[courier-users] another howto: Courier IMAP and Postfix MTA with LDAP
Over the winter holiday, I updated/rewrote a Debian centric how-to. The old how-to used virtual users, LDAP, and the Postfix MTA with Courier IMAP. It was sloppy. The new how-to is better organized. The how-to uses the Postfix local delivery agent for mail, Courier Maildrop for quotas, and Courier IMAP with LDAP for mail access. It provides directions in a 'step-by-step' manner. It would be good for people that want to setup Courier with the Postfix MTA. Suggestions, Comments, and corrections would be greatly appreciated. Although the how-to does allow people without much experience to setup a mail-server, it is still missing a TLS section for OpenLDAP, Courier, and Postfix if anybody want to contribute, I will add you as the co-author. HTML FORMAT: http://annapolislinux.org/docs/plc/postfix-courier-howto.html PDF FORMAT: http://annapolislinux.org/docs/plc/postfix-courier-howto.pdf -- --- *Theodore Knab *Washington College *Systems Engineer/ Systems Security *Maryland, USA --- --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] scalability
I have a Courier-IMAP setup and a Postfix MTA with 3404 accounts on a dual IBM Netfinity type 8665-R6Y. The server is only a dual 700Mhz machine with 7GB of RAM and a 100GB RAID volume for IMAP mail. Yet, 1700 people use it daily. Between 195-240 users are simultaneously connected between regular hours. 1.5-2GB of mail is processed daily. Most users use a webmail client, Squirrelmail, to read mail. The mail system has been up for 1.5 years. I use Rsync to backup the mail daily. It take an hour to sync all the accounts. Courier works great and it was fairly easy to setup. Postfix also works great and never loses a message. But, Postfix is a bit of a resource hog. The only complaint I have is that when mass mailings come in, the Postfix MTA spawns multiple child processes and locks many of the maildirs resulting in file-locking delays. Webmail users will not notice the delays. However, regular mail clients have to wait for the locking delays to pass. I am using the ext3 with default journaling on my 100GB volume. I think the ext3 journaling is causing the occasional locking delays. Ext3 does not seem to very well with Maildir directories ext2 and XFS are probably better suited for the job. On 03/11/03 23:58 -0600, Richard Houston wrote: Hi all, I am looking at putting a courier IMAP server in to production with a large amount of users, over 1000, in the near future. I have be asked a fer time as to how many users can the courier system handle. I will be using postfix and courier-imap. Could I ask a few of you let me know how big you installs are and how well they perform so I can give the management some examples. Thanks very much, any input is greatly appreciated. -- Thanks Richard Houston R.L.H. Consulting www.rlhc.net --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users -- --- *Theodore Knab *Washington College *Systems Engineer *Maryland, USA --- perl -ne'chomp;$a.=packh*,$_;END{print\n$a\n\n}'RM 940216d602160236869636b656e6e2a0 --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courier/RAV/Spamassassin w/ Razor processing
Delays are better than timeouts. ;-) But look at the /etc/courier/maildroprc if you have one. You might want to lower your maildrop lock-timeout if it is high. You also might also want to only have SPAM assassin chop up the little files. Some large attachments might slow things down. For example, I use this maildroprc on my test server. import SENDER import RECIPIENT import HOME #my variables MAILBOX=$HOME/Maildir #default mailbox to use overrides system variable DEFAULT=$MAILBOX MAILDIRQUOTA=$MAILBOX/maildirsize LOGDIR=/var/log logfile $LOGDIR/maildrop.log RULES = $MAILBOX/.mailfilter LOCKTIMEOUT=2 # #SPAM ASSASSIN is only called if the message is smaller than 26Kb if ($SIZE 26624) { exception { xfilter /usr/bin/spamassassin #xfilter /usr/bin/spamc } } #if the message is tagged as Spam put it #into the SPAM MAILBOX otherwise ***LEAVE IT #ALONE FOR THE LOCAL CONFIG TO DELIVER*** if (/^Subject: Test/ ) { to $DEFAULT/.Trash/ } if (/^X-Spam-Flag: *YES/) { exception { to $DEFAULT/.Spam/ } } On 25/10/03 14:18 -0700, Colin Dick wrote: Hi all, I am still having local delivery delay issues. Here is brief description of my system: MySQL 3.23.56 courier-mta 0.42.2 with mysql auth courier imap with mysql auth courier pop3d with mysql auth RAV antivirus 8.4 Spamassassin 2.55 Razor 2.36 approximately 1100 customers Intel(R) Pentium(R) 4 CPU 1.60GHz cpu MHz : 1615.935 hda: 156301488 sectors (80026 MB) w/2048KiB Cache, CHS=9729/255/63, UDMA(100) [EMAIL PROTECTED] cdick]# cat /proc/meminfo total:used:free: shared: buffers: cached: Mem: 924430336 915738624 86917120 121597952 469168128 Swap: 534601728 91127808 443473920 MemTotal: 902764 kB RAV does not appear to be the issue as mail is getting through the