subject:"\\\\\\\[qmailtoaster\\\\\\\] authentication"

Hi Eric,

Thanks for your help.
Everything is working fine now.
both the internal and external with above configuration in run and tcp.smtp
file.

On Tue, Nov 10, 2020 at 1:04 AM Eric Broch  wrote:

> Can you re-word that question? I don't understand what you're asking.
>
> On 11/9/2020 9:59 AM, Eric Broch wrote:
> > May I check with you if it works internal and external then mail
> > server is working fine right?
> >
>
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>
>

-- 

*Regards,Manikandan.C*

Re: [qmailtoaster] Authentication failed in new server


Can you re-word that question? I don't understand what you're asking.

On 11/9/2020 9:59 AM, Eric Broch wrote:
May I check with you if it works internal and external then mail 
server is working fine right?




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Authentication failed in new server


export SMTPAUTH="-"

On 11/9/2020 9:42 AM, ChandranManikandan wrote:

Hi Eric,

the below config in /var/qmail/supervise/smtp/run

#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
#SPAMDYKE="/usr/bin/spamdyke"
#SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
REQUIRE_AUTH=0
#export FORCETLS=0
export SMTPAUTH=""


exec /usr/bin/softlimit -m 6400 \
     /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
     -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
    # $SPAMDYKE --config-file $SPAMDYKE_CONF \
     $SMTPD $VCHKPW /bin/true 2>&1

and tcp.smtp

127.:allow,RELAYCLIENT="",RBLSMTPD="",NOPFCHECK="1"
192.168.1.:allow,RELAYCLIENT="",RBLSMTPD="",NOPFCHECK="1"
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10"

Now I am able to receive emails from public domains like gmail.

May I check with you if it works internal and external then mail 
server is working fine right?



On Tue, Nov 10, 2020 at 12:23 AM Eric Broch > wrote:


To stop spamdyke

Remove line:

$SPAMDYKE --config-file $SPAMDYKE_CONF \

On 11/9/2020 9:17 AM, ChandranManikandan wrote:

Hi Eric,

In tcp file config below

127.:allow,RELAYCLIENT="",RBLSMTPD="",NOPFCHECK="1"

192.168.1.:allow,RELAYCLIENT="",RBLSMTPD="",NOPFCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan"

:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan"

do i need to add this line is enough
 export SMTPAUTH="-"

On Tue, Nov 10, 2020 at 12:13 AM Eric Broch
mailto:ebr...@whitehorsetc.com>> wrote:

change the run file to this

#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SPAMDYKE="/usr/bin/spamdyke"
SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export SMTPAUTH="-"

exec /usr/bin/softlimit -m 6400 \
 /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c
"$MAXSMTPD" \
 -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
 $SPAMDYKE --config-file $SPAMDYKE_CONF \
 $SMTPD $VCHKPW /bin/true 2>&1

On 11/9/2020 9:10 AM, ChandranManikandan wrote:

in which line need to remove from below run file

#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SPAMDYKE="/usr/bin/spamdyke"
SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
REQUIRE_AUTH=0

exec /usr/bin/softlimit -m 6400 \
     /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c
"$MAXSMTPD" \
     -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
     $SPAMDYKE --config-file $SPAMDYKE_CONF \
     $SMTPD $VCHKPW /bin/true 2>&1

On Tue, Nov 10, 2020 at 12:07 AM Eric Broch
mailto:ebr...@whitehorsetc.com>>
wrote:

Remove spamdyke from /var/qmail/supervise/smtp/run and
let's see what happens.

On 11/9/2020 9:05 AM, ChandranManikandan wrote:

Yes Eric,
Full log here
Nov  9 23:43:01 mail spamdyke[25135]: DENIED_OTHER
from: x...@gmail.com  to:
x...@example.com  origin_ip:
209.85.210.44 origin_rdns: mail-ot1-f44.google.com
 auth:
(unknown) encryption: TLS reason:
451_mail_server_temporarily_rejected_message_(#4.3.0)

On Tue, Nov 10, 2020 at 12:01 AM Eric Broch
mailto:ebr...@whitehorsetc.com>> wrote:

Is spamd and clamd started?

Is that message from /var/log/maillog?

On 11/9/2020 8:57 AM, ChandranManikandan wrote:

Hi Eric,

Thanks,
qmail-1.03-3.3.1.qt.el7.x86_64
qmailmrtg-4.2-3.qt.el7.x86_64
qmailadmin-1.2.16-3.2.qt.el7.x86_64

It's working now after a change in squirrelmail
config file.

But one other issue comes
Emails are delivered to internal and external domains
but email is not received from an external server.

I checked in the below error message showing.

Re: [qmailtoaster] Authentication failed in new server

Hi Eric,

the below config in /var/qmail/supervise/smtp/run

#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
#SPAMDYKE="/usr/bin/spamdyke"
#SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
REQUIRE_AUTH=0
#export FORCETLS=0
export SMTPAUTH=""


exec /usr/bin/softlimit -m 6400 \
 /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
 -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
# $SPAMDYKE --config-file $SPAMDYKE_CONF \
 $SMTPD $VCHKPW /bin/true 2>&1

and tcp.smtp

127.:allow,RELAYCLIENT="",RBLSMTPD="",NOPFCHECK="1"
192.168.1.:allow,RELAYCLIENT="",RBLSMTPD="",NOPFCHECK="1"
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10"

Now I am able to receive emails from public domains like gmail.

May I check with you if it works internal and external then mail server is
working fine right?


On Tue, Nov 10, 2020 at 12:23 AM Eric Broch  wrote:

> To stop spamdyke
>
> Remove line:
>
> $SPAMDYKE --config-file $SPAMDYKE_CONF \
> On 11/9/2020 9:17 AM, ChandranManikandan wrote:
>
> Hi Eric,
>
> In tcp file config below
>
> 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOPFCHECK="1"
> 192.168.1.:
> allow,RELAYCLIENT="",RBLSMTPD="",NOPFCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan"
>
> :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan"
>
> do i need to add this line is enough
>  export SMTPAUTH="-"
>
> On Tue, Nov 10, 2020 at 12:13 AM Eric Broch 
> wrote:
>
>> change the run file to this
>>
>> #!/bin/sh
>> QMAILDUID=`id -u vpopmail`
>> NOFILESGID=`id -g vpopmail`
>> MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
>> SPAMDYKE="/usr/bin/spamdyke"
>> SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
>> SMTPD="/var/qmail/bin/qmail-smtpd"
>> TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
>> HOSTNAME=`hostname`
>> VCHKPW="/home/vpopmail/bin/vchkpw"
>> export SMTPAUTH="-"
>>
>> exec /usr/bin/softlimit -m 6400 \
>>  /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
>>  -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
>>  $SPAMDYKE --config-file $SPAMDYKE_CONF \
>>  $SMTPD $VCHKPW /bin/true 2>&1
>>
>> On 11/9/2020 9:10 AM, ChandranManikandan wrote:
>>
>> in which line need to remove from below run file
>>
>> #!/bin/sh
>> QMAILDUID=`id -u vpopmail`
>> NOFILESGID=`id -g vpopmail`
>> MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
>> SPAMDYKE="/usr/bin/spamdyke"
>> SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
>> SMTPD="/var/qmail/bin/qmail-smtpd"
>> TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
>> HOSTNAME=`hostname`
>> VCHKPW="/home/vpopmail/bin/vchkpw"
>> REQUIRE_AUTH=0
>>
>> exec /usr/bin/softlimit -m 6400 \
>>  /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
>>  -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
>>  $SPAMDYKE --config-file $SPAMDYKE_CONF \
>>  $SMTPD $VCHKPW /bin/true 2>&1
>>
>> On Tue, Nov 10, 2020 at 12:07 AM Eric Broch 
>> wrote:
>>
>>> Remove spamdyke from /var/qmail/supervise/smtp/run and let's see what
>>> happens.
>>> On 11/9/2020 9:05 AM, ChandranManikandan wrote:
>>>
>>> Yes Eric,
>>> Full log here
>>> Nov  9 23:43:01 mail spamdyke[25135]: DENIED_OTHER from: x...@gmail.com
>>> to: x...@example.com origin_ip: 209.85.210.44 origin_rdns:
>>> mail-ot1-f44.google.com auth: (unknown) encryption: TLS reason:
>>> 451_mail_server_temporarily_rejected_message_(#4.3.0)
>>>
>>> On Tue, Nov 10, 2020 at 12:01 AM Eric Broch 
>>> wrote:
>>>
 Is spamd and clamd started?

 Is that message from /var/log/maillog?
 On 11/9/2020 8:57 AM, ChandranManikandan wrote:

 Hi Eric,

 Thanks,
 qmail-1.03-3.3.1.qt.el7.x86_64
 qmailmrtg-4.2-3.qt.el7.x86_64
 qmailadmin-1.2.16-3.2.qt.el7.x86_64

 It's working now after a change in squirrelmail config file.

 But one other issue comes
 Emails are delivered to internal and external domains
 but email is not received from an external server.

 I checked in the below error message showing.

 encryption: TLS reason: 451 mail server temporarily
 rejected_message_(#4.3.0)

 I have installed letsencrypt ssl and done dovecot conf and httpd
 virtual host 80 port
 Please let me know what could cause it or misconfiguration.

 webmail also showing only http not https after installing letsencrypt.
 Do I need to install the ssl package?








 On Mon, Nov 9, 2020 at 11:52 PM Eric Broch 
 wrote:

> What version of qmail are you running?
>
>
> On 11/9/2020 8:44 AM, Eric Broch wrote:
>
> Change:
>
> /etc/tcprules.d/tcp.smtp
>
> To:
>
> 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1",SMTPDEBUG="1"

Re: [qmailtoaster] Authentication failed in new server


To stop spamdyke

Remove line:

$SPAMDYKE --config-file $SPAMDYKE_CONF \

On 11/9/2020 9:17 AM, ChandranManikandan wrote:

Hi Eric,

In tcp file config below

127.:allow,RELAYCLIENT="",RBLSMTPD="",NOPFCHECK="1"
192.168.1.:allow,RELAYCLIENT="",RBLSMTPD="",NOPFCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan"
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan"

do i need to add this line is enough
 export SMTPAUTH="-"

On Tue, Nov 10, 2020 at 12:13 AM Eric Broch > wrote:


change the run file to this

#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SPAMDYKE="/usr/bin/spamdyke"
SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export SMTPAUTH="-"

exec /usr/bin/softlimit -m 6400 \
 /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c
"$MAXSMTPD" \
 -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
 $SPAMDYKE --config-file $SPAMDYKE_CONF \
 $SMTPD $VCHKPW /bin/true 2>&1

On 11/9/2020 9:10 AM, ChandranManikandan wrote:

in which line need to remove from below run file

#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SPAMDYKE="/usr/bin/spamdyke"
SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
REQUIRE_AUTH=0

exec /usr/bin/softlimit -m 6400 \
     /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c
"$MAXSMTPD" \
     -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
     $SPAMDYKE --config-file $SPAMDYKE_CONF \
     $SMTPD $VCHKPW /bin/true 2>&1

On Tue, Nov 10, 2020 at 12:07 AM Eric Broch
mailto:ebr...@whitehorsetc.com>> wrote:

Remove spamdyke from /var/qmail/supervise/smtp/run and let's
see what happens.

On 11/9/2020 9:05 AM, ChandranManikandan wrote:

Yes Eric,
Full log here
Nov  9 23:43:01 mail spamdyke[25135]: DENIED_OTHER from:
x...@gmail.com  to: x...@example.com
 origin_ip: 209.85.210.44
origin_rdns: mail-ot1-f44.google.com
 auth: (unknown) encryption:
TLS reason:
451_mail_server_temporarily_rejected_message_(#4.3.0)

On Tue, Nov 10, 2020 at 12:01 AM Eric Broch
mailto:ebr...@whitehorsetc.com>>
wrote:

Is spamd and clamd started?

Is that message from /var/log/maillog?

On 11/9/2020 8:57 AM, ChandranManikandan wrote:

Hi Eric,

Thanks,
qmail-1.03-3.3.1.qt.el7.x86_64
qmailmrtg-4.2-3.qt.el7.x86_64
qmailadmin-1.2.16-3.2.qt.el7.x86_64

It's working now after a change in squirrelmail config
file.

But one other issue comes
Emails are delivered to internal and external domains
but email is not received from an external server.

I checked in the below error message showing.

encryption: TLS reason: 451 mail server temporarily
rejected_message_(#4.3.0)

I have installed letsencrypt ssl and done dovecot conf
and httpd virtual host 80 port
Please let me know what could cause it or misconfiguration.

webmail also showing only http not https after
installing letsencrypt.
Do I need to install the ssl package?








On Mon, Nov 9, 2020 at 11:52 PM Eric Broch
mailto:ebr...@whitehorsetc.com>> wrote:

What version of qmail are you running?


On 11/9/2020 8:44 AM, Eric Broch wrote:


Change:

/etc/tcprules.d/tcp.smtp

To:


127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1",SMTPDEBUG="1"

:allow,SIMSCAN_DEBUG="5",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",NOP0FCHECK="1"


Change:

/etc/squirrelmail/config_local.php

From:

$smtpServerAddress  = 'localhost';
$smtpPort   = 465;
$smtp_auth_mech = 'login';
$use_smtp_tls = true;

To:

$smtpServerAddress  = 'localhost';
$smtpPort   = 25;

On 11/9/2020 7:51 AM, ChandranManikandan wrote:

Hi Eric & Friends,

I have

Re: [qmailtoaster] Authentication failed in new server


Yes

On 11/9/2020 9:17 AM, ChandranManikandan wrote:

Hi Eric,

In tcp file config below

127.:allow,RELAYCLIENT="",RBLSMTPD="",NOPFCHECK="1"
192.168.1.:allow,RELAYCLIENT="",RBLSMTPD="",NOPFCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan"
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan"

do i need to add this line is enough
 export SMTPAUTH="-"

On Tue, Nov 10, 2020 at 12:13 AM Eric Broch > wrote:


change the run file to this

#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SPAMDYKE="/usr/bin/spamdyke"
SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export SMTPAUTH="-"

exec /usr/bin/softlimit -m 6400 \
 /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c
"$MAXSMTPD" \
 -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
 $SPAMDYKE --config-file $SPAMDYKE_CONF \
 $SMTPD $VCHKPW /bin/true 2>&1

On 11/9/2020 9:10 AM, ChandranManikandan wrote:

in which line need to remove from below run file

#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SPAMDYKE="/usr/bin/spamdyke"
SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
REQUIRE_AUTH=0

exec /usr/bin/softlimit -m 6400 \
     /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c
"$MAXSMTPD" \
     -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
     $SPAMDYKE --config-file $SPAMDYKE_CONF \
     $SMTPD $VCHKPW /bin/true 2>&1

On Tue, Nov 10, 2020 at 12:07 AM Eric Broch
mailto:ebr...@whitehorsetc.com>> wrote:

Remove spamdyke from /var/qmail/supervise/smtp/run and let's
see what happens.

On 11/9/2020 9:05 AM, ChandranManikandan wrote:

Yes Eric,
Full log here
Nov  9 23:43:01 mail spamdyke[25135]: DENIED_OTHER from:
x...@gmail.com  to: x...@example.com
 origin_ip: 209.85.210.44
origin_rdns: mail-ot1-f44.google.com
 auth: (unknown) encryption:
TLS reason:
451_mail_server_temporarily_rejected_message_(#4.3.0)

On Tue, Nov 10, 2020 at 12:01 AM Eric Broch
mailto:ebr...@whitehorsetc.com>>
wrote:

Is spamd and clamd started?

Is that message from /var/log/maillog?

On 11/9/2020 8:57 AM, ChandranManikandan wrote:

Hi Eric,

Thanks,
qmail-1.03-3.3.1.qt.el7.x86_64
qmailmrtg-4.2-3.qt.el7.x86_64
qmailadmin-1.2.16-3.2.qt.el7.x86_64

It's working now after a change in squirrelmail config
file.

But one other issue comes
Emails are delivered to internal and external domains
but email is not received from an external server.

I checked in the below error message showing.

encryption: TLS reason: 451 mail server temporarily
rejected_message_(#4.3.0)

I have installed letsencrypt ssl and done dovecot conf
and httpd virtual host 80 port
Please let me know what could cause it or misconfiguration.

webmail also showing only http not https after
installing letsencrypt.
Do I need to install the ssl package?








On Mon, Nov 9, 2020 at 11:52 PM Eric Broch
mailto:ebr...@whitehorsetc.com>> wrote:

What version of qmail are you running?


On 11/9/2020 8:44 AM, Eric Broch wrote:


Change:

/etc/tcprules.d/tcp.smtp

To:


127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1",SMTPDEBUG="1"

:allow,SIMSCAN_DEBUG="5",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",NOP0FCHECK="1"


Change:

/etc/squirrelmail/config_local.php

From:

$smtpServerAddress  = 'localhost';
$smtpPort   = 465;
$smtp_auth_mech = 'login';
$use_smtp_tls = true;

To:

$smtpServerAddress  = 'localhost';
$smtpPort   = 25;

On 11/9/2020 7:51 AM, ChandranManikandan wrote:

Hi Eric & Friends,

I have installed new COS 7 and configure the COS7
qmail steps

Re: [qmailtoaster] Authentication failed in new server


and  REQUIRE_AUTH=0 is unnecessary.

On 11/9/2020 9:17 AM, ChandranManikandan wrote:

Hi Eric,

In tcp file config below

127.:allow,RELAYCLIENT="",RBLSMTPD="",NOPFCHECK="1"
192.168.1.:allow,RELAYCLIENT="",RBLSMTPD="",NOPFCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan"
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan"

do i need to add this line is enough
 export SMTPAUTH="-"

On Tue, Nov 10, 2020 at 12:13 AM Eric Broch > wrote:


change the run file to this

#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SPAMDYKE="/usr/bin/spamdyke"
SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export SMTPAUTH="-"

exec /usr/bin/softlimit -m 6400 \
 /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c
"$MAXSMTPD" \
 -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
 $SPAMDYKE --config-file $SPAMDYKE_CONF \
 $SMTPD $VCHKPW /bin/true 2>&1

On 11/9/2020 9:10 AM, ChandranManikandan wrote:

in which line need to remove from below run file

#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SPAMDYKE="/usr/bin/spamdyke"
SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
REQUIRE_AUTH=0

exec /usr/bin/softlimit -m 6400 \
     /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c
"$MAXSMTPD" \
     -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
     $SPAMDYKE --config-file $SPAMDYKE_CONF \
     $SMTPD $VCHKPW /bin/true 2>&1

On Tue, Nov 10, 2020 at 12:07 AM Eric Broch
mailto:ebr...@whitehorsetc.com>> wrote:

Remove spamdyke from /var/qmail/supervise/smtp/run and let's
see what happens.

