[courier-users] Courier build 20170725
Download: http://www.courier-mta.org/download.html Updated development build restores the TLS_PROTOCOL setting, with the remaining available options, and updating the verifyfilter module to cache validated E-mail addresses. Cumulative changes: - OpenSSL 1.1.0 update. Some options to select specific TLS protocol levels are no longer available. The TLS_PROTOCOL setting adjusted accordingly, and the deprecated options are mapped to their nearest approximate setting. No changes to the GnuTLS alternative option. - maildrop: added the new "system" command. - The SMTP sending code has been rewritten and factored out into an internal library. - New "verifyfilter" module, a filter module that verifies the email sender address by initiating a callback connection to the sender's domain, using the internal SMTP library. The module is also available as a "verifysmtp" command-line tool, that does the same. pgpkx3SqauT3W.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Pythonfilter attachments
On 07/25/2017 09:53 AM, Alessandro Vesely wrote: I've published my alternative version here: https://www.tana.it/sw/pythonfilter_attachments/ I'll take a look at that shortly. Thanks. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Pythonfilter attachments
On Wed 08/Feb/2017 22:11:53 +0100 Gordon Messmer wrote: > On 02/08/2017 10:24 AM, Alessandro Vesely wrote: >> I revamped attachments.py in order to catch Javascript Trojans inside >> a zip, which were driving me crazy. > > The current version supports libarchive, which should allow you to > blacklist file types inside zip files, as well. Yup, that's right. I hadn't got it. I re-introduced support for libarchive, and have been using my alternative version since then. Today I added the .ace extension, after I found a Trojan-PSW.Win32.Fareit.cxcl wrapped that way. It may be safer to just use all available filters. However, the original attachments.py fails like so: Initialized the "attachments" python filter Traceback (most recent call last): File "../courier-pythonfilter/courier-pythonfilter-1.11/filters/attachments.py", line 111, in print doFilter(sys.argv[1], []) File "../courier-pythonfilter/courier-pythonfilter-1.11/filters/attachments.py", line 90, in doFilter if filename and checkArchive(filename, part): File "../courier-pythonfilter/courier-pythonfilter-1.11/filters/attachments.py", line 52, in checkArchive if fparts[-1].lower() in libarchive.FILTERS: AttributeError: 'module' object has no attribute 'FILTERS' If I patch it as attached, it throws no exception, but doesn't block an .exe inside an .ace either. Indeed, in python, I see .ace is not set: Python 2.7.9 (default, Jun 29 2016, 13:08:31) [GCC 4.9.2] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import libarchive >>> libarchive.ffi.READ_FILTER Traceback (most recent call last): File "", line 1, in AttributeError: 'module' object has no attribute 'READ_FILTER' >>> libarchive.ffi.READ_FILTERS set([u'lzma', u'all', u'uu', u'lzop', u'compress', u'bzip2', u'lzip', u'xz', u'lrzip', u'gzip', u'grzip', u'rpm', u'none']) >>> libarchive.ffi.READ_FORMATS set([u'all', u'zip', u'tar', u'lha', u'iso9660', u'7zip', u'xar', u'mtree', u'cpio', u'raw', u'ar', u'rar', u'cab', u'empty']) >>> I've published my alternative version here: https://www.tana.it/sw/pythonfilter_attachments/ Ale -- --- ../courier-pythonfilter/courier-pythonfilter-1.11/filters/attachments.py 2016-05-05 06:08:01.0 +0200 +++ attachments.py 2017-07-25 18:34:55.003804899 +0200 @@ -49,9 +49,9 @@ if not haveLibarchive: return False fparts = filename.split('.') -if fparts[-1].lower() in libarchive.FILTERS: +if fparts[-1].lower() in libarchive.ffi.READ_FILTERS: fparts.pop() -if fparts[-1].lower() not in libarchive.FORMATS: +if fparts[-1].lower() not in libarchive.ffi.READ_FORMATS: return False d = tempfile.mkdtemp() f = '%s/%s' % (d, filename.replace('/','')) -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] development version of Courier.
Matus UHLAR - fantomas writes: On 24.07.17 21:17, Sam Varshavchik wrote: - OpenSSL 1.1.0 update. Custom protocol level format selection has been deprecated. The TLS_PROTOCOL setting is removed from all configuration files, and the latest supported TLS version will always be used. No changes to the GnuTLS alternative option. do you want to say that we'll be unable to disable/enable some protocol versions as we did before? Yes, and no. The OpenSSL library deprecated, and will be removing most of those options. They are no longer available via OpenSSL. But it turns out it's still possible to use some of the "+" configurations, so I'll be putting TLS_PROTOCOL back in, but with only a limited set of options to choose from. pgpABai_dJOoo.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] (no subject)
On 24.07.17 21:17, Sam Varshavchik wrote: - OpenSSL 1.1.0 update. Custom protocol level format selection has been deprecated. The TLS_PROTOCOL setting is removed from all configuration files, and the latest supported TLS version will always be used. No changes to the GnuTLS alternative option. do you want to say that we'll be unable to disable/enable some protocol versions as we did before? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #9: Out of error messages. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] (no subject)
Download: http://www.courier-mta.org/download.html New development build of Courier is available. The major change is a top-to- bottom rewrite of the SMTP client, and a new mail filter (making use of the rewritten SMTP client). The SMTP client rewrite will result in a (several) version change bump, down the road. The OpenSSL 1.1.0 change is also in the courier-imap package, and the maildrop change in the maildrop package. Changes: - OpenSSL 1.1.0 update. Custom protocol level format selection has been deprecated. The TLS_PROTOCOL setting is removed from all configuration files, and the latest supported TLS version will always be used. No changes to the GnuTLS alternative option. - maildrop: added the new "system" command. - The SMTP sending code has been rewritten and factored out into an internal library. - New "verifyfilter" module, a filter module that verifies the email sender address by initiating a callback connection to the sender's domain, using the internal SMTP library. The module is also available as a "verifysmtp" command-line tool, that does the same. pgp8DId28lYif.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SHA in userdb
Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: SZÉPE Viktor writes: Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: SZÉPE Viktor writes: Hello! Would it be possible to document secure hash (SHA-256) support in userdb? systempw=$5$ Produced with mkpasswd --method=sha-256 PASS SALT What do you mean "document"? Just mention it somewhere. For example on this man page http://www.courier-mta.org/authlib/userdbpw.html The userdbpw tool can only generate the '$1$'-formatted passwords. userdbpw does support the -hmac-sha256 option, which is something else, but which I'll add to the documentation. Thank you. I think you are able to choose a proper location to mention that secure sha-256 passwords could be generated by mkpasswd (but not by userdbpw) SZÉPE Viktor, üzemeltetés https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SHA in userdb
SZÉPE Viktor writes: Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: SZÉPE Viktor writes: Hello! Would it be possible to document secure hash (SHA-256) support in userdb? systempw=$5$ Produced with mkpasswd --method=sha-256 PASS SALT What do you mean "document"? Just mention it somewhere. For example on this man page http://www.courier-mta.org/authlib/userdbpw.html The userdbpw tool can only generate the '$1$'-formatted passwords. userdbpw does support the -hmac-sha256 option, which is something else, but which I'll add to the documentation. pgpZIge1uvdUj.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SHA in userdb
Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: SZÉPE Viktor writes: Hello! Would it be possible to document secure hash (SHA-256) support in userdb? systempw=$5$ Produced with mkpasswd --method=sha-256 PASS SALT What do you mean "document"? Just mention it somewhere. For example on this man page http://www.courier-mta.org/authlib/userdbpw.html SZÉPE Viktor, üzemeltetés https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SHA in userdb
SZÉPE Viktor writes: Hello! Would it be possible to document secure hash (SHA-256) support in userdb? systempw=$5$ Produced with mkpasswd --method=sha-256 PASS SALT What do you mean "document"? pgpFwXrxW686t.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] SHA in userdb
Hello! Would it be possible to document secure hash (SHA-256) support in userdb? systempw=$5$ Produced with mkpasswd --method=sha-256 PASS SALT Thanks. SZÉPE Viktor, üzemeltetés https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
On Wed 19/Jul/2017 22:22:13 +0200 Lucio Crusca wrote: > Il 19/07/2017 19:22, Alessandro Vesely ha scritto: >> Did you actually check it? I mean >> >> certtool -i --infile /etc/courier/esmtpd.pem >> >> or >> >> openssl x509 -text -in /etc/courier/esmtpd.pem > > Both tools read the file without errors and display the certificate > informations, the modulus, the signature and the certificate. You could try: TLS_CERTFILE=/etc/courier/esmtpd.pem couriertls -tcpd < /dev/null This will fail, complaining that /dev/null is not a socket. However, any permissions problem, malformed file, and similar will be spotted before. Ale -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
Hello Lucio, On 07/19/2017 11:26 AM, Lucio Crusca wrote: > So far I've enabled courier-mta and courier-msa systemd services, > changed the ports they listed on and created a real system account for > mail relay (authpam). I've also let > > TLS_VERIFYPEER=NONE Could it be an invalid peer certificate none the less? Does the same message appear if you try with openssl as the client, i.e.: openssl s_client -starttls smtp -crlf -connect $HOST:587 > Jul 19 04:48:17 mrelay courieresmtpd: started,ip=[:::80.180.158.103] > Jul 19 04:48:18 mrelay courieresmtpd: courieresmtpd: STARTTLS failed: > Certificate is bad > > I don't know what to try next. Permissions of /etc/courier/esmtpd.pem? Is it a PRIVATE KEY followed by the CERTIFICATE(s)? ..just a few checks that come to mind, might well be irrelevant, though. Kind Regards Markus Wanner signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
Il 19/07/2017 19:22, Alessandro Vesely ha scritto: Did you actually check it? I mean certtool -i --infile /etc/courier/esmtpd.pem or openssl x509 -text -in /etc/courier/esmtpd.pem Both tools read the file without errors and display the certificate informations, the modulus, the signature and the certificate. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
On Wed 19/Jul/2017 14:28:23 +0200 Lucio Crusca wrote: > Il 19/07/2017 12:56, Sam Varshavchik ha scritto: >> Check the server's certificate, esmtpd.pem. That's the only certificate >> in play here. The file is probably corrupted. > > At first glance it seems ok, the structure is the same as another file in > another Courier server I run that works correctly (except the keys are not the > same, obviously). > > I haven't created that file myself nor obtained it from third parties: it's > the > self signed certificate provided by the default courier packages installation. Did you actually check it? I mean certtool -i --infile /etc/courier/esmtpd.pem or openssl x509 -text -in /etc/courier/esmtpd.pem Ale -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
Il 19/07/2017 17:06, Matus UHLAR - fantomas ha scritto: Il 19/07/2017 15:46, PICCORO McKAY Lenz ha scritto: you sould recreate and then test it! On 19.07.17 15:57, Lucio Crusca wrote: Forgot to mention, but I did remove the courier packages, the /etc/courier folder, the APT package cache and reinstalled. Did you remove or purge the packages? Purged. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
Il 19/07/2017 15:46, PICCORO McKAY Lenz ha scritto: you sould recreate and then test it! On 19.07.17 15:57, Lucio Crusca wrote: Forgot to mention, but I did remove the courier packages, the /etc/courier folder, the APT package cache and reinstalled. Did you remove or purge the packages? The quite common problem on debian and derivatives is that you remove packages, but don't purge (clean up configuration files). Package management remembers that the configuration diles are installed and does not create them. When you remove them manually, they won't get installed either. This can lead to troubles similar to those you describe. During reinstallation the system created the self signed certificate again, but nothing changed. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Enter any 12-digit prime number to continue. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
