[courier-users] Shutting down smtp while running imap
I need to synchronize the email from a Courier-based email server to another non-Courier server during a domain transfer. As part of this process, I want to shut down smtp on the source server while keeping imap alive, so that I can do an imapsync[*] from the source to the destination. I assume that all I have to do on the source server is to set ESMTPDSTART to NO in COURIER/etc/esmtpd and COURIER/etc/esmtpd-msa and then restart Courier. I just want to confirm that this is the correct approach. Thanks. [*] http://freshmeat.net/projects/imapsync -- Lloyd Zusman [EMAIL PROTECTED] God bless you. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Shutting down smtp while running imap
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: [ ... ] I assume that all I have to do on the source server is to set ESMTPDSTART to NO in COURIER/etc/esmtpd and COURIER/etc/esmtpd-msa and then restart Courier. [ ... ] A much easier approach to do the same thing: esmtpd stop Thank you. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Aliases via mysql?
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: Is there any way to manage aliases via mysql in a manner that's analogous to that which courierldapaliasd offers? Nope. Oh well ... Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Subnet whitelisting in courier-pythonfilter greylisting
In order to make courier-pythonfilter's greylist.py filter work with the greylisting whitelist that's currently maintained at http://greylisting.org/whitelisting.shtml, I have made a small patch to this filter that checks ip/8, ip/16, and ip/24 addresses in the _whitelistIPAddresses database, in addition to ip/32 addresses. That patch is against version 0.18 of courier-pythonfilter, and I'm enclosing it here. Note that a text version of this greylisting whitelist can be downloaded from here: http://cvs.puremagic.com/viewcvs/*checkout*/greylisting/schema/whitelist_ip.txt I have a cron job which periodically performs this download, extracts the IP addresses from the file, and then loads them into the _whitelistIPAddresses database. Here's the patch to greylist.py: --- greylist.py.orig2007-02-05 07:31:11.0 -0500 +++ greylist.py 2007-02-05 07:33:12.0 -0500 @@ -66,5 +66,5 @@ sys.exit(1) -_IPv4Regex = re.compile('^(\d+\.\d+\.\d+)\.\d+$') +_IPv4Regex = re.compile('^(\d+)(\.\d+)(\.\d+)\.\d+$') @@ -75,5 +75,7 @@ def _Debug(msg): if _doDebug: -sys.stderr.write(msg + '\n') +sys.stderr.write(msg) +if msg[-1] != '\n': +sys.stderr.write('\n') @@ -99,13 +101,28 @@ return '' -# Calculate the /24 network +# Calculate the /8, /16, and /24 networks IPv4Match = _IPv4Regex.match(sendersIP) +sendersIP8 = IPv4Match.group(1) +sendersIP16 = sendersIP8 + IPv4Match.group(2) +sendersIP24 = sendersIP16 + IPv4Match.group(3) +if _whitelistIPAddresses.has_key(sendersIP24): +_Debug('allowing message from whitelisted IP/24 address %s' % + sendersIP24) +return '' +elif _whitelistIPAddresses.has_key(sendersIP16): +_Debug('allowing message from whitelisted IP/16 address %s' % + sendersIP16) +return '' +elif _whitelistIPAddresses.has_key(sendersIP8): +_Debug('allowing message from whitelisted IP/8 address %s' % + sendersIP8) +return '' if(IPv4Match == None): # IPv6 network calculation isn't handled yet sendersIPNetwork = sendersIP else: - sendersIPNetwork = IPv4Match.group(1) +sendersIPNetwork = sendersIP24 - # Grab the sender from the control files. +# Grab the sender from the control files. try: sender = courier.control.getSender(controlFileList) -- Lloyd Zusman [EMAIL PROTECTED] God bless you. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Is MYSQL_SELECT_CLAUSE still supposed to work?
I'm trying to use courier-authmysql at a site which already has a database set up for user authentication, and the tables don't correspond to the default structure for authmysql. Does the MYSQL_SELECT_CLAUSE (in authmysqlrc) still work, or has that option been removed? I can't seem to get it to work, and I'm not sure if it's due to my own error, or due to lack of support for that option these days. Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Filter API
Alessandro Vesely [EMAIL PROTECTED] writes: [ ... ] Not only Courier has to discard the old message, but it has to accept a new one. Perhaps, the resubmit path can be optimized slightly? Anyway, it will remain a technique suitable for setups where messages are modified in a few cases only. [ ... ] I'd just like to inject some more food for thought into this discussion. A year or so ago, I submitted a patch to include Courier's queue ID into the Received: header that Courier writes into a message. The purpose of this was to aid in the modification of messages during filtering. The way I envision this working is as follows: Step 1: A message arrives and is fed through a courierfilter. Step 2: The filter decides that the message needs to be modified in some way, so it writes some information into a database that describes the modifications to the message, using the queue ID as a key. For example, this database might be some sort of dbm file. Step 3: The courierfilter then accepts the message, as is. Step 4: Later in the message delivery chain, this same message is routed through maildrop. At this point, the message can be modified. Step 5: A maildrop recipe uses this same queue ID to look into the database mentioned above. If it finds modification instructions that are keyed to this queue ID, it alters the message in the way that the instructions stipulate, and then it delivers the message or passes it on for further filtering. Although this is a multi-step process that requires cooperating courierfilters and maildrop recipes, it doesn't require any changes to Courier's current message-delivery procedure. The queue ID is the field within the first Received: header that looks like id 080DDC27.45A9E14A.755B. It's guaranteed to be unique during all steps along the message delivery chain for any given message. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courier-pythonfilter 0.10
Nathan Harris [EMAIL PROTECTED] writes: [ ... ] Hi Gordon, thanks for the great courier filter! I have been delaying adding greylisting to our server due to complaints about email delays. But I will give it a try if/when you add the auto-whitelist feature. What will be your criteria for adding a sender/recipient pair? Will they have to send N number of successful messages? Will there be a way to dump out the auto-whitelist in a human readable format to see what the filter is up to? How would you handle expiring entries from the list? I vote for the criteria to be determined by the person who installs the filter. There could be an extra module that gets included, in which a certain function or method would get called to determine whether a given sender/recipient pair gets whitelisted. Each installer could implement this module in a site-specific manner. How does this idea sound? -- Lloyd Zusman [EMAIL PROTECTED] God bless you. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Comments in smtpaccess control file?
I can't find the following info in the docs. Forgive me if I overlooked it: Is it legal to have comments on valid lines within an smtpaccess control file? In other words, are these lines valid? 1.2.3.4 deny# arbitrary comment 2.3.4.5 allow # another comment If so, would the hash character ('#') need to be preceded by a tab, or would any whitespace suffice? (yes, I know that a tab needs to separate the IP address and the allow/deny indicator) Thanks in advance. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] rpmbuild fails for courier-0.53.3.20061112
john jones [EMAIL PROTECTED] writes: I've had this problem several times and the reason was because I didn't pay my bills and kept asking people for money :) Seriously, if you log in as root and try it the problem will go away Thanks, but a believe that the docs say that we're supposed to build these rpm's as user courier, and to only use root when installing them. This has always worked before, and it also worked just now with the courier-authlib-0.58.20061112.tar.bz2 tarball. Actually, I have recently found the problem: operator error. Once I corrected this, the rpmbuild worked just fine. Sorry for the bandwidth. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] rpmbuild fails for courier-0.53.3.20061112
I just now downloaded the latest tarball for courier, and as I have done a number of times in the past, I want to build it via rpmbuild. However, this time, I am getting an error: % rpmbuild -ta courier-0.53.3.20061112.tar.bz2 error: File /home/courier/rpm/BUILD/courier-0.53.3.tar.bz2: No such file or directory The file /home/courier/rpm/BUILD/courier-0.53.3.tar.bz2 indeed exists and is readable. The error seems to be occurring due to something that rpmbuild encounters within this file. Any ideas? Thanks. P.S. -- I'm running this as the user courier, not root, and the directory in which I am running it is owned by courier and is writable. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] SRS with Courier?
Has anyone been successfully using SRS[*] with Courier? If so, what implementation have you been using? Thanks in advance. [*] http://www.openspf.org/srs.html -- Lloyd Zusman [EMAIL PROTECTED] God bless you. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Courier pythonfilter custom startup code?
I'm using Gordon Messmer's excellent pythonfilter package[*]. What I'd like to do is to cause special code to be invoked during its startup for the purpose of making common data available to all the filters. For example, there is a subset of domains that I host for which I want to do special spam filtering. I'd like to read this list at startup and store the set of domains in some sort of data structure that would be available to all of the filter modules. Is this possible without changing the pythonfilter code, or will I have to hack in this capability? Thanks in advance. [*] http://www.dragonsdawn.net/~gordon/courier-patches/courier-pythonfilter -- Lloyd Zusman [EMAIL PROTECTED] God bless you. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Relative efficiencies of authmysql, authpgsql, and authldap.
I'm wondering if anyone here has had experience using authmysql, authpgsql, and authldap with Courier, and who would be willing to share your experiences about which one has been most efficient for you. I'm talking strictly about run-time reliability and efficiency, given that I'm quite capable of configuring and administering each of these. I plan to use one of these three within Courier for a medium-sized email setup on a machine that might be slightly weak on resources, and therefore, I'd like to pick the one that will have the lowest run-time impact without jeopardizing reliability. Thanks in advance for any thoughts you might have about this. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Complete newbie
Richard Levitte - VMS Whacker [EMAIL PROTECTED] writes: In message [EMAIL PROTECTED] on Fri, 16 Jun 2006 19:29:21 -0400, Sam Varshavchik [EMAIL PROTECTED] said: mrsam [ ... ] mrsam Problem #1. Courier Debian packages are ancient, obsolete code mrsam that nobody cares about anymore. Uhmm, did you mean to slam on Debian? You would be right about the testing (etch) and stable (sarge) distributions, they're still at Courier version 0.47. However, if you're looking at the unstable distribution (which isn't so unstable, I run it on my laptop with zero problems), which is where current development goes on, you will see the following: [ ... etc. ... ] So, would a more fair statement be this? Courier packages on debian-etch and debian-sarge are ancient, obsolete code and are no longer supported, unlike those on debian-unstable, which tend to be more up to date. Despite your success at using unstable, many people are uneasy about using packages from that distribution, for obvious reasons, and therefore, they don't install such applications. These people should not be surprised if they encounter problems or a lack of certain features when they install version 0.47 of courier from testing or stable, and they are not likely to get as much support here as they could with a newer version. In addition to the debian solution that involves the use of unstable, at least for the courier-related packages (which will probably pull in other unstable apps in the process), another option is to try to build courier from source using the latest tarballs. Of course, that also will probably require upgrading certain subsidiary packages to the versions that reside on unstable. In summary, I guess I would say that it's not recommended to install courier on debian unless you use the unstable packages or else build it from source. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Incorrect position of Received-SPF header?
Sam Varshavchik [EMAIL PROTECTED] writes: [ ... ] The code is very old and is not exactly something that I'm proud of. If you open submit.C and search for readline, you'll find where Courier begins reading the message. But, again, I would not lose any sleep over this. This is not going to happen with legitimate mail, only misformatted spam. Well, what's happening is that a later check I have for spam is failing because of the resulting misplaced Received-SPF header, so this badly formatted email is incorrectly coming through my series of filters as non-spam. If I knew what incorrect formatting in the message was triggering the mis-recognition of the end of message headers, I could check for this bad formatting myself and properly direct messages like these to the garbage can. I'll peek into submit.C and see if I can figure this out. Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Incorrect position of Received-SPF header?
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: In some cases, one of the Received-SPF headers that gets generated by Courier ends up being inserted after the initial group of headers, and inside the first part of a multipart message. The following consists of the topmost lines of a spam that I received, which illustrates this The spam was a corrupted message. This will not happen with ordinary messages. Thanks. So ... could you or someone explain what exactly is the nature of this corruption? I'd like to be able to somehow detect it programmatically, if possible. [ ... ] More than likely the first blank line in the message wasn't. It contained a space or some other unprintable character. So, Courier kept looking for the blank line that delimits headers from the body, and inserted the SPF header there. Well, there were simply two newlines (character \n, or 010, or 0x0a) and nothing else in the original message between the last header line and the first multipart separator. I have double- and triple-checked this. What else could be triggering this case? -- Lloyd Zusman [EMAIL PROTECTED] God bless you. ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Incorrect position of Received-SPF header?
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: [ ... ] Well, there were simply two newlines (character \n, or 010, or 0x0a) and nothing else in the original message between the last header line and the first multipart separator. I have double- and triple-checked this. What else could be triggering this case? There must be something else. For some reason the parser did not see the blank line, and continued to process the next couple of lines as part of the message header. I agree that there must be something else, but I don't understand the parser well enough to know what it could be. That's why I'm asking these questions here. You're the expert on the parser, not me. Are there docs about the detailed operation of parser? Or if not, could you perhaps point me to the appropriate code? ... maybe I can figure it out via reverse engineering. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Incorrect position of Received-SPF header?