On 11/9/2020 9:05 AM, ChandranManikandan wrote:

Yes Eric,
Full log here
Nov  9 23:43:01 mail spamdyke[25135]: DENIED_OTHER from:
x...@gmail.com  to: x...@example.com
 origin_ip: 209.85.210.44
origin_rdns: mail-ot1-f44.google.com
 auth: (unknown) encryption:
TLS reason:
451_mail_server_temporarily_rejected_message_(#4.3.0)

On Tue, Nov 10, 2020 at 12:01 AM Eric Broch
mailto:ebr...@whitehorsetc.com>>
wrote:

Is spamd and clamd started?

Is that message from /var/log/maillog?

On 11/9/2020 8:57 AM, ChandranManikandan wrote:

Hi Eric,

Thanks,
qmail-1.03-3.3.1.qt.el7.x86_64
qmailmrtg-4.2-3.qt.el7.x86_64
qmailadmin-1.2.16-3.2.qt.el7.x86_64

It's working now after a change in squirrelmail config
file.

But one other issue comes
Emails are delivered to internal and external domains
but email is not received from an external server.

I checked in the below error message showing.

encryption: TLS reason: 451 mail server temporarily
rejected_message_(#4.3.0)

I have installed letsencrypt ssl and done dovecot conf
and httpd virtual host 80 port
Please let me know what could cause it or misconfiguration.

webmail also showing only http not https after
installing letsencrypt.
Do I need to install the ssl package?








On Mon, Nov 9, 2020 at 11:52 PM Eric Broch
mailto:ebr...@whitehorsetc.com>> wrote:

What version of qmail are you running?


On 11/9/2020 8:44 AM, Eric Broch wrote:


Change:

/etc/tcprules.d/tcp.smtp

To:


127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1",SMTPDEBUG="1"

:allow,SIMSCAN_DEBUG="5",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",NOP0FCHECK="1"


Change:

/etc/squirrelmail/config_local.php

From:

$smtpServerAddress  = 'localhost';
$smtpPort   = 465;
$smtp_auth_mech = 'login';
$use_smtp_tls = true;

To:

$smtpServerAddress  = 'localhost';
$smtpPort   = 25;

On 11/9/2020 7:51 AM, ChandranManikandan wrote:

Hi Eric & Friends,

I have installed new COS 7 and configure the COS7

Re: [qmailtoaster] Authentication failed in new server

Hi Eric,

In tcp file config below

127.:allow,RELAYCLIENT="",RBLSMTPD="",NOPFCHECK="1"
192.168.1.:
allow,RELAYCLIENT="",RBLSMTPD="",NOPFCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan"
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan"

do i need to add this line is enough
 export SMTPAUTH="-"

On Tue, Nov 10, 2020 at 12:13 AM Eric Broch  wrote:

> change the run file to this
>
> #!/bin/sh
> QMAILDUID=`id -u vpopmail`
> NOFILESGID=`id -g vpopmail`
> MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
> SPAMDYKE="/usr/bin/spamdyke"
> SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
> SMTPD="/var/qmail/bin/qmail-smtpd"
> TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
> HOSTNAME=`hostname`
> VCHKPW="/home/vpopmail/bin/vchkpw"
> export SMTPAUTH="-"
>
> exec /usr/bin/softlimit -m 6400 \
>  /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
>  -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
>  $SPAMDYKE --config-file $SPAMDYKE_CONF \
>  $SMTPD $VCHKPW /bin/true 2>&1
>
> On 11/9/2020 9:10 AM, ChandranManikandan wrote:
>
> in which line need to remove from below run file
>
> #!/bin/sh
> QMAILDUID=`id -u vpopmail`
> NOFILESGID=`id -g vpopmail`
> MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
> SPAMDYKE="/usr/bin/spamdyke"
> SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
> SMTPD="/var/qmail/bin/qmail-smtpd"
> TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
> HOSTNAME=`hostname`
> VCHKPW="/home/vpopmail/bin/vchkpw"
> REQUIRE_AUTH=0
>
> exec /usr/bin/softlimit -m 6400 \
>  /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
>  -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
>  $SPAMDYKE --config-file $SPAMDYKE_CONF \
>  $SMTPD $VCHKPW /bin/true 2>&1
>
> On Tue, Nov 10, 2020 at 12:07 AM Eric Broch 
> wrote:
>
>> Remove spamdyke from /var/qmail/supervise/smtp/run and let's see what
>> happens.
>> On 11/9/2020 9:05 AM, ChandranManikandan wrote:
>>
>> Yes Eric,
>> Full log here
>> Nov  9 23:43:01 mail spamdyke[25135]: DENIED_OTHER from: x...@gmail.com
>> to: x...@example.com origin_ip: 209.85.210.44 origin_rdns:
>> mail-ot1-f44.google.com auth: (unknown) encryption: TLS reason:
>> 451_mail_server_temporarily_rejected_message_(#4.3.0)
>>
>> On Tue, Nov 10, 2020 at 12:01 AM Eric Broch 
>> wrote:
>>
>>> Is spamd and clamd started?
>>>
>>> Is that message from /var/log/maillog?
>>> On 11/9/2020 8:57 AM, ChandranManikandan wrote:
>>>
>>> Hi Eric,
>>>
>>> Thanks,
>>> qmail-1.03-3.3.1.qt.el7.x86_64
>>> qmailmrtg-4.2-3.qt.el7.x86_64
>>> qmailadmin-1.2.16-3.2.qt.el7.x86_64
>>>
>>> It's working now after a change in squirrelmail config file.
>>>
>>> But one other issue comes
>>> Emails are delivered to internal and external domains
>>> but email is not received from an external server.
>>>
>>> I checked in the below error message showing.
>>>
>>> encryption: TLS reason: 451 mail server temporarily
>>> rejected_message_(#4.3.0)
>>>
>>> I have installed letsencrypt ssl and done dovecot conf and httpd virtual
>>> host 80 port
>>> Please let me know what could cause it or misconfiguration.
>>>
>>> webmail also showing only http not https after installing letsencrypt.
>>> Do I need to install the ssl package?
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Mon, Nov 9, 2020 at 11:52 PM Eric Broch 
>>> wrote:
>>>
 What version of qmail are you running?


 On 11/9/2020 8:44 AM, Eric Broch wrote:

 Change:

 /etc/tcprules.d/tcp.smtp

 To:

 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1",SMTPDEBUG="1"

 :allow,SIMSCAN_DEBUG="5",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",NOP0FCHECK="1"


 Change:

 /etc/squirrelmail/config_local.php

 From:

 $smtpServerAddress  = 'localhost';
 $smtpPort   = 465;
 $smtp_auth_mech = 'login';
 $use_smtp_tls = true;

 To:

 $smtpServerAddress  = 'localhost';
 $smtpPort   = 25;
 On 11/9/2020 7:51 AM, ChandranManikandan wrote:

 Hi Eric & Friends,

 I have installed new COS 7 and configure the COS7 qmail steps after
 done everything,
 i tried to send email from squirrelmail with the same server the below
 message comes.
 What i missed in any configuration
 i just install qmailtoaster setup from qmailtoaster.com.

 Anyone quick response.
 Its very urgent to fix this issue.
 Appreciate your help.

 --


 *Regards, Manikandan.C *


>>>
>>> --
>>>
>>>
>>> *Regards, Manikandan.C *
>>>
>>>
>>
>> --
>>
>>
>> *Regards, Manikandan.C *
>>
>>
>
> --
>
>
> *Regards, Manikandan.C *
>
>

-- 


*Regards,Manikandan.C*

Re: [qmailtoaster] Authentication failed in new server


change the run file to this

#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SPAMDYKE="/usr/bin/spamdyke"
SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export SMTPAUTH="-"

exec /usr/bin/softlimit -m 6400 \
 /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
 -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
 $SPAMDYKE --config-file $SPAMDYKE_CONF \
 $SMTPD $VCHKPW /bin/true 2>&1

On 11/9/2020 9:10 AM, ChandranManikandan wrote:

in which line need to remove from below run file

#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SPAMDYKE="/usr/bin/spamdyke"
SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
REQUIRE_AUTH=0

exec /usr/bin/softlimit -m 6400 \
     /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
     -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
     $SPAMDYKE --config-file $SPAMDYKE_CONF \
     $SMTPD $VCHKPW /bin/true 2>&1

On Tue, Nov 10, 2020 at 12:07 AM Eric Broch > wrote:


Remove spamdyke from /var/qmail/supervise/smtp/run and let's see
what happens.

On 11/9/2020 9:05 AM, ChandranManikandan wrote:

Yes Eric,
Full log here
Nov  9 23:43:01 mail spamdyke[25135]: DENIED_OTHER from:
x...@gmail.com  to: x...@example.com
 origin_ip: 209.85.210.44 origin_rdns:
mail-ot1-f44.google.com  auth:
(unknown) encryption: TLS reason:
451_mail_server_temporarily_rejected_message_(#4.3.0)

On Tue, Nov 10, 2020 at 12:01 AM Eric Broch
mailto:ebr...@whitehorsetc.com>> wrote:

Is spamd and clamd started?

Is that message from /var/log/maillog?

On 11/9/2020 8:57 AM, ChandranManikandan wrote:

Hi Eric,

Thanks,
qmail-1.03-3.3.1.qt.el7.x86_64
qmailmrtg-4.2-3.qt.el7.x86_64
qmailadmin-1.2.16-3.2.qt.el7.x86_64

It's working now after a change in squirrelmail config file.

But one other issue comes
Emails are delivered to internal and external domains
but email is not received from an external server.

I checked in the below error message showing.

encryption: TLS reason: 451 mail server temporarily
rejected_message_(#4.3.0)

I have installed letsencrypt ssl and done dovecot conf and
httpd virtual host 80 port
Please let me know what could cause it or misconfiguration.

webmail also showing only http not https after installing
letsencrypt.
Do I need to install the ssl package?








On Mon, Nov 9, 2020 at 11:52 PM Eric Broch
mailto:ebr...@whitehorsetc.com>>
wrote:

What version of qmail are you running?


On 11/9/2020 8:44 AM, Eric Broch wrote:


Change:

/etc/tcprules.d/tcp.smtp

To:

127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1",SMTPDEBUG="1"

:allow,SIMSCAN_DEBUG="5",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",NOP0FCHECK="1"


Change:

/etc/squirrelmail/config_local.php

From:

$smtpServerAddress  = 'localhost';
$smtpPort   = 465;
$smtp_auth_mech = 'login';
$use_smtp_tls = true;

To:

$smtpServerAddress  = 'localhost';
$smtpPort   = 25;

On 11/9/2020 7:51 AM, ChandranManikandan wrote:

Hi Eric & Friends,

I have installed new COS 7 and configure the COS7
qmail steps after done everything,
i tried to send email from squirrelmail with the same
server the below message comes.
What i missed in any configuration
i just install qmailtoaster setup from
qmailtoaster.com .

Anyone quick response.
Its very urgent to fix this issue.
Appreciate your help.

-- 
*/Regards,

Manikandan.C
/*




-- 
*/Regards,

Manikandan.C
/*




-- 
*/Regards,

Manikandan.C
/*




--
*/Regards,
Manikandan.C
/*

Re: [qmailtoaster] Authentication failed in new server

in which line need to remove from below run file

#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SPAMDYKE="/usr/bin/spamdyke"
SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
REQUIRE_AUTH=0

exec /usr/bin/softlimit -m 6400 \
 /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
 -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
 $SPAMDYKE --config-file $SPAMDYKE_CONF \
 $SMTPD $VCHKPW /bin/true 2>&1

On Tue, Nov 10, 2020 at 12:07 AM Eric Broch  wrote:

> Remove spamdyke from /var/qmail/supervise/smtp/run and let's see what
> happens.
> On 11/9/2020 9:05 AM, ChandranManikandan wrote:
>
> Yes Eric,
> Full log here
> Nov  9 23:43:01 mail spamdyke[25135]: DENIED_OTHER from: x...@gmail.com
> to: x...@example.com origin_ip: 209.85.210.44 origin_rdns:
> mail-ot1-f44.google.com auth: (unknown) encryption: TLS reason:
> 451_mail_server_temporarily_rejected_message_(#4.3.0)
>
> On Tue, Nov 10, 2020 at 12:01 AM Eric Broch 
> wrote:
>
>> Is spamd and clamd started?
>>
>> Is that message from /var/log/maillog?
>> On 11/9/2020 8:57 AM, ChandranManikandan wrote:
>>
>> Hi Eric,
>>
>> Thanks,
>> qmail-1.03-3.3.1.qt.el7.x86_64
>> qmailmrtg-4.2-3.qt.el7.x86_64
>> qmailadmin-1.2.16-3.2.qt.el7.x86_64
>>
>> It's working now after a change in squirrelmail config file.
>>
>> But one other issue comes
>> Emails are delivered to internal and external domains
>> but email is not received from an external server.
>>
>> I checked in the below error message showing.
>>
>> encryption: TLS reason: 451 mail server temporarily
>> rejected_message_(#4.3.0)
>>
>> I have installed letsencrypt ssl and done dovecot conf and httpd virtual
>> host 80 port
>> Please let me know what could cause it or misconfiguration.
>>
>> webmail also showing only http not https after installing letsencrypt.
>> Do I need to install the ssl package?
>>
>>
>>
>>
>>
>>
>>
>>
>> On Mon, Nov 9, 2020 at 11:52 PM Eric Broch 
>> wrote:
>>
>>> What version of qmail are you running?
>>>
>>>
>>> On 11/9/2020 8:44 AM, Eric Broch wrote:
>>>
>>> Change:
>>>
>>> /etc/tcprules.d/tcp.smtp
>>>
>>> To:
>>>
>>> 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1",SMTPDEBUG="1"
>>>
>>> :allow,SIMSCAN_DEBUG="5",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",NOP0FCHECK="1"
>>>
>>>
>>> Change:
>>>
>>> /etc/squirrelmail/config_local.php
>>>
>>> From:
>>>
>>> $smtpServerAddress  = 'localhost';
>>> $smtpPort   = 465;
>>> $smtp_auth_mech = 'login';
>>> $use_smtp_tls = true;
>>>
>>> To:
>>>
>>> $smtpServerAddress  = 'localhost';
>>> $smtpPort   = 25;
>>> On 11/9/2020 7:51 AM, ChandranManikandan wrote:
>>>
>>> Hi Eric & Friends,
>>>
>>> I have installed new COS 7 and configure the COS7 qmail steps after done
>>> everything,
>>> i tried to send email from squirrelmail with the same server the below
>>> message comes.
>>> What i missed in any configuration
>>> i just install qmailtoaster setup from qmailtoaster.com.
>>>
>>> Anyone quick response.
>>> Its very urgent to fix this issue.
>>> Appreciate your help.
>>>
>>> --
>>>
>>>
>>> *Regards, Manikandan.C *
>>>
>>>
>>
>> --
>>
>>
>> *Regards, Manikandan.C *
>>
>>
>
> --
>
>
> *Regards, Manikandan.C *
>
>

-- 


*Regards,Manikandan.C*

Re: [qmailtoaster] Authentication failed in new server


Before you remove spamdyke check out what's in

/etc/tcprules.d/tcp.smtp and post to the list.

On 11/9/2020 9:05 AM, ChandranManikandan wrote:

Yes Eric,
Full log here
Nov  9 23:43:01 mail spamdyke[25135]: DENIED_OTHER from: x...@gmail.com 
 to: x...@example.com  
origin_ip: 209.85.210.44 origin_rdns: mail-ot1-f44.google.com 
 auth: (unknown) encryption: TLS 
reason: 451_mail_server_temporarily_rejected_message_(#4.3.0)


On Tue, Nov 10, 2020 at 12:01 AM Eric Broch > wrote:


Is spamd and clamd started?

Is that message from /var/log/maillog?

On 11/9/2020 8:57 AM, ChandranManikandan wrote:

Hi Eric,

Thanks,
qmail-1.03-3.3.1.qt.el7.x86_64
qmailmrtg-4.2-3.qt.el7.x86_64
qmailadmin-1.2.16-3.2.qt.el7.x86_64

It's working now after a change in squirrelmail config file.

But one other issue comes
Emails are delivered to internal and external domains
but email is not received from an external server.

I checked in the below error message showing.

encryption: TLS reason: 451 mail server temporarily
rejected_message_(#4.3.0)

I have installed letsencrypt ssl and done dovecot conf and httpd
virtual host 80 port
Please let me know what could cause it or misconfiguration.

webmail also showing only http not https after installing
letsencrypt.
Do I need to install the ssl package?








On Mon, Nov 9, 2020 at 11:52 PM Eric Broch
mailto:ebr...@whitehorsetc.com>> wrote:

What version of qmail are you running?


On 11/9/2020 8:44 AM, Eric Broch wrote:


Change:

/etc/tcprules.d/tcp.smtp

To:

127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1",SMTPDEBUG="1"

:allow,SIMSCAN_DEBUG="5",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",NOP0FCHECK="1"


Change:

/etc/squirrelmail/config_local.php

From:

$smtpServerAddress  = 'localhost';
$smtpPort   = 465;
$smtp_auth_mech = 'login';
$use_smtp_tls = true;

To:

$smtpServerAddress  = 'localhost';
$smtpPort   = 25;

On 11/9/2020 7:51 AM, ChandranManikandan wrote:

Hi Eric & Friends,

I have installed new COS 7 and configure the COS7 qmail
steps after done everything,
i tried to send email from squirrelmail with the same
server the below message comes.
What i missed in any configuration
i just install qmailtoaster setup from qmailtoaster.com
.

Anyone quick response.
Its very urgent to fix this issue.
Appreciate your help.

-- 
*/Regards,

Manikandan.C
/*




-- 
*/Regards,

Manikandan.C
/*




--
*/Regards,
Manikandan.C
/*

Re: [qmailtoaster] Authentication failed in new server

Remove spamdyke from /var/qmail/supervise/smtp/run and let's see what 
happens.


On 11/9/2020 9:05 AM, ChandranManikandan wrote:

Yes Eric,
Full log here
Nov  9 23:43:01 mail spamdyke[25135]: DENIED_OTHER from: x...@gmail.com 
 to: x...@example.com  
origin_ip: 209.85.210.44 origin_rdns: mail-ot1-f44.google.com 
 auth: (unknown) encryption: TLS 
reason: 451_mail_server_temporarily_rejected_message_(#4.3.0)


On Tue, Nov 10, 2020 at 12:01 AM Eric Broch > wrote:


Is spamd and clamd started?

Is that message from /var/log/maillog?

On 11/9/2020 8:57 AM, ChandranManikandan wrote:

Hi Eric,

Thanks,
qmail-1.03-3.3.1.qt.el7.x86_64
qmailmrtg-4.2-3.qt.el7.x86_64
qmailadmin-1.2.16-3.2.qt.el7.x86_64

It's working now after a change in squirrelmail config file.

But one other issue comes
Emails are delivered to internal and external domains
but email is not received from an external server.

