rLxv9oMWTIPyd2ezj9yU4ZFI4jTX4rSwXJka8vVKql PPk16Fok26kfyFghrVHRqQkqOVILOk5VWVYJ/wR520LZRAXjTfy3Q2JEanqOMlCm fI6BKFQvEHEtVuBOqdZLGQ0OLa6LYSe2WXVzDWopRYFEe8T5KRmr29sbyd1CCK8O nsJkWFl7rM5Z+ZU5lsDa =II1U -END PGP SIGNATURE- -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] autoreply script
On 03/02/15 07:34, Bowie Bailey wrote: I do something similar with my email when I go on vacation. In addition, I wrap it with a test that looks for spam, list mail, and bulk mail headers and does not respond to those. If you are interested, it looks like this: if (! (/^X-Spam-Flag: YES/ || /^List-id:/ || /^Precedence: bulk/ || /^Precedence: junk/) ) { #send autoreply# } Great, excellent addition, thank you Bowie! https://github.com/svarshavchik/courier-contrib/pull/4 -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] autoreply script
On 31/01/15 18:52, Jan Ingvoldstad wrote: Imagine being a recipient of this, and trying to make the flood stop. Do you know how the courier mailbot program works? And imagine forgetting the last lines of the message! The original message is attached to the autoresponse. Unix systems usually come with, or at least have a package for, a program for autoresponses. And how is that meant to work with virtual users? This program is called vacation, and it does it just right. It's been around since the mid eighties. If it was suitable I would been using it for the last 10 years. The script emulates what I have been doing manually ever since we stopped using sqwebmail which allowed clients to set up their own auto-responses. Now this script allows other staff members to setup, edit, enable and disable auto-responses without requiring me in the loop. -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] autoreply script
I've been meaning to do this for the past decade... #!/bin/bash # autoreply 20150130 (C) Mark Constable ma...@renta.net (AGPL-3.0) # # A simple vacation autoreply script for courier-mta based mailservers. # # Depends on these conditions: # # - courier-imap/mta with courier-authdaemon and maildrop is installed # - nano is installed (and stat, part of the coreutils package) # - the MAILDIR variable below is set to the root of your maildir folders # - the users .mailfilter is not used for anything else # # Usage: # # autoreply - show simple usage text and exit # autoreply fi- find all occurrences of autoreply.txt, and status # autoreply sh email@address - show the current autoreply.txt # autoreply ed email@address - edit/create an autoreply for email@address # autoreply en email@address - enable autoreply for user # autoreply di email@address - disable autoreply for user # autoreply rm email@address - completely remove users autoreply # #set -x MAILDIRS=/home/u test -z $1 echo Usage: autoreply sh(ow)|ed(it)|en(able)|di(sable)|rm(remove)|fi(indall) email@address exit 1 if [ $1 = fi -a -z $2 ]; then echo Please be patient while all users are checked... echo while read -r AUTOREPLY do HDIR=$(dirname $AUTOREPLY) if [ -f $HDIR/.mailfilter ]; then ACTIVE=enabled elif [ -f $HDIR/mailfilter ]; then ACTIVE=disabled else ACTIVE=ERROR: mailfilter does not exist fi echo $HDIR $ACTIVE done (find $MAILDIRS -type f -name autoreply.txt) exit 2 elif [ $1 != fi -a -z $2 ]; then echo Please provide an email address exit 2 fi HOMEDIR=$(authtest $2 2/dev/null | awk '/Home Directory:/ {print $3}') if [ -z $HOMEDIR ]; then echo ERROR: No homedir for $2 exit 2 fi EMAIL=$2 show() { if [ -f $HOMEDIR/autoreply.txt ]; then if [ -f $HOMEDIR/.mailfilter ]; then echo Autoreply currently: Enabled echo grep ^SUBJECT $HOMEDIR/.mailfilter elif [ -f $HOMEDIR/mailfilter ]; then echo Autoreply currently: Disabled echo grep ^SUBJECT $HOMEDIR/mailfilter else echo Error: missing mailfilter, remove and re-setup fi echo cat $HOMEDIR/autoreply.txt else echo There is no autoreply for $EMAIL fi } edit() { if [ ! -f $HOMEDIR/autoreply.txt ]; then cat EOS $HOMEDIR/mailfilter MAILTO=escape(\$RECIPIENT) MAILFROM=escape(\$SENDER) SUBJECT=Auto responder for $EMAIL \`mailbot -t ./autoreply.txt -d ./autoreply -A To: \$MAILFROM -A From: \$MAILTO -s \$SUBJECT -T forwardatt \$SENDMAIL -f \$MAILTO\` EOS echo Type or paste the vacation autoreply text, ctrl-x to save and quit, and then ENABLE the autoreply when ready echo sleep 2 fi nano -t -x -c $HOMEDIR/autoreply.txt MUID=$(stat -c %u $HOMEDIR) MGID=$(stat -c %g $HOMEDIR) chown $MUID:$MGID $HOMEDIR/{autoreply.txt,mailfilter} chmod 600 $HOMEDIR/{autoreply.txt,mailfilter} } enable() { if [ -f $HOMEDIR/.mailfilter ]; then echo Autoreply already enabled elif [ -f $HOMEDIR/mailfilter ]; then mv $HOMEDIR/mailfilter $HOMEDIR/.mailfilter echo Autoreply now enabled else echo ERROR: mailfilter to activate autoreply does not exist, use EDIT to create one fi } disable() { if [ -f $HOMEDIR/.mailfilter ]; then mv $HOMEDIR/.mailfilter $HOMEDIR/mailfilter echo Autoreply now disabled elif [ -f $HOMEDIR/mailfilter ]; then echo Autoreply already disabled else echo ERROR: mailfilter to activate autoreply does not exist, use EDIT to create one fi } remove() { if [ -f $HOMEDIR/.mailfilter ]; then echo Autoreply enabled, please disable first else if [ -f $HOMEDIR/mailfilter ]; then rm $HOMEDIR/mailfilter echo Removed $HOMEDIR/mailfilter (autoreply activation script) else echo Problem: no $HOMEDIR/mailfilter fi if [ -f $HOMEDIR/autoreply.txt ]; then rm $HOMEDIR/autoreply.* echo Removed $HOMEDIR/autoreply.txt (autoreply autoreply content) else echo Problem: no $HOMEDIR/autoreply.txt fi fi } case $1 in sh) show ;; ed) edit ;; en) enable ;; di) disable ;; rm) remove ;; *) echo Please provide one of sh, ed, en, di, rm, fi esac echo $(date +'%Y-%m-%d %X') $(whoami) $(basename $0) $* /var/log/history.log -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Kolab?
Has anyone managed to get a recent installation of Kolab working with courier-imap instead of the default cyrus? -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Read only mailbox (no deliveries)
It's so hot here I can't think. If I wanted to have a read-only backup mailbox that was populated from an active mailbox by automatically moving messages older than 30 days from the active mailbox to the backup mailbox then what would be the easiest and simplest way to deny incoming deliveries to this alternate backup mailbox? -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Slow sending out port 587
Thunderbird often hangs when picking up IMAP (starttls) and I've tried all manner of tweaks but it still persists BUT now for the past week trying to send email via port 587 is also taking up to 1 and 2 minutes before the message actually gets accepted and sent from TB. I've also been getting a huge amount of these, like 30,000 yesterday, which I presume are hitting port 25 so I am not sure why these would affect port 587. Dec 16 17:01:45 s2 courieresmtpd: dropped blocked connection from :::96.45.25.223 I haven't touched the esmtpd MAXDAEMONS but increased esmtpd-msa 10 fold. esmtpd MAXDAEMONS=40 esmtpd MAXPERC=5 esmtpd MAXPERIP=5 esmtpd-msa MAXDAEMONS=400 esmtpd-msa MAXPERC=200 esmtpd-msa MAXPERIP=200 esmtpd-ssl MAXDAEMONS=40 esmtpd-ssl MAXPERC=5 esmtpd-ssl MAXPERIP=5 imapd MAXDAEMONS=400 imapd MAXPERC=200 imapd MAXPERIP=200 I guess my question is if port 25 is getting hammered will that also delay port 587's ability to handle incoming auth'd requests? Bonus question, aside from fail2ban, has anyone got any rules for iptables to block/drop on an OS level any courier-related authdaemon logins and these port 25 access attempts? courier-base 0.73.1-1.3+deb.sury.org~utopic+1 amd64 courier-imap 4.15-1.3+deb.sury.org~utopic+1 amd64 -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] alias user in virtual tables
Just a real low priority suggestion that may not be possible but having to have an extra alias@domain user entry in a virtual password table has always annoyed when using the same table with other services. ATM I am seeing 2 SQL lookups, one to check user id/password and another one to see if there is a alias@domain whereas the initial lookup could include one extra field to check for the alias option. Save a SQL query and also git rid of a lot of otherwise redundant alias database entries. Surely it would be possible to have the authdaemon check the same users entry and if there is a boolean yes/no alias column entry in a single lookup? -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtpaccess and 517 rejects woes
On 28/11/14 22:34, Marcin 'Rambo' Roguski wrote: Nov 28 12:31:04 goldsmith courieresmtpd: error, relay=:::178.63.50.70,from=-[edited]-@platon.com.pl: 517 HELO mx1.evo.pl does not match :::178.63.50.70 The domain you want to whitelist is platon.com.pl so try... platon.com.pl allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0,BOFHNOVRFY=1 -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Turning accounts into honeypots
