subject:"\[courier\-users\] \?"


Il 19/07/2017 19:22, Alessandro Vesely ha scritto:

Did you actually check it?  I mean

  certtool -i --infile /etc/courier/esmtpd.pem

or

  openssl x509 -text -in /etc/courier/esmtpd.pem


Both tools read the file without errors and display the certificate 
informations, the modulus, the signature and the certificate.


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad

2017-07-19 Thread Alessandro Vesely

On Wed 19/Jul/2017 14:28:23 +0200 Lucio Crusca wrote:
> Il 19/07/2017 12:56, Sam Varshavchik ha scritto:
>> Check the server's certificate, esmtpd.pem. That's the only certificate
>> in play here. The file is probably corrupted.
> 
> At first glance it seems ok, the structure is the same as another file in
> another Courier server I run that works correctly (except the keys are not the
> same, obviously).
> 
> I haven't created that file myself nor obtained it from third parties: it's 
> the
> self signed certificate provided by the default courier packages installation.

Did you actually check it?  I mean

  certtool -i --infile /etc/courier/esmtpd.pem

or

  openssl x509 -text -in /etc/courier/esmtpd.pem

Ale

































--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad


Il 19/07/2017 17:06, Matus UHLAR - fantomas ha scritto:

Il 19/07/2017 15:46, PICCORO McKAY Lenz ha scritto:

you sould recreate and then test it!


On 19.07.17 15:57, Lucio Crusca wrote:

Forgot to mention, but I did remove the courier packages, the
/etc/courier folder, the APT package cache and reinstalled.


Did you remove or purge the packages?


Purged.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad

2017-07-19 Thread Matus UHLAR - fantomas


Il 19/07/2017 15:46, PICCORO McKAY Lenz ha scritto:

you sould recreate and then test it!


On 19.07.17 15:57, Lucio Crusca wrote:
Forgot to mention, but I did remove the courier packages, the 
/etc/courier folder, the APT package cache and reinstalled.


Did you remove or purge the packages?
The quite common problem on debian and derivatives is that you remove
packages, but don't purge (clean up configuration files).

Package management remembers that the configuration diles are installed and
does not create them. When you remove them manually, they won't get
installed either.

This can lead to troubles similar to those you describe.

During reinstallation the system created the self signed certificate 
again, but nothing changed.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Enter any 12-digit prime number to continue.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad


Il 19/07/2017 16:00, PICCORO McKAY Lenz ha scritto:

do you reported again debian bug tracker? using reporbug ?


Well no, but before reporting I'd like to be sure it's not my fault.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad

2017-07-19 Thread PICCORO McKAY Lenz

do you reported again debian bug tracker? using reporbug ? (well today its
not as was in the past but it must report too)

Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com

2017-07-19 9:57 GMT-04:00 Lucio Crusca <lu...@sulweb.org>:

>
>
> Il 19/07/2017 15:46, PICCORO McKAY Lenz ha scritto:
>
>> you sould recreate and then test it!
>>
>>
> Forgot to mention, but I did remove the courier packages, the /etc/courier
> folder, the APT package cache and reinstalled.
>
> During reinstallation the system created the self signed certificate
> again, but nothing changed.
>
> Client side this is what I get:
>
> $ swaks -a -tls -q HELO -s mrelay -au test -ap '<>' -p 25587
> === Trying mrelay:25587...
> === Connected to mrelay.
> <** Timeout (30 secs) waiting for server response
>  -> QUIT
> <** 220 mrelay ESMTP
> === Connection closed with remote host.
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad




Il 19/07/2017 15:46, PICCORO McKAY Lenz ha scritto:

you sould recreate and then test it!



Forgot to mention, but I did remove the courier packages, the 
/etc/courier folder, the APT package cache and reinstalled.


During reinstallation the system created the self signed certificate 
again, but nothing changed.


Client side this is what I get:

$ swaks -a -tls -q HELO -s mrelay -au test -ap '<>' -p 25587
=== Trying mrelay:25587...
=== Connected to mrelay.
<** Timeout (30 secs) waiting for server response
 -> QUIT
<** 220 mrelay ESMTP
=== Connection closed with remote host.


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad




Il 19/07/2017 12:56, Sam Varshavchik ha scritto:

Check the server's certificate, esmtpd.pem. That's the only certificate
in play here. The file is probably corrupted.


At first glance it seems ok, the structure is the same as another file 
in another Courier server I run that works correctly (except the keys 
are not the same, obviousy).


I haven't created that file myself nor obtained it from third parties: 
it's the self signed certificate provided by the default courier 
packages installation.




--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad

2017-07-19 Thread Sam Varshavchik


Lucio Crusca writes:


Hello,

I've just installed a new Courier instance in a new Debian GNU/Linux 9 amd64  
server from distro packages.


This Courier should act as smart relay for another server and nothing else.

So far I've enabled courier-mta and courier-msa systemd services, changed  
the ports they listed on and created a real system account for mail relay  
(authpam). I've also let


TLS_VERIFYPEER=NONE

in /etc/courier/courierd.

Then I tested the smarthost from Thunderbird, by configuring it as outgoing  
server. It does not work. When TB tries to send a message, it connects to  
the non-default MSA port, it starts talking to the server (STARTTLS) for a  
few seconds, then it fails for "unknown reason". Server-side, in the logs, I  
get:


Jul 19 04:48:17 mrelay courieresmtpd: started,ip=[:::80.180.158.103]
Jul 19 04:48:18 mrelay courieresmtpd: courieresmtpd: STARTTLS failed:  
Certificate is bad


I don't know what to try next.


Check the server's certificate, esmtpd.pem. That's the only certificate in  
play here. The file is probably corrupted.


pgp4Q8tPJRZML.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] courieresmtpd: STARTTLS failed: Certificate is bad


Hello,

I've just installed a new Courier instance in a new Debian GNU/Linux 9 
amd64 server from distro packages.


This Courier should act as smart relay for another server and nothing else.

So far I've enabled courier-mta and courier-msa systemd services, 
changed the ports they listed on and created a real system account for 
mail relay (authpam). I've also let


TLS_VERIFYPEER=NONE

in /etc/courier/courierd.

Then I tested the smarthost from Thunderbird, by configuring it as 
outgoing server. It does not work. When TB tries to send a message, it 
connects to the non-default MSA port, it starts talking to the server 
(STARTTLS) for a few seconds, then it fails for "unknown reason". 
Server-side, in the logs, I get:


Jul 19 04:48:17 mrelay courieresmtpd: started,ip=[:::80.180.158.103]
Jul 19 04:48:18 mrelay courieresmtpd: courieresmtpd: STARTTLS failed: 
Certificate is bad


I don't know what to try next.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Rerun .mailfilter?

2017-07-15 Thread Sam Varshavchik


Lucio Crusca writes:


Hello,

I've just edited my .mailfilter. Is it possible to run it once again for  
every already delivered message in my INBOX root maildir only, so that  
maildrop moves my messages in the respective new subfolders, according to  
the new .mailfilter rules?


There's no automatic way to do it. But, what you can do is manually move all  
messages from INBOX to a temporary directory, and then have a short script  
run maildrop in a loop, for each message on its standard input.


Something like:

cd $HOME
mkdir inbox.tmp
mv Maildir/cur/* inbox.tmp
for f in inbox.tmp/*
do
  maildrop <$f
done



pgp0GL1B_qYFP.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Rerun .mailfilter?

2017-07-15 Thread Lucio Crusca


Hello,

I've just edited my .mailfilter. Is it possible to run it once again for 
every already delivered message in my INBOX root maildir only, so that 
maildrop moves my messages in the respective new subfolders, according 
to the new .mailfilter rules?


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] setuid/setgid problem, mail from website not sent

2017-07-11 Thread Bernd Plagge

On Sun, 09 Jul 2017 12:14:59 +
courier-users-requ...@lists.sourceforge.net wrote:

> From: Markus Wanner <mar...@bluegap.ch>
> To: courier-users@lists.sourceforge.net
> Subject: Re: [courier-users] setuid/setgid problem,  mail from website not 
> sent
> Date: Sat, 8 Jul 2017 21:11:11 +0200
> 
> On 07/06/2017 12:13 PM, Matus UHLAR - fantomas wrote:
> > On 06.07.17 12:43, Bernd Plagge wrote:  
> >> thank you VERY much!
> >> This was the answer.
> >>
> >> Just for the record:
> >> I had to downgrade my Debian system due to issues with the new Debian
> >> packages.
> >> Seems that the permissions on the sendmail wrapper were not set
> >> correctly by the installation program.  
> > 
> > I believe debian developer either knows what permissions to set up, or
> > should be informed if that causes troubles...  
> 
> I'd rather guess the OP had to downgrade due to the maildrop issue in
> stretch, which I'm still trying to solve.
> 
> Kind Regards
> 
> Markus Wanner

Hi Markus,

well yes, the new Courier Debian version hit my users badly ... and in the end 
I decided to downgrade.
Don't get me wrong! 
I really very much appreciate somebody taking on the challenge of maintaining a 
pretty big and important package!

I've been using Debian for almost 20 years and appreciate the more conservative 
upgrading pace (i.e. in comparison to Ubuntu).
However, the Stretch upgrade was pretty bumpy due to major changes in several 
important packages. 
(PHP 7, PHP7.0-fpm, slapd, tinydns, Samba and a perl syntax check)

Please, if there are still issues with Maildrop (or something else) we need to 
fully understand the issue and have at least a manual workaround. If I restart 
a server after the upgrade and then discover issue this means most time a very 
long night - without any guarantee to solve the problem.

Aber trotz allem, vielen Dank fuer Muehe und Einsatz!

Bernd

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Blacklisted email addresses not cleared

2017-07-08 Thread Markus Wanner

Hi,

On 07/05/2017 11:54 PM, Sam Varshavchik wrote:
> Bernd Plagge writes:
>> I recently found some cases were blacklisted email addresses (recorded
>> in /var/lib/courier/track) were not cleared by the "courier clear
>> user@domain" command.

I run into a similar issue recently and figured other files in that
directory were blocking the user, which `courier clear` didn't clear.
You might want to check those files as well.

> That's the expected result. An email address gets cleared by adding an A
> record, so this looks ok.
> 
> Reviewing the code in question I only see a potential problem with
> "clear all" not working correctly, but clearing an individual address
> should work.

Unfortunately I'm not sure if I can reproduce this, but in my case,
`courier clear mar...@bluegap.ch` didn't help.

Kind Regards

Markus Wanner



signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] setuid/setgid problem, mail from website not sent

2017-07-08 Thread Markus Wanner

On 07/06/2017 12:13 PM, Matus UHLAR - fantomas wrote:
> On 06.07.17 12:43, Bernd Plagge wrote:
>> thank you VERY much!
>> This was the answer.
>>
>> Just for the record:
>> I had to downgrade my Debian system due to issues with the new Debian
>> packages.
>> Seems that the permissions on the sendmail wrapper were not set
>> correctly by the installation program.
> 
> I believe debian developer either knows what permissions to set up, or
> should be informed if that causes troubles...