I checked in the below error message showing.

encryption: TLS reason: 451 mail server temporarily
rejected_message_(#4.3.0)

I have installed letsencrypt ssl and done dovecot conf and httpd
virtual host 80 port
Please let me know what could cause it or misconfiguration.

webmail also showing only http not https after installing
letsencrypt.
Do I need to install the ssl package?








On Mon, Nov 9, 2020 at 11:52 PM Eric Broch
mailto:ebr...@whitehorsetc.com>> wrote:

What version of qmail are you running?


On 11/9/2020 8:44 AM, Eric Broch wrote:


Change:

/etc/tcprules.d/tcp.smtp

To:

127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1",SMTPDEBUG="1"

:allow,SIMSCAN_DEBUG="5",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",NOP0FCHECK="1"


Change:

/etc/squirrelmail/config_local.php

From:

$smtpServerAddress  = 'localhost';
$smtpPort   = 465;
$smtp_auth_mech = 'login';
$use_smtp_tls = true;

To:

$smtpServerAddress  = 'localhost';
$smtpPort   = 25;

On 11/9/2020 7:51 AM, ChandranManikandan wrote:

Hi Eric & Friends,

I have installed new COS 7 and configure the COS7 qmail
steps after done everything,
i tried to send email from squirrelmail with the same
server the below message comes.
What i missed in any configuration
i just install qmailtoaster setup from qmailtoaster.com
.

Anyone quick response.
Its very urgent to fix this issue.
Appreciate your help.

-- 
*/Regards,

Manikandan.C
/*




-- 
*/Regards,

Manikandan.C
/*




--
*/Regards,
Manikandan.C
/*

Re: [qmailtoaster] Authentication failed in new server

Yes Eric,
Full log here
Nov  9 23:43:01 mail spamdyke[25135]: DENIED_OTHER from: x...@gmail.com to:
x...@example.com origin_ip: 209.85.210.44 origin_rdns:
mail-ot1-f44.google.com auth: (unknown) encryption: TLS reason:
451_mail_server_temporarily_rejected_message_(#4.3.0)

On Tue, Nov 10, 2020 at 12:01 AM Eric Broch  wrote:

> Is spamd and clamd started?
>
> Is that message from /var/log/maillog?
> On 11/9/2020 8:57 AM, ChandranManikandan wrote:
>
> Hi Eric,
>
> Thanks,
> qmail-1.03-3.3.1.qt.el7.x86_64
> qmailmrtg-4.2-3.qt.el7.x86_64
> qmailadmin-1.2.16-3.2.qt.el7.x86_64
>
> It's working now after a change in squirrelmail config file.
>
> But one other issue comes
> Emails are delivered to internal and external domains
> but email is not received from an external server.
>
> I checked in the below error message showing.
>
> encryption: TLS reason: 451 mail server temporarily
> rejected_message_(#4.3.0)
>
> I have installed letsencrypt ssl and done dovecot conf and httpd virtual
> host 80 port
> Please let me know what could cause it or misconfiguration.
>
> webmail also showing only http not https after installing letsencrypt.
> Do I need to install the ssl package?
>
>
>
>
>
>
>
>
> On Mon, Nov 9, 2020 at 11:52 PM Eric Broch 
> wrote:
>
>> What version of qmail are you running?
>>
>>
>> On 11/9/2020 8:44 AM, Eric Broch wrote:
>>
>> Change:
>>
>> /etc/tcprules.d/tcp.smtp
>>
>> To:
>>
>> 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1",SMTPDEBUG="1"
>>
>> :allow,SIMSCAN_DEBUG="5",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",NOP0FCHECK="1"
>>
>>
>> Change:
>>
>> /etc/squirrelmail/config_local.php
>>
>> From:
>>
>> $smtpServerAddress  = 'localhost';
>> $smtpPort   = 465;
>> $smtp_auth_mech = 'login';
>> $use_smtp_tls = true;
>>
>> To:
>>
>> $smtpServerAddress  = 'localhost';
>> $smtpPort   = 25;
>> On 11/9/2020 7:51 AM, ChandranManikandan wrote:
>>
>> Hi Eric & Friends,
>>
>> I have installed new COS 7 and configure the COS7 qmail steps after done
>> everything,
>> i tried to send email from squirrelmail with the same server the below
>> message comes.
>> What i missed in any configuration
>> i just install qmailtoaster setup from qmailtoaster.com.
>>
>> Anyone quick response.
>> Its very urgent to fix this issue.
>> Appreciate your help.
>>
>> --
>>
>>
>> *Regards, Manikandan.C *
>>
>>
>
> --
>
>
> *Regards, Manikandan.C *
>
>

-- 


*Regards,Manikandan.C*

Re: [qmailtoaster] Authentication failed in new server

Is spamd and clamd started?

Is that message from /var/log/maillog?

On 11/9/2020 8:57 AM, ChandranManikandan wrote:

Hi Eric,

Thanks,
qmail-1.03-3.3.1.qt.el7.x86_64
qmailmrtg-4.2-3.qt.el7.x86_64
qmailadmin-1.2.16-3.2.qt.el7.x86_64

It's working now after a change in squirrelmail config file.

But one other issue comes
Emails are delivered to internal and external domains
but email is not received from an external server.

I checked in the below error message showing.

encryption: TLS reason: 451 mail server temporarily
rejected_message_(#4.3.0)

I have installed letsencrypt ssl and done dovecot conf and httpd
virtual host 80 port

Please let me know what could cause it or misconfiguration.

webmail also showing only http not https after installing letsencrypt.
Do I need to install the ssl package?

On Mon, Nov 9, 2020 at 11:52 PM Eric Broch > wrote:

What version of qmail are you running?

On 11/9/2020 8:44 AM, Eric Broch wrote:

Change:

/etc/tcprules.d/tcp.smtp

To:

127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1",SMTPDEBUG="1"

:allow,SIMSCAN_DEBUG="5",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",NOP0FCHECK="1"

Change:

/etc/squirrelmail/config_local.php

From:

$smtpServerAddress = 'localhost';
$smtpPort = 465;
$smtp_auth_mech = 'login';
$use_smtp_tls = true;

To:

$smtpServerAddress = 'localhost';
$smtpPort = 25;

On 11/9/2020 7:51 AM, ChandranManikandan wrote:

Hi Eric & Friends,

I have installed new COS 7 and configure the COS7 qmail steps
after done everything,
i tried to send email from squirrelmail with the same server the
below message comes.
What i missed in any configuration
i just install qmailtoaster setup from qmailtoaster.com
.

Anyone quick response.
Its very urgent to fix this issue.
Appreciate your help.

--
*/Regards,

Manikandan.C
/*

--
*/Regards,
Manikandan.C
/*

Re: [qmailtoaster] Authentication failed in new server

Hi Eric,

Thanks,
qmail-1.03-3.3.1.qt.el7.x86_64
qmailmrtg-4.2-3.qt.el7.x86_64
qmailadmin-1.2.16-3.2.qt.el7.x86_64

It's working now after a change in squirrelmail config file.

But one other issue comes
Emails are delivered to internal and external domains
but email is not received from an external server.

I checked in the below error message showing.

encryption: TLS reason: 451 mail server temporarily
rejected_message_(#4.3.0)

I have installed letsencrypt ssl and done dovecot conf and httpd virtual
host 80 port
Please let me know what could cause it or misconfiguration.

webmail also showing only http not https after installing letsencrypt.
Do I need to install the ssl package?








On Mon, Nov 9, 2020 at 11:52 PM Eric Broch  wrote:

> What version of qmail are you running?
>
>
> On 11/9/2020 8:44 AM, Eric Broch wrote:
>
> Change:
>
> /etc/tcprules.d/tcp.smtp
>
> To:
>
> 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1",SMTPDEBUG="1"
>
> :allow,SIMSCAN_DEBUG="5",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",NOP0FCHECK="1"
>
>
> Change:
>
> /etc/squirrelmail/config_local.php
>
> From:
>
> $smtpServerAddress  = 'localhost';
> $smtpPort   = 465;
> $smtp_auth_mech = 'login';
> $use_smtp_tls = true;
>
> To:
>
> $smtpServerAddress  = 'localhost';
> $smtpPort   = 25;
> On 11/9/2020 7:51 AM, ChandranManikandan wrote:
>
> Hi Eric & Friends,
>
> I have installed new COS 7 and configure the COS7 qmail steps after done
> everything,
> i tried to send email from squirrelmail with the same server the below
> message comes.
> What i missed in any configuration
> i just install qmailtoaster setup from qmailtoaster.com.
>
> Anyone quick response.
> Its very urgent to fix this issue.
> Appreciate your help.
>
> --
>
>
> *Regards, Manikandan.C *
>
>

-- 


*Regards,Manikandan.C*

Re: [qmailtoaster] Authentication failed in new server


What version of qmail are you running?


On 11/9/2020 8:44 AM, Eric Broch wrote:


Change:

/etc/tcprules.d/tcp.smtp

To:

127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1",SMTPDEBUG="1"
:allow,SIMSCAN_DEBUG="5",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",NOP0FCHECK="1"


Change:

/etc/squirrelmail/config_local.php

From:

$smtpServerAddress  = 'localhost';
$smtpPort   = 465;
$smtp_auth_mech = 'login';
$use_smtp_tls = true;

To:

$smtpServerAddress  = 'localhost';
$smtpPort   = 25;

On 11/9/2020 7:51 AM, ChandranManikandan wrote:

Hi Eric & Friends,

I have installed new COS 7 and configure the COS7 qmail steps after 
done everything,
i tried to send email from squirrelmail with the same server the 
below message comes.

What i missed in any configuration
i just install qmailtoaster setup from qmailtoaster.com 
.


Anyone quick response.
Its very urgent to fix this issue.
Appreciate your help.

--
*/Regards,
Manikandan.C
/*

Re: [qmailtoaster] Authentication failed in new server


Change:

/etc/tcprules.d/tcp.smtp

To:

127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1",SMTPDEBUG="1"
:allow,SIMSCAN_DEBUG="5",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",NOP0FCHECK="1"


Change:

/etc/squirrelmail/config_local.php

From:

$smtpServerAddress  = 'localhost';
$smtpPort   = 465;
$smtp_auth_mech = 'login';
$use_smtp_tls = true;

To:

$smtpServerAddress  = 'localhost';
$smtpPort   = 25;

On 11/9/2020 7:51 AM, ChandranManikandan wrote:

Hi Eric & Friends,

I have installed new COS 7 and configure the COS7 qmail steps after 
done everything,
i tried to send email from squirrelmail with the same server the below 
message comes.

What i missed in any configuration
i just install qmailtoaster setup from qmailtoaster.com 
.


Anyone quick response.
Its very urgent to fix this issue.
Appreciate your help.

--
*/Regards,
Manikandan.C
/*

[qmailtoaster] Authentication failed in new server

Hi Eric & Friends,

I have installed new COS 7 and configure the COS7 qmail steps after done
everything,
i tried to send email from squirrelmail with the same server the below
message comes.
What i missed in any configuration
i just install qmailtoaster setup from qmailtoaster.com.

Anyone quick response.
Its very urgent to fix this issue.
Appreciate your help.

-- 


*Regards,Manikandan.C*

Re: [qmailtoaster] Authentication issues with Squirrelmail and RoundCube

2019-07-23 Thread Andrew Swartz

Angus,

That is an intriguing error.

SNI adoption has been very slow for email.  Dovecot supports it for 
POP3/IMAP clients.  Opensmtpd may be the only SMTP server which supports it.

The workaround SMTP behavior has been to look up the MX record of the 
"To:" domain, and then connect to THAT server and verify ITS 
certificate.  So contrary to HTTP where the verified certificate MUST 
match the requested domain name, mail only requires that the certificate 
match the server pointed to by the MX record (regardless of message's 
"To:" domain).

So in general, "SNI" does not come up in discussions of mail server 
certificates.

And thus your error message is quite intriguing.

Can you modify the perl script to output verbose information?

-Andy

On 7/23/2019 5:04 AM, Angus McIntyre wrote:

r...@mattei.org wrote on 7/22/19 11:06 PM:
 > I am not sure why you keep having all this issues. Let me
 > know off line maybe I can take a look.

Thanks, Remo. I think I may be getting closer to a fix.

The issues I was having with PHP/Roundcube installation turned out to be 
because I had the IUS repo enabled, and that was introducing conflicts. 
I've now managed to work past that.

My new problems look like a certificate issue, and I think the problem 
is that my certificate requires SNI.

If I run:

   perl analyze-ssl.pl mail.mydomain.dev:465

I get:

    * SNI supported    : certificate verify fails without SNI
    * certificate verified : FAIL: SSL connect attempt failed
    error:14007086:SSL routines:CONNECT_CR_CERT:certificate verify failed

whereas if I do:

   perl analyze-ssl.pl mail.mydomain.dev:443

I get:

   * SNI supported    : ok
   * certificate verified : ok

I'm using the same certificate for securing the webserver (port 443) and 
SMTPS (port 465). The webserver works fine, probably because Apache is 
passing the requested hostname to Server Name Indication; SMTPS fails 
with a certificate error, probably because there's no hostname passed to 
SNI, and the server's intrinsic hostname (s6.mydomain.com) doesn't match 
the name on the certificate.

Things I'm going to try:

   1. Adding 'mail.mydomain.dev' to /etc/hosts
   2. Using a self-signed certificate signed to 's6.mydomain.com'.
   3. Buying another certificate specifically for 's6.mydomain.com'

Sound reasonable?

Angus

Il giorno 22 lug 2019, alle ore 19:41, Eric's mail 
 ha scritto:

Angus,

Did you think about simply using port 25, no authentication or 
encryption, which is how squirrelmail on QMT used to be configured, 
relying on HTTPS alone for password and email security across the 
cloud as the email (after the cloud) is submitted directly to the 
server (tcpserver) by the server (apache) itself (127.0.0.1) 
rendering encryption useless or redundant. I think this is the route 
I will go because with every upgrade of roundcube, the webmail I 
prefer, there seems to be issues with past configurations.

Eric

Get Outlook for Android 
* SNI supported    : certificate verify fails without SNI
  * certificate verified : FAIL: SSL connect attempt failed 
error:14007086:SSL routines:CONNECT_CR_CERT:certificate verify failed

On Mon, Jul 22, 2019 at 5:46 PM -0600, "Angus McIntyre" 
mailto:an...@pobox.com>> wrote:

    r...@mattei.org wrote on 7/22/19 10:22 AM:
  > You need to install the cert on your machine. Does the 
/etc/hosts

  > have the name of your machine can you try to ping that name to
  > see if it resolves?

    The certificate is installed.

    The hostname in '/etc/hosts' resolves, and responds to pings.

    I replaced the self-signed PEM that shipped with qmailtoaster 
with one
    that I made myself by concatenating the ‘.key’ and ‘.crt’ files 
from my
    server certificate. Inspecting the resulting .pem with ‘openssl 
x509 -in
    servercert.pem -text’ confirms that the resulting .pem is for the 
domain

    that I expect. File permissions and ownership are correct.

    '/etc/hosts' for my newly-built server contains the following line:

    127.0.1.1 s6.mydomain.com s6

    (obviously, 'mydomain' is not the actual name here). The .pem file
    contains the lines:

    Subject: OU=Domain Control Validated, OU=PositiveSSL,
    CN=mail.mydomain.dev

    and

    X509v3 Subject Alternative Name:
  DNS:mail.mydomain.dev, DNS:www.mail.mydomain.dev

    's6.mydomain.com' and 'mail.mydomain.dev' all resolve to the same 
IP.

    My existing qmailtoaster server (running an older version of the
    software) has '/etc/hosts' containing:

    127.0.1.1 s2.mydomain.com s2

    and the .pem file contains:

    Subject: OU=Domain Control Validated, OU=PositiveSSL 
Multi-Domain,

    CN=mydomain.com

    and

    X509v3 Subject Alternative Name:
  DNS:mydomain.com, DNS:mail.mydomain.com, DNS:www.mydomain.com

    's6.mydomain.com' resolves to the same IP as 'mail.mydomain.dev';
    's2.mydomain.com' resolves to the same IP as

Re: [qmailtoaster] Authentication issues with Squirrelmail and RoundCube

2019-07-23 Thread remo

You do not have to buy a new cert use let’s encrypt or self sign it works just 
fine. 

> Il giorno 23 lug 2019, alle ore 06:04, Angus McIntyre  ha 
> scritto:
> 
> r...@mattei.org wrote on 7/22/19 11:06 PM:
> > I am not sure why you keep having all this issues. Let me
> > know off line maybe I can take a look.
> 
> Thanks, Remo. I think I may be getting closer to a fix.
> 
> The issues I was having with PHP/Roundcube installation turned out to be 
> because I had the IUS repo enabled, and that was introducing conflicts. I've 
> now managed to work past that.
> 
> My new problems look like a certificate issue, and I think the problem is 
> that my certificate requires SNI.
> 
> If I run:
> 
>  perl analyze-ssl.pl mail.mydomain.dev:465
> 
> I get:
> 
>   * SNI supported: certificate verify fails without SNI
>   * certificate verified : FAIL: SSL connect attempt failed
>   error:14007086:SSL routines:CONNECT_CR_CERT:certificate verify failed
> 
> whereas if I do:
> 
>  perl analyze-ssl.pl mail.mydomain.dev:443
> 
> I get:
> 
>  * SNI supported: ok
>  * certificate verified : ok
> 
> I'm using the same certificate for securing the webserver (port 443) and 
> SMTPS (port 465). The webserver works fine, probably because Apache is 
> passing the requested hostname to Server Name Indication; SMTPS fails with a 
> certificate error, probably because there's no hostname passed to SNI, and 
> the server's intrinsic hostname (s6.mydomain.com) doesn't match the name on 
> the certificate.
> 
> Things I'm going to try:
> 
>  1. Adding 'mail.mydomain.dev' to /etc/hosts
>  2. Using a self-signed certificate signed to 's6.mydomain.com'.
>  3. Buying another certificate specifically for 's6.mydomain.com'
> 
> Sound reasonable?
> 
> Angus
> 
> 
> 
 Il giorno 22 lug 2019, alle ore 19:41, Eric's mail 
  ha scritto:
>>> 
>>> 
>>> Angus,
>>> 
>>> Did you think about simply using port 25, no authentication or encryption, 
>>> which is how squirrelmail on QMT used to be configured, relying on HTTPS 
>>> alone for password and email security across the cloud as the email (after 
>>> the cloud) is submitted directly to the server (tcpserver) by the server 
>>> (apache) itself (127.0.0.1) rendering encryption useless or redundant. I 
>>> think this is the route I will go because with every upgrade of roundcube, 
>>> the webmail I prefer, there seems to be issues with past configurations.
>>> 
>>> Eric
>>> 
>>> Get Outlook for Android 
>>> * SNI supported: certificate verify fails without SNI
> * certificate verified : FAIL: SSL connect attempt failed error:14007086:SSL 
> routines:CONNECT_CR_CERT:certificate verify failed
>>> 
>>> 
>>> 
 On Mon, Jul 22, 2019 at 5:46 PM -0600, "Angus McIntyre" >>> > wrote:
>>> 
>>>r...@mattei.org wrote on 7/22/19 10:22 AM:
>>>  > You need to install the cert on your machine. Does the /etc/hosts
>>>  > have the name of your machine can you try to ping that name to
>>>  > see if it resolves?
>>> 
>>>The certificate is installed.
>>> 
>>>The hostname in '/etc/hosts' resolves, and responds to pings.
>>> 
>>> 
>>>I replaced the self-signed PEM that shipped with qmailtoaster with one
>>>that I made myself by concatenating the ‘.key’ and ‘.crt’ files from my
>>>server certificate. Inspecting the resulting .pem with ‘openssl x509 -in
>>>servercert.pem -text’ confirms that the resulting .pem is for the domain
>>>that I expect. File permissions and ownership are correct.
>>> 
>>>'/etc/hosts' for my newly-built server contains the following line:
>>> 
>>>127.0.1.1 s6.mydomain.com s6
>>> 
>>>(obviously, 'mydomain' is not the actual name here). The .pem file
>>>contains the lines:
>>> 
>>>Subject: OU=Domain Control Validated, OU=PositiveSSL,
>>>CN=mail.mydomain.dev
>>> 
>>>and
>>> 
>>>X509v3 Subject Alternative Name:
>>>  DNS:mail.mydomain.dev, DNS:www.mail.mydomain.dev
>>> 
>>>'s6.mydomain.com' and 'mail.mydomain.dev' all resolve to the same IP.
>>> 
>>>My existing qmailtoaster server (running an older version of the
>>>software) has '/etc/hosts' containing:
>>> 
>>>127.0.1.1 s2.mydomain.com s2
>>> 
>>>and the .pem file contains:
>>> 
>>>Subject: OU=Domain Control Validated, OU=PositiveSSL Multi-Domain,
>>>CN=mydomain.com
>>> 
>>>and
>>> 
>>>X509v3 Subject Alternative Name:
>>>  DNS:mydomain.com, DNS:mail.mydomain.com, DNS:www.mydomain.com
>>> 
>>>'s6.mydomain.com' resolves to the same IP as 'mail.mydomain.dev';
>>>'s2.mydomain.com' resolves to the same IP as 'mail.mydomain.com'.
>>> 
>>>As far as I can see, the two situations are equivalent, with the slight
>>>difference that the official server name of the new box
>>>('s6.mydomain.com') is not a subdomain of the domain in the PEM file
>>>('mail.mydomain.dev'), whereas on the old box the name of the host

Re: [qmailtoaster] Authentication issues with Squirrelmail and RoundCube

Do you have a script in /home/vpopmail/domain/yourdomain.com/user, 
perhaps a .qmail file with .mailfilter script?

