[courier-users] systemd scripts for courier
Hi all, currently running on a gentoo derivative distro, courier seems happy for over a decade.in remote servers, so swapping out distro not an option. Anyone have a recommendation or pointer to any distro's build/rpm/package/etc which includes systemd scripts for courier and courier-authlib? None in sight in my current setup, but migration to systemd is required to continue upgrades to OS, etc. Happy to adjust another distro's systemd files for proper file and config locations, etc. Thanks kindly, Andy -- Time is money. Stop wasting it! Get your web API in 5 minutes. www.restlet.com/download http://p.sf.net/sfu/restlet ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] systemd scripts for courier
On 05/30/2014 06:23 PM, Sam Varshavchik wrote: Andrew Burnette writes: Hi all, currently running on a gentoo derivative distro, courier seems happy for over a decade.in remote servers, so swapping out distro not an option. Anyone have a recommendation or pointer to any distro's build/rpm/package/etc which includes systemd scripts for courier and courier-authlib? None in sight in my current setup, but migration to systemd is required to continue upgrades to OS, etc. The Courier tarball has a spec file that will install a systemd script. The spec file figures out if it's still being built on pre-systemd CentOS, or current Fedora with systemd, and adjust things accordingly. Thanks Mr. Sam, Been almost 2 years (or more) since I simply built if from source. Will proceed accordingly. Cheers, andy -- Time is money. Stop wasting it! Get your web API in 5 minutes. www.restlet.com/download http://p.sf.net/sfu/restlet ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Block mails from IP -- some blacklist help
On 03/16/2013 06:36 AM, Matus UHLAR - fantomas wrote: On 16.03.13 10:02, Lorenzo Pistone wrote: Before asking for help I tried that, but it didn't work so I assumed that it wasn't really related. Now I tried again, still does'nt work. I first stop all the courier services, then I add the following line to /etc/courier/smtpaccess/default xxx.xxx.xxx.xxxdeny I recommend you using xxx.xxx.xxx.xxx allow,BLOCK=spam refused ... btw, this is what DNS blacklist are for. Rarely see anyone posting their blacklists:-) but... from from my own /etc/courier/esmtpd (anyone is welcome to offer corrections as some blocklists vanish over time, but currently ~95% of connection attempts are rejected, and spam rate on my own 16 year old three letter domain and unchanged email address in combo with spamassassin is 5 per week). No wonder the younger generation don't like email, as the ratio of spam to valid email is terrible, and thus eliminates the usefulness of it. Currently I encounter no significant load on a 4 processor 8gig machine with roughly 3Tbytes of maildir storage. Good spamassassin hygiene (adding razor and dcc work well) is important too, just follow the recipe on their website, and alternatives do exist. I easily beat any of the big email providers, pricey appliances, et al, and haven't received more than one or two an incoming email gets bounced complaint from my users or contacts elsewhere in past few years. Those complaints have all come from residential ISPs who do not keep clean smtp senders, or like yah??.com, don't comply with RFC's. Yes, I'm fairly lazy about updates, primarily because it works well! BLACKLISTS=-block=sbl-zen.spamhaus.org,BLOCK \ -block=multi.surbl.org,BLOCK,127.0.0.2 \ -block=multi.surbl.org,BLOCK,127.0.0.4 \ -block=multi.surbl.org,BLOCK,127.0.0.8 \ -block=multi.surbl.org,BLOCK,127.0.0.16 \ -block=multi.surbl.org,BLOCK,127.0.0.32 \ -block=multi.surbl.org,BLOCK,127.0.0.64 \ -block=dnsbl.njabl.org,BLOCK,127.0.0.2 \ -block=dnsbl.njabl.org,BLOCK,127.0.0.3 \ -block=dnsbl.njabl.org,BLOCK,127.0.0.6 \ -block=cbl.abuseat.org,BLOCK \ -block=blackholes.five-ten-sg.com,BLOCK,127.0.0.2 \ -block=blackholes.five-ten-sg.com,BLOCK,127.0.0.3 \ -block=psbl.surriel.com,BLOCK,127.0.0.2 \ -block=dnsbl.njabl.org,BLOCK,127.0.0.8 