I'd rather guess the OP had to downgrade due to the maildrop issue in
stretch, which I'm still trying to solve.

Kind Regards

Markus Wanner



signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] sendmail removes bcc header unconditionally

Just tested my sentfolder filter, and the new Bcc: support works 
nicely.  Thanks for your help, Sam.


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] sendmail removes bcc header unconditionally


On 07/06/2017 05:09 PM, Sam Varshavchik wrote:
Yeah, github was a couple of commits behind. Just pushed everything 
out, and it's up to date now. 



Thanks, again.  Is this an accurate update to the sendmail document?


diff --git a/courier/courier/doc/sendmail.sgml 
b/courier/courier/doc/sendmail.sgml

index 634b262..6f956c3 100644
--- a/courier/courier/doc/sendmail.sgml
+++ b/courier/courier/doc/sendmail.sgml
@@ -74,8 +74,8 @@ message and builds the recipient list from the 
To: Cc: and moreinfo="none">Bcc: headers.


 
-sendmail always removes all moreinfo="none">Bcc:

-headers before sending the message.
+sendmail removes moreinfo="none">Bcc:
+headers before sending the message if recipients are not specified on 
the command line.


 
 Some of the functionality described below is actually implemented by other
@@ -194,7 +194,7 @@ information.
 Read Bcc: headers only. Normally, if no
 recipients are specified, sendmail 
obtains the list of
 recipients by reading the To:, 
Cc: and
-Bcc: headers (moreinfo="none">Bcc: headers are always
+Bcc: headers (moreinfo="none">Bcc: headers are then

 removed).
 The -bcc option ignores moreinfo="none">To: and

 Cc:


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] sendmail removes bcc header unconditionally

2017-07-06 Thread Sam Varshavchik


Gordon Messmer writes:


On 07/06/2017 01:58 PM, Sam Varshavchik wrote:

This is a reasonable position to make, so I'll change this.



Thanks very much, Sam.  If you push a patch into git (github looks a bit out  
of date?) I'll test it.  Or, if you'd rather, I can modify sendmail and send  
a patch.


Yeah, github was a couple of commits behind. Just pushed everything out, and  
it's up to date now.





pgpJGQYoFfPpX.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] sendmail removes bcc header unconditionally


On 07/06/2017 01:58 PM, Sam Varshavchik wrote:

This is a reasonable position to make, so I'll change this.



Thanks very much, Sam.  If you push a patch into git (github looks a bit 
out of date?) I'll test it.  Or, if you'd rather, I can modify sendmail 
and send a patch.



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] sendmail removes bcc header unconditionally

2017-07-06 Thread Sam Varshavchik


Gordon Messmer writes:


On 07/06/2017 03:54 AM, Sam Varshavchik wrote:
Would it work to simply use a custom header name instead of "Bcc:". Most  
email clients won't show it by default, but it's going to be there and can  
be looked at, in some way; and the email clients will also ignore it if the  
message is replied to.



That's the other option I'm looking at, and I'm more likely to go that route  
than introduce another message delivery code path in the framework.  Some  
record is better than no record, but I feel like that path would still be  
very slightly inferior to the solutions that Gmail and Courier IMAP  
provide.  Is there a logical reason why sendmail should remove the Bcc:  
header when headers aren't used to indicate recipients?


My recollection is hazy, but I thought that this was sendmail-sendmail's  
behavior, which was to simply strip off the Bcc: header from the mail.


The current version of sendmail's man page suggests – with some  
ambiguity – that only the -t option does that; so I don't know whether this  
was changed some time, or it was always like that.


I was curious as to the historical origin of this, and poking around the  
Intertubes all the references were to RFC 733 which only states that “the  
contents of this field are not included in copies of the message sent to the  
primary and secondary recipients. Some systems may choose to include the  
text of the "Bcc" field only in the author(s)'s copy, while others may also  
include it in the text sent to all those indicated in the "Bcc" list.”  
without going into much detail of how the recipient list is established; but  
the "may" part's only logical intepretation is that the whole thing is  
always optional.


Still, from a certain point of view, sendmail-sendmail's behavior is quite  
reasonable, too. You can say that by explicitly specifying the recipient  
list this places the onus on the sender to identify the so-called "primary  
and secondary" recipients; with the presumption that the sender is  
responsible for formatting the message, and the sender is wholly responsible  
for including or omitting the contents of the Bcc. This is a reasonable  
position to make, so I'll change this.


pgpU3zvzSFowB.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] sendmail removes bcc header unconditionally


On 07/06/2017 03:54 AM, Sam Varshavchik wrote:
Would it work to simply use a custom header name instead of "Bcc:". 
Most email clients won't show it by default, but it's going to be 
there and can be looked at, in some way; and the email clients will 
also ignore it if the message is replied to. 



That's the other option I'm looking at, and I'm more likely to go that 
route than introduce another message delivery code path in the 
framework.  Some record is better than no record, but I feel like that 
path would still be very slightly inferior to the solutions that Gmail 
and Courier IMAP provide.  Is there a logical reason why sendmail should 
remove the Bcc: header when headers aren't used to indicate recipients?



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] setuid/setgid problem, mail from website not sent

2017-07-06 Thread Stefan Hornburg (Racke)

On 07/06/2017 12:13 PM, Matus UHLAR - fantomas wrote:
> On 06.07.17 12:43, Bernd Plagge wrote:
>> thank you VERY much!
>> This was the answer.
>>
>> Just for the record:
>> I had to downgrade my Debian system due to issues with the new Debian 
>> packages.
>> Seems that the permissions on the sendmail wrapper were not set correctly by 
>> the installation program.
> 
> I believe debian developer either knows what permissions to set up, or
> should be informed if that causes troubles...

Yes, please file a bug and I'll take a look at it.

Thanks
    Racke

> 
>> On Thu, 06 Jul 2017 03:03:37 +
>> courier-users-requ...@lists.sourceforge.net wrote:
>>
>>> From: Sam Varshavchik <mr...@courier-mta.com>
>>> To: courier-users@lists.sourceforge.net
>>> Subject: Re: [courier-users] setuid/setgid problem,  mail from website not  
>>>sent
>>> Date: Wed, 05 Jul 2017 17:55:26 -0400
>>>
>>> Bernd Plagge writes:
>>>
>>> > Hi
>>> >
>>> > I'm trying to send mail from website mail, or webmail.
>>> > However, sending doesn't work,
>>> >
>>> > Log entries:
>>> >
>>> > Jul 06 00:25:45 linde lighttpd[1182]: setuid/setgid: Operation not 
>>> > permitted
>>> > Jul 06 00:25:45 linde lighttpd[1182]: /cgi-bin/FormMail.pl: close sendmail
>>> > pipe failed, mailprog=[/usr/lib/sendmail -oi -t] at (eval 9) line 108.
>>> >
>>> > The courier sendmail program:
>>> > s -l /usr/sbin/sendmail
>>> > -rwxr-sr-x 1 root courier 59120 Jan 26  2015 /usr/sbin/sendmail
>>> >
>>> >
>>> > What can I do to solve this problem?
>>>
>>> Permissions on the sendmail wrapper should be setuid root, not setgid.
> 


-- 
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] sendmail removes bcc header unconditionally

2017-07-06 Thread Sam Varshavchik


Gordon Messmer writes:

I'm working on improving my "sentfolder" mail filter.  This filter works  
like GMail's SMTP system, copying messages that a user sends into their sent  
folder, so that messages only need to traverse the network once.  Courier  
IMAP has a better option, but no client support to speak of.


I've updated the sendfolder filter to examine the recipients in the control  
files and the message file headers, and add a Bcc: header for any addresses  
that don't appear in the message headers.  It then uses sendmail to send a  
copy to the user, along with a header that marks it for delivery to their  
sent folder. The problem here is that sendmail unconditionally removes the  
bcc: header.  I think it might be better if sendmail removed the bcc header  
only if it uses headers for the destination addresses, and left the bcc  
header if it uses destinations given as command line arguments.  Would that  
be an acceptable change?


I could work around the problem by using SMTP rather than sendmail, but I  
prefer to use sendmail to avoid passing through the courier filters (at  
least, in the default configuration).


Would it work to simply use a custom header name instead of "Bcc:". Most  
email clients won't show it by default, but it's going to be there and can  
be looked at, in some way; and the email clients will also ignore it if the  
message is replied to.




pgpRHc4p8PIVR.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] setuid/setgid problem, mail from website not sent

2017-07-06 Thread Matus UHLAR - fantomas


On 06.07.17 12:43, Bernd Plagge wrote:

thank you VERY much!
This was the answer.

Just for the record:
I had to downgrade my Debian system due to issues with the new Debian packages.
Seems that the permissions on the sendmail wrapper were not set correctly by 
the installation program.


I believe debian developer either knows what permissions to set up, or
should be informed if that causes troubles...


On Thu, 06 Jul 2017 03:03:37 +
courier-users-requ...@lists.sourceforge.net wrote:


From: Sam Varshavchik <mr...@courier-mta.com>
To: courier-users@lists.sourceforge.net
Subject: Re: [courier-users] setuid/setgid problem,  mail from website not  
   sent
Date: Wed, 05 Jul 2017 17:55:26 -0400

Bernd Plagge writes:

> Hi
>
> I'm trying to send mail from website mail, or webmail.
> However, sending doesn't work,
>
> Log entries:
>
> Jul 06 00:25:45 linde lighttpd[1182]: setuid/setgid: Operation not permitted
> Jul 06 00:25:45 linde lighttpd[1182]: /cgi-bin/FormMail.pl: close sendmail
> pipe failed, mailprog=[/usr/lib/sendmail -oi -t] at (eval 9) line 108.
>
> The courier sendmail program:
> s -l /usr/sbin/sendmail
> -rwxr-sr-x 1 root courier 59120 Jan 26  2015 /usr/sbin/sendmail
>
>
> What can I do to solve this problem?

Permissions on the sendmail wrapper should be setuid root, not setgid.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] setuid/setgid problem, mail from website not sent

2017-07-05 Thread Bernd Plagge

Hi Sam,

thank you VERY much!
This was the answer.

Just for the record: 
I had to downgrade my Debian system due to issues with the new Debian packages.
Seems that the permissions on the sendmail wrapper were not set correctly by 
the installation program.

Again, thank you very much!