On 7/23/2019 7:48 AM, Tahnan Al Anas wrote:

Hi Eric,

Thank you for your reply. The issue is happening in webmail. I am 
using roundcube, squirrel mail, rain loop and after logic webmail. 
Some user use Microsoft outlook. But mail that received by server 
going to squirrel, roundcube spam folder, for which client unable to 
get it in their outlook inbox. I have increased simscan hit from 12 to 
80 to test, also whilst domain. You have any idea why it might happen?

On Tue, 23 Jul 2019, 6:50 pm Eric Broch, > wrote:

Hi Muhammad,

I don't think QMT 'naturally' any mail to spam folder. Is this
perhaps a client setting? What email client are they using?

Eric

On 7/23/2019 1:53 AM, Tahnan Al Anas wrote:

Hi,

Some of my user are getting mail at their spam box from some
domain. Can you suggest what can be done to prevent mail getting
delivered at spam box? They prefer to get it in inbox.

--
--

Best Regards
Muhammad Tahnan Al Anas

On Tue, Jul 23, 2019 at 8:41 AM Eric's mail
mailto:ebr...@whitehorsetc.com>> wrote:

Angus,

Did you think about simply using port 25, no authentication
or encryption, which is how squirrelmail on QMT used to be
configured, relying on HTTPS alone for password and email
security across the cloud as the email (after the cloud) is
submitted directly to the server (tcpserver) by the server
(apache) itself (127.0.0.1) rendering encryption useless or
redundant. I think this is the route I will go because with
every upgrade of roundcube, the webmail I prefer, there seems
to be issues with past configurations.

Eric

Get Outlook for Android 

On Mon, Jul 22, 2019 at 5:46 PM -0600, "Angus McIntyre"
mailto:an...@pobox.com>> wrote:

r...@mattei.org    wrote on 7/22/19 10:22 
AM:
  > You need to install the cert on your machine. Does the 
/etc/hosts
  > have the name of your machine can you try to ping that name to
  > see if it resolves?

The certificate is installed.

The hostname in '/etc/hosts' resolves, and responds to pings.

I replaced the self-signed PEM that shipped with qmailtoaster with 
one
that I made myself by concatenating the ‘.key’ and ‘.crt’ files 
from my
server certificate. Inspecting the resulting .pem with ‘openssl 
x509 -in
servercert.pem -text’ confirms that the resulting .pem is for the 
domain
that I expect. File permissions and ownership are correct.

'/etc/hosts' for my newly-built server contains the following line:

127.0.1.1s6.mydomain.com    s6

(obviously, 'mydomain' is not the actual name here). The .pem file
contains the lines:

Subject: OU=Domain Control Validated, OU=PositiveSSL,
CN=mail.mydomain.dev  

and

X509v3 Subject Alternative Name:
  DNS:mail.mydomain.dev  , 
DNS:www.mail.mydomain.dev  

's6.mydomain.com  ' and'mail.mydomain.dev  
' all resolve to the same IP.

My existing qmailtoaster server (running an older version of the
software) has '/etc/hosts' containing:

127.0.1.1s2.mydomain.com    s2

and the .pem file contains:

Subject: OU=Domain Control Validated, OU=PositiveSSL 
Multi-Domain,
CN=mydomain.com  

and

X509v3 Subject Alternative Name:
  DNS:mydomain.com  , DNS:mail.mydomain.com  
, DNS:www.mydomain.com  

's6.mydomain.com  ' resolves to the same IP 
as'mail.mydomain.dev  ';
's2.mydomain.com  ' resolves to the same IP 
as'mail.mydomain.com  '.

As far as I can see, the two situations are equivalent, with the 
slight
difference that the official server name of the new box
('s6.mydomain.com  ') is not a subdomain of 
the domain in the PEM file
('mail.mydomain.dev  '), whereas on the 
old box the name of the host
('s2.mydomain.com  ') is a subdomain of one 
of the domain names in the PEM
file ('mydomain.com  '). I don't know if this

Re: [qmailtoaster] Rainloop and folders (was: Re: [qmailtoaster] Authentication issues with Squirrelmail and RoundCube)


The Fix:

https://github.com/RainLoop/rainloop-webmail/issues/978

Edit file,

/usr/share/rainloop/data/_data_/_default_/configs/application.ini

change setting,

imap_folder_list_limit = 200 // 0 is off


Eric



On 7/23/2019 7:38 AM, Eric Broch wrote:


*You have too many folders!*
We have shown only a part of them, to avoid performance problems.

Re: [qmailtoaster] Authentication issues with Squirrelmail and RoundCube

2019-07-23 Thread Tahnan Al Anas

Hi Eric,

Thank you for your reply. The issue is happening in webmail. I am using
roundcube, squirrel mail, rain loop and after logic webmail. Some user use
Microsoft outlook. But mail that received by server going to squirrel,
roundcube spam folder, for which client unable to get it in their outlook
inbox. I have increased simscan hit from 12 to 80 to test, also whilst
domain. You have any idea why it might happen?

On Tue, 23 Jul 2019, 6:50 pm Eric Broch,  wrote:

> Hi Muhammad,
>
> I don't think QMT 'naturally' any mail to spam folder. Is this perhaps a
> client setting? What email client are they using?
>
> Eric
> On 7/23/2019 1:53 AM, Tahnan Al Anas wrote:
>
> Hi,
>
> Some of my user are getting mail at their spam box from some domain. Can
> you suggest what can be done to prevent mail getting delivered at spam box?
> They prefer to get it in inbox.
>
>
> --
> --
>
> Best Regards
> Muhammad Tahnan Al Anas
>
>
> On Tue, Jul 23, 2019 at 8:41 AM Eric's mail 
> wrote:
>
>> Angus,
>>
>> Did you think about simply using port 25, no authentication or
>> encryption, which is how squirrelmail on QMT used to be configured, relying
>> on HTTPS alone for password and email security across the cloud as the
>> email (after the cloud) is submitted directly to the server (tcpserver) by
>> the server (apache) itself (127.0.0.1) rendering encryption useless or
>> redundant. I think this is the route I will go because with every upgrade
>> of roundcube, the webmail I prefer, there seems to be issues with past
>> configurations.
>>
>> Eric
>>
>> Get Outlook for Android 
>>
>>
>>
>>
>> On Mon, Jul 22, 2019 at 5:46 PM -0600, "Angus McIntyre" 
>> wrote:
>>
>> r...@mattei.org wrote on 7/22/19 10:22 AM:
>>>  > You need to install the cert on your machine. Does the /etc/hosts
>>>  > have the name of your machine can you try to ping that name to
>>>  > see if it resolves?
>>>
>>> The certificate is installed.
>>>
>>> The hostname in '/etc/hosts' resolves, and responds to pings.
>>>
>>>
>>> I replaced the self-signed PEM that shipped with qmailtoaster with one
>>> that I made myself by concatenating the ‘.key’ and ‘.crt’ files from my
>>> server certificate. Inspecting the resulting .pem with ‘openssl x509 -in
>>> servercert.pem -text’ confirms that the resulting .pem is for the domain
>>> that I expect. File permissions and ownership are correct.
>>>
>>> '/etc/hosts' for my newly-built server contains the following line:
>>>
>>>127.0.1.1 s6.mydomain.com s6
>>>
>>> (obviously, 'mydomain' is not the actual name here). The .pem file
>>> contains the lines:
>>>
>>>Subject: OU=Domain Control Validated, OU=PositiveSSL,
>>> CN=mail.mydomain.dev
>>>
>>> and
>>>
>>>X509v3 Subject Alternative Name:
>>>  DNS:mail.mydomain.dev, DNS:www.mail.mydomain.dev
>>>
>>> 's6.mydomain.com' and 'mail.mydomain.dev' all resolve to the same IP.
>>>
>>> My existing qmailtoaster server (running an older version of the
>>> software) has '/etc/hosts' containing:
>>>
>>>127.0.1.1 s2.mydomain.com s2
>>>
>>> and the .pem file contains:
>>>
>>>Subject: OU=Domain Control Validated, OU=PositiveSSL Multi-Domain,
>>> CN=mydomain.com
>>>
>>> and
>>>
>>>X509v3 Subject Alternative Name:
>>>  DNS:mydomain.com, DNS:mail.mydomain.com, DNS:www.mydomain.com
>>>
>>> 's6.mydomain.com' resolves to the same IP as 'mail.mydomain.dev';
>>> 's2.mydomain.com' resolves to the same IP as 'mail.mydomain.com'.
>>>
>>> As far as I can see, the two situations are equivalent, with the slight
>>> difference that the official server name of the new box
>>> ('s6.mydomain.com') is not a subdomain of the domain in the PEM file
>>> ('mail.mydomain.dev'), whereas on the old box the name of the host
>>> ('s2.mydomain.com') is a subdomain of one of the domain names in the PEM
>>> file ('mydomain.com'). I don't know if this is a possible cause of my
>>> problems.
>>>
>>> One other difference is that I don’t have a PTR record for
>>> 's6.mydomain.com'. An RDNS lookup on the IP of 's2.mydomain.com' will
>>> yield 's2.mydomain.com', but an RDNS lookup on the IP of
>>> 's6.mydomain.com' yields the FQDN of the Linode VM it runs on. Could
>>> that be an issue?
>>>
>>> I'll keep digging on this, but if anyone has any suggestions of tests or
>>> tools I might use, I'd welcome your recommendations.
>>>
>>> Thanks,
>>>
>>> Angus
>>>
>>>
>>>
>>> >
>>> >> Il giorno 21 lug 2019, alle ore 20:03, Angus McIntyre  ha scritto:
>>> >>
>>> >> Thanks to a great deal of help from Remi and Eric, I have now managed 
>>> >> to get my Ansible role to the point where it can successfully build out 
>>> >> a QMailToaster server running PHP 7.1 and RoundCube 1.4rc1.
>>> >>
>>> >> However, because nothing is ever that easy, RoundCube and SquirrelMail 
>>> >> have now stopped sending mail (RainLoop works fine).
>>> >>
>>> >> 1) SquirrelMail
>>> >>
>>> >> SquirrelMail was installed from the qmailtoaster RPMs, using:
>>> >>
>>> >> yum --enablerepo=qmt-testing update
>>>

Re: [qmailtoaster] Rainloop and folders (was: Re: [qmailtoaster] Authentication issues with Squirrelmail and RoundCube)


*You have too many folders!*
We have shown only a part of them, to avoid performance problems.

On 7/23/2019 7:32 AM, Angus McIntyre wrote:
Eric Broch wrote on 7/23/19 8:58 AM:> Also, as a side note Rainloop 
refuses to display one of my folders which

roundcube and squirrelmail do display. Has anyone else seen this?


I found that with Rainloop, you need to specifically switch on the 
folders that you want to see in the sidebar. Pre-existing folders 
aren't displayed simply because they happen to be there.


Go to 'Settings', choose 'Folders' and click the eye icon next to the 
folder(s) you want to show.


I think that Rainloop won't let you enable folders that contain other 
folders, so if you have for example:


   Folder1
 Folder2

you will be able to enable Folder2, and Folder1 will show up in the 
sidebar as its parent -- but it won't be a full-fledged mailbox in its 
own right. If there's any mail in Folder1, you probably won't be able 
to see it.


You may be encountering a different issue, in which case, ¯\_(ツ)_/¯, 
this is all I have. But if you haven't tried 'switching on' the 
folders in Rainloop's settings already, try that first.


Angus


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Rainloop and folders (was: Re: [qmailtoaster] Authentication issues with Squirrelmail and RoundCube)

2019-07-23 Thread Angus McIntyre

Eric Broch wrote on 7/23/19 8:58 AM:> Also, as a side note Rainloop 
refuses to display one of my folders which

roundcube and squirrelmail do display. Has anyone else seen this?


I found that with Rainloop, you need to specifically switch on the 
folders that you want to see in the sidebar. Pre-existing folders aren't 
displayed simply because they happen to be there.


Go to 'Settings', choose 'Folders' and click the eye icon next to the 
folder(s) you want to show.


I think that Rainloop won't let you enable folders that contain other 
folders, so if you have for example:


   Folder1
 Folder2

you will be able to enable Folder2, and Folder1 will show up in the 
sidebar as its parent -- but it won't be a full-fledged mailbox in its 
own right. If there's any mail in Folder1, you probably won't be able to 
see it.


You may be encountering a different issue, in which case, ¯\_(ツ)_/¯, 
this is all I have. But if you haven't tried 'switching on' the folders 
in Rainloop's settings already, try that first.


Angus


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Authentication issues with Squirrelmail and RoundCube

2019-07-23 Thread Angus McIntyre

r...@mattei.org wrote on 7/22/19 11:06 PM:
> I am not sure why you keep having all this issues. Let me
> know off line maybe I can take a look.

Thanks, Remo. I think I may be getting closer to a fix.

The issues I was having with PHP/Roundcube installation turned out to be 
because I had the IUS repo enabled, and that was introducing conflicts. 
I've now managed to work past that.

My new problems look like a certificate issue, and I think the problem 
is that my certificate requires SNI.

If I run:

  perl analyze-ssl.pl mail.mydomain.dev:465

I get:

   * SNI supported: certificate verify fails without SNI
   * certificate verified : FAIL: SSL connect attempt failed
   error:14007086:SSL routines:CONNECT_CR_CERT:certificate verify failed

whereas if I do:

  perl analyze-ssl.pl mail.mydomain.dev:443

I get:

  * SNI supported: ok
  * certificate verified : ok

I'm using the same certificate for securing the webserver (port 443) and 
SMTPS (port 465). The webserver works fine, probably because Apache is 
passing the requested hostname to Server Name Indication; SMTPS fails 
with a certificate error, probably because there's no hostname passed to 
SNI, and the server's intrinsic hostname (s6.mydomain.com) doesn't match 
the name on the certificate.

Things I'm going to try:

  1. Adding 'mail.mydomain.dev' to /etc/hosts
  2. Using a self-signed certificate signed to 's6.mydomain.com'.
  3. Buying another certificate specifically for 's6.mydomain.com'

Sound reasonable?

Angus

Il giorno 22 lug 2019, alle ore 19:41, Eric's mail 
 ha scritto:

Angus,

Did you think about simply using port 25, no authentication or 
encryption, which is how squirrelmail on QMT used to be configured, 
relying on HTTPS alone for password and email security across the 
cloud as the email (after the cloud) is submitted directly to the 
server (tcpserver) by the server (apache) itself (127.0.0.1) rendering 
encryption useless or redundant. I think this is the route I will go 
because with every upgrade of roundcube, the webmail I prefer, there 
seems to be issues with past configurations.

Eric

Get Outlook for Android 
* SNI supported: certificate verify fails without SNI
 * certificate verified : FAIL: SSL connect attempt failed 
error:14007086:SSL routines:CONNECT_CR_CERT:certificate verify failed

On Mon, Jul 22, 2019 at 5:46 PM -0600, "Angus McIntyre" 
mailto:an...@pobox.com>> wrote:

r...@mattei.org wrote on 7/22/19 10:22 AM:
  > You need to install the cert on your machine. Does the /etc/hosts
  > have the name of your machine can you try to ping that name to
  > see if it resolves?

The certificate is installed.

The hostname in '/etc/hosts' resolves, and responds to pings.

I replaced the self-signed PEM that shipped with qmailtoaster with one
that I made myself by concatenating the ‘.key’ and ‘.crt’ files from my
server certificate. Inspecting the resulting .pem with ‘openssl x509 -in
servercert.pem -text’ confirms that the resulting .pem is for the domain
that I expect. File permissions and ownership are correct.

'/etc/hosts' for my newly-built server contains the following line:

127.0.1.1 s6.mydomain.com s6

(obviously, 'mydomain' is not the actual name here). The .pem file
contains the lines:

Subject: OU=Domain Control Validated, OU=PositiveSSL,
CN=mail.mydomain.dev

and

X509v3 Subject Alternative Name:
  DNS:mail.mydomain.dev, DNS:www.mail.mydomain.dev

's6.mydomain.com' and 'mail.mydomain.dev' all resolve to the same IP.

