Re: [courier-users] Courier virtual domain alias trouble/bug
Svetozar Mihailov wrote: I am using full courier suite since version 0.37, [...] Courier 0.52.2 + Authlib 0.58 Courier 0.54.1 + Authlib 0.59 Do you mean aliases stopped working when you upgraded [to which version]? There are logs with real domains hidden: does testmxlookup return the same for each domain? - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courier virtual domain alias trouble/bug
On Thu, 2007-01-11 at 09:25 +0100, Alessandro Vesely wrote: Svetozar Mihailov wrote: I am using full courier suite since version 0.37, [...] Courier 0.52.2 + Authlib 0.58 Courier 0.54.1 + Authlib 0.59 Do you mean aliases stopped working when you upgraded [to which version]? I never use catch-all [EMAIL PROTECTED] until now. So I don't know from which version courier does not search for [EMAIL PROTECTED] for every hosted domain, when user in not found in mysql. There are logs with real domains hidden: does testmxlookup return the same for each domain? Yes, master DNS for all hosted domains are on same server, all domains have only one MX and this MX is server itself as hostname, not as ip address. As I wrote to list problem disappears when contents of 'me' file does not match any of hosted domains. This of course lead to problem with emails generated from server itself ( apache, some cron scripts, ... ) but this can be fixed. Anyway I track problem to file courier/module.local/local.c but tests are in progress. I currently does not understand why domain part is stripped when address is in form [EMAIL PROTECTED] where contents of me is domain. I suppose that domain listed in me file is auto local, or something like this. So I change me file to hostname of server for temporally fix ( and run makealiases of course ). If local domains are those listed in locals AND in me file and this is somewhere in docs I missed that part. Best regards, Svetozar Mihailov - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] filtering mail in a backup-mx
My solution: I have set up the backup mx system as usual and then do a esmtpd stop. A simple script (executed once a few minutes) tests availability of the primary mx system (just connect, HELO and QUIT). If the primary seems down, esmtpd start gets executed. When the primary is there again, esmtpd gets stopped. That's a nice idea! However, nobody answered my original question. I still want to be able to filter mails which aren't delivered locally. This does also apply for mails which will be aliased to an adress at another host. Greets, Manuel -- - All-Things-Open Projektgruppe [EMAIL PROTECTED] - -BEGIN GEEK CODE BLOCK- Version: 3.1 GCM d-- s:- a? C++$ UL P+ L+++$ E- W+++$ N+ o-- K- w--$ O+ M+ V PS+ PE- Y+ PGP+ t 5 X R UF !tv b+ DI D+ G+ e h r y++ --END GEEK CODE BLOCK-- - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] filtering mail in a backup-mx
On Thu, 2007-01-11 at 12:44 +0100, Manuel Schneider [Everything Open] wrote: My solution: I have set up the backup mx system as usual and then do a esmtpd stop. A simple script (executed once a few minutes) tests availability of the primary mx system (just connect, HELO and QUIT). If the primary seems down, esmtpd start gets executed. When the primary is there again, esmtpd gets stopped. That's a nice idea! However, nobody answered my original question. I still want to be able to filter mails which aren't delivered locally. This does also apply for mails which will be aliased to an adress at another host. Greets, Manuel From courier man page: enablefiltering This configuration file enables the global mail filtering API for selected mail sources. This file, if it exists, contains a single line of text that specifies which kind of mail will be filtered. The possible values are: esmtp Enables global mail filtering for mail received via ESMTP. local Specifies that mail received from logged on users, via sendmail, and mail forwarded from dot-courier(5) will be filtered using the global mail filtering API. uucp Specifies that mail received from UUCP will be filtered. If you want to specify more than one source of mail, such as ESMTP and local mail, specify both esmtp and local, separated by a space charac- ter. Note: The global mail filtering API is described, in detail, in the courierfilter(8) manual page. This is NOT the traditional user-controlled mail