On Thu, 06 Jul 2017 03:03:37 +
courier-users-requ...@lists.sourceforge.net wrote:

> From: Sam Varshavchik <mr...@courier-mta.com>
> To: courier-users@lists.sourceforge.net
> Subject: Re: [courier-users] setuid/setgid problem,  mail from website not
>  sent
> Date: Wed, 05 Jul 2017 17:55:26 -0400
> 
> Bernd Plagge writes:
> 
> > Hi
> >
> > I'm trying to send mail from website mail, or webmail.
> > However, sending doesn't work,
> >
> > Log entries:
> >
> > Jul 06 00:25:45 linde lighttpd[1182]: setuid/setgid: Operation not permitted
> > Jul 06 00:25:45 linde lighttpd[1182]: /cgi-bin/FormMail.pl: close sendmail  
> > pipe failed, mailprog=[/usr/lib/sendmail -oi -t] at (eval 9) line 108.
> >
> > The courier sendmail program:
> > s -l /usr/sbin/sendmail
> > -rwxr-sr-x 1 root courier 59120 Jan 26  2015 /usr/sbin/sendmail
> >
> >
> > What can I do to solve this problem?  
> 
> Permissions on the sendmail wrapper should be setuid root, not setgid.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] sendmail removes bcc header unconditionally

2017-07-05 Thread Gordon Messmer

I'm working on improving my "sentfolder" mail filter.  This filter works 
like GMail's SMTP system, copying messages that a user sends into their 
sent folder, so that messages only need to traverse the network once.  
Courier IMAP has a better option, but no client support to speak of.


I've updated the sendfolder filter to examine the recipients in the 
control files and the message file headers, and add a Bcc: header for 
any addresses that don't appear in the message headers.  It then uses 
sendmail to send a copy to the user, along with a header that marks it 
for delivery to their sent folder. The problem here is that sendmail 
unconditionally removes the bcc: header.  I think it might be better if 
sendmail removed the bcc header only if it uses headers for the 
destination addresses, and left the bcc header if it uses destinations 
given as command line arguments.  Would that be an acceptable change?


I could work around the problem by using SMTP rather than sendmail, but 
I prefer to use sendmail to avoid passing through the courier filters 
(at least, in the default configuration).



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Blacklisted email addresses not cleared

2017-07-05 Thread Sam Varshavchik


Bernd Plagge writes:


Hi all

I recently found some cases were blacklisted email addresses (recorded in  
/var/lib/courier/track) were not cleared by the "courier clear user@domain"  
command.


I ran strace and here  is the result:

fstat64(3, {st_mode=S_IFREG|0644, st_size=173, ...}) = 0
write(3, "1499264814 aem...@domain.com"..., 33) = 33
close(3)= 0
fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0
write(1, "m...@domain.com cleared.\n", 30) = 30
exit_group(0)   = ?


That's the expected result. An email address gets cleared by adding an A  
record, so this looks ok.


Reviewing the code in question I only see a potential problem with "clear  
all" not working correctly, but clearing an individual address should work.




pgp1WFJM2MF8d.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] setuid/setgid problem, mail from website not sent

2017-07-05 Thread Sam Varshavchik


Bernd Plagge writes:


Hi

I'm trying to send mail from website mail, or webmail.
However, sending doesn't work,

Log entries:

Jul 06 00:25:45 linde lighttpd[1182]: setuid/setgid: Operation not permitted
Jul 06 00:25:45 linde lighttpd[1182]: /cgi-bin/FormMail.pl: close sendmail  
pipe failed, mailprog=[/usr/lib/sendmail -oi -t] at (eval 9) line 108.


The courier sendmail program:
s -l /usr/sbin/sendmail
-rwxr-sr-x 1 root courier 59120 Jan 26  2015 /usr/sbin/sendmail


What can I do to solve this problem?


Permissions on the sendmail wrapper should be setuid root, not setgid.




pgprgnATZ9HsP.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] setuid/setgid problem, mail from website not sent

2017-07-05 Thread Gordon Messmer


On 07/05/2017 11:33 AM, Bernd Plagge wrote:

What can I do to solve this problem?



First, "setenforce permissive" and send a message, or examine 
/var/log/audit/audit.log to see if this is an SELinux denial.


Next, in permissive mode, use "tail -f /var/log/audit/audit.log | grep 
AVC" to watch the log while you send another message.  Take all of the 
output and pass it as input to "audit2allow -M lighttpd_sendmail".  That 
will create a new SELinux policy module that you can load to allow 
lighttpd to send email.



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] setuid/setgid problem, mail from website not sent

2017-07-05 Thread Bernd Plagge

Hi 

I'm trying to send mail from website mail, or webmail.
However, sending doesn't work, 

Log entries:

Jul 06 00:25:45 linde lighttpd[1182]: setuid/setgid: Operation not permitted
Jul 06 00:25:45 linde lighttpd[1182]: /cgi-bin/FormMail.pl: close sendmail pipe 
failed, mailprog=[/usr/lib/sendmail -oi -t] at (eval 9) line 108.

The courier sendmail program:
s -l /usr/sbin/sendmail
-rwxr-sr-x 1 root courier 59120 Jan 26  2015 /usr/sbin/sendmail


What can I do to solve this problem?

Best regards,
Bernd


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Blacklisted email addresses not cleared

2017-07-05 Thread Bernd Plagge

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi all

I recently found some cases were blacklisted email addresses (recorded in 
/var/lib/courier/track) were not cleared by the "courier clear user@domain" 
command.
Permissions for the directory are:

linde:/var/lib/courier# ls -l
total 544
drwxr-x--- 2 daemon daemon   4096 Jul  5 00:05 allfilters
drwxr-x--- 2 daemon daemon   4096 Nov 29  2010 calendar
- -rw--- 1 root   root   524288 Jul  5 23:04 couriersslcache
drwxr-x--- 2 daemon daemon   4096 May 21  2016 filters
drwxr-xr-x 4 daemon daemon   4096 Jul  5 23:21 msgq
drwxr-x--- 7 daemon daemon   4096 Jul  5 23:25 msgs
drwxrwx--- 5 daemon daemon   4096 Jul  5 22:08 tmp
drwxr-xr-x 2 daemon daemon   4096 Jul  5 23:29 track


I ran strace and here  is the result:

mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0xb7421000
set_thread_area({entry_number:-1, base_addr:0xb7421700, limit:1048575, 
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, 
useable:1}) = 0 (entry_number:6)
mprotect(0xb75d5000, 8192, PROT_READ)   = 0
mprotect(0xb75f7000, 4096, PROT_READ)   = 0
mprotect(0xb764c000, 4096, PROT_READ)   = 0
mprotect(0xb77be000, 24576, PROT_READ)  = 0
mprotect(0x8051000, 4096, PROT_READ)= 0
mprotect(0xb77fe000, 4096, PROT_READ)   = 0
munmap(0xb77c8000, 48644)   = 0
brk(NULL)   = 0x9816000
brk(0x983b000)  = 0x983b000
chdir("/usr")   = 0
setgid32(1) = 0
getuid32()  = 0
setgroups32(1, [1]) = 0
setuid32(1) = 0
open("/var/lib/courier/track/416462", O_WRONLY|O_CREAT|O_APPEND|O_LARGEFILE, 
0666) = 3
_llseek(3, 0, [173], SEEK_END)  = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=173, ...}) = 0
write(3, "1499264814 aem...@domain.com"..., 33) = 33
close(3)= 0
fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0
write(1, "m...@domain.com cleared.\n", 30) = 30
exit_group(0)   = ?

I'm running Courier 0.73 (Debian upgrade failed).

Sorry, I'm not very good at reading traces. Any ideas what the reason might be?

Thanks for any help!

Bernd
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEV/J6xcvB3zWv0k2ZmovHNYOpMokFAllc+M8ACgkQmovHNYOp
MonVvw/+JqXjPutUSCc06vo6fNfcheO7Ut+DG6Fu1gt1eMPxHh9sJQn1/t3V0cBT
UiB9NrTZQ35TWZ1RILBzFt8sLxjyRXL0UvhGkf5T0hDqbAs0U9OA85NT8MjHv8Hw
zDxtChL6BMqjQ+fWFsemZXNSZv/yg+7ciPQv2fldIXU4coWL3r9Ewir1DpWwg2Ip
GgPDiHpRSRS5em8uQmDHsqZI5xH4mgQBaZ9IRh3W3JS1rKYnTF+LTS2O7x+RnQdg
hDWk5n0i1G4fsxKcm/IkARH5hxAvD49zuFvZUC7GMNULRNpwKQEtwE9Fp3jWt0qi
n/ygz9PXfuuTURf6MYBEZF8eNjuv3MmiQxTiGqjCoG/bh67e2xHBWDH9Q6bOKWIo
SaM2fURFMqP1W3SQ7gqPnjCSK3RWpgmePve7eh+QVKAGyCmOCwfTbVGKJbGuzenZ
9B756yfhA7r33vdZHsm0PnVFR7df05Saw2ukuqJW2VRPE6OteABRNAVq/bXBLxF0
B/H+sqRsmY7/HH+LH4CSNLzl86WwABqUe4TQ+Btlr19VwvdZlcLMYJzXe3wKsaei
wSKMK7HVQLE8/sHrrrq3z1wr/nyxRdaEPfYF9o66R5OJLZ0tpQk1lh6YFboPgV4x
SGMx44lGaaG6WUmr337sIZIee/dH39dxIDLJvdID5xNi6qIrDTg=
=+ESq
-END PGP SIGNATURE-
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Authenticate Clients via TLS client cert

2017-07-03 Thread Bernd Wurst

Hello.

[sorry for sending this via private mail before. my fault.]


Am 02.07.2017 um 23:06 schrieb Sam Varshavchik:
> http://www.courier-mta.org/install.html#sslcert
> Also described further in the esmtpd-ssl configuration file, under
> TLS_EXTERNAL.
> For this to work, the certificate subject needs to specify whatever
> would be used for the login ID when authenticating manually.

Wow, perfect. I missed that completely.

Tank you for the pointer!

regards,
Bernd




signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Authenticate Clients via TLS client cert

2017-07-02 Thread Sam Varshavchik


Bernd Wurst writes:


Hello,

I'm struggling with the question if it is possible to authenticate
clients (optionally) with a client certificate. I found some docs about
dovecot implementing this [1] and was wondering if courier (SMTP) could
also be used with this?

I could not find something about it in the docs.


The desired use would be that we operate a local CA and issue
certificates that contain a user name (e-mail-address) as common name
and courier authenticates this certificate as the given user, so that
logging and processing will continue have the sender's data.

[1]: "Client certificate verification/authentication", half way down at
https://wiki.dovecot.org/SSL/DovecotConfiguration


http://www.courier-mta.org/install.html#sslcert

Also described further in the esmtpd-ssl configuration file, under  
TLS_EXTERNAL.


For this to work, the certificate subject needs to specify whatever would be  
used for the login ID when authenticating manually.




pgpi8XcrDFBKM.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Authenticate Clients via TLS client cert

2017-07-02 Thread Bernd Wurst

Hello,

I'm struggling with the question if it is possible to authenticate
clients (optionally) with a client certificate. I found some docs about
dovecot implementing this [1] and was wondering if courier (SMTP) could
also be used with this?

I could not find something about it in the docs.


