Re: [courier-users] SHA in userdb
Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: SZÉPE Viktor writes: Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: SZÉPE Viktor writes: Hello! Would it be possible to document secure hash (SHA-256) support in userdb? systempw=$5$ Produced with mkpasswd --method=sha-256 PASS SALT What do you mean "document"? Just mention it somewhere. For example on this man page http://www.courier-mta.org/authlib/userdbpw.html The userdbpw tool can only generate the '$1$'-formatted passwords. userdbpw does support the -hmac-sha256 option, which is something else, but which I'll add to the documentation. Thank you. I think you are able to choose a proper location to mention that secure sha-256 passwords could be generated by mkpasswd (but not by userdbpw) SZÉPE Viktor, üzemeltetés https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] SHA in userdb
Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: SZÉPE Viktor writes: Hello! Would it be possible to document secure hash (SHA-256) support in userdb? systempw=$5$ Produced with mkpasswd --method=sha-256 PASS SALT What do you mean "document"? Just mention it somewhere. For example on this man page http://www.courier-mta.org/authlib/userdbpw.html SZÉPE Viktor, üzemeltetés https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] SHA in userdb
Hello! Would it be possible to document secure hash (SHA-256) support in userdb? systempw=$5$ Produced with mkpasswd --method=sha-256 PASS SALT Thanks. SZÉPE Viktor, üzemeltetés https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] szmlink counts as quota
Idézem/Quoting Gordon Messmer <gordon.mess...@gmail.com>: On 05/18/2017 06:31 PM, SZÉPE Viktor wrote: Could it be that that Courier counts Sent folder size three time while calculating quota? Can you test this patch? Thank you!! Sam, could we incorporate this patch? SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] missing MX record
Idézem/Quoting Matus UHLAR - fantomas <uh...@fantomas.sk>: On 10.06.17 14:53, SZÉPE Viktor wrote: RFC 5321 states in https://tools.ietf.org/html/rfc5321#section-5 The lookup first attempts to locate an MX record associated with the name. ... If an empty list of MXs is returned, the address is treated as if it was associated with an implicit MX RR, with a preference of 0, pointing to that host. Were you a ware of that? I think it is very unusual and dangerous. Do modern MTA-s - including Courier - implement that? This behaviour was described in rfc 821 and 2821. AFAIK all MTAs implement this behaviour since MX records were implemented. What and why exactly sounds unusual and dangerous to you? I think it gives us no means to stop emails for a domain. I thought removing the MX record and not listening on port 25 is enough. This way anyone my send an email to a mailserver-less sub/domain. SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] missing MX record
Hello Sam! RFC 5321 states in https://tools.ietf.org/html/rfc5321#section-5 The lookup first attempts to locate an MX record associated with the name. ... If an empty list of MXs is returned, the address is treated as if it was associated with an implicit MX RR, with a preference of 0, pointing to that host. Were you a ware of that? I think it is very unusual and dangerous. Do modern MTA-s - including Courier - implement that? SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] szmlink counts as quota
Hello! I am trying to prevent multiple Trash, Junk, Sent folders created by various mail clients. For example these are the symlinks for Sent: .Sent .Sent Items -> .Sent .Sent Messages -> .Sent Could it be that that Courier counts Sent folder size three time while calculating quota? BTW this account is over 1GB quota while the Maildir folder's size is 481 MB. SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
Idézem/Quoting Alessandro Vesely <ves...@tana.it>: > On Thu 18/May/2017 00:19:07 +0200 Markus Wanner wrote: >> On 17.05.2017 09:48, Alessandro Vesely wrote: >> >>> My suggestion is to avoid disassembling the Courier tarball. That is, have >>> maildrop included by default in courier-mta, and possibly merge it with >>> courier-base as well (why were they split, BTW?) >> >> Flexibility. And separation of concerns. >> >> I like being able to install courier-imap, but not courier-pop, for >> example. Or running just the courier-mta without either of the other >> two. That's quite common for Debian, I'd say. > > Although the real issue is maildrop, let me note the following about > courier-base: > > * couriertcpd could be just suggested or recommended, not required, > > * testmxlookup could be moved to courier-mta, > > * I don't see how maildir utilities can be useful on a standalone > SMTP server. > Perhaps they could be moved to courier-imap, courier-pop, or both. > > Ale > -- Debian policy states that a software should not be in more than one package. It may seem strange that some parts are abstracted out of a common code base. In Debian it is usual to have one software component in one package. For example when you update it you don't have to download and install the whole software. Looking at things from inside Debian these may come handy: you never have to deal with building a software from source, maintainers do that for you. All the best to you! SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: > Markus Wanner writes: > >> I don't quite see how that matters. It's the same set of source files, >> which would need the same set of security fixes, for example. What does >> the duplication of efforts buy us? >> >> I'd rather state that duplication of code is never a good idea, but a >> sign for bad modularization. > > Nothing is duplicated. It's one source repo. Packaging is a > completely different matter. > >> By that reasoning, Debian would have to ship about a dozen variants of >> maildrop packages. That's clearly not going to happen. > > Only one maildrop package is needed. And one courier package, that's it. > >> While I generally agree that it's good practice to remove stuff that's >> really not needed, the courier variant *is* needed (by some users, >> including myself). > > Certainly, and there's a single package that configures and installs > everything: courier. > >> Splitting sources and duplicating efforts only > > Nothing is split. It's the same software, just packaged differently. > >> I'll check if it's feasible to re-add the courier-maildrop package in >> Debian stretch (i.e. the Courier specific variant), but I'd greatly >> appreciate if you could reconsider this split. > > Nothing is split. There are two separate packages, for two separate > situations. One, a single courier package, that includes everything > configured to work together. And the second package is the maildrop > package, configured without any courier dependencies, to be plugged > into other mail servers. That's it. It couldn't be any simpler. > > Did you know that there's also a separate courier-imap package? It's > just the IMAP server component, that can be set up independently, > and glued together with other mail servers. There's also the > sqwebmail package, a mail server-independent webmail server. > > And, of course, the Courier package installs everything, configured > to work with each other. Couldn't be any simpler. > > And things have been this simpler for over 20 years now. That's how > long things have worked this way, with no issues. People get the > right package for them, compile it, and install it. That's it. Hello Sam! I think the Debian maintainer has to bridge the gap of "compile it, and install it" and the strict Debian policies. For example I've learned packaging basics because I would like to have only packages on my servers not individual files without a central system like apt+dpkg. I hope we will find a nice way to package your software by the guidelines of the Debian policies. All the best! SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message delivered, but no message in INBOX
Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: > Lucio Crusca writes: > >> but the maildrop manpage reports: >> >> "-V is ignored when maildrop runs in delivery mode." >> >> and maildropfilter manpage reports the same about the VERBOSE variable. > > Then run maildrop manually, yourself. Run maildrop with -V from the > shell, pipe a test message on standard input, and see what it logs. > >> is there any other switch to make maildrop log informations while >> in delivery mode? >> >> Please advice, I'm at a loss. > > Bottom line is that Debian's Courier package is not correctly built. > If you can't figure out a workaround, there's no other option > besides building your own Courier package, from source. Hello Sam! Could you point out some difference that you feel incorrect? It would help much for maintaining the Debian package. SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] monitoring prgram times out
Idézem/Quoting Matus UHLAR - fantomas <uh...@fantomas.sk>: >>> On 26.03.17 18:44, SZÉPE Viktor wrote: >>>> Running bind is too expensive for me. > >> Idézem/Quoting Matus UHLAR - fantomas <uh...@fantomas.sk>: >>> are you trying to say that it's more expensive than running courier mail >>> server? > > On 29.03.17 13:30, SZÉPE Viktor wrote: >> I'd like to use the DNS resolver from the given datacenter. >> Optimizing and maintaining (thus learning) another linux daemon is >> what really is expensive. > > 1. as I stated, the server should be able to resolve localhost > > 2. if you do any kind of spam detection (blacklist), using others' name > server could result to worse spam detection. Thank you. Most of my Courier installs are satellite servers sending message through one transactional provider like Amazon SES, Mailjet, Mandrill or Sendgrid as I am not able to maintain more than 1 full featured mail server. My mail server with mailboxes has a dedicated resolver server with "unbound". SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] monitoring prgram times out
Idézem/Quoting Matus UHLAR - fantomas <uh...@fantomas.sk>: > On 26.03.17 18:44, SZÉPE Viktor wrote: >> Running bind is too expensive for me. > > are you trying to say that it's more expensive than running courier mail > server? Hello Matus! I'd like to use the DNS resolver from the given datacenter. Optimizing and maintaining (thus learning) another linux daemon is what really is expensive. SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] monitoring prgram times out
Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>:
> SZÉPE Viktor writes:
>
>> Thank you for your support!
>>
>> -nodnslookup is the solution for satellite type server which delivery
>> messages through one smarthost.
>>
>> What should I do on normal (tcp/25,587,465 are open to the internet)
>> mail server where DNS lookup is necessary? Is there a way to exclude
>> localhost from DNS lookup on the initial (pre-EHLO) connection?
>
> Looking at the code there does not appear to be a way to select
> -nodnslookup based on the connecting IP address.
>
> There is a facility for selectively setting environment variables
> based on the connecting IP address, the smtpaccess list (see
> makesmttpaccess). But, currently nodnslookup just looks only at the
> parameter.
>
> In tcpd.c, you can try changing
>
>if (nodnslookup) return;
>
> to something like
>
>if (nodnslookup || getenv("NODNSLOOKUP")) return;
>
> and then put
>
> 127.0.0.1allow,NODNSLOOKUP=1
>
> into the smtpaccess file.
>
> But why don't you just run bind locally, and have it handle DNS
> resolution for local zones. You can have it listen only on local IP
> addresses, and thusly inaccessible from the Internet, and then get
> some benefits of a local DNS lookup cache.
Thank you again!
Running bind is too expensive for me. I usually use the caching DNS
resolver in the given datacenter plus µnscd
https://busybox.net/~vda/unscd/ which does local caching for Name
Service - which Courier apparently is not using.
>if (nodnslookup || getenv("NODNSLOOKUP")) return;
Is there a non-zero chance to get this into the next release?
SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
--
+36-20-4242498 s...@szepe.net skype: szepe.viktor
Budapest, III. kerület
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] monitoring prgram times out
Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: > SZÉPE Viktor writes: > > >> 2) Is it possible for Courier to skip DNS lookups for "localhost"? >> >> I wonder why Courier is not using gethostbyname(). >> /etc/hosts contains: >> 127.0.0.1 localhost.localdomain localhost > > gethostbyname/gethostbyaddr can only look up A addresses. Courier > needs MX records, and so needs to use its own resolver; and with its > own DNS resolver code already in place, it makes no sense to use > different resolvers. > > There are several options in the esmtpd config file that control DNS > lookups on incoming connections: > > BOFHCHECKDNS; and TCPDOPTS passes through the options to > couriertcpd, such as -nodnslookup. Thank you for your support! -nodnslookup is the solution for satellite type server which delivery messages through one smarthost. What should I do on normal (tcp/25,587,465 are open to the internet) mail server where DNS lookup is necessary? Is there a way to exclude localhost from DNS lookup on the initial (pre-EHLO) connection? SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] monitoring prgram times out
Hello! I am using 0.73.1-1.6 A monitoring program called "Monit" checks port 25 on localhost. Courier listens only on localhost on this server. Monit sends: EHLO localhost QUIT Source code: https://bitbucket.org/tildeslash/monit/src/8584ce1f0a2af60ca615e126c37284238d611e29/src/notification/SMTP.c?at=master=file-view-default#SMTP.c-193:216 Rarely it times out after 5 seconds. This incident is several months old. 1) Could failed DNS lookups be the reason? PTR? 1.0.0.127.in-addr.arpa. A? localhost. ? localhost. 2) Is it possible for Courier to skip DNS lookups for "localhost"? I wonder why Courier is not using gethostbyname(). /etc/hosts contains: 127.0.0.1 localhost.localdomain localhost Thank you! tcpdump: 17:52:17.510906 IP (tos 0x0, ttl 64, id 50144, offset 0, flags [DF], proto UDP (17), length 68) 185.33.146.202.44816 > 81.2.192.131.53: 36007+ PTR? 1.0.0.127.in-addr.arpa. (40) 17:52:17.511163 IP (tos 0x0, ttl 63, id 15247, offset 0, flags [none], proto UDP (17), length 91) 81.2.192.131.53 > 185.33.146.202.44816: 36007* 1/0/0 1.0.0.127.in-addr.arpa. PTR localhost. (63) 17:52:17.511296 IP (tos 0x0, ttl 64, id 50145, offset 0, flags [DF], proto UDP (17), length 55) 185.33.146.202.57740 > 81.2.192.131.53: 25967+ A? localhost. (27) 17:52:17.511542 IP (tos 0x0, ttl 63, id 15248, offset 0, flags [none], proto UDP (17), length 130) 81.2.192.131.53 > 185.33.146.202.57740: 25967 NXDomain 0/1/0 (102) 17:52:17.511657 IP (tos 0x0, ttl 64, id 50146, offset 0, flags [DF], proto UDP (17), length 55) 185.33.146.202.50565 > 81.2.192.131.53: 30003+ ? localhost. (27) 17:52:17.511880 IP (tos 0x0, ttl 63, id 15249, offset 0, flags [none], proto UDP (17), length 130) 81.2.192.131.53 > 185.33.146.202.50565: 30003 NXDomain 0/1/0 (102) 17:52:17.512032 IP (tos 0x0, ttl 64, id 50147, offset 0, flags [DF], proto UDP (17), length 68) 185.33.146.202.43555 > 81.2.192.131.53: 59819+ PTR? 1.0.0.127.in-addr.arpa. (40) 17:52:17.512265 IP (tos 0x0, ttl 63, id 15250, offset 0, flags [none], proto UDP (17), length 91) 81.2.192.131.53 > 185.33.146.202.43555: 59819* 1/0/0 1.0.0.127.in-addr.arpa. PTR localhost. (63) 17:52:17.512372 IP (tos 0x0, ttl 64, id 50148, offset 0, flags [DF], proto UDP (17), length 55) 185.33.146.202.57447 > 81.2.192.131.53: 64566+ A? localhost. (27) 17:52:17.512590 IP (tos 0x0, ttl 63, id 15251, offset 0, flags [none], proto UDP (17), length 130) 81.2.192.131.53 > 185.33.146.202.57447: 64566 NXDomain 0/1/0 (102) 17:52:17.512697 IP (tos 0x0, ttl 64, id 50149, offset 0, flags [DF], proto UDP (17), length 55) 185.33.146.202.36041 > 81.2.192.131.53: 28274+ ? localhost. (27) 17:52:17.512954 IP (tos 0x0, ttl 63, id 15252, offset 0, flags [none], proto UDP (17), length 130) 81.2.192.131.53 > 185.33.146.202.36041: 28274 NXDomain 0/1/0 (102) SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] SSL Report on Courier's TLS settings (includes answer)
Hello Courier users!
Up to now I was not aware that Qualys' SSL test could be used on other
ports than 443.
Here is how.
1) You spin up an hourly billed VPS (like UpCloud) Probably your 443
port is already used for production websites.
2) Enable IP forwarding
echo 1 > cat /proc/sys/net/ipv4/ip_forward
3) Route all tcp/443 traffic to your Courier installation
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT
--to-destination ${COURIER_IP}:465
iptables -t nat -A POSTROUTING -p tcp --dst ${COURIER_IP} --dport 465
-j SNAT --to-source ${TEMPORARY_VPS_IP}
pre-4) Add an exception in Fail2ban for ${TEMPORARY_VPS_IP}
4) Enter the VPS' reverse host name
https://www.ssllabs.com/ssltest/
Of course there will be a CN mismatch but all the rest of Qualys' fine
report will show you all the details.
All the best!
SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
--
+36-20-4242498 s...@szepe.net skype: szepe.viktor
Budapest, III. kerület
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Amazon SES "/SECURITY=REQUIRED set, but TLS is not available"
Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: > SZÉPE Viktor writes: > >> 6) telnet email-smtp.us-west-2.amazonaws.com 587 >> 220 email-smtp.amazonaws.com ESMTP SimpleEmailService-1868680227 >> MmKC14V2dPS1oRPRtSjF >> >> Courier says: /SECURITY=REQUIRED set, but TLS is not available >> Could it be that Courier compares the SMTP banner >> (email-smtp.amazonaws.com) to the certificate CN, not the specified >> host name (email-smtp.us-west-2.amazonaws.com) ? > > Looks like that server uses a self-signed certificate, and if it's > not added to your trusted certificate store, TLS negotiation will > fail. > > You would think that Amazon has the resources to pay itself a few > bucks each year, for a properly signed certificate. > > You'll have to reset TLS_VERIFYPEER to NONE, in the esmtpd-ssl config file. Thank you for your answer. $ grep ^TLS_VERIFYPEER /etc/courier/* /etc/courier/courierd:TLS_VERIFYPEER=NONE /etc/courier/esmtpd:TLS_VERIFYPEER=NONE esmtpd-ssl is not installed (on Debian it is the courier-mta-ssl package) Amazon has a properly signed certificate. Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4 You may get it by openssl s_client -connect email-smtp.us-west-2.amazonaws.com:587 -starttls smtp -crlf Please try adding this to esmtproutes #: email-smtp.us-west-2.amazonaws.com,587 /SECURITY=REQUIRED and this to esmtpauthclient email-smtp.us-west-2.amazonaws.com,587 SOMEID SOMEKEY and try to send a simple email with courier. I do hope Amazon SES is supported. Thank you! SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Amazon SES "/SECURITY=REQUIRED set, but TLS is not available"
Hello! I hope Amazon SES is "supported" by courier. 0) courier 0.73.1-1.6 libssl 1.0.1t-1+deb8u6 1) SES requires STARTTLS, so without /SECURITY=REQUIRED SES says: 530 Must issue a STARTTLS command first 2) TLS_VERIFYPEER=NONE in courierd 3) openssl s_client -connect email-smtp.us-west-2.amazonaws.com:587 -starttls smtp -crlf says: subject=/C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=email-smtp.us-west-2.amazonaws.com issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4 Verify return code: 0 (ok) 4) ECDHE-RSA-AES256-GCM-SHA384 is used during s_client, it is in TLS_CIPHER_LIST 5) in esmtproutes: : email-smtp.us-west-2.amazonaws.com,587 /SECURITY=REQUIRED 6) telnet email-smtp.us-west-2.amazonaws.com 587 220 email-smtp.amazonaws.com ESMTP SimpleEmailService-1868680227 MmKC14V2dPS1oRPRtSjF Courier says: /SECURITY=REQUIRED set, but TLS is not available Could it be that Courier compares the SMTP banner (email-smtp.amazonaws.com) to the certificate CN, not the specified host name (email-smtp.us-west-2.amazonaws.com) ? Thank you! SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] RBL answers
Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: > Gordon Messmer writes: > >> I was checking the RBL queries and answers on a server this morning, >> when I noticed this in the responses: >> Please stop asking for ANY.See draft-ietf-dnsop-refuse-any >> >> Both spamhaus and abuseat provide this text in their replies to >> Courier's RBL lookups. >> >> Is it worth considering A and TXT record lookups rather than ANY, given >> the request to stop sending requests for ANY result? Might that request >> indicate that requests for ANY will not be supported in the future? > > Right now you can explicitly specify a message, to issue an A query: > > "-block=zen.spamhaus.org,Go away!" > > and this will result in an A query instead of an ANY. > > ANY was a convenient way to get both an IP address code from the > blocklist, as well as the blacklist-provided custom message. > > The referenced document is a general DNS document, not particular to > blacklists. But, because they're returning this response, this means > they're on board with this, and don't want ANY requests. Have to > respect that. > > I'll change the logic to always request for A record, unless the > custom message is explicitly set to '*', which will result in a TXT > query. > > In the long run this will be counterproductive, since the existing > blacklists will now result in a generic "Access denied." bounces, > instead of the blacklist-provided message that will point back to > the blacklist. But, it's their decision to make. I think Courier should issue an A query and if it is positive than a TXT one to get the description. What do you think about it? SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Announcing the Oxford Dictionaries API! The API offers world-renowned dictionary content that is easy and intuitive to access. Sign up for an account today to start using our lexical data to power your apps and projects. Get started today and enter our developer competition. http://sdm.link/oxford ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] disposable addresses
Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: > SZÉPE Viktor writes: > >> >> Hello! >> >> I've found a list of domains with the MX record mail.mailinator.com. >> (23.239.11.30) >> >> Is there a way to throw away all emails going to mail.mailinator.com. ? >> >> Thank you. > > The "bofh badmx" setting in the courier config file. See the > courier(8) man page. I've sent an email from Horde webmail running on my mailserver and the message got delivered while having: badmx 62.149.128.135 in bofh I think localhost is whitelisted from bofh rules. Mar 10 20:36:43 szerver courieresmtp: id=002401F9.58C3004A.6D41,from=<vik...@szepe.net>,addr=<szepevik...@aruba.it>,size=2449,success: delivered: mailfree.aruba.it [62.149.128.135] Is there a solution to avoid delivery of locally originated emails? (bulk mail for example) SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Announcing the Oxford Dictionaries API! The API offers world-renowned dictionary content that is easy and intuitive to access. Sign up for an account today to start using our lexical data to power your apps and projects. Get started today and enter our developer competition. http://sdm.link/oxford ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] disposable addresses
Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: > SZÉPE Viktor writes: > >> >> Hello! >> >> I've found a list of domains with the MX record mail.mailinator.com. >> (23.239.11.30) >> >> Is there a way to throw away all emails going to mail.mailinator.com. ? >> >> Thank you. > > The "bofh badmx" setting in the courier config file. See the > courier(8) man page. Thank you. My question is about *outgoing* emails. I think badmx is for mail reception. SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Announcing the Oxford Dictionaries API! The API offers world-renowned dictionary content that is easy and intuitive to access. Sign up for an account today to start using our lexical data to power your apps and projects. Get started today and enter our developer competition. http://sdm.link/oxford ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] RBL answers
CloudFlare is also retiring ANY queries. https://blog.cloudflare.com/deprecating-dns-any-meta-query-type/ Idézem/Quoting Gordon Messmer <gordon.mess...@gmail.com>: > I was checking the RBL queries and answers on a server this morning, > when I noticed this in the responses: > Please stop asking for ANY.See draft-ietf-dnsop-refuse-any > > Both spamhaus and abuseat provide this text in their replies to > Courier's RBL lookups. > > Is it worth considering A and TXT record lookups rather than ANY, given > the request to stop sending requests for ANY result? Might that request > indicate that requests for ANY will not be supported in the future? > > -- > Announcing the Oxford Dictionaries API! The API offers world-renowned > dictionary content that is easy and intuitive to access. Sign up for an > account today to start using our lexical data to power your apps and > projects. Get started today and enter our developer competition. > http://sdm.link/oxford > ___ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Announcing the Oxford Dictionaries API! The API offers world-renowned dictionary content that is easy and intuitive to access. Sign up for an account today to start using our lexical data to power your apps and projects. Get started today and enter our developer competition. http://sdm.link/oxford ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] disposable addresses
Hello! I've found a list of domains with the MX record mail.mailinator.com. (23.239.11.30) Is there a way to throw away all emails going to mail.mailinator.com. ? Thank you. SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Announcing the Oxford Dictionaries API! The API offers world-renowned dictionary content that is easy and intuitive to access. Sign up for an account today to start using our lexical data to power your apps and projects. Get started today and enter our developer competition. http://sdm.link/oxford ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Poll: C++11 compiler support
Idézem/Quoting Freddie Witherden <fred...@witherden.org>: > Hi, > > On 05/03/2017 13:03, Sam Varshavchik wrote: >>> $ g++ -o utest u.c >>> u.c: In function ‘int main()’: >>> u.c:5: error: ‘char32_t’ was not declared in this scope >>> u.c:5: error: expected ‘;’ before ‘c’ >>> u.c:6: error: ‘u32string’ is not a member of ‘std’ >>> u.c:6: error: expected ‘;’ before ‘u’ >>> >>> $ g++ -std=c++11 -o utest u.c >>> cc1plus: error: unrecognized command line option "-std=c++11" >> >> Ok, so gcc 4.4 is not going to work. >> >> According to https://wiki.debian.org/LTS, squeeze has EOLed a year ago. >> >>> wheezy with gcc-4.7 >>> >>> $ g++ -o utest u.c >>> u.c: In function ‘int main()’: >>> u.c:5:4: error: ‘char32_t’ was not declared in this scope >>> u.c:5:13: error: expected ‘;’ before ‘c’ >>> u.c:6:4: error: ‘u32string’ is not a member of ‘std’ >>> u.c:6:19: error: expected ‘;’ before ‘u’ >>> >>> $ g++ -std=c++11 -o utest u.c >>> (no output) >> >> Ok, so with wheezy, and going forward, you should be ok by explicitly >> using the -std=c++11 compiler flag. >> >> CentOS 5 also comes with gcc 4.4, and CentOS 5 EOLs and the end of this >> month. But looks like CentOS 6 still uses gcc 4.4, until 2020. That's >> likely to be problematic, but I'd still like to verify this. It's >> remotely possible that Red Hat patched in some C++11 support in their >> build of gcc 4.4. > > You can try with -std=c++0x which enables limited support and has been > available since early 4.x releases. > Works on g++ 4.4: $ g++ -std=c++0x -o utest u.c (no output) SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Poll: C++11 compiler support
Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>:
> The forward match of progress is requiring a clean break from the
> pre-c++11 days. Under consideration is migrating the courier-unicode
> library, used by both Courier and Cone, to use C++11's unicode
> support only.