Il 19/07/2017 16:00, PICCORO McKAY Lenz ha scritto: do you reported again debian bug tracker? using reporbug ? Well no, but before reporting I'd like to be sure it's not my fault. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
do you reported again debian bug tracker? using reporbug ? (well today its not as was in the past but it must report too) Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com 2017-07-19 9:57 GMT-04:00 Lucio Crusca <lu...@sulweb.org>: > > > Il 19/07/2017 15:46, PICCORO McKAY Lenz ha scritto: > >> you sould recreate and then test it! >> >> > Forgot to mention, but I did remove the courier packages, the /etc/courier > folder, the APT package cache and reinstalled. > > During reinstallation the system created the self signed certificate > again, but nothing changed. > > Client side this is what I get: > > $ swaks -a -tls -q HELO -s mrelay -au test -ap '<>' -p 25587 > === Trying mrelay:25587... > === Connected to mrelay. > <** Timeout (30 secs) waiting for server response > -> QUIT > <** 220 mrelay ESMTP > === Connection closed with remote host. > > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
Il 19/07/2017 15:46, PICCORO McKAY Lenz ha scritto: you sould recreate and then test it! Forgot to mention, but I did remove the courier packages, the /etc/courier folder, the APT package cache and reinstalled. During reinstallation the system created the self signed certificate again, but nothing changed. Client side this is what I get: $ swaks -a -tls -q HELO -s mrelay -au test -ap '<>' -p 25587 === Trying mrelay:25587... === Connected to mrelay. <** Timeout (30 secs) waiting for server response -> QUIT <** 220 mrelay ESMTP === Connection closed with remote host. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
Il 19/07/2017 12:56, Sam Varshavchik ha scritto: Check the server's certificate, esmtpd.pem. That's the only certificate in play here. The file is probably corrupted. At first glance it seems ok, the structure is the same as another file in another Courier server I run that works correctly (except the keys are not the same, obviousy). I haven't created that file myself nor obtained it from third parties: it's the self signed certificate provided by the default courier packages installation. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
Lucio Crusca writes: Hello, I've just installed a new Courier instance in a new Debian GNU/Linux 9 amd64 server from distro packages. This Courier should act as smart relay for another server and nothing else. So far I've enabled courier-mta and courier-msa systemd services, changed the ports they listed on and created a real system account for mail relay (authpam). I've also let TLS_VERIFYPEER=NONE in /etc/courier/courierd. Then I tested the smarthost from Thunderbird, by configuring it as outgoing server. It does not work. When TB tries to send a message, it connects to the non-default MSA port, it starts talking to the server (STARTTLS) for a few seconds, then it fails for "unknown reason". Server-side, in the logs, I get: Jul 19 04:48:17 mrelay courieresmtpd: started,ip=[:::80.180.158.103] Jul 19 04:48:18 mrelay courieresmtpd: courieresmtpd: STARTTLS failed: Certificate is bad I don't know what to try next. Check the server's certificate, esmtpd.pem. That's the only certificate in play here. The file is probably corrupted. pgp4Q8tPJRZML.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] courieresmtpd: STARTTLS failed: Certificate is bad
Hello, I've just installed a new Courier instance in a new Debian GNU/Linux 9 amd64 server from distro packages. This Courier should act as smart relay for another server and nothing else. So far I've enabled courier-mta and courier-msa systemd services, changed the ports they listed on and created a real system account for mail relay (authpam). I've also let TLS_VERIFYPEER=NONE in /etc/courier/courierd. Then I tested the smarthost from Thunderbird, by configuring it as outgoing server. It does not work. When TB tries to send a message, it connects to the non-default MSA port, it starts talking to the server (STARTTLS) for a few seconds, then it fails for "unknown reason". Server-side, in the logs, I get: Jul 19 04:48:17 mrelay courieresmtpd: started,ip=[:::80.180.158.103] Jul 19 04:48:18 mrelay courieresmtpd: courieresmtpd: STARTTLS failed: Certificate is bad I don't know what to try next. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Rerun .mailfilter?
Lucio Crusca writes: Hello, I've just edited my .mailfilter. Is it possible to run it once again for every already delivered message in my INBOX root maildir only, so that maildrop moves my messages in the respective new subfolders, according to the new .mailfilter rules? There's no automatic way to do it. But, what you can do is manually move all messages from INBOX to a temporary directory, and then have a short script run maildrop in a loop, for each message on its standard input. Something like: cd $HOME mkdir inbox.tmp mv Maildir/cur/* inbox.tmp for f in inbox.tmp/* do maildrop <$f done pgp0GL1B_qYFP.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Rerun .mailfilter?
Hello, I've just edited my .mailfilter. Is it possible to run it once again for every already delivered message in my INBOX root maildir only, so that maildrop moves my messages in the respective new subfolders, according to the new .mailfilter rules? -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] setuid/setgid problem, mail from website not sent
On Sun, 09 Jul 2017 12:14:59 + courier-users-requ...@lists.sourceforge.net wrote: > From: Markus Wanner <mar...@bluegap.ch> > To: courier-users@lists.sourceforge.net > Subject: Re: [courier-users] setuid/setgid problem, mail from website not > sent > Date: Sat, 8 Jul 2017 21:11:11 +0200 > > On 07/06/2017 12:13 PM, Matus UHLAR - fantomas wrote: > > On 06.07.17 12:43, Bernd Plagge wrote: > >> thank you VERY much! > >> This was the answer. > >> > >> Just for the record: > >> I had to downgrade my Debian system due to issues with the new Debian > >> packages. > >> Seems that the permissions on the sendmail wrapper were not set > >> correctly by the installation program. > > > > I believe debian developer either knows what permissions to set up, or > > should be informed if that causes troubles... > > I'd rather guess the OP had to downgrade due to the maildrop issue in > stretch, which I'm still trying to solve. > > Kind Regards > > Markus Wanner Hi Markus, well yes, the new Courier Debian version hit my users badly ... and in the end I decided to downgrade. Don't get me wrong! I really very much appreciate somebody taking on the challenge of maintaining a pretty big and important package! I've been using Debian for almost 20 years and appreciate the more conservative upgrading pace (i.e. in comparison to Ubuntu). However, the Stretch upgrade was pretty bumpy due to major changes in several important packages. (PHP 7, PHP7.0-fpm, slapd, tinydns, Samba and a perl syntax check) Please, if there are still issues with Maildrop (or something else) we need to fully understand the issue and have at least a manual workaround. If I restart a server after the upgrade and then discover issue this means most time a very long night - without any guarantee to solve the problem. Aber trotz allem, vielen Dank fuer Muehe und Einsatz! Bernd -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Blacklisted email addresses not cleared
Hi, On 07/05/2017 11:54 PM, Sam Varshavchik wrote: > Bernd Plagge writes: >> I recently found some cases were blacklisted email addresses (recorded >> in /var/lib/courier/track) were not cleared by the "courier clear >> user@domain" command. I run into a similar issue recently and figured other files in that directory were blocking the user, which `courier clear` didn't clear. You might want to check those files as well. > That's the expected result. An email address gets cleared by adding an A > record, so this looks ok. > > Reviewing the code in question I only see a potential problem with > "clear all" not working correctly, but clearing an individual address > should work. Unfortunately I'm not sure if I can reproduce this, but in my case, `courier clear mar...@bluegap.ch` didn't help. Kind Regards Markus Wanner signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] setuid/setgid problem, mail from website not sent
On 07/06/2017 12:13 PM, Matus UHLAR - fantomas wrote: > On 06.07.17 12:43, Bernd Plagge wrote: >> thank you VERY much! >> This was the answer. >> >> Just for the record: >> I had to downgrade my Debian system due to issues with the new Debian >> packages. >> Seems that the permissions on the sendmail wrapper were not set >> correctly by the installation program. > > I believe debian developer either knows what permissions to set up, or > should be informed if that causes troubles... I'd rather guess the OP had to downgrade due to the maildrop issue in stretch, which I'm still trying to solve. Kind Regards Markus Wanner signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] sendmail removes bcc header unconditionally
Just tested my sentfolder filter, and the new Bcc: support works nicely. Thanks for your help, Sam. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] sendmail removes bcc header unconditionally
On 07/06/2017 05:09 PM, Sam Varshavchik wrote: Yeah, github was a couple of commits behind. Just pushed everything out, and it's up to date now. Thanks, again. Is this an accurate update to the sendmail document? diff --git a/courier/courier/doc/sendmail.sgml b/courier/courier/doc/sendmail.sgml index 634b262..6f956c3 100644 --- a/courier/courier/doc/sendmail.sgml +++ b/courier/courier/doc/sendmail.sgml @@ -74,8 +74,8 @@ message and builds the recipient list from the To: Cc: and moreinfo="none">Bcc: headers. -sendmail always removes all moreinfo="none">Bcc: -headers before sending the message. +sendmail removes moreinfo="none">Bcc: +headers before sending the message if recipients are not specified on the command line. Some of the functionality described below is actually implemented by other @@ -194,7 +194,7 @@ information. Read Bcc: headers only. Normally, if no recipients are specified, sendmail obtains the list of recipients by reading the To:, Cc: and -Bcc: headers (moreinfo="none">Bcc: headers are always +Bcc: headers (moreinfo="none">Bcc: headers are then removed). The -bcc option ignores moreinfo="none">To: and Cc: -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] sendmail removes bcc header unconditionally
Gordon Messmer writes: On 07/06/2017 01:58 PM, Sam Varshavchik wrote: This is a reasonable position to make, so I'll change this. Thanks very much, Sam. If you push a patch into git (github looks a bit out of date?) I'll test it. Or, if you'd rather, I can modify sendmail and send a patch. Yeah, github was a couple of commits behind. Just pushed everything out, and it's up to date now. pgpJGQYoFfPpX.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] sendmail removes bcc header unconditionally
On 07/06/2017 01:58 PM, Sam Varshavchik wrote: This is a reasonable position to make, so I'll change this. Thanks very much, Sam. If you push a patch into git (github looks a bit out of date?) I'll test it. Or, if you'd rather, I can modify sendmail and send a patch. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] sendmail removes bcc header unconditionally
Gordon Messmer writes: On 07/06/2017 03:54 AM, Sam Varshavchik wrote: Would it work to simply use a custom header name instead of "Bcc:". Most email clients won't show it by default, but it's going to be there and can be looked at, in some way; and the email clients will also ignore it if the message is replied to. That's the other option I'm looking at, and I'm more likely to go that route than introduce another message delivery code path in the framework. Some record is better than no record, but I feel like that path would still be very slightly inferior to the solutions that Gmail and Courier IMAP provide. Is there a logical reason why sendmail should remove the Bcc: header when headers aren't used to indicate recipients? My recollection is hazy, but I thought that this was sendmail-sendmail's behavior, which was to simply strip off the Bcc: header from the mail. The current version of sendmail's man page suggests – with some ambiguity – that only the -t option does that; so I don't know whether this was changed some time, or it was always like that. I was curious as to the historical origin of this, and poking around the Intertubes all the references were to RFC 733 which only states that “the contents of this field are not included in copies of the message sent to the primary and secondary recipients. Some systems may choose to include the text of the "Bcc" field only in the author(s)'s copy, while others may also include it in the text sent to all those indicated in the "Bcc" list.” without going into much detail of how the recipient list is established; but the "may" part's only logical intepretation is that the whole thing is always optional. Still, from a certain point of view, sendmail-sendmail's behavior is quite reasonable, too. You can say that by explicitly specifying the recipient list this places the onus on the sender to identify the so-called "primary and secondary" recipients; with the presumption that the sender is responsible for formatting the message, and the sender is wholly responsible for including or omitting the contents of the Bcc. This is a reasonable position to make, so I'll change this. pgpU3zvzSFowB.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] sendmail removes bcc header unconditionally