On 07/11/14 21:52, Sam Varshavchik wrote: Is it possible to add authmysql twice (and have them behave differently)? Nope. You could list authmysql twice, but each instance uses the same config file. Maybe falling over to different auth backends might work but, Sam, it would be really neat to somehow have sane multiple auth options. For instance I would love to have separate imap/pop and smtp auth passwords so if a users incoming mail password is compromised the virus/bot still can't send out using the same account (assuming the user takes advantage of multi passwords). -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] MYSQL_MAILDIR_FIELD missing
On 03/10/14 17:12, Matus UHLAR - fantomas wrote: for debian/ubuntu the config dir is /etc/courier/ for all courier packages except maildrop... (there's no reason to use /usr/local when the package is installed within the OS distribution) Yes, it's a standard debian layout with packages from ... https://launchpad.net/~ondrej/+archive/ubuntu/courier which uses the same debian/rules as the standard older packages except for a few tweaks for the unicode package and adding SQLite for courier-authlib. Even though the mysql lookup seems to work (syslog and mysqls general log both show an otherwise successful sql read) an authtest does fail with the below so it seems (maybe) just after the db lookup that whatever is next in the authdaemon pipeline fails... [pid 9252] socket(PF_LOCAL, SOCK_STREAM, 0) = 6 [pid 9252] fcntl(6, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 [pid 9252] connect(6, {sa_family=AF_LOCAL, sun_path=/var/run/courier/authdaemon/socket}, 110) = 0 [pid 9252] fcntl(6, F_SETFL, O_RDONLY) = 0 [pid 9252] select(7, NULL, [6], NULL, {10, 0}) = 1 (out [6], left {9, 98}) [pid 9252] write(6, PRE . courier ma...@netserva.gol..., 43) = 43 [pid 9252] select(7, [6], NULL, NULL, {30, 0}) = 1 (in [6], left {29, 997494}) [pid 9252] read(6, 0x7fff55064f60, 8191) = -1 EACCES (Permission denied) [pid 9252] close(6)= 0 [pid 9252] write(1, 450 Service temporarily unavaila..., 37) = 37 It may be an issue with the unprivileged LXC container I am testing and if that is the case then whatever is the solution or workaround needs to be sorted out. I will test with a privileged container and a remote VPS with the same utopic distro and sury packages. -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] MYSQL_MAILDIR_FIELD missing
courier-imap 4.15-1 and courier-authdaemon 0.66.1 on Ubuntu 14.10 I can't for the life of me figure out why MYSQL_MAILDIR_FIELD / maildir is not returning a value? Oct 3 11:59:41 netserva authdaemond: SQL query: SELECT username, , password, uid, gid, homedir, , quota, , FROM mail_users WHERE username = 'ma...@netserva.goldcoast.org' Oct 3 11:59:41 netserva authdaemond: Authenticated: sysusername=null, sysuserid=1, sysgroupid=1, homedir=/var/customers/mail/, address=ma...@netserva.goldcoast.org, fullname=null, maildir=null, quota=1S, options=null Oct 3 11:59:41 netserva authdaemond: Authenticated: clearpasswd=, passwd=null ~ cat /etc/courier/authmysqlrc MYSQL_CLEAR_PWFIELD password MYSQL_DATABASE netserva MYSQL_GID_FIELD gid MYSQL_HOME_FIELDhomedir MYSQL_LOGIN_FIELD username MYSQL_MAILDIR_FIELD maildir MYSQL_PASSWORD MYSQL_PORT 3306 MYSQL_QUOTA_FIELD quota MYSQL_SERVER127.0.0.1 MYSQL_UID_FIELD uid MYSQL_USERNAME netserva MYSQL_USER_TABLEmail_users ~ mysql -BNe explain mail_users netserva id int(11) NO PRI NULLauto_increment email varchar(255)NO UNI usernamevarchar(255)NO passwordvarchar(128)NO password_encvarchar(128)NO uid int(11) NO 0 gid int(11) NO 0 homedir varchar(255)NO maildir varchar(255)NO postfix enum('Y','N') NO Y domainidint(11) NO 0 customerid int(11) NO 0 quota varchar(15) NO 0 pop3tinyint(1) NO 1 imaptinyint(1) NO 1 mboxsizebigint(30) NO 0 ~ mysql -BNe select homedir,maildir from mail_users netserva /var/customers/mail/markc/netserva.goldcoast.org/markc/Maildir ~ ll /var/customers/mail/markc/netserva.goldcoast.org/markc/Maildir total 0 drwx-- 1 daemon daemon 0 Oct 3 11:28 cur/ drwx-- 1 daemon daemon 0 Oct 3 11:28 new/ drwx-- 1 daemon daemon 0 Oct 3 11:28 tmp/ ~ grep DEFAULT /etc/courier/courierd (truncated) courierd:DEFAULTDELIVERY=| /usr/bin/maildrop courierd:MAILDROPDEFAULT=./Maildir -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] MYSQL_MAILDIR_FIELD missing
