Re: [courier-users] Courier-0.47 RPMBuild error
Sam Varshavchik wrote: Jerry Amundson writes: Did I miss something here? I've been building rpm's on FC2 since day 1 with out issue... The issue is a clean install of FC2. Building RPMs will work as long as a (not too) older version of Courier is already installed. On a clean system, it'll break. Clean as in not kept updated? I built courier 0.47 yesterday on this machine and I have the following: [EMAIL PROTECTED] rpm -q glibc rpm courier glibc-2.3.3-27 rpm-4.3.1-0.3 package courier is not installed Rgds Pierre --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] authuserdb/pop3d problem
Hi! I would like to create virtual mailboxes to our students using postfix+courier-imap. I have built and installed the necessary rpms from source courier-0.47.tar.bz2 on a Redhat 7.2 box. Installed packages are courier and courier-pop3d. I have the following problems: - Where the userdb file must be created ( /etc/userc or /etc/courier/userdb or /usr/lib/courier/libexec/authlib ) - I modified the authdaemonrc file as follows authmodulelist=authuserdb authpam Userdb, makeuserdb utils make changes in /etc/courier directory on userdb file. - When I try to login using pop3d it complains about missing /usr/lib/courier/libexec/authlib/authuserdb file. - Why is it looks for authuserdb and not userdb? I created the userdb file and copied it to /usr/lib/courier/libexec/authlib directory. Then I received this /usr/lib/courier/libexec/authlib/authuserdb: Permission denied. -What the userdb/authuserdb file permissions should be (owner, etc)? I changed it to world readable then I got this. /usr/lib/courier/libexec/authlib/authuserdb: Exec format error Any help would be appreciated (howto, sample conf, etc) Thanks Zoltan Sutto --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Courier and HBEDV AntiVir
Has anybody managed to get AntiVir running using courier's perlfilter mechanism ? Is there perhaps something like a generic sendmail milter - courier perlfilter interface (could be useful for other filtering software as well) ? Thanks -- juergen walch __ plumsoft systemhaus gmbh roritzerstr. 12 d-93047 regensburg fon +49-941-7979777 fax +49-941-7994421 PGP 0x2A077751 - 123D 3FF1 BF2B 373B E3C3 7F6E 5802 C5CA 2A07 7751 signature.asc Description: OpenPGP digital signature
Re: [courier-users] Status of SRS (SPF forwarding fix)
--On 17. November 2004 19:11 +0100 Pierre Ossman [EMAIL PROTECTED] wrote: I just wanted to know what the plans are for adding SRS support to courier. There is no need to hardcode this functionality into courier, and could cause problems because of the secrets which prevent relaying. Is this something that is going to be added in the near future? Or are there some difficulties getting this to work with courier? I've seen that there are several libraries out there implementing the bulk of the logic. Mail::SRS from CPAN is fairly easy for medium-volume servers. Just make shure to use the '-' as delimiter and not '+'. You need a wrapper (srsforward) which gets called from a .dotfile or simply as value for the mailbox if mySQL etc. is used: | srsforward srs.example.com $SENDER [EMAIL PROTECTED] Processing bounces may be done via etc/aliases, again via a small wrapper (in this case for a domain listed in virtual). Unfortunately courier does not preserve the $RECIPIENT as given in the RCPT TO, but it works this way: [EMAIL PROTECTED]: | srsbounce [EMAIL PROTECTED] This script should also check wether the $SENDER is really empty, and preferably also grep for /^To:[ ]*SRS[01]-/i in the header. Roland --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Status of SRS (SPF forwarding fix)
Julian Mehnle writes: Sam Varshavchik [EMAIL PROTECTED] wrote: Pierre Ossman writes: I just wanted to know what the plans are for adding SRS support to courier. Since courier recently got SPF support I've been starting to add it to the sites I administer. Unfortunatly I use forwarding in a number of places so SRS support (or something equivalent) is needed before I can fully enable SPF. Is this something that is going to be added in the near future? Or are No. Because adding it will turn the mail server into an open relay. Huh? Do I understand you right that you think adding SRS support to Courier would unconditionally turn it into an open relay? Pretty much. This has been discussed before. there some difficulties getting this to work with courier? I've seen that there are several libraries out there implementing the bulk of the logic. SPF can be used perfectly well with forwarding. Look how pobox.com does it, for example. If the MTA of b.com receives a message from domain a.com and forwards it to any MTA that does SPF checking, that destination MTA will generally reject the message unless b.com does some sort of sender rewriting. SRS Or, unless a.com's SPF record provides for forwarding through b.com pgpaDNPLfOWdq.pgp Description: PGP signature