>
> I am taking a poll whether there's still any notable platforms where
> Courier and Cone is used that's still using an old compiler that
> does not support C++11.
>
> According to gcc's documentation, gcc 4.8.1 was the first version
> with full C++11 support; but it's likely that older versions of gcc
> had sufficient support. gcc 4.5's compliance page gives Unicode
> string literals as supported, so I'm fairly confident of sufficient
> C++11 unicode support at least in gcc 4.5, at the latest.
>
> I'd like to know if your compiler does not support C++11 unicode
> strings. This can be determined with a simple test:
>
> #include
>
> int main()
> {
>char32_t c=0;
>std::u32string u;
>
>return 0;
> }
>
> Save the above as "utest.C", then execute either:
>
> g++ -o utest utest.C
>
> or
>
> g++ -std=c++11 -o utest utest.C
>
> If either one completes without errors, you're good. This is if your
> compiler is "g++", of course. Certain platforms, like Debian,
> FreeBSD, and many others, might have multiple versions of gcc
> installed; typically as "g++NN". Use the appropriate command for
> your gcc.
This is the case in Debian releases:
squeeze with gcc-4.4
$ g++ -o utest u.c
u.c: In function ‘int main()’:
u.c:5: error: ‘char32_t’ was not declared in this scope
u.c:5: error: expected ‘;’ before ‘c’
u.c:6: error: ‘u32string’ is not a member of ‘std’
u.c:6: error: expected ‘;’ before ‘u’
$ g++ -std=c++11 -o utest u.c
cc1plus: error: unrecognized command line option "-std=c++11"
wheezy with gcc-4.7
$ g++ -o utest u.c
u.c: In function ‘int main()’:
u.c:5:4: error: ‘char32_t’ was not declared in this scope
u.c:5:13: error: expected ‘;’ before ‘c’
u.c:6:4: error: ‘u32string’ is not a member of ‘std’
u.c:6:19: error: expected ‘;’ before ‘u’
$ g++ -std=c++11 -o utest u.c
(no output)
jessie with gcc-4.9
$ g++ -o utest u.c
u.c: In function ‘int main()’:
u.c:5:4: error: ‘char32_t’ was not declared in this scope
char32_t c=0;
^
u.c:6:4: error: ‘u32string’ is not a member of ‘std’
std::u32string u;
^
$ g++ -std=c++11 -o utest u.c
(no output)
SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
--
+36-20-4242498 s...@szepe.net skype: szepe.viktor
Budapest, III. kerület
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Future of Courier MTA
Idézem/Quoting Gordon Messmer <gordon.mess...@gmail.com>: > On 02/16/2017 03:36 PM, SZÉPE Viktor wrote: >> Is anyone willing to cooperate with me on fixing Debian-related errors? >> https://github.com/szepeviktor/courier > > > Well, I just sent some more patches to the FreeBSD maintainer to bring > the package up to date. I think I can put in some effort to help > maintain Courier for Debian. Is Ondřej still the package maintainer? Thank you! See https://github.com/oerdnj/deb.sury.org/issues/435#issuecomment-277640732 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823807 Do you have a GitHub user? Or would you prefer to be an official Debian maintainer? SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Development builds of courier, courier-imap, and cone packages
Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: > Download: http://www.courier-mta.org/download.html > > courier, courier-imap, and cone builds 20170218: > > Changes: > > - Fix compilation errors with OpenSSL 1.1.0 Thank you! Could it be that I cannot find this fix neither on sf nor on github? SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Future of Courier MTA
Hello! Honestly I do not know who uses Courier. Maybe no one knows. 1) I am a Debian-only user and it seems no one is maintaining courier-mta. 2) I've never met Exim or Postfix so a switch is not an option for me. 3) I don't use software on Debian without packaging. They are loose files without any control. (That is why I run my own public repo) 4) What are my options for 2017 when I probably switch to Debian stretch? Are big companies with big $$$ using Courier? Is anyone willing to cooperate with me on fixing Debian-related errors? https://github.com/szepeviktor/courier SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] SendGrid certificate problem
Hello! Could it be that Courier MTA cannot be configured to send emails securely (using SSL) to Sendgrid because they have their hostname in SAN not in CN? Thanks. - Forwarded message from "James (SendGrid Support)" <supp...@sendgrid.zendesk.com> - Date: Thu, 16 Feb 2017 22:38:40 + From: "James (SendGrid Support)" <supp...@sendgrid.zendesk.com> ## In replies all text above this line is added to the ticket ## James, Feb 16, 15:38 MST I brought this up to our securities team and they relayed this info to me: Our certificate for smtp.sendgrid.net has a common name (CN) of: ``` Subject: OU=Domain Control Validated, CN=*.smtp.sendgrid.net ``` however, we also have a Subject Alternative Name (SAN) of: ``` X509v3 Subject Alternative Name: DNS:*.smtp.sendgrid.net, DNS:smtp.sendgrid.net ``` so our certificate is technically valid for smtp.sendgrid.net, but the client has to check it according to [Subject Alternative Name](https://en.wikipedia.org/wiki/Subject_Alternative_Name) rules. As for the configuration change, I am not familiar with Courier MTA and I am unsure as to why you're unable to send mail through SendGrid with those settings. It may be best to try reaching out to their support team for more assistance getting that set up (everything looks correct from what I can tell checking out their documentation), or have you already tried that? I look forward to your reply! James | Sr. Support Engineer This email is a service from SendGrid. - End forwarded message - SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Pythonfilter attachments
Idézem/Quoting Gordon Messmer <gordon.mess...@gmail.com>: > On 02/08/2017 10:24 AM, Alessandro Vesely wrote: >> I revamped attachments.py in order to catch Javascript Trojans inside >> a zip, which were driving me crazy. > > > The current version supports libarchive, which should allow you to > blacklist file types inside zip files, as well. Could you mention it in the config file? https://github.com/szepeviktor/courier-pythonfilter/blob/master/pythonfilter.conf#L84 Thanks. SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courierfilter + spamassassin = smtp slow.
Hello Mário! You could use courier-pythonfilter's "whitelist BLOCK" module: https://github.com/szepeviktor/courier-pythonfilter/blob/master/pythonfilter.conf#L32 Then you add a line to /etc/courier/smtpaccess/default 212.52.165.208allow,BLOCK See other whitelist modules too. All the best!! Idézem/Quoting Mário Ferreira <mariobe...@bol.com.br>: > Hi, > > After activating courierfilter with spamassassin, the smtp service was > slow. > > Spamassassin is very important to block spam's! > > Questions: > 1. Is it possible to include whitelist for the courierfilter, thus reducing > the load to the spamassassin whitelist? SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Error message from Remote Server
Idézem/Quoting Michelle Konzack <linux4miche...@gmail.com>: > Good evening, > > I have contacted the abuse@ from an ISP, where a range of 8 IP adrresses > attacking my servers (on all protocols) and now I get this from my > courier: > > 8<-- > This is a delivery status notification from mail.tamay-dogan.net, > running the Courier mail server, version 0.68.2. > > The original message was received on Fri, 27 Jan 2017 23:45:43 +0100 > from localhost (localhost [127.0.0.1]) > > --- > >UNDELIVERABLE MAIL > > Your message to the following recipients cannot be delivered: > > <ab...@cv.net>: > biscmail.cv.net [167.206.112.38]: > >>> STARTTLS > <<< 500 couriertls: connect: error:14094410:SSL > routines:SSL3_READ_BYTES:sslv3 alert handshake failure > > <hostmas...@cv.net>: > biscmail.cv.net [167.206.112.38]: > >>> STARTTLS > <<< 500 couriertls: connect: error:14094410:SSL > routines:SSL3_READ_BYTES:sslv3 alert handshake failure > > --- > > If your message was also sent to additional recipients, their delivery > status is not included in this report. You may or may not receive > other delivery status notifications for additional recipients. > > The original message follows as a separate attachment. > 8<-- > > I have never gotten such error message. > > with the exception of TLS1 things which I have removed last year already > and for my understanding is, that SSLv3 was negotiated with > and failed. If I can not contact them by EMail I have to do an expensiv > long distance call. > > Any suggestions? $ openssl s_client -connect biscmail.cv.net:25 -starttls smtp (my openssl is v1.0.2h) ... Cipher : RC4-MD5 ... Maybe RC4-MD5 is not supported by your Courier installation which very good. You may disable encryption in /etc/courier/esmtproutes cv.net:biscmail.cv.net /SECURITY=NONE All the best! SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courier, PayPal and STARTTLS
Idézem/Quoting Greg Earle <ea...@isolar.dyndns.org>: > I was expecting an incoming e-mail from PayPal but noticed these errors > in my syslog when it tried to deliver it: > > Jan 26 01:11:28 isolar courieresmtpd: [ID 702911 mail.info] > started,ip=[:::173.0.84.227] > Jan 26 01:11:28 isolar courieresmtpd: [ID 952582 mail.error] > courieresmtpd: STARTTLS failed: couriertls: connect: > error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number > Jan 26 01:11:38 isolar courieresmtpd: [ID 702911 mail.info] > started,ip=[:::66.211.168.231] > Jan 26 01:11:39 isolar courieresmtpd: [ID 952582 mail.error] > courieresmtpd: STARTTLS failed: couriertls: connect: > error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number > Jan 26 01:31:28 isolar courieresmtpd: [ID 702911 mail.info] > started,ip=[:::173.0.84.228] > Jan 26 01:31:29 isolar courieresmtpd: [ID 952582 mail.error] > courieresmtpd: STARTTLS failed: couriertls: connect: > error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number > Jan 26 01:31:39 isolar courieresmtpd: [ID 702911 mail.info] > started,ip=[:::66.211.168.231] > Jan 26 01:31:39 isolar courieresmtpd: [ID 952582 mail.error] > courieresmtpd: STARTTLS failed: couriertls: connect: > error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number > > A Google search showed an old thread on here where Sam responded, saying > to set TLS_PROTOCOL to "TLS1" in both "esmtpd" and "esmtpd-ssl". But > that's what I've already got mine set to: > > isolar:1:1100 [/opt/courier/etc] # grep ^TLS_P esmtpd esmtpd-ssl > esmtpd:TLS_PROTOCOL=TLS1 > esmtpd-ssl:TLS_PROTOCOL=TLS1 > > So what do I do? Is there some trickery I can put into smtpaccess/default > to make them not try to do STARTTLS or something? Or some other file? > > I already have some entries for PayPal in there: > > isolar:1:1107 [/opt/courier/etc] # egrep > PayPal\|173.0.84\|66.211.168 smtpaccess/default > # PayPal has their machines crossed > 66.211.168.231 allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0 > 173.0.84.225allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0 > 173.0.84.226allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0 > 173.0.84.227allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0 > 173.0.84.228allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0 > > I don't want to switch back to TLS_PROTOCOL=SSL23 just to suit PayPal ... Hello Greg! In /etc/courier/esmtproutes you may instruct Courier to deliver without STARTTLS txtlocal.co.uk:mx1.emailsrvr.com,25 /SECURITY=REQUIRED In your case - reception - try setting TLS_CIPHER_LIST according to https://mozilla.github.io/server-side-tls/ssl-config-generator/ (set your OpenSSL version) and make sure TLS_CERTFILE points to a valid certificate $ openssl x509 -in $TLS_CERTFILE -noout -text It does not hurt to have a proper certificate. https://github.com/veeti/manuale All the best! SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Looking for new Debian maintainers for courier-mta packages
Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: > Ángel writes: > >> I would recommend automatically adding mkdhparams to /etc/cron.monthly, >> too. > > The Fedora RPM package does precisely that. > >> Also, looking at the patches carried by debian, the numbers 1, 2, 3, 5, >> 6, 7, 9, 12*, 13, 14, 17, 20, 21, 23 and 25 seem quite uncontroversial >> for being applied upstream. Could you add them to your queue to ponder >> their inclusion, Sam? > > I'll be happy to look at them. But I am not familiar with Debian's > bug tracker. You can either provide the URLs, or use Github's bug > tracker. You can access Debian patches from git https://anonscm.debian.org/git/collab-maint/courier.git or from the web: https://packages.debian.org/sid/courier-mta under "Download Source Package" click on courier_*.debian.tar.xz and see debian/patches directory On orphaning. Would it help if I set up a GitHub repo with debian sources and Debian bugs? Any Courier user with some skills could contribute much easier than on debian.org. We could use Travis to run the tests and lintian, and use GitHub Pages to host our Debian repo. Are organizations using Courier on their Debian servers? SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] lo is down
Idézem/Quoting Lindsay Haisley <fmouse-cour...@fmp.com>: > On Wed, 2016-12-28 at 15:44 -0800, Gordon Messmer wrote: >> On 12/28/2016 02:07 PM, Lindsay Haisley wrote: >> > This generally removes any dependency on DNS for resolving >> "localhost". >> >> Courier uses DNS for everything that comes to mind. Modifying >> /etc/hosts won't resolve the problem in question. > > True. > > Another problem which I've had on occasion, although it doesn't sound > as if this is Viktor's problem, is with firewall configuration. If the > default INPUT policy is DROP, and localhost and there's no firewall > rule allowing it, then localhost traffic will be blocked. > > This more or less applies to Linux, although any OS with configurable > kernel-based firewall rules will probably have similar properties. > > Viktor, when this happens, does "ifconfig" show an existing localhost > interface, "lo" or "lo0"? Thank you for your help. I was running only netstat and tcpdump during Monit alerts. I am going to add ifconfig the next time I debug this. Usually it is a provider problem. It occurs when there is a network congestion or I don't know what. From the virtual instances "I" do not see the physical network. And the incident (no response from lo) usually takes 2 or 4 minutes then Monit restarts Courier and everything is back up again. SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] lo is down
Thank you Gordon! After a quick tcpdump. Monit sends: EHLO localhost QUIT Idézem/Quoting Gordon Messmer <gordon.mess...@gmail.com>: > On 12/28/2016 11:02 AM, SZÉPE Viktor wrote: >> Could it be that Courier unbinds from localhost when eth0 is down? > > > If Monit is testing SMTP on localhost, there are a bunch of possible > causes of failure. The most likely, I would think, is that DNS is not > available so one of the SMTP commands issued by Monit fails. > > Check the mail logs for errors at the time the test fails. You're likely > to find the answer there. > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > ___ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] lo is down
Thank you for your answer.