The desired use would be that we operate a local CA and issue
certificates that contain a user name (e-mail-address) as common name
and courier authenticates this certificate as the given user, so that
logging and processing will continue have the sender's data.

[1]: "Client certificate verification/authentication", half way down at
https://wiki.dovecot.org/SSL/DovecotConfiguration


regards,
Bernd




signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] New releases of Courier packages.

2017-07-02 Thread Sam Varshavchik


Download: http://www.courier-mta.org/download.html

New releases of courier, courier-unicode, courier-authlib, courier-imap,  
sqwebmail, maildrop, and cone packages.


Changes:

- The courier-unicode library updated to use C++11 unicode features.

- Some SMTP connection failures were not reported correctly.

- maildir quota calculation will ignore symbolic links to folders.

- Fix TLS peer hostname verification issue caused by CNAME records.

- Do not use ANY queries for DNSBL lookups.

- Fix compilation errors with OpenSSL 1.1.0.

- Include several Debian patches.



pgpn8714cb_qg.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] szmlink counts as quota

2017-06-17 Thread Sam Varshavchik


SZÉPE Viktor writes:


Idézem/Quoting Gordon Messmer <gordon.mess...@gmail.com>:


On 05/18/2017 06:31 PM, SZÉPE Viktor wrote:

Could it be that that Courier counts Sent folder size three time while
calculating quota?



Can you test this patch?


Thank you!!

Sam, could we incorporate this patch?


This was merged, with a slight technical change.


pgpck9H8x9x5n.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] szmlink counts as quota

2017-06-17 Thread SZÉPE Viktor


Idézem/Quoting Gordon Messmer <gordon.mess...@gmail.com>:


On 05/18/2017 06:31 PM, SZÉPE Viktor wrote:

Could it be that that Courier counts Sent folder size three time while
calculating quota?



Can you test this patch?


Thank you!!

Sam, could we incorporate this patch?



SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
--
+36-20-4242498  s...@szepe.net  skype: szepe.viktor
Budapest, III. kerület





--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] szmlink counts as quota

2017-06-17 Thread Gordon Messmer


On 05/18/2017 06:31 PM, SZÉPE Viktor wrote:

Could it be that that Courier counts Sent folder size three time while
calculating quota?



Can you test this patch?


diff --git a/maildir/maildirquota.c b/maildir/maildirquota.c
index 3f3e0bd..3ff78f1 100644
--- a/maildir/maildirquota.c
+++ b/maildir/maildirquota.c
@@ -454,6 +454,9 @@ static int docheckquota(struct maildirsize *info,
 	dirp=opendir(info->maildir);
 	while (dirp && (de=readdir(dirp)) != 0)
 	{
+#ifdef _DIRENT_HAVE_D_TYPE
+		if (de->d_type == DT_LNK) continue;
+#endif
 		if (countsubdir(info->maildir, de->d_name,
 , _size,
 			_cnt))
@@ -520,6 +523,9 @@ static int docheckquota(struct maildirsize *info,
 	dirp=opendir(info->maildir);
 	while (dirp && (de=readdir(dirp)) != 0)
 	{
+#ifdef _DIRENT_HAVE_D_TYPE
+		if (de->d_type == DT_LNK) continue;
+#endif
 		if (statsubdir(info->maildir, de->d_name, ))
 		{
 			errno=EIO;
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] missing MX record

2017-06-10 Thread Matus UHLAR - fantomas


On 10.06.17 14:53, SZÉPE Viktor wrote:

RFC 5321 states in https://tools.ietf.org/html/rfc5321#section-5


The lookup first attempts to locate an MX record associated with the name.
... If an empty list of MXs is returned,
the address is treated as if it was associated with an implicit MX
RR, with a preference of 0, pointing to that host.


Were you a ware of that?
I think it is very unusual and dangerous.

Do modern MTA-s - including Courier - implement that?



Idézem/Quoting Matus UHLAR - fantomas <uh...@fantomas.sk>:

This behaviour was described in rfc 821 and 2821.
AFAIK all MTAs implement this behaviour since MX records were implemented.

What and why exactly sounds unusual and dangerous to you?


On 10.06.17 16:42, SZÉPE Viktor wrote:

I think it gives us no means to stop emails for a domain.
I thought removing the MX record and not listening on port 25 is enough.

This way anyone my send an email to a mailserver-less sub/domain.


This mechanism was created when MX records were introduced, to support
host/domains without them.

This is how things should be done - creating new standard and define how
backwards compatibility should be implemented.

Read rfc 7505 that tries to implement mechanism to archieve that as a new
measurement, and don't blame us for implementign something that has existed
even before MX and was never dropped since.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a talented fool. 


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] missing MX record

2017-06-10 Thread SZÉPE Viktor


Idézem/Quoting Matus UHLAR - fantomas <uh...@fantomas.sk>:


On 10.06.17 14:53, SZÉPE Viktor wrote:

RFC 5321 states in
https://tools.ietf.org/html/rfc5321#section-5


The lookup first attempts to locate an MX record associated with the name.
... If an empty list of MXs is returned,
the address is treated as if it was associated with an implicit MX
RR, with a preference of 0, pointing to that host.


Were you a ware of that?
I think it is very unusual and dangerous.

Do modern MTA-s - including Courier - implement that?


This behaviour was described in rfc 821 and 2821.
AFAIK all MTAs implement this behaviour since MX records were implemented.

What and why exactly sounds unusual and dangerous to you?


I think it gives us no means to stop emails for a domain.
I thought removing the MX record and not listening on port 25 is enough.

This way anyone my send an email to a mailserver-less sub/domain.


SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
--
+36-20-4242498  s...@szepe.net  skype: szepe.viktor
Budapest, III. kerület





--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] missing MX record

2017-06-10 Thread Matus UHLAR - fantomas


On 10.06.17 14:53, SZÉPE Viktor wrote:

RFC 5321 states in
https://tools.ietf.org/html/rfc5321#section-5


The lookup first attempts to locate an MX record associated with the name.
... If an empty list of MXs is returned,
the address is treated as if it was associated with an implicit MX
RR, with a preference of 0, pointing to that host.


Were you a ware of that?
I think it is very unusual and dangerous.

Do modern MTA-s - including Courier - implement that?


This behaviour was described in rfc 821 and 2821.
AFAIK all MTAs implement this behaviour since MX records were implemented.

What and why exactly sounds unusual and dangerous to you?

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains? 


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] missing MX record

2017-06-10 Thread SZÉPE Viktor


Hello Sam!

RFC 5321 states in
https://tools.ietf.org/html/rfc5321#section-5


The lookup first attempts to locate an MX record associated with the name.
... If an empty list of MXs is returned,
the address is treated as if it was associated with an implicit MX
RR, with a preference of 0, pointing to that host.


Were you a ware of that?
I think it is very unusual and dangerous.

Do modern MTA-s - including Courier - implement that?



SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
--
+36-20-4242498  s...@szepe.net  skype: szepe.viktor
Budapest, III. kerület





--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Loading / reloading Pythonfilter

2017-06-08 Thread Alessandro Vesely

On Wed 07/Jun/2017 21:39:34 +0200 Gordon Messmer wrote:
> On 06/07/2017 04:32 AM, Alessandro Vesely wrote:
>> Last time I issued courierfilter stop, and then start.
>> However, that way I have to reload also clamav databases, which takes a long
>> time.  Is there any better way to upgrade the running Python process?
> 
> That should only be the case if you were running pyclamav, which is no longer
> available or supported.  The supported means of using clamav is to run an
> instance of clamd as the courier user, and use pyclamd to scan messages.  In
> that configuration, you should be able to "filterctl stop pythonfilter/start
> pythonfilter" without significant delays.

Hm... I wouldn't recommend that.  During the 17 seconds it took to reload "C"
filter databases, I only had one "432 Mail filters temporarily unavailable".
Of course, stopping and restarting pythonfilter alone would have taken much
less.  Short as that time might have been, messages with bad attachments would
have slipped through unfiltered in the meanwhile.

Ale
-- 




















signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Loading / reloading Pythonfilter

2017-06-07 Thread Gordon Messmer

On 06/07/2017 04:32 AM, Alessandro Vesely wrote:

Last time I issued courierfilter stop, and then start.
However, that way I have to reload also clamav databases, which takes a long
time. Is there any better way to upgrade the running Python process?

That should only be the case if you were running pyclamav, which is no
longer available or supported. The supported means of using clamav is
to run an instance of clamd as the courier user, and use pyclamd to scan
messages. In that configuration, you should be able to "filterctl stop
pythonfilter/start pythonfilter" without significant delays.

BTW, in order to tell distributed filter from home-brewed ones, I install sym
links in the dist-package/pythonfilter directory, which point to the source
file. I note that Python does not produce any .pyc in that case.

That's true, but that only means that python will take slightly longer
to parse those files when they're imported. Since that only happens on
startup, it's hard to make the case that producing pyc files will
significantly impact performance at all.

Since the pyc is what should get loaded when loading a module, an idea could be
to reload modules if they have been recompiled since the last time they were
loaded. Let me attach the idea. Beware: I did'n run it, not even once, and
didn't fully understand the caveats about using reload(), see e.g.:

https://stackoverflow.com/questions/437589/how-do-i-unload-reload-a-python-module#answer-438845

pythonfilter uses threads in order to allow modules to keep statistics
in memory. As far as I can tell, reloading isn't going to be safe.

One more question, about virtualenv. Has anyone had experience loading
Pythonfilter that way under Courier? Another possibility is to install
Pythonfilter globally, but keep additional packages in a virtualenv, just to
ease tracking requirements.

I haven't, personally.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Loading / reloading Pythonfilter

2017-06-07 Thread Alessandro Vesely

I changed the code of a filter which is already configured and running.  Now I
have to install it.  Last time I issued courierfilter stop, and then start.
However, that way I have to reload also clamav databases, which takes a long
time.  Is there any better way to upgrade the running Python process?

BTW, in order to tell distributed filter from home-brewed ones, I install sym
links in the dist-package/pythonfilter directory, which point to the source
file.  I note that Python does not produce any .pyc in that case.  However, the
following command compiles in the current directory irrespectively of whatever:

python -m compileall -l attachments.py

Since the pyc is what should get loaded when loading a module, an idea could be
to reload modules if they have been recompiled since the last time they were
loaded.  Let me attach the idea.  Beware: I did'n run it, not even once, and
didn't fully understand the caveats about using reload(), see e.g.:

https://stackoverflow.com/questions/437589/how-do-i-unload-reload-a-python-module#answer-438845

One more question, about virtualenv.  Has anyone had experience loading
Pythonfilter that way under Courier?  Another possibility is to install
Pythonfilter globally, but keep additional packages in a virtualenv, just to
ease tracking requirements.