On 03/10/14 12:30, Sam Varshavchik wrote: ~ grep DEFAULT /etc/courier/courierd (truncated) courierd:DEFAULTDELIVERY=| /usr/bin/maildrop courierd:MAILDROPDEFAULT=./Maildir What's courierd doing here? You said that you are running the courier-imap package, at the beginning. Well ubuntu's idea of a split courier-imap package that gets installed along side of courier-mta et al. This is probably a packaging issue with different/duplicated packages, using different configuration directories. ... You need to double-check where the Ubuntu package puts things. All is where Ubuntu/Debian has always put things running as uid:gid 1:1. Sam, everything is almost working because it would not get this far... Oct 3 11:59:41 netserva authdaemond: Authenticated: sysusername=null, sysuserid=1, sysgroupid=1, homedir=/var/customers/mail/, address=ma...@netserva.goldcoast.org, fullname=null, maildir=null, quota=1S, options=null I have never used the MYSQL_MAILDIR_FIELD before and as you can see above the returned maildir=null field is empty. Everything looks right to me except for the maildir=null part which is preventing (I guess) mail being added to and fetched from the right users maildir. I am using custom built packages from a Ubuntu PPA and testing this in a lxc container but I am also running exactly the same packages and distro on my own public server where it's working okay, but on that server I do not use MYSQL_MAILDIR_FIELD. I'll try and duplicate the exact same working settings on my public server. -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Ubuntu/Debian package dependencies
Would anyone happen to know which dependencies of the Ubuntu/Debian courier packages that would force such crazy desktop related junk? https://github.com/oerdnj/deb.sury.org/issues/18 If anyone on this list would like to cooperate with a lite debian package then please contact me off-list. -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Ubuntu/Debian package dependencies
On 12/09/14 16:46, Aidas Kasparas wrote: If anyone on this list would like to cooperate with a lite debian package then please contact me off-list. The lite package is not necessary. Problem lies in default configuration of apt system -- by default it installs all Recomended packages. I always switch that settings off as one of the first tasks during install. Thank you Aidas. I have progressed using your suggestion... apt-get install --no-install-recommends courier-authdaemon \ courier-authlib courier-authlib-mysql courier-authlib-sqlite \ courier-base courier-imap courier-imap-ssl courier-maildrop \ courier-mta courier-mta-ssl courier-ssl However the above courier-authlib still depends on expect which brings in libtcl8.6 and tcl-expect, which I have no intention of using. From... http://www.courier-mta.org/authlib/README_authlib.html SqWebMail uses an expect script - as mentioned in the introduction - to answer interactive prompts from passwd. The expect script expects to get a plain, garden-variety, passwd command, which acts something like this: [... example removed ...] Systems that use a passwd command with very different prompts may find that the default expect script will fail. In which case it will be necessary to tweak the expect script to match the prompts from the system's passwd command. I would have thought a) expect would be a depends of SqWebMail and not courier-authlib and b) I would also have used chpasswd from a script as it's been available in the standard linux passwd package for as long as I can remember. I have never used expect so maybe there are cases where it is necessary. Sam, is there any way that chpasswd could substitute for expect+tcl? And if not, is it safe to assume that expect should only be a depends for SqWebMail and not authlib (ie; when sqwebmail is not installed)? -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Couriertls SSL Error : no start line
On 04/09/14 13:14, [Kreiz IT]Cédric GROSS wrote: I just upgrade courier-imap from version 4.12 to 4.15 and now I see in my log : imapd-ssl: couriertls: /usr/local/etc/courier-imap/ssl/imapds.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line Just a wild guess but do you have symlinks pointing to that pem file or changed the setting in the imapd-ssl file... maybe permissions. My ubuntu/debian servers default to... ./imapd-ssl:TLS_CERTFILE=/etc/courier/imapd.pem (not imapds.pem) -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Couriertls SSL Error : no start line