On 07/06/2017 03:54 AM, Sam Varshavchik wrote: Would it work to simply use a custom header name instead of "Bcc:". Most email clients won't show it by default, but it's going to be there and can be looked at, in some way; and the email clients will also ignore it if the message is replied to. That's the other option I'm looking at, and I'm more likely to go that route than introduce another message delivery code path in the framework. Some record is better than no record, but I feel like that path would still be very slightly inferior to the solutions that Gmail and Courier IMAP provide. Is there a logical reason why sendmail should remove the Bcc: header when headers aren't used to indicate recipients? -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] setuid/setgid problem, mail from website not sent
On 07/06/2017 12:13 PM, Matus UHLAR - fantomas wrote: > On 06.07.17 12:43, Bernd Plagge wrote: >> thank you VERY much! >> This was the answer. >> >> Just for the record: >> I had to downgrade my Debian system due to issues with the new Debian >> packages. >> Seems that the permissions on the sendmail wrapper were not set correctly by >> the installation program. > > I believe debian developer either knows what permissions to set up, or > should be informed if that causes troubles... Yes, please file a bug and I'll take a look at it. Thanks Racke > >> On Thu, 06 Jul 2017 03:03:37 + >> courier-users-requ...@lists.sourceforge.net wrote: >> >>> From: Sam Varshavchik <mr...@courier-mta.com> >>> To: courier-users@lists.sourceforge.net >>> Subject: Re: [courier-users] setuid/setgid problem, mail from website not >>>sent >>> Date: Wed, 05 Jul 2017 17:55:26 -0400 >>> >>> Bernd Plagge writes: >>> >>> > Hi >>> > >>> > I'm trying to send mail from website mail, or webmail. >>> > However, sending doesn't work, >>> > >>> > Log entries: >>> > >>> > Jul 06 00:25:45 linde lighttpd[1182]: setuid/setgid: Operation not >>> > permitted >>> > Jul 06 00:25:45 linde lighttpd[1182]: /cgi-bin/FormMail.pl: close sendmail >>> > pipe failed, mailprog=[/usr/lib/sendmail -oi -t] at (eval 9) line 108. >>> > >>> > The courier sendmail program: >>> > s -l /usr/sbin/sendmail >>> > -rwxr-sr-x 1 root courier 59120 Jan 26 2015 /usr/sbin/sendmail >>> > >>> > >>> > What can I do to solve this problem? >>> >>> Permissions on the sendmail wrapper should be setuid root, not setgid. > -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] sendmail removes bcc header unconditionally
Gordon Messmer writes: I'm working on improving my "sentfolder" mail filter. This filter works like GMail's SMTP system, copying messages that a user sends into their sent folder, so that messages only need to traverse the network once. Courier IMAP has a better option, but no client support to speak of. I've updated the sendfolder filter to examine the recipients in the control files and the message file headers, and add a Bcc: header for any addresses that don't appear in the message headers. It then uses sendmail to send a copy to the user, along with a header that marks it for delivery to their sent folder. The problem here is that sendmail unconditionally removes the bcc: header. I think it might be better if sendmail removed the bcc header only if it uses headers for the destination addresses, and left the bcc header if it uses destinations given as command line arguments. Would that be an acceptable change? I could work around the problem by using SMTP rather than sendmail, but I prefer to use sendmail to avoid passing through the courier filters (at least, in the default configuration). Would it work to simply use a custom header name instead of "Bcc:". Most email clients won't show it by default, but it's going to be there and can be looked at, in some way; and the email clients will also ignore it if the message is replied to. pgpRHc4p8PIVR.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] setuid/setgid problem, mail from website not sent
On 06.07.17 12:43, Bernd Plagge wrote: thank you VERY much! This was the answer. Just for the record: I had to downgrade my Debian system due to issues with the new Debian packages. Seems that the permissions on the sendmail wrapper were not set correctly by the installation program. I believe debian developer either knows what permissions to set up, or should be informed if that causes troubles... On Thu, 06 Jul 2017 03:03:37 + courier-users-requ...@lists.sourceforge.net wrote: From: Sam Varshavchik <mr...@courier-mta.com> To: courier-users@lists.sourceforge.net Subject: Re: [courier-users] setuid/setgid problem, mail from website not sent Date: Wed, 05 Jul 2017 17:55:26 -0400 Bernd Plagge writes: > Hi > > I'm trying to send mail from website mail, or webmail. > However, sending doesn't work, > > Log entries: > > Jul 06 00:25:45 linde lighttpd[1182]: setuid/setgid: Operation not permitted > Jul 06 00:25:45 linde lighttpd[1182]: /cgi-bin/FormMail.pl: close sendmail > pipe failed, mailprog=[/usr/lib/sendmail -oi -t] at (eval 9) line 108. > > The courier sendmail program: > s -l /usr/sbin/sendmail > -rwxr-sr-x 1 root courier 59120 Jan 26 2015 /usr/sbin/sendmail > > > What can I do to solve this problem? Permissions on the sendmail wrapper should be setuid root, not setgid. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows 2000: 640 MB ought to be enough for anybody -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] setuid/setgid problem, mail from website not sent
Hi Sam, thank you VERY much! This was the answer. Just for the record: I had to downgrade my Debian system due to issues with the new Debian packages. Seems that the permissions on the sendmail wrapper were not set correctly by the installation program. Again, thank you very much! On Thu, 06 Jul 2017 03:03:37 + courier-users-requ...@lists.sourceforge.net wrote: > From: Sam Varshavchik <mr...@courier-mta.com> > To: courier-users@lists.sourceforge.net > Subject: Re: [courier-users] setuid/setgid problem, mail from website not > sent > Date: Wed, 05 Jul 2017 17:55:26 -0400 > > Bernd Plagge writes: > > > Hi > > > > I'm trying to send mail from website mail, or webmail. > > However, sending doesn't work, > > > > Log entries: > > > > Jul 06 00:25:45 linde lighttpd[1182]: setuid/setgid: Operation not permitted > > Jul 06 00:25:45 linde lighttpd[1182]: /cgi-bin/FormMail.pl: close sendmail > > pipe failed, mailprog=[/usr/lib/sendmail -oi -t] at (eval 9) line 108. > > > > The courier sendmail program: > > s -l /usr/sbin/sendmail > > -rwxr-sr-x 1 root courier 59120 Jan 26 2015 /usr/sbin/sendmail > > > > > > What can I do to solve this problem? > > Permissions on the sendmail wrapper should be setuid root, not setgid. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] sendmail removes bcc header unconditionally
I'm working on improving my "sentfolder" mail filter. This filter works like GMail's SMTP system, copying messages that a user sends into their sent folder, so that messages only need to traverse the network once. Courier IMAP has a better option, but no client support to speak of. I've updated the sendfolder filter to examine the recipients in the control files and the message file headers, and add a Bcc: header for any addresses that don't appear in the message headers. It then uses sendmail to send a copy to the user, along with a header that marks it for delivery to their sent folder. The problem here is that sendmail unconditionally removes the bcc: header. I think it might be better if sendmail removed the bcc header only if it uses headers for the destination addresses, and left the bcc header if it uses destinations given as command line arguments. Would that be an acceptable change? I could work around the problem by using SMTP rather than sendmail, but I prefer to use sendmail to avoid passing through the courier filters (at least, in the default configuration). -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Blacklisted email addresses not cleared
Bernd Plagge writes: Hi all I recently found some cases were blacklisted email addresses (recorded in /var/lib/courier/track) were not cleared by the "courier clear user@domain" command. I ran strace and here is the result: fstat64(3, {st_mode=S_IFREG|0644, st_size=173, ...}) = 0 write(3, "1499264814 aem...@domain.com"..., 33) = 33 close(3)= 0 fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0 write(1, "m...@domain.com cleared.\n", 30) = 30 exit_group(0) = ? That's the expected result. An email address gets cleared by adding an A record, so this looks ok. Reviewing the code in question I only see a potential problem with "clear all" not working correctly, but clearing an individual address should work. pgp1WFJM2MF8d.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] setuid/setgid problem, mail from website not sent
Bernd Plagge writes: Hi I'm trying to send mail from website mail, or webmail. However, sending doesn't work, Log entries: Jul 06 00:25:45 linde lighttpd[1182]: setuid/setgid: Operation not permitted Jul 06 00:25:45 linde lighttpd[1182]: /cgi-bin/FormMail.pl: close sendmail pipe failed, mailprog=[/usr/lib/sendmail -oi -t] at (eval 9) line 108. The courier sendmail program: s -l /usr/sbin/sendmail -rwxr-sr-x 1 root courier 59120 Jan 26 2015 /usr/sbin/sendmail What can I do to solve this problem? Permissions on the sendmail wrapper should be setuid root, not setgid. pgprgnATZ9HsP.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] setuid/setgid problem, mail from website not sent
On 07/05/2017 11:33 AM, Bernd Plagge wrote: What can I do to solve this problem? First, "setenforce permissive" and send a message, or examine /var/log/audit/audit.log to see if this is an SELinux denial. Next, in permissive mode, use "tail -f /var/log/audit/audit.log | grep AVC" to watch the log while you send another message. Take all of the output and pass it as input to "audit2allow -M lighttpd_sendmail". That will create a new SELinux policy module that you can load to allow lighttpd to send email. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] setuid/setgid problem, mail from website not sent
Hi I'm trying to send mail from website mail, or webmail. However, sending doesn't work, Log entries: Jul 06 00:25:45 linde lighttpd[1182]: setuid/setgid: Operation not permitted Jul 06 00:25:45 linde lighttpd[1182]: /cgi-bin/FormMail.pl: close sendmail pipe failed, mailprog=[/usr/lib/sendmail -oi -t] at (eval 9) line 108. The courier sendmail program: s -l /usr/sbin/sendmail -rwxr-sr-x 1 root courier 59120 Jan 26 2015 /usr/sbin/sendmail What can I do to solve this problem? Best regards, Bernd -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Blacklisted email addresses not cleared