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: In some cases, one of the Received-SPF headers that gets generated by Courier ends up being inserted after the initial group of headers, and inside the first part of a multipart message. The following consists of the topmost lines of a spam that I received, which illustrates this The spam was a corrupted message. This will not happen with ordinary messages. Thanks. So ... could you or someone explain what exactly is the nature of this corruption? I'd like to be able to somehow detect it programmatically, if possible. There definitely are two consecutive newlines in the original message between the last line of the header and the start of the first multipart separator, so I know that it must be something other than that. Thanks again. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Couple of questions (me being silly i expect)
Neil Stone [EMAIL PROTECTED] writes: I have courier installed on my mail server, been there for about a year now.. chugging along quite happliy... I have decided i want to get spamassassin involved in there.. i followed through a few guides on the internet, TNA... it seems as though spamc is not actually running. I have set the DEFAULTDELIVERY to maildrop, in maildroprc i have; exception { xfilter /usr/bin/spamc } as was suggested by a few places... no sign of spamc being executed at all... no headers, no log file entrys.. etc..etc.. i expect i am being silly, however it's gone 1am.. What am i doing wrong people ??? Also I would like to be able to have a catchall mailbox for each of the domains i have on my server... i use MySQL authentication (if that matters ?) i have read that i simply set an alias along the lines of; With a catch-all directory, spamassassin gets confused, because out of the box, that software expects a user-owned .spamassassin subdirectory under each user's HOME, and clearly, that doesn't exist under your catch-all paradigm. Check here for more details as to how to patch spamassassin to work under this environment: http://da.andaka.org/Doku/courier-spamassassin.html Perhaps this will help. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Recent Courier under debian?
Stefan Hornburg [EMAIL PROTECTED] writes: On Sun, 26 Mar 2006 00:27:02 -0500 Lloyd Zusman [EMAIL PROTECTED] wrote: [ ... ] Well, it's a nice new version (0.53.1), but I'm getting this error in aptitude, which I presume is the SSL dependency problem that you refer to: [ ... ] Courier packages at debian.linuxia.de are updated now, you don't need libssl-0.9.8 anymore. Thank you! -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] And now, maildrop? (was: Recent Courier under debian?)
Stefan Hornburg [EMAIL PROTECTED] writes: [ ... ] Courier packages at debian.linuxia.de are updated now, you don't need libssl-0.9.8 anymore. ... and this brings up related question: does anyone know of a deb repository with a recent stand-alone version of maildrop? The courier-maildrop package in the linuxia repository is indeed up to date, but it's meant to be part of a larger courier-mta installation. The stand-alone maildrop package in the Debian stable repositories is version 1.5.something, which is very much out of date. Thanks again ... -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Recent Courier under debian?
Does anyone know where I can find a .deb installation for a version of Courier newer than the ancient 0.47.x that is living in 'stable'? I'd like to get something fairly recent running on a debian box. Yes, I know that I can compile it myself, but I'm hoping for a usable apt-based installation. Thanks in advance. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Recent Courier under debian?
Jochen Antesberger [EMAIL PROTECTED] writes: Am Samstag, den 25.03.2006, 17:53 -0500 schrieb Lloyd Zusman: Does anyone know where I can find a .deb installation for a version of Courier newer than the ancient 0.47.x that is living in 'stable'? [ ... ] From an earlier message to this list by the debian maintainer: --- I as Debian maintainer would recommend to use up-to-date Courier packages from my private repository: deb http://debian.linuxia.de/ courier-test main --- Last time I checked there was still a dependency problem with the SSL related packages, but Stefan commented he would soon be resolving these. Just give it a go and see if aptitude complains when you select the courier packages. Vielen Dank! Well, it's a nice new version (0.53.1), but I'm getting this error in aptitude, which I presume is the SSL dependency problem that you refer to: Some dependencies of courier-ssl are not satisfied: * courier-ssl depends on libssl0.9.8 [UNAVAILABLE] But I'll be patient. I'm not in a rush for this, and I trust that it will be fixed soon. P.S. - Does anyone know of a deb repository which contains libssl-0.9.8? -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Interaction between multiple courierfilters
Alessandro Vesely [EMAIL PROTECTED] writes: Lloyd Zusman wrote: [ ... ] There is a couple of other functionalities that would make sense here: 4. drop the message (currently done by marking all users as delivered) 5. give a diagnosis, in the form of a piece of data that local filters may use. Those two points can be developed using the same kind of logic, that is encoding the filter response in something that is not a valid SMTP response. For that reason, I would use, say, 'A' (for Accept) rather than '0' as the leading character. That will lead to uniform syntax that will be nicer to document whenever more functionalities are added. E.g. a filter may return (syntax to be refined) Accept; 250 accepted unconditionally, Drop; 251 the message will be dropped, or Var SPAM_GRADE=75%; 200 message accepted with some reservations. We are still not allowing a filter to change the MIME text of the message, but paving the way to a more significant enhancement. Shall I provide an alternative patch? Well, that's certainly fine with me. My patch was nothing more than a proof of concept. I'm using my patched version now, but I have no personal investment. Your idea looks fine to me. I'd like to see its implementation. As for a filter changing the MIME text: the way Courier is currently designed, it would take a major refactoring to allow courierfilters to alter messages. The only way this can be done now, given the current architecture, is for the message to be dropped and the altered form to be reinjected as a new message. I believe that Gordon Messmer recently submitted some software that does this. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] courier-pythonfilter question
I'm running courier-pythonfilter, and when it starts up, I notice that it outputs this message: Import individual modules rather than the pythonfilter container. I installed this program exactly as specified in the docs, and I didn't change any of the code. I notice that this text is output from the filters/__init__.py file, but since there is no import pythonfilter anywhere in the code, I'm wondering why it's getting printed in the first place (all import statements that are generated indeed refer to specific modules). Does the fact that I'm getting this message mean that there is something wrong with my installation of courier-pythonfilter? By the way, I'm using version 2.4.1 of Python. Thanks in advance. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: courier-pythonfilter question
Gordon Messmer [EMAIL PROTECTED] writes: Lloyd Zusman wrote: Does the fact that I'm getting this message mean that there is something wrong with my installation of courier-pythonfilter? No, just ignore it for now. I'll fix it up soon. OK. Thanks! And while you're at it, don't forget to change the name of whitelist-auth to something without a hyphen. It appears like a minus sign to python (at least in version 2.4.1), which causes the import statement to barf (I'm not sure if you received my earlier message about this ... I apologize if you have). -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Interaction between multiple courierfilters
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: [ ... ] I have the courier-pythonfilter set up to run first, and there are cases where one of its filters decides to accept a message without further processing. The courier-pythonfilter code knows to not run any more of its own filters, but then, the Courier::Filter still processes the message. In this case, I don't want this to occur. [ ... ] It's not possible. You're looking at this from a wrong viewpoint. It's not just that a given filter decides to accept or reject a message. A given filgter decides whether or not the message should be rejected. The semantic difference is subtle, but important. Any filter may reject a message. If a filter does not reject a message it does not mean that the message is going to get accepted, because some other filter can always reject it. This is why the order the filters run is irrelevant. All filters must give a green light, so it's not important which filter rejects it. OK. Now I understand. Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Interaction between multiple courierfilters
Gordon Messmer [EMAIL PROTECTED] writes: Lloyd Zusman wrote: I have the courier-pythonfilter set up to run first, and there are cases where one of its filters decides to accept a message without further processing. The courier-pythonfilter code knows to not run any more of its own filters, but then, the Courier::Filter still processes the message. In this case, I don't want this to occur. [ ... ] It's really not either. Courier normally hands each message to all of the active filters. I designed the pythonfilter framework so that a given module within pythonfilter could indicate that other modules should not run. However, that capability does not extend to filters outside of the pythonfilter framework. I wasn't thinking about it at the time, but I suppose that's kinda disappointing after you went to the trouble of making Courier run filters in a specific order. Yeah ... (sigh). But now, I have a new challenge: coming up with a patch/enhancement to the filtering mechanism which will cause a message to be accepted without any further filtering. In other words, every filtering step would result in a three-possibility outcome: 1. Reject the message. 2. Pass the message on to the next filtering step. 3. Accept the message without any further filtering. Numbers 1 and 2 are already in place, and all that's necessary would be to come up with number 3. It doesn't seem too hard. I'll post a proposal in a little while. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Interaction between multiple courierfilters
Lloyd Zusman [EMAIL PROTECTED] writes: [ ... ] But now, I have a new challenge: coming up with a patch/enhancement to the filtering mechanism which will cause a message to be accepted without any further filtering. In other words, every filtering step would result in a three-possibility outcome: 1. Reject the message. 2. Pass the message on to the next filtering step. 3. Accept the message without any further filtering. Numbers 1 and 2 are already in place, and all that's necessary would be to come up with number 3. It doesn't seem too hard. I'll post a proposal in a little while. OK. After looking through courier/cdfilters.C, I can see that the current algorithm looks like this: 1. Run a filter. 2. Look at the initial character of the first line of the filter's output. If it's a digit other than '4' or '5', go to step 3; else go to step 5. 3. Output all lines which start with [0-9][0-9][0-9]- back to the sender. 4. If there are more filters, go to step 1; else, go to step 6. 5. Output all lines which start with [0-9][0-9][0-9]- back to the sender. 6. Stop processing filters. The effect of this is to reject and cease processing all messages whose filters return 4xx or 5xx status codes, and to continue processing all other messages. Here's my first cut at a proposal for implementing the scenario I outlined in my quoted message, above: 1. Run a filter. 2. Look at the initial character of the first line of the filter's output. If it's a digit other than '0', '4' or '5', go to step 3; else go to step 5. 3. Output all lines which start with [0-9][0-9][0-9]- back to the sender. 4. If there are more filters, go to step 1; else, go to step 7. 5. If the initial character is a '0', change it to a '2'. 6. Output all lines which start with [0-9][0-9][0-9]- back to the sender. 7. Stop processing filters. Since there are no 0xx SMTP status codes, it's seems to be safely backward compatible to do special processing when such codes are encountered. Here, they would be treated as a signal to accept the message by returning the corresponding 2xx code to the sender, and then to cease processing. All other status codes would be processed in the same way as they are currently being handled. The net effect of this would be to implement the scenario that I outlined above. Attached is a proposed patch to courier/cdfilters.C which implements this logic. It also fixes the memory allocation problems that Alessandro Vesely discussed with me. Thoughts? P.S. -- The if (isdigit(d)) test near the end of the dofilter() routine appears to be superfluous. I left it in for the time being, but I'm thinking that it should probably be removed. --- courier/cdfilters.C.orig 2006-03-19 17:16:09.0 -0500 +++ courier/cdfilters.C 2006-03-22 18:28:53.0 -0500 @@ -18,4 +18,5 @@ #include localstatedir.h + using namespace std; @@ -26,4 +27,59 @@ void *); +#define FILTER_LIST_INCREMENT 8 +#define MEMORY_ERROR 432 Out of memory when processing mail filters.\n + +static char **filterlist = NULL; +static int filterlistsize = 0; +static int nfilters = 0; + +static void free_filters() +{ + if (filterlist != NULL) + { + for (int n = 0; n nfilters; n++) + { + free(filterlist[n]); + } + } + nfilters = 0; +} + +static int add_filter(const char *filter) +{ +char *dupfilter = strdup(filter); + + if (dupfilter == NULL) + { + cout MEMORY_ERROR flush; + return (1); + } + + if (nfilters = filterlistsize) + { + if (filterlist == NULL) + { + filterlist = (char **) malloc(sizeof (char *) * + FILTER_LIST_INCREMENT); + } + else + { + filterlist = (char **) realloc(filterlist, + sizeof (char *) * + (filterlistsize + + FILTER_LIST_INCREMENT)); + } + if (filterlist == NULL) + { + cout MEMORY_ERROR flush; + return (1); + } + filterlistsize += FILTER_LIST_INCREMENT; + } + + filterlist[nfilters++] = dupfilter; + return (0); +} + int run_filter(const char *filename, unsigned nmsgids, @@ -40,4 +96,5 @@ if (!iswhitelisted) { + free_filters(); dirp=opendir(FILTERSOCKETDIR); while (dirp (de=readdir(dirp)) != 0) @@ -47,16 +104,29 @@ sockname = FILTERSOCKETDIR /; sockname += de-d_name; - if (dofilter( sockname, - filename, nmsgids, - msgidfunc, - funcarg)) + if (add_filter(sockname) != 0) { -closedir(dirp); return (1); } } if (dirp) closedir(dirp); + + qsort((void *) filterlist, + (size_t) nfilters, + sizeof (char *), + (int (*)(const void*, const void*)) strcmp); + + for (int n = 0; n nfilters; n++) + { + if (dofilter( filterlist[n], + filename, nmsgids, + msgidfunc, + funcarg)) + { +return (1); + } + } } + free_filters(); dirp=opendir(ALLFILTERSOCKETDIR); while (dirp (de=readdir(dirp)) != 0) @@ -66,14 +136,27 @@ sockname = ALLFILTERSOCKETDIR /; sockname