This is my Debian-way hosts file
127.0.0.1 localhost
127.0.1.1 localhost
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
# Original PTR=$(host "$IP" || true)
${IP} ${H} ${H%%.*}
https://github.com/szepeviktor/debian-server-tools/blob/master/debian-setup/hostname#L22-L33
Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>:
> SZÉPE Viktor writes:
>
>>
>> Good evening!
>>
>> I am investigating a strange monitoring phenomenon.
>> localhost (lo interface) is monitored on port 25 with a program
>> called Monit.
>> Monit generates a very small SMTP communication.
>> Usually it is OK.
>>
>> When the Internet-facing interface (eth0) is down - for some reason
>> but not DHCP - the test fails.
>>
>> Of course couriertcpd binds on 127.0.0.1 only as "ADDRESS=127.0.0.1"
>>
>> Could it be that Courier unbinds from localhost when eth0 is down?
>
> Nope.
>
> Sounds like either your entry in /etc/hosts for localhost refers to
> your public IP address, or your monitoring program is set up to
> monitor your public IP address.
SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
--
+36-20-4242498 s...@szepe.net skype: szepe.viktor
Budapest, III. kerület
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] lo is down
Here it is. # https://bitbucket.org/tildeslash/monit/issue/112/smtp-error#comment-14395650 #if failed host localhost port 25 type tcp protocol smtp retry 2 times then restart if failed host localhost port 25 type tcp protocol smtp for 2 cycles then restart Full config: https://github.com/szepeviktor/debian-server-tools/blob/master/monitoring/monit/services/courier-mta#L5-L7 Once I was even starting a shell script when Monit told me that Courier is not responding on 127.0.0.1:25 That included tcpdump, netstat etc. Revealed *nothing* I appreciate your help and advise. Idézem/Quoting Lindsay Haisley <fmouse-cour...@fmp.com>: > On Wed, 2016-12-28 at 20:02 +0100, SZÉPE Viktor wrote: >> Good evening! >> >> I am investigating a strange monitoring phenomenon. >> localhost (lo interface) is monitored on port 25 with a program >> called Monit. >> Monit generates a very small SMTP communication. >> Usually it is OK. >> >> When the Internet-facing interface (eth0) is down - for some reason >> but not DHCP - the test fails. >> >> Of course couriertcpd binds on 127.0.0.1 only as "ADDRESS=127.0.0.1" >> >> Could it be that Courier unbinds from localhost when eth0 is down? >> Thanks. > > I also use Monit, although not to monitor the status of lo. I would > look, for the source of this phenomenon, to the configuration stanza in > /etc/monit/monitrc (or one of the config subfolders of /etc/monit). > > -- > Lindsay Haisley | "UNIX is user-friendly, it just > FMP Computer Services | chooses its friends." > 512-259-1190 | -- Andreas Bogk > http://www.fmp.com| > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] lo is down
Good evening! I am investigating a strange monitoring phenomenon. localhost (lo interface) is monitored on port 25 with a program called Monit. Monit generates a very small SMTP communication. Usually it is OK. When the Internet-facing interface (eth0) is down - for some reason but not DHCP - the test fails. Of course couriertcpd binds on 127.0.0.1 only as "ADDRESS=127.0.0.1" Could it be that Courier unbinds from localhost when eth0 is down? Thanks. SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Fwd: Looking for new Debian maintainers for courier-mta packages
Hello Courier users! I could lend a hand to the maintainer for couple of hours/month. I am Courier user and I am able to put together simple, lintian-free packages https://github.com/szepeviktor/debian-server-tools/tree/master/security/myattackers-ipsets/ipset-persistent/debian Though I've never used Debian's source/build infrastructure. Two things: The package has no git source https://packages.qa.debian.org/c/courier.html Courier upstream has no bug-tracking system. I would choose GitHub as a place to store /debian and to communicate with upstream. Idézem/Quoting Mark Constable <ma...@renta.net>: > Apologies if this is a repost but I couldn't find it in the > courier-users@ archives. > > > Forwarded Message > Subject: Looking for new Debian maintainers for courier-mta packages > Date: Tue, 06 Dec 2016 15:04:59 +0100 > From: Ondřej Surý <ond...@sury.org> > To: debian-de...@lists.debian.org, Willi Mann <wi...@debian.org>, > courier-i...@lists.sourceforge.net > CC: Mark Constable <ma...@renta.net> > > Hi, > > TL;DR I am looking for prospective courier-mta maintainers for Courier > MTA packages. > > a little history - Mark Constable asked me a while ago if I could > prepare updated Courier MTA packages for Ubuntu PPA. As a part of that I > whipped the courier-authlib, courier-unicode and courier packages up to > modern Debian packages standard and did some more improvements to the > packaging (as privilege separation on separate 'courier' user). I also > merged non-TLS and TLS versions and did some more changes (most of it > could be found in debian/changelog and/or in git log). > > I did my best to break as little things as possible, but the changes to > the packages were massive. There's one problem though - I am not active > Courier MTA user, so I can do my best from Debian point of view, but I > am unable to do any extensive testing. > > Therefore I am looking for active Courier MTA users that happen to be > either Debian Developers, Debian Maintainers, or just people that would > be happy to learn the Debian Packaging - I would be more than happy to > provide guidance in such case. > > I have filled RFH (Request for Help) bug on courier package, but nobody > responded so far. Today I have changed that to RFA (Request for > Adoption) and I intend to properly orphan the packages before stretch > release and remove them from next Debian stable release. Well, unless > somebody comes up and makes a hard promise to take care of all Courier > MTA till Debian stretch (next stable) end-of-life and becomes > maintainers. > > Please note that the bug list on src:courier is rather long: > https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no=courier > (143 filled bugs) and it will need some time to comb through the list, > close the non-issues, fix the Debian related bugs and forward the > appropriate bugs to upstream. I would suggest it might be better this > would be a team effort. > > Cheers, > -- > Ondřej Surý <ond...@sury.org> > > > -- > Developer Access Program for Intel Xeon Phi Processors > Access to Intel Xeon Phi processor-based developer platforms. > With one year of Intel Parallel Studio XE. > Training and support from Colfax. > Order your platform today.http://sdm.link/xeonphi > ___ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] strange log messages from courier-imapd
> cat "$PRIV" "$PUB" "$INT" > "$COURIER_COMBINED" The order is - private key (not encrypted) - public key (the certificate) - intermediate certificate(s) Idézem/Quoting John Covici <cov...@ccs.covici.com>: > Thanks for your quick response, so I generated the dhparams, now how > come it says the no start line when I do have such a file and the > start line seems correct? > > Thanks. > > On Wed, 19 Oct 2016 09:44:20 -0400, > SZÉPE Viktor wrote: >> >> Idézem/Quoting John Covici <cov...@ccs.covici.com>: >> >> > Hi. I have been using your imap daemon for some time and it seems to >> > be working, but recently I changed the port to 993 and am using an >> > encrypted connections. I am getting some unusual messages however >> > from my logs -- here is what I am getting: >> > couriertls: /usr/share/dhparams.pem: error:02001002:system >> > library:fopen:No such file or directory - 13 Times >> > >> > >> > Is there supposed to be such a file and if so, what are its contents? >> > >> > Also, I am getting the following >> > couriertls: /etc/courier-imap/imapd.pem: error:0906D06C:PEM >> > routines:PEM_read_bio:no start line - 13 Times >> > >> > The start line looks fine to me and is: >> > -BEGIN CERTIFICATE- >> > >> > I have the private key first and then the certificate which I actually >> > purchased from one of the cheaper authorities. >> > >> > Thanks in advance for any suggestions. >> >> >> Dear John! >> >> > couriertls: /usr/share/dhparams.pem: error:02001002:system >> >> Those are the (missing) Diffie–Hellman parameters for SSL. >> See TLS_DHPARAMS in your config files. (modern Courier only) >> >> I usually issue >> DH_BITS=2048 nice /usr/sbin/mkdhparams >> to regenerate it. >> >> See this script >> https://github.com/szepeviktor/debian-server-tools/blob/master/mail/courier-dhparams.sh >> >> >> > couriertls: /etc/courier-imap/imapd.pem: error:0906D06C:PEM >> >> This is the missing certificate file. >> See TLS_CERTFILE in your imapd-ssl configuration file. >> >> All the best! >> >> >> SZÉPE Viktor >> https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md >> -- >> +36-20-4242498 s...@szepe.net skype: szepe.viktor >> Budapest, III. kerület >> >> >> >> >> >> ------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >> ___ >> courier-users mailing list >> courier-users@lists.sourceforge.net >> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users >> > > -- > Your life is like a penny. You're going to lose it. The question is: > How do > you spend it? > > John Covici > cov...@ccs.covici.com SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] strange log messages from courier-imapd
Idézem/Quoting John Covici <cov...@ccs.covici.com>: > Hi. I have been using your imap daemon for some time and it seems to > be working, but recently I changed the port to 993 and am using an > encrypted connections. I am getting some unusual messages however > from my logs -- here is what I am getting: > couriertls: /usr/share/dhparams.pem: error:02001002:system > library:fopen:No such file or directory - 13 Times > > > Is there supposed to be such a file and if so, what are its contents? > > Also, I am getting the following > couriertls: /etc/courier-imap/imapd.pem: error:0906D06C:PEM > routines:PEM_read_bio:no start line - 13 Times > > The start line looks fine to me and is: > -BEGIN CERTIFICATE- > > I have the private key first and then the certificate which I actually > purchased from one of the cheaper authorities. > > Thanks in advance for any suggestions. Dear John! > couriertls: /usr/share/dhparams.pem: error:02001002:system Those are the (missing) Diffie–Hellman parameters for SSL. See TLS_DHPARAMS in your config files. (modern Courier only) I usually issue DH_BITS=2048 nice /usr/sbin/mkdhparams to regenerate it. See this script https://github.com/szepeviktor/debian-server-tools/blob/master/mail/courier-dhparams.sh > couriertls: /etc/courier-imap/imapd.pem: error:0906D06C:PEM This is the missing certificate file. See TLS_CERTFILE in your imapd-ssl configuration file. All the best! SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] client TLS settings
Good evening! AFAIK an SSL connection is build from the intersection of client & server cypher suites. TLS_PROTOCOL="TLSv1.2:TLSv1.1:TLS1" TLS_CIPHER_LIST="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256.. TLS_DHPARAMS=/etc/courier/dhparams.pem Do these have any effect in /etc/courier/courierd on Courier as SMTP client? Thank you! SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] sendmail's exit status is 67