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi all I recently found some cases were blacklisted email addresses (recorded in /var/lib/courier/track) were not cleared by the "courier clear user@domain" command. Permissions for the directory are: linde:/var/lib/courier# ls -l total 544 drwxr-x--- 2 daemon daemon 4096 Jul 5 00:05 allfilters drwxr-x--- 2 daemon daemon 4096 Nov 29 2010 calendar - -rw--- 1 root root 524288 Jul 5 23:04 couriersslcache drwxr-x--- 2 daemon daemon 4096 May 21 2016 filters drwxr-xr-x 4 daemon daemon 4096 Jul 5 23:21 msgq drwxr-x--- 7 daemon daemon 4096 Jul 5 23:25 msgs drwxrwx--- 5 daemon daemon 4096 Jul 5 22:08 tmp drwxr-xr-x 2 daemon daemon 4096 Jul 5 23:29 track I ran strace and here is the result: mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7421000 set_thread_area({entry_number:-1, base_addr:0xb7421700, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 (entry_number:6) mprotect(0xb75d5000, 8192, PROT_READ) = 0 mprotect(0xb75f7000, 4096, PROT_READ) = 0 mprotect(0xb764c000, 4096, PROT_READ) = 0 mprotect(0xb77be000, 24576, PROT_READ) = 0 mprotect(0x8051000, 4096, PROT_READ)= 0 mprotect(0xb77fe000, 4096, PROT_READ) = 0 munmap(0xb77c8000, 48644) = 0 brk(NULL) = 0x9816000 brk(0x983b000) = 0x983b000 chdir("/usr") = 0 setgid32(1) = 0 getuid32() = 0 setgroups32(1, [1]) = 0 setuid32(1) = 0 open("/var/lib/courier/track/416462", O_WRONLY|O_CREAT|O_APPEND|O_LARGEFILE, 0666) = 3 _llseek(3, 0, [173], SEEK_END) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=173, ...}) = 0 write(3, "1499264814 aem...@domain.com"..., 33) = 33 close(3)= 0 fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0 write(1, "m...@domain.com cleared.\n", 30) = 30 exit_group(0) = ? I'm running Courier 0.73 (Debian upgrade failed). Sorry, I'm not very good at reading traces. Any ideas what the reason might be? Thanks for any help! Bernd -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEV/J6xcvB3zWv0k2ZmovHNYOpMokFAllc+M8ACgkQmovHNYOp MonVvw/+JqXjPutUSCc06vo6fNfcheO7Ut+DG6Fu1gt1eMPxHh9sJQn1/t3V0cBT UiB9NrTZQ35TWZ1RILBzFt8sLxjyRXL0UvhGkf5T0hDqbAs0U9OA85NT8MjHv8Hw zDxtChL6BMqjQ+fWFsemZXNSZv/yg+7ciPQv2fldIXU4coWL3r9Ewir1DpWwg2Ip GgPDiHpRSRS5em8uQmDHsqZI5xH4mgQBaZ9IRh3W3JS1rKYnTF+LTS2O7x+RnQdg hDWk5n0i1G4fsxKcm/IkARH5hxAvD49zuFvZUC7GMNULRNpwKQEtwE9Fp3jWt0qi n/ygz9PXfuuTURf6MYBEZF8eNjuv3MmiQxTiGqjCoG/bh67e2xHBWDH9Q6bOKWIo SaM2fURFMqP1W3SQ7gqPnjCSK3RWpgmePve7eh+QVKAGyCmOCwfTbVGKJbGuzenZ 9B756yfhA7r33vdZHsm0PnVFR7df05Saw2ukuqJW2VRPE6OteABRNAVq/bXBLxF0 B/H+sqRsmY7/HH+LH4CSNLzl86WwABqUe4TQ+Btlr19VwvdZlcLMYJzXe3wKsaei wSKMK7HVQLE8/sHrrrq3z1wr/nyxRdaEPfYF9o66R5OJLZ0tpQk1lh6YFboPgV4x SGMx44lGaaG6WUmr337sIZIee/dH39dxIDLJvdID5xNi6qIrDTg= =+ESq -END PGP SIGNATURE- -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Authenticate Clients via TLS client cert
Hello. [sorry for sending this via private mail before. my fault.] Am 02.07.2017 um 23:06 schrieb Sam Varshavchik: > http://www.courier-mta.org/install.html#sslcert > Also described further in the esmtpd-ssl configuration file, under > TLS_EXTERNAL. > For this to work, the certificate subject needs to specify whatever > would be used for the login ID when authenticating manually. Wow, perfect. I missed that completely. Tank you for the pointer! regards, Bernd signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Authenticate Clients via TLS client cert
Bernd Wurst writes: Hello, I'm struggling with the question if it is possible to authenticate clients (optionally) with a client certificate. I found some docs about dovecot implementing this [1] and was wondering if courier (SMTP) could also be used with this? I could not find something about it in the docs. The desired use would be that we operate a local CA and issue certificates that contain a user name (e-mail-address) as common name and courier authenticates this certificate as the given user, so that logging and processing will continue have the sender's data. [1]: "Client certificate verification/authentication", half way down at https://wiki.dovecot.org/SSL/DovecotConfiguration http://www.courier-mta.org/install.html#sslcert Also described further in the esmtpd-ssl configuration file, under TLS_EXTERNAL. For this to work, the certificate subject needs to specify whatever would be used for the login ID when authenticating manually. pgpi8XcrDFBKM.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Authenticate Clients via TLS client cert
Hello, I'm struggling with the question if it is possible to authenticate clients (optionally) with a client certificate. I found some docs about dovecot implementing this [1] and was wondering if courier (SMTP) could also be used with this? I could not find something about it in the docs. The desired use would be that we operate a local CA and issue certificates that contain a user name (e-mail-address) as common name and courier authenticates this certificate as the given user, so that logging and processing will continue have the sender's data. [1]: "Client certificate verification/authentication", half way down at https://wiki.dovecot.org/SSL/DovecotConfiguration regards, Bernd signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] New releases of Courier packages.
Download: http://www.courier-mta.org/download.html New releases of courier, courier-unicode, courier-authlib, courier-imap, sqwebmail, maildrop, and cone packages. Changes: - The courier-unicode library updated to use C++11 unicode features. - Some SMTP connection failures were not reported correctly. - maildir quota calculation will ignore symbolic links to folders. - Fix TLS peer hostname verification issue caused by CNAME records. - Do not use ANY queries for DNSBL lookups. - Fix compilation errors with OpenSSL 1.1.0. - Include several Debian patches. pgpn8714cb_qg.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] szmlink counts as quota
SZÉPE Viktor writes: Idézem/Quoting Gordon Messmer <gordon.mess...@gmail.com>: On 05/18/2017 06:31 PM, SZÉPE Viktor wrote: Could it be that that Courier counts Sent folder size three time while calculating quota? Can you test this patch? Thank you!! Sam, could we incorporate this patch? This was merged, with a slight technical change. pgpck9H8x9x5n.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] szmlink counts as quota
Idézem/Quoting Gordon Messmer <gordon.mess...@gmail.com>: On 05/18/2017 06:31 PM, SZÉPE Viktor wrote: Could it be that that Courier counts Sent folder size three time while calculating quota? Can you test this patch? Thank you!! Sam, could we incorporate this patch? SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] szmlink counts as quota
On 05/18/2017 06:31 PM, SZÉPE Viktor wrote: Could it be that that Courier counts Sent folder size three time while calculating quota? Can you test this patch? diff --git a/maildir/maildirquota.c b/maildir/maildirquota.c index 3f3e0bd..3ff78f1 100644 --- a/maildir/maildirquota.c +++ b/maildir/maildirquota.c @@ -454,6 +454,9 @@ static int docheckquota(struct maildirsize *info, dirp=opendir(info->maildir); while (dirp && (de=readdir(dirp)) != 0) { +#ifdef _DIRENT_HAVE_D_TYPE + if (de->d_type == DT_LNK) continue; +#endif if (countsubdir(info->maildir, de->d_name, , _size, _cnt)) @@ -520,6 +523,9 @@ static int docheckquota(struct maildirsize *info, dirp=opendir(info->maildir); while (dirp && (de=readdir(dirp)) != 0) { +#ifdef _DIRENT_HAVE_D_TYPE + if (de->d_type == DT_LNK) continue; +#endif if (statsubdir(info->maildir, de->d_name, )) { errno=EIO; -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] missing MX record
On 10.06.17 14:53, SZÉPE Viktor wrote: RFC 5321 states in https://tools.ietf.org/html/rfc5321#section-5 The lookup first attempts to locate an MX record associated with the name. ... If an empty list of MXs is returned, the address is treated as if it was associated with an implicit MX RR, with a preference of 0, pointing to that host. Were you a ware of that? I think it is very unusual and dangerous. Do modern MTA-s - including Courier - implement that? Idézem/Quoting Matus UHLAR - fantomas <uh...@fantomas.sk>: This behaviour was described in rfc 821 and 2821. AFAIK all MTAs implement this behaviour since MX records were implemented. What and why exactly sounds unusual and dangerous to you? On 10.06.17 16:42, SZÉPE Viktor wrote: I think it gives us no means to stop emails for a domain. I thought removing the MX record and not listening on port 25 is enough. This way anyone my send an email to a mailserver-less sub/domain. This mechanism was created when MX records were introduced, to support host/domains without them. This is how things should be done - creating new standard and define how backwards compatibility should be implemented. Read rfc 7505 that tries to implement mechanism to archieve that as a new measurement, and don't blame us for implementign something that has existed even before MX and was never dropped since. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Nothing is fool-proof to a talented fool. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] missing MX record
Idézem/Quoting Matus UHLAR - fantomas <uh...@fantomas.sk>: On 10.06.17 14:53, SZÉPE Viktor wrote: RFC 5321 states in https://tools.ietf.org/html/rfc5321#section-5 The lookup first attempts to locate an MX record associated with the name. ... If an empty list of MXs is returned, the address is treated as if it was associated with an implicit MX RR, with a preference of 0, pointing to that host. Were you a ware of that? I think it is very unusual and dangerous. Do modern MTA-s - including Courier - implement that? This behaviour was described in rfc 821 and 2821. AFAIK all MTAs implement this behaviour since MX records were implemented. What and why exactly sounds unusual and dangerous to you? I think it gives us no means to stop emails for a domain. I thought removing the MX record and not listening on port 25 is enough. This way anyone my send an email to a mailserver-less sub/domain. SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] missing MX record
On 10.06.17 14:53, SZÉPE Viktor wrote: RFC 5321 states in https://tools.ietf.org/html/rfc5321#section-5 The lookup first attempts to locate an MX record associated with the name. ... If an empty list of MXs is returned, the address is treated as if it was associated with an implicit MX RR, with a preference of 0, pointing to that host. Were you a ware of that? I think it is very unusual and dangerous. Do modern MTA-s - including Courier - implement that? This behaviour was described in rfc 821 and 2821. AFAIK all MTAs implement this behaviour since MX records were implemented. What and why exactly sounds unusual and dangerous to you? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Despite the cost of living, have you noticed how popular it remains? -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] missing MX record
Hello Sam! RFC 5321 states in https://tools.ietf.org/html/rfc5321#section-5 The lookup first attempts to locate an MX record associated with the name. ... If an empty list of MXs is returned, the address is treated as if it was associated with an implicit MX RR, with a preference of 0, pointing to that host. Were you a ware of that? I think it is very unusual and dangerous. Do modern MTA-s - including Courier - implement that? SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Loading / reloading Pythonfilter
On Wed 07/Jun/2017 21:39:34 +0200 Gordon Messmer wrote: > On 06/07/2017 04:32 AM, Alessandro Vesely wrote: >> Last time I issued courierfilter stop, and then start. >> However, that way I have to reload also clamav databases, which takes a long >> time. Is there any better way to upgrade the running Python process? > > That should only be the case if you were running pyclamav, which is no longer > available or supported. The supported means of using clamav is to run an > instance of clamd as the courier user, and use pyclamd to scan messages. In > that configuration, you should be able to "filterctl stop pythonfilter/start > pythonfilter" without significant delays. Hm... I wouldn't recommend that. During the 17 seconds it took to reload "C" filter databases, I only had one "432 Mail filters temporarily unavailable". Of course, stopping and restarting pythonfilter alone would have taken much less. Short as that time might have been, messages with bad attachments would have slipped through unfiltered in the meanwhile. Ale -- signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Loading / reloading Pythonfilter
On 06/07/2017 04:32 AM, Alessandro Vesely wrote: Last time I issued courierfilter stop, and then start. However, that way I have to reload also clamav databases, which takes a long time. Is there any better way to upgrade the running Python process? That should only be the case if you were running pyclamav, which is no longer available or supported. The supported means of using clamav is to run an instance of clamd as the courier user, and use pyclamd to scan messages. In that configuration, you should be able to "filterctl stop pythonfilter/start pythonfilter" without significant delays. BTW, in order to tell distributed filter from home-brewed ones, I install sym links in the dist-package/pythonfilter directory, which point to the source file. I note that Python does not produce any .pyc in that case. That's true, but that only means that python will take slightly longer to parse those files when they're imported. Since that only happens on startup, it's hard to make the case that producing pyc files will significantly impact performance at all. Since the pyc is what should get loaded when loading a module, an idea could be to reload modules if they have been recompiled since the last time they were loaded. Let me attach the idea. Beware: I did'n run it, not even once, and didn't fully understand the caveats about using reload(), see e.g.: https://stackoverflow.com/questions/437589/how-do-i-unload-reload-a-python-module#answer-438845 pythonfilter uses threads in order to allow modules to keep statistics in memory. As far as I can tell, reloading isn't going to be safe. One more question, about virtualenv. Has anyone had experience loading Pythonfilter that way under Courier? Another possibility is to install Pythonfilter globally, but keep additional packages in a virtualenv, just to ease tracking requirements. I haven't, personally. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Loading / reloading Pythonfilter