[courier-users] Re: Interaction between multiple courierfilters
Lloyd Zusman [EMAIL PROTECTED] writes: [ ... ] P.S. -- The if (isdigit(d)) test near the end of the dofilter() routine appears to be superfluous. I left it in for the time being, but I'm thinking that it should probably be removed. OOPS ... ignore the P.S. The isdigit test is indeed necessary. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Interaction between multiple courierfilters
Also, note the free(dupfilter) line which must be added within the patch at the point marked HERE: +#define FILTER_LIST_INCREMENT8 +#define MEMORY_ERROR 432 Out of memory when processing mail filters.\n + +static char **filterlist = NULL; +static int filterlistsize = 0; +static int nfilters= 0; + +static void free_filters() +{ + if (filterlist != NULL) + { + for (int n = 0; n nfilters; n++) + { + free(filterlist[n]); + } + } + nfilters = 0; +} + +static int add_filter(const char *filter) +{ +char *dupfilter = strdup(filter); + + if (dupfilter == NULL) + { + cout MEMORY_ERROR flush; + return (1); + } + + if (nfilters = filterlistsize) + { + if (filterlist == NULL) + { + filterlist = (char **) malloc(sizeof (char *) * + FILTER_LIST_INCREMENT); + } + else + { + filterlist = (char **) realloc(filterlist, +sizeof (char *) * +(filterlistsize + + FILTER_LIST_INCREMENT)); + } + if (filterlist == NULL) + { HERE free(dupfilter); + cout MEMORY_ERROR flush; + return (1); + } + filterlistsize += FILTER_LIST_INCREMENT; + } + + filterlist[nfilters++] = dupfilter; + return (0); +} + int run_filter(const char *filename, unsigned nmsgids, @@ -40,4 +96,5 @@ if (!iswhitelisted) { + free_filters(); dirp=opendir(FILTERSOCKETDIR); while (dirp (de=readdir(dirp)) != 0) @@ -47,16 +104,29 @@ sockname = FILTERSOCKETDIR /; sockname += de-d_name; - if (dofilter( sockname, - filename, nmsgids, - msgidfunc, - funcarg)) + if (add_filter(sockname) != 0) { - closedir(dirp); return (1); } } if (dirp) closedir(dirp); + + qsort((void *) filterlist, + (size_t) nfilters, + sizeof (char *), + (int (*)(const void*, const void*)) strcmp); + + for (int n = 0; n nfilters; n++) + { + if (dofilter( filterlist[n], + filename, nmsgids, + msgidfunc, + funcarg)) + { + return (1); + } + } } + free_filters(); dirp=opendir(ALLFILTERSOCKETDIR); while (dirp (de=readdir(dirp)) != 0) @@ -66,14 +136,27 @@ sockname = ALLFILTERSOCKETDIR /; sockname += de-d_name; - if (dofilter( sockname, - filename, nmsgids, - msgidfunc, - funcarg)) + if (add_filter(sockname) != 0) { - closedir(dirp); return (1); } } if (dirp) closedir(dirp); + + qsort((void *) filterlist, + (size_t) nfilters, + sizeof (char *), + (int (*)(const void*, const void*)) strcmp); + + for (int n = 0; n nfilters; n++) + { + if (dofilter( filterlist[n], + filename, nmsgids, + msgidfunc, + funcarg)) + { + return (1); + } + } + return (0); } @@ -188,5 +271,5 @@ if (isdigit(d)) { - if (d != '4' d != '5') + if (d != '0' d != '4' d != '5') { while (isdigit(sockname[0]) @@ -204,4 +287,8 @@ } + if ('d' == '0') + { + sockname[0] = '2'; + } cout sockname \n; -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642
[courier-users] Re: Interaction between multiple courierfilters
Well, there were other errors in the patch, so here is the new-and-improved version. I did some testing, and it seems to work. With this patch, a filter can return 050 Ok, and the message will be accepted with no more filters being run. The code gets converted to 250 Ok before being passed back to the sender. --- courier/cdfilters.C.orig 2006-03-19 17:16:09.0 -0500 +++ courier/cdfilters.C 2006-03-22 20:50:56.0 -0500 @@ -18,4 +18,5 @@ #include localstatedir.h + using namespace std; @@ -26,4 +27,60 @@ void *); +#define FILTER_LIST_INCREMENT 8 +#define MEMORY_ERROR 432 Out of memory when processing mail filters.\n + +static char **filterlist = NULL; +static int filterlistsize = 0; +static int nfilters = 0; + +static void free_filters() +{ + if (filterlist != NULL) + { + for (int n = 0; n nfilters; n++) + { + free(filterlist[n]); + } + } + nfilters = 0; +} + +static int add_filter(const char *filter) +{ +char *dupfilter = strdup(filter); + + if (dupfilter == NULL) + { + cout MEMORY_ERROR flush; + return (1); + } + + if (nfilters = filterlistsize) + { + if (filterlist == NULL) + { + filterlist = (char **) malloc(sizeof (char *) * + FILTER_LIST_INCREMENT); + } + else + { + filterlist = (char **) realloc(filterlist, + sizeof (char *) * + (filterlistsize + + FILTER_LIST_INCREMENT)); + } + if (filterlist == NULL) + { + free(dupfilter); + cout MEMORY_ERROR flush; + return (1); + } + filterlistsize += FILTER_LIST_INCREMENT; + } + + filterlist[nfilters++] = dupfilter; + return (0); +} + int run_filter(const char *filename, unsigned nmsgids, @@ -37,7 +94,9 @@ struct dirent *de; CString sockname; +int rc; if (!iswhitelisted) { + free_filters(); dirp=opendir(FILTERSOCKETDIR); while (dirp (de=readdir(dirp)) != 0) @@ -47,16 +106,30 @@ sockname = FILTERSOCKETDIR /; sockname += de-d_name; - if (dofilter( sockname, - filename, nmsgids, - msgidfunc, - funcarg)) + if (add_filter(sockname) != 0) { -closedir(dirp); return (1); } } if (dirp) closedir(dirp); + + qsort((void *) filterlist, + (size_t) nfilters, + sizeof (char *), + (int (*)(const void*, const void*)) strcmp); + + for (int n = 0; n nfilters; n++) + { + rc = dofilter( filterlist[n], + filename, nmsgids, + msgidfunc, + funcarg); + if (rc) + { +return (rc 0 ? 0 : rc); + } + } } + free_filters(); dirp=opendir(ALLFILTERSOCKETDIR); while (dirp (de=readdir(dirp)) != 0) @@ -66,14 +139,28 @@ sockname = ALLFILTERSOCKETDIR /; sockname += de-d_name; - if (dofilter( sockname, -filename, nmsgids, -msgidfunc, -funcarg)) + if (add_filter(sockname) != 0) { - closedir(dirp); return (1); } } if (dirp) closedir(dirp); + + qsort((void *) filterlist, + (size_t) nfilters, + sizeof (char *), + (int (*)(const void*, const void*)) strcmp); + + for (int n = 0; n nfilters; n++) + { + rc = dofilter( filterlist[n], + filename, nmsgids, + msgidfunc, + funcarg); + if (rc) + { + return (rc 0 ? 0 : rc); + } + } + return (0); } @@ -158,5 +245,4 @@ if (sockname.GetLength() == 0) sockname= ; - sockstream sockname '\n'; } @@ -188,5 +274,5 @@ if (isdigit(d)) { - if (d != '4' d != '5') + if (d != '0' d != '4' d != '5') { while (isdigit(sockname[0]) @@ -204,4 +290,10 @@ } + rc = 1; + if (d == '0') + { + sockname[0] = '2'; + rc = -1; + } cout sockname \n; @@ -216,4 +308,4 @@ sockstream.close(); close(s); - return (1); + return (rc); } -- Lloyd Zusman [EMAIL PROTECTED] God bless you.
[courier-users] Interaction between multiple courierfilters
I'm experimenting with using two separate courierfilters at the same time, courier-pythonfilter and Courier::Filter. I know how to properly start them up, and all my messages are getting processed by both. I have the courier-pythonfilter set up to run first, and there are cases where one of its filters decides to accept a message without further processing. The courier-pythonfilter code knows to not run any more of its own filters, but then, the Courier::Filter still processes the message. In this case, I don't want this to occur. I'm not sure if this is due to a problem in the way that my courier-pythonfilter setup handles messages, or whether this is due to some sort of flaw in Courier's courierfilter processing, itself. What does the courier-pythonfilter have to do in order to tell the second filter (Courier::Filer) to not touch the message any more, assuming that courier-pythonfilter decides to either accept or reject the message? Thanks in advance. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Order of running courierfilters?
Alessandro Vesely [EMAIL PROTECTED] writes: A few mumblings about that patch Lloyd Zusman wrote: [...] +#define FILTER_LIST_INCREMENT 8 + +static char **filterlist = NULL; +static int filterlistsize = 0; +static int nfilters = 0; + +static void free_filters() +{ +if (filterlist != NULL) +{ +for (int n = 0; n nfilters; n++) +{ +if (filterlist[n] != NULL) That test is completely bogus, I would remove it. Besides being useless because free repeats it anyway, it may fool an occasional reader of the source into thinking that filterlist entries should have been initialized to NULL. The free() routine does not always check for NULL. There are some systems on which it throws a segfault if NULL is passed to it. This may not be the documented behavior, but I have seen it occur, nonetheless. However, given the test for NULL after strdup() that you correctly mention below, the NULL test before free() would indeed be superfluous if that strdup() NULL test were in place. +{ +free(filterlist[n]); +} +} +} +nfilters = 0; +} + +static int add_filter(const char *filter) +{ +if (nfilters = filterlistsize) +{ +if (filterlist == NULL) +{ +filterlist = (char **) malloc(sizeof (char *) * + FILTER_LIST_INCREMENT); +} +else +{ +filterlist = (char **) realloc(filterlist, + sizeof (char *) * + (filterlistsize + +FILTER_LIST_INCREMENT)); +} +if (filterlist == NULL) +{ +cout 432 Out of memory when processing mail filters.\n + flush; +return (1); +} +filterlistsize += FILTER_LIST_INCREMENT; +} +filterlist[nfilters++] = strdup(filter); +return (0); +} Hmmm, strdup might also fail... what about the following +if (nfilters = filterlistsize) +{ +if (filterlist == NULL) +{ +filterlist = (char **) malloc(sizeof (char *) * + FILTER_LIST_INCREMENT); +} +else +{ +filterlist = (char **) realloc(filterlist, + sizeof (char *) * + (filterlistsize + +FILTER_LIST_INCREMENT)); +} +if (filterlist != NULL) +filterlistsize += FILTER_LIST_INCREMENT; +} +if (filterlist == NULL || +(filterlist[nfilters+1] = strdup(filter)) == NULL) +{ +cout 432 Out of memory when processing mail filters.\n + flush; +return (1); +} + nfilters += 1; +return (0); [...] @@ -47,16 +97,29 @@ sockname = FILTERSOCKETDIR /; sockname += de-d_name; -if (dofilter( sockname, -filename, nmsgids, -msgidfunc, -funcarg)) +if (add_filter(sockname) != 0) { -closedir(dirp); why don't you closedir in case of memory failure? return (1); } } if (dirp) closedir(dirp); + +qsort((void *) filterlist, + (size_t) nfilters, + sizeof (char *), + (int (*)(const void*, const void*)) strcmp); --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory
[courier-users] Re: Order of running courierfilters?
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: If I have several courierfilters installed, how can I control the order in which they are invoked? [ ... ] No, the filters are NOT invoked in any particular order. Oh ... OK. So, could you point me to the place in the Courier source code where the filters get invoked? I'd like to write a patch that imposes some sort of ordering scheme which I can then take advantage of. Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Order of running courierfilters?
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: Sam Varshavchik [EMAIL PROTECTED] writes: [ ... ] No, the filters are NOT invoked in any particular order. Oh ... OK. So, could you point me to the place in the Courier source code where the filters get invoked? [ ... ] courier/cdfilters.C, run_filter(). The code reads the directory, and just opens each socket file that it gets, on the fly. You want to modify run_filter(). This is also very old code, and not something that I'm especially proud of… Thank you. Yes, I can see that this is done via a couple of simple readdir() loops. How about if I just put something in there that sorts the file names in ascending ASCII sequence? Then, I could make use of prefixes like 00-, 01-, etc. to cause the filters to be invoked in the order that I desire. I'll have some sort of patch within a couple days. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Order of running courierfilters?
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: [ ... ] How about if I just put something in there that sorts the file names in ascending ASCII sequence? Then, I could make use of prefixes like 00-, 01-, etc. to cause the filters to be invoked in the order that I desire. I'll have some sort of patch within a couple days. Sounds reasonable. OK. Here's the patch. I did a small amount of testing, and it seems to work fine, but please double-check everything yourself. Note that I reuse a static list that grows as needed. I only free the individual entries, but not the list itself. The list will never have more entries than the next multiple of 8 higher than the maximum number of filters and allfilters; therefore, it's quite small. --- courier/cdfilters.C.orig 2006-03-19 17:16:09.0 -0500 +++ courier/cdfilters.C 2006-03-19 19:03:15.0 -0500 @@ -26,4 +26,53 @@ void *); +#define FILTER_LIST_INCREMENT 8 + +static char **filterlist = NULL; +static int filterlistsize = 0; +static int nfilters = 0; + +static void free_filters() +{ + if (filterlist != NULL) + { + for (int n = 0; n nfilters; n++) + { + if (filterlist[n] != NULL) + { +free(filterlist[n]); + } + } + } + nfilters = 0; +} + +static int add_filter(const char *filter) +{ + if (nfilters = filterlistsize) + { + if (filterlist == NULL) + { + filterlist = (char **) malloc(sizeof (char *) * + FILTER_LIST_INCREMENT); + } + else + { + filterlist = (char **) realloc(filterlist, + sizeof (char *) * + (filterlistsize + + FILTER_LIST_INCREMENT)); + } + if (filterlist == NULL) + { + cout 432 Out of memory when processing mail filters.\n + flush; + return (1); + } + filterlistsize += FILTER_LIST_INCREMENT; + } + filterlist[nfilters++] = strdup(filter); + return (0); +} + int run_filter(const char *filename, unsigned nmsgids, @@ -40,4 +89,5 @@ if (!iswhitelisted) { + free_filters(); dirp=opendir(FILTERSOCKETDIR); while (dirp (de=readdir(dirp)) != 0) @@ -47,16 +97,29 @@ sockname = FILTERSOCKETDIR /; sockname += de-d_name; - if (dofilter( sockname, - filename, nmsgids, - msgidfunc, - funcarg)) + if (add_filter(sockname) != 0) { -closedir(dirp); return (1); } } if (dirp) closedir(dirp); + + qsort((void *) filterlist, + (size_t) nfilters, + sizeof (char *), + (int (*)(const void*, const void*)) strcmp); + + for (int n = 0; n nfilters; n++) + { + if (dofilter( filterlist[n], + filename, nmsgids, + msgidfunc, + funcarg)) + { +return (1); + } + } } + free_filters(); dirp=opendir(ALLFILTERSOCKETDIR); while (dirp (de=readdir(dirp)) != 0) @@ -66,14 +129,27 @@ sockname = ALLFILTERSOCKETDIR /; sockname += de-d_name; - if (dofilter( sockname, -filename, nmsgids, -msgidfunc, -funcarg)) + if (add_filter(sockname) != 0) { - closedir(dirp); return (1); } } if (dirp) closedir(dirp); + + qsort((void *) filterlist, + (size_t) nfilters, + sizeof (char *), + (int (*)(const void*, const void*)) strcmp); + + for (int n = 0; n nfilters; n++) + { + if (dofilter( filterlist[n], + filename, nmsgids, + msgidfunc, + funcarg)) + { + return (1); + } + } + return (0); } -- Lloyd Zusman [EMAIL PROTECTED] God bless you.