Hope this may be of some help. I also set the following variables in same file as so: BOFHCHECKDNS=1 BOFHNOEXPN=1 BOFHNOVRFY=1 TCPDOPTS=-stderrlogger=/usr/sbin/courierlogger -noidentlookup Note that in TCPDOPTS, I do NOT set -nodnslookup as my setting lengthens connection before HELO time to just over 30 seconds. Vast majority of bots from all those infected PC's give up at 30 seconds. works wonders actually.. I DO have my users set smtp outbound on their clients to port 587, which both requires authentication, and avoids the resulting 30 second connection delay. Summary: almost zero time is required to maintain this aspect of a mailserver, mine handling numerous domains with tens of thousands of good emails per day. Good luck, andy -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Block mails from IP -- some blacklist help
On 03/16/2013 04:14 PM, Gordon Messmer wrote: On 03/16/2013 10:11 AM, Andrew Burnette wrote: -block=dnsbl.njabl.org,BLOCK,127.0.0.2 \ -block=dnsbl.njabl.org,BLOCK,127.0.0.3 \ -block=dnsbl.njabl.org,BLOCK,127.0.0.6 \ -block=dnsbl.njabl.org,BLOCK,127.0.0.8 njabl has been shut down: http://www.njabl.org/ Thanks, been a while :-) andy -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courieresmtp and 450 errors
On 08/25/2012 04:11 PM, Gordon Messmer wrote: On 08/22/2012 03:30 PM, Lindsay Haisley wrote: I don't know what other insights can be gained by reading the headers or log entries. I consider this a closed case at this point and won't bother this list with further analysis of it. On the off chance that you or Gordon_do_ find something I've missed, please post and I'll revisit it. I have no idea why Evolution sent the same email twice. No, I think your understanding of the situation is basically correct. The logs that you posted included the courieresmtp client, but not the courieresmtpd/courierd messages that record accepting the message from the client. However, it's unlikely that those would tell you much more. I'm mostly sure that courier would only send the message on to the list if it told the client 250 ok. There is at least one open bug in Evolution that causes it to duplicate messages in the Outbox. Your situation could be similar: https://bugs.launchpad.net/ubuntu/+source/evolution/+bug/825194 Sorry to be late on commenting here. and I may be 100% off target, but this is worth mentioning I believe. A VPN was mentioned and OFTEN creates major hassles for normal TCP old school transactions (ftp, smtp, etc) in that MTU (maximum size of a packet) discovery is nearly always broken, and never matches the de facto default LAN 1500byte MTU due to VPN's added headers/overhead. PMTU discovery allows end to end TCP sessions to have a exact max MTU size of choke points (i.e. smaller MTU's in intermediate links...including VPNs) and avoid such problems. I've seen hundreds of applications work very well on a LAN and falter on VPN's for exactly that reason. Note that more modern (streaming) apps utilize a UDP stream and small tcp management stream to wrap the entire experience, but rely heavily upon application awareness to mitigate such problems and do manipulate MTU's but at the application layer. Well worth checking out. This combined with various OS and application implementations may result in a real duplicate attempt to send a message (packetized sequenced bundles of data) when a first attempt fails. Thus, the client, client/server OS's, server, and intermediate/adjunct programs can often fail mid transaction due to missing bytes over a VPN. You might try manually reducing the MTU on the client side or the MUA side to say 1400 bytes (very negligible performance impact) and see if you can non repeat the situation. I'm guessing this might be the case. In managing a commercial multimillion user mail system, we set the MTU well below 1000 bytes, and cut our customer service calls in half, but that was more than a decade ago. Good luck, andy -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] what about antispam?