> #define EX_NOUSER 67 /* addressee unknown */ I think I am having a recipient problem. Idézem/Quoting SZÉPE Viktor <vik...@szepe.net>: > Good morning! > > I happen to have this message from cron: > >> cron mailed bytes of output but got status 0x0043 from MTA > > This is "once in a lifetime", apart from this everything goes normally. > > Here is it's source > > https://anonscm.debian.org/cgit/pkg-cron/pkg-cron.git/tree/do_command.c?id=e9aec2e8226cc755adfaad4e5f45aa2df61cbcab#n629 > > Could it be that cron output is huge (bigger than sizelimit) or > something very simple? > > What is the meaning of 0x43? > > Thank you. > > > > SZÉPE Viktor > -- > +36-20-4242498 s...@szepe.net skype: szepe.viktor > Budapest, III. kerület > > > > > > -- > ___ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] sendmail's exit status is 67
Good morning! I happen to have this message from cron: > cron mailed bytes of output but got status 0x0043 from MTA This is "once in a lifetime", apart from this everything goes normally. Here is it's source https://anonscm.debian.org/cgit/pkg-cron/pkg-cron.git/tree/do_command.c?id=e9aec2e8226cc755adfaad4e5f45aa2df61cbcab#n629 Could it be that cron output is huge (bigger than sizelimit) or something very simple? What is the meaning of 0x43? Thank you. SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Fight against Dridex / Locky
You may block messages with executable attachment (exe,com,scr,pif,bat,cmd,vbs,js ...) and zip-s with executable in them. Idézem/Quoting Jérôme Blion <jerome.bl...@free.fr>: > Hello, > > I'm looking for an efficient way to fight against Locky / Dridex and > such malwares... > > I use courier-pythonfilter with spamassassin + clamav > I added clamav-unofficial-sigs but as the attachment is built on the > fly, it's quite useless. > I use zen.spamhaus.org RBL but it's not enough neither. > > Which solution did you implement to filter that Junk ? > > Best regards. > Jérôme Blion. > > -- > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using > capacity planning > reports.http://sdm.link/zohodev2dev > ___ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Blocking Brute Force Auth Attacks
Try entering your log line and the failregex here http://debuggex.com Idézem/Quoting Nathan Harris <nhar...@eoimaging.com>: > On 7/8/2016 6:06 PM, SZÉPE Viktor wrote: >> Please consider reading and understanding these Courier ban rules: >> >> https://github.com/szepeviktor/debian-server-tools/tree/master/security/fail2ban-conf/filter.d >> >> >> > These rules and overrides have been very helpful. However, there does > not seem to be a case to handle brute force auth attacks against courier > webmail. > > I believe that courier-auth.local needs to add a _daemon line which > includes a match for sqwebmaild. Any advice on editing the following > line to properly do this would be appreciated. > > _daemon = (?:courier)?(?:imapd?|pop3d?)(?:login)?(?:-ssl)? > > > -- > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using > capacity planning > reports.http://sdm.link/zohodev2dev > ___ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Blocking Brute Force Auth Attacks
You may discover some networks that are malicious (shadow nets) I maintain a list of these https://github.com/szepeviktor/debian-server-tools/tree/master/security/myattackers-ipsets Use the shell scripts provided. And take a look at iptables rule counters weekly so you know how successful they are. Chain myattackers-ipset (1 references) pkts bytes target prot opt in out source destination 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0match-set spidernet src reject-with icmp-port-unreachable 240 12305 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0match-set sks-lugan src reject-with icmp-port-unreachable 249 11847 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0match-set shodan-io src reject-with icmp-port-unreachable 105 4280 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0match-set security-scorecard src reject-with icmp-port-unreachable 140 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0match-set mirtelematiki src reject-with icmp-port-unreachable 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0match-set lu-root src reject-with icmp-port-unreachable 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0match-set leonlundberg src reject-with icmp-port-unreachable 3 120 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0match-set hostkey src reject-with icmp-port-unreachable 13 672 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0match-set ering.pl src reject-with icmp-port-unreachable 17 680 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0match-set elan.pl src reject-with icmp-port-unreachable 1002 40883 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0match-set ecatel src reject-with icmp-port-unreachable 4657K 1595M RETURN all -- * * 0.0.0.0/00.0.0.0/0 For example ecatel could have 1002 Courier authentication attacks without these rules. Idézem/Quoting Alexei Batyr' <le...@pcmag.ru>: > Gordon Messmer writes: > >> Authentication over plain text is only allowed if ESMTPAUTH is set in >> etc/courier/esmtpd. To maintain password security, that setting should >> be empty. Instead, use ESMTPAUTH_TLS to enable authentication only >> after TLS is initialized. > > Unfortunately spamers/fishers et al. already mastered SSL and STARTTLS and > successfully use them in brute force and other attacks. > >> I wrote earlier that protecting authentication with encryption would >> leave you with only tools like fail2ban. I should have mentioned that >> the other good option is using an authentication backend that'll lock >> accounts temporarily when there are repeated auth failures. > > Account locking seems not a good idea: attacker could easily and quickly > block all known to him user accounts on particular server. Fail2ban blocks > attacker's IPs instead, leaving legitimate user access to his mail. > Probably better solution would be a similar blocking at MTA level, without > log parsing and firing firewall rules. > > Just FYI: fail2ban block list of my relatively small mail server (approx. > 350 users) now contains more than 1500 IPs. Additional advantage - reducing > overall load to the server because blocked botnet members never more make > continuous connections to the MTA. > > -- > Alexei. > > -- > Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San > Francisco, CA to explore cutting-edge tech and listen to tech luminaries > present their vision of the future. This family event has something for > everyone, including kids. Get more information and register today. > http://sdm.link/attshape > ___ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Blocking Brute Force Auth Attacks
Please consider reading and understanding these Courier ban rules: https://github.com/szepeviktor/debian-server-tools/tree/master/security/fail2ban-conf/filter.d Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: > Nathan Harris writes: > >> For a while now our server has been seeing a lot of brute force >> authentication attacks. Of course the source of these attacks is >> constantly changing. My firewall (pfSense) is running Snort and I am >> using the following custom rules to help. >> >> alert tcp $SMTP_SERVERS 25 -> $EXTERNAL_NET any (msg:"SMTP AUTH brute >> force attack"; content:"535 Authentication failed."; nocase; >> classtype:attempted-user; threshold:type threshold, track by_src, count >> 2, seconds 60; sid:1000500; rev:6;) >> >> alert tcp $SMTP_SERVERS 25 -> $EXTERNAL_NET any (msg:"SMTP ERROR >> potential spam or malware bot"; content:"502 ESMTP command error"; >> nocase; classtype:policy-violation; threshold:type threshold, track >> by_src, count 2, seconds 60; sid:1000501; rev:4;) >> >> alert tcp $SMTP_SERVERS 25 -> $EXTERNAL_NET any (msg:"SMTP SPAMHAUS >> potential spam or malware bot"; content:"511 https://www.spamhaus.org;; >> nocase; classtype:policy-violation; threshold:type threshold, track >> by_src, count 1, seconds 60; sid:1000502; rev:4;) >> >> alert tcp $SMTP_SERVERS 25 -> $EXTERNAL_NET any (msg:"SMTP SPAM detected >> spam or malware bot"; content:"554 Mail rejected - spam detected"; >> nocase; classtype:policy-violation; threshold:type threshold, track >> by_src, count 1, seconds 60; sid:1000503; rev:2;) >> >> This is working fairly well. However, it would also be good to >> immediately block an IPs when an invalid user name is specified. I have >> looked at Fail2Ban which does a similar operation to what I'm doing >> (except on the mail server's firewall). Is there anything more >> sophisticated or a better approach to solving this problem? > > You should check the timestamps in the maillog. Courier's automatic > tarpitting and rate limit is pretty good at keeping things under > control. > > Also, check whether or not you really need to enable authenticated > SMTP on port 25. In most cases you can turn this off completely, and > use only authenticated SMTP on port 587. > > Just last month, on another mailing list one unfortunate soul > discovered that he was succesfully dictionary-attacked, and had a > queue-full of spam. > > No tarpitting will help. fail2ban will work generally well, but it > won't be fool-proof. SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] filtering for aliases
Good morning! Could I convince Courier to filter mail when received for a pipe alias? m...@local.com: |/usr/bin/couriersrs s...@gmail.com Thank you. SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Cron <root@szerver4> /usr/local/sbin/syslog-errors-infrequent.sh
Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>:
> Alexei Batyr' writes:
>
>> Sam Varshavchik writes:
>>
>>> SZÉPE Viktor writes:
>>>
>>>> Hello!
>>>>
>>>> Could you help me where is the syntax error in this address?
>>>>
>>>> Jun 6 21:39:09 szerver4 courieresmtpd:
>>>> error,relay=:::195.228.245.161,from=<optimail-%9566%-
>>>> %22342...@optimail.hu>: 517 Syntax
>>>> error.
>>>>
>>>> AFAIK this is a very high volume newsletter.
>>>
>>> Unfortunately, this "high volume newsletter" violates RFC 2822 with its
>>> email address.
>>>
>>>> From section 3.4.1 of RFC 2822:
>>>
>>> addr-spec = local-part "@" domain
>>>
>>> local-part = dot-atom / quoted-string / obs-local-part
>>>
>>> In this case, the "dot-atom" form of local-part applies.
>>>
>>> Section 3.2.4 spcifies dot-atom as follows:
>>>
>>> atext = ALPHA / DIGIT / ; Any character except controls,
>>>"!" / "#" / ; SP, and specials.
>>>"$" / "%" / ; Used for atoms
>>>"&" / "'" /
>>>"*" / "+" /
>>>"-" / "/" /
>>>"=" / "?" /
>>>"^" / "_" /
>>>"`" / "{" /
>>>"|" / "}" /
>>>"~"
>>>
>>> atom= [CFWS] 1*atext [CFWS]
>>>
>>> dot-atom= [CFWS] dot-atom-text [CFWS]
>>>
>>> dot-atom-text = 1*atext *("." 1*atext)
>>>
>>> In other words, the "%" character is a prohibited character in email
>>> addresses.
>>>
>> Hmm, AFAICS "%" explicitly indicated in 3.2.4 as _allowed_ character. I
>> couldn't find in recent logs incoming mail with "%" in address, but this
>> log line proves that courier outgoing smtp module considers such address as
>> valid:
>> courieresmtp: id=1A5BA195.56F2911C.
>> 3204,from=<eve...@pcweek.ru>,addr=<r.voron...@gs1ru.org>: 250 Requested
>> mail action okay, completed
>
> I read this, initially, as excluding the listed characters, focusing
> on the "except controls, SP, and specials" comment, interpreting
> "specials" as referencing the given list. But on another read, I
> must admit that those characters are allowed.
>
> The actual error here is that % appears next to @, tripping the
> check that special characters may not be consecutive. There are
> reasons for that; namely historic, legacy, address rewriting rules
> (the makepercenthack man page has the details). Don't see any reason
> not to get rid of them, but this won't be a quick fix.
>
> Generally, using special characters, like that, in email addresses
> is not a very good idea.
Thank you for caring about my percent signs.
Could you develop an option for Courier that enables "$" and "%" in
email addresses?
Of course default=disabled.
Thank you!