[courier-users] Re: Order of running courierfilters?
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: OK. Here's the patch. I did a small amount of testing, and it seems to work fine, but please double-check everything yourself. [ ... ] I can't see anything wrong with this, after a brief look-through. Looks good. Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Order of running courierfilters?
If I have several courierfilters installed, how can I control the order in which they are invoked? Should I use some sort of naming convention like this? ... 00-pythonfilter 01-dupfilter 02-perlfilter Or is there some other way to ensure their execution order? Thanks in advance. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] What to restart when DNS changes?
One of the domains that I host is for a user whose machine gets a dynamic IP address. Therefore, the A record in the DNS entry for that domain changes from time to time. I handle this user's email with my Courier server, and I'm wondering if I need to do a courier restart every time his DNS changes. The MX record (which, of course, points to my Courier server) remains the same, but will the change of his A record require me to restart Courier, for any reason? Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: What to restart when DNS changes?
Gordon Messmer [EMAIL PROTECTED] writes: Lloyd Zusman wrote: I handle this user's email with my Courier server, and I'm wondering if I need to do a courier restart every time his DNS changes. I can't think of any reason why you would. Is there something specific that you expect to break? No. I just want to make sure that nothing _does_ break. Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: What to restart when DNS changes?
Lyndon Tiu [EMAIL PROTECTED] writes: On Wed, 15 Mar 2006 12:07:21 -0500 [EMAIL PROTECTED] wrote: Gordon Messmer [EMAIL PROTECTED] writes: Lloyd Zusman wrote: I handle this user's email with my Courier server, and I'm wondering if I need to do a courier restart every time his DNS changes. [ .. ] From my experience using courier's authdaemond using ldap. I used hostname to point to LDAP server. Then, for some security reasons, we decided to remove LDAP server record from DNS and just use ip addresses to refer to the LDAP server. We did not change authdaemond's configuration - still points to hostname. Authdaemond did not break right away. Took about 2 days - about the time it takes for the DNS cache to expire before authdaemond complained that it cannot find the LDAP server. Thank you. Luckily, in my case, this won't be a problem, because my Courier host (upon which I run ldap and all other services) is not using dynamic IP. But it's good to remember about this. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: What to restart when DNS changes?
Bernd Wurst [EMAIL PROTECTED] writes: Hi. Am Mittwoch, 15. März 2006 18:07 schrieb Lloyd Zusman: Gordon Messmer [EMAIL PROTECTED] writes: Lloyd Zusman wrote: I handle this user's email with my Courier server, and I'm wondering if I need to do a courier restart every time his DNS changes. I can't think of any reason why you would. Is there something specific that you expect to break? No. I just want to make sure that nothing _does_ break. Do you have the possibility to set the DNS-time-to-live for your record(s)? Without knowing the code of courier, I would bet that courier fits to the dns specs, so if you set the dns TTL of your record to something low, possibly 0 or 1, courier should not attept to cache your records longer than that time. cu, Bernd I'll investigate this. I'm using tinydns, and I seem to recall that TTL isn't overly configurable. But even if it's not, will that matter? When would Courier need to know the resolution of the A record for the domain part of an email address that it's serving? And recall that the MX record for this user remains constant (it points to this same Courier server). Also ... if it turns out that I would have to restart Courier in this case, is courier restart sufficient, or would I have to restart all of the Courier-related daemons? Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: What to restart when DNS changes?
Bernd Wurst [EMAIL PROTECTED] writes: [ ... ] If the MX and his address doesn't change, nothing must be done. Thank you. This is what I was hoping. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Completely turning off hard SPF bounces (webadmin)
On Wed, 25 Jan 2006 22:26:29 -0500, Sam Varshavchik [EMAIL PROTECTED] wrote: Lloyd Zusman writes: [ ... ] OK. So then how can we explain the difference in behavior between messages going to recipient 1 and recipient 2, as described above? [ ... ] If you have =all set for all three SPF settings, the message should NOT bounce with an SPF error for any reason. Setting aside that issue for the moment, if you do not have a localmailfilter installed in a particular account, that account is treated as if it has a localmailfilter that whitelists all mail addressed to it. So at least the second part of your scenario makes sense -- mail gets whitelisted, gets past that stage, and gets handed off to courierfilter as the next step. So the only question here is why you apparently get a 417/517 SPF error, if you supposedly set all three SPF checks to =all, that should not happen under any circumstances. I cannot reproduce this. With my own server, and default SPF settings, I get the same SPF error that you do, with that domain with broken SPF records. If I set the SPF checks to =all, the error goes away. The only possibibility I can think of -- and this is not documented -- is if you also set the BOFHSPF variables in the smtpaccess file for certain IP address ranges only. The settings in the smtpaccess file take precedence over the bofh file for mail originating from the corresponding IP address ranges only. Thanks. Well, I have no BOFHSPF* variables in the smtpaccess file. I'll keep investigating this mystery, and once I have more info, I'll post my findings. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. .-, 0__0 / ( oo'---, /oo\ ,\ | | \,=__/ \ / / /--| /| |__|-'|__|' --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Completely turning off hard SPF bounces (webadmin)
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: [ ... ] Well, there is a difference in the BOFHSPFHARDERROR setting. It causes an SPF error to return either a 517 message or a 417 message, depending on whether the error condition is matched. But what I want is _neither_ to be returned during the SPF step. What I want to do is to have all the SPF checking to be performed and then for the SPF-Received headers to be set, and for the message to be passed to the next processing steps as if no error occurred, even in the case of an SPF failure. Then, I want to look at the SPF-Received headers within my courierfilter, and to decide at that point whether I want to accept the message, bounce it with a 5xx error, reject it with a 4xx error, or whatever. Is there any way to do that? Yes -- by listing all possible SPF status results as acceptable, using =all. But I now am using =all, and SPF failures are still always triggering either 417 or 517 responses before the courierfilter gets invoked (depending on the existence/setting of BOFHSPFHARDERROR). This is the same behavior as when I was specifying all the statuses explictly in the opt BOFHSPF* settings. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Completely turning off hard SPF bounces (webadmin)
On Wed, 25 Jan 2006 06:55:50 -0500, Sam Varshavchik [EMAIL PROTECTED] wrote: Lloyd Zusman writes: [ ... ] But I now am using =all, and SPF failures are still always triggering either 417 or 517 responses before the courierfilter gets invoked (depending on the existence/setting of BOFHSPFHARDERROR). This is the same behavior as when I was specifying all the statuses explictly in the opt BOFHSPF* settings. Post your exact settings and the exact error message. There are three BOFH checks, and you must set all three of them to all. Yes, I am using =all with all three of them. bofh settings: opt BOFHSPFHELO=all opt BOFHSPFMAILFROM=all opt BOFHSPFFROM=all From error log (lines manually wrapped): Jan 25 01:29:03 courieresmtpd: started,ip=[:::65.19.161.222] Jan 25 01:29:11 courieresmtpd: error,relay=:::65.19.161.222, from=[EMAIL PROTECTED]: 517 SPF fail [EMAIL PROTECTED]: Maximum of 20 nested SPF queries exceeded. My courierfilters are running, and they are properly handling hundreds of other emails every day without any problem. They are installed via to run via /var/spool/courier/allfilters, which according to the courierfilter(8) man page, should be in effect no matter whether maildrop localfilter whitelisting is in effect or not: Certain mail destinations have the ability to selectively whitelist arbitrary messages. For example, local mail recipients have the abil- ity to selectively whitelist individual messages, provided that a local mail filter (independent of any global mail filter) is installed that implements the maildrop filtering API. [ ... ] Mail recipients that did not whitelist the sender, via the maildrop API, will have their mail filtered against everything in /var/spool/courier/filters and /var/spool/courier/allfilters. Mail to recipients that whitelisted the sender, or mail to destinations that do not use a maildrop API-compatible filter, will be filtered only against the contents of /var/spool/courier/allfilters. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. .-, 0__0 / ( oo'---, /oo\ ,\ | | \,=__/ \ / / /--| /| |__|-'|__|' --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Completely turning off hard SPF bounces (webadmin)
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: Yes, I am using =all with all three of them. bofh settings: opt BOFHSPFHELO=all opt BOFHSPFMAILFROM=all opt BOFHSPFFROM=all From error log (lines manually wrapped): Jan 25 01:29:03 courieresmtpd: started,ip=[:::65.19.161.222] Jan 25 01:29:11 courieresmtpd: error,relay=:::65.19.161.222, from=[EMAIL PROTECTED]: 517 SPF fail [EMAIL PROTECTED]: Maximum of 20 nested SPF queries exceeded. Works for me -- I just tested (with opt BOFHSPFMAILFROM=all, this is the setting that controls checking of the MAIL FROM Look for spurious whitespace, etc… My courierfilters are running, and they are properly handling courierfilters are not involved with SPF checking. All SPF stuff happens long before courierfilters get involved. But what about these two cases, both of which refer to the case where all three variables are set to all, and where there is a courierfilter that is controlled by /var/spool/courier/filters. 1. a message comes in for which SPF fails, and there are no maildrop whitelisting rules, and the message therefore gets sent to a courierfilter 2. a message comes in for which SPF fails, and there ARE matching maildrop whitelisting rules which then cause the courierfilter step to be bypassed (because it's controlled by /var/spool/courier/filters). In case 1, it's clear that the message will be (or at least _should_ be) sent on to the courierfilter. But what about case 2? The message won't be sent to the courierfilter, so is there then a possibility that the SPF fail will cause a 517 message to be returned to the sender, after all? Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Completely turning off hard SPF bounces (webadmin)
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: [ ... ] But what about case 2? The message won't be sent to the courierfilter, so is there then a possibility that the SPF fail will cause a 517 message to be returned to the sender, after all? No. Either SPF checking accepts the message or rejects it. One or the other. If an SPF check results in an unacceptable status code, the message gets rejected by a 417 or 517 code (depending on the setting of BOFHSPFHARDERROR). If an SPF check results in an acceptable status code, the message passes SPF checking, and normal processing continues, which may or may not involve courierfilters, depending on other factors. SPF is now completely out of the picture, and no longer has any bearing on the eventual outcome (except for the presence of a few additional headers that record the results of the SPF check). Once SPF checking is complete, subsequent processing is no different than what would've happened if SPF checking wasn't enabled at all. OK. Thanks. I have double, triple, and quadruple checked whitespace and other similar issues ... but everything looks correct. And here's some new data: the same sender has recently sent identical email to another address on my server. And although SPF fails, the messages get properly sent to the courierfilter instead of being rejected. HOWEVER, this 417/517 rejection continues to occur when the messages are sent to the original recipient. So, what's the difference between the two recipient accounts? Recipient account 1: - SPF fails - Message gets sent to courierfilter - Account has no local maildrop rules Recpient account 2: - SPF fails in the same way - Message does not get sent to courierfilter, but gets rejected with a 417 or 517 error, depending on the setting of BOFHSPFHARDERROR - Account has local maildrop rules which automatically cause messages from this sender to be whitelisted At first, I thought that the maildrop rules might be affecting this in some way. But they look like this: Contents of .mailfilters/rcptfilter-default for the user that gets the 417/517 failures (Recpient account 2) ... import SENDER BLACKLIST=.mailfilters/.blacklist if (lookup($SENDER, $BLACKLIST)) { EXITCODE=77 echo 571 invalid address. exit } The sender is definitely not in the .blacklist file. And in any case, the error returned when the SPF fails is not 571 invalid address, but a 417 or 517 error with an SPF failure message. Does this new data shed any light on the problem? -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Completely turning off hard SPF bounces (webadmin)
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: And here's some new data: the same sender has recently sent identical email to another address on my server. And although SPF fails, the messages get properly sent to the courierfilter instead of being rejected. HOWEVER, this 417/517 rejection continues to occur when the messages are sent to the original recipient. So, what's the difference between the two recipient accounts? Recipient account 1: - SPF fails - Message gets sent to courierfilter - Account has no local maildrop rules Recpient account 2: - SPF fails in the same way - Message does not get sent to courierfilter, but gets rejected with a 417 or 517 error, depending on the setting of BOFHSPFHARDERROR - Account has local maildrop rules which automatically cause messages from this sender to be whitelisted This has no effect on SPF. If a message fails SPF checking, it gets rejected. Whitelisting, in the context of localmailfilter, only affects content filtering. It does not affect SPF. All messages, whether their content is whitelisted from content-filtering or not, must still pass SPF checking. The only kind of whitelisting that applies to SPF checking is the BOFHSPFTRUSTME setting, which exempts senders with relaying privileges from SPF checking. OK. So then how can we explain the difference in behavior between messages going to recipient 1 and recipient 2, as described above? Recall that both of them are getting identical SPF failures, but that one of them properly passes the failed message to the courierfilter (as specified by the three BOFHSPF*=all settings), and the other one bounces the message with a 417/517 error. The messages are identical. The senders are identical. The only difference I can find so far is the presence of the localmailfilter in the account of the one that is causing the SPF failures to bounce without feeding them to courierfilter, and the lack of a localmailfilter for the other account. What could I be overlooking? What could be causing this? -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Completely turning off hard SPF bounces (webadmin)