On 07/06/2012 04:42 PM, Lucio Crusca wrote: Hello *, I'd like to add antispam features to my courier-mta setup. Historically I've been using spamassassin at other sites (postfix), and going further back in history, some DSN blacklists with an ancient version of courier (back in 2005 or so). Now I wish to use both things, a false negative-inclined DSN blacklist backed by some spam filter. However I'm not up-to-date with recent DNSBL and their features, and I feel like spamassassin is sort of dead (but please correct me if I'm wrong). Could you please give me advice about what there is out there that works well with courier? Thanks in advance, Lucio. Hi Lucio, Two minor config items that help. 1- in $confdir/esmtpd I set TCPDOPTS=-stderrlogger=/usr/sbin/courierlogger -noidentlookup You may remove the -noidentlookup which delays the HELO session just past 30 seconds or so. That's a tripping point for endless numbers of BOTS out there. In that case, setup users to use 587/message submission port for sending emails so they don't become annoyed with the delay Also: BOFHCHECKDNS=1 BOFHNOEXPN=1 BOFHNOVRFY=1 all help out in the long run. Two attack vectors against spam. Yes, spamassassin works decently if populated/configured well. 1- RBL's. spaumhaus is arguably the best/cleanest 'freebee' out there my own RBL list, YOUR MILEAGE MAY VARY and I'm pretty lazy about updating as long as it worksyes, there are nicer ways to get this done, but I get maybe 2-5 spams per week and 500+ hams (real email) on a 15 year old email address, so it works darned well for me anyway. Each is worth checking what various responses indicate, and vary in intensity of positive marking. BLACKLISTS=-block=sbl-zen.spamhaus.org,BLOCK \ -block=multi.surbl.org,BLOCK,127.0.0.2 \ -block=multi.surbl.org,BLOCK,127.0.0.4 \ -block=multi.surbl.org,BLOCK,127.0.0.8 \ -block=multi.surbl.org,BLOCK,127.0.0.16 \ -block=multi.surbl.org,BLOCK,127.0.0.32 \ -block=multi.surbl.org,BLOCK,127.0.0.64 \ -block=dnsbl.njabl.org,BLOCK,127.0.0.2 \ -block=dnsbl.njabl.org,BLOCK,127.0.0.3 \ -block=dnsbl.njabl.org,BLOCK,127.0.0.6 \ -block=cbl.abuseat.org,BLOCK \ -block=blackholes.five-ten-sg.com,BLOCK,127.0.0.2 \ -block=blackholes.five-ten-sg.com,BLOCK,127.0.0.3 \ -block=psbl.surriel.com,BLOCK,127.0.0.2 \ -block=dnsbl.njabl.org,BLOCK,127.0.0.8 (some of these RBL's may no longer be effectivebut this is entirely your policy choice) Now I fall really off the courier list, but I find it useful, hope you do as well! For spamassassin, go through the trouble of following the setup in detail, and yes, install all the optional perl modules. (this is the biggest memory/cpu hog on my server, but I handle 15k attempts, and 2k+ daily email messages on an old dual PIII 1Gbyte server ok; recently upgraded them just due to risk/age of machines). setup DCC and RAZOR. DCC really does work, and it's fast. I also import via sa-update like so from openprotect.com sa-update --allowplugins --gpgkey \ D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel \ saupdates.openprotect.com although the massive sare lists are no longer modified, there are items which help. http://www.stearns.org/sa-blacklist/ has lists you can convert (loads of badfrom email addresses and domains). last time i looked, bofh file had 400k listings. no performance problems at all. Also, go through the trouble of feeding/teaching (sa-learn) spamassassin about 5000 hams (good) and 5000 spams (bad) emails. Helps a lot. Unfortunately, there are a few [big company] places that are endless spam sources. Used to be AOL, but yahoo's fall from grace (i.e. HELO, domain name, and reverse DNS lookup never match) seems to be my largest source of spam from someone who knows better. Hope that helps!!! andy -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] new longer TLS keys needed,
Hi all, just today (glad to see others using STARTTLS) I got a bounce back: STARTTLS 500 The Diffie-Hellman prime sent by the server is not acceptable (not long enough). My self signed keys are due to coincidentally expire in a week or so. Unfortunately, due to very severe head/eye injury, it's tough to RTFM :-) oops is my best thought on that subject... Anyone care to assist with the appropriate command lines to help me roll new keys this weekend? Thanks kindly, Andy p.s. Mr. Sam, thanks for a decade of first class software! -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Empty Sender