SZÉPE Viktor
--
+36-20-4242498 s...@szepe.net skype: szepe.viktor
Budapest, III. kerület
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Fwd: Cron <root@szerver4> /usr/local/sbin/syslog-errors-infrequent.sh
Hello! Could you help me where is the syntax error in this address? Jun 6 21:39:09 szerver4 courieresmtpd: error,relay=:::195.228.245.161,from=<optimail-%9566%-%22342...@optimail.hu>: 517 Syntax error. AFAIK this is a very high volume newsletter. Thanks. SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] courier-analog creates directories in root
Good afternoon!
After some grepping in the source, changing
mkdir ("$htmldir/*", 0777);
to
mkdir ("$htmldir/*", 0777) if $html;
solves the problem. Altogether 14 times.
I use analog for stdout reporting only, no HTML necessary.
All the best!
SZÉPE Viktor
--
+36-20-4242498 s...@szepe.net skype: szepe.viktor
Budapest, III. kerület
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Debian "package" for Courier-analog
Good afternoon! It is not a real Debian package but works. https://github.com/szepeviktor/debian-server-tools/blob/master/package/courier-analog-jessie.sh It is built inside my backporting docker container. You can find the three commands to build it in the head comment. (The first one is to backport courier-unicode) Everything goes on in /opt/results/, you find the resulting .deb package there. Anyone is welcome to add docs, lintian says: P: courier-analog: no-upstream-changelog E: courier-analog: debian-changelog-file-missing W: courier-analog: control-file-is-empty conffiles E: courier-analog: no-copyright-file E: courier-analog: description-starts-with-package-name I: courier-analog: description-synopsis-might-not-be-phrased-properly E: courier-analog: extended-description-is-empty P: courier-analog: no-homepage-field I: courier-analog: package-contains-timestamped-gzip usr/share/man/man8/courier-analog.8.gz W: courier-analog: manpage-has-errors-from-man usr/share/man/man8/courier-analog.8.gz 172: warning: macro `HTML-TAG' not defined I: courier-analog: spelling-error-in-manpage usr/share/man/man8/courier-analog.8.gz succesfully successfully I: courier-analog: no-md5sums-control-file All the best! SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Let's encrypt
Good evening! Let's Encrypt also provides you 3 certs: intermediate, public and private. Just install them (symlink them) as any other certificate. The order is: # cat "$PRIV" "$PUB" "$INT" > "$COURIER_COMBINED" This is my workhorse for that task: https://github.com/szepeviktor/debian-server-tools/blob/master/security/cert-update.sh Certbot has serious permission problems: leaves private key with 0644 The other thing is acquiring it. I am learning these tools, as they give me more control https://github.com/diafygi/acme-tiny/blob/master/acme_tiny.py https://github.com/kuba/simp_le Certbot feels like a bloat-ware. But the support is nice. All the best! Idézem/Quoting Jan Müller <muller@gmail.com>: > Hi, > did anyone succeed in installing letsencrypt certificates for imap and/or > smtp? > > Which guide did you follow? > > I did some preliminary googling and this looks not bad: > https://community.letsencrypt.org/t/configure-courier-imap/3620 > > Thanks for noting any caveats that might pop up. > > Regards! > Jan Müller SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Manipulating outgoing messages
Idézem/Quoting Gordon Messmer <gordon.mess...@gmail.com>: > On 05/06/2016 09:44 AM, SZÉPE Viktor wrote: >> Thank you! >> >> How will the message land in the Sent folder? > > https://bitbucket.org/gordonmessmer/courier-pythonfilter/src/3ac9d9109e808bfe1f3df7582cff30e139397795/README?at=default=file-view-default > > The documentation includes a section on "sentfolder", and a maildrop rule. > Thank you. SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Manipulating outgoing messages
Thank you! How will the message land in the Sent folder? https://bitbucket.org/gordonmessmer/courier-pythonfilter/src/3ac9d9109e808bfe1f3df7582cff30e139397795/filters/sentfolder.py?at=default=file-view-default Idézem/Quoting Gordon Messmer <gordon.mess...@gmail.com>: > On 05/04/2016 07:09 PM, Gordon Messmer wrote: >> Seems reasonably straightforward. I'll give it a shot. > > https://bitbucket.org/gordonmessmer/courier-pythonfilter/ > > A "sentfolder" module has been added for anyone else who wants to test it. > > > -- > Find and fix application performance issues faster with Applications Manager > Applications Manager provides deep performance insights into > multiple tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > ___ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] courierd's pid file
Hello! I am just experiencing with systemd. I've noticed that courierd - the sending daemon - does not have a pid file, that is why it cannot be monitored and restarted on failure. (How is it possible to stop it at all? Through its FIFO?) Could you help me to monitor it? Thank you. SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] esmtproutes MX lookup
Hello! My courier v0.73.1 installation has this in esmtproutes : mail.radiomedinstruments.hu,587 /SECURITY=REQUIRED and the corresponding esmtpauthclient line. Somehow Courier looks up the MX record of mail.radiomedinstruments.hu and connects to the MX, not the A record. I's like to use mail.radiomedinstruments.hu as a smarthost. Please advise. Thank you! # tcpdump port 53 23:35:08.362795 IP (tos 0x0, ttl 64, id 20667, offset 0, flags [DF], proto UDP (17), length 73) 192.168.13.30.44016 > 8.8.8.8.53: 16469+ MX? mail.radiomedinstruments.hu. (45) E..IP.@.@..5@u...mail.radiomedinstruments.hu. 23:35:08.368868 IP (tos 0x0, ttl 56, id 30635, offset 0, flags [none], proto UDP (17), length 103) 8.8.8.8.53 > 192.168.13.30.44016: 16469 1/0/0 mail.radiomedinstruments.hu. MX mail.szepe.net. 10 (75) E..gw...8.-..5...S.@@U...mail.radiomedinstruments.hu.P .mail.szepe.net. 23:35:08.369061 IP (tos 0x0, ttl 64, id 20668, offset 0, flags [DF], proto UDP (17), length 60) 192.168.13.30.59822 > 8.8.8.8.53: 6243+ A? mail.szepe.net. (32) E..<P.@.@..5.(...c...mail.szepe.net. 23:35:08.374626 IP (tos 0x0, ttl 56, id 3505, offset 0, flags [none], proto UDP (17), length 76) 8.8.8.8.53 > 192.168.13.30.59822: 6243 1/0/0 mail.szepe.net. A 95.140.33.67 (48) E..L85...8i..c...mail.szepe.net....._.!C SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] sending IP
Thank you very much. Idézem/Quoting Matus UHLAR - fantomas <uh...@fantomas.sk>: > On 29.04.16 17:51, SZÉPE Viktor wrote: >> How should I tell Courier that it should connect on eth1 (not on eth0) >> while sending? > > courier can't select outgoing network interface. > it only can control outgoing IP: > > http://www.courier-mta.org/courier.html#multihomed > http://www.courier-mta.org/courier.html#maybemultihomed SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] sending IP
Hello! How should I tell Courier that it should connect on eth1 (not on eth0) while sending? SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] allow syntax error
Hello! First my server is blacklisted, and Courier bounced back to the sender, as the sender is an alias to the same address as the original recipient it was blacklisted and bounced again. Then courier sent an email to the postmaster (and as it is smarthost it has no local accounts), that message was forwarded to another Courier installation (old 0.65). From: was #@[] and I've got "517 Syntax error." Is there a way the allow reception from #@[] ? Apr 24 19:02:33 mail courieresmtp: id=00061632.571D1849.3472,from=<>,addr=<postmas...@radiomed.hu>: 551 5.2.0 <postmas...@radiomed.hu>: Recipient address rejected: Your IP address is listed at dul.dnsbl.sorbs.net (see http://cgi... Apr 24 19:02:33 mail courieresmtp: id=00061632.571D1849.3472,from=<>,addr=<postmas...@radiomed.hu>,status: failure Apr 24 19:02:33 mail courierd: completed,id=00061632.571D1849.3472 Apr 24 19:02:33 mail courierd: started,id=00061632.571D1849.3472,from=<>,module=dsn,host=,addr= Apr 24 19:02:33 mail courierd: Waiting. shutdown time=none, wakeup time=none, queuedelivering=1, inprogress=1 Apr 24 19:02:33 mail courierd: newmsg,id=0006162F.571D1849.3474: dns; localhost (localhost [127.0.0.1]) Apr 24 19:02:33 mail courierd: started,id=0006162F.571D1849.3474,from=<#@[]>,module=esmtp,host=szepe.net,addr=<postmas...@szepe.net> Apr 24 19:02:33 mail courierd: Waiting. shutdown time=none, wakeup time=none, queuedelivering=2, inprogress=2 Apr 24 19:02:33 mail courierd: completed,id=00061632.571D1849.3472 Apr 24 19:02:33 mail courierd: Waiting. shutdown time=none, wakeup time=none, queuedelivering=1, inprogress=1 Apr 24 19:02:42 mail courieresmtp: id=0006162F.571D1849.3474,from=<#@[]>,addr=<postmas...@szepe.net>: 517 Syntax error. Apr 24 19:02:42 mail courieresmtp: id=0006162F.571D1849.3474,from=<#@[]>,addr=<postmas...@szepe.net>,status: failure Apr 24 19:02:42 mail courierd: completed,id=0006162F.571D1849.3474 SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] feature request
Hello! My Courier installation just got better: no SSL3, only strong ciphers. > Apr 14 10:04:46 szerver courierd: Waiting. shutdown time=Thu Apr 14 > 10:38:03 2016, wakeup time=Thu Apr 14 10:38:03 2016, > queuedelivering=0, inprogress=0 > Apr 14 10:05:00 szerver esmtpd-ssl: couriertls: accept: > error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number > Apr 14 10:05:01 szerver /USR/SBIN/CRON[9287]: (nemethz) CMD > (/home/nemethz/public_pm2/cron-newsletter.sh) I've quotes 3 lines to show that there's no line near the SSL error. It would be nice to have the IP address in that line in the next release. Thank you! SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] handle spam
Idézem/Quoting Gordon Messmer <gordon.mess...@gmail.com>: > On 04/09/2016 09:25 AM, SZÉPE Viktor wrote: >> Looking at Gordon's greylist.py that would be the "remember" part, and >> combining it with DNSBL lookup from whitelist_dnswl.py ... >> but:( I am not a python developer. > > Sounds like another use case for making individual filters conditional. > It's on my list, but I haven't put a lot of time into that code lately. Thank you. An RBL dependent one-time deferring mechanism would be fantastic. SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] excellent SSL results
Hello! I am into setting up Courier's SSL properly = securely. Courier MTA v0.75.0 Intermediate settings from https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=apache-2.4.18=1.0.2d=yes=intermediate I told esmtpd-ssl to listen on https port: https://www.ssllabs.com/ssltest/analyze.html?d=09874751-cb3a-4d39-b10f-3993b1da964e.pub.cloud.scaleway.com=on (self-signed weak cert, but don't care) Q1 "Cipher Suites (sorted by strength as the server has no preference;" Could you please help achieve server order as in Apache SSLHonorCipherOrder? Q2 I've set TLS_CACHEFILE=/var/lib/courier/ssl_cache TLS_CACHESIZE=524288 but still "Session resumption (caching) -> No (IDs assigned but not accepted)" Could you help? Please document TLS_CACHEFILE and TLS_CACHESIZE as they are necessary to reach Qualys A+ Q3 "OCSP stapling -> No" Would it be possible to enable it? Thank you very much! SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/ gampad/clk?id=1444514301=/ca-pub-7940484522588532 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] handle spam
Thank you! > Defer the message for later. Could it be that BLACKLISTS defers all messages at all times? He meant to defer a message on 127.0.0.2 reply *once* then accept it. I think your suggestion will be: "That is possible by developing a courier filter" because courier has to remember that one defer answer and accept the message the second time. Looking at Gordon's greylist.py that would be the "remember" part, and combining it with DNSBL lookup from whitelist_dnswl.py ... but :( I am not a python developer. Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: > SZÉPE Viktor writes: > >> >> Good afternoon! >> >> I've just read on http://psky.me/ >> >> Response Meaning / Recommended Action >> -- >> NOERROR The IP address is question is fine for sending mail.Accept >> the message >> >> 127.0.0.2The IP address in question has been seen with a high rate of >> spam.Defer the message for later. >> >> 127.0.0.3The IP address in question has been seen to have a very high >> rate of spam.Reject the message at SMTP submission. >> >> >> How is it possible to implement deferring with Courier MTA? > > This should be possible by using the settings that are documented in > the couriertcpd manual page in the BLACKLISTS settings. Something > like: > > BLACKLISTS="'-block=dnsbl.example.com,BLOCK/127.0.0.2,450 Go away' > '-block=dnsbl.example.com,BLOCK/127.0.0.3,550 Go away'" > > Keep in mind that these are shell script fragments, so mind the quoting. SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/ gampad/clk?id=1444514301=/ca-pub-7940484522588532 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] handle spam