I changed the code of a filter which is already configured and running. Now I have to install it. Last time I issued courierfilter stop, and then start. However, that way I have to reload also clamav databases, which takes a long time. Is there any better way to upgrade the running Python process? BTW, in order to tell distributed filter from home-brewed ones, I install sym links in the dist-package/pythonfilter directory, which point to the source file. I note that Python does not produce any .pyc in that case. However, the following command compiles in the current directory irrespectively of whatever: python -m compileall -l attachments.py Since the pyc is what should get loaded when loading a module, an idea could be to reload modules if they have been recompiled since the last time they were loaded. Let me attach the idea. Beware: I did'n run it, not even once, and didn't fully understand the caveats about using reload(), see e.g.: https://stackoverflow.com/questions/437589/how-do-i-unload-reload-a-python-module#answer-438845 One more question, about virtualenv. Has anyone had experience loading Pythonfilter that way under Courier? Another possibility is to install Pythonfilter globally, but keep additional packages in a virtualenv, just to ease tracking requirements. TIA Ale --- ../courier-pythonfilter/courier-pythonfilter-1.11/build/scripts-2.7/pythonfilter 2016-10-31 17:21:05.543243721 +0100 +++ ../pythonfilter-modified-but-not-tested.py 2017-06-07 13:09:59.818621251 +0200 @@ -111,6 +111,11 @@ (importError[0], importError[1])) sys.stderr.write(''.join(traceback.format_tb(importError[2]))) sys.exit() +try: +moduleDate = os.stat(module.__file__).st_mtime +except OSError: +moduleDate = None + if hasattr(module, 'initFilter'): try: module.initFilter() @@ -126,7 +131,7 @@ try: # Store the name of the filter module and a reference to its # dofilter function in the "filters" array. -filters.append((moduleName, module.doFilter, bypass)) +filters.append((moduleName, module.doFilter, bypass, module, moduleDate)) except AttributeError: # Log bad modules importError = sys.exc_info() @@ -203,13 +208,23 @@ # Prepare a set of filters that will not be run if a module returns # a 2XX code, and specifies a list of filters to bypass. bypass = set() -for i_filter in filters: +for i_i, i_filter in enumerate(filters): # name = i_filter[0] # function = i_filter[1] # bypass = i_filter[2] if i_filter[0] in bypass: continue try: +if i_filter[4] is not None: +moduleDate = os.stat(i_filter[3].__file__).st_mtime +if moduleDate > i_filter[4]: +reload(i_filter[3]) +i_filter[4] = moduleDate +filters[i_i] = (i_filter[0], i_filter[1], i_filter[2], i_filter[3], i_filter[4]) +sys.stderr.write('Reloaded %s\n' % i_filter[0]) +except: +sys.stderr.write('Not reloaded %s\n' % i_filter[0]) +try: replyCode = i_filter[1](bodyFile, controlFileList) except: filterError = sys.exc_info() signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
On 05/18/2017 12:35 PM, Sam Varshavchik wrote: > Fairly unambiguous. This part of the version string is only present in > the courier-specific maildrop build. Cool, thanks. Markus signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
Hi, On 05/19/2017 02:53 AM, Ángel wrote: > On 2017-05-18 at 19:03 +0200, Alessandro Vesely wrote: >> Although the real issue is maildrop, let me note the following about >> courier-base: >> >> * couriertcpd could be just suggested or recommended, not required, as Sam mentioned, the current startup scripts do required couriertcpd (even the adjusted ones in Debian). >> * testmxlookup could be moved to courier-mta, Hm.. sounds like a courier-utils package might be useful. >> * I don't see how maildir utilities can be useful on a standalone SMTP >> server. Well, it could still be an MTA delivering mail to maildirs. Doesn't seem far fetched to me. But if we add a courier-utils or such, that would probably be the right place. > While we are on the topic of debian package wishlists... > (not sure if this is the best venue, but otoh I feel it's good to > discuss it first rather than simply filing a bug) Thanks for your consideration. Yes, I appreciate that. OTOH I tend to forget discussions, if they don't result in a bug, so please file wishlist bugs as a result of the discussion. (And it's sometimes helpful if it's users filing the issues, rather than the maintainer himself.) > ...I would like having couriertls at its own package: Sounds like a good idea to me, yes. > 1) It is a standalone tool, useful on its own. > It can be used as a cli tool (as a "tls telnet"), as well as by other > programs (I have used it that way to support TLS) > > 2) It used to be at a different package, so it would be consistent with > previous practice > (kind of, it had an -apparently unneeded- depends on courier-base) I wasn't aware of that. In this case, I should better check why the separate package was dropped. > 3) That would allow having a virtual package with two versions, so that > the sysadmin could choose whether to have it linked against openssl or > gnutls (they used to have slightly different features, so in the past I > ended up recompiling the courier-ssl package to switch libraries) Hm.. IIRC I had to compile courier against GnuTLS to work. I don't currently find the exact issue, though. > This is specially interesting from a security point of view imho, since > should a problem develop on either of these libraries, you could easily > switch to the other library while keeping the upper level server > unchanged (assuming the config used compatible ciphers, etc.). Well, that however means we'd always have to support both. But yes, I can see merit in having a separate package. > I apologize for the annoyance, tell me if there's anything I can do to > help with it. No need to apologize. Scanning through the Debian bug list would help. There are lots of very old issues and I think many of them do not apply any more. https://bugs.debian.org/cgi-bin/pkgreport.cgi?archive=0;src=courier Even just prioritizing the list would be helpful. I'm focusing on the stretch release, ATM. Kind Regards Markus Wanner -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] szmlink counts as quota
Hello! I am trying to prevent multiple Trash, Junk, Sent folders created by various mail clients. For example these are the symlinks for Sent: .Sent .Sent Items -> .Sent .Sent Messages -> .Sent Could it be that that Courier counts Sent folder size three time while calculating quota? BTW this account is over 1GB quota while the Maildir folder's size is 481 MB. SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
On 2017-05-18 at 19:03 +0200, Alessandro Vesely wrote: > Although the real issue is maildrop, let me note the following about > courier-base: > > * couriertcpd could be just suggested or recommended, not required, > > * testmxlookup could be moved to courier-mta, > > * I don't see how maildir utilities can be useful on a standalone SMTP server. > Perhaps they could be moved to courier-imap, courier-pop, or both. > > Ale While we are on the topic of debian package wishlists... (not sure if this is the best venue, but otoh I feel it's good to discuss it first rather than simply filing a bug) ...I would like having couriertls at its own package: 1) It is a standalone tool, useful on its own. It can be used as a cli tool (as a "tls telnet"), as well as by other programs (I have used it that way to support TLS) 2) It used to be at a different package, so it would be consistent with previous practice (kind of, it had an -apparently unneeded- depends on courier-base) 3) That would allow having a virtual package with two versions, so that the sysadmin could choose whether to have it linked against openssl or gnutls (they used to have slightly different features, so in the past I ended up recompiling the courier-ssl package to switchj libraries) This is specially interesting from a security point of view imho, since should a problem develop on either of these libraries, you could easily switch to the other library while keeping the upper level server unchanged (assuming the config used compatible ciphers, etc.). I apologize for the annoyance, tell me if there's anything I can do to help with it. Best regards -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
Alessandro Vesely writes: Although the real issue is maildrop, let me note the following about courier- base: * couriertcpd could be just suggested or recommended, not required, It most certainly is required. The default startup script require it. I suppose you could customize the package to use inetd. Or systemd. To listen on the port and start the server. This would mostly work for imap and pop3. But this is going to lose quite a bit of functionality with smtp, which depends on couriertcpd for setting environment variables based on the connecting IP address. pgpwicQitusdk.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
Idézem/Quoting Alessandro Vesely <ves...@tana.it>: > On Thu 18/May/2017 00:19:07 +0200 Markus Wanner wrote: >> On 17.05.2017 09:48, Alessandro Vesely wrote: >> >>> My suggestion is to avoid disassembling the Courier tarball. That is, have >>> maildrop included by default in courier-mta, and possibly merge it with >>> courier-base as well (why were they split, BTW?) >> >> Flexibility. And separation of concerns. >> >> I like being able to install courier-imap, but not courier-pop, for >> example. Or running just the courier-mta without either of the other >> two. That's quite common for Debian, I'd say. > > Although the real issue is maildrop, let me note the following about > courier-base: > > * couriertcpd could be just suggested or recommended, not required, > > * testmxlookup could be moved to courier-mta, > > * I don't see how maildir utilities can be useful on a standalone > SMTP server. > Perhaps they could be moved to courier-imap, courier-pop, or both. > > Ale > -- Debian policy states that a software should not be in more than one package. It may seem strange that some parts are abstracted out of a common code base. In Debian it is usual to have one software component in one package. For example when you update it you don't have to download and install the whole software. Looking at things from inside Debian these may come handy: you never have to deal with building a software from source, maintainers do that for you. All the best to you! SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
On Thu 18/May/2017 00:19:07 +0200 Markus Wanner wrote: > On 17.05.2017 09:48, Alessandro Vesely wrote: > >> My suggestion is to avoid disassembling the Courier tarball. That is, have >> maildrop included by default in courier-mta, and possibly merge it with >> courier-base as well (why were they split, BTW?) > > Flexibility. And separation of concerns. > > I like being able to install courier-imap, but not courier-pop, for > example. Or running just the courier-mta without either of the other > two. That's quite common for Debian, I'd say. Although the real issue is maildrop, let me note the following about courier-base: * couriertcpd could be just suggested or recommended, not required, * testmxlookup could be moved to courier-mta, * I don't see how maildir utilities can be useful on a standalone SMTP server. Perhaps they could be moved to courier-imap, courier-pop, or both. Ale -- signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
Markus Wanner writes: > The > differences are in the configuration. The biggest difference is > maildrop, because it ties in directly into mail delivery, and it has > Courier-specific features, and Courier has maildrop-specific features as > well. Understood. (If you're provided a maildrop binary, how do you tell which variant it is?) $ maildrop -v maildrop 2.8.5 Copyright 1998-2015 Double Precision, Inc. Courier-specific maildrop build. This version of maildrop should only be used with Courier, and not any other mail server. Fairly unambiguous. This part of the version string is only present in the courier-specific maildrop build. pgpB6mBu8cYkE.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