On 04/09/14 19:26, [Kreiz IT]Cédric GROSS wrote: No symlink. Permission wasn't change. Same config file. Upgrade process changed it but I put back my previous config file. I checked diff between config files and it's only comments differ. So should be ok. I can't really help other than to suggest moving your current pem files somewhere safe and create a set of self-signed certs and confirm that they do work, or not. If they work as expected then it narrows it down to your copied pem files (pull them into a editor and make sure there are no spaces or control chars). If there is still some errors with the self signed certs then it's something to do with courier or SSL/TLS libs. -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] authdaemond password debugging
a) server running Debian 6 w/ courier-authdaemon 0.63.0-3 b) server running Ubuntu 14.04 w/ courier-authdaemon 0.63.0-6ubuntu1 b) server provides the below when a password fails... Sep 2 11:35:45 s2 authdaemond: supplied password 'user_pw' does not match passwd 'db_pw' a) does not provide the above line even though both have almost exactly the same settings. Why is a) not providing the 'does not match' line for failed passwords? a) egrep -v ^(#|$) authdaemonrc | sort authdaemonvar=/var/run/courier/authdaemon authmodulelist=authmysql authmodulelistorig=authuserdb authpam authpgsql authldap authmysql authcustom authpipe daemons=20 DEBUG_LOGIN=2 DEFAULTOPTIONS= LOGGEROPTS= b) egrep -v ^(#|$) authdaemonrc | sort authdaemonvar=/var/run/courier/authdaemon authmodulelist=authmysql authmodulelistorig=authuserdb authpam authpgsql authldap authmysql authcustom authpipe daemons=5 DEBUG_LOGIN=2 DEFAULTOPTIONS= LOGGEROPTS= -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] authdaemond password debugging
On 02/09/14 12:49, Sam Varshavchik wrote: Sep 2 11:35:45 s2 authdaemond: supplied password 'user_pw' does not match passwd 'db_pw' a) does not provide the above line even though both have almost exactly the same settings. Why is a) not providing the 'does not match' line for failed passwords? account found, password doesn't match, versus account not found. Sam, thanks for the quick reply but it's a tad too cryptic :-) In both cases the user exists if that's what you mean. All I did on both servers, to test, was to change a current users pw to something incorrect. Both provided a LOGIN FAILED but a) seemed to be missing all the extra lines that reveal exactly what the incorrect passwd is (which is what I am after). -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Latest Courier Ubuntu PPA Available
Thanks to Ondřej Surý Ubuntu 12.04, 14.04 and 14.10 users can now install the latest courier packages directly from a PPA. https://launchpad.net/~ondrej/+archive/ubuntu/courier courier-authlib 0.66.1 courier-mta 0.73.1 courier-imap 4.15-1 But no courier-authlib-sqlite package so I'll CC Ondřej. Issues can be filed here so if anyone has a patch to also create a courier-authlib-sqlite debian package then please post it to... https://github.com/oerdnj/deb.sury.org/issues -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Separate service passwords
Most of our brute force password attacks are against our pop service and some of our breaches are where gullible clients respond to various claims about give us your details or you will lose your account, of which some recent spams were even branded with our domainname so they would always look convincing to 1% or 2% of our clients. Once the users pop/imap details are uncovered then they are used to access the smtp ports to send out authenticated mail. Now we notice there is a recent tendency to send out very slowly from a large range of IPs (a botnet, particularly from south america) so the obvious pump and dump of yesteryear is not detected and can go on for weeks until we manually notice suspicious behaviour in the mail logs. The only good thing about this recent trend, to stealthily send out spam at roughly the frequency of a human, does not land us on a blacklist. Anyway, one thing that would help mitigate this is to have separate passwords for pop, imap and smtp servers and maybe even different ones for each port in use. Just to be able to have a two passwords, one for incoming mail and a different one for outgoing mail, could make a difference so any suggestions how to allow our clients to use different passwords for the different courier-authdaemon family of services? -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Separate service passwords