Re: [courier-users] SPF and backup MX
--On 18. November 2004 09:48 +0100 Pierre Ossman [EMAIL PROTECTED] wrote: How does courier handle SPF when mail come from backup MX:s? I couldn't find anything in the documentation about this and the only mx related code I found was for handling the mx-entries in the SPF record. Not different than any other received mail. But you shure have all your MX's whitelisted anyway to suppress repeated spamfilters and the backscatter. Adding the backup MX:s to the access list with SPF disabled is an option, but I've seen on other mailing lists that other implementations checks if the other end is a backup for the mail it's trying to send. This is soemthing different, SPF only consults the respective TXT-records and does not care wether any hostnames match. the advantage of not having to configure (and keep updated) the lists of backups in every access list. That's exactly what the SPF-keyword 'mx' does. For additional hosts setup a zone (spf.example.com) which lists all hosts from where mail may be sent, and insert 'a:spf.example.com' into all SPF-records of your customers. It also means that that SPF is only disabled when host and recipient match (and not for every recipient coming from that host). If you dont trust your backup-mx the better drop them. These days low-priority MX are only used by the spammers, and they usually dont give better redundancy like 15 years ago. Roland --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SPF and backup MX
Pierre Ossman writes: More SPF questions ;) How does courier handle SPF when mail come from backup MX:s? I couldn't find anything in the documentation about this and the only mx related code I found was for handling the mx-entries in the SPF record. If SPF checking is enabled, incoming mail is SPF-checked. pgpIz8Wjr3qUq.pgp Description: PGP signature
Re: [courier-users] Status of SRS (SPF forwarding fix)
Sam Varshavchik wrote: Julian Mehnle writes: Huh? Do I understand you right that you think adding SRS support to Courier would unconditionally turn it into an open relay? Pretty much. This has been discussed before. Do you have a link to this discussion? I wasn't able to find it in the archives. From the documentation about SRS I've read the hash makes it very difficult to exploit it. Even in that case you can only send mail to the person who got relayed (not everyone) and only for a limited time. If the MTA of b.com receives a message from domain a.com and forwards it to any MTA that does SPF checking, that destination MTA will generally reject the message unless b.com does some sort of sender rewriting. SRS Or, unless a.com's SPF record provides for forwarding through b.com The forwarding is usually done on the receiving party's behalf (i.e. [EMAIL PROTECTED] gets forwarded to [EMAIL PROTECTED]). a.com in this case is every other domain out there so it's not very likely that b.com is in their SPF record. The current solution would be to turn of SPF checks for the mail servers where you can receive relayed mail from. But this is not something people are comfortable with if it is a public relaying service. Rgds Pierre --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SPF and backup MX
[EMAIL PROTECTED] wrote: --On 18. November 2004 09:48 +0100 Pierre Ossman [EMAIL PROTECTED] wrote: the advantage of not having to configure (and keep updated) the lists of backups in every access list. That's exactly what the SPF-keyword 'mx' does. For additional hosts setup a zone (spf.example.com) which lists all hosts from where mail may be sent, and insert 'a:spf.example.com' into all SPF-records of your customers. I think you misunderstood me. If my backup MX sends me a mail from [EMAIL PROTECTED] to [EMAIL PROTECTED] the SPF protection will check the SPF records for doe.com (which probably doesn't consider my backup MX a legitimate source) and reject the mail. What I'd like is that my MTA sees that the other end is my backup MX and disable SPF. The second concern with it also checking the recipient is only a problem with a MTA which handles several domains with different backups. E.g. a.com and b.com is handled by primary-mx.a.com. a.com has a backup at a-backup.c.com. b.com has a backup at b-backup.d.com. If mail arrives from a-backup destined for a.com (or from b-backup destined for b.com) then SPF gets disabled. If mail arrives from a-backup destined for b.com (or some other domain) SPF stays on. If you dont trust your backup-mx the better drop them. These days low-priority MX are only used by the spammers, and they usually dont give better redundancy like 15 years ago. Not if you have a crappy ISP where downtime of a week is a fairly common thing. Having an external backup MX with a long timeout is essential. All of this might be a non-issue when you have backup-MX:s under your control but I don't have that luxury. I'd like to minimise the hole I make for the backup MX to work. Rgds Pierre --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