Sam, On 05/18/2017 12:29 AM, Sam Varshavchik wrote: > When I refer to source releases, I always refer to > http://www.courier-mta.org/download.html Thanks for clarifying, that's usually referred to as upstream in Debian, whereas "the package" is the result of packaging for Debian. Please excuse the confusion this may have caused, I'll be more specific in the future. > I am not familiar with the details of Debian's packaging. I can only > explain how I package the source. Fair enough, you don't need to be. I not familiar with upstream sources, either. And despite you thinking it's simple, it had quite some surprises for me. I'm glad we uncovered those and I hope to find ways that work well for both of us. > There are no functional differences, except for maildrop. I'm glad to hear. > The > differences are in the configuration. The biggest difference is > maildrop, because it ties in directly into mail delivery, and it has > Courier-specific features, and Courier has maildrop-specific features as > well. Understood. (If you're provided a maildrop binary, how do you tell which variant it is?) > It should be possible to build courier, and selectively carve out the > built imap and sqwebmail components to be individually installed without > courier. I think that's how it's done for Debian, up until now. > But that's going to require writing custom startup scripts. There's only > one startup script for courier, that starts everything. It's fairly easy > to carve out imap and webmail as an optional subpackage. Courier's > startup script will try starting them only if it finds them installed. > But left to their own merits, the subpackages won't do anything without > writing and adding some startup scripts into the subpackages. Then they > can be installed independently and use without Courier. But then, you'll > also have to fix courier's startup script not to try starting them > itself, since the subpackage will take care of with its own startup script. Yes, I think all of those startup scripts are in place, including systemd units. This allows Debian users to control (and install) the services individually, which I think is an important feature. Sounds like the only remaining issue is maildrop. I'll investigate further on possible solutions. Thank you for explaining and for your understanding of the Debian specific requirements. I'm well aware those may seem weird sometimes and are often hard to meet. Kind Regards Markus Wanner signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
Markus Wanner writes: Hi, On 17.05.2017 02:44, Sam Varshavchik wrote: > Only one maildrop package is needed. And one courier package, that's it. Unfortunately, there is not separate courier-mta source release. Only When I refer to source releases, I always refer to http://www.courier- mta.org/download.html > Did you know that there's also a separate courier-imap package? There is a courier-imap package for Debian, built from the courier sources. Are you saying this one is incompatible to the separate courier-imap source release? I am not familiar with the details of Debian's packaging. I can only explain how I package the source. And to live up to the simplicity you're advocating, I'd recommend eliminating any difference between individual components and the bundle. I'm not the first one to be caught by surprise, and I certainly won't be the last one. There are no functional differences, except for maildrop. The differences are in the configuration. The biggest difference is maildrop, because it ties in directly into mail delivery, and it has Courier-specific features, and Courier has maildrop-specific features as well. It should be possible to build courier, and selectively carve out the built imap and sqwebmail components to be individually installed without courier. But that's going to require writing custom startup scripts. There's only one startup script for courier, that starts everything. It's fairly easy to carve out imap and webmail as an optional subpackage. Courier's startup script will try starting them only if it finds them installed. But left to their own merits, the subpackages won't do anything without writing and adding some startup scripts into the subpackages. Then they can be installed independently and use without Courier. But then, you'll also have to fix courier's startup script not to try starting them itself, since the subpackage will take care of with its own startup script. Again, all of the above describes what's in the upstream source. I am not familiar with Debian's packaging. pgpNgJQRfNLDy.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
Hi, On 17.05.2017 09:48, Alessandro Vesely wrote: > I'd suggest to avoid that. I'd love not having to reintroduce a second maildrop variant. > I use subjunctive because I install Courier from > tarballs rather than Debian packages, except for off-hand tests. In the > latter > case, I get confused by the bewildering amount of Courier packages available > in > the Debian distro —there are 27 of them, correct? Why does that confuse you? An MTA and an IMAP server are clearly distinct things. Just install what you need. I personally didn't ever think of installing "courier". I installed their MTA, their IMAP or POP server. And - I have to admit - not ever their Webmail. I didn't ever want nor need the entire bundle. But I could (in theory), by simply installing all the parts. > My suggestion is to avoid disassembling the Courier tarball. That is, have > maildrop included by default in courier-mta, and possibly merge it with > courier-base as well (why were they split, BTW?) Flexibility. And separation of concerns. I like being able to install courier-imap, but not courier-pop, for example. Or running just the courier-mta without either of the other two. That's quite common for Debian, I'd say. Take the modules for apache's httpd as another example of that practice. Or the fact that Debian ships separate client and server packages for most databases. Kind Regards Markus Wanner signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
Hi, On 17.05.2017 02:44, Sam Varshavchik wrote: > Only one maildrop package is needed. And one courier package, that's it. Unfortunately, there is not separate courier-mta source release. Only the bundle. That's problematic for distributions per se. That's not a Debian specific issue, but generally bad for any distribution. A good read may be: https://wiki.gentoo.org/wiki/Why_not_bundle_dependencies Or Debian's upstream guide, see the section "Pristine Upstream Source": https://wiki.debian.org/UpstreamGuide#Pristine_Upstream_Source > Did you know that there's also a separate courier-imap package? There is a courier-imap package for Debian, built from the courier sources. Are you saying this one is incompatible to the separate courier-imap source release? I strongly hope it's not. (And I had the very same hope for maildrop, but that was utterly wrong in a very non-obvious way, despite proclaimed simplicity...) > And things have been this simpler for over 20 years now. That's how long > things have worked this way, with no issues. People get the right > package for them, compile it, and install it. That's it. Several issues were filed against the duplication in Debian packages for the two different maildrop variants. And the two packages were often out of sync. Please note that there's nothing speaking against a bundle for users who want to compile for themselves (in contrast to using distro packages) and appreciate the bundling. However, for Debian, I'd greatly appreciate separate source tarballs for each individual component. And to live up to the simplicity you're advocating, I'd recommend eliminating any difference between individual components and the bundle. I'm not the first one to be caught by surprise, and I certainly won't be the last one. I'm looking forward to support Courier for Debian. However, I need a bit of understanding and support from upstream. Thank you. Kind Regards Markus Wanner signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
On Tue 16/May/2017 19:06:55 +0200 Markus Wanner wrote: > > I'll check if it's feasible to re-add the courier-maildrop package in > Debian stretch (i.e. the Courier specific variant) I'd suggest to avoid that. I use subjunctive because I install Courier from tarballs rather than Debian packages, except for off-hand tests. In the latter case, I get confused by the bewildering amount of Courier packages available in the Debian distro —there are 27 of them, correct? My suggestion is to avoid disassembling the Courier tarball. That is, have maildrop included by default in courier-mta, and possibly merge it with courier-base as well (why were they split, BTW?) The complete package should conflict with the standalone version of maildrop. Jm2c Ale -- signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: > Markus Wanner writes: > >> I don't quite see how that matters. It's the same set of source files, >> which would need the same set of security fixes, for example. What does >> the duplication of efforts buy us? >> >> I'd rather state that duplication of code is never a good idea, but a >> sign for bad modularization. > > Nothing is duplicated. It's one source repo. Packaging is a > completely different matter. > >> By that reasoning, Debian would have to ship about a dozen variants of >> maildrop packages. That's clearly not going to happen. > > Only one maildrop package is needed. And one courier package, that's it. > >> While I generally agree that it's good practice to remove stuff that's >> really not needed, the courier variant *is* needed (by some users, >> including myself). > > Certainly, and there's a single package that configures and installs > everything: courier. > >> Splitting sources and duplicating efforts only > > Nothing is split. It's the same software, just packaged differently. > >> I'll check if it's feasible to re-add the courier-maildrop package in >> Debian stretch (i.e. the Courier specific variant), but I'd greatly >> appreciate if you could reconsider this split. > > Nothing is split. There are two separate packages, for two separate > situations. One, a single courier package, that includes everything > configured to work together. And the second package is the maildrop > package, configured without any courier dependencies, to be plugged > into other mail servers. That's it. It couldn't be any simpler. > > Did you know that there's also a separate courier-imap package? It's > just the IMAP server component, that can be set up independently, > and glued together with other mail servers. There's also the > sqwebmail package, a mail server-independent webmail server. > > And, of course, the Courier package installs everything, configured > to work with each other. Couldn't be any simpler. > > And things have been this simpler for over 20 years now. That's how > long things have worked this way, with no issues. People get the > right package for them, compile it, and install it. That's it. Hello Sam! I think the Debian maintainer has to bridge the gap of "compile it, and install it" and the strict Debian policies. For example I've learned packaging basics because I would like to have only packages on my servers not individual files without a central system like apt+dpkg. I hope we will find a nice way to package your software by the guidelines of the Debian policies. All the best! SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -------------- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
Markus Wanner writes: I don't quite see how that matters. It's the same set of source files, which would need the same set of security fixes, for example. What does the duplication of efforts buy us? I'd rather state that duplication of code is never a good idea, but a sign for bad modularization. Nothing is duplicated. It's one source repo. Packaging is a completely different matter. By that reasoning, Debian would have to ship about a dozen variants of maildrop packages. That's clearly not going to happen. Only one maildrop package is needed. And one courier package, that's it. While I generally agree that it's good practice to remove stuff that's really not needed, the courier variant *is* needed (by some users, including myself). Certainly, and there's a single package that configures and installs everything: courier. Splitting sources and duplicating efforts only Nothing is split. It's the same software, just packaged differently. I'll check if it's feasible to re-add the courier-maildrop package in Debian stretch (i.e. the Courier specific variant), but I'd greatly appreciate if you could reconsider this split. Nothing is split. There are two separate packages, for two separate situations. One, a single courier package, that includes everything configured to work together. And the second package is the maildrop package, configured without any courier dependencies, to be plugged into other mail servers. That's it. It couldn't be any simpler. Did you know that there's also a separate courier-imap package? It's just the IMAP server component, that can be set up independently, and glued together with other mail servers. There's also the sqwebmail package, a mail server-independent webmail server. And, of course, the Courier package installs everything, configured to work with each other. Couldn't be any simpler. And things have been this simpler for over 20 years now. That's how long things have worked this way, with no issues. People get the right package for them, compile it, and install it. That's it. pgpJLuPCMyOkl.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