TIA
Ale

--- 
../courier-pythonfilter/courier-pythonfilter-1.11/build/scripts-2.7/pythonfilter
2016-10-31 17:21:05.543243721 +0100
+++ ../pythonfilter-modified-but-not-tested.py  2017-06-07 13:09:59.818621251 
+0200
@@ -111,6 +111,11 @@
  (importError[0], importError[1]))
 sys.stderr.write(''.join(traceback.format_tb(importError[2])))
 sys.exit()
+try:
+moduleDate = os.stat(module.__file__).st_mtime
+except OSError:
+moduleDate = None
+
 if hasattr(module, 'initFilter'):
 try:
 module.initFilter()
@@ -126,7 +131,7 @@
 try:
 # Store the name of the filter module and a reference to its
 # dofilter function in the "filters" array.
-filters.append((moduleName, module.doFilter, bypass))
+filters.append((moduleName, module.doFilter, bypass, module, 
moduleDate))
 except AttributeError:
 # Log bad modules
 importError = sys.exc_info()
@@ -203,13 +208,23 @@
 # Prepare a set of filters that will not be run if a module returns
 # a 2XX code, and specifies a list of filters to bypass.
 bypass = set()
-for i_filter in filters:
+for i_i, i_filter in enumerate(filters):
 # name = i_filter[0]
 # function = i_filter[1]
 # bypass = i_filter[2]
 if i_filter[0] in bypass:
 continue
 try:
+if i_filter[4] is not None:
+moduleDate = os.stat(i_filter[3].__file__).st_mtime
+if moduleDate > i_filter[4]:
+reload(i_filter[3])
+i_filter[4] = moduleDate
+filters[i_i] = (i_filter[0], i_filter[1], i_filter[2], 
i_filter[3], i_filter[4])
+sys.stderr.write('Reloaded %s\n' % i_filter[0])
+except:
+sys.stderr.write('Not reloaded %s\n' % i_filter[0])
+try:
 replyCode = i_filter[1](bodyFile, controlFileList)
 except:
 filterError = sys.exc_info()


signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-19 Thread Markus Wanner

On 05/18/2017 12:35 PM, Sam Varshavchik wrote:
> Fairly unambiguous. This part of the version string is only present in
> the courier-specific maildrop build.

Cool, thanks.

Markus




signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-19 Thread Markus Wanner

Hi,

On 05/19/2017 02:53 AM, Ángel wrote:
> On 2017-05-18 at 19:03 +0200, Alessandro Vesely wrote:
>> Although the real issue is maildrop, let me note the following about 
>> courier-base:
>>
>> * couriertcpd could be just suggested or recommended, not required,

as Sam mentioned, the current startup scripts do required couriertcpd
(even the adjusted ones in Debian).

>> * testmxlookup could be moved to courier-mta,

Hm.. sounds like a courier-utils package might be useful.

>> * I don't see how maildir utilities can be useful on a standalone SMTP 
>> server.

Well, it could still be an MTA delivering mail to maildirs. Doesn't seem
far fetched to me. But if we add a courier-utils or such, that would
probably be the right place.

> While we are on the topic of debian package wishlists...
> (not sure if this is the best venue, but otoh I feel it's good to
> discuss it first rather than simply filing a bug)

Thanks for your consideration. Yes, I appreciate that. OTOH I tend to
forget discussions, if they don't result in a bug, so please file
wishlist bugs as a result of the discussion. (And it's sometimes helpful
if it's users filing the issues, rather than the maintainer himself.)

> ...I would like having couriertls at its own package:

Sounds like a good idea to me, yes.

> 1) It is a standalone tool, useful on its own.
> It can be used as a cli tool (as a "tls telnet"), as well as by other
> programs (I have used it that way to support TLS)
> 
> 2) It used to be at a different package, so it would be consistent with
> previous practice
> (kind of, it had an -apparently unneeded- depends on courier-base)

I wasn't aware of that. In this case, I should better check why the
separate package was dropped.

> 3) That would allow having a virtual package with two versions, so that
> the sysadmin could choose whether to have it linked against openssl or
> gnutls (they used to have slightly different features, so in the past I
> ended up recompiling the courier-ssl package to switch libraries)

Hm.. IIRC I had to compile courier against GnuTLS to work. I don't
currently find the exact issue, though.

> This is specially interesting from a security point of view imho, since
> should a problem develop on either of these libraries, you could easily
> switch to the other library while keeping the upper level server
> unchanged (assuming the config used compatible ciphers, etc.).

Well, that however means we'd always have to support both. But yes, I
can see merit in having a separate package.

> I apologize for the annoyance, tell me if there's anything I can do to
> help with it.

No need to apologize.

Scanning through the Debian bug list would help. There are lots of very
old issues and I think many of them do not apply any more.

https://bugs.debian.org/cgi-bin/pkgreport.cgi?archive=0;src=courier

Even just prioritizing the list would be helpful.

I'm focusing on the stretch release, ATM.

Kind Regards

Markus Wanner

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] szmlink counts as quota

2017-05-18 Thread SZÉPE Viktor

Hello!

I am trying to prevent multiple Trash, Junk, Sent folders created by  
various mail clients.

For example these are the symlinks for Sent:
.Sent
.Sent Items -> .Sent
.Sent Messages -> .Sent

Could it be that that Courier counts Sent folder size three time while  
calculating quota?
BTW this account is over 1GB quota while the Maildir folder's size is 481 MB.



SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
-- 
+36-20-4242498  s...@szepe.net  skype: szepe.viktor
Budapest, III. kerület





--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-18 Thread Ángel

On 2017-05-18 at 19:03 +0200, Alessandro Vesely wrote:
> Although the real issue is maildrop, let me note the following about 
> courier-base:
> 
> * couriertcpd could be just suggested or recommended, not required,
> 
> * testmxlookup could be moved to courier-mta,
> 
> * I don't see how maildir utilities can be useful on a standalone SMTP server.
> Perhaps they could be moved to courier-imap, courier-pop, or both.
> 
> Ale

While we are on the topic of debian package wishlists...
(not sure if this is the best venue, but otoh I feel it's good to
discuss it first rather than simply filing a bug)

...I would like having couriertls at its own package:

1) It is a standalone tool, useful on its own.
It can be used as a cli tool (as a "tls telnet"), as well as by other
programs (I have used it that way to support TLS)

2) It used to be at a different package, so it would be consistent with
previous practice
(kind of, it had an -apparently unneeded- depends on courier-base)

3) That would allow having a virtual package with two versions, so that
the sysadmin could choose whether to have it linked against openssl or
gnutls (they used to have slightly different features, so in the past I
ended up recompiling the courier-ssl package to switchj libraries)

This is specially interesting from a security point of view imho, since
should a problem develop on either of these libraries, you could easily
switch to the other library while keeping the upper level server
unchanged (assuming the config used compatible ciphers, etc.).

I apologize for the annoyance, tell me if there's anything I can do to
help with it.

Best regards

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-18 Thread Sam Varshavchik


Alessandro Vesely writes:

Although the real issue is maildrop, let me note the following about courier- 
base:


* couriertcpd could be just suggested or recommended, not required,


It most certainly is required. The default startup script require it.

I suppose you could customize the package to use inetd. Or systemd. To  
listen on the port and start the server.


This would mostly work for imap and pop3. But this is going to lose quite a  
bit of functionality with smtp, which depends on couriertcpd for setting  
environment variables based on the connecting IP address.




pgpwicQitusdk.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-18 Thread SZÉPE Viktor

Idézem/Quoting Alessandro Vesely <ves...@tana.it>:

> On Thu 18/May/2017 00:19:07 +0200 Markus Wanner wrote:
>> On 17.05.2017 09:48, Alessandro Vesely wrote:
>>
>>> My suggestion is to avoid disassembling the Courier tarball.  That is, have
>>> maildrop included by default in courier-mta, and possibly merge it with
>>> courier-base as well (why were they split, BTW?)
>>
>> Flexibility. And separation of concerns.
>>
>> I like being able to install courier-imap, but not courier-pop, for
>> example. Or running just the courier-mta without either of the other
>> two. That's quite common for Debian, I'd say.
>
> Although the real issue is maildrop, let me note the following about  
> courier-base:
>
> * couriertcpd could be just suggested or recommended, not required,
>
> * testmxlookup could be moved to courier-mta,
>
> * I don't see how maildir utilities can be useful on a standalone  
> SMTP server.
> Perhaps they could be moved to courier-imap, courier-pop, or both.
>
> Ale
> --

Debian policy states that a software should not be in more than one package.
It may seem strange that some parts are abstracted out of a common code base.

In Debian it is usual to have one software component in one package.
For example when you update it you don't have to download and install  
the whole software.

Looking at things from inside Debian these may come handy: you never  
have to deal with building a software from source, maintainers do that  
for you.

All the best to you!


SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
-- 
+36-20-4242498  s...@szepe.net  skype: szepe.viktor
Budapest, III. kerület





--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-18 Thread Alessandro Vesely

On Thu 18/May/2017 00:19:07 +0200 Markus Wanner wrote:
> On 17.05.2017 09:48, Alessandro Vesely wrote:
> 
>> My suggestion is to avoid disassembling the Courier tarball.  That is, have
>> maildrop included by default in courier-mta, and possibly merge it with
>> courier-base as well (why were they split, BTW?)
> 
> Flexibility. And separation of concerns.
> 
> I like being able to install courier-imap, but not courier-pop, for
> example. Or running just the courier-mta without either of the other
> two. That's quite common for Debian, I'd say.

Although the real issue is maildrop, let me note the following about 
courier-base:

* couriertcpd could be just suggested or recommended, not required,

* testmxlookup could be moved to courier-mta,

* I don't see how maildir utilities can be useful on a standalone SMTP server.
Perhaps they could be moved to courier-imap, courier-pop, or both.

Ale
-- 

























signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-18 Thread Sam Varshavchik

Markus Wanner writes:

> The
> differences are in the configuration. The biggest difference is
> maildrop, because it ties in directly into mail delivery, and it has
> Courier-specific features, and Courier has maildrop-specific features as
> well.

Understood.

(If you're provided a maildrop binary, how do you tell which variant it is?)

$ maildrop -v
maildrop 2.8.5 Copyright 1998-2015 Double Precision, Inc.
Courier-specific maildrop build. This version of maildrop should only be used
with Courier, and not any other mail server.

Fairly unambiguous. This part of the version string is only present in the  
courier-specific maildrop build.

pgpB6mBu8cYkE.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-18 Thread Markus Wanner

Sam,

On 05/18/2017 12:29 AM, Sam Varshavchik wrote:
> When I refer to source releases, I always refer to
> http://www.courier-mta.org/download.html

Thanks for clarifying, that's usually referred to as upstream in Debian,
whereas "the package" is the result of packaging for Debian. Please
excuse the confusion this may have caused, I'll be more specific in the
future.

> I am not familiar with the details of Debian's packaging. I can only
> explain how I package the source.

Fair enough, you don't need to be. I not familiar with upstream sources,
either. And despite you thinking it's simple, it had quite some
surprises for me. I'm glad we uncovered those and I hope to find ways
that work well for both of us.