RE: [courier-users] SPF and backup MX
Pierre Ossman [EMAIL PROTECTED] wrote: How does courier handle SPF when mail come from backup MX:s? I couldn't find anything in the documentation about this and the only mx related code I found was for handling the mx-entries in the SPF record. Adding the backup MX:s to the access list with SPF disabled is an option, but I've seen on other mailing lists that other implementations checks if the other end is a backup for the mail it's trying to send. This gives the advantage of not having to configure (and keep updated) the lists of backups in every access list. I think it is generally considered best practice to have all your border MTAs (i.e. those who receive mail from the public internet, including your backup MXes) apply the same checks and security measures, so they can fully trust each other. Whitelisting co-MTAs by IP address is the traditional way to do it. But I _can_ see the value of doing that whitelisting by looking up your co-MTAs' IP addresses from the MX records of the recipient domain. Maybe such an optional feature would be a good addition to Courier. Apart from that, I can only agree with what Roland said: Pierre Ossman [EMAIL PROTECTED] wrote: Roland [EMAIL PROTECTED] wrote: If you dont trust your backup-mx the better drop them. These days low-priority MX are only used by the spammers, and they usually dont give better redundancy like 15 years ago. Not if you have a crappy ISP where downtime of a week is a fairly common thing. Having an external backup MX with a long timeout is essential. The correct solution to your problem is to switch to a more reliable ISP, so you don't have to rely on secondary MXes that are outside your control. These days, having your backup MXes (if any) being secure is equally essential, if not more, as having ones in the first place. --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
RE: [courier-users] Status of SRS (SPF forwarding fix)
Sam Varshavchik [EMAIL PROTECTED] wrote: Julian Mehnle writes: Huh? Do I understand you right that you think adding SRS support to Courier would unconditionally turn it into an open relay? Pretty much. This has been discussed before. Well, SRS is considered to be safe by the SPF project, so I'm trying to see whether you have found a yet unknown vulnerability. If the MTA of b.com receives a message from domain a.com and forwards it to any MTA that does SPF checking, that destination MTA will generally reject the message unless b.com does some sort of sender rewriting. Or, unless a.com's SPF record provides for forwarding through b.com But this can only be exploited by a.com if they can actually configure the forwarding(s) on b.com's MTA. But then, you can already relay through b.com if you can configure their forwardings, even without b.com having to do SRS. Sorry, I guess I do not really understand the attack vector you are trying to describe. :-( How does using sender rewriting in general and SRS in particular make me an open relay? SPF can be used perfectly well with forwarding. Look how pobox.com does it, for example. Are you aware that what pobox.com does actually _is_ SRS? --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
RE: [courier-users] Status of SRS (SPF forwarding fix)
Pierre Ossman [EMAIL PROTECTED] wrote: The current solution would be to turn of SPF checks for the mail servers where you can receive relayed mail from. But this is not something people are comfortable with if it is a public relaying service. It is your _only_ choice if no sender rewriting is used by the relaying service. The only purpose of sender rewriting, regardless which exact method you use (SRS or some other scheme, such as the two I described a few hours ago), is to oblige the forwarder to assume full responsibility for the use of his domain name as the sender address of every mail he forwards. In the old times of the Internet where a.com (everybody) could send a message and claim it to come from x.com, forwarders would have to take no responsibility for what domains are used as the sender addresses of the mail they forward. As a result, everybody could simply claim to be a forwarder and then go ahead faking sender addresses happily. Rewriting the sender address to your own domain when forwarding authenticated (e.g. by SPF) mail, and thus taking responsibility for it, is the only way to fix sender address forgery without loopholes. (I am talking of envelope sender address/return-path/hop-to-hop forgery only. Crypto schemes like DomainKeys could be used to fix PRA/From: header/end-to-end forgery.) --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SPF and backup MX