- Original Message - From: Oleg Kobyakovskiy [EMAIL PROTECTED] To: Juri Haberland [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 7:45 PM Subject: Re: [courier-users] Empty Sender That's sad. :( A lot of mailboxes on my server receive 20 - 50 may be more emails from empty sender per day. 99% of that emails are spam. So people have more then 50% of spam emails on their mailboxes. I know that XMail, EXIM, Postfix, Sendmail, ZMailer can stop that emails (from empty sender). And I think this is good idea. I used this feature all the time. But now I have a lot of spam. I think it's possible to stop emails from empty senders in courier also, but I just didn't found how to do it. Am I wrong? Juri Haberland wrote: bad problem (spam), with all due respect, wrong solution trying to deny emtpy emails (an empty sender is usually 1 small defect of many that are easily detectable). takes about 30 minutes (mainly reading the INSTALL file) to install spamassassin. can be installed via CPAN in perl if you prefer. http://www.spamassassin.org Cheers, andy --- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Re: SSL or APOP from Outlook Express 5.06(Mac)
- Original Message - From: James Turnbull [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, February 01, 2003 6:57 PM Subject: Re: [courier-users] Re: SSL or APOP from Outlook Express 5.06(Mac) snip Can I ask how you got OE to not give the warning? I've been trying to get this working for a couple of weeks now using self-generated SSL certs with no luck. Thanks James Turnbull James, et al, I manually created my IMAP and ESMTP certs by running the mk*cert scripts in /usr/lib/courier/share *after* altering /usr/lib/courier/etc/imapd.cnf (and the others) to use the proper FQDN name of my server rather than the default localhost On M$ windows (this is for OE of course), open IE. https://yourserver.yourdomain.com:993 (993 is for IMAP, just select the appropriate port for the particular protocol) IE will display a warning. Click view certificate on the next pop up box, select install certificate the next wizard that opens, choose place all certificates in the following share and choose trusted root authorities (thus, it's nice if your self signed cert has the correct hostname associated with it) once complete, no more security errors on outlook express. Repeat for ESMTP (port 465), etc. Works like a charm. of course, YMMV :-) Hope that helps, andy --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Webmail only works SUID root????
- Original Message - From: Eric Livingston [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 21, 2003 11:48 AM Subject: [courier-users] Webmail only works SUID root I'm trying to get Webmail working, but I find that it denies any logins at all (claiming invalid user ID or password) unless I make the webmail executable suid root. This is clearly not agreeable - clearly there's something that webmail is trying to access that apache:apache does not have access to. I'm using the authdemon with PAM, and apache 2. What file(s) need to be chmoded or chowned to allow webmail to access them? Or is webmail incompatible with authdemon? Thanks, Eric Eric, webmail needs RW access to $USER/Maildir to read the user's mail files, move, delete, etc as they choose to do with the webmail interface. Unlike other imap based web clients (which are rather inefficient), sqwebmail bypasses the imap server step and gets right to the files. Installed as performed by the install scripts (per INSTALL instructions), webmail works just fine, and yes, its SUID root. Cheers, andy --- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] MIME errors with hotmail
In the tail of hotmail's email message, Join the world's largest e-mail service the ' apostrophe is in fact a right single quote (decimal=146?) which is of course, an 8 bit character. They don't label the email correctly as containing 8bit characters. Cheers, andy - Original Message - From: Jorge Leupuscek [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 25, 2002 2:11 PM Subject: [courier-users] MIME errors with hotmail Hi, I have this error when someone send me and email from hotmail.com 550-This message has 8-bit contents, but does not have the necessary MIME I have courier .28 I hope someone can help me. Thanks ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users