Good afternoon! I've just read on http://psky.me/ ResponseMeaning / Recommended Action -- NOERROR The IP address is question is fine for sending mail.Accept the message 127.0.0.2 The IP address in question has been seen with a high rate of spam. Defer the message for later. 127.0.0.3 The IP address in question has been seen to have a very high rate of spam. Reject the message at SMTP submission. How is it possible to implement deferring with Courier MTA? SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/ gampad/clk?id=1444514301=/ca-pub-7940484522588532 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] find out IP
Good afternoon! How could I find the connecting IP address that had SSL problems? System Events =-=-=-=-=-=-= Feb 27 12:26:36 szerver courieresmtpd: courieresmtpd: STARTTLS failed: couriertls: accept: error:1406A0B9:SSL routines:GET_CLIENT_HELLO:no cipher match SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] problem with authentication modules
You may see https://wiki.mozilla.org/MailNews:Logging#Generating_a_Protocol_Log Idézem/Quoting György Kövesdi <k...@teledigit.eu>: > On 2016-02-18 23:57, Sam Varshavchik wrote: >>> An error occurred while sending mail. The mail server responded: >>> Mailbox unavailable <user@myserver>. >>> Please check the message recipient "user@myserver" and try again. >> I am unable to find the message "Mailbox unavailable" in Courier's >> source code. Either the error message you're receiving is not from >> Courier, or your email client reports a meaningless, generic error >> message instead of the actual error message it receives from the >> server. >> I don't know whether or not Thunderbird suffers from the "user is >> too stupid to be shown real error messages" malady, that typically >> affects only Microsoft-written software. > > Yes, this is a Thunderbird message. I only see that it tries to > access the mailbox, and the server denies it. On the server I do not > see anything in /var/log/messages (however, the authenticated pop3 > and imap transactions are logged in details). I am not familiar with > the Courier logging system, please help me how to see what happens. > > Many thanx > György Kövesdi > > > -- > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151=/4140 > _______ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] no noreply
Good afternoon! How is it possible to prevent sending messages to non-local noreply@* addresses? SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] no noreply
Thank you. I think your answer is for hosted domains. I am talking about non-local address and all domains. Idézem/Quoting Matus UHLAR - fantomas <uh...@fantomas.sk>: > On 03.02.16 12:24, SZÉPE Viktor wrote: >> How is it possible to prevent sending messages to non-local noreply@* >> addresses? > > you could configure user noreply's courierfilter to reject all mail. > > alternatively, you can configure noreply as spamtrap address that will > prevent them all from > > however, I would put it to kind of trash, sometimes helpful to filter out > non-existing addresses of lists you send mail to... > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > They that can give up essential liberty to obtain a little temporary > safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759 > > -- > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=267308311=/4140 > ___ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] deliver all messages to a local account
Good morning! We are developing a webshop on a server with Courier MTA. Is there a way to delivery every outgoing message (with various recipients) to one local maildir? (And don't send any emails to other hosts.) Thank you! SZÉPE Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Gamin or FAM outdated
The only thing I know about is inotify which is not cross-platform and - I think - included in Gamin. Then unmaintained state of these two projects scares me. -- +36204242498 Ezen a készüléken nehéz gépelni. Elnézést! On January 2, 2016 12:56:44 AM CET, Sam Varshavchik <mr...@courier-mta.com> wrote: >Szépe Viktor writes: > >> >> Good morning! >> >> Is it planned that Gamin and FAM (~10 years old softwares) are >> replaced with a modern one? > >What is the "modern" replacement for FAM and Gamin that you have in >mind? > > > > > >-- > > > > >___ >courier-users mailing list >courier-users@lists.sourceforge.net >Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Gamin or FAM outdated
Good morning! Is it planned that Gamin and FAM (~10 years old softwares) are replaced with a modern one? Thank you. Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] too few deliveries
Good afternoon! I've set up a dedicated Courier-MTA-only server for sending out mail. Only out, no unauthenticated reception, so you must use a password to send messages. In module.esmtp there is MAXDELS=100 but the most I get is courierd: Waiting. shutdown time=none, wakeup time=Fri Dec 11 13:06:50 2015, queuedelivering=239, inprogress=47 Is MAXDELS in module.esmtp the right setting for sending out emails? Could it be the cause that there are not enough emails coming in? Thank you. Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] too few deliveries
Excuse me for the second question. There ARE 239 emails in the queue. Idézem/Quoting Szépe Viktor <vik...@szepe.net>: > Good afternoon! > > I've set up a dedicated Courier-MTA-only server for sending out > mail. Only out, no unauthenticated reception, so you must use a > password to send messages. > > In module.esmtp there is > > MAXDELS=100 > > but the most I get is > > courierd: Waiting. shutdown time=none, wakeup time=Fri Dec 11 > 13:06:50 2015, queuedelivering=239, inprogress=47 > > Is MAXDELS in module.esmtp the right setting for sending out emails? > Could it be the cause that there are not enough emails coming in? > > Thank you. Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] too few deliveries
Thank you! Basically what is the way to raise simultaneous "inprogress" delivery? Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: > Szépe Viktor writes: > >> Excuse me for the second question. >> There ARE 239 emails in the queue. > > Right. And they're waiting for their next scheduled delivery attempt because > their initial one has failed to establish a connection to the remote mail > server. > >> >> >> >> Idézem/Quoting Szépe Viktor <vik...@szepe.net>: >> >> > Good afternoon! >> > >> > I've set up a dedicated Courier-MTA-only server for sending out >> > mail. Only out, no unauthenticated reception, so you must use a >> > password to send messages. >> > >> > In module.esmtp there is >> > >> > MAXDELS=100 >> > >> > but the most I get is >> > >> > courierd: Waiting. shutdown time=none, wakeup time=Fri Dec 11 >> > 13:06:50 2015, queuedelivering=239, inprogress=47 >> > >> > Is MAXDELS in module.esmtp the right setting for sending out emails? >> > Could it be the cause that there are not enough emails coming in? >> > >> > Thank you. >> >> >> Szépe Viktor >> -- >> +36-20-4242498 s...@szepe.net skype: szepe.viktor >> Budapest, XX. kerület >> >> >> >> >> >> -- >> ___ >> courier-users mailing list >> courier-users@lists.sourceforge.net >> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users > > -- > ___ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] too few deliveries
Thank you! All of the messages are uniform, generated by a newsletter software (Oempro) After a fast 20 minutes run all 6000 emails are delivered (mailq hold ~20 emails) I've set MAXDELS to 100 and I expect Courier to deliver to 100 servers simultaneously. But I cannot reach it. Idézem/Quoting Jérôme Blion <jerome.bl...@free.fr>: > Le 2015-12-11 13:25, Szépe Viktor a écrit : >> Thank you! >> >> Basically what is the way to raise simultaneous "inprogress" delivery? >> > > Hello, > > The real question is: How to decrease the mail in the queue waiting > for a new delivery attempt? > You will have to check and investigate what's happening to mails you > are trying to send. > > They may be delayed due to typo, provider restrictions... > > HTH. > Jérôme. Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] "Your message is not signed with DKIM"
Good afternoon! Is it planned to support DKIM in (I mean built-in) Courier-mta? Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] From: rewrite
Thank you for your answer. Actually I am not able to write a courier filter. I've noticed than sendmail -f rewrites the From: header OR Textlocal receives it even if only MAIL FROM: <> contains the specified address. So now you can send me an SMS! s...@szepe.net All the best wishes to you! Idézem/Quoting Bowie Bailey <bowie_bai...@buc.com>: > On 10/26/2015 1:21 PM, Szépe Viktor wrote: >> Good afternoon! >> >> I am using an Email-SMS gateway that needs a certain "From:" address. >> Every message going to a specific account (s...@szepe.net) needs to be >> redirected to the SMS provider and From: header should be rewritten to >> a fixed one. >> >> Is it a good idea? >> >> s...@szepe.net: |/usr/sbin/sendmail -f sen...@szepe.net >> 12345special-sms-addr...@textlocal.co.uk >> >> I think a simple alias does not change the message's content. > > I would do that from a .courier or .mailfilter file rather than an alias. > > I had to do something similar for almost the exact same reason. In my > case, I also needed to change the info in the From and To headers before > the email would go through. I wrote a small Perl script to modify the > message and re-submit it to the server. > > The user's .mailfilter delivery line looks like this: > > to "| /home/mailuser/sendtext.pl" > > There are also a few checks in there to filter out any non-local mail > that might find its way to the mailbox. > > If you don't need to change the existing email headers, you could use > your sendmail line from above in place of the perl script. > > -- > Bowie > > -- > _______ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] From: rewrite
Good afternoon! I am using an Email-SMS gateway that needs a certain "From:" address. Every message going to a specific account (s...@szepe.net) needs to be redirected to the SMS provider and From: header should be rewritten to a fixed one. Is it a good idea? s...@szepe.net: |/usr/sbin/sendmail -f sen...@szepe.net 12345special-sms-addr...@textlocal.co.uk I think a simple alias does not change the message's content. Please help me. Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] defaultdomain is not in locals
Good morning! Could you please help me. $ cat defaultdomain olm.hu And the default domain is not a local domain $ cat locals localhost web.olmunkaido.hu Now every program alias (piping) goes bad: a...@othervirtdomain.hu: |/usr/local/bin/process.sh causes: courieresmtpd: error,relay=:::95.140.33.67,from=<vik...@szepe.net>, to=<a...@othervirtdomain.hu>: 550 User <.xalias/an@othervirtdomain+2...@olm.hu> unknown Is there a way to get around it? Thank you! Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- Full-scale, agent-less Infrastructure Monitoring from a single dashboard Integrate with 40+ ManageEngine ITSM Solutions for complete visibility Physical-Virtual-Cloud Infrastructure monitoring from one console Real user monitoring with APM Insights and performance trend reports Learn More http://pubads.g.doubleclick.net/gampad/clk?id=247754911=/4140 ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] defaultdomain is not in locals
Thank you for our answer. This server was set up with the default domain in the hosteddomains file. Now I need to do program aliases (piping for couriersrs). It seems a program alias only works when the default domain is in the locals file - thus courier strips off the domain part of those addresses before looking up users. How it is possible to keep the default domain in the hosteddomains file and do program aliases like: a...@othervirtdomain.hu: |/usr/sbin/couriersrs forwar...@addr.ess Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>: > Szépe Viktor writes: > >> Good morning! >> >> Could you please help me. >> >> $ cat defaultdomain >> >> olm.hu >> >> And the default domain is not a local domain >> >> $ cat locals >> >> localhost >> web.olmunkaido.hu >> >> Now every program alias (piping) goes bad: >> >> a...@othervirtdomain.hu: |/usr/local/bin/process.sh >> >> causes: >> >> courieresmtpd: error,relay=:::95.140.33.67,from=<vik...@szepe.net>, >> to=<a...@othervirtdomain.hu>: 550 User >> <.xalias/an@othervirtdomain+2...@olm.hu> unknown >> >> >> Is there a way to get around it? >> Thank you! > > It is unclear what your intentions are. Generally, the domain listed > in the defaultdomain must be listed either in locals, or in > hosteddomains. Either your defaultdomain setting is wrong, or your > locals/hosteddomains is wrong, but only you can figure out which one > is wrong, since only you know what your mail server needs to do with > any given domain. > > See the courier(8) man page for the description of what each > configuration file does. See the makealiases(8) man page for the > description of how aliases are to be configured. As described in the > courier(8) man page, makealiases must be rerun after changing > defaultdomain, or several other configuration files. You need to > review the documentation in courier(8), for each configuration file > you're using. Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] SSL23_GET_CLIENT_HELLO