My existing qmailtoaster server (running an older version of the
software) has '/etc/hosts' containing:

127.0.1.1 s2.mydomain.com s2

and the .pem file contains:

Subject: OU=Domain Control Validated, OU=PositiveSSL Multi-Domain,
CN=mydomain.com

and

X509v3 Subject Alternative Name:
  DNS:mydomain.com, DNS:mail.mydomain.com, DNS:www.mydomain.com

's6.mydomain.com' resolves to the same IP as 'mail.mydomain.dev';
's2.mydomain.com' resolves to the same IP as 'mail.mydomain.com'.

As far as I can see, the two situations are equivalent, with the slight
difference that the official server name of the new box
('s6.mydomain.com') is not a subdomain of the domain in the PEM file
('mail.mydomain.dev'), whereas on the old box the name of the host
('s2.mydomain.com') is a subdomain of one of the domain names in the PEM
file ('mydomain.com'). I don't know if this is a possible cause of my
problems.

One other difference is that I don’t have a PTR record for
's6.mydomain.com'. An RDNS lookup on the IP of 's2.mydomain.com' will
yield 's2.mydomain.com', but an RDNS lookup on the IP of
's6.mydomain.com' yields the FQDN of the Linode VM it runs on. Could
that be an issue?

I'll keep digging on this, but if anyone has any suggestions of

Re: [qmailtoaster] Authentication issues with Squirrelmail and RoundCube


Hi Angus,

If you're using webmail on any of those other clients HTTPS is a secure 
channel. YOU MUST MAKE SURE THAT YOUR APACHE SETTINGS FORCE HTTPS for 
each of our three webmail options, though. I cannot stress this enough.


Also, as a side note Rainloop refuses to display one of my folders which 
roundcube and squirrelmail do display. Has anyone else seen this?


Eric

On 7/23/2019 6:02 AM, Angus McIntyre wrote:

Hi Eric

Thanks for the suggestion. I think I'll certainly go that route for 
the webmail clients -- Roundcube, Rainloop and Squirrelmail -- for the 
reasons you suggest.


However, I also need to make this setup work with desktop and mobile 
clients like Apple Mail and Postbox, and they will need a secure 
channel to the server.


Thanks again,

Angus


On 2019-07-22 22:40, Eric's mail wrote:

Angus,

Did you think about simply using port 25, no authentication or
encryption, which is how squirrelmail on QMT used to be configured,
relying on HTTPS alone for password and email security across the
cloud as the email (after the cloud) is submitted directly to the
server (tcpserver) by the server (apache) itself (127.0.0.1) rendering
encryption useless or redundant. I think this is the route I will go
because with every upgrade of roundcube, the webmail I prefer, there
seems to be issues with past configurations.

Eric

Get Outlook for Android [1]

On Mon, Jul 22, 2019 at 5:46 PM -0600, "Angus McIntyre"
 wrote:


r...@mattei.org wrote on 7/22/19 10:22 AM:

You need to install the cert on your machine. Does the /etc/hosts
have the name of your machine can you try to ping that name to
see if it resolves?


The certificate is installed.

The hostname in '/etc/hosts' resolves, and responds to pings.

I replaced the self-signed PEM that shipped with qmailtoaster with
one
that I made myself by concatenating the ‘.key’ and ‘.crt’
files from my
server certificate. Inspecting the resulting .pem with ‘openssl
x509 -in
servercert.pem -text’ confirms that the resulting .pem is for the
domain
that I expect. File permissions and ownership are correct.

'/etc/hosts' for my newly-built server contains the following line:

127.0.1.1 s6.mydomain.com s6

(obviously, 'mydomain' is not the actual name here). The .pem file
contains the lines:

Subject: OU=Domain Control Validated, OU=PositiveSSL,
CN=mail.mydomain.dev

and

X509v3 Subject Alternative Name:
DNS:mail.mydomain.dev, DNS:www.mail.mydomain.dev

's6.mydomain.com' and 'mail.mydomain.dev' all resolve to the same
IP.

My existing qmailtoaster server (running an older version of the
software) has '/etc/hosts' containing:

127.0.1.1 s2.mydomain.com s2

and the .pem file contains:

Subject: OU=Domain Control Validated, OU=PositiveSSL Multi-Domain,
CN=mydomain.com

and

X509v3 Subject Alternative Name:
DNS:mydomain.com, DNS:mail.mydomain.com, DNS:www.mydomain.com

's6.mydomain.com' resolves to the same IP as 'mail.mydomain.dev';
's2.mydomain.com' resolves to the same IP as 'mail.mydomain.com'.

As far as I can see, the two situations are equivalent, with the
slight
difference that the official server name of the new box
('s6.mydomain.com') is not a subdomain of the domain in the PEM file

('mail.mydomain.dev'), whereas on the old box the name of the host
('s2.mydomain.com') is a subdomain of one of the domain names in the
PEM
file ('mydomain.com'). I don't know if this is a possible cause of
my
problems.

One other difference is that I don’t have a PTR record for
's6.mydomain.com'. An RDNS lookup on the IP of 's2.mydomain.com'
will
yield 's2.mydomain.com', but an RDNS lookup on the IP of
's6.mydomain.com' yields the FQDN of the Linode VM it runs on. Could

that be an issue?

I'll keep digging on this, but if anyone has any suggestions of
tests or
tools I might use, I'd welcome your recommendations.

Thanks,

Angus




Il giorno 21 lug 2019, alle ore 20:03, Angus McIntyre ha scritto:

Thanks to a great deal of help from Remi and Eric, I have now

managed to get my Ansible role to the point where it can
successfully build out a QMailToaster server running PHP 7.1 and
RoundCube 1.4rc1.


However, because nothing is ever that easy, RoundCube and

SquirrelMail have now stopped sending mail (RainLoop works fine).


1) SquirrelMail

SquirrelMail was installed from the qmailtoaster RPMs, using:

yum --enablerepo=qmt-testing update
yum --enablerepo=qmt-devel update

as on the homepage of qmailtoaster.com. After installation, I

patched the Squirrelmail config and the smtps supervise as directed
at:


http://www.qmailtoaster.com/sqmailconfig.html

Attempting to send from SquirrelMail produces the message:

0 Can't open SMTP stream

The /var/log/qmail/smtps/current log shows:

2019-07-22 02:45:15.173127500 tcpserver: status: 1/100
2019-07-22 02:45:15.179903500 tcpserver: pid 2843 from 127.0.0.1
2019-07-22 02:45:15.179905500 tcpserver: ok 2843 s6:127.0.0.1:465
:127.0.0.1::58822
2019-07-22 02:45:15.197381500 tcpserver: end 2843 status 256
2019-07-22 02:45:15.197383500

Re: [qmailtoaster] Authentication issues with Squirrelmail and RoundCube

Hi Muhammad,

I don't think QMT 'naturally' any mail to spam folder. Is this perhaps a 
client setting? What email client are they using?

Eric

On 7/23/2019 1:53 AM, Tahnan Al Anas wrote:

Hi,

Some of my user are getting mail at their spam box from some domain. 
Can you suggest what can be done to prevent mail getting delivered at 
spam box? They prefer to get it in inbox.

--
--

Best Regards
Muhammad Tahnan Al Anas

On Tue, Jul 23, 2019 at 8:41 AM Eric's mail > wrote:

Angus,

Did you think about simply using port 25, no authentication or
encryption, which is how squirrelmail on QMT used to be
configured, relying on HTTPS alone for password and email security
across the cloud as the email (after the cloud) is submitted
directly to the server (tcpserver) by the server (apache) itself
(127.0.0.1) rendering encryption useless or redundant. I think
this is the route I will go because with every upgrade of
roundcube, the webmail I prefer, there seems to be issues with
past configurations.

Eric

Get Outlook for Android 

On Mon, Jul 22, 2019 at 5:46 PM -0600, "Angus McIntyre"
mailto:an...@pobox.com>> wrote:

r...@mattei.org wrote on 7/22/19 10:22 AM:
  > You need to install the cert on your machine. Does the /etc/hosts
  > have the name of your machine can you try to ping that name to
  > see if it resolves?

The certificate is installed.

The hostname in '/etc/hosts' resolves, and responds to pings.

I replaced the self-signed PEM that shipped with qmailtoaster with one
that I made myself by concatenating the ‘.key’ and ‘.crt’ files from my
server certificate. Inspecting the resulting .pem with ‘openssl x509 -in
servercert.pem -text’ confirms that the resulting .pem is for the domain
that I expect. File permissions and ownership are correct.

'/etc/hosts' for my newly-built server contains the following line:

127.0.1.1s6.mydomain.com    s6

(obviously, 'mydomain' is not the actual name here). The .pem file
contains the lines:

Subject: OU=Domain Control Validated, OU=PositiveSSL,
CN=mail.mydomain.dev  

and

X509v3 Subject Alternative Name:
  DNS:mail.mydomain.dev  , 
DNS:www.mail.mydomain.dev  

's6.mydomain.com  ' and'mail.mydomain.dev  
' all resolve to the same IP.

My existing qmailtoaster server (running an older version of the
software) has '/etc/hosts' containing:

127.0.1.1s2.mydomain.com    s2

and the .pem file contains:

Subject: OU=Domain Control Validated, OU=PositiveSSL Multi-Domain,
CN=mydomain.com  

and

X509v3 Subject Alternative Name:
  DNS:mydomain.com  , DNS:mail.mydomain.com  
, DNS:www.mydomain.com  

's6.mydomain.com  ' resolves to the same IP 
as'mail.mydomain.dev  ';
's2.mydomain.com  ' resolves to the same IP 
as'mail.mydomain.com  '.

As far as I can see, the two situations are equivalent, with the slight
difference that the official server name of the new box
('s6.mydomain.com  ') is not a subdomain of the 
domain in the PEM file
('mail.mydomain.dev  '), whereas on the old 
box the name of the host
('s2.mydomain.com  ') is a subdomain of one of 
the domain names in the PEM
file ('mydomain.com  '). I don't know if this is a 
possible cause of my
problems.

One other difference is that I don’t have a PTR record for
's6.mydomain.com  '. An RDNS lookup on the IP 
of's2.mydomain.com  ' will
yield 's2.mydomain.com  ', but an RDNS lookup 
on the IP of
's6.mydomain.com  ' yields the FQDN of the 
Linode VM it runs on. Could
that be an issue?

I'll keep digging on this, but if anyone has any suggestions of tests or
tools I might use, I'd welcome your recommendations.

Thanks,

Angus

> 
>> Il giorno 21 lug 2019, alle ore 20:03, Angus McIntyre  ha scritto:

>>
>> Thanks to a great deal of help from Remi and Eric, I have now 
managed to get my Ansible role to the point where it can successfully build out a 
QMailToaster server running PHP 7.1 and RoundCube 1.4rc1.

Re: [qmailtoaster] Authentication issues with Squirrelmail and RoundCube

2019-07-23 Thread Angus McIntyre


Hi Eric

Thanks for the suggestion. I think I'll certainly go that route for the 
webmail clients -- Roundcube, Rainloop and Squirrelmail -- for the 
reasons you suggest.


However, I also need to make this setup work with desktop and mobile 
clients like Apple Mail and Postbox, and they will need a secure channel 
to the server.


Thanks again,

Angus


On 2019-07-22 22:40, Eric's mail wrote:

Angus,

Did you think about simply using port 25, no authentication or
encryption, which is how squirrelmail on QMT used to be configured,
relying on HTTPS alone for password and email security across the
cloud as the email (after the cloud) is submitted directly to the
server (tcpserver) by the server (apache) itself (127.0.0.1) rendering
encryption useless or redundant. I think this is the route I will go
because with every upgrade of roundcube, the webmail I prefer, there
seems to be issues with past configurations.

Eric

Get Outlook for Android [1]

On Mon, Jul 22, 2019 at 5:46 PM -0600, "Angus McIntyre"
 wrote:


r...@mattei.org wrote on 7/22/19 10:22 AM:

You need to install the cert on your machine. Does the /etc/hosts
have the name of your machine can you try to ping that name to
see if it resolves?


The certificate is installed.

The hostname in '/etc/hosts' resolves, and responds to pings.

I replaced the self-signed PEM that shipped with qmailtoaster with
one
that I made myself by concatenating the ‘.key’ and ‘.crt’
files from my
server certificate. Inspecting the resulting .pem with ‘openssl
x509 -in
servercert.pem -text’ confirms that the resulting .pem is for the
domain
that I expect. File permissions and ownership are correct.

'/etc/hosts' for my newly-built server contains the following line:

127.0.1.1 s6.mydomain.com s6

(obviously, 'mydomain' is not the actual name here). The .pem file
contains the lines:

Subject: OU=Domain Control Validated, OU=PositiveSSL,
CN=mail.mydomain.dev

and

X509v3 Subject Alternative Name:
DNS:mail.mydomain.dev, DNS:www.mail.mydomain.dev

's6.mydomain.com' and 'mail.mydomain.dev' all resolve to the same
IP.

My existing qmailtoaster server (running an older version of the
software) has '/etc/hosts' containing:

127.0.1.1 s2.mydomain.com s2

and the .pem file contains:

Subject: OU=Domain Control Validated, OU=PositiveSSL Multi-Domain,
CN=mydomain.com

and

X509v3 Subject Alternative Name:
DNS:mydomain.com, DNS:mail.mydomain.com, DNS:www.mydomain.com

's6.mydomain.com' resolves to the same IP as 'mail.mydomain.dev';
's2.mydomain.com' resolves to the same IP as 'mail.mydomain.com'.

As far as I can see, the two situations are equivalent, with the
slight
difference that the official server name of the new box
('s6.mydomain.com') is not a subdomain of the domain in the PEM file

('mail.mydomain.dev'), whereas on the old box the name of the host
('s2.mydomain.com') is a subdomain of one of the domain names in the
PEM
file ('mydomain.com'). I don't know if this is a possible cause of
my
problems.

One other difference is that I don’t have a PTR record for
's6.mydomain.com'. An RDNS lookup on the IP of 's2.mydomain.com'
will
yield 's2.mydomain.com', but an RDNS lookup on the IP of
's6.mydomain.com' yields the FQDN of the Linode VM it runs on. Could

that be an issue?

I'll keep digging on this, but if anyone has any suggestions of
tests or
tools I might use, I'd welcome your recommendations.

Thanks,

Angus




Il giorno 21 lug 2019, alle ore 20:03, Angus McIntyre ha scritto:

Thanks to a great deal of help from Remi and Eric, I have now

managed to get my Ansible role to the point where it can
successfully build out a QMailToaster server running PHP 7.1 and
RoundCube 1.4rc1.


However, because nothing is ever that easy, RoundCube and

SquirrelMail have now stopped sending mail (RainLoop works fine).


1) SquirrelMail

SquirrelMail was installed from the qmailtoaster RPMs, using:

yum --enablerepo=qmt-testing update
yum --enablerepo=qmt-devel update

as on the homepage of qmailtoaster.com. After installation, I

patched the Squirrelmail config and the smtps supervise as directed
at:


http://www.qmailtoaster.com/sqmailconfig.html

Attempting to send from SquirrelMail produces the message:

0 Can't open SMTP stream

The /var/log/qmail/smtps/current log shows:

2019-07-22 02:45:15.173127500 tcpserver: status: 1/100
2019-07-22 02:45:15.179903500 tcpserver: pid 2843 from 127.0.0.1
2019-07-22 02:45:15.179905500 tcpserver: ok 2843 s6:127.0.0.1:465
:127.0.0.1::58822
2019-07-22 02:45:15.197381500 tcpserver: end 2843 status 256
2019-07-22 02:45:15.197383500 tcpserver: status: 0/100

2) RoundCube

RoundCube is 1.4rc1, installed from the remi-test repo. Following

Eric's instructions, I edited '/etc/roundcubemail/config.inc.php' so
that it contains:


$config['smtp_server'] = 'tls://mail.myhost.com';

$config['smtp_conn_options'] = array(
'ssl' => array(
'peer_name' => 'mail.myhost.com',
'verify_peer' => true,
'verify_depth' => 3,
'cafile' => '/var/qmail/control/servercert.pem',

Re: [qmailtoaster] Authentication issues with Squirrelmail and RoundCube

2019-07-23 Thread Tahnan Al Anas

Hi,

Some of my user are getting mail at their spam box from some domain. Can
you suggest what can be done to prevent mail getting delivered at spam box?
They prefer to get it in inbox.


--
--

Best Regards
Muhammad Tahnan Al Anas


On Tue, Jul 23, 2019 at 8:41 AM Eric's mail  wrote:

> Angus,
>
> Did you think about simply using port 25, no authentication or encryption,
> which is how squirrelmail on QMT used to be configured, relying on HTTPS
> alone for password and email security across the cloud as the email (after
> the cloud) is submitted directly to the server (tcpserver) by the server
> (apache) itself (127.0.0.1) rendering encryption useless or redundant. I
> think this is the route I will go because with every upgrade of roundcube,
> the webmail I prefer, there seems to be issues with past configurations.
>
> Eric
>
> Get Outlook for Android 
>
>
>
>
> On Mon, Jul 22, 2019 at 5:46 PM -0600, "Angus McIntyre" 
> wrote:
>
> r...@mattei.org wrote on 7/22/19 10:22 AM:
>>  > You need to install the cert on your machine. Does the /etc/hosts
>>  > have the name of your machine can you try to ping that name to
>>  > see if it resolves?
>>
>> The certificate is installed.
>>
>> The hostname in '/etc/hosts' resolves, and responds to pings.
>>
>>
>> I replaced the self-signed PEM that shipped with qmailtoaster with one
>> that I made myself by concatenating the ‘.key’ and ‘.crt’ files from my
>> server certificate. Inspecting the resulting .pem with ‘openssl x509 -in
>> servercert.pem -text’ confirms that the resulting .pem is for the domain
>> that I expect. File permissions and ownership are correct.
>>
>> '/etc/hosts' for my newly-built server contains the following line:
>>
>>127.0.1.1 s6.mydomain.com s6
>>
>> (obviously, 'mydomain' is not the actual name here). The .pem file
>> contains the lines:
>>
>>Subject: OU=Domain Control Validated, OU=PositiveSSL,
>> CN=mail.mydomain.dev
>>
>> and
>>
>>X509v3 Subject Alternative Name:
>>  DNS:mail.mydomain.dev, DNS:www.mail.mydomain.dev
>>
>> 's6.mydomain.com' and 'mail.mydomain.dev' all resolve to the same IP.
>>
>> My existing qmailtoaster server (running an older version of the
>> software) has '/etc/hosts' containing:
>>
>>127.0.1.1 s2.mydomain.com s2
>>
>> and the .pem file contains:
>>
>>Subject: OU=Domain Control Validated, OU=PositiveSSL Multi-Domain,
>> CN=mydomain.com
>>
>> and
>>
>>X509v3 Subject Alternative Name:
>>  DNS:mydomain.com, DNS:mail.mydomain.com, DNS:www.mydomain.com
>>
>> 's6.mydomain.com' resolves to the same IP as 'mail.mydomain.dev';
>> 's2.mydomain.com' resolves to the same IP as 'mail.mydomain.com'.
>>
>> As far as I can see, the two situations are equivalent, with the slight
>> difference that the official server name of the new box
>> ('s6.mydomain.com') is not a subdomain of the domain in the PEM file
>> ('mail.mydomain.dev'), whereas on the old box the name of the host
>> ('s2.mydomain.com') is a subdomain of one of the domain names in the PEM
>> file ('mydomain.com'). I don't know if this is a possible cause of my
>> problems.
>>
>> One other difference is that I don’t have a PTR record for
>> 's6.mydomain.com'. An RDNS lookup on the IP of 's2.mydomain.com' will
>> yield 's2.mydomain.com', but an RDNS lookup on the IP of
>> 's6.mydomain.com' yields the FQDN of the Linode VM it runs on. Could
>> that be an issue?
>>
>> I'll keep digging on this, but if anyone has any suggestions of tests or
>> tools I might use, I'd welcome your recommendations.
>>
>> Thanks,
>>
>> Angus
>>
>>
>>
>> >
>> >> Il giorno 21 lug 2019, alle ore 20:03, Angus McIntyre  ha scritto:
>> >>
>> >> Thanks to a great deal of help from Remi and Eric, I have now managed to 
>> >> get my Ansible role to the point where it can successfully build out a 
>> >> QMailToaster server running PHP 7.1 and RoundCube 1.4rc1.
>> >>
>> >> However, because nothing is ever that easy, RoundCube and SquirrelMail 
>> >> have now stopped sending mail (RainLoop works fine).
>> >>
>> >> 1) SquirrelMail
>> >>
>> >> SquirrelMail was installed from the qmailtoaster RPMs, using:
>> >>
>> >> yum --enablerepo=qmt-testing update
>> >> yum --enablerepo=qmt-devel update
>> >>
>> >> as on the homepage of qmailtoaster.com. After installation, I patched the 
>> >> Squirrelmail config and the smtps supervise as directed at:
>> >>
>> >> http://www.qmailtoaster.com/sqmailconfig.html
>> >>
>> >> Attempting to send from SquirrelMail produces the message:
>> >>
>> >> 0 Can't open SMTP stream
>> >>
>> >> The /var/log/qmail/smtps/current log shows:
>> >>
>> >>   2019-07-22 02:45:15.173127500 tcpserver: status: 1/100
>> >>   2019-07-22 02:45:15.179903500 tcpserver: pid 2843 from 127.0.0.1
>> >>   2019-07-22 02:45:15.179905500 tcpserver: ok 2843 s6:127.0.0.1:465
>> >> :127.0.0.1::58822
>> >>   2019-07-22 02:45:15.197381500 tcpserver: end 2843 status 256
>> >>   2019-07-22 02:45:15.197383500 tcpserver: status: 0/100
>> >>
>> >>

Re: [qmailtoaster] Authentication issues with Squirrelmail and RoundCube

2019-07-22 Thread remo

I am not sure why you keep having all this issues. Let me know off line maybe I 
can take a look. 