> There are no functional differences, except for maildrop.

I'm glad to hear.

> The
> differences are in the configuration. The biggest difference is
> maildrop, because it ties in directly into mail delivery, and it has
> Courier-specific features, and Courier has maildrop-specific features as
> well.

Understood.

(If you're provided a maildrop binary, how do you tell which variant it is?)

> It should be possible to build courier, and selectively carve out the
> built imap and sqwebmail components to be individually installed without
> courier.

I think that's how it's done for Debian, up until now.

> But that's going to require writing custom startup scripts. There's only
> one startup script for courier, that starts everything. It's fairly easy
> to carve out imap and webmail as an optional subpackage. Courier's
> startup script will try starting them only if it finds them installed.
> But left to their own merits, the subpackages won't do anything without
> writing and adding some startup scripts into the subpackages. Then they
> can be installed independently and use without Courier. But then, you'll
> also have to fix courier's startup script not to try starting them
> itself, since the subpackage will take care of with its own startup script.

Yes, I think all of those startup scripts are in place, including
systemd units. This allows Debian users to control (and install) the
services individually, which I think is an important feature.

Sounds like the only remaining issue is maildrop. I'll investigate
further on possible solutions.

Thank you for explaining and for your understanding of the Debian
specific requirements. I'm well aware those may seem weird sometimes and
are often hard to meet.

Kind Regards

Markus Wanner

signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-17 Thread Sam Varshavchik

Markus Wanner writes:

Hi,

On 17.05.2017 02:44, Sam Varshavchik wrote:
> Only one maildrop package is needed. And one courier package, that's it.

Unfortunately, there is not separate courier-mta source release. Only

When I refer to source releases, I always refer to http://www.courier- 
mta.org/download.html

> Did you know that there's also a separate courier-imap package?

There is a courier-imap package for Debian, built from the courier
sources. Are you saying this one is incompatible to the separate
courier-imap source release?

I am not familiar with the details of Debian's packaging. I can only explain  
how I package the source.

And to live up to the simplicity you're advocating, I'd recommend
eliminating any difference between individual components and the bundle.
I'm not the first one to be caught by surprise, and I certainly won't be
the last one.

There are no functional differences, except for maildrop. The differences  
are in the configuration. The biggest difference is maildrop, because it  
ties in directly into mail delivery, and it has Courier-specific features,  
and Courier has maildrop-specific features as well.

It should be possible to build courier, and selectively carve out the built  
imap and sqwebmail components to be individually installed without courier.

But that's going to require writing custom startup scripts. There's only one  
startup script for courier, that starts everything. It's fairly easy to  
carve out imap and webmail as an optional subpackage. Courier's startup  
script will try starting them only if it finds them installed. But left to  
their own merits, the subpackages won't do anything without writing and  
adding some startup scripts into the subpackages. Then they can be installed  
independently and use without Courier. But then, you'll also have to fix  
courier's startup script not to try starting them itself, since the  
subpackage will take care of with its own startup script.

Again, all of the above describes what's in the upstream source. I am not  
familiar with Debian's packaging.

pgpNgJQRfNLDy.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-17 Thread Markus Wanner

Hi,

On 17.05.2017 09:48, Alessandro Vesely wrote:
> I'd suggest to avoid that.

I'd love not having to reintroduce a second maildrop variant.

> I use subjunctive because I install Courier from
> tarballs rather than Debian packages, except for off-hand tests.  In the 
> latter
> case, I get confused by the bewildering amount of Courier packages available 
> in
> the Debian distro —there are 27 of them, correct?

Why does that confuse you? An MTA and an IMAP server are clearly
distinct things. Just install what you need.

I personally didn't ever think of installing "courier". I installed
their MTA, their IMAP or POP server. And - I have to admit - not ever
their Webmail. I didn't ever want nor need the entire bundle. But I
could (in theory), by simply installing all the parts.

> My suggestion is to avoid disassembling the Courier tarball.  That is, have
> maildrop included by default in courier-mta, and possibly merge it with
> courier-base as well (why were they split, BTW?)

Flexibility. And separation of concerns.

I like being able to install courier-imap, but not courier-pop, for
example. Or running just the courier-mta without either of the other
two. That's quite common for Debian, I'd say. Take the modules for
apache's httpd as another example of that practice. Or the fact that
Debian ships separate client and server packages for most databases.

Kind Regards

Markus Wanner

signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-17 Thread Markus Wanner

Hi,

On 17.05.2017 02:44, Sam Varshavchik wrote:
> Only one maildrop package is needed. And one courier package, that's it.

Unfortunately, there is not separate courier-mta source release. Only
the bundle. That's problematic for distributions per se.

That's not a Debian specific issue, but generally bad for any
distribution. A good read may be:
https://wiki.gentoo.org/wiki/Why_not_bundle_dependencies

Or Debian's upstream guide, see the section "Pristine Upstream Source":
https://wiki.debian.org/UpstreamGuide#Pristine_Upstream_Source

> Did you know that there's also a separate courier-imap package? 

There is a courier-imap package for Debian, built from the courier
sources. Are you saying this one is incompatible to the separate
courier-imap source release? I strongly hope it's not. (And I had the
very same hope for maildrop, but that was utterly wrong in a very
non-obvious way, despite proclaimed simplicity...)

> And things have been this simpler for over 20 years now. That's how long
> things have worked this way, with no issues. People get the right
> package for them, compile it, and install it. That's it.

Several issues were filed against the duplication in Debian packages for
the two different maildrop variants. And the two packages were often out
of sync.

Please note that there's nothing speaking against a bundle for users who
want to compile for themselves (in contrast to using distro packages)
and appreciate the bundling. However, for Debian, I'd greatly appreciate
separate source tarballs for each individual component.

And to live up to the simplicity you're advocating, I'd recommend
eliminating any difference between individual components and the bundle.
I'm not the first one to be caught by surprise, and I certainly won't be
the last one.

I'm looking forward to support Courier for Debian. However, I need a bit
of understanding and support from upstream. Thank you.

Kind Regards

Markus Wanner

signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-17 Thread Alessandro Vesely

On Tue 16/May/2017 19:06:55 +0200 Markus Wanner wrote:
> 
> I'll check if it's feasible to re-add the courier-maildrop package in
> Debian stretch (i.e. the Courier specific variant)

I'd suggest to avoid that.  I use subjunctive because I install Courier from
tarballs rather than Debian packages, except for off-hand tests.  In the latter
case, I get confused by the bewildering amount of Courier packages available in
the Debian distro —there are 27 of them, correct?

My suggestion is to avoid disassembling the Courier tarball.  That is, have
maildrop included by default in courier-mta, and possibly merge it with
courier-base as well (why were they split, BTW?)  The complete package should
conflict with the standalone version of maildrop.

Jm2c
Ale
-- 

signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-16 Thread SZÉPE Viktor

Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>:

> Markus Wanner writes:
>
>> I don't quite see how that matters. It's the same set of source files,
>> which would need the same set of security fixes, for example. What does
>> the duplication of efforts buy us?
>>
>> I'd rather state that duplication of code is never a good idea, but a
>> sign for bad modularization.
>
> Nothing is duplicated. It's one source repo. Packaging is a  
> completely different matter.
>
>> By that reasoning, Debian would have to ship about a dozen variants of
>> maildrop packages. That's clearly not going to happen.
>
> Only one maildrop package is needed. And one courier package, that's it.
>
>> While I generally agree that it's good practice to remove stuff that's
>> really not needed, the courier variant *is* needed (by some users,
>> including myself).
>
> Certainly, and there's a single package that configures and installs  
> everything: courier.
>
>>   Splitting sources and duplicating efforts only
>
> Nothing is split. It's the same software, just packaged differently.
>
>> I'll check if it's feasible to re-add the courier-maildrop package in
>> Debian stretch (i.e. the Courier specific variant), but I'd greatly
>> appreciate if you could reconsider this split.
>
> Nothing is split. There are two separate packages, for two separate  
> situations. One, a single courier package, that includes everything  
> configured to work together. And the second package is the maildrop  
> package, configured without any courier dependencies, to be plugged  
> into other mail servers. That's it. It couldn't be any simpler.
>
> Did you know that there's also a separate courier-imap package? It's  
> just the IMAP server component, that can be set up independently,  
> and glued together with other mail servers. There's also the  
> sqwebmail package, a mail server-independent webmail server.
>
> And, of course, the Courier package installs everything, configured  
> to work with each other. Couldn't be any simpler.
>
> And things have been this simpler for over 20 years now. That's how  
> long things have worked this way, with no issues. People get the  
> right package for them, compile it, and install it. That's it.

Hello Sam!

I think the Debian maintainer has to bridge the gap of "compile it,  
and install it" and the strict Debian policies.

For example I've learned packaging basics because I would like to have  
only packages on my servers not individual files without a central  
system like apt+dpkg.

I hope we will find a nice way to package your software by the  
guidelines of the Debian policies.

All the best!


SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
-- 
+36-20-4242498  s...@szepe.net  skype: szepe.viktor
Budapest, III. kerület





--------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-16 Thread Sam Varshavchik


Markus Wanner writes:


I don't quite see how that matters. It's the same set of source files,
which would need the same set of security fixes, for example. What does
the duplication of efforts buy us?

I'd rather state that duplication of code is never a good idea, but a
sign for bad modularization.


Nothing is duplicated. It's one source repo. Packaging is a completely  
different matter.



By that reasoning, Debian would have to ship about a dozen variants of
maildrop packages. That's clearly not going to happen.


Only one maildrop package is needed. And one courier package, that's it.


While I generally agree that it's good practice to remove stuff that's
really not needed, the courier variant *is* needed (by some users,
including myself).


Certainly, and there's a single package that configures and installs  
everything: courier.



   Splitting sources and duplicating efforts only


Nothing is split. It's the same software, just packaged differently.


I'll check if it's feasible to re-add the courier-maildrop package in
Debian stretch (i.e. the Courier specific variant), but I'd greatly
appreciate if you could reconsider this split.


Nothing is split. There are two separate packages, for two separate  
situations. One, a single courier package, that includes everything  
configured to work together. And the second package is the maildrop package,  
configured without any courier dependencies, to be plugged into other mail  
servers. That's it. It couldn't be any simpler.


Did you know that there's also a separate courier-imap package? It's just  
the IMAP server component, that can be set up independently, and glued  
together with other mail servers. There's also the sqwebmail package, a mail  
server-independent webmail server.


And, of course, the Courier package installs everything, configured to work  
with each other. Couldn't be any simpler.


And things have been this simpler for over 20 years now. That's how long  
things have worked this way, with no issues. People get the right package  
for them, compile it, and install it. That's it.




pgpJLuPCMyOkl.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-16 Thread Markus Wanner

On 05/16/2017 05:10 PM, Sam Varshavchik wrote:
> They should not be. maildrop is a separate source package. It's a
> tarball in of itself, that's built independently.
> 
> Now, the fact that this tarball contains code that's also found in
> another, larger, package, that's a different subject.