input process. When local deliveries are attempted, I am calling maildrop from the .courier file. Maildrop uses the following .mailfilter recipe: xfilter /usr/bin/spamc if (/^X-Spam-Flag: YES/) { to ./Maildir/.xspam/ } I have worked with Sam for a couple of hours and implemented some of his suggestions. The problem still seems to exist and seems to be memory related (ie: when I get into using SWAP, local deliveries slow down). My question is, should my configuration be able to support 1100 customers effectively? Or are the 24 hour delays expected due to spamassassin having to process each message. I suspect a potential memory leak somewhere which would explain why I am running into SWAP. Does anyone have a similar setup? Have you also found delays with your mail? I have two suggestions left to implement. One is to move mysql to a remote machine. The second is to try my hand a load balancing a couple of servers. I have already built another machine and am in the process of porting many users to it. However, I am afraid that as I load this new server up, I will run into the same issues. Once I have a load balancing solution in place, adding new machines to the config shouldn't be difficult, however, if there is something fundamental I am missing, it will save me from having to buy a new server for the cluster every few months. Thoughts, suggestions? Thanks in advance for any info you can supply that might be of relevance to me. Have a good day. -- Colin Dick OCIS Admin --- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users -- --- *Theodore Knab *Washington College *Maryland, USA --- perl -ne'chomp;$a.=packh*,$_;END{print\n$a\n\n}'RM 940216d602160236869636b656e6e2a0 --- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] slapd 2.22 problems with Courier IMAP authdeamon
I am an OpenLDAP, Postfix MTA, Courier IMAP user. Does my version of the Courier authdaemon work with the new version of LDAP or do I need to upgrade ? On my test server, I recently upgraded my OpenLDAP server to slapd 2.1.22 [ Open LDAP Server]. This seems to have broke some things. My versions of Courier IMAP are from Debian Serge: ii courier-authda 0.39.1-1 Courier Mail Server authentication daemon ii courier-base 0.39.1-1 Courier Mail Server Base System ii courier-debug 0.39.1-1 Debugging Tools for Courier Mail Server ii courier-doc0.39.1-1 Documentation for the Courier Mail Server ii courier-imap 1.5.1-1IMAP daemon with PAM and Maildir support ii courier-ldap 0.39.1-1 LDAP support for Courier Mail Server Logs and errors: restart authdaemon Jul 22 16:22:21 annapolislinux authdaemond.ldap: authdaemon: modules=authldap, daemons=5 Jul 22 16:22:21 annapolislinux authdaemond.ldap: authdaemon: modules=authldap, daemons=5 run debug test annapolislinux:/home/1000# courierauthtest tjk Temporary authentication failure from module authdaemon Authentication FAILED! Jul 22 16:22:36 annapolislinux authdaemond.ldap: ldap_simple_bind_s failed: Can't contact LDAP server -- *Theodore Knab *Washington College *Maryland, USA * --- --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] ~/Maildir/.Trash for the obsessive compulsive
Although I believe that my trash is being emptied, some do not. When someone who uses our mail-server complains that their mail is not being deleted, I manually deleted their trash. This takes time. I would like to force expunge all trash once a week. This would save me and many others the headache of listening to all but the most detail oriented of the obsessive compulsive users. My only other option would be something like this: #!/usr/bin/perl #filename: clean_trash.pl #warning: use at your own risk this has not been tested. use strict; die Delete this if you want to run this dangerous program.\n; open( DIRECTORY, '', passwd.file ) || die (file not found $!\n); foreach (DIRECTORY) { chomp; my ( $uid, $uidnum, $gidnum, $path ) = ( split ( /:/, $_ ) )[ \ 0,2,3,5]; if ( ( $uidnum 1000 ) ( $uid ne nobody ) ) { my $trashdir = $path\/Maildir\/.Trash\/.cur; if ( -d $trashdir ) { print changing to $trashdir\n; chdir($trashdir); print deleting trash\n; system(/bin/rm *imap*); } } } -- *Theodore Knab *Washington College * --- --- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing more. Download eval WebKing and get a free book. www.parasoft.com/bulletproofapps1 ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courier and LDAP question