On 05/16/2017 05:10 PM, Sam Varshavchik wrote: > They should not be. maildrop is a separate source package. It's a > tarball in of itself, that's built independently. > > Now, the fact that this tarball contains code that's also found in > another, larger, package, that's a different subject. I don't quite see how that matters. It's the same set of source files, which would need the same set of security fixes, for example. What does the duplication of efforts buy us? I'd rather state that duplication of code is never a good idea, but a sign for bad modularization. > The Courier build of maildrop implements a Courier-specific option > that's got ...a bit of juice to it, taking advantage of its temporary > root permissions. > > Although the relevant bits in question do all their due diligence, > checking that the real uid/gid is the one that's baked into the source, > and thusly is only available to Courier, etc., it's good practice to > remove stuff that's not needed. Multiple layers of security. It's better > to keep that code out of the non-Courier specific maildrop, altogether. By that reasoning, Debian would have to ship about a dozen variants of maildrop packages. That's clearly not going to happen. While I generally agree that it's good practice to remove stuff that's really not needed, the courier variant *is* needed (by some users, including myself). Splitting sources and duplicating efforts only reduces overall test coverage and availability of security fixes, so I don't quite see this as an overall gain in security. If nothing else, it would have saved us the current confusion and trouble with maildrop being available in multiple incompatible variants, which aren't clearly distinguishable by name. I'll check if it's feasible to re-add the courier-maildrop package in Debian stretch (i.e. the Courier specific variant), but I'd greatly appreciate if you could reconsider this split. Kind Regards Markus Wanner signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
Markus Wanner writes: I'd quickly like to elaborate on why the former Debian maintainer decided to do that and hope for your understanding: Before, there was a courier-maildrop as well as a (stand-alone) maildrop package. Meaning those two are built from the very same source, but They should not be. maildrop is a separate source package. It's a tarball in of itself, that's built independently. Now, the fact that this tarball contains code that's also found in another, larger, package, that's a different subject. Couldn't most of this configuration be moved to runtime, rather than compile time? The Courier build of maildrop implements a Courier-specific option that's got ...a bit of juice to it, taking advantage of its temporary root permissions. Although the relevant bits in question do all their due diligence, checking that the real uid/gid is the one that's baked into the source, and thusly is only available to Courier, etc., it's good practice to remove stuff that's not needed. Multiple layers of security. It's better to keep that code out of the non-Courier specific maildrop, altogether. pgpIGACk1jI_e.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
Hi, On 05/16/2017 02:27 PM, Sam Varshavchik wrote: > This has been discussed already – that package replaces the maildrop > component with the standalone version of maildrop. This doesn't work > correctly, or rather it won't work without some additional > configuration. I'd quickly like to elaborate on why the former Debian maintainer decided to do that and hope for your understanding: Before, there was a courier-maildrop as well as a (stand-alone) maildrop package. Meaning those two are built from the very same source, but built with different configuration options. From a maintenance and security perspective, that's unfortunate and Debian strives to eliminate duplicate source packages. However, I certainly agree that the current situation is even worse. > That, for all intents and purposes, is maildrop getting > installed with some standalone mail server, and maildrop needs to be set > up to use the same configuration as the mail server, in terms of where > the mail accounts are, who owns them, and each one's userid and groupid. > It's no longer just something that get me dropped in, and work > automatically. Couldn't most of this configuration be moved to runtime, rather than compile time? Kind Regards Markus Wanner signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: > Lucio Crusca writes: > >> but the maildrop manpage reports: >> >> "-V is ignored when maildrop runs in delivery mode." >> >> and maildropfilter manpage reports the same about the VERBOSE variable. > > Then run maildrop manually, yourself. Run maildrop with -V from the > shell, pipe a test message on standard input, and see what it logs. > >> is there any other switch to make maildrop log informations while >> in delivery mode? >> >> Please advice, I'm at a loss. > > Bottom line is that Debian's Courier package is not correctly built. > If you can't figure out a workaround, there's no other option > besides building your own Courier package, from source. Hello Sam! Could you point out some difference that you feel incorrect? It would help much for maintaining the Debian package. SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
It now works: Markus kindly sent me his patch and his custom maildrop 2.8.4 deb package, because he's currently short of time to keep up with the conversation here. I tried to apply his patch to maildrop 2.8.5 sources. The patch gets applied, but configuration fails afterwards for some reason I don't understand (syntax errors). I finally installed the package Markus sent me. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
Lucio Crusca writes: but the maildrop manpage reports: "-V is ignored when maildrop runs in delivery mode." and maildropfilter manpage reports the same about the VERBOSE variable. Then run maildrop manually, yourself. Run maildrop with -V from the shell, pipe a test message on standard input, and see what it logs. is there any other switch to make maildrop log informations while in delivery mode? Please advice, I'm at a loss. Bottom line is that Debian's Courier package is not correctly built. If you can't figure out a workaround, there's no other option besides building your own Courier package, from source. pgpZSidxVvAEO.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
I wrote: > Is it enough to edit that line, make it look like > #ifndef HAVE_COURIER >#define HAVE_COURIER > #endif > > and configure/make/install? I answer myself: no it isn't, because I've tried and that leads to a compile error. Then I've also tried just commenting out the #undef, building, installing, making it SUID root, configuring Courier to use that maildrop as DEFAULTDELIVERY, but still the messages are not actually being delivered into the virtual accounts maildirs, despite the logs not reporting any problem. Sam Varshavchik writes: > look in the .mailfilter file The virtual account I'm testing with has no .mailfilter. I've tried a few things in the default /etc/maildroprc: DEFAULT="$HOME/Maildir" # leads to message not being delivered DEFAULT=./Maildir # same as above DEFAULT=./Maildir/ # maildrop: Unable to open mailbox. # empty file # maildrop: Unable to open mailbox. logfile "/var/log/maildrop.log" # Unable to create log file. During all these tests Courier was using my custom setuid maildrop. Sam Varshavchik writes: > maildrop also has a verbose flag, that causes it to generate its own > logging. but the maildrop manpage reports: "-V is ignored when maildrop runs in delivery mode." and maildropfilter manpage reports the same about the VERBOSE variable. is there any other switch to make maildrop log informations while in delivery mode? Please advice, I'm at a loss. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
I wrote: > What does exactly mean to compile maildrop with HAVE_COURIER? I coulnd't find > any > such option in ./configure and the generated Makefile does not include > it either. I've had a look at the current maildrop stable sources (2.8.5). In the file libs/maildrop/config.h.in I see: #undef HAVE_COURIER at line 7. Is it enough to edit that line, make it look like #ifndef HAVE_COURIER #define HAVE_COURIER #endif and configure/make/install? -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
Markus Wanner writes: > Is this the Debian stretch installation mentioned? > Yes it is. > I'm successfully running a courier installation on Debian stretch with > maildrop compiled manually, ATM. Thanks for sharing, I'm afraid that's what I need to do too. What does exactly mean to compile maildrop with HAVE_COURIER? I coulnd't find any such option in ./configure and the generated Makefile does not include it either. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
On 14.05.2017 20:16, Lucio Crusca wrote: > However if I try to use maildrop alone, with: > > DEFAULTDELIVERY="| /usr/bin/maildrop" > > it stops working again, so I think I have a problem with maildrop rather > than spamd. Is this the Debian stretch installation mentioned? You might have run into an issue caused by the recent removal of the courier-maildrop package, see this issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818377 It boils down to maildrop being compiled without HAVE_COURIER, where as the courier MTA (unsurprisingly) expects that #define to be set. I'm successfully running a courier installation on Debian stretch with maildrop compiled manually, ATM. Kind Regards Markus Wanner Disclaimer: I'm a Debian Developer and recently took over maintenance of the Courier MTA suite. However, I'm not sure we can still solve this maildrop issue in time for the stretch release. Sorry. signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
Lucio Crusca writes: Sam Varshavchik writes: > From the logs, you've configured spamd to be responsible for delivering > mail > > You have to take smaller steps, and get one thing working, at a time. I've now moved spamd out of the way. My previous DEFAULTDELIVERY was DEFAULTDELIVERY="|/usr/bin/spamc|/usr/bin/maildrop" The current one is: DEFAULTDELIVERY=./Maildir and everyting works. However if I try to use maildrop alone, with: DEFAULTDELIVERY="| /usr/bin/maildrop" it stops working again, so I think I have a problem with maildrop rather than spamd. Then, look in the .mailfilter file to see what the delivery instructions are. maildrop also has a verbose flag, that causes it to generate its own logging. pgpB8shQVlAMs.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
Sam Varshavchik writes: > From the logs, you've configured spamd to be responsible for delivering > mail > > You have to take smaller steps, and get one thing working, at a time. I've now moved spamd out of the way. My previous DEFAULTDELIVERY was DEFAULTDELIVERY="|/usr/bin/spamc|/usr/bin/maildrop" The current one is: DEFAULTDELIVERY=./Maildir and everyting works. However if I try to use maildrop alone, with: DEFAULTDELIVERY="| /usr/bin/maildrop" it stops working again, so I think I have a problem with maildrop rather than spamd. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
Lucio Crusca writes: E.g. no files written into the Maildir, despite the "Message delivered" log. I've also tried to access the Maildir with Thunderbird and RoundCube and they both confirm there aren't any messages. I have no clue about what I should check... please help. From the logs, you've configured spamd to be responsible for delivering mail, so you'll have to look in that direction. You can start by completely removing spamd from your configuration, so that it's out of the picture, and with Courier delivering mail directly to the mailbox, confirming that mail delivery works. Once that's settled, you can then bring spamd back into the picture, and work on it. When trying to do too many things at once, if something is broken somewhere it is often not clear where exactly the issue is. You have to take smaller steps, and get one thing working, at a time. pgprDAtl_A3Ms.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Message delivered, but no message in INBOX