I don't quite see how that matters. It's the same set of source files,
which would need the same set of security fixes, for example. What does
the duplication of efforts buy us?

I'd rather state that duplication of code is never a good idea, but a
sign for bad modularization.

> The Courier build of maildrop implements a Courier-specific option
> that's got ...a bit of juice to it, taking advantage of its temporary
> root permissions.
> 
> Although the relevant bits in question do all their due diligence,
> checking that the real uid/gid is the one that's baked into the source,
> and thusly is only available to Courier, etc., it's good practice to
> remove stuff that's not needed. Multiple layers of security. It's better
> to keep that code out of the non-Courier specific maildrop, altogether.

By that reasoning, Debian would have to ship about a dozen variants of
maildrop packages. That's clearly not going to happen.

While I generally agree that it's good practice to remove stuff that's
really not needed, the courier variant *is* needed (by some users,
including myself). Splitting sources and duplicating efforts only
reduces overall test coverage and availability of security fixes, so I
don't quite see this as an overall gain in security.

If nothing else, it would have saved us the current confusion and
trouble with maildrop being available in multiple incompatible variants,
which aren't clearly distinguishable by name.

I'll check if it's feasible to re-add the courier-maildrop package in
Debian stretch (i.e. the Courier specific variant), but I'd greatly
appreciate if you could reconsider this split.

Kind Regards

Markus Wanner

signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-16 Thread Sam Varshavchik


Markus Wanner writes:


I'd quickly like to elaborate on why the former Debian maintainer
decided to do that and hope for your understanding:

Before, there was a courier-maildrop as well as a (stand-alone) maildrop
package. Meaning those two are built from the very same source, but


They should not be. maildrop is a separate source package. It's a tarball in  
of itself, that's built independently.


Now, the fact that this tarball contains code that's also found in another,  
larger, package, that's a different subject.



Couldn't most of this configuration be moved to runtime, rather than
compile time?


The Courier build of maildrop implements a Courier-specific option that's  
got ...a bit of juice to it, taking advantage of its temporary root  
permissions.


Although the relevant bits in question do all their due diligence, checking  
that the real uid/gid is the one that's baked into the source, and thusly is  
only available to Courier, etc., it's good practice to remove stuff that's  
not needed. Multiple layers of security. It's better to keep that code out  
of the non-Courier specific maildrop, altogether.


pgpIGACk1jI_e.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-16 Thread Markus Wanner

Hi,

On 05/16/2017 02:27 PM, Sam Varshavchik wrote:
> This has been discussed already – that package replaces the maildrop
> component with the standalone version of maildrop. This doesn't work
> correctly, or rather it won't work without some additional
> configuration. 

I'd quickly like to elaborate on why the former Debian maintainer
decided to do that and hope for your understanding:

Before, there was a courier-maildrop as well as a (stand-alone) maildrop
package. Meaning those two are built from the very same source, but
built with different configuration options. From a maintenance and
security perspective, that's unfortunate and Debian strives to eliminate
duplicate source packages.

However, I certainly agree that the current situation is even worse.

> That, for all intents and purposes, is maildrop getting
> installed with some standalone mail server, and maildrop needs to be set
> up to use the same configuration as the mail server, in terms of where
> the mail accounts are, who owns them, and each one's userid and groupid.
> It's no longer just something that get me dropped in, and work
> automatically.

Couldn't most of this configuration be moved to runtime, rather than
compile time?

Kind Regards

Markus Wanner

signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-16 Thread SZÉPE Viktor

Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>:

> Lucio Crusca writes:
>
>> but the maildrop manpage reports:
>>
>> "-V is ignored when maildrop runs in delivery mode."
>>
>> and maildropfilter manpage reports the same about the VERBOSE variable.
>
> Then run maildrop manually, yourself. Run maildrop with -V from the  
> shell, pipe a test message on standard input, and see what it logs.
>
>> is there any other switch to make maildrop log informations while  
>> in delivery mode?
>>
>> Please advice, I'm at a loss.
>
> Bottom line is that Debian's Courier package is not correctly built.  
> If you can't figure out a workaround, there's no other option  
> besides building your own Courier package, from source.

Hello Sam!

Could you point out some difference that you feel incorrect?
It would help much for maintaining the Debian package.


SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
-- 
+36-20-4242498  s...@szepe.net  skype: szepe.viktor
Budapest, III. kerület





--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-16 Thread Lucio Crusca

It now works: Markus kindly sent me his patch and his custom maildrop 
2.8.4 deb package, because he's currently short of time to keep up with 
the conversation here.

I tried to apply his patch to maildrop 2.8.5 sources. The patch gets 
applied, but configuration fails afterwards for some reason I don't 
understand (syntax errors).

I finally installed the package Markus sent me.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-16 Thread Sam Varshavchik


Lucio Crusca writes:


but the maildrop manpage reports:

"-V is ignored when maildrop runs in delivery mode."

and maildropfilter manpage reports the same about the VERBOSE variable.


Then run maildrop manually, yourself. Run maildrop with -V from the shell,  
pipe a test message on standard input, and see what it logs.


is there any other switch to make maildrop log informations while in  
delivery mode?


Please advice, I'm at a loss.


Bottom line is that Debian's Courier package is not correctly built. If you  
can't figure out a workaround, there's no other option besides building your  
own Courier package, from source.





pgpZSidxVvAEO.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-16 Thread Lucio Crusca

I wrote:
> Is it enough to edit that line, make it look like

> #ifndef HAVE_COURIER
>#define HAVE_COURIER
> #endif
>
> and configure/make/install?

I answer myself: no it isn't, because I've tried and that leads to a 
compile error. Then I've also tried just commenting out the #undef, 
building, installing, making it SUID root, configuring Courier to use 
that maildrop as DEFAULTDELIVERY, but still the messages are not 
actually being delivered into the virtual accounts maildirs, despite the 
logs not reporting any problem.

Sam Varshavchik writes:
 > look in the .mailfilter file

The virtual account I'm testing with has no .mailfilter.
I've tried a few things in the default /etc/maildroprc:

DEFAULT="$HOME/Maildir" # leads to message not being delivered

DEFAULT=./Maildir # same as above

DEFAULT=./Maildir/ # maildrop: Unable to open mailbox.

# empty file # maildrop: Unable to open mailbox.

logfile "/var/log/maildrop.log" # Unable to create log file.

During all these tests Courier was using my custom setuid maildrop.

Sam Varshavchik writes:
 > maildrop also has a verbose flag, that causes it to generate its own
 > logging.

but the maildrop manpage reports:

"-V is ignored when maildrop runs in delivery mode."

and maildropfilter manpage reports the same about the VERBOSE variable.

is there any other switch to make maildrop log informations while in 
delivery mode?

Please advice, I'm at a loss.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-16 Thread Lucio Crusca

I wrote:
> What does exactly mean to compile maildrop with HAVE_COURIER? I coulnd't find 
> any
> such option in ./configure and the generated Makefile does not include
> it either.

I've had a look at the current maildrop stable sources (2.8.5). In the 
file libs/maildrop/config.h.in I see:

#undef HAVE_COURIER

at line 7. Is it enough to edit that line, make it look like

#ifndef HAVE_COURIER
   #define HAVE_COURIER
#endif

and configure/make/install?

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-14 Thread Lucio Crusca

Markus Wanner writes:
> Is this the Debian stretch installation mentioned?
>

Yes it is.

> I'm successfully running a courier installation on Debian stretch with
> maildrop compiled manually, ATM.

Thanks for sharing, I'm afraid that's what I need to do too. What does 
exactly mean to compile maildrop with HAVE_COURIER? I coulnd't find any 
such option in ./configure and the generated Makefile does not include 
it either.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-14 Thread Markus Wanner

On 14.05.2017 20:16, Lucio Crusca wrote:
> However if I try to use maildrop alone, with:
> 
> DEFAULTDELIVERY="| /usr/bin/maildrop"
> 
> it stops working again, so I think I have a problem with maildrop rather 
> than spamd.

Is this the Debian stretch installation mentioned?

You might have run into an issue caused by the recent removal of the
courier-maildrop package, see this issue:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818377

It boils down to maildrop being compiled without HAVE_COURIER, where as
the courier MTA (unsurprisingly) expects that #define to be set.

I'm successfully running a courier installation on Debian stretch with
maildrop compiled manually, ATM.

Kind Regards

Markus Wanner

Disclaimer: I'm a Debian Developer and recently took over maintenance of
the Courier MTA suite. However, I'm not sure we can still solve this
maildrop issue in time for the stretch release. Sorry.

signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-14 Thread Sam Varshavchik

Lucio Crusca writes:

Sam Varshavchik writes:
> From the logs, you've configured spamd to be responsible for delivering
> mail
 >
 > You have to take smaller steps, and get one thing working, at a time.

I've now moved spamd out of the way. My previous DEFAULTDELIVERY was

DEFAULTDELIVERY="|/usr/bin/spamc|/usr/bin/maildrop"

The current one is:

DEFAULTDELIVERY=./Maildir

and everyting works. However if I try to use maildrop alone, with:

DEFAULTDELIVERY="| /usr/bin/maildrop"

it stops working again, so I think I have a problem with maildrop rather
than spamd.

Then, look in the .mailfilter file to see what the delivery instructions are.

maildrop also has a verbose flag, that causes it to generate its own logging.

pgpB8shQVlAMs.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-14 Thread Lucio Crusca

Sam Varshavchik writes:
> From the logs, you've configured spamd to be responsible for delivering
> mail
 >
 > You have to take smaller steps, and get one thing working, at a time.

I've now moved spamd out of the way. My previous DEFAULTDELIVERY was

DEFAULTDELIVERY="|/usr/bin/spamc|/usr/bin/maildrop"

The current one is:

DEFAULTDELIVERY=./Maildir

and everyting works. However if I try to use maildrop alone, with:

DEFAULTDELIVERY="| /usr/bin/maildrop"

it stops working again, so I think I have a problem with maildrop rather 
than spamd.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message delivered, but no message in INBOX

2017-05-14 Thread Sam Varshavchik


Lucio Crusca writes:



E.g. no files written into the Maildir, despite the "Message delivered"
log. I've also tried to access the Maildir with Thunderbird and
RoundCube and they both confirm there aren't any messages.

I have no clue about what I should check... please help.


From the logs, you've configured spamd to be responsible for delivering  

mail, so you'll have to look in that direction.

You can start by completely removing spamd from your configuration, so that  
it's out of the picture, and with Courier delivering mail directly to the  
mailbox, confirming that mail delivery works. Once that's settled, you can  
then bring spamd back into the picture, and work on it.