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: In using webadmin under the latest version of Courier, it is impossible to completely turn off hard bounces in the Bounces section of the Sender Policy Framework page? If I uncheck all the boxes in that section and then click on Save, the 'Softfail is a hard bounce' and 'Fail is a hard bounce' come back as being checked. If I turn them all off except 'Fail is a hard bounce', then that setting remains. What do I have to do in order to completely disable bounces, even in the case of SPF Fail results? I want to do additional processing in my courierfilters before rejecting these messages. Put: opt BOFHSPFHELO=all opt BOFHSPFMAILFROM=all opt BOFHSPFFROM=all into the bofh file. Thanks. I already have the following in bofh (it was set up this way by webadmin, based on my settings there). Do these three lines cause Courier to behave differently from the three lines above? opt BOFHSPFHELO=pass,fail,none,neutral,softfail,error,unknown opt BOFHSPFMAILFROM=pass,fail,none,neutral,softfail,error,unknown opt BOFHSPFFROM=pass,mailfromok,fail,none,neutral,softfail,error,unknown Webadmin also set these two lines in bofh. Should I alter or get rid of one or both of these? opt BOFHSPFHARDERROR=fail opt BOFHSPFTRUSTME=1 Thanks again. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Completely turning off hard SPF bounces (webadmin)
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: In using webadmin under the latest version of Courier, it is impossible to completely turn off hard bounces in the Bounces section of the Sender Policy Framework page? If I uncheck all the boxes in that section and then click on Save, the 'Softfail is a hard bounce' and 'Fail is a hard bounce' come back as being checked. If I turn them all off except 'Fail is a hard bounce', then that setting remains. What do I have to do in order to completely disable bounces, even in the case of SPF Fail results? I want to do additional processing in my courierfilters before rejecting these messages. Put: opt BOFHSPFHELO=all opt BOFHSPFMAILFROM=all opt BOFHSPFFROM=all into the bofh file. Thanks. I already have the following in bofh (it was set up this way by webadmin, based on my settings there). Do these three lines cause Courier to behave differently from the three lines above? opt BOFHSPFHELO=pass,fail,none,neutral,softfail,error,unknown opt BOFHSPFMAILFROM=pass,fail,none,neutral,softfail,error,unknown opt BOFHSPFFROM=pass,mailfromok,fail,none,neutral,softfail,error,unknown Should be the same thing. OK. Thanks. Webadmin also set these two lines in bofh. Should I alter or get rid of one or both of these? opt BOFHSPFHARDERROR=fail opt BOFHSPFTRUSTME=1 Thanks again. You should get rid of them, but they don't make any difference. Well, there is a difference in the BOFHSPFHARDERROR setting. It causes an SPF error to return either a 517 message or a 417 message, depending on whether the error condition is matched. But what I want is _neither_ to be returned during the SPF step. What I want to do is to have all the SPF checking to be performed and then for the SPF-Received headers to be set, and for the message to be passed to the next processing steps as if no error occurred, even in the case of an SPF failure. Then, I want to look at the SPF-Received headers within my courierfilter, and to decide at that point whether I want to accept the message, bounce it with a 5xx error, reject it with a 4xx error, or whatever. Is there any way to do that? Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Completely turning off hard SPF bounces (webadmin)
In using webadmin under the latest version of Courier, it is impossible to completely turn off hard bounces in the Bounces section of the Sender Policy Framework page? If I uncheck all the boxes in that section and then click on Save, the 'Softfail is a hard bounce' and 'Fail is a hard bounce' come back as being checked. If I turn them all off except 'Fail is a hard bounce', then that setting remains. What do I have to do in order to completely disable bounces, even in the case of SPF Fail results? I want to do additional processing in my courierfilters before rejecting these messages. Thanks in advance. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Does auth_passwd work with authldap?
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: Using the standard configuration of authldap, can the auth_passwd() routine change a given user's authentication password that's stored within the LDAP repository? I'm referring to the field referenced by LDAP_CRYPTPW in authldaprc. If so, what should the service argument be set to when making the auth_passwd call, and how do I ensure that the proper encryption method is used? The service parameter is not relevant here. authldap will use the same encryption method as the existing password. Thank you very much. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Does auth_passwd work with authldap?
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: Using the standard configuration of authldap, can the auth_passwd() routine change a given user's authentication password that's stored within the LDAP repository? I'm referring to the field referenced by LDAP_CRYPTPW in authldaprc. If so, what should the service argument be set to when making the auth_passwd call, and how do I ensure that the proper encryption method is used? The service parameter is not relevant here. authldap will use the same encryption method as the existing password. Thanks again for your feedback about this. However, there is something wrong and I can't get auth_passwd() to change any of the passwords stored in the LDAP repository that is managed by authldap. The auth_login() call works fine, and so I know that the user name and password are correct. However, the auth_passwd() call always fails with a -1 return code when I try to use it to change the password. The authldap module is working fine for all my Courier authentication. This is using the latest courier and authlib releases. Furthermore, external LDAP maintenance tools are able to log in to the repository and change data (including passwords) without any problem. And finally, the LDAP_BINDDN and LDAP_BINDPW values are indeed set properly in authldaprc. Is there some sort of authldap configuration option that's necessary in order for auth_passwd() to function properly? Or ... ??? Thanks yet again. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Does auth_passwd work with authldap?
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: And finally, the LDAP_BINDDN and LDAP_BINDPW values are indeed set properly in authldaprc. Is there some sort of authldap configuration option that's necessary in order for auth_passwd() to function properly? Or ... ??? No. I would suggest setting DEBUG_LOGIN=2 in authdaemond, and see what gets logged. Although there are no debug messages in the code, at the moment, that log what happens during a password change attempt, at least you'll be logging what happens during authentication. Thanks. OK I did that, and when I made the password change attempt, I got this error in syslog: Jan 16 16:59:51 authdaemond: LDAP modify failed: Insufficient access Everything else that came prior to that was the logging of a successful operation. Does anyone know what I have to do in order to give authdaemond/authldap sufficient access to modify the database? -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Does auth_passwd work with authldap?
Lloyd Zusman [EMAIL PROTECTED] writes: [ ... ] Thanks. OK I did that, and when I made the password change attempt, I got this error in syslog: Jan 16 16:59:51 authdaemond: LDAP modify failed: Insufficient access I looked inside of authldap.c and found this: else { int ld_errno; mods[mod_index]=0; /* On a system which uses LDAP_AUTHBIND, we probably want to use the user's credentials (bindp) rather than the search credentials (my_ldap_fp) for performing the password update. (May not always be true, ideally it would be configurable) */ ld_errno = ldap_modify_s(bindp? bindp:my_ldap_fp, dn, mods); if (ld_errno != LDAP_SUCCESS) { rc= -1; DPRINTF(LDAP modify failed: %s, ldap_err2string(ld_errno)); } } Could my problem have something to do with confusion between the use of bindp and my_ldap_fp? If so, is there something I can put inside of authldaprc or slapd.conf to change this behavior? I'm not familiar with this level of detail concerning LDAP. By the way, I'm using openldap-2.0.27. Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Does auth_passwd work with authldap?
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: And finally, the LDAP_BINDDN and LDAP_BINDPW values are indeed set properly in authldaprc. Is there some sort of authldap configuration option that's necessary in order for auth_passwd() to function properly? Or ... ??? No. I would suggest setting DEBUG_LOGIN=2 in authdaemond, and see what gets logged. Although there are no debug messages in the code, at the moment, that log what happens during a password change attempt, at least you'll be logging what happens during authentication. Thanks. OK I did that, and when I made the password change attempt, I got this error in syslog: Jan 16 16:59:51 authdaemond: LDAP modify failed: Insufficient access Everything else that came prior to that was the logging of a successful operation. Does anyone know what I have to do in order to give authdaemond/authldap sufficient access to modify the database? This looks like access controls on your LDAP server. You need to tell your LDAP server that this client is allowed to change the password field. You're all set on the Courier side. You need to fix up the LDAP server side. Other clients can change the password field just fine. For example, I successfully use phpldapadmin to maintain all fields within the database, including the password. I didn't have to do anything special in slapd.conf in order for phpldapadmin to have this capability. Can anyone tell me what I have to do in slapd.conf (or anywhere else) in order to tell my LDAP server that the authldap client is allowed to change the password field ... and preferably, in a way that will not subsequently break phpldapadmin? -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] {CRYPT} with auth_passwd (was: Does auth_passwd work with authldap?)
Lloyd Zusman [EMAIL PROTECTED] writes: [ ... ] Can anyone tell me what I have to do in slapd.conf (or anywhere else) in order to tell my LDAP server that the authldap client is allowed to change the password field ... and preferably, in a way that will not subsequently break phpldapadmin? OK, OK ... I found it. I added this to slapd.conf: access to * by self write by anonymous auth by * read Now, auth_passwd() works fine, and I can still use phpldapadmin as is. But this brings up another issue: When I use auth_passwd(), the new password goes in as a {CRYPT} password, even though the original password was of type {SSHA}. Furthermore, in slapd.conf, the following statement exists: password-hash {SSHA} So what is causing auth_passwd() to ignore that statement as well as the original password type, and to store the password as type {CRYPT}, instead? According to the openldap web site ... {CRYPT} passwords are supported for migration purposes only. Use of {SSHA} passwords is recommended. Is it possible to tell authldap to use the original password type, or at least the password-hash value from slapd.conf, instead of it storing the new password as type {CRYPT}? Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: {CRYPT} with auth_passwd
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: [ ... ] When I use auth_passwd(), the new password goes in as a {CRYPT} password, even though the original password was of type {SSHA}. Furthermore, in slapd.conf, the following statement exists: password-hash {SSHA} Courier does not implement {SSHA}, so it falls back to something it knows. Pick one of: {SHA}, {SHA256}, and {MD5}. Oh ... OK. Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: {CRYPT} with auth_passwd
Gordon Messmer [EMAIL PROTECTED] writes: Lloyd Zusman wrote: OK, OK ... I found it. I added this to slapd.conf: access to * by self write by anonymous auth by * read Yeah... Your users can now change their login shell and uid (attribute uidNumber). Obviously, this is bad. Be specific when granting write access. Only grant access to the specific attributes that users need to be able to change. OK. So what should it look like? Something like this, perhaps? access to userPassword by self write by anonymous auth by * read Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: {CRYPT} with auth_passwd
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: [ ... ] OK. So what should it look like? Something like this, perhaps? access to userPassword by self write by anonymous auth by * read I would say by self read, instead. Yes, makes sense. And now, I realize that it has to be access to attr=userPassword, also. Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Greylisting?
Steve Jacobson [EMAIL PROTECTED] writes: So, does anyone have a good greylisting plugin for Courier already developed and ready to share? Thanks! I'm working on a courierfilter-based plugin, but I wouldn't feel good sharing it yet. I'm working on it in my spare time, of which I don't have a whole lot these days. However, once it's more or less working, I plan to post it here for review. If all goes well, I might have a version by Thansksgiving. Stay tuned ... -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628alloc_id=16845op=click ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Greylisting?
Jay Lee [EMAIL PROTECTED] writes: Lloyd Zusman wrote: I'm thinking about trying greylisting, and I know that I can easily implement it via a simple courierfilter module. Check out http://www.greylisting.org to find out what it is. I already have a multi-layered anti-spam setup, and greylisting would be just one more layer. What are your opinions about greylisting in general, and specifically, its use with Courier? I have not implemented it for two reasons. First, it penalizes legit users by delaying incoming mail, I believe email should be as near instantaneous as possible, that of course is not always possible but delays shouldn't be due to administrative design. Second, while many find it effective now, once it becomes popular enough that spammers take note of it, the spammers will have a fairly easy time working around it. Having said that, many others are using it as a rather effective means of cutting down on spam. Jay Thank you. These are good points. As for adding an administrative burden, if I understand greylisting correctly, the delay will only be incurred for first-time senders. Once an email is resent within a certain time window, the sender is remembered, and no more delaying takes place for his or her subsequent incoming messages. As for your second concern, I agree: spammers can work around this easily. And I have thought of yet another concern: in order to remember those senders who have resent their message within the proper time window, an ever-growing database of addresses needs to be maintained. No entries could ever be removed from this list, if previously encountered senders are to be allowed to avoid the greylisting delay. Of course, this resource of perpetually increasing size could be avoided if every incoming message is subject to a greylisting delay, but that gets us back to the case where legitimate users are penalized with a delay. All this is food for thought, and I now want to reflect on this more before jumping into the greylisting world. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Greylisting?