--On 18. November 2004 13:38 +0100 Pierre Ossman [EMAIL PROTECTED] wrote: I think you misunderstood me. If my backup MX sends me a mail from [EMAIL PROTECTED] to [EMAIL PROTECTED] the SPF protection will check the SPF records for doe.com (which probably doesn't consider my backup MX a legitimate source) and reject the mail. What I'd like is that my MTA sees that the other end is my backup MX and disable SPF. Its useless to check SPF (or anything else in the envelope) on forwarded mail. You cant even reject at this stage for any reason (including non existent users) as this will only produce backscatter. You have to skip all envelope-checks for any known forwarder. That's exactly what spf.trusted-forwarder.org does which is used as whitelist by default in many SPF-implementations. Disable SPF and other envelope-checks by whitelisting the respective intermediate server, and silently drop any incoming mail to nonexistent users into /dev/null and spammish content (with Spamassassin, Amavis etc.) into the spamfolder. If mail arrives from a-backup destined for a.com (or from b-backup destined for b.com) then SPF gets disabled. If mail arrives from a-backup destined for b.com (or some other domain) SPF stays on. SPF does not care about the recipient (and neither has to), and Courier has no idea who the recipient may be at the time of HELO and MAIL FROM. And what about multiple recipients in different domains ? Such things may be done only via individual .courier-alias (or the whitelist-api with some creativity). Not if you have a crappy ISP where downtime of a week is a fairly common thing. Having an external backup MX with a long timeout is essential. Wrong, dont use crappy administered boxes as MX, its just too much hassle for everybody. All of this might be a non-issue when you have backup-MX:s under your control but I don't have that luxury. I'd like to minimise the hole I make for the backup MX to work. Since the only functionality of a lower-priority-mx is to store and forward you gain no additional redundancy with this multi-mx setup. There is still one single point of failure - the primary MX and any multi-mx setup introduces more potential/real troubles. For maximal redundancy only use servers which store the received mail locally, and use fetchmail for the transfer into your MTA. This allows you all the flexibility in the case of an emergency and you dont need to punch holes into the firewall (guess you also have a hidden courier-mta somewhere ;) I am shure you could find a cheap host for $5/mo with some decent dnsbl-checks (and maybe even with SPF and/or Spamassassin) with no more than a few hours downtime per year. Two for $10 on different networks could give a great reliability. Roland --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] loosing envelope with reformime
Hello, I'm trying to despamassassin a message with `reformime -s 1.2 -e` in procmail. But the envelope with the 'From ' line gets lost. I have no access on the SpamAssassin configuration and also have no access on perl. Is there a means to keep the envelope line? -Hanspeter --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Webadmin not working? Always Error 500
Hi! I'm having trouble getting the webadmin to work. Whenever I try to change a setting (any setting, doesn't matter which one) and click on Ok, I'm getting an Error 500 and the message Premature end of script headers: webadmin. I'm using apache 2.0.52 with vhosts. The error_log contains: [Thu Nov 18 22:06:08 2004] [error] [client 82.207.192.45] Premature end of script headers: webadmin, referer: http://example.net/webmail/webadmin/10password To be able to use webadmin without SSL, I set a password in /etc/courier/webadmin/password and touched /etc/courier/webadmin/unsecureok. Apache2 is configured like this: ## NameVirtualHost *:80 VirtualHost *:80 ServerName example.net ServerAlias *.example.net CustomLog /var/www/example.net/logs/access_log combined ErrorLog /var/www/example.net/logs/error_log DocumentRoot /var/www/example.net/htdocs Directory /var/www/example.net/htdocs AllowOverride All Options -Indexes FollowSymLinks MultiViews IfModule mod_access.c Order allow,deny Allow from all /IfModule /Directory ScriptAlias webmail /usr/lib/courier/courier/webmail/ Directory /usr/lib/courier/courier/webmail/ AllowOverride All Options -Indexes FollowSymLinks ExecCGI IfModule mod_access.c Order allow,deny Allow from all /IfModule /Directory /VirtualHost ## I'd suppose that this is some sort of permissions problem; that the webadmin CGI cannot write to some place? As which user/group might it be trying to write where? I'm using the courier-0.47 ebuild of Gentoo Linux. Thanks for any help whatsoever! Alexander Skwar -- Love thy neighbor, tune thy piano. --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] [PATCH] couriermlm.sgml