filtering, such as maildrop(1). A global mail filter is a daemon process that selectively accepts or rejects incoming mail, based on arbitrary criteria. I have file '/etc/courier/enablefiltering' with one line: 'local esmtp' and everything is filtered via clamcour installed as global mail filter. Keep in mind that global filtering cannot alter emails! Global filters just accept or reject email. This is good for virus checking and not good for spam ( at least for me ). Best regards, Svetozar - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] 456 unavailable for SOME accounts of same domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! I'm getting 456 temporarily unavailable errors for accounts of a certain domain, but not for others in the same domain. I've enabled all debug options in esmtpd and authdaemon, but so far, nothing interesting. I've raised the number of accepted connections and number of daemons, restarted everything, and the accounts started receiving email again, but only for a couple of minutes. it's a simple setup with mysql auth. authtest works ok for all accounts, no permission errors, etc. How can I debug this in more detail? - -- Arturo Buanzo Busleiman - Consultor Independiente en Seguridad Informatica ¿No sabés a dónde ir a comer o tomar algo? Visitá www.vivamoslavida.com.ar -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFpm5YAlpOsGhXcE0RAusEAJ4mw8vimn99bxBlXOXYKFwmnlmQXACfbRzY kZr3qWuEt0aDA9iIIUdA9iE= =swQy -END PGP SIGNATURE- - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] 456 unavailable for SOME accounts of same domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Replying to myself: Backscatter issue :( courier clear mail_address helped, but I'll RTFM again. - -- Arturo Buanzo Busleiman - Consultor Independiente en Seguridad Informatica ¿No sabés a dónde ir a comer o tomar algo? Visitá www.vivamoslavida.com.ar -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFpnFqAlpOsGhXcE0RAnFPAJ4tv7YrRJlzrFY74kK740BTTWUAcwCfR+ld 8ooPJefI8zS2URKZTB9hANY= =WhWw -END PGP SIGNATURE- - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Blowfish for passwd encryption in a postfix-mysql-courier system
Finally it works!. O.S: Fedora Core 6, but i think it works on diferents RH or RPM based distros. 1.- Obtain the libxcrypt tarball (you can get a copy of the latest version in http://ftp.suse.com/pub/people/kukuk/libxcrypt/). You'll find a spec file to build a rpm install in a similar way as build rpm package for courier-imap or courier-authlib. Install libxcrypt-xx.rpm and libxcrypt-devel-xxx.rpm 2.- In /lib link the diferents libcrypt-xx.so to the new libxcrypt-xx.so 3.- In /usr/lib do a similar replace with the libcrypt.a 4.- Unpack the courier-authlib and add the following lines: File: checkpassword.c Line: 38 from: if (strncmp(encrypted_password, $1$, 3) == 0 || strncasecmp(encrypted_password, {MD5}, 5) == 0 ) to: if (strncmp(encrypted_password, $1$, 3) == 0 || strncasecmp(encrypted_password, {MD5}, 5) == 0 || strncasecmp(encrypted_password, $2a$, 4) == 0 ) File: checkpasswordmd5.c Line: 20 from: if (strncmp(encrypted_password, $1$, 3) == 0) { return (strcmp(encrypted_password, md5_crypt(password, encrypted_password))); } if (strncasecmp(encrypted_password, {MD5}, 5) == 0) { return (strcmp(encrypted_password+5, md5_hash_courier(password))); } to: if (strncmp(encrypted_password, $1$, 3) == 0) { return (strcmp(encrypted_password, md5_crypt(password, encrypted_password))); } if (strncmp(encrypted_password, $2a$, 4) == 0) { return (strcmp(encrypted_password, crypt(password, encrypted_password))); } if (strncasecmp(encrypted_password, {MD5}, 5) == 0) { return (strcmp(encrypted_password+5, md5_hash_courier(password))); } 5.