Could you help me what does it mean? esmtpd-ssl: couriertls: connect: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request esmtpd-ssl: couriertls: connect: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request A bot is trying to access an SMTP port with a HTTP request? Thank you. v0.65.0 Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] ESMTP_TLS_VERIFY_DOMAIN failure
Thank you! openssl s_client -crlf -CAfile /etc/ssl/certs/ca-certificates.crt -connect smtp.mandrillapp.com:587 -starttls smtp says: Verify return code: 0 (ok) Maybe openssl does not resolve the CNAME but validates the certificate to smtp.mandrillapp.com Idézem/Quoting Sam Varshavchik mr...@courier-mta.com: Szépe Viktor writes: Good morning! Mandrill has a wildcard certificate: X509v3 Subject Alternative Name: DNS:*.mandrillapp.com, DNS:mandrillapp.com I've set TLS_VERIFYPEER=REQUIREPEER This is the log: 400 couriertls: Mismatched SSL certificate: CN=mandrillapp.com (expected smtp.eu-west-1.mandrillapp.com) A wildcard applies to only one level of a domain hierarchy. *.example.com matches host1.example.com, but not host1.foo.example.com Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] ESMTP_TLS_VERIFY_DOMAIN failure
Good morning! Mandrill has a wildcard certificate: X509v3 Subject Alternative Name: DNS:*.mandrillapp.com, DNS:mandrillapp.com I've set TLS_VERIFYPEER=REQUIREPEER This is the log: 400 couriertls: Mismatched SSL certificate: CN=mandrillapp.com (expected smtp.eu-west-1.mandrillapp.com) status: deferred /SECURITY=REQUIRED set, but TLS is not available status: failure /SECURITY=REQUIRED set, but TLS is not available status: failure In esmtpauthclient I have: smtp.mandrillapp.com,587 .. smtp.mandrillapp.com is a CNAME of smtp.eu-west-1.mandrillapp.com. Please advise! v0.73.1 Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] email from: #@[]
Could it be TRIPLEBOUNCE? #define TRIPLEBOUNCE#@[] /* Envelope sender on double bounces */ WHat is the meaning of its value? Idézem/Quoting Szépe Viktor vik...@szepe.net: Good morning! I'm a Courier MTA 0.65.0 user. Could you help me understand how a DSN (UNDELIVERABLE MAIL) message has from address: #@[] in the server log? The message has: Return-Path: Thank you! Log: courierd: started,id=002407EC.55BF36F8.32DA,from=,module=dsn,host=,addr=postmaster courierd: newmsg,id=00241DE2.55BF36F8.32DF: dns; localhost (localhost [127.0.0.1]) courierd: started,id=00241DE2.55BF36F8.32DF,from=#@[],module=local,host=vik...@szepe.net!!1999!1999!/var/mail/szepe.net/viktor!!,addr=viktor Headers: Delivered-To: vik...@szepe.net Return-Path: Received: from localhost (localhost [127.0.0.1]) (ftp://ftp.isi.edu/in-notes/rfc1894.txt) by szepe.net with dsn; Mon, 03 Aug 2015 12:06:08 +0200 id 00241DE9.55BF3D10.58D1 From: mailer-dae...@szepe.net To: u...@szepe.net Subject: NOTICE: mail delivery status. KOZLEMENY: A Level Allapota. Mime-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary==_courier_0 Content-Transfer-Encoding: 8bit Message-ID: courier.55bf3d10.5...@szepe.net Date: Mon, 03 Aug 2015 12:06:08 +0200 Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] email from: #@[]
Good morning! I'm a Courier MTA 0.65.0 user. Could you help me understand how a DSN (UNDELIVERABLE MAIL) message has from address: #@[] in the server log? The message has: Return-Path: Thank you! Log: courierd: started,id=002407EC.55BF36F8.32DA,from=,module=dsn,host=,addr=postmaster courierd: newmsg,id=00241DE2.55BF36F8.32DF: dns; localhost (localhost [127.0.0.1]) courierd: started,id=00241DE2.55BF36F8.32DF,from=#@[],module=local,host=vik...@szepe.net!!1999!1999!/var/mail/szepe.net/viktor!!,addr=viktor Headers: Delivered-To: vik...@szepe.net Return-Path: Received: from localhost (localhost [127.0.0.1]) (ftp://ftp.isi.edu/in-notes/rfc1894.txt) by szepe.net with dsn; Mon, 03 Aug 2015 12:06:08 +0200 id 00241DE9.55BF3D10.58D1 From: mailer-dae...@szepe.net To: u...@szepe.net Subject: NOTICE: mail delivery status. KOZLEMENY: A Level Allapota. Mime-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary==_courier_0 Content-Transfer-Encoding: 8bit Message-ID: courier.55bf3d10.5...@szepe.net Date: Mon, 03 Aug 2015 12:06:08 +0200 Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] courier-pythonfilter with Python3
Good morning! Does anyone have experience with courier-pythonfilter in Python3? Modern OS-es have Python3 as a standard package. Thank you! Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Blocking messages
Good morning! Is there a way to block mail based on: 1. reverse DNS hostname (PTR record) of the sender IP 2. From: address 3. Envelop Sender (MAIL FROM:) in Courier-MTA itself? Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] trusted mail servers
Good morning! Is there a better way to exempt emails from certain hosts from futher filtering? Now I set allow,RELAYCLIENT and use whitelist_relayclients.py. It is OK for other servers that use this server as a smarthost. But I think it is not so good for trusted mail servers like my VPS service provider, bank, backup provider etc. Could you suggest a better way? I would use only allow in smtpaccess but there is no filter for just allow without RELAYCLIENT. Thank you. Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] trusted mail servers
Could it be that I am looking for whitelist_block.py? 192.168.2.3 allow,BLOCK Idézem/Quoting Szépe Viktor vik...@szepe.net: Good morning! Is there a better way to exempt emails from certain hosts from futher filtering? Now I set allow,RELAYCLIENT and use whitelist_relayclients.py. It is OK for other servers that use this server as a smarthost. But I think it is not so good for trusted mail servers like my VPS service provider, bank, backup provider etc. Could you suggest a better way? I would use only allow in smtpaccess but there is no filter for just allow without RELAYCLIENT. Thank you. Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] trusted mail servers
Ofcourse I am using Gordon's python-courierfilter. The filter I would like to avoid is spamassassin.py. Idézem/Quoting Sam Varshavchik mr...@courier-mta.com: Szépe Viktor writes: Good morning! Is there a better way to exempt emails from certain hosts from futher filtering? Now I set allow,RELAYCLIENT and use whitelist_relayclients.py. It is OK for other servers that use this server as a smarthost. But I think it is not so good for trusted mail servers like my VPS service provider, bank, backup provider etc. Could you suggest a better way? I would use only allow in smtpaccess but there is no filter for just allow without RELAYCLIENT. Thank you. That depends on whatever filtering script you are using. Check its documentation to see if it can be configured to do that. Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Gordon Messmer
Someone could take over this pip package I've uploaded: https://pypi.python.org/pypi/courier-pythonfilter Idézem/Quoting Lindsay Haisley fmouse-cour...@fmp.com: Has something happened to Gordon Messmer? His server at dragonsdawn.net has stopped running a web server on port 80 or 443 (although the server itself is up) and he hasn't posted to courier-users in a month and a half. He's usually on this list several times a month. His latest updates to courier-pythonfilter are, to the best of my knowledge, only available directly from his web server. -- Lindsay Haisley | UNIX is user-friendly, it just FMP Computer Services | chooses its friends. 512-259-1190 | -- Andreas Bogk http://www.fmp.com| -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Forwarding mail with SPF
Good morning! When a local address - having no local delivery - is forwarded to another mail server which strictly checks SPF, it could be that the sender's domain has -all in SPF thus it is not possible to forward that message. BTW it causes backscatter. On forwarding Courier MTA sets MAIL FROM: to the same address as in the original message's From: header (or the original MAIL FROM:, I do not know) and this - the forwarding - mail server is not on the allowed hosts' list in SPF. Could we have a new option for setting a fixed MAIL FROM: on forwarding to make forwarding possible in these cases? Thank you!! Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15utm_medium=emailutm_campaign=VA_SF ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Problem setting up pythonfilter
The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Garbled log lines
Is there a \n at the end of the line written to stderr? E.g. https://github.com/szepeviktor/courier-pythonfilter-custom/blob/master/email-correct.py#L244 Idézem/Quoting Alessandro Vesely ves...@tana.it: Every now and then log lines from a filter through stderr to syslog get intermixed. For example, this came as a single line: Jan 29 13:49:35 wmail courierfilter: zdkimfilter[31367]:INFO:zdkimfilter[31364]:drop msg,id=005DC056.54CA2C5F.7A7D: Found-Virusdrop msg,id=005DC04E.54CA2C5F.7A7C: Found-Virus Would it work better if the filter sent lines to syslog directly? Ale -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Error reading ACLs for : Invalid argument
This turned out to be an Outlook 2007 bug.
There was an empty line in courierimapsubscribed.
Please consider mentioning it somewhere.
#!/bin/bash
#
# Find 'courierimapsubscribed' files with an empty line.
# Could be a weekly cron job.
#
# SOURCE
:https://www.howtoforge.de/forum/threads/courier-imapd-fehlermeldung-error-reading-acls-for-invalid-argument.3768/#post-27735
MAIL_BASE=/var/mail
for CISSD in $(find $MAIL_BASE -type f -name courierimapsubscribed
-exec grep -l '^$' \{\} \;); do
echo Empty subscription: ${CISSD} 2
# correct it
sed -i '/^$/d' $CISSD
done
Idézem/Quoting Szépe Viktor vik...@szepe.net:
Good morning!
I've read in an old thread that stock Debian /var/mail is for mboxes
not for Maildirs.
My permissions are:
ls -ld /var/mail/szepe.net/viktor/Maildir/new/
drwx-- 2 virtual virtual 208896 Jan 19 16:22
/var/mail/szepe.net/viktor/Maildir/new/
ls -ld /var/mail/szepe.net/viktor/Maildir
drwx-- 31 virtual virtual 4096 Jan 19 16:21
/var/mail/szepe.net/viktor/Maildir
ls -ld /var/mail/szepe.net/viktor
drwxr-s--- 3 virtual virtual 4096 Feb 17 2011 /var/mail/szepe.net/viktor
ls -ld /var/mail/szepe.net
drwxr-s--- 7 virtual virtual 4096 Nov 27 20:39 /var/mail/szepe.net
ls -ld /var/mail
drwxrwsr-x 11 daemon daemon 4096 Jan 19 13:48 /var/mail
id virtual
uid=1999(virtual) gid=1999(virtual) groups=1999(virtual)
Could you help me find the cause of these messages:
Jan 19 15:36:20 szerver imapd-ssl: Error reading ACLs for : Invalid argument
I only get these in the syslog for *one* specific user. All users have
the same permissions/other settings.
Could it be her mail client?
Szépe Viktor
--
+36-20-4242498 s...@szepe.net skype: szepe.viktor
Budapest, XX. kerület
--
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Szépe Viktor
--
+36-20-4242498 s...@szepe.net skype: szepe.viktor
Budapest, XX. kerület
--
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] kitchen sink
Thank you! I realized a local user account is necessary. # cat $HOME/.courier |/bin/true Idézem/Quoting Sam Varshavchik mr...@courier-mta.com: Szépe Viktor writes: Is there a way to drop (as in iptables) mail for certain addresses (not for an entire domain), so do receive it but do not save it anywhere? I would prefer a solution without a local user. Thank you! See the description of $sysconfdir/aliasdir in the dot-courier man page. Install a $sysconfdir/aliasdir/.courier-mailboxname file that does nothing. Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Error reading ACLs for : Invalid argument
Good morning! I've read in an old thread that stock Debian /var/mail is for mboxes not for Maildirs. My permissions are: ls -ld /var/mail/szepe.net/viktor/Maildir/new/ drwx-- 2 virtual virtual 208896 Jan 19 16:22 /var/mail/szepe.net/viktor/Maildir/new/ ls -ld /var/mail/szepe.net/viktor/Maildir drwx-- 31 virtual virtual 4096 Jan 19 16:21 /var/mail/szepe.net/viktor/Maildir ls -ld /var/mail/szepe.net/viktor drwxr-s--- 3 virtual virtual 4096 Feb 17 2011 /var/mail/szepe.net/viktor ls -ld /var/mail/szepe.net drwxr-s--- 7 virtual virtual 4096 Nov 27 20:39 /var/mail/szepe.net ls -ld /var/mail drwxrwsr-x 11 daemon daemon 4096 Jan 19 13:48 /var/mail id virtual uid=1999(virtual) gid=1999(virtual) groups=1999(virtual) Could you help me find the cause of these messages: Jan 19 15:36:20 szerver imapd-ssl: Error reading ACLs for : Invalid argument I only get these in the syslog for *one* specific user. All users have the same permissions/other settings. Could it be her mail client? Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