> Il giorno 22 lug 2019, alle ore 19:41, Eric's mail  
> ha scritto:
> 
> 
> Angus,
> 
> Did you think about simply using port 25, no authentication or encryption, 
> which is how squirrelmail on QMT used to be configured, relying on HTTPS 
> alone for password and email security across the cloud as the email (after 
> the cloud) is submitted directly to the server (tcpserver) by the server 
> (apache) itself (127.0.0.1) rendering encryption useless or redundant. I 
> think this is the route I will go because with every upgrade of roundcube, 
> the webmail I prefer, there seems to be issues with past configurations.
> 
> Eric
> 
> Get Outlook for Android
> 
> 
> 
> 
>> On Mon, Jul 22, 2019 at 5:46 PM -0600, "Angus McIntyre"  
>> wrote:
>> 
>> r...@mattei.org wrote on 7/22/19 10:22 AM:
>>  > You need to install the cert on your machine. Does the /etc/hosts
>>  > have the name of your machine can you try to ping that name to
>>  > see if it resolves?
>> 
>> The certificate is installed.
>> 
>> The hostname in '/etc/hosts' resolves, and responds to pings.
>> 
>> 
>> I replaced the self-signed PEM that shipped with qmailtoaster with one 
>> that I made myself by concatenating the ‘.key’ and ‘.crt’ files from my 
>> server certificate. Inspecting the resulting .pem with ‘openssl x509 -in 
>> servercert.pem -text’ confirms that the resulting .pem is for the domain 
>> that I expect. File permissions and ownership are correct.
>> 
>> '/etc/hosts' for my newly-built server contains the following line:
>> 
>>127.0.1.1 s6.mydomain.com s6
>> 
>> (obviously, 'mydomain' is not the actual name here). The .pem file 
>> contains the lines:
>> 
>>Subject: OU=Domain Control Validated, OU=PositiveSSL, 
>> CN=mail.mydomain.dev
>> 
>> and
>> 
>>X509v3 Subject Alternative Name:
>>  DNS:mail.mydomain.dev, DNS:www.mail.mydomain.dev
>> 
>> 's6.mydomain.com' and 'mail.mydomain.dev' all resolve to the same IP.
>> 
>> My existing qmailtoaster server (running an older version of the 
>> software) has '/etc/hosts' containing:
>> 
>>127.0.1.1 s2.mydomain.com s2
>> 
>> and the .pem file contains:
>> 
>>Subject: OU=Domain Control Validated, OU=PositiveSSL Multi-Domain, 
>> CN=mydomain.com
>> 
>> and
>> 
>>X509v3 Subject Alternative Name:
>>  DNS:mydomain.com, DNS:mail.mydomain.com, DNS:www.mydomain.com
>> 
>> 's6.mydomain.com' resolves to the same IP as 'mail.mydomain.dev'; 
>> 's2.mydomain.com' resolves to the same IP as 'mail.mydomain.com'.
>> 
>> As far as I can see, the two situations are equivalent, with the slight 
>> difference that the official server name of the new box 
>> ('s6.mydomain.com') is not a subdomain of the domain in the PEM file 
>> ('mail.mydomain.dev'), whereas on the old box the name of the host 
>> ('s2.mydomain.com') is a subdomain of one of the domain names in the PEM 
>> file ('mydomain.com'). I don't know if this is a possible cause of my 
>> problems.
>> 
>> One other difference is that I don’t have a PTR record for 
>> 's6.mydomain.com'. An RDNS lookup on the IP of 's2.mydomain.com' will 
>> yield 's2.mydomain.com', but an RDNS lookup on the IP of 
>> 's6.mydomain.com' yields the FQDN of the Linode VM it runs on. Could 
>> that be an issue?
>> 
>> I'll keep digging on this, but if anyone has any suggestions of tests or 
>> tools I might use, I'd welcome your recommendations.
>> 
>> Thanks,
>> 
>> Angus
>> 
>> 
>> 
>> > 
>> >> Il giorno 21 lug 2019, alle ore 20:03, Angus McIntyre  ha scritto:
>> >>
>> >> Thanks to a great deal of help from Remi and Eric, I have now managed to 
>> >> get my Ansible role to the point where it can successfully build out a 
>> >> QMailToaster server running PHP 7.1 and RoundCube 1.4rc1.
>> >>
>> >> However, because nothing is ever that easy, RoundCube and SquirrelMail 
>> >> have now stopped sending mail (RainLoop works fine).
>> >>
>> >> 1) SquirrelMail
>> >>
>> >> SquirrelMail was installed from the qmailtoaster RPMs, using:
>> >>
>> >> yum --enablerepo=qmt-testing update
>> >> yum --enablerepo=qmt-devel update
>> >>
>> >> as on the homepage of qmailtoaster.com. After installation, I patched the 
>> >> Squirrelmail config and the smtps supervise as directed at:
>> >>
>> >> http://www.qmailtoaster.com/sqmailconfig.html
>> >>
>> >> Attempting to send from SquirrelMail produces the message:
>> >>
>> >> 0 Can't open SMTP stream
>> >>
>> >> The /var/log/qmail/smtps/current log shows:
>> >>
>> >>   2019-07-22 02:45:15.173127500 tcpserver: status: 1/100
>> >>   2019-07-22 02:45:15.179903500 tcpserver: pid 2843 from 127.0.0.1
>> >>   2019-07-22 02:45:15.179905500 tcpserver: ok 2843 s6:127.0.0.1:465
>> >> :127.0.0.1::58822
>> >>   2019-07-22 02:45:15.197381500 tcpserver: end 2843 status 256
>> >>   2019-07-22 02:45:15.197383500 tcpserver: status: 0/100
>> >>
>> >> 2) RoundCube
>> >>
>> >> RoundCube is 1.4rc1, installed from the

Re: [qmailtoaster] Authentication issues with Squirrelmail and RoundCube

2019-07-22 Thread Eric's mail

Angus,

Did you think about simply using port 25, no authentication or encryption, 
which is how squirrelmail on QMT used to be configured, relying on HTTPS alone 
for password and email security across the cloud as the email (after the cloud) 
is submitted directly to the server (tcpserver) by the server (apache) itself 
(127.0.0.1) rendering encryption useless or redundant. I think this is the 
route I will go because with every upgrade of roundcube, the webmail I prefer, 
there seems to be issues with past configurations.

Eric

Get Outlook for Android

On Mon, Jul 22, 2019 at 5:46 PM -0600, "Angus McIntyre"  wrote:

r...@mattei.org wrote on 7/22/19 10:22 AM:
 > You need to install the cert on your machine. Does the /etc/hosts
 > have the name of your machine can you try to ping that name to
 > see if it resolves?

The certificate is installed.

The hostname in '/etc/hosts' resolves, and responds to pings.

I replaced the self-signed PEM that shipped with qmailtoaster with one 
that I made myself by concatenating the ‘.key’ and ‘.crt’ files from my 
server certificate. Inspecting the resulting .pem with ‘openssl x509 -in 
servercert.pem -text’ confirms that the resulting .pem is for the domain 
that I expect. File permissions and ownership are correct.

'/etc/hosts' for my newly-built server contains the following line:

   127.0.1.1 s6.mydomain.com s6

(obviously, 'mydomain' is not the actual name here). The .pem file 
contains the lines:

   Subject: OU=Domain Control Validated, OU=PositiveSSL, 
CN=mail.mydomain.dev

and

   X509v3 Subject Alternative Name:
 DNS:mail.mydomain.dev, DNS:www.mail.mydomain.dev

's6.mydomain.com' and 'mail.mydomain.dev' all resolve to the same IP.

My existing qmailtoaster server (running an older version of the 
software) has '/etc/hosts' containing:

   127.0.1.1 s2.mydomain.com s2

and the .pem file contains:

   Subject: OU=Domain Control Validated, OU=PositiveSSL Multi-Domain, 
CN=mydomain.com

and

   X509v3 Subject Alternative Name:
 DNS:mydomain.com, DNS:mail.mydomain.com, DNS:www.mydomain.com

's6.mydomain.com' resolves to the same IP as 'mail.mydomain.dev'; 
's2.mydomain.com' resolves to the same IP as 'mail.mydomain.com'.

As far as I can see, the two situations are equivalent, with the slight 
difference that the official server name of the new box 
('s6.mydomain.com') is not a subdomain of the domain in the PEM file 
('mail.mydomain.dev'), whereas on the old box the name of the host 
('s2.mydomain.com') is a subdomain of one of the domain names in the PEM 
file ('mydomain.com'). I don't know if this is a possible cause of my 
problems.

One other difference is that I don’t have a PTR record for 
's6.mydomain.com'. An RDNS lookup on the IP of 's2.mydomain.com' will 
yield 's2.mydomain.com', but an RDNS lookup on the IP of 
's6.mydomain.com' yields the FQDN of the Linode VM it runs on. Could 
that be an issue?

I'll keep digging on this, but if anyone has any suggestions of tests or 
tools I might use, I'd welcome your recommendations.

Thanks,

Angus

> 
>> Il giorno 21 lug 2019, alle ore 20:03, Angus McIntyre  ha scritto:
>>
>> Thanks to a great deal of help from Remi and Eric, I have now managed to 
>> get my Ansible role to the point where it can successfully build out a 
>> QMailToaster server running PHP 7.1 and RoundCube 1.4rc1.
>>
>> However, because nothing is ever that easy, RoundCube and SquirrelMail have 
>> now stopped sending mail (RainLoop works fine).
>>
>> 1) SquirrelMail
>>
>> SquirrelMail was installed from the qmailtoaster RPMs, using:
>>
>> yum --enablerepo=qmt-testing update
>> yum --enablerepo=qmt-devel update
>>
>> as on the homepage of qmailtoaster.com. After installation, I patched the 
>> Squirrelmail config and the smtps supervise as directed at:
>>
>> http://www.qmailtoaster.com/sqmailconfig.html
>>
>> Attempting to send from SquirrelMail produces the message:
>>
>> 0 Can't open SMTP stream
>>
>> The /var/log/qmail/smtps/current log shows:
>>
>>   2019-07-22 02:45:15.173127500 tcpserver: status: 1/100
>>   2019-07-22 02:45:15.179903500 tcpserver: pid 2843 from 127.0.0.1
>>   2019-07-22 02:45:15.179905500 tcpserver: ok 2843 s6:127.0.0.1:465
>> :127.0.0.1::58822
>>   2019-07-22 02:45:15.197381500 tcpserver: end 2843 status 256
>>   2019-07-22 02:45:15.197383500 tcpserver: status: 0/100
>>
>> 2) RoundCube
>>
>> RoundCube is 1.4rc1, installed from the remi-test repo. Following Eric's 
>> instructions, I edited '/etc/roundcubemail/config.inc.php' so that it 
>> contains:
>>
>>   $config['smtp_server'] = 'tls://mail.myhost.com';
>>
>>   $config['smtp_conn_options'] = array(
>>  'ssl' => array(
>> 'peer_name' => 'mail.myhost.com',
>> 'verify_peer'  => true,
>> 'verify_depth' => 3,
>> 'cafile'   => '/var/qmail/control/servercert.pem',
>>),
>>   );
>>
>> (where 'mail.myhost.com' is the actual name of my mailserver, as it appears 
>> in the

Re: [qmailtoaster] Authentication issues with Squirrelmail and RoundCube

2019-07-22 Thread Angus McIntyre


r...@mattei.org wrote on 7/22/19 10:22 AM:
> You need to install the cert on your machine. Does the /etc/hosts
> have the name of your machine can you try to ping that name to
> see if it resolves?

The certificate is installed.

The hostname in '/etc/hosts' resolves, and responds to pings.


I replaced the self-signed PEM that shipped with qmailtoaster with one 
that I made myself by concatenating the ‘.key’ and ‘.crt’ files from my 
server certificate. Inspecting the resulting .pem with ‘openssl x509 -in 
servercert.pem -text’ confirms that the resulting .pem is for the domain 
that I expect. File permissions and ownership are correct.


'/etc/hosts' for my newly-built server contains the following line:

  127.0.1.1 s6.mydomain.com s6

(obviously, 'mydomain' is not the actual name here). The .pem file 
contains the lines:


  Subject: OU=Domain Control Validated, OU=PositiveSSL, 
CN=mail.mydomain.dev


and

  X509v3 Subject Alternative Name:
DNS:mail.mydomain.dev, DNS:www.mail.mydomain.dev

's6.mydomain.com' and 'mail.mydomain.dev' all resolve to the same IP.

My existing qmailtoaster server (running an older version of the 
software) has '/etc/hosts' containing:


  127.0.1.1 s2.mydomain.com s2

and the .pem file contains:

  Subject: OU=Domain Control Validated, OU=PositiveSSL Multi-Domain, 
CN=mydomain.com


and

  X509v3 Subject Alternative Name:
DNS:mydomain.com, DNS:mail.mydomain.com, DNS:www.mydomain.com

's6.mydomain.com' resolves to the same IP as 'mail.mydomain.dev'; 
's2.mydomain.com' resolves to the same IP as 'mail.mydomain.com'.


As far as I can see, the two situations are equivalent, with the slight 
difference that the official server name of the new box 
('s6.mydomain.com') is not a subdomain of the domain in the PEM file 
('mail.mydomain.dev'), whereas on the old box the name of the host 
('s2.mydomain.com') is a subdomain of one of the domain names in the PEM 
file ('mydomain.com'). I don't know if this is a possible cause of my 
problems.


One other difference is that I don’t have a PTR record for 
's6.mydomain.com'. An RDNS lookup on the IP of 's2.mydomain.com' will 
yield 's2.mydomain.com', but an RDNS lookup on the IP of 
's6.mydomain.com' yields the FQDN of the Linode VM it runs on. Could 
that be an issue?


I'll keep digging on this, but if anyone has any suggestions of tests or 
tools I might use, I'd welcome your recommendations.


Thanks,

Angus






Il giorno 21 lug 2019, alle ore 20:03, Angus McIntyre  ha 
scritto:

Thanks to a great deal of help from Remi and Eric, I have now managed to get 
my Ansible role to the point where it can successfully build out a QMailToaster 
server running PHP 7.1 and RoundCube 1.4rc1.

However, because nothing is ever that easy, RoundCube and SquirrelMail have now 
stopped sending mail (RainLoop works fine).

1) SquirrelMail

SquirrelMail was installed from the qmailtoaster RPMs, using:

yum --enablerepo=qmt-testing update
yum --enablerepo=qmt-devel update

as on the homepage of qmailtoaster.com. After installation, I patched the 
Squirrelmail config and the smtps supervise as directed at:

http://www.qmailtoaster.com/sqmailconfig.html

Attempting to send from SquirrelMail produces the message:

0 Can't open SMTP stream

The /var/log/qmail/smtps/current log shows:

  2019-07-22 02:45:15.173127500 tcpserver: status: 1/100
  2019-07-22 02:45:15.179903500 tcpserver: pid 2843 from 127.0.0.1
  2019-07-22 02:45:15.179905500 tcpserver: ok 2843 s6:127.0.0.1:465
:127.0.0.1::58822
  2019-07-22 02:45:15.197381500 tcpserver: end 2843 status 256
  2019-07-22 02:45:15.197383500 tcpserver: status: 0/100

2) RoundCube

RoundCube is 1.4rc1, installed from the remi-test repo. Following Eric's 
instructions, I edited '/etc/roundcubemail/config.inc.php' so that it contains:

  $config['smtp_server'] = 'tls://mail.myhost.com';

  $config['smtp_conn_options'] = array(
 'ssl' => array(
'peer_name' => 'mail.myhost.com',
'verify_peer'  => true,
'verify_depth' => 3,
'cafile'   => '/var/qmail/control/servercert.pem',
   ),
  );

(where 'mail.myhost.com' is the actual name of my mailserver, as it appears in 
the 'servercert.pem' file).