- rebuild and reinstall courier-authlib. Users in a MySQL-db could have their password Blowfish crypted and courier-authlib will authenticate them. -- Omar Martinez [EMAIL PROTECTED] Omar Martinez escribió: Jay Lee wrote: Omar Martinez wrote: Hi, I'm moving a Suse based server: 3000 accounts, MTA: Sendmail, passwd/shadow auth. The new server its Fedora Core 6 with Postfix-Courier-MySQL. Why would you move to a platform that is going to be obsolete in a years time? Fedora is a very bad choice for a server install IMHO. You'd be *much* better off using RHEL4 or CentOS 4. Yeah, maybe you're right SuSe use Blowfish to save the passwords, but Fedora does not recognize this kind of encryption. Compiling libxcrypt and pam_unix2 Fedora can authorize the passwords in the system, But, still courier-authlib can recognize the passwd. After the recompile did you try rebuilding Courier-authlib? Are you rebuilding the libxcrypt and pam_unix2 RPMs or are you just building and installing them manually? Where can I enable BlowFish encryption in courier-authlib ?. My suspicion is that courier-authlib will use Blowfish if the underlying libary *that it was built against *supports blowfish. I follow your advice, but courier-authlib only can use blowfish crypted password if the users are in the passwd/shadow file. This is because authpam use the PAM module, but in the case of authmysql, courier use the definitions of the file checkpassword.c and checkpasswordmd5.c (only md5_crypt and md5_hash_courier functions defined in the md5 directory). I'm working in quickeasy integration of the xcrypt functions in my courier-auth-lib installation. It will be a solution to my problem, but could be a start point for the future integration in the package.. If somebody resolve this problem before, I'll be thankful if can share the solution. Thanks Jay Lee by your advice... -- Omar Martinez [EMAIL PROTECTED] Jay - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] upgrade issue with courier-authlib 0.58 - 0.59 / ldap auth
hi ! after an update of courier-authlib from 0.58 to 0.59, ldap authentication doesn't seem to work anymore (authtest / maildrop / ...). the system is based on fedora core 2, with openldap 2.1.29-1 ; we use both userdb and ldap authentication (we're slowly migrating from userdb to ldap) ; we use our own ldap schema. courier-authlib is from a custom made rpm, but exactly the same environment is used to build both 0.58 and 0.59 versions ; no configuration changes have been made. the system is a i686 (p4) with a 2.6.9-42.0.2.EL centos/rhel4 kernel with 0.58, a debug trace for the user [EMAIL PROTECTED] (who is only in ldap) shows : authuserdb: trying this module userdb: looking up '[EMAIL PROTECTED]' userdb: entry not found authuserdb: REJECT - try next module authldap: trying this module using search filter: [stripped a long search filter here] one entry returned, DN: uid=yoyo,ou=Users,dc=acme,dc=com authldaplib: sysusername=null, sysuserid=501, sysgroupid=501, homedir=/home/vmail/acme.com/yoyo, [EMAIL PROTECTED], fullname=Yoyo, maildir=/home/vmail/acme.com/yoyo, quota=null, options=null Authenticated: sysusername=null, sysuserid=501, sysgroupid=501, homedir=/home/vmail/acme.com/yoyo, [EMAIL PROTECTED], fullname=Yoyo, maildir=/home/vmail/acme.com/yoyo, quota=null, options=null while with 0.59: received userid lookup request: [EMAIL PROTECTED] authuserdb: trying this module userdb: looking up '[EMAIL PROTECTED]' userdb: entry not found authuserdb: REJECT - try next module authldap: trying this module selected ldap protocol version 3 binding to LDAP server as DN 'null' stopping authdaemond children restarting authdaemond children modules=authuserdb authldap, daemons=5 Uninstalling authuserdb Uninstalling authldap Installing libauthuserdb Installing libauthldap Installation complete: authldap relevant configuration files: $ grep -v '^\(#\|$\)' authdaemonrc authmodulelist=authuserdb authldap authmodulelistorig=authuserdb authpam authpgsql authldap authmysql authcustom authpipe daemons=5 authdaemonvar=/var/spool/authdaemon DEBUG_LOGIN=1 DEFAULTOPTIONS= LOGGEROPTS=-name=authlib -facility=local1 LDAPTLS_CACERT=/etc/obs/certs/obs-cacert.pem LDAPTLS_REQCERT=demand $ grep -v '^\(#\|$\)' authldaprc LDAP_URIldaps://svc-ldap-01.acme.com, ldaps://svc- ldap-02.acme.com LDAP_PROTOCOL_VERSION 3 LDAP_BASEDN dc=acme,dc=com LDAP_TIMEOUT5 LDAP_AUTHBIND 1 LDAP_MAIL mail LDAP_FILTER [a_long_ldap_filter_here] LDAP_DOMAIN acme.com LDAP_GLOB_UID 501 LDAP_GLOB_GID 501 LDAP_HOMEDIRobsMailDirectory LDAP_MAILDIRobsMailDirectory LDAP_DEFAULTDELIVERYdefaultDelivery LDAP_FULLNAME cn LDAP_DEREF never LDAP_TLS0 any clue ? there's no problem doing more tests - it's just that until now courier updates worked seamlessly, so we don't have a test environment - just upgrading the packages on the production server at night, so it may take some time to provide more debug / do more tests anyway, thanks for a great software ! ivan - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users