4096 May 14 01:05 .. ./Maildir/tmp: total 8 drwx-- 2 mailboxes mailboxes 4096 May 14 01:05 . drwx-- 8 mailboxes mailboxes 4096 May 14 01:05 .. ./Maildir/.Trash: total 20 drwx-- 5 mailboxes mailboxes 4096 May 14 01:05 . drwx-- 8 mailboxes mailboxes 4096 May 14 01:05 .. drwx-- 2 mailboxes mailboxes 4096 May 14 01:05 cur -rw--- 1 mailboxes mailboxes0 May 14 01:05 maildirfolder drwx-- 2 mailboxes mailboxes 4096 May 14 01:05 new drwx-- 2 mailboxes mailboxes 4096 May 14 01:05 tmp ./Maildir/.Trash/cur: total 8 drwx-- 2 mailboxes mailboxes 4096 May 14 01:05 . drwx-- 5 mailboxes mailboxes 4096 May 14 01:05 .. ./Maildir/.Trash/new: total 8 drwx-- 2 mailboxes mailboxes 4096 May 14 01:05 . drwx-- 5 mailboxes mailboxes 4096 May 14 01:05 .. ./Maildir/.Trash/tmp: total 8 drwx-- 2 mailboxes mailboxes 4096 May 14 01:05 . drwx-- 5 mailboxes mailboxes 4096 May 14 01:05 .. E.g. no files written into the Maildir, despite the "Message delivered" log. I've also tried to access the Maildir with Thunderbird and RoundCube and they both confirm there aren't any messages. I have no clue about what I should check... please help. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] 456 Address temporarily unavailable
On 05/13/2017 12:53 AM, Lucio Crusca wrote: > Now for the problem. Out of 6 accounts. 5 do work correctly. For one of > them Courier replies "456 Address temporarily unavailable". > "courier clear" on maxwell does not change the reply I get afterwards. In case it helps: you probably want to look at log entries matching "courierlocal:" and the address that's failing in /var/log/maillog (or Debian's equivalent. I'm unsure if they use that path). You're looking for a failure that occurred before the earliest of your 456 errors, so it might be useful to identify when the first of those occurred. grep courierlocal: /var/log/maillog | grep address # look for a failure earlier than the first 456 -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] 456 Address temporarily unavailable
Lucio Crusca writes: Now for the problem. Out of 6 accounts. 5 do work correctly. For one of them Courier replies "456 Address temporarily unavailable". "courier clear" on maxwell does not change the reply I get afterwards. The 456 occurs only after a previous mail delivery failure. It's a temporary block on an email address that failed delivery. There's nothing to be done about it, the only thing you can do is address the original delivery failure. You need to carefully examine your logs and locate the original delivery failure. The "courier clear" command takes an argument, either the email address or "courier clear all". The email address given to "courier clear" may not necessarily be what you think it is when it is a local address, as a result of mail aliasing. So use "courier clear all" to remove all addresses, then make a delivery attempt, and carefully observe what the logs say. pgpsQjXb2M6Ts.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] 456 Address temporarily unavailable
Hello, I'm trying to configure a new Courier-MTA server at maxwell.virtualbit.it. It's a Debian 9 Stretch system behind a NAT (kvm virtualization) and the installed Courier is the Debian packaged version (0.76.3). I already have another Courier-MTA working at nmx.sulweb.org. This is a production server and it is running Debian 8 Jessie and Courier 0.73.1. The new server (maxwell) is hosting one domain only (studiobertolotto.org) and 6 accounts in that domain, but it is configured to host several domains with virtual accounts. userdb file holds the accounts, no sql nor ldap databases here. The MX record for studiobertolotto.org does currently not point maxwell, so that I can test it before making it a production server (the current MX record points to yet another production server which is not nmx.sulweb.org and it runs Postfix). The 6 accounts maildirs have been populated with real content using imapsync. The current production server (nmx.sulweb.org) does NOT host studiobertolotto.org, and I use it in my email client as smarthost to send emails. It has the following in /etc/courier/esmtproutes: studiobertolotto.org: maxwell.virtualbit.it so that when I try to send a test message to one of the 6 accounts, the message actually gets routed to the new server instead of the real one. Now for the problem. Out of 6 accounts. 5 do work correctly. For one of them Courier replies "456 Address temporarily unavailable". "courier clear" on maxwell does not change the reply I get afterwards. The only difference I could find between that account and the others, is that the non working account maildir contains worth of 21GB of messages, while others are much smaller. However I've no quota configured, no -q option ever used to maildirmake, and virtual accounts, so no filesystem-level quota is possible. What else in my setup can cause a 456 reply? -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Throw-Away EMails
On 2017-05-02 08:20:35 Sam Varshavchik hacked into the keyboard: > Michelle Konzack writes: > >I was not aware, that courier allow this. > > What, the existence of the .courier files themselves? They've been > around for decades, with their functionality identical to the same > functionality in Qmail, which has the same exact concept. No, that courier accept in the USER_HOME a file, which is not owned by the USER. > The fact that they can be created at will – we'll they're just > files, that's all. ...with non-matching user/group -- Michelle KonzackMiila ITSystems @ TDnet GNU/Linux Developer 00372-54541400 signature.asc Description: Digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] extension to email/localname
On 2017-05-02 at 09:12 +0200, Michelle Konzack wrote: > I have just discovered, that if user "www-data" touch the file > "~/.courier-foo" courier accept it and does not complain about a from > file owner! > > I allowed my PHP scripts to create/modify/delete files in the user homes > but only if they do not exist. "Only if they do not exist"? I guess you mean that the php file itself checks it doesn't exist before proceeding, rather than an ACL only allowing that. > It seems, this way the problem is solved! > > Now I have only to solv the problems with aliasses, because I do not > like to expose my "local account" to spammers. > > Mean, my account is I can create any attachments to > it, but it will not work for my alias . > > It would be very handy, if courier support it. > > Thanks for your time Create a user entry for linux4michelle (so it is no longer an alias), with different home but the same Maildir. Regards -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Throw-Away EMails
Michelle Konzack writes: On 2017-05-02 06:58:40 Sam Varshavchik hacked into the keyboard: > Michelle Konzack writes: > > >Removing "~/.courier-default" and use instead "~/.courier-" > >would be a better solution but require root rights (sudo?) to be > >installed from a webinterface... > > Well, it requires the rights to create files in ~; not root but > whichever userid owns that directory. Already discovered... ;-) I was not aware, that courier allow this. What, the existence of the .courier files themselves? They've been around for decades, with their functionality identical to the same functionality in Qmail, which has the same exact concept. The fact that they can be created at will – we'll they're just files, that's all. pgpJu3t1YN79F.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Throw-Away EMails
On 2017-05-02 06:58:40 Sam Varshavchik hacked into the keyboard: > Michelle Konzack writes: > > >Removing "~/.courier-default" and use instead "~/.courier-" > >would be a better solution but require root rights (sudo?) to be > >installed from a webinterface... > > Well, it requires the rights to create files in ~; not root but > whichever userid owns that directory. Already discovered... ;-) I was not aware, that courier allow this. -- Michelle KonzackMiila ITSystems @ TDnet GNU/Linux Developer 00372-54541400 signature.asc Description: Digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Throw-Away EMails
Michelle Konzack writes: Removing "~/.courier-default" and use instead "~/.courier-" would be a better solution but require root rights (sudo?) to be installed from a webinterface... Well, it requires the rights to create files in ~; not root but whichever userid owns that directory. pgpaTMEimqIXb.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] extension to email/localname
Hello Lindsay, On 2017-05-01 12:10:36 Lindsay Haisley hacked into the keyboard: > I don't know if this helps you, but my setup for my personal mail and > toss-off addresses is quite simple, and just works. > > I have a ~/.courier file which is unrelated to my toss-off addresses, > and does a number of things with filtering, but it's beside the point, > and my toss-off addresses don't depend on it. > > If I want to create a toss-off (temporary) address, I just touch the > file ~/.courier-xxx ("xxx" can be anything) to create an empty file I have just discovered, that if user "www-data" touch the file "~/.courier-foo" courier accept it and does not complain about a from file owner! I allowed my PHP scripts to create/modify/delete files in the user homes but only if they do not exist. It seems, this way the problem is solved! Now I have only to solv the problems with aliasses, because I do not like to expose my "local account" to spammers. Mean, my account is I can create any attachments to it, but it will not work for my alias . It would be very handy, if courier support it. Thanks for your time -- Michelle KonzackMiila ITSystems @ TDnet GNU/Linux Developer 00372-54541400 signature.asc Description: Digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Throw-Away EMails
On 2017-05-02 00:18:09 Fred Drueck hacked into the keyboard: > Would it be sufficient to do something with the .courier-aliases? Tell > your users to create something like: > > .courier-forwardtodevnull > > containing: > > | cat > /dev/null > > or whatever you want. I've occasionally done this myself for mail I don't > want to receive. I am user "michelle.konzack" on the system and my account has the files ~/.courier ~/.courier-default ~/.courier-aliasses (which is symlinked into /etc/courier/aliasses/ ) the "~/.courier-default" point to a special filter which can sort out which mails I want to see and are sorted into mailfolder /dev/null ;-) However, I have installed a traffic counter on this filter to get an idea, how much spam I receive over the last 9y since I have installed the domain/server, this mean if I allow all users to do this, my mailserver would accept arround 300-500 GByte of additional spam. Removing "~/.courier-default" and use instead "~/.courier-" would be a better solution but require root rights (sudo?) to be installed from a webinterface... Thanks for your time -- Michelle KonzackMiila ITSystems @ TDnet GNU/Linux Developer 00372-54541400 signature.asc Description: Digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Throw-Away EMails
Good morning, On 2017-05-01 23:14:11 Ángel hacked into the keyboard: > I would probably do it through entries in the database db. But if you > already have "something" editing the aliases file, why not have it run > makealiases, too? I have gotten strange errors while running makealiasses from a script. It seems (on Debian/Wheeze) makealiasses do not like to run from scripts and need a terminal. I have to check this again, but I am currently very bussy with my new Bio Farm in Estonia ;-) since I get in some month 1500 apple/cherry trees. Over the winter I have nothing to do and can go back deeper into IT. -- Michelle KonzackMiila ITSystems @ TDnet GNU/Linux Developer 00372-54541400 signature.asc Description: Digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Throw-Away EMails
Would it be sufficient to do something with the .courier-aliases? Tell your users to create something like: .courier-forwardtodevnull containing: | cat > /dev/null or whatever you want. I've occasionally done this myself for mail I don't want to receive. -Fred On Mon, May 1, 2017 at 6:43 AM, Michelle Konzack <linux4miche...@gmail.com> wrote: > Hello, > > what is the easiest way to allow users to creat throw-away emails? > > I do this somehow over aliases, but when I change/delete one, I have > always to run makealiases. I do not really like the idea, to run a > bashscript from cron all 5 min which check the users aliasses files and > execute makealiasses if a changement has been detected. > > Thanks > > -- > Michelle KonzackMiila ITSystems @ TDnet > GNU/Linux Developer 00372-54541400 > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users > > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Throw-Away EMails
On 2017-05-01 at 13:43 +0200, Michelle Konzack wrote: > Hello, > > what is the easiest way to allow users to creat throw-away emails? > > I do this somehow over aliases, but when I change/delete one, I have > always to run makealiases. I do not really like the idea, to run a > bashscript from cron all 5 min which check the users aliasses files and > execute makealiasses if a changement has been detected. > > Thanks I would probably do it through entries in the database db. But if you already have "something" editing the aliases file, why not have it run makealiases, too? -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users