I noticed a couple spelling mistakes on the couriermlm man page. This patch corrects them. The only one I wasn't sure of was filesystem - file system. I took ispell's word for it. Regards, Mark Index: couriermlm.sgml === RCS file: /cvsroot/courier/courier/courier/courier/doc/couriermlm.sgml,v retrieving revision 1.3 diff -u -p -r1.3 couriermlm.sgml --- couriermlm.sgml 4 Nov 2003 23:49:53 - 1.3 +++ couriermlm.sgml 18 Nov 2004 21:36:21 - @@ -95,7 +95,7 @@ support from the Courier mail server. listitem para Use this command to create a directory where commandcouriermlm/command -keps all mailing list related files./para +keeps all mailing list related files./para /listitem /varlistentry @@ -284,7 +284,7 @@ subdirectories in the mailing list direc listitem para This subdirectory has the database files that -contain the mailing list's subscribtion list./para +contain the mailing list's subscription list./para /listitem /varlistentry @@ -1028,7 +1028,7 @@ address to subscribe./para termsubscribe-replaceablename=domain/replaceable/term listitem para -Axplicitly specify the +Explicitly specify the address to subscribe to the mailing list, instead of using a return address. In the previous example, sending a message addressed to literallt;[EMAIL PROTECTED]/literal would @@ -1129,7 +1129,7 @@ Mailing list digests are created as a second, separate, mailing list. The replaceablecreate/replaceable command initializes a second mailing list directory, and then additional configuration -takes place which ties links the main mailing list toe the digest list./para +takes place which links the main mailing list to the digest list./para para If the mailing list address is literal[EMAIL PROTECTED]/literal, the @@ -1137,7 +1137,7 @@ address of the digest version of the mai literal[EMAIL PROTECTED]/literal, but it doesn't have to be this address. The only requirement is that the directory for the digest version of -the mailing list must reside on the same filesystem as the directory for the +the mailing list must reside on the same file system as the directory for the mailing list itself, and both must be owned by the same userid./para para
[courier-users] Relay Problems
Hi! (hmmm... i assume my first message was dropped, as I used the wrong sender address.) anyway: A few weeks ago I noticed that some providers have some IP addresses in my dialup provider's pool blacklisted, rendering courier's attempts to contact the smtps of recipients domains useless. I set my provider's smtp as backup relay, but courier still dropped messages, after having received a relaying denied message. *Feature request*: I would love to edit the list of error codes, so courier will send messages through the backup relay, even in those bloody cases, as they are not _permanent_ errors, but temporary. It's not possible yet, so I made my backup relay the ONLY relay. Old school message delivery... :-( Unfortunately, courier still sends messages singularly if more than one recipient is in the header, multiplying the traffic. My provider's server is supposed to do that dirty work... what can I do about it? Regards Niclas --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] loosing envelope with reformime
On Nov 18 at 21:45, Hanspeter Roth spoke: Hello, I'm trying to despamassassin a message with `reformime -s 1.2 -e` in procmail. But the envelope with the 'From ' line gets lost. I have no access on the SpamAssassin configuration and also have no access on perl. Is there a means to keep the envelope line? I'm now piping the output of reformime through `formail -b`. The date becomes different but thats all right for me. -Hanspeter --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Somebody leaking addresses from this list to spammers
Hello I have been on this list less than two weeks and I created special email address for this (thank's for couriers user extensions) list. But right now I have got two spam/virus email messages into this special mailbox. I haven't published this email address elsewhere so somebody has been collecting email addresses directly from emails (ie there is spammers reading this list). Or somebody is publishing this email disccussions on web page where spammers are collecting addresses. Those web publishers should use anonymizers to hide real email addresses from spammers. Those emails I got, there was attached exe files for Windows. Haven't investigated those yet if it's virus or other malware. Here is headers from those emails: Return-Path: [EMAIL PROTECTED] Received: from mail-relay-1.tiscali.it (mail-relay-1.tiscali.it[:::213.205.33.41]) by my.own.host with esmtp; Thu, 18 Nov 2004 19:11:40 +0200 id 0002025D.419CD7CD.26B3 Received: from pytbcva (217.133.106.106) by mail-relay-1.tiscali.it (7.1.021.3) id 416A803800769800; Thu, 18 Nov 2004 18:04:53 +0100 Date: Thu, 18 Nov 2004 18:04:53 +0100 (added by [EMAIL PROTECTED]) Message-ID: [EMAIL PROTECTED] (added by [EMAIL PROTECTED]) FROM: Technical Support [EMAIL PROTECTED] TO: MS Customer [EMAIL PROTECTED] SUBJECT: Latest Critical Upgrade Mime-Version: 1.0 Content-Type: multipart/mixed; boundary==_-9907-1100797902-0001-2 . . . [-- Attachment #2: Qr.exe --] [-- Type: application/x-msdownload, Encoding: base64, Size: 140K --] Content-Type: application/x-msdownload; name=Qr.exe This email has been reported to spamcop and other lists. Okay, this is not spam reporting list but I am just warning you all... Regards, Henri -- _/ _/ _/ \__ _/ _/ _/Henri Paasovaara \ mailto:[EMAIL PROTECTED] _/ _/ _/I know everything, I just can't remember it all at once. --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Status of SRS (SPF forwarding fix)
Pierre Ossman writes: Sam Varshavchik wrote: Julian Mehnle writes: Huh? Do I understand you right that you think adding SRS support to Courier would unconditionally turn it into an open relay? Pretty much. This has been discussed before. Do you have a link to this discussion? I wasn't able to find it in the archives. This was discussed, to some extent, on the MARID mailing list. From the documentation about SRS I've read the hash makes it very difficult to exploit it. Even in that case you can only send mail to the person who got relayed (not everyone) and only for a limited time. There have been multiple versions of the same basic concept -- when forwarding, replace the original return address with something that goes back to the forwarder; when the forwarder receives a bounce, it figures out, somehow, where the original message came from, and forwards the bounce too. The possible implementations generally involve the same basic trade-off: if you do it the easy way, you essentially become an open relay that's exploitable using the bounce-return mechanism; or you can tighten up the way the bounces are processed, but then the whole thing turns into a complicated, fragile implementation that easily breaks for the slightest of reasons. I think the SPF is good enough as it is. The domain controller dictates the policy for his domain. If he wants to use SPF and not allow his mail to be forwarded, that's within the domain owner's discretion. It's his domain, he is entitled to do whatever he wants with it. If he doesn't want his mail to be forwardable, that's up to him. if he wants his mail to be forwardable, he can do that too, by authorizing another organization to forward the domain mail. pgpWFT3LcivH1.pgp Description: PGP signature
Re: [courier-users] Somebody leaking addresses from this list to spammers
Henri Paasovaara writes: I haven't published this email address elsewhere so somebody has been collecting email addresses directly from emails (ie there is spammers reading this list). Or somebody is publishing this email disccussions on web page where spammers are collecting addresses. Those web publishers should use anonymizers to hide real email addresses from spammers. This, and many other mailing lists, are mirrored by google. pgpslPE57rLSY.pgp Description: PGP signature
[courier-users] Re: Courier build 20041116
Sam Varshavchik [EMAIL PROTECTED] writes: Updated builds of courier-authlib and courier-imap packages are available at http://www.courier-mta.org/download.php • Fix several minor problems with MySQL and PostgreSQL authentication modules • Documentation tweaks. Are these newer than the authlib and imap that are part of the 20041113 version of the entire courier package? -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Courier build 20041116
Lloyd Zusman writes: Sam Varshavchik [EMAIL PROTECTED] writes: Updated builds of courier-authlib and courier-imap packages are available at http://www.courier-mta.org/download.php Fix several minor problems with MySQL and PostgreSQL authentication modules Documentation tweaks. Are these newer than the authlib and imap that are part of the 20041113 version of the entire courier package? The entire Courier package does not include authlib. The changes to imap are minor, and do not warrant a master rebuild of everything. pgpUSG0413Ncz.pgp Description: PGP signature
[courier-users] Re: Courier build 20041116
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: Sam Varshavchik [EMAIL PROTECTED] writes: Updated builds of courier-authlib and courier-imap packages are available at http://www.courier-mta.org/download.php [ ... ] Are these newer than the authlib and imap that are part of the 20041113 version of the entire courier package? The entire Courier package does not include authlib. Oh yeah ... I forgot that it's now unbundled. The changes to imap are minor, and do not warrant a master rebuild of everything. OK. Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Relay Problems