Trying to send from RoundCube produces a 220 Authentication Failed message. The 
transcript in RoundCube's SMTP log looks like:

  [21-Jul-2019 22:26:08 -0400]:  Connecting to
  tls://mail.myhost.com:587...
  [21-Jul-2019 22:26:08 -0400]:  Recv: 220 s6.myhost.net -
  Welcome to Qmail Toaster Ver. 1.03-2.1.qt.el7 SMTP Server ESMTP
  [21-Jul-2019 22:26:08 -0400]:  Send: EHLO mail.myhost.com
  [21-Jul-2019 22:26:08 -0400]:  Recv: 250-s6.myhost.net -
  Welcome to Qmail Toaster Ver. 1.03-2.1.qt.el7 SMTP Server
  [21-Jul-2019 22:26:08 -0400]:  Recv: 250-STARTTLS
  [21-Jul-2019 22:26:08 -0400]:  Recv: 250-PIPELINING
  [21-Jul-2019 22:26:08 -0400]:  Recv: 250-8BITMIME
  [21-Jul-2019 22:26:08 -0400]:  Recv: 250 SIZE 20971520
  [21-Jul-2019 22:26:08 -0400]:  Send: STARTTLS

Re: [qmailtoaster] Authentication issues with Squirrelmail and RoundCube

2019-07-22 Thread remo

You need to install the cert on your machine. Does the /etc/hosts have the name 
of your machine can you try to ping that name to see if it resolves? 

> Il giorno 21 lug 2019, alle ore 20:03, Angus McIntyre  ha 
> scritto:
> 
> Thanks to a great deal of help from Remi and Eric, I have now managed to get 
> my Ansible role to the point where it can successfully build out a 
> QMailToaster server running PHP 7.1 and RoundCube 1.4rc1.
> 
> However, because nothing is ever that easy, RoundCube and SquirrelMail have 
> now stopped sending mail (RainLoop works fine).
> 
> 1) SquirrelMail
> 
> SquirrelMail was installed from the qmailtoaster RPMs, using:
> 
>yum --enablerepo=qmt-testing update
>yum --enablerepo=qmt-devel update
> 
> as on the homepage of qmailtoaster.com. After installation, I patched the 
> Squirrelmail config and the smtps supervise as directed at:
> 
>http://www.qmailtoaster.com/sqmailconfig.html
> 
> Attempting to send from SquirrelMail produces the message:
> 
>0 Can't open SMTP stream
> 
> The /var/log/qmail/smtps/current log shows:
> 
>  2019-07-22 02:45:15.173127500 tcpserver: status: 1/100
>  2019-07-22 02:45:15.179903500 tcpserver: pid 2843 from 127.0.0.1
>  2019-07-22 02:45:15.179905500 tcpserver: ok 2843 s6:127.0.0.1:465
>:127.0.0.1::58822
>  2019-07-22 02:45:15.197381500 tcpserver: end 2843 status 256
>  2019-07-22 02:45:15.197383500 tcpserver: status: 0/100
> 
> 2) RoundCube
> 
> RoundCube is 1.4rc1, installed from the remi-test repo. Following Eric's 
> instructions, I edited '/etc/roundcubemail/config.inc.php' so that it 
> contains:
> 
>  $config['smtp_server'] = 'tls://mail.myhost.com';
> 
>  $config['smtp_conn_options'] = array(
> 'ssl' => array(
>'peer_name' => 'mail.myhost.com',
>'verify_peer'  => true,
>'verify_depth' => 3,
>'cafile'   => '/var/qmail/control/servercert.pem',
>   ),
>  );
> 
> (where 'mail.myhost.com' is the actual name of my mailserver, as it appears 
> in the 'servercert.pem' file).
> 
> Trying to send from RoundCube produces a 220 Authentication Failed message. 
> The transcript in RoundCube's SMTP log looks like:
> 
>  [21-Jul-2019 22:26:08 -0400]:  Connecting to
>  tls://mail.myhost.com:587...
>  [21-Jul-2019 22:26:08 -0400]:  Recv: 220 s6.myhost.net -
>  Welcome to Qmail Toaster Ver. 1.03-2.1.qt.el7 SMTP Server ESMTP
>  [21-Jul-2019 22:26:08 -0400]:  Send: EHLO mail.myhost.com
>  [21-Jul-2019 22:26:08 -0400]:  Recv: 250-s6.myhost.net -
>  Welcome to Qmail Toaster Ver. 1.03-2.1.qt.el7 SMTP Server
>  [21-Jul-2019 22:26:08 -0400]:  Recv: 250-STARTTLS
>  [21-Jul-2019 22:26:08 -0400]:  Recv: 250-PIPELINING
>  [21-Jul-2019 22:26:08 -0400]:  Recv: 250-8BITMIME
>  [21-Jul-2019 22:26:08 -0400]:  Recv: 250 SIZE 20971520
>  [21-Jul-2019 22:26:08 -0400]:  Send: STARTTLS
>  [21-Jul-2019 22:26:08 -0400]:  Recv: 220 ready for tls
>  [21-Jul-2019 22:26:08 -0400]:  Send: RSET
>  [21-Jul-2019 22:27:08 -0400]:  Send: QUIT
>  [21-Jul-2019 22:27:08 -0400]:  Recv: 454 TLS connection
>  failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
>  protocol (#4.3.0)
> 
> 3) Desktop client
> 
> Trying to send from a desktop client (PostBox) also fails, generating the 
> warning:
> 
>  Could not verify this certificate because the issuer is unknown
> 
> The issuer in this case is actually Sectigo, which is the new name for 
> Comodo, who should be reasonably reputable.
> 
> The 'servercert.pem' file that I'm using is generated from the same '.key' 
> and '.crt' files that I use to secure the webserver, which appear to work 
> fine in that context.
> 
> 
> 
> Has anyone encountered this issue, or can suggest a possible fix?
> 
> Thanks for any help you can give me,
> 
> Angus
> 
> 
> 
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Authentication issues with Squirrelmail and RoundCube

2019-07-21 Thread Eric Broch

Just as long as you have https set up for both roundcube and 
squirrelmail you could use port 25, tls is not necessary.


On 7/21/2019 9:02 PM, Angus McIntyre wrote:
Thanks to a great deal of help from Remi and Eric, I have now managed 
to get my Ansible role to the point where it can successfully build 
out a QMailToaster server running PHP 7.1 and RoundCube 1.4rc1.


However, because nothing is ever that easy, RoundCube and SquirrelMail 
have now stopped sending mail (RainLoop works fine).


1) SquirrelMail

SquirrelMail was installed from the qmailtoaster RPMs, using:

yum --enablerepo=qmt-testing update
yum --enablerepo=qmt-devel update

as on the homepage of qmailtoaster.com. After installation, I patched 
the Squirrelmail config and the smtps supervise as directed at:


http://www.qmailtoaster.com/sqmailconfig.html

Attempting to send from SquirrelMail produces the message:

0 Can't open SMTP stream

The /var/log/qmail/smtps/current log shows:

  2019-07-22 02:45:15.173127500 tcpserver: status: 1/100
  2019-07-22 02:45:15.179903500 tcpserver: pid 2843 from 127.0.0.1
  2019-07-22 02:45:15.179905500 tcpserver: ok 2843 s6:127.0.0.1:465
    :127.0.0.1::58822
  2019-07-22 02:45:15.197381500 tcpserver: end 2843 status 256
  2019-07-22 02:45:15.197383500 tcpserver: status: 0/100

2) RoundCube

RoundCube is 1.4rc1, installed from the remi-test repo. Following 
Eric's instructions, I edited '/etc/roundcubemail/config.inc.php' so 
that it contains:


  $config['smtp_server'] = 'tls://mail.myhost.com';

  $config['smtp_conn_options'] = array(
 'ssl' => array(
    'peer_name' => 'mail.myhost.com',
    'verify_peer'  => true,
    'verify_depth' => 3,
    'cafile'   => '/var/qmail/control/servercert.pem',
   ),
  );

(where 'mail.myhost.com' is the actual name of my mailserver, as it 
appears in the 'servercert.pem' file).


Trying to send from RoundCube produces a 220 Authentication Failed 
message. The transcript in RoundCube's SMTP log looks like:


  [21-Jul-2019 22:26:08 -0400]:  Connecting to
  tls://mail.myhost.com:587...
  [21-Jul-2019 22:26:08 -0400]:  Recv: 220 s6.myhost.net -
  Welcome to Qmail Toaster Ver. 1.03-2.1.qt.el7 SMTP Server ESMTP
  [21-Jul-2019 22:26:08 -0400]:  Send: EHLO mail.myhost.com
  [21-Jul-2019 22:26:08 -0400]:  Recv: 250-s6.myhost.net -
  Welcome to Qmail Toaster Ver. 1.03-2.1.qt.el7 SMTP Server
  [21-Jul-2019 22:26:08 -0400]:  Recv: 250-STARTTLS
  [21-Jul-2019 22:26:08 -0400]:  Recv: 250-PIPELINING
  [21-Jul-2019 22:26:08 -0400]:  Recv: 250-8BITMIME
  [21-Jul-2019 22:26:08 -0400]:  Recv: 250 SIZE 20971520
  [21-Jul-2019 22:26:08 -0400]:  Send: STARTTLS
  [21-Jul-2019 22:26:08 -0400]:  Recv: 220 ready for tls
  [21-Jul-2019 22:26:08 -0400]:  Send: RSET
  [21-Jul-2019 22:27:08 -0400]:  Send: QUIT
  [21-Jul-2019 22:27:08 -0400]:  Recv: 454 TLS connection
  failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
  protocol (#4.3.0)

3) Desktop client

Trying to send from a desktop client (PostBox) also fails, generating 
the warning:


  Could not verify this certificate because the issuer is unknown

The issuer in this case is actually Sectigo, which is the new name for 
Comodo, who should be reasonably reputable.


The 'servercert.pem' file that I'm using is generated from the same 
'.key' and '.crt' files that I use to secure the webserver, which 
appear to work fine in that context.




Has anyone encountered this issue, or can suggest a possible fix?

Thanks for any help you can give me,

Angus



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Authentication issues with Squirrelmail and RoundCube

2019-07-21 Thread Angus McIntyre

Thanks to a great deal of help from Remi and Eric, I have now managed to 
get my Ansible role to the point where it can successfully build out a 
QMailToaster server running PHP 7.1 and RoundCube 1.4rc1.


However, because nothing is ever that easy, RoundCube and SquirrelMail 
have now stopped sending mail (RainLoop works fine).


1) SquirrelMail

SquirrelMail was installed from the qmailtoaster RPMs, using:

yum --enablerepo=qmt-testing update
yum --enablerepo=qmt-devel update

as on the homepage of qmailtoaster.com. After installation, I patched 
the Squirrelmail config and the smtps supervise as directed at:


http://www.qmailtoaster.com/sqmailconfig.html

Attempting to send from SquirrelMail produces the message:

0 Can't open SMTP stream

The /var/log/qmail/smtps/current log shows:

  2019-07-22 02:45:15.173127500 tcpserver: status: 1/100
  2019-07-22 02:45:15.179903500 tcpserver: pid 2843 from 127.0.0.1
  2019-07-22 02:45:15.179905500 tcpserver: ok 2843 s6:127.0.0.1:465
:127.0.0.1::58822
  2019-07-22 02:45:15.197381500 tcpserver: end 2843 status 256
  2019-07-22 02:45:15.197383500 tcpserver: status: 0/100

2) RoundCube

RoundCube is 1.4rc1, installed from the remi-test repo. Following Eric's 
instructions, I edited '/etc/roundcubemail/config.inc.php' so that it 
contains:


  $config['smtp_server'] = 'tls://mail.myhost.com';

  $config['smtp_conn_options'] = array(
 'ssl' => array(
'peer_name' => 'mail.myhost.com',
'verify_peer'  => true,
'verify_depth' => 3,
'cafile'   => '/var/qmail/control/servercert.pem',
   ),
  );

(where 'mail.myhost.com' is the actual name of my mailserver, as it 
appears in the 'servercert.pem' file).


Trying to send from RoundCube produces a 220 Authentication Failed 
message. The transcript in RoundCube's SMTP log looks like:


  [21-Jul-2019 22:26:08 -0400]:  Connecting to
  tls://mail.myhost.com:587...
  [21-Jul-2019 22:26:08 -0400]:  Recv: 220 s6.myhost.net -
  Welcome to Qmail Toaster Ver. 1.03-2.1.qt.el7 SMTP Server ESMTP
  [21-Jul-2019 22:26:08 -0400]:  Send: EHLO mail.myhost.com
  [21-Jul-2019 22:26:08 -0400]:  Recv: 250-s6.myhost.net -
  Welcome to Qmail Toaster Ver. 1.03-2.1.qt.el7 SMTP Server
  [21-Jul-2019 22:26:08 -0400]:  Recv: 250-STARTTLS
  [21-Jul-2019 22:26:08 -0400]:  Recv: 250-PIPELINING
  [21-Jul-2019 22:26:08 -0400]:  Recv: 250-8BITMIME
  [21-Jul-2019 22:26:08 -0400]:  Recv: 250 SIZE 20971520
  [21-Jul-2019 22:26:08 -0400]:  Send: STARTTLS
  [21-Jul-2019 22:26:08 -0400]:  Recv: 220 ready for tls
  [21-Jul-2019 22:26:08 -0400]:  Send: RSET
  [21-Jul-2019 22:27:08 -0400]:  Send: QUIT
  [21-Jul-2019 22:27:08 -0400]:  Recv: 454 TLS connection
  failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
  protocol (#4.3.0)

3) Desktop client

Trying to send from a desktop client (PostBox) also fails, generating 
the warning:


  Could not verify this certificate because the issuer is unknown

The issuer in this case is actually Sectigo, which is the new name for 
Comodo, who should be reasonably reputable.


The 'servercert.pem' file that I'm using is generated from the same 
'.key' and '.crt' files that I use to secure the webserver, which appear 
to work fine in that context.




Has anyone encountered this issue, or can suggest a possible fix?

Thanks for any help you can give me,

Angus



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Authentication methods

2012-02-17 Thread David Milholen


+1 Rock it man..

On 2/15/2012 11:26 AM, Eric Shubert wrote:
As part of the upgrade to vpopmail, we're considering removing clear 
text passwords from the database. This will improve security, but at 
the same time remove some (somewhat insecure) capabilitiy.


The biggest impact I think this will have is that admins will no 
longer be able to look up someone's password. In the event that a user 
loses their password, the administrator would reset the password to 
something temporary, and the user would subsequently change it to 
whatever they like. This is the practice followed in many (if not 
most) other environments.


The other impact will be the elimination of cram-md5 as an 
authentication option. While this doesn't really make QMT any less 
secure, it might mean that some clients that were formerly configured 
to use cram-md5 would fail to work until their configuration options 
were changed.


I honestly do not have a good feel for which or how many devices may 
be using cram-md5. There's also a chance that there exists some older 
devices (old Nokia phones perhaps?) that use cram-md5 and are unable 
to use TLS/SSL. I do doubt that such devices exist, but there's always 
that possibility.


In any case, I think it would be prudent for QMT to provide SMTPS 
(port 465) before or at the same time that cram-md5 support is 
removed. This is something we've talked about already, so assume that 
there will be SMTPS capability should cram-md5 (and clear text 
passwords) be removed.


That's all I have on this at the moment. Any thoughts?
shubes ducks




--

David Milholen
Project Engineer
P:501-318-1300

Re: [qmailtoaster] Authentication methods

2012-02-16 Thread Tonix (Antonio Nati)

My point of view is related to extra QMT features, so it could be out of 
topic.


We are willing to integrate some assistance trouble ticketing and/or 
other web services for e-mail users, so we plan to use the same vpopmail 
auth table also for other external packages.
From this point of view, a clear text password column is needed, as we 
don't know which kind of auth is needed outside.


Probably, this column should be hidden for any vpopmail function, except 
setting a new password. We are thinking if/how enable this column only 
using a MySQL stored procedure... but this is behind this topic!


Regards,

Tonino



Il 15/02/2012 18:26, Eric Shubert ha scritto:
As part of the upgrade to vpopmail, we're considering removing clear 
text passwords from the database. This will improve security, but at 
the same time remove some (somewhat insecure) capabilitiy.


The biggest impact I think this will have is that admins will no 
longer be able to look up someone's password. In the event that a user 
loses their password, the administrator would reset the password to 
something temporary, and the user would subsequently change it to 
whatever they like. This is the practice followed in many (if not 
most) other environments.


The other impact will be the elimination of cram-md5 as an 
authentication option. While this doesn't really make QMT any less 
secure, it might mean that some clients that were formerly configured 
to use cram-md5 would fail to work until their configuration options 
were changed.


I honestly do not have a good feel for which or how many devices may 
be using cram-md5. There's also a chance that there exists some older 
devices (old Nokia phones perhaps?) that use cram-md5 and are unable 
to use TLS/SSL. I do doubt that such devices exist, but there's always 
that possibility.


In any case, I think it would be prudent for QMT to provide SMTPS 
(port 465) before or at the same time that cram-md5 support is 
removed. This is something we've talked about already, so assume that 
there will be SMTPS capability should cram-md5 (and clear text 
passwords) be removed.


That's all I have on this at the moment. Any thoughts?
shubes ducks




--

Inter@zioniInterazioni di Antonio Nati
   http://www.interazioni.it  to...@interazioni.it



-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Authentication methods

2012-02-16 Thread Bharath Chari


On Thursday 16 February 2012 05:42 PM, Tonix (Antonio Nati) wrote:
My point of view is related to extra QMT features, so it could be out 
of topic.


We are willing to integrate some assistance trouble ticketing and/or 
other web services for e-mail users, so we plan to use the same 
vpopmail auth table also for other external packages.
From this point of view, a clear text password column is needed, as we 
don't know which kind of auth is needed outside.
I think that the MySQL implementation of vpopmail is unique in that it 
allows for storing clear text passwords. I run other mail systems which 
use Postfix/Dovecot with a mysql backend. Almost all of them DO NOT 
display/store clear text passwords. The commonly used encryptions are 
crypt, sha1 and md5, AFAIK, and most CRM packages do support them.



Bharath

-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Authentication methods

2012-02-16 Thread Tonix (Antonio Nati)


Il 16/02/2012 13:45, Bharath Chari ha scritto:

On Thursday 16 February 2012 05:42 PM, Tonix (Antonio Nati) wrote:
My point of view is related to extra QMT features, so it could be out 
of topic.


We are willing to integrate some assistance trouble ticketing and/or 
other web services for e-mail users, so we plan to use the same 
vpopmail auth table also for other external packages.
From this point of view, a clear text password column is needed, as 
we don't know which kind of auth is needed outside.
I think that the MySQL implementation of vpopmail is unique in that it 
allows for storing clear text passwords. I run other mail systems 
which use Postfix/Dovecot with a mysql backend. Almost all of them DO 
NOT display/store clear text passwords. The commonly used encryptions 
are crypt, sha1 and md5, AFAIK, and most CRM packages do support them.



I used Radius in the past, for giving PSTN access to email users, and it 
wants clear passwords.
The same if you want particular kinds of authentication: send md5 of 
(password + time string), you need clear password to check result.


Regards,

Tonino




Bharath

- 

Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and 
installations.