On 16/08/14 09:31, Sam Varshavchik wrote: Using mysql or postgres, you can use a custom query, and use the $(service) variable. Thank you Sam, Bernd and Lisa. I was completely unaware of this variable so no doubt I will have some fun trying it out on some larger installs with mysql (hopefully it applies to sqlite too). -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Auto-Re: IMAP/SSL and ESMTP/SSL
On 10/08/14 12:21, Charles Parkinson wrote: Ok, so that makes sense except for the fact that a CSR sent... Perhaps an example will help. I concatenate PEM variations (which my cert authority provides) of the key, the crt and the chained CA file to /etc/ssl/server.pem then symlink the /etc/courier/{esmtpd,imapd,pop3d}.pem required files to the single one in /etc/ssl, which looks like... -BEGIN PRIVATE KEY- [... private key...] -END PRIVATE KEY- -BEGIN CERTIFICATE- [... cert from CA ...] -END CERTIFICATE- -BEGIN CERTIFICATE- [... chained CA ...] -END CERTIFICATE- -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Offline maildir reader
On 08/08/14 20:32, Lisa Muir wrote: Well if you batch rename the individual messages in Maildir/cur/* to something ending with *.eml then if they could download the Maildir folders then they can just click on them and they will open up in whatever is their default desktop mail program. This is probably the most sensible approach as it allows the files to be indexed and searched using suitable infrastructure that will also serve their existing files repository. Just to be clear the then they can just click on them part refers to the individual maildir messages renamed to something.eml, not the actual folder containing them. FWIW if the was a Maildir in the current directory then something like this would copy and rename them... mkdir EmlMsgs for i in `ls -1 Maildir/cur`; do cp Maildir/cur/$i EmlMsgs/$i.eml; done But Thunderbird, and probably other mail programs, would only allow viewing them one at a time using this simplistic method. -- Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Offline maildir reader
On 08/08/14 21:06, Lisa Muir wrote: 14 year old email, there must come a time where it goes into archives somewhere and I don't think a MUA is the appropriate place for that, but some searchable repository is. I will be facing this same kind of issue. mhonarc is available as an ubuntu package and this does work with a browser either locally or online via a webserver, but it's not exactly searchable... mkdir mailarchive find Maildir \ -type d \ -regex .*\(new\|cur\) \ -exec mhonarc -mhpattern '^[^\.]' \ -add {} -outdir mailarchive \; *** This is the only PHP something I could find, there is a mention of it wrapping mhonarc to import into SQLite so that would then be searchable but I'm not sure if it also provides the interface to SQLite... https://github.com/wittiws/phonarc -- Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] imapd seems to stall sometimes
On 25/05/14 11:04, Sam Varshavchik wrote: Leaving off MAXPERC should not be a factor. It defaults to, internally, to MAXDAEMONS – effectively a no-op. Right, thanks. I presume that you've eliminated the low hanging fruit of actually reaching the maximum number of connections. Yes, barely a dozen imapds running on the server with a MAXDAEMONS of 400 and I'd blame Thunderbird too but it wasn't happening 24 hours ago with Dovecot. An lsof of the gamin/gam_server daemon looks okay. A previous time I experienced something like this I had to change back to fam and remove gamin... years ago. Woops, yes, this is using Ubuntu 14.04 x64 (both ends)... courier-mta 0.68.2-1ubuntu3 courier-imap 4.10.0-20120615-1ubuntu3 courier-authlib-mysql0.63.0-6ubuntu1 Once MAXDAEMONS is reached, though, couriertcpd stops accepting connections altogether... Those are the kinds of things to look at, here. That is not the case in this situation. Here's a imap log dump from Thunderbird in case something is obvious... at the point below I clicked on my Junk folder... 1759508352[7fa967a50370]: proposed url = INBOX.Junk folder for connection INBOX has To Wait = FALSE can run = FALSE 895477504[7fa938decd00]: 35ffa800:renta.net:S-INBOX:SendData: DONE [.. then TB hangs here for more than a minute ...] 895477504[7fa938decd00]: ReadNextLine [stream=37b40c10 nb=0 needmore=1] 895477504[7fa938decd00]: 35ffa800:renta.net:S-INBOX:CreateNewLineFromSocket: clearing IMAP_CONNECTION_IS_OPEN - rv = 804b000e 895477504[7fa938decd00]: 35ffa800:renta.net:S-INBOX:TellThreadToDie: close socket connection 895477504[7fa938decd00]: 35ffa800:renta.net:S-INBOX:CreateNewLineFromSocket: (null) 1759508352[7fa967a50370]: creating protocol instance to retry queued url:imap://ma...