niclas wrote: Unfortunately, courier still sends messages singularly if more than one recipient is in the header, multiplying the traffic. Not exactly. Even when there is a smarthost Courier will send ONE copy of the message to all the users at any one domain, exactly as if it was sending the mail directly to the domains instead of to the smarthost. I'm attaching the last correspondence about it that explains the issue. Jeff Jansen Original Message Subject: Re: [courier-users] Multiple recipients per message and smarthost forwarding (Courier 0.47, Suse Linux 9.0) Date: Wed, 27 Oct 2004 09:02:58 -0400 From: Jeff Jansen [EMAIL PROTECTED] To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] Joern Lippold wrote: Just looking in the mail archive (From: Jeff Jansen [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]... Re: Multirecipient mail routing, 2003-06-04 14:39) I saw there was a similar question placed before, obviously solved by a private patch. Is there meanwhile an official solution available? Dear Joren, The short answer is No, there's no official solution available. You have to patch courier yourself. The long answer is that this happens because courier assigns each message to a queue based on the mail domain of the recipients. So the same message to [EMAIL PROTECTED] and [EMAIL PROTECTED] ends up assigned to two different queues: domain1 and domain2. Then when courier actually sends the message it checks the esmtproutes file and looks to see if there is any special routing. But even if both domains are routed to the same smarthost the message will still get sent to the smarthost twice, once for each queue. I wrote a patch that changes this by consulting the esmtproutes file before the message is assigned to a queue and if it's finds a smarthost then ALL messages are put in one queue with the smarthost as the domain instead of the actual mail domain. This obviously has a slight performance hit as we're consulting the esmtproutes file a second time. When I wrote Sam about this a couple of years ago he said that this issue affects so few people that he wasn't interested in incorporating it. And I have to agree with him. You are only the second person (after me) in the last 2 years that I've seen write about this issue. You can get the patch at Gordon Messmer's web site: http://phantom.dragonsdawn.net/~gordon/courier-patches/batch-through-smarthost.patch The one on Gordon's site is against a fairly old courier version, so if you have any trouble then I'll be happy to send you the same patch against the most recent stable version of courier - 0.47. It does mean that you have to patch the courier source each time it comes out, but with a few lines of shell scripting you can automate the whole process of extracting, patching, and making rpms. I hope that helps. Jeff Jansen --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Status of SRS (SPF forwarding fix)
Sam Varshavchik wrote: There have been multiple versions of the same basic concept -- when forwarding, replace the original return address with something that goes back to the forwarder; when the forwarder receives a bounce, it figures out, somehow, where the original message came from, and forwards the bounce too. The possible implementations generally involve the same basic trade-off: if you do it the easy way, you essentially become an open relay that's exploitable using the bounce-return mechanism; or you can tighten up the Agreed, a too simple solution will only create more problems. way the bounces are processed, but then the whole thing turns into a complicated, fragile implementation that easily breaks for the slightest of reasons. Complicated perhaps, but I still think it's necessary and worth the effort to get right. The problem scenario I see is when user Joe changes ISP:s now and then. He doesn't want to give out a new email address to everyone he knows each time so he gets a more generic address at a forwarder. If his ISP implements SPF checks then the forwarder must have some kind of rewriting scheme or mail will get rejected. The problem here is that Joe cannot tell his ISP to turn of SPF checks for some servers (the forwarder's servers). He cannot control the SPF records of everyone who tries to mail him. The only thing he can control is the choice of forwarder. As it is right now courier is out of the question in such a position. Unless you get creative with dotcourier files. But that probably makes things even more complicated to get secure. The reason I'm being so persistent is that I think courier is the best MTA for my needs and I'd hate to have to set up another server just to handle forwarding. Rgds Pierre --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] sqwebmail via ssl
Hi! I installed sqwebmail per deb package a few days ago on debian sarge! Now I want to run sqwebmail per https (ssl) which is installed and running with mysql-ssl and pop-ssl from courier! Please help how to do that! Thanks markus