 If you need professional help with your setup, contact them today!
- 

Please visit qmailtoaster.com for the latest news, updates, and 
packages.
 To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com







--

Inter@zioniInterazioni di Antonio Nati
   http://www.interazioni.it  to...@interazioni.it



-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Authentication methods

2012-02-16 Thread Peter Peltonen

Hi,

On Wed, Feb 15, 2012 at 7:26 PM, Eric Shubert e...@shubes.net wrote:
 The other impact will be the elimination of cram-md5 as an authentication
 option. While this doesn't really make QMT any less secure, it might mean
 that some clients that were formerly configured to use cram-md5 would fail
 to work until their configuration options were changed.

Related to this:

On my another recently new qmailtoaster server I noticed the following
after updating packages with yum:

Feb 11 12:52:02 Updated: 1:dovecot-2.0.17-1.qtp.i386
Feb 11 12:52:30 Updated: qmail-toaster-1.03-1.3.21.i686
Feb 11 12:53:07 Updated: qmailtoaster-plus-0.3.2-1.4.17.noarch

I had disabled cram-md5 from the server (as I had had issues with it
on my other toaster running Horde). in /etc/dovecot/toaster.conf:

auth_mechanisms = plain login digest-md5

But after the update logins to Squirrelmail no longer worked, this was
the error given by Squirrelmail:

ERROR:
Bad request: IMAP server does not appear to support the authentication
method selected. Please contact your system administrator.

And in dovecot.log I saw:

Feb 16 23:31:04 imap-login: Info: Disconnected (tried to use
unsupported auth mechanism): method=CRAM-MD5, rip=127.0.0.1,
lip=127.0.0.1, secured

What I have in /etc/squirrelmail/config.php is:

$imap_auth_mech = 'login';
$use_imap_tls = false;

Now I am puzzled as I had the same config in dovecot/squirrelmail
before the update and things worked ok.

Here is what I see in the dovecot.log with the old version when
logging in via Squirrelmail:

Feb 16 23:40:33 imap-login: Info: Aborted login (auth failed, 1
attempts): user=pe...@mydomain.tld, method=PLAIN, rip=127.0.0.1,
lip=127.0.0.1, secured

So no cram-md5 there So the situation seems to be:

* with dovecot-2.0.11-2.qtp + qmail-toaster-1.03-1.3.20 Squirrelmail
works ok without cram-md5, Horde does not work without cram-md5

* with dovecot-2.0.17-1.qtp.i386 + qmail-toaster-1.03-1.3.21.i686
Squirrelmail does not work without cram-md5, situation of Horde with
this combo is unknown to me

Has anyone any ideas why Squirrelmail started using cram-md5 after the update?

Best,
Peter

-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Authentication methods

2012-02-16 Thread Pak Ogah


On 02/16/12 0:26, Eric Shubert wrote:
As part of the upgrade to vpopmail, we're considering removing clear 
text passwords from the database. This will improve security, but at 
the same time remove some (somewhat insecure) capabilitiy.


The biggest impact I think this will have is that admins will no 
longer be able to look up someone's password. In the event that a user 
loses their password, the administrator would reset the password to 
something temporary, and the user would subsequently change it to 
whatever they like. This is the practice followed in many (if not 
most) other environments.



I use clear text password for:
- if my manager asked by his superior/co-manager to peek his 
sub-ordinate email-account

- jabberd authentication by creating a view on vpopmail's table

-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Authentication methods

2012-02-15 Thread Eric Shubert

As part of the upgrade to vpopmail, we're considering removing clear 
text passwords from the database. This will improve security, but at the 
same time remove some (somewhat insecure) capabilitiy.


The biggest impact I think this will have is that admins will no longer 
be able to look up someone's password. In the event that a user loses 
their password, the administrator would reset the password to something 
temporary, and the user would subsequently change it to whatever they 
like. This is the practice followed in many (if not most) other 
environments.


The other impact will be the elimination of cram-md5 as an 
authentication option. While this doesn't really make QMT any less 
secure, it might mean that some clients that were formerly configured to 
use cram-md5 would fail to work until their configuration options were 
changed.


I honestly do not have a good feel for which or how many devices may be 
using cram-md5. There's also a chance that there exists some older 
devices (old Nokia phones perhaps?) that use cram-md5 and are unable to 
use TLS/SSL. I do doubt that such devices exist, but there's always that 
possibility.


In any case, I think it would be prudent for QMT to provide SMTPS (port 
465) before or at the same time that cram-md5 support is removed. This 
is something we've talked about already, so assume that there will be 
SMTPS capability should cram-md5 (and clear text passwords) be removed.


That's all I have on this at the moment. Any thoughts?
shubes ducks

--
-Eric 'shubes'


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] authentication

I am having authentication problems that I cannot seem to figure out.  
It always seems to happen with Thunderbird on Windows systems.   I 
cannot get the outgoing SMTP server to authenticate.  It always comes up 
with an error, cannot connect to server.   I am sure it's a problem with 
Thunderbird, but cannot seem to solve it.  Anyone else have trouble 
sending out using Thunderbird? 

The mail server is QMT and authenticates fine from a Linux workstation 
at the same location as the Windows box.


CJ

-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] authentication

2009-08-19 Thread Andreas Galatis

Hi Maxwell,

following your description this is not a authentification problem but rather a 
DNS or configuration issue.
Did you set the correct servername for outgoing mails in Thunderbird?
Is the protocol (smtp, submission) open on your (outgoing) firewall?
Cannot connect to server is far before authentification.
Try telnetting from those windows clients.

Andreas
Am Wednesday 19 August 2009 08:04:37 schrieb Maxwell Smart:
 I am having authentication problems that I cannot seem to figure out.
 It always seems to happen with Thunderbird on Windows systems.   I
 cannot get the outgoing SMTP server to authenticate.  It always comes up
 with an error, cannot connect to server.   I am sure it's a problem with
 Thunderbird, but cannot seem to solve it.  Anyone else have trouble
 sending out using Thunderbird?

 The mail server is QMT and authenticates fine from a Linux workstation
 at the same location as the Windows box.

 CJ

 ---
-- Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster
 support and installations. If you need professional help with your setup,
 contact them today!
 ---
-- Please visit qmailtoaster.com for the latest news, updates, and
 packages.

   To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands,
 e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] authentication

I can connect from the same network using a Linux box.  I can also 
connect to the server from the windows box using webmail, which means 
the DNS is working correctly. 



Andreas Galatis wrote:

Hi Maxwell,

following your description this is not a authentification problem but rather a 
DNS or configuration issue.

Did you set the correct servername for outgoing mails in Thunderbird?
Is the protocol (smtp, submission) open on your (outgoing) firewall?
Cannot connect to server is far before authentification.
Try telnetting from those windows clients.

Andreas
Am Wednesday 19 August 2009 08:04:37 schrieb Maxwell Smart:
  

I am having authentication problems that I cannot seem to figure out.
It always seems to happen with Thunderbird on Windows systems.   I
cannot get the outgoing SMTP server to authenticate.  It always comes up
with an error, cannot connect to server.   I am sure it's a problem with
Thunderbird, but cannot seem to solve it.  Anyone else have trouble
sending out using Thunderbird?

The mail server is QMT and authenticates fine from a Linux workstation
at the same location as the Windows box.

CJ

---
-- Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster
support and installations. If you need professional help with your setup,
contact them today!
---
-- Please visit qmailtoaster.com for the latest news, updates, and
packages.

  To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands,
e-mail: qmailtoaster-list-h...@qmailtoaster.com





-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


  


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] authentication

2009-08-19 Thread Philip


Maxwell
try testing the authentification with a telnet session
from your windows box, if that works you can pin point the issue to your 
mail client


if you dont know how to test it via telnet
use this nice tut :
http://qmail.jms1.net/test-auth.shtml

Cheers
-P
Maxwell Smart wrote:
I can connect from the same network using a Linux box.  I can also 
connect to the server from the windows box using webmail, which means 
the DNS is working correctly.


Andreas Galatis wrote:

Hi Maxwell,

following your description this is not a authentification problem but 
rather a DNS or configuration issue.

Did you set the correct servername for outgoing mails in Thunderbird?
Is the protocol (smtp, submission) open on your (outgoing) firewall?
Cannot connect to server is far before authentification.
Try telnetting from those windows clients.

Andreas
Am Wednesday 19 August 2009 08:04:37 schrieb Maxwell Smart:
 

I am having authentication problems that I cannot seem to figure out.
It always seems to happen with Thunderbird on Windows systems.   I
cannot get the outgoing SMTP server to authenticate.  It always 
comes up
with an error, cannot connect to server.   I am sure it's a problem 
with

Thunderbird, but cannot seem to solve it.  Anyone else have trouble
sending out using Thunderbird?

The mail server is QMT and authenticates fine from a Linux workstation
at the same location as the Windows box.

CJ

--- 


-- Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com) Vickers Consulting Group offers 
Qmailtoaster
support and installations. If you need professional help with your 
setup,

contact them today!
--- 


-- Please visit qmailtoaster.com for the latest news, updates, and
packages.

  To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands,
e-mail: qmailtoaster-list-h...@qmailtoaster.com





- 

Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and 
installations.

  If you need professional help with your setup, contact them today!
- 

 Please visit qmailtoaster.com for the latest news, updates, and 
packages.
   To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com



  


- 

Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and 
installations.

 If you need professional help with your setup, contact them today!
- 

Please visit qmailtoaster.com for the latest news, updates, and 
packages.
 To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com






-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] authentication

2009-08-19 Thread Andreas Galatis

Did you try telnet from the concerned windose?

Andreas 

Am Wednesday 19 August 2009 08:52:51 schrieb Maxwell Smart:
 I can connect from the same network using a Linux box.  I can also
 connect to the server from the windows box using webmail, which means
 the DNS is working correctly.

 Andreas Galatis wrote:
  Hi Maxwell,
 
  following your description this is not a authentification problem but
  rather a DNS or configuration issue.
  Did you set the correct servername for outgoing mails in Thunderbird?
  Is the protocol (smtp, submission) open on your (outgoing) firewall?
  Cannot connect to server is far before authentification.
  Try telnetting from those windows clients.
 
  Andreas
 
  Am Wednesday 19 August 2009 08:04:37 schrieb Maxwell Smart:
  I am having authentication problems that I cannot seem to figure out.
  It always seems to happen with Thunderbird on Windows systems.   I
  cannot get the outgoing SMTP server to authenticate.  It always comes up
  with an error, cannot connect to server.   I am sure it's a problem with
  Thunderbird, but cannot seem to solve it.  Anyone else have trouble
  sending out using Thunderbird?
 
  The mail server is QMT and authenticates fine from a Linux workstation
  at the same location as the Windows box.
 
  CJ
 
  
 --- -- Qmailtoaster is sponsored by Vickers Consulting Group
  (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster
  support and installations. If you need professional help with your
  setup, contact them today!
  
 --- -- Please visit qmailtoaster.com for the latest news, updates,
  and packages.
 
To unsubscribe, e-mail:
  qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands,
  e-mail: qmailtoaster-list-h...@qmailtoaster.com
 
  -
  Qmailtoaster is sponsored by Vickers Consulting Group
  (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster
  support and installations. If you need professional help with your setup,
  contact them today!
  -
  Please visit qmailtoaster.com for the latest news, updates, and
  packages.
 
To unsubscribe, e-mail:
  qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands,
  e-mail: qmailtoaster-list-h...@qmailtoaster.com

 ---
-- Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster
 support and installations. If you need professional help with your setup,
 contact them today!
 ---
-- Please visit qmailtoaster.com for the latest news, updates, and
 packages.

   To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands,
 e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] authentication

2009-08-19 Thread Jake Vickers


Philip wrote:

Maxwell
try testing the authentification with a telnet session
from your windows box, if that works you can pin point the issue to 
your mail client


if you dont know how to test it via telnet
use this nice tut :
http://qmail.jms1.net/test-auth.shtml



There is a more boiled-down one on the wiki:
http://wiki.qmailtoaster.com/index.php/How_to_use_telnet_for_diagnostics


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] authentication

I know how to use telnet, but I don't activate it on my servers because 
it's insecure.  I'll take a look at it later.  It's not that pressing 
since it's only on my wifes machine! :)


Jake Vickers wrote:

Philip wrote:

Maxwell
try testing the authentification with a telnet session
from your windows box, if that works you can pin point the issue to 
your mail client


if you dont know how to test it via telnet
use this nice tut :
http://qmail.jms1.net/test-auth.shtml



There is a more boiled-down one on the wiki:
http://wiki.qmailtoaster.com/index.php/How_to_use_telnet_for_diagnostics


- 

Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and 
installations.

 If you need professional help with your setup, contact them today!
- 

Please visit qmailtoaster.com for the latest news, updates, and 
packages.
 To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com





-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] authentication

2009-08-19 Thread Eric Shubert


You don't have to have telnet on the server. It's a client app. You can
# telnet mailhost 25
to any email transport server, so long as there is connectivity.

(Perhaps you're thinking of ssh??)

Maxwell Smart wrote:
I know how to use telnet, but I don't activate it on my servers because 
it's insecure.  I'll take a look at it later.  It's not that pressing 
since it's only on my wifes machine! :)


Jake Vickers wrote:

Philip wrote:

Maxwell
try testing the authentification with a telnet session
from your windows box, if that works you can pin point the issue to 
your mail client


if you dont know how to test it via telnet
use this nice tut :
http://qmail.jms1.net/test-auth.shtml



There is a more boiled-down one on the wiki:
http://wiki.qmailtoaster.com/index.php/How_to_use_telnet_for_diagnostics


- 



--
-Eric 'shubes'


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] authentication

Doh!  I don't know why I thought I had to have Telnet running on the 
server.  Thanks Eric.  That's what happens when you have too many balls 
in the air.


I can see clearly now, my brain is gone

CJ

Eric Shubert wrote:

You don't have to have telnet on the server. It's a client app. You can
# telnet mailhost 25
to any email transport server, so long as there is connectivity.

(Perhaps you're thinking of ssh??)

Maxwell Smart wrote:
I know how to use telnet, but I don't activate it on my servers 
because it's insecure.  I'll take a look at it later.  It's not that 
pressing since it's only on my wifes machine! :)


Jake Vickers wrote:

Philip wrote:

Maxwell
try testing the authentification with a telnet session
from your windows box, if that works you can pin point the issue to 
your mail client


if you dont know how to test it via telnet
use this nice tut :
http://qmail.jms1.net/test-auth.shtml



There is a more boiled-down one on the wiki:
http://wiki.qmailtoaster.com/index.php/How_to_use_telnet_for_diagnostics 




- 







-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] authentication

OK, that did it.  It answers to port 587 but not 25.  My guess is that 
SBC is blocking port 25.  I will change the port on my wifes system and 
see what happens.  I just checked, and see that my desktop is set to use 
port 587.


Many thanks,

CJ

Maxwell Smart wrote:
Doh!  I don't know why I thought I had to have Telnet running on the 
server.  Thanks Eric.  That's what happens when you have too many 
balls in the air.


I can see clearly now, my brain is gone

CJ

Eric Shubert wrote:

You don't have to have telnet on the server. It's a client app. You can
# telnet mailhost 25
to any email transport server, so long as there is connectivity.

(Perhaps you're thinking of ssh??)

Maxwell Smart wrote:
I know how to use telnet, but I don't activate it on my servers 
because it's insecure.  I'll take a look at it later.  It's not that 
pressing since it's only on my wifes machine! :)


Jake Vickers wrote:

Philip wrote:

Maxwell
try testing the authentification with a telnet session
from your windows box, if that works you can pin point the issue 
to your mail client


if you dont know how to test it via telnet
use this nice tut :
http://qmail.jms1.net/test-auth.shtml



There is a more boiled-down one on the wiki:
http://wiki.qmailtoaster.com/index.php/How_to_use_telnet_for_diagnostics 




- 








- 

Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and 
installations.

 If you need professional help with your setup, contact them today!
- 

Please visit qmailtoaster.com for the latest news, updates, and 
packages.
 To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com





-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] authentication


Eric,

The wiki doesn't explain authentication.

maxw...@nicolette:~ telnet mail.yother.com 587
Trying 64.168.70.133...
Connected to mail.yother.com.
Escape character is '^]'.
220 Welcome to the Machine ESMTP
HELO ME
250 Welcome to the Machine
MAIL FROM c...@yother.com
503 AUTH first (#5.5.1)

What goes here?

CJ

Eric Shubert wrote:

You don't have to have telnet on the server. It's a client app. You can
# telnet mailhost 25
to any email transport server, so long as there is connectivity.

(Perhaps you're thinking of ssh??)

Maxwell Smart wrote:
I know how to use telnet, but I don't activate it on my servers 
because it's insecure.  I'll take a look at it later.  It's not that 
pressing since it's only on my wifes machine! :)


Jake Vickers wrote:

Philip wrote:

Maxwell
try testing the authentification with a telnet session
from your windows box, if that works you can pin point the issue to 
your mail client


if you dont know how to test it via telnet
use this nice tut :
http://qmail.jms1.net/test-auth.shtml



There is a more boiled-down one on the wiki:
http://wiki.qmailtoaster.com/index.php/How_to_use_telnet_for_diagnostics 




- 







-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] authentication

2009-08-19 Thread Eric Shubert

Nice (Pink Floyd). You might want to leave the toaster string (Welcome 
to Qmail Toaster Ver. 1.3) in there though. It helps bots that do 
surveys count your server as a Qmail Toaster (which helps all of us).


There are various pages on the web about testing auth with telnet. If we 
don't have it on the wiki yet, google for it, learn it, then add it to 
the wiki. TLS is particularly tricky because you need to encode what you 
send. There's a web site that'll do the encoding for you though, and you 
can simply cut'n'paste it.


Maxwell Smart wrote:

Eric,

The wiki doesn't explain authentication.

maxw...@nicolette:~ telnet mail.yother.com 587
Trying 64.168.70.133...
Connected to mail.yother.com.
Escape character is '^]'.
220 Welcome to the Machine ESMTP
HELO ME
250 Welcome to the Machine
MAIL FROM c...@yother.com
503 AUTH first (#5.5.1)

What goes here?

CJ

Eric Shubert wrote:

You don't have to have telnet on the server. It's a client app. You can
# telnet mailhost 25
to any email transport server, so long as there is connectivity.

(Perhaps you're thinking of ssh??)

Maxwell Smart wrote:
I know how to use telnet, but I don't activate it on my servers 
because it's insecure.  I'll take a look at it later.  It's not that 
pressing since it's only on my wifes machine! :)


Jake Vickers wrote:

Philip wrote:

Maxwell
try testing the authentification with a telnet session
from your windows box, if that works you can pin point the issue to 
your mail client


if you dont know how to test it via telnet
use this nice tut :
http://qmail.jms1.net/test-auth.shtml



There is a more boiled-down one on the wiki:
http://wiki.qmailtoaster.com/index.php/How_to_use_telnet_for_diagnostics 




- 



--
-Eric 'shubes'


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] authentication