I'm thinking about trying greylisting, and I know that I can easily implement it via a simple courierfilter module. Check out http://www.greylisting.org to find out what it is. I already have a multi-layered anti-spam setup, and greylisting would be just one more layer. What are your opinions about greylisting in general, and specifically, its use with Courier? Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Selectively allowing illegal domains?
I'm using the BOFHCHECKDNS=1 setting in the esmptd configuration file to automatically reject email from domains that cannot be verified by DNS. However, is there a way to configure courier to automatically reject mail from most illegal domains, but to allow it to come through from a small, preconfigured set of non-existent domains? I want to send mail to my personal address from servers at work that are behind their firewall. All outgoing email from those servers gets an internal, work-specific domain name appended to the address, and that name is not known to the outside world. Therefore, the mail is rejected by my my courier server where my personal address lives. The probability that I can get the IT people at work to change their mail software to accomodate my desires is pretty much zip. Therefore, I'd like to be able to tell courier that this small handful of internally known domain names from work be treated as being legal, even though the DNS test fails for them in the outside world ... and that all other mail from illegal domains still gets rejected. Is this possible? If so, how do I make it happen? Thanks in advance. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. .-, 0__0 / ( oo'---, /oo\ ,\ | | \,=__/ \ / / /--| /| |__|-'|__|' --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Selectively allowing illegal domains?
Jay Lee jlee at pbu.edu writes: Lloyd Zusman wrote: [ ... ] I'd like to be able to tell courier that this small handful of internally known domain names from work be treated as being legal, even though the DNS test fails for them in the outside world ... and that all other mail from illegal domains still gets rejected. What DNS is the Courier Server using? If it's under your control you could make the domain names legal by setting up DNS zones for the illegal domains. If you're not already using your own DNS server, install BIND on your Courier server and have the server use itself for DNS lookups (BIND itself can forward most lookups to your ISP or whoevers DNS servers while responding authoritatively for the illegal domains). If you go this route, I recommend you using something like webmin (http://www.webmin.com) to configure BIND, makes it a lot easier. Another possiblitity is getting the Courier server to use the same DNS servers your internal work network uses that has details about the illegal domains. Jay Thanks for your reply. I run my own dns service (tinydns), and I know that I can put some bogus entries in my database for these domain names. I was just wondering if there is a courier-only way of doing this. The dns entries would have to be bogus, by the way, because there is no way for anyone to access that company's internal dns from outside of their firewall ... and rightfully so. Hmm ... I thought of a way that I might be able to do this in courier: I'm already using SPF, and I'm telling courier not to reject the mail when SPF checks fail, but rather, to just have courier write the SPF-Received headers, which I then check in some home-grown courierfilter modules. I decide at that point whether to accept or reject the email. What I might be able to do is to turn off BOFHCHECKDNS, and then within my home-grown courierfilter, I can reject all sender domains which fail SPF's dns check ... except that handful of internal domains from work. Do you or anyone else see any gotcha's with this approach? Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. .-, 0__0 / ( oo'---, /oo\ ,\ | | \,=__/ \ / / /--| /| |__|-'|__|' --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Selectively allowing illegal domains?
Jay Lee jlee at pbu.edu writes: Lloyd Zusman wrote: [ ... ] I'm already using SPF, and I'm telling courier not to reject the mail when SPF checks fail, but rather, to just have courier write the SPF-Received headers, which I then check in some home-grown courierfilter modules. I decide at that point whether to accept or reject the email. What I might be able to do is to turn off BOFHCHECKDNS, and then within my home-grown courierfilter, I can reject all sender domains which fail SPF's dns check ... except that handful of internal domains from work. The SPF change sounds overly complicated and it means your mailserver will be accepting invalid mail in these cases. I wouldn't recommend it. Thanks again for your reply. Actually, the server doesn't accept in this case. The courierfilter processing takes place during the smtp dialog, before it concludes, and I can therefore reject messages with a 5xx smtp error code from those filters, if I wish. If you know the IP Addresses of the servers that are sending the invalid email you may be able to use smtpaccess to turn off the dns checks for these addresses: x.x.x.x allow,BOFCHECKDNS=0 Try that and see if it works. Thanks, this is a good idea. Sadly, however, it didn't work. Apparently, the BODCHECKDNS=1 in the esmtpd configuration file causes the initial domain check to take place before smtpaccess is consulted. Oh well ... (sigh) ... -- Lloyd Zusman [EMAIL PROTECTED] God bless you. .-, 0__0 / ( oo'---, /oo\ ,\ | | \,=__/ \ / / /--| /| |__|-'|__|' --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Selectively allowing illegal domains?
Lloyd Zusman ljz at asfast.com writes: Jay Lee jlee at pbu.edu writes: [ ... ] If you know the IP Addresses of the servers that are sending the invalid email you may be able to use smtpaccess to turn off the dns checks for these addresses: x.x.x.x allow,BOFCHECKDNS=0 Try that and see if it works. Thanks, this is a good idea. Sadly, however, it didn't work. [ ... ] I lied. I had made two mistakes: (1) spaces instead of a tab character before the allow; (2) I mistyped the IP addresses. Now, after correcting these problems, it works fine. Thanks for all your help. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. .-, 0__0 / ( oo'---, /oo\ ,\ | | \,=__/ \ / / /--| /| |__|-'|__|' --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Another issue with hosteddomains and defaultdomain (was: Can the defaultdomain entry also be in hosteddomains?)
Jeff Jansen [EMAIL PROTECTED] writes: Lloyd Zusman wrote: [ ... ] A related question: can locals be completely empty (or non-existent), as long as all my domains appear in hosteddomains? Sure - you don't need a local domain. Everything can be a hosteddomains - just make sure that the locals file is empty. But if you do this then you'll need to change the username of ALL the users who are on that domain. For instance if your local domain was 'domain.com' and you had users bob and alice then their user names in userdb or mysql or whatever authentication method you use would be bob and alice. If you move 'domain.com' to a hosteddomain then you need to change their user names to be [EMAIL PROTECTED] and [EMAIL PROTECTED]. This is the difference between a local and a hosted domain. This has to change on the server AND it has to change in all your clients. Bob will have to change his email client to log in as [EMAIL PROTECTED]. He can no longer log in as bob. If you've got a lot of clients this can be a *real* pain to get them all to change their logins, so make sure you've got a plan and people know about it before you make the change. HTH Jeff Jansen Yes, I know that about how addresses for locals users are handled to differently from hosteddomain users. Nonetheless, I sincerely thank you for your kindness in taking the time to explain all this. I use LDAP authentication and store two user names for each email user: one of the form user, and the other of the form [EMAIL PROTECTED]. This allows everyone to log in either with or without the domain name. I now have put my one domain that was formerly in locals into hosteddomains, and all works fine. However, there is still an interesting issue that I cannot figure out: Keep in mind that now, all of my domains are in hosteddomains, and locals is empty. Suppose that the domain in defaultdomain is defdom.com, and suppose there is an email account called [EMAIL PROTECTED]. When mail to that user is being processed inside of maildrop, the $USER variable gets set to me, and the $RECIPIENT variable gets set to [EMAIL PROTECTED]. However, for email going to users of all other domains, both the $USER and $RECIPIENT variables in maildrop are both set the same. For example, for [EMAIL PROTECTED], both $USER and $RECIPIENT are set to [EMAIL PROTECTED]. In other words, domain names are absent in the $USER variable during maildrop processing for all addresses that hang off of defaultdomain, even though that domain is defined inside of hosteddomains with all the rest, and even though locals is empty. For all other domains, the domain name is present in the $USER variable during maildrop processing. Can anyone explain why this is occurring? Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Can the defaultdomain entry also be in hosteddomains?
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: The only way I can think of to make this happen would be for me to put my defaultdomain entry also into hosteddomains. If I do that, should I remove it from locals, or do I need to keep it both in locals and hosteddomains? No, a domain can only appear in locals or hosteddomains, but not both. Be sure you understand the difference between the two. A related question: can locals be completely empty (or non-existent), as long as all my domains appear in hosteddomains? The locals file can be empty, but it must exist. If it doesn't exist, Courier uses the single domain from the me configuration file. Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Can the defaultdomain entry also be in hosteddomains?
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: The only way I can think of to make this happen would be for me to put my defaultdomain entry also into hosteddomains. If I do that, should I remove it from locals, or do I need to keep it both in locals and hosteddomains? No, a domain can only appear in locals or hosteddomains, but not both. Be sure you understand the difference between the two. A related question: can locals be completely empty (or non-existent), as long as all my domains appear in hosteddomains? The locals file can be empty, but it must exist. If it doesn't exist, Courier uses the single domain from the me configuration file. I used webadmin to move that one domain from the Local domains section to the Locally hosted domains section (i.e., from locals to hosteddomains). After webadmin did its job, I expected to see an empty locals file in my courier directory. However, webadmin deleted that file, once it contained no more data. Will this cause a problem with courier, given your statement that this file must exist? You also said that me is used if locals doesn't exist, and therefore, there's an ambiguity that I'm not sure how to interpret: given that I have a valid me file, should I create an empty locals file now, or not? Also, if locals needs to exist, shouldn't webadmin refrain from deleting it after it becomes empty? Based on all this, I would guess that a missing locals is probably OK, as long as there is a valid me ... but could you confirm that? Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Can the defaultdomain entry also be in hosteddomains?
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: I used webadmin to move that one domain from the Local domains section to the Locally hosted domains section (i.e., from locals to hosteddomains). After webadmin did its job, I expected to see an empty locals file in my courier directory. However, webadmin deleted that file, once it contained no more data. Will this cause a problem with courier, given your statement that this file must exist? You also said that me is used if locals doesn't It might cause a problem, which can be solved by correctly setting up me. exist, and therefore, there's an ambiguity that I'm not sure how to interpret: given that I have a valid me file, should I create an empty locals file now, or not? No. As long as the domain you have listed in 'me' is not in 'hosteddomains', you should be fine. OOPS! But the me domain _is_ currently in hosteddomains. That's the lone domain that used to be in locals, which I just recently moved to hosteddomains. So ... it appears that there is at least one domain that must be either in me or locals, that being the defaultdomain, right? And therefore, it shouldn't be in hosteddomains at all. And because of that, there's at least one address under every validly configured courier system for which the domain will be stripped from the address before delivery ... namely, the one or more addresses hanging off of defaultdomain, correct? I was hoping to set things up so that _all_ email addresses, including those which are part of defaultdomain, participate in delivery with the domain as part of the address. Is there any way to do this? This is a (hopefully!) clearer statement of my original question in this thread. Hmm ... what if I do this: file contents defaultdomain defdom.com me home.defdom.com (note the home subdomain) locals (empty) hosteddomains defdom.com and others Will this allow mail to [EMAIL PROTECTED] to be delivered to [EMAIL PROTECTED] and not simply foo? ... or will the fact that home.defdom.com appears in me still prevent me from putting defdom.com into hosteddomains? Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Can the defaultdomain entry also be in hosteddomains?
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: Hmm ... what if I do this: file contents defaultdomain defdom.com me home.defdom.com (note the home subdomain) locals (empty) hosteddomains defdom.com and others Will this allow mail to [EMAIL PROTECTED] to be delivered to [EMAIL PROTECTED] and not simply foo? ... or will the fact that home.defdom.com appears in me still prevent me from putting defdom.com into hosteddomains? This'll work. And you don't need an empty locals file. When it doesn't exist, it defaults to 'me', which will work in your case. OK. Thanks a lot. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Can the defaultdomain entry also be in hosteddomains?