@renta.net@renta.net:143/select.Junk 1759508352[7fa967a50370]: retrying url:imap://ma...@renta.net@renta.net:143/select.Junk 1759508352[7fa967a50370]: 3303c800:renta.net:NA:SetupWithUrl: clearing IMAP_CONNECTION_IS_OPEN 895477504[7fa938decd00]: ImapThreadMainLoop leaving [this=35ffa800] 963634944[7fa9337ae450]: ImapThreadMainLoop entering [this=3303c800] 963634944[7fa9337ae450]: 3303c800:renta.net:NA:ProcessCurrentURL: entering 963634944[7fa9337ae450]: 3303c800:renta.net:NA:ProcessCurrentURL:imap://markc%40renta%2e...@renta.net:143/select%3E.Junk: = currentUrl 963634944[7fa9337ae450]: ReadNextLine [stream=37da8510 nb=256 needmore=0] 963634944[7fa9337ae450]: 3303c800:renta.net:NA:CreateNewLineFromSocket: * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS LOGINDISABLED] Courier-IMAP ready. Copyright 1998-2011 Double Precision, Inc. See COPYING for distribution information. 963634944[7fa9337ae450]: 3303c800:renta.net:NA:SendData: 1 STARTTLS 963634944[7fa9337ae450]: ReadNextLine [stream=37da8510 nb=37 needmore=0] 963634944[7fa9337ae450]: 3303c800:renta.net:NA:CreateNewLineFromSocket: 1 OK Begin SSL/TLS negotiation now. 963634944[7fa9337ae450]: 3303c800:renta.net:NA:SendData: 2 capability 963634944[7fa9337ae450]: ReadNextLine [stream=37da8510 nb=133 needmore=0] 963634944[7fa9337ae450]: 3303c800:renta.net:NA:CreateNewLineFromSocket: * CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE AUTH=PLAIN ACL ACL2=UNION 963634944[7fa9337ae450]: ReadNextLine [stream=37da8510 nb=27 needmore=0] 963634944[7fa9337ae450]: 3303c800:renta.net:NA:CreateNewLineFromSocket: 2 OK CAPABILITY completed 963634944[7fa9337ae450]: try to log in 963634944[7fa9337ae450]: IMAP auth: server caps 0x4C3325, pref 0x1006, failed 0x0, avail caps 0x1004 963634944[7fa9337ae450]: (GSSAPI = 0x100, CRAM = 0x2, NTLM = 0x10, MSN = 0x20, PLAIN = 0x1000, LOGIN = 0x2, old-style IMAP login = 0x4)auth external IMAP login = 0x2000 963634944[7fa9337ae450]: trying auth method 0x1000 963634944[7fa9337ae450]: got new password 963634944[7fa9337ae450]: IMAP: trying auth method 0x1000 963634944[7fa9337ae450]: PLAIN auth 963634944[7fa9337ae450]: 3303c800:renta.net:NA:SendData: 3 authenticate plain 963634944[7fa9337ae450]: ReadNextLine [stream=37da8510 nb=4 needmore=0] 963634944[7fa9337ae450]: 3303c800:renta.net:NA:CreateNewLineFromSocket: + 963634944[7fa9337ae450]: 3303c800:renta.net:NA:SendData: Logging suppressed for this command (it probably contained authentication information) 963634944[7fa9337ae450]: ReadNextLine [stream=37da8510 nb=16 needmore=0] 963634944[7fa9337ae450]: 3303c800:renta.net:NA:CreateNewLineFromSocket: 3 OK LOGIN Ok. 963634944[7fa9337ae450]: login succeeded 963634944[7fa9337ae450]: 3303c800:renta.net:A:SendData: 4 select INBOX.Junk -- Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability
Re: [courier-users] imapd seems to stall sometimes
On 26/05/14 00:00, Sam Varshavchik wrote: Need to set IMAPDEBUGFILE on the server side, and collect the actual IMAP traffic. Got it, thanks, doing that now. Even better yet would be to find the server process, and strace it. It'll be tricky to find the right imapd process to attach to but I will try that after watching the imaplog.dat until I get a clue what to look for and/or pick up on where it, or TB, hangs. Or, turn off IMAPENHANCEDIDLE, to see if that makes a difference. No sign of that option on this server with courier-imap 4.10.0. Is that perhaps an option with a more recent version? -- Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free. http://p.sf.net/sfu/SauceLabs ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] imapd seems to stall sometimes
On 26/05/14 00:00, Sam Varshavchik wrote: Or, turn off IMAPENHANCEDIDLE, to see if that makes a difference. Ah right, I see, it's IMAP_ENHANCEDIDLE. It was 0 so I just flipped it to 1 with IMAP_USELOCKS=1 and see what happens. Then I'll set them both to 0 as I rarely if ever use shared folders... and I don't think any clients even know of the possibility of using shard folders. Just now when clicking on a Junk folder, imaplog.dat showed... [...] 11 OK FETCH completed. WRITE: * BYE Disconnected for inactivity. WRITE: * BYE Disconnected for inactivity. [... long wait ...] WRITE: * BYE Disconnected for inactivity. [... shorter wait ...] WRITE: 3 OK LOGIN Ok. [...] etc, then the folder view in TB was suddenly refreshed on a new login. So something about being disconnected for inactivity then taking so long for a new login. I thought if I used IDLE then my connection would persist and re-logins, or at least not so many, would be the order of the day. I'm using 143/TLS with a real certificate. -- Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free. http://p.sf.net/sfu/SauceLabs ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] imapd seems to stall sometimes