When trying to do too many things at once, if something is broken somewhere  
it is often not clear where exactly the issue is. You have to take smaller  
steps, and get one thing working, at a time.




pgprDAtl_A3Ms.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Message delivered, but no message in INBOX

2017-05-13 Thread Lucio Crusca

 4096 May 14 01:05 ..

./Maildir/tmp:
total 8
drwx-- 2 mailboxes mailboxes 4096 May 14 01:05 .
drwx-- 8 mailboxes mailboxes 4096 May 14 01:05 ..

./Maildir/.Trash:
total 20
drwx-- 5 mailboxes mailboxes 4096 May 14 01:05 .
drwx-- 8 mailboxes mailboxes 4096 May 14 01:05 ..
drwx-- 2 mailboxes mailboxes 4096 May 14 01:05 cur
-rw--- 1 mailboxes mailboxes0 May 14 01:05 maildirfolder
drwx-- 2 mailboxes mailboxes 4096 May 14 01:05 new
drwx-- 2 mailboxes mailboxes 4096 May 14 01:05 tmp

./Maildir/.Trash/cur:
total 8
drwx-- 2 mailboxes mailboxes 4096 May 14 01:05 .
drwx-- 5 mailboxes mailboxes 4096 May 14 01:05 ..

./Maildir/.Trash/new:
total 8
drwx-- 2 mailboxes mailboxes 4096 May 14 01:05 .
drwx-- 5 mailboxes mailboxes 4096 May 14 01:05 ..

./Maildir/.Trash/tmp:
total 8
drwx-- 2 mailboxes mailboxes 4096 May 14 01:05 .
drwx-- 5 mailboxes mailboxes 4096 May 14 01:05 ..


E.g. no files written into the Maildir, despite the "Message delivered" 
log. I've also tried to access the Maildir with Thunderbird and 
RoundCube and they both confirm there aren't any messages.

I have no clue about what I should check... please help.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] 456 Address temporarily unavailable

2017-05-13 Thread Gordon Messmer

On 05/13/2017 12:53 AM, Lucio Crusca wrote:
> Now for the problem. Out of 6 accounts. 5 do work correctly. For one of
> them Courier replies "456 Address temporarily unavailable".
> "courier clear" on maxwell does not change the reply I get afterwards.

In case it helps: you probably want to look at log entries matching 
"courierlocal:" and the address that's failing in /var/log/maillog (or 
Debian's equivalent.  I'm unsure if they use that path).  You're looking 
for a failure that occurred before the earliest of your 456 errors, so 
it might be useful to identify when the first of those occurred.

grep courierlocal: /var/log/maillog | grep address # look for a failure 
earlier than the first 456

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] 456 Address temporarily unavailable

2017-05-13 Thread Sam Varshavchik


Lucio Crusca writes:


Now for the problem. Out of 6 accounts. 5 do work correctly. For one of
them Courier replies "456 Address temporarily unavailable".
"courier clear" on maxwell does not change the reply I get afterwards.


The 456 occurs only after a previous mail delivery failure. It's a temporary  
block on an email address that failed delivery. There's nothing to be done  
about it, the only thing you can do is address the original delivery failure.


You need to carefully examine your logs and locate the original delivery  
failure. The "courier clear" command takes an argument, either the email  
address or "courier clear all".


The email address given to "courier clear" may not necessarily be what you  
think it is when it is a local address, as a result of mail aliasing. So use  
"courier clear all" to remove all addresses, then make a delivery attempt,  
and carefully observe what the logs say.





pgpsQjXb2M6Ts.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] 456 Address temporarily unavailable

2017-05-13 Thread Lucio Crusca

Hello,

I'm trying to configure a new Courier-MTA server at 
maxwell.virtualbit.it. It's a Debian 9 Stretch system behind a NAT (kvm 
virtualization) and the installed Courier is the Debian packaged version 
(0.76.3).

I already have another Courier-MTA working at nmx.sulweb.org. This is a 
production server and it is running Debian 8 Jessie and Courier 0.73.1.

The new server (maxwell) is hosting one domain only 
(studiobertolotto.org) and 6 accounts in that domain, but it is 
configured to host several domains with virtual accounts. userdb file 
holds the accounts, no sql nor ldap databases here.

The MX record for studiobertolotto.org does currently not point maxwell, 
so that I can test it before making it a production server (the current 
MX record points to yet another production server which is not 
nmx.sulweb.org and it runs Postfix). The 6 accounts maildirs have been 
populated with real content using imapsync.

The current production server (nmx.sulweb.org) does NOT host 
studiobertolotto.org, and I use it in my email client as smarthost to 
send emails. It has the following in /etc/courier/esmtproutes:

studiobertolotto.org: maxwell.virtualbit.it

so that when I try to send a test message to one of the 6 accounts, the 
message actually gets routed to the new server instead of the real one.

Now for the problem. Out of 6 accounts. 5 do work correctly. For one of 
them Courier replies "456 Address temporarily unavailable".
"courier clear" on maxwell does not change the reply I get afterwards.

The only difference I could find between that account and the others, is 
that the non working account maildir contains worth of 21GB of messages, 
while others are much smaller. However I've no quota configured, no -q 
option ever used to maildirmake, and virtual accounts, so no 
filesystem-level quota is possible.

What else in my setup can cause a 456 reply?

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Throw-Away EMails

On 2017-05-02 08:20:35 Sam Varshavchik hacked into the keyboard:
> Michelle Konzack writes:
> >I was not aware, that courier allow this.
> 
> What, the existence of the .courier files themselves? They've been
> around for decades, with their functionality identical to the same
> functionality in Qmail, which has the same exact concept.

No, that courier accept in the USER_HOME a file,
which is not owned by the USER.

> The fact that they can be created at will – we'll they're just
> files, that's all.

...with non-matching user/group

-- 
Michelle KonzackMiila ITSystems @ TDnet
GNU/Linux Developer 00372-54541400


signature.asc
Description: Digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] extension to email/localname

2017-05-02 Thread Ángel

On 2017-05-02 at 09:12 +0200, Michelle Konzack wrote:
> I  have  just  discovered,  that  if  user  "www-data"  touch  the  file
> "~/.courier-foo" courier accept it and does not complain  about  a  from
> file owner!
> 
> I allowed my PHP scripts to create/modify/delete files in the user homes
> but only if they do not exist.

"Only if they do not exist"? I guess you mean that the php file itself
checks it doesn't exist before proceeding, rather than an ACL only
allowing that.


> It seems, this way the problem is solved!
> 
> Now I have only to solv the problems with aliasses,  because  I  do  not
> like to expose my "local account" to spammers.
> 
> Mean, my account is   I can create any attachments  to
> it, but it will not work for my alias .
> 
> It would be very handy, if courier support it.
> 
> Thanks for your time

Create a user entry for linux4michelle (so it is no longer an alias),
with different home but the same Maildir.


Regards

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Throw-Away EMails

2017-05-02 Thread Sam Varshavchik

Michelle Konzack writes:

On 2017-05-02 06:58:40 Sam Varshavchik hacked into the keyboard:
> Michelle Konzack writes:
>
> >Removing "~/.courier-default" and use  instead  "~/.courier-"
> >would be a better  solution  but  require  root  rights  (sudo?)  to  be
> >installed from a webinterface...
>
> Well, it requires the rights to create files in ~; not root but
> whichever userid owns that directory.

Already discovered...  ;-)

I was not aware, that courier allow this.

What, the existence of the .courier files themselves? They've been around  
for decades, with their functionality identical to the same functionality in  
Qmail, which has the same exact concept.

The fact that they can be created at will – we'll they're just files,  
that's all.

pgpJu3t1YN79F.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Throw-Away EMails

On 2017-05-02 06:58:40 Sam Varshavchik hacked into the keyboard:
> Michelle Konzack writes:
> 
> >Removing "~/.courier-default" and use  instead  "~/.courier-"
> >would be a better  solution  but  require  root  rights  (sudo?)  to  be
> >installed from a webinterface...
> 
> Well, it requires the rights to create files in ~; not root but
> whichever userid owns that directory.

Already discovered...  ;-)

I was not aware, that courier allow this.

-- 
Michelle KonzackMiila ITSystems @ TDnet
GNU/Linux Developer 00372-54541400


signature.asc
Description: Digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Throw-Away EMails

2017-05-02 Thread Sam Varshavchik


Michelle Konzack writes:


Removing "~/.courier-default" and use  instead  "~/.courier-"
would be a better  solution  but  require  root  rights  (sudo?)  to  be
installed from a webinterface...


Well, it requires the rights to create files in ~; not root but whichever  
userid owns that directory.




pgpaTMEimqIXb.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] extension to email/localname

Hello Lindsay,

On 2017-05-01 12:10:36 Lindsay Haisley hacked into the keyboard:
> I don't know if this helps you, but my setup for my personal mail and
> toss-off addresses is quite simple, and just works.
> 
> I have a ~/.courier file which is unrelated to my toss-off addresses,
> and does a number of things with filtering, but it's beside the point,
> and my toss-off addresses don't depend on it.
> 
> If I want to create a toss-off (temporary) address, I just touch the
> file ~/.courier-xxx ("xxx" can be anything) to create an empty file

I  have  just  discovered,  that  if  user  "www-data"  touch  the  file
"~/.courier-foo" courier accept it and does not complain  about  a  from
file owner!

I allowed my PHP scripts to create/modify/delete files in the user homes
but only if they do not exist.

It seems, this way the problem is solved!

Now I have only to solv the problems with aliasses,  because  I  do  not
like to expose my "local account" to spammers.

Mean, my account is   I can create any attachments  to
it, but it will not work for my alias .

It would be very handy, if courier support it.

Thanks for your time

-- 
Michelle KonzackMiila ITSystems @ TDnet
GNU/Linux Developer 00372-54541400


signature.asc
Description: Digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Throw-Away EMails

On 2017-05-02 00:18:09 Fred Drueck hacked into the keyboard:
> Would it be sufficient to do something with the .courier-aliases?  Tell
> your users to create something like:
> 
> .courier-forwardtodevnull
> 
> containing:
> 
> | cat > /dev/null
> 
> or whatever you want.  I've occasionally done this myself for mail I don't
> want to receive.

I am user "michelle.konzack" on the system and my account has the files

~/.courier
~/.courier-default
~/.courier-aliasses  (which is symlinked into /etc/courier/aliasses/ )

the "~/.courier-default" point to a special filter which  can  sort  out
which mails I want to see and are sorted into mailfolder /dev/null  ;-)

However, I have installed a traffic counter on this  filter  to  get  an
idea, how much spam I receive over the last 9y since  I  have  installed
the domain/server, this mean if  I  allow  all  users  to  do  this,  my
mailserver would accept arround 300-500 GByte of additional spam.

Removing "~/.courier-default" and use  instead  "~/.courier-"
would be a better  solution  but  require  root  rights  (sudo?)  to  be
installed from a webinterface...

Thanks for your time

-- 
Michelle KonzackMiila ITSystems @ TDnet
GNU/Linux Developer 00372-54541400


signature.asc
Description: Digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Throw-Away EMails