All the virtual domains that I host are listed in hosteddomains, except the domain listed in the defaultdomain file. This means, among other things, that during maildrop processing, the USER environment variable is of the form [EMAIL PROTECTED] for all addresses except those which hang off of the main defaultdomain, which show up simply as user, without a domain attached. In order to keep my maildrop processing rules simple and consistent, and for other reasons which I won't go into here, I'd like, if possible, for the defaultdomain to also get processed with @domain.tld attached. The only way I can think of to make this happen would be for me to put my defaultdomain entry also into hosteddomains. If I do that, should I remove it from locals, or do I need to keep it both in locals and hosteddomains? A related question: can locals be completely empty (or non-existent), as long as all my domains appear in hosteddomains? Thanks in advance. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] RPM build error with latest authlib
I downloaded the latest authlib package (courier-authlib-0.57), and I ran the following command: rpmbuild -ta courier-authlib-0.57.tar.bz2 I got these errors (lines manually wrapped): ... lots of other stuff ... Checking for unpackaged file(s): /usr/lib/rpm/check-files /var/tmp/courier-authlib-0.57-1.9-root error: Installed (but unpackaged) file(s) found: /usr/lib/libltdl.a /usr/lib/libltdl.la /usr/lib/libltdl.so /usr/lib/libltdl.so.3 /usr/lib/libltdl.so.3.1.0 RPM build errors: Installed (but unpackaged) file(s) found: /usr/lib/libltdl.a /usr/lib/libltdl.la /usr/lib/libltdl.so /usr/lib/libltdl.so.3 /usr/lib/libltdl.so.3.1.0 This seems to say that something that authlib wants to build is already installed on my system. Can I ignore this, or do I have to do something to eliminate this error before I can continue? Thanks in advance. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Patch to speed up courier build from rpm
Around three months ago, I submitted a patch which greatly speeds up the RPM build. It changes the courier.spec file to cause an empty cache file to be created before each build, and it passes the appropriate parameter to configure so that all of its subsidiary configure steps will use the configuration information that gets cache in that directory. This causes the build to run 2.0-2.5 times faster on my linux box. The cache file gets deleted and recreated before each build, thereby eliminating the danger of inappropriate build information from earlier builds being used. This patch very simple, and it brings about a dramatic improvement in build speed. I'm resubmitting it now, because no one responded to my earlier message about it, and it doesn't appear to have been applied to any of the subsequent courier builds. Actually, a patch like this should probably also be applied to courier.spec.in. I haven't tried that, however. A corresponding patch will also be helpful in the authlib build. *** courier.spec.orig Sat Jun 25 23:41:02 2005 --- courier.specSun Jun 26 07:42:17 2005 *** *** 294,299 %define xflags --enable-unicode=iso-8859-1,utf-8 %endif ! ! %configure %{?xflags: %{xflags}} %{__cat} README.REDHAT EOF --- 294,300 %define xflags --enable-unicode=iso-8859-1,utf-8 %endif ! %define _cache $HOME/.courier-configure-cache ! %{__rm} -f %{_cache} ! %configure %{?xflags: %{xflags}} --cache-file=%{_cache} %{__cat} README.REDHAT EOF -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] RPM build error with latest authlib
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: I downloaded the latest authlib package (courier-authlib-0.57), and I ran the following command: rpmbuild -ta courier-authlib-0.57.tar.bz2 I got these errors (lines manually wrapped): ... lots of other stuff ... Checking for unpackaged file(s): /usr/lib/rpm/check-files /var/tmp/courier-authlib-0.57-1.9-root error: Installed (but unpackaged) file(s) found: /usr/lib/libltdl.a /usr/lib/libltdl.la /usr/lib/libltdl.so /usr/lib/libltdl.so.3 /usr/lib/libltdl.so.3.1.0 RPM build errors: Installed (but unpackaged) file(s) found: /usr/lib/libltdl.a /usr/lib/libltdl.la /usr/lib/libltdl.so /usr/lib/libltdl.so.3 /usr/lib/libltdl.so.3.1.0 This seems to say that something that authlib wants to build is already installed on my system. Can I ignore this, or do I have to do something to eliminate this error before I can continue? You need to install libtool-libs or libtool-ltdl-devel package, first. Hmm ... those were installed, and I have been using them, but perhaps there was an RPM error or something, because I re-installed, and now all is well. Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: sending of mail slowed to a crawl
Sam Varshavchik Wrote: Cam writes: [ ... ] Mail logs are certainly not meaningless. They tell you exactly what happens to every message. [ ... ] See the mail logs. They tell you everything. [ ... ] Look at the mail logs. It's true that there is a lot of information in the mail logs, but at least one piece of data is missing: the HELO/EHLO value. One can debate how useful this information is, but since it's important enough for Courier's SPF code to check, it seems to me that it's also important enough to appear in the logs for us humans to see. Thoughts? -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: sending of mail slowed to a crawl
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: Sam Varshavchik Wrote: Cam writes: [ ... ] Mail logs are certainly not meaningless. They tell you exactly what happens to every message. [ ... ] See the mail logs. They tell you everything. [ ... ] Look at the mail logs. It's true that there is a lot of information in the mail logs, but at least one piece of data is missing: the HELO/EHLO value. One can debate how useful this information is, but since it's important enough for Courier's SPF code to check, it seems to me that it's also important enough to appear in the logs for us humans to see. Thoughts? If the SPF check fails, the error message will indicate the rejected domain (unless the sender's SPF rule specifies a custom error message). Once EHLO/HELO is processed, there's really no benefit in logging this further. It becomes totally and completely unimportant. But what if someone doesn't want to use SPF but still wants to see the HELO/EHLO value in the logs? Every other piece of information in the SMTP dialog is there, why not HELO/EHLO? -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Altering SMTP error response with local mail filters?
Given a local mail filter controlled by instructions in the $HOME/.mailfilters/rcptfilter file (see man localmailfilter), I'd sometimes like the error response for message that are rejected to be set to something other than the default, which is ... 571 Delivery not authorized, message refused. While in most cases, I don't mind this message, for certain rejects, I'd like to override this default and replace it with my own, ad hoc message. Is there a way to do this? Thanks in advance. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Altering SMTP error response with local mail
Sam Varshavchik Wrote: Lloyd Zusman writes: Given a local mail filter controlled by instructions in the $HOME/.mailfilters/rcptfilter file (see man localmailfilter), I'd sometimes like the error response for message that are rejected to be set to something other than the default, which is ... 571 Delivery not authorized, message refused. While in most cases, I don't mind this message, for certain rejects, I'd like to override this default and replace it with my own, ad hoc message. Is there a way to do this? Use the echo statement in rcptfilter to produce a custom error message. Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] courier.spec patch to speed up the rpmbuild
I have made the following change to the courier.spec file in order to speed up the rpmbuild. It tells configure to use a cache file, and it deletes the previous cache file before each build. On my machine, this patch speeds up the configure steps of the build by a factor of 2.0-2.5. This cache file name is passed from the command line of the topmost configure run to the invocations of configure for each subsidiary module. Because it's important that all of these subsidiary configure runs use the same cache file, I specify it under an explicit directory like $HOME instead of using a relative path name. This can be changed to a different directory, as long as it's not a relative path name. Actually, a patch like this should probably also be applied to courier.spec.in. I haven't tried that, however. A corresponding patch will also be helpful in the authlib build. *** courier.spec.orig Sat Jun 25 23:41:02 2005 --- courier.specSun Jun 26 07:42:17 2005 *** *** 294,299 %define xflags --enable-unicode=iso-8859-1,utf-8 %endif ! ! %configure %{?xflags: %{xflags}} %{__cat} README.REDHAT EOF --- 294,300 %define xflags --enable-unicode=iso-8859-1,utf-8 %endif ! %define _cache $HOME/.courier-configure-cache ! %{__rm} -f %{_cache} ! %configure %{?xflags: %{xflags}} --cache-file=%{_cache} %{__cat} README.REDHAT EOF -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Localfilter and hosteddomains?
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: In reading the localmailfilter man page, I noticed the following sentence: The local mail filter only works for addresses that correspond to local accounts. Does this mean that I can only use local mail filters for addresses that correspond to domains in my locals file, or will local filtering also work for domains that are listed in hosteddomains? It'll work for hosteddomains domains too. localmailfilter API requires a local account and a mailbox. The only difference between locals and hosteddomains is in forming the name of the account that corresponds to an E-mail address. Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Localfilter and hosteddomains?
In reading the localmailfilter man page, I noticed the following sentence: The local mail filter only works for addresses that correspond to local accounts. Does this mean that I can only use local mail filters for addresses that correspond to domains in my locals file, or will local filtering also work for domains that are listed in hosteddomains? Thanks in advance. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] The use of hosteddomains and esmptacceptmailfor when relaying?
I have Courier running on two servers, which I will call main.com and alternate.com. There is a domain, call it thedomain.comm whose MX records point to the host main.com. However, I want main.com to route all mail for users in thedomain.com to Courier on alternate.com. I know that I can use the esmptroutes file on main.com to accomplish this. I would put something like this into that file (assuming that the MX for alternate.com is a.mx.alternate.com): thedomain.com: a.mx.alternate.com .thedomain.com: a.mx.alternate.com (I presume that I need both of these) I also know that I would have to put the follwing information into esmptauthclient (with a mode of 400 or 600): a.mx.alternate.com userid password (where userid and password are valid on alternate.com). All this is clear to me, but I'm unsure about the use of hosteddomains and esmtpacceptmailfor in this case. Do I put entries into the following files for thedomain.com and .thedomain.com? ... into hosteddomains on main.com? ... into esmtpacceptmailfor on main.com? ... into hosteddomains on alternate.com? ... into esmtpacceptmailfor on alternate.com? Thanks in advance. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: The use of hosteddomains and esmptacceptmailfor when relaying?
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: I have Courier running on two servers, which I will call main.com and alternate.com. There is a domain, call it thedomain.comm whose MX records point to the host main.com. However, I want main.com to route all mail for users in thedomain.com to Courier on alternate.com. I know that I can use the esmptroutes file on main.com to accomplish this. I would put something like this into that file (assuming that the MX for alternate.com is a.mx.alternate.com): thedomain.com: a.mx.alternate.com .thedomain.com: a.mx.alternate.com (I presume that I need both of these) I also know that I would have to put the follwing information into esmptauthclient (with a mode of 400 or 600): a.mx.alternate.com userid password (where userid and password are valid on alternate.com). All this is clear to me, but I'm unsure about the use of hosteddomains and esmtpacceptmailfor in this case. Do I put entries into the following files for thedomain.com and .thedomain.com? ... into hosteddomains on main.com? ... into esmtpacceptmailfor on main.com? Into esmtpacceptmailfor. ... into hosteddomains on alternate.com? ... into esmtpacceptmailfor on alternate.com? Into hosteddomains. Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] postmaster alias for all domains in hosteddomains?
Is there a shorthand method for creating a postmaster alias for each domain listed in the hosteddomains file? I know I can do it the long way by explicitly creating these aliases as follows. If my hosteddomains file contains these domains ... hosteddomain1.com hosteddomain2.com hosteddomain3.com hosteddomain4.com ... I can generate a postmasters file like this under the COURIER/aliases directory, and then I can invoke makealiases: [EMAIL PROTECTED]:admin [EMAIL PROTECTED]:admin [EMAIL PROTECTED]:admin [EMAIL PROTECTED]:admin (assuming that the admin account is where I want all postmaster email to go) But as I add, modify, or remove domains in hosteddomains, I then have to remember to make the corresponding changes to this postmasters file. What I'm looking for is a way to set up a generic alias that might look something like this: [EMAIL PROTECTED]:admin ... where the * or its moral equivalent represents all of the domains that appear in hosteddomains. This would alleviate the need for me to explicitly generate each and every one of these aliases. And yes, I know how to write a script to read my hosteddomains file, automatically generate a new postmasters file based on its contents, and then run makealiases. In fact, I have already written such a script. But the problem with this is that I have to remember to always run this script every time I change the contents of hosteddomains. This is especially problematic if I'm using webadmin to manage hosteddomains. Any ideas? -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: postmaster alias for all domains in hosteddomains?
Ben Kennedy [EMAIL PROTECTED] writes: Lloyd Zusman wrote at 2:00 pm (-0400) on 05 6 2005: Is there a shorthand method for creating a postmaster alias for each domain listed in the hosteddomains file? I asked about this a couple of years ago. The answer was no. It would be an *immensely* useful feature. I agree. Oh well ... (sigh) Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: AuthCourier with spamassassin?
Alan Milligan Wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lloyd, This finally brings me to my questions: has anyone had any experience with AuthCourier and spamd? If so, does it work well? Are there any gotchas? Yes, this works as advertised. However, you will have to adjust where to look for the authdaemon socket since Sam moved it as part of the courier-authlib separation. Thank you. I now tried AuthCourier with SpamAssassin-3.0.3, and it only works if I set the permissions of the /var/spool/authdaemon directory to 751 (they originally were 750). This is needed because that directory is owned by courier:courier, but spamd changes to a non-privileged user ID before getpwuid() or getpwnam() get called (AuthCourier replaces these routines with versions which get their info from the authdaemon socket). Do any of you see a problem with using 751 for the permissions on that directory? Hmm ... or perhaps I should change my spamassassin startup file to force spamd to run as user courier. Does anyone see a problem with that? Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: AuthCourier with spamassassin?
Lloyd Zusman Wrote: [ ... ] I now tried AuthCourier with SpamAssassin-3.0.3, and it only works if I set the permissions of the /var/spool/authdaemon directory to 751 (they originally were 750). [ ... ] I was wrong about this. It wasn't working for a different reason. The call to spamc needs to be made using the -u option, passing in Courier's idea of the user id. In my maildroprc, I had to do this: import USER xfilter /usr/bin/spamc -u $USER if ( /^X-Spam-(Flag|Status): *yes/ ) { # do something appropriate with the spam } For normal users, the $USER variable is set to the unix user ID. However, for virtual users, this variable gets set to the virtual user's email address (e.g., [EMAIL PROTECTED]). In either case, AuthCourier causes spamd to treat the home directory appropriately (for normal users, it's the unix HOME directory; for my virtual users, it's /var/vmail/[EMAIL PROTECTED]). The reason -u $USER has to be supplied to spamc is this: without that argument, spamd will query against the vmail user for virtual accounts (this is the owner of /var/vmail on my system). Even with AuthCourier, that just returns /var/vmail as the home directory. So now, it's all working. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] AuthCourier with spamassassin?