I was using ISPConfig3 + postfix for the past year and finally got around to unhitching myself from ISPConfig3 so I could run courier again on this particular server. However since the changeover I've noticed that Thunderbird seems to just hang and wait every half a dozen'th time when I go to check my mail. I don't recall this happening with Dovecot. Is it possible there is a MAXPERC setting missing like in esmptd? Or anything obvious to someone else (locks?) why imapd might hang every now and then? ~ egrep -v ^(#|$) /etc/courier/imapd ADDRESS=0 PORT=143 MAXDAEMONS=400 MAXPERIP=200 PIDFILE=/var/run/courier/imapd.pid TCPDOPTS=-nodnslookup -noidentlookup LOGGEROPTS=-name=imapd IMAP_CAPABILITY=IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE IMAP_KEYWORDS=1 IMAP_ACL=1 IMAP_CAPABILITY_ORIG=IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE IMAP_PROXY=0 IMAP_PROXY_FOREIGN=0 IMAP_IDLE_TIMEOUT=60 IMAP_MAILBOX_SANITY_CHECK=1 IMAP_CAPABILITY_TLS=$IMAP_CAPABILITY AUTH=PLAIN IMAP_CAPABILITY_TLS_ORIG=$IMAP_CAPABILITY_ORIG AUTH=PLAIN IMAP_DISABLETHREADSORT=0 IMAP_CHECK_ALL_FOLDERS=0 IMAP_OBSOLETE_CLIENT=0 IMAP_UMASK=022 IMAP_ULIMITD=131072 IMAP_USELOCKS=1 IMAP_SHAREDINDEXFILE=/etc/courier/shared/index IMAP_ENHANCEDIDLE=0 IMAP_TRASHFOLDERNAME=Trash IMAP_EMPTYTRASH=Trash:7 IMAP_MOVE_EXPUNGE_TO_TRASH=0 SENDMAIL=/usr/sbin/sendmail HEADERFROM=X-IMAP-Sender IMAPDSTART=YES MAILDIRPATH=Maildir ~ egrep -v ^(#|$) /etc/courier/imapd-ssl SSLPORT=993 SSLADDRESS=0 SSLPIDFILE=/var/run/courier/imapd-ssl.pid SSLLOGGEROPTS=-name=imapd-ssl IMAPDSSLSTART=YES IMAPDSTARTTLS=YES IMAP_TLS_REQUIRED=0 COURIERTLS=/usr/bin/couriertls TLS_KX_LIST=ALL TLS_COMPRESSION=ALL TLS_CERTS=X509 TLS_CERTFILE=/etc/courier/imapd.pem TLS_TRUSTCERTS=/etc/ssl/certs TLS_VERIFYPEER=NONE TLS_CACHEFILE=/var/lib/courier/couriersslcache TLS_CACHESIZE=524288 MAILDIRPATH=Maildir -- Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free. http://p.sf.net/sfu/SauceLabs ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Problem after upgrade
On 04/14/14 21:23, Vytautas Kasparavičius wrote: I'm getting following errors Apr 14 14:13:20 mail imapd-ssl: couriertls: /etc/pki/tls/certs/gdcertpack.pem: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag Apr 14 14:13:27 mail esmtpd-ssl: couriertls: /etc/pki/tls/certs/gdcertpack.pem: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag It depends which part is being delimited... cat server.key server.crt server.ca /etc/courier/esmtpd.pem ~ cat /etc/courier/esmtpd.pem -BEGIN PRIVATE KEY- [ original private key ] -END PRIVATE KEY- -BEGIN CERTIFICATE- [ cert returned from authority, or self signed ] -END CERTIFICATE- -BEGIN CERTIFICATE- [ intermediate cert if chained (ie; cheap RapidSSL) ] -END CERTIFICATE- -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courier imap troubles
On 03/10/14 06:07, Sam Varshavchik wrote: Courier-IMAP never has any trouble creating any mailboxes, for the simple reason that Courier-IMAP never creates any mailboxes. Strictly speaking that is true but the OP may want to know that maildrop can create a users mailbox if it doesn't already exist if it's set up to do so. -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] authdaemond: segfault at 0 ip... error 4 in libc-2.18.so
On 03/05/14 15:31, Anders Le Chevalier wrote: Mar 5 06:08:05 e350 authdaemond: zero rows returned Mar 5 06:08:05 e350 authdaemond: no password available to compare Mar 5 06:08:05 e350 authdaemond: authmysql: REJECT - try next module Mar 5 06:08:05 e350 authdaemond: FAIL, all modules rejected That's normal if the SQL command failed for some other reason. What I do in a situation like this is temporarily turn on MySQL general logging, tail that logfile while logging it, copy the exact SQL statement used, then start mysql at the CLI and manually paste in the SQL statement (some single and double quoting may need to be altered) and see if there is an error. -- Subversion Kills Productivity. Get off Subversion Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users