I'm now using what I'll call a mixed configuration of email accounts. Some are what I'm calling normal accounts, which are for users with HOME directories; Courier delivers email into the user's $HOME/Maildir subdirectory. The user and group ownership of Maildir are the same as the unix ownership of the HOME directory. The other accounts are what I'm calling virtual accounts, which are for for non-shell users. These all live under /var/vmail, and they are all owned by a single vmail owner and vmail group. Each maildrop is a subdirectory such as this: /var/vmail/[EMAIL PROTECTED]/Maildir, where [EMAIL PROTECTED] is the recipient's email address, and where domain.com is in hosteddomains. This works fine except for one key part of my email delivery software suite: spamassassin. That program looks in each user's HOME directory (based on the unix uid and gid of the caller to spamassassin or spamc) for a .spamassassin subdirectory containing that user's spam filtering directives. For normal accounts, there is no problem, but spamassassin always looks in /var/vmail/.spamassassin for all of the virtual accounts, which means that for them, I can't maintain per-account spamassassin configuration. To solve this problem, someone came up with a patch to spamd called AuthCourier (see http://da.andaka.org/Doku/courier-spamassassin.html) which causes it to get its idea of a user's HOME directory from courier-authlib. If this works as advertised, in my case it would cause spamassassin to look for the .spamassassin subdirectory under /var/vmail/[EMAIL PROTECTED] instead of under /var/vmail. This finally brings me to my questions: has anyone had any experience with AuthCourier and spamd? If so, does it work well? Are there any gotchas? Or perhaps is there another solution to my problem that doesn't require a spamassassin patch? That would be ideal, because then I wouldn't have to remember to repatch it every time I upgrade. Thanks in advance. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Using LDAP with virtual and normal accounts
I have another authldap question: Assume the following setup for a user with a virtual account: LDAP_HOMEDIR (homeDirectory): /var/vmail/[EMAIL PROTECTED] LDAP_UID (uidNumber): owner of /var/vmail tree LDAP_GID (gidNumber): group of /var/vmail tree LDAP_MAIL (mail): [EMAIL PROTECTED] virtual.com is in hosteddomains. This works fine for the delivery of email to [EMAIL PROTECTED], which properly ends up under /var/vmail/[EMAIL PROTECTED]/Maildir. Also, the user can retrieve email via IMAP as long as he/she logs in as [EMAIL PROTECTED]. However, I want the user to log using simply whoever, not [EMAIL PROTECTED]. How do I enable this capability via authldap? Thanks in advance. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Using LDAP with virtual and normal accounts
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: I have another authldap question: Assume the following setup for a user with a virtual account: LDAP_HOMEDIR (homeDirectory): /var/vmail/[EMAIL PROTECTED] LDAP_UID (uidNumber): owner of /var/vmail tree LDAP_GID (gidNumber): group of /var/vmail tree LDAP_MAIL (mail): [EMAIL PROTECTED] virtual.com is in hosteddomains. This works fine for the delivery of email to [EMAIL PROTECTED], which properly ends up under /var/vmail/[EMAIL PROTECTED]/Maildir. Also, the user can retrieve email via IMAP as long as he/she logs in as [EMAIL PROTECTED]. However, I want the user to log using simply whoever, not [EMAIL PROTECTED]. How do I enable this capability via authldap? Add a second 'mail' attribute to the LDAP record. Aha! Thanks. Previously, the record looked like this: [EMAIL PROTECTED] homeDirectory=/var/vmail/[EMAIL PROTECTED] cn=Virtual User uidNumber=[owner of /var/vmail tree] gidNumber=[group of /var/vmail tree] userPassword=[encrypted password] So, I presume that it should now look like this: [EMAIL PROTECTED] mail=whoever homeDirectory=/var/vmail/[EMAIL PROTECTED] cn=Virtual User uidNumber=[owner of /var/vmail tree] gidNumber=[group of /var/vmail tree] userPassword=[encrypted password] However, I'm having trouble adding such a record to LDAP, but perhaps that's just a bug in the LDAP client software that I'm using. If this version with two mail attributes is indeed correct (please confirm), then I'll start debugging the LDAP client. Thanks again. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Using LDAP with virtual and normal accounts
Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: Sam Varshavchik [EMAIL PROTECTED] writes: Lloyd Zusman writes: I have another authldap question: Assume the following setup for a user with a virtual account: LDAP_HOMEDIR (homeDirectory): /var/vmail/[EMAIL PROTECTED] LDAP_UID (uidNumber): owner of /var/vmail tree LDAP_GID (gidNumber): group of /var/vmail tree LDAP_MAIL (mail): [EMAIL PROTECTED] virtual.com is in hosteddomains. This works fine for the delivery of email to [EMAIL PROTECTED], which properly ends up under /var/vmail/[EMAIL PROTECTED]/Maildir. Also, the user can retrieve email via IMAP as long as he/she logs in as [EMAIL PROTECTED]. However, I want the user to log using simply whoever, not [EMAIL PROTECTED]. How do I enable this capability via authldap? Add a second 'mail' attribute to the LDAP record. Aha! Thanks. Previously, the record looked like this: [EMAIL PROTECTED] homeDirectory=/var/vmail/[EMAIL PROTECTED] cn=Virtual User uidNumber=[owner of /var/vmail tree] gidNumber=[group of /var/vmail tree] userPassword=[encrypted password] So, I presume that it should now look like this: [EMAIL PROTECTED] mail=whoever homeDirectory=/var/vmail/[EMAIL PROTECTED] cn=Virtual User uidNumber=[owner of /var/vmail tree] gidNumber=[group of /var/vmail tree] userPassword=[encrypted password] However, I'm having trouble adding such a record to LDAP, but perhaps that's just a bug in the LDAP client software that I'm using. If this version with two mail attributes is indeed correct (please confirm), then I'll start debugging the LDAP client. This is correct. It's possible that your LDAP schema prohibits duplicate attributes in a record. It's a simple matter of changing your schema definition. Well, it turns out that my schema does indeed allow duplicate attributes (I'm using openldap with the standard authldap.schema that comes with Courier-authlib). The bug was something different: I was incorrectly having the LDAP client add the above record (with two mail attributes) using the following key: [EMAIL PROTECTED],mail=whoever,ou=Authentication,cd=host,cd=com When I changed the key to this ... [EMAIL PROTECTED],ou=Authentication,cd=host,cd=com ... I was then able to successfully add this dual-mail-attribute record under this key. And everything works fine now. I'm using phpldapadmin as my LDAP client, and I have made a custom template for adding courier mail accounts. What I now do in this template is this: accept the mail attribute from the user and store it into the variable $mail put mail=$mail into the list of attributes in the record that will be added if specified mail attribute contains a @, then take the part of $mail that appears to the left of the @ and store it in the variable $mailfirst put mail=$mailfirst into to the list of attributes in the record that will be added endif put the other attributes into the LDAP record set the key to be mail=$mail,ou=Authentication,dc=host,dc=com (with only a single mail attribute, the one specified) add the record to LDAP using this key Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Using LDAP with virtual and normal accounts
I have a question about the use of LDAP within Courier. I have one set of email addresses whose Maildirs live under the user's home directory. For the purpose of this discussion, I'm calling this a normal email account. For example, if I'm hosting a domain called bar.com and it's listed in my locals file, I might have the following setup: [EMAIL PROTECTED] = /home/foo/Maildir I use these normal accounts for users who have shell access and therefore home directories. I have another class of users who are email-only users. They don't have home directories, and therefore, I am setting up what I'm calling virtual accounts for them. For example the vmail user ID has /var/vmail as its home directory. Each such email-only user has his or her email going to a directory under /var/vmail. If, for example, the domains abc.com and def.com are hosted on my machine, these virtual accounts would be set up like this: [EMAIL PROTECTED] = /var/vmail/[EMAIL PROTECTED]/Maildir [EMAIL PROTECTED] = /var/vmail/[EMAIL PROTECTED]/Maildir I know how to do this in the non-LDAP world under Courier, but now I want to use LDAP to manage all of this. My questions about this are as follows: 1. Is it indeed possible to manage both setups simultaneously using LDAP under Courier? 2. If the answer to #1 is yes, then I believe that the following settings are appropriate in the authldaprc file: For the normal accounts: LDAP_HOMEDIRhomeDirectory (to contain home directory) LDAP_UIDuidNumber (to contain user's uid) LDAP_GIDgidNumber (to contain user's gid) For the virtual accounts: LDAP_MAILROOT /var/vmail LDAP_GLOB_UID vmail LDAP_GLOB_GID vmail However, even with these settings, I don't know what to put into the LDAP database in order to indicate that a given email address is virtual instead of normal, and that it therefore should use one of the /var/vmail Maildirs. In other words, I know that for the [EMAIL PROTECTED] example, above, in the LDAP database I can set homeDirectory to /home/foo, uidNumber to user foo's uid and gidNumber to user foo's gid. However, for the [EMAIL PROTECTED] user, what do I put into the same LDAP database to indicate that it's not a normal account, but rather, one of the virtual accounts that lives under /var/vmail and whose Maildir is /var/vmail/[EMAIL PROTECTED]/Maildir? Thanks in advance. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Using LDAP with virtual and normal accounts
Gordon Messmer [EMAIL PROTECTED] writes: On May 28, 2005, at 12:36 PM, Lloyd Zusman wrote: 1. Is it indeed possible to manage both setups simultaneously using LDAP under Courier? Yes. In such a setup, you have the option of using authpam for the local accounts and authldap for the virtual users, or using authldap for all of them. [ ... ] For the virtual accounts: LDAP_MAILROOT /var/vmail LDAP_GLOB_UID vmail LDAP_GLOB_GID vmail If you're using ldap for all users, then you can't use LDAP_GLOB_UID/ GID, and it's just as easy to leave the first setting off and make sure that your virtual users' home directories are fully qualified in the homeDirectory attribute. OK. I think I understand. When you say leave the first setting off, are you referring to the LDAP_MAILROOT setting? If so, then I think I understand what you're describing here. For handling both cases via authldap, I presume it goes like this ... - I don't use LDAP_MAILROOT, LDAP_GLOB_UID, or LDAP_GLOB_GID at all. - I use homeDirectory (from LDAP_HOMEDIR), uidNumber (from LDAP_UID), and gidNumber (from LDAP_GID) in both cases, as follows: For local users (assume [EMAIL PROTECTED] and somedomain.com in my locals file) homeDirectory:/home/localuser uidNumber:uid for localuser gidNumber:gid for localuser For virtual users (assume [EMAIL PROTECTED] and otherdomain.com in my hosteddomains file): homeDirectory /var/vmail/[EMAIL PROTECTED] uidNumber:uid for user vmail gidNumber:gid for user vmail (where the entire /var/vmail tree is owned by vmail:vmail) Is my understanding correct? [ ... ] If you're using LDAP for all users, then you can add the 'posixAccount' to the objectclass for local users, while the virtual accounts use the 'CourierMailAccount' value. Set up that way, you can also use LDAP instead of the system password files. Thanks. After I get more comfortable with using LDAP here for Courier, I'll then expand my use of it to replace the system password files, in the manner you have described. [ ... ] Put '/var/vmail/[EMAIL PROTECTED]/' in that entry's homeDirectory attribute. One question: do I need the trailing slash for all homeDirectory values? Thanks a lot for your cogent and quite helpful explanations. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Looking for offline ldap help.
I'm an LDAP novice, and I'm trying for the first time to make use of LDAP within Courier and courier-authlib. Not surprisingly, I'm running into a some situations for which I have a lack of knowledge. I'm wondering if someone here who has experience using LDAP within a Courier environment would be willing to contract me privately and help me understand how to set up and use LDAP with Courier. I have a standard, vanilla setup of OpenLDAP running on a linux rh9 box. I got it to the point where it's functioning and I can access it via phpLdapAdmin, and I now want to hook up the Courier and courier-authlib functionality and start using it for authentication and for email aliases. Thanks in advance to anyone who is willing to contact me privately in order to give me some help on this. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Using different syslog facility/level for imapd and esmptd?
Is it possible to configure Courier so that the esmtpd messages go to a different syslog facility or level than those for imapd? Thanks. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7393alloc_id=16281op=click ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Pre- and post-installation hooks for webadmin?
Lloyd Zusman [EMAIL PROTECTED] writes: [ ... ] But this brings up another question: how do I use webadmin to handle *.example.com exactly the same as example.com in the hosteddomains file? Specifically, how do I use webadmin to create wildcard DNS entries in hosteddomains per the Note at the bottom of this section in the documenation for makehosteddomains? [ ... ] Note: There is a period after the '@' character. If you want all mail for ``any.thing.domain.com'' to be delivered as though it were sent to ``domain.com'', you should define an alias for the domain, for example: domain.com .domain.comTABdomain.com In other words, how do I get an .example.comTABexample.com entry into hostededdomains via webadmin? It seems like I can't do this under webadmin. Also, there are a few other things that I still can't do with this utility. So this brings up a new question: I'd like my own, custom-written script to automatically get fired off every time I click on Install new configuration in webadmin. With such a script, I can make sure that extra entries such as .example.comTABexample.com get put into hosteddomains for every appropriate webadmin-based entry. Also, I could have this script automatically cause userdb entries to be created for certain entries in either locals or hosteddomains (I forget which at the moment). And I'm sure that there are other things that I would need it to do. Is there a way to plug in a custom, user-written program to get invoked whenever Install new configuration gets selected in webadmin, so that I won't to have remember to manually invoke this program every time I make webadmin-based changes? If such a thing isn't currently possible, I'm thinking of working on the following webadmin enhancement: In the COURIER/etc directory, the following two files could optionally exist: webadminpreinstall webadminpostinstall Each file would contain one line which consists of a the full pathname of an executable that gets invoked at the time that Install new configuration is selected. The program in webadminpreinstall would get invoked immediately after that link is selected, and before webadmin does anything; the program in webadminpostinstall would get invoked immediately after webadmin performs all of its installation tasks. Each script would be passed arguments that contain all of the important Courier directory pathnames, and any other configuration information that might be needed. If either or both of these files are missing, or if they don't contain a line that points to a valid executable, no pre- or post-installation processing would be performed. Also, these files would need to have very restrictive permissions (either 600 or 400), and the executables referred to would also need to have non-readable/writable/executable permissions for group and other. Yes, I know that this provides enough rope for us to hang ourselves good. However, this will be optional, and therefore, those of us who make use of this feature would be willing to take responsiblity for the consequences. Given that the guts of webadmin are written in perl, it should be fairly easy for me to come up with a small patch that implements this functionality. What do you folks think? -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7393alloc_id=16281op=click ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users