It depends on what you setup in your authldaprc. My authldaprc file holds the following parameters: LDAP_SERVER noipee.mycoll.edu LDAP_PORT 389 LDAP_BASEDN ou=accounts,dc=mycoll,dc=edu LDAP_BINDDN cn=courier,dc=mycoll,dc=edu LDAP_BINDPW secret LDAP_TIMEOUT15 LDAP_MAIL mailAlternateaddress LDAP_FILTER (accountStatus=active) LDAP_DOMAIN mycoll.edu LDAP_GLOB_GID vmail LDAP_HOMEDIRhomeDirectory LDAP_MAILDIRmailMessageStore LDAP_MAILDIRQUOTA maildirQuota LDAP_FULLNAME cn LDAP_CRYPTPWuserPassword LDAP_UIDuidNumber You can setup LDAP anyway you like. Courier is pretty flexible also. For example I am using both the qmailUser schema with the Couriermailaccount class with a Postfix MTA. This flexibility makes things complicated. Although you can set it up anyway you please within limits, mine has a bad key value. It would be better to key it by a number like the uid number. For example this would be better for a key incase someone changes their name: dn: uidNumber=1100,ou=accounts,dc=mycoll,dc=edu I have something like this stored in my accounts.ldif: dn: uid=tknab2,ou=accounts,dc=mycoll,dc=edu creatorsName: cn=admin, dc=mycoll, dc=edu createTimestamp: 20020507161220Z uidNumber: 1100 gidNumber: 1001 mailHost: imap.mycoll.edu homeDirectory: /var/imap/mycoll/tknab2 mailMessageStore: /var/imap/mycoll/tknab2/Maildir mailbox: tknab2/Maildir/ objectClass: qmailUser objectClass: CourierMailAccount mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] mailAlternateAddress: [EMAIL PROTECTED] accountStatus: active cn: T Knab uid: tknab2 userPassword: {md5} secret= deliveryMode: normal mailReplyText: This is a test\r. mailQuota: 9216S mailForwardingAddress: [EMAIL PROTECTED] modifiersName: uid=tknab2,ou=accounts,dc=mycoll,dc=edu Since you already got your data in pam, you might want to look at the nis.schema, it has fields for userPassword $ loginShell $ gecos $ description, which are found in the /etc/passwd and /etc/shadow file. On Fri, Mar 28, 2003 at 12:43:21PM -0500, Russell Premont wrote: I am looking to migrate courier over to LDAP from pam. What fields does courier use for user info. Is it cn=username or would it be userid, and does courier use the homeDirectory to set the users home directory? -- *Theodore Knab *Systems Engineer *Washington College *Maryland, USA * --- *My Desk: 410-810-7419 *Fax: 410-778-7830 --- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courier and LDAP question
On Fri, Mar 28, 2003 at 02:38:08PM -0500, Russell Premont wrote: LDAP_MAILDIRmailMessageStore LDAP_MAILDIRQUOTA maildirQuota Can you tell me which schema design these are in. I cannot find them in any of the schema templates I have. objectClass: qmailUser qmail.schema http://annapolislinux.org/docs/plc/partial/ldap/schema/qmail.schema -- *Theodore Knab *Systems Engineer *Washington College *Maryland, USA * --- *My Desk: 410-810-7419 *Fax: 410-778-7830 --- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] maildrop and deliverquota warnings with Postfix MTA and Courier IMAP server
Hello, This a Maildrop,Postfix MTA,Courier IMAP question. I am using the Postfix local delivery agent with Maildrop. I am currently using kernel quotas for virtual users. It has caused some problems, so I am now testing maildrop with deliverquota on another server. I have read through a lot of different documentation and I am getting confused. Where does the deliverquota command spawn ? Does this command come from the MTA or the the Courier IMAP server ? I have maildrop quotas style working on my test machine, but the quota warning messages are not being generated when I log in. For example, I went over quota yesterday. I never got a quota warning, which usually creates a tiny file telling Courier that a warning message was sent. [EMAIL PROTECTED]:~/Maildir$ ls -la total 60 drwx--S--- 11 tjk vmail4096 Mar 3 14:54 . drwx--S--- 54 tjk vmail8192 Mar 3 23:59 .. drwx--S---5 tjk vmail4096 Feb 27 11:29 .Bounced drwx--S---5 tjk vmail4096 Feb 28 22:34 .Drafts drwx--S---5 tjk vmail4096 Mar 3 10:30 .Helpful drwx--S---5 tjk vmail4096 Mar 3 14:55 .Large drwx--S---5 tjk vmail4096 Mar 1 00:57 .Sent drwx--S---5 tjk vmail4096 Mar 3 14:44 .Trash -rw-r--r--1 tjk vmail 76 Mar 3 14:54 courierimapsubscribed -rw---1 tjk vmail2120 Mar 4 09:46 courierimapuiddb drwx--S---2 tjk vmail4096 Mar 4 09:53 cur -rw-r--r--1 tjk vmail 51 Mar 4 10:02 maildirsize drwx--S---2 tjk vmail4096 Mar 4 10:02 new drwx--S---2 tjk vmail4096 Mar 4 10:02 tmp See maildrop quotas work... ;-) Mar 3 15:27:05 annapolislinux postfix/local[29995]: C158314837: to=[EMAIL PROTECTED], relay=local, delay=0, status=bounced (permission denied. Command output: Mail quota exceeded. ) I raised them. [EMAIL PROTECTED]:~/Maildir$ maildirmake.courier -q 200S ../Maildir My /etc/courier/maildroprc file looks like this it should be send me a warning message at 65 percent: cat /etc/courier/maildroprc MAILBOX=$HOME/Maildir MAILDIRQUOTA=$MAILBOX/maildirsize | /usr/bin/deliverquota -w 65 $MAILBOX I also have courier using authldaprc where it poles a number for the mailqouta off the local ldap server. This number may be different. In my Postfix main.cf I have this parameter which is working. mailbox_command = /usr/bin/maildrop -d $USER -- *Theodore Knab *Systems Engineer *Washington College *Maryland, USA * --- *My Desk: 410-810-7419 *Fax: 410-778-7830 --- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courier-LDAP - general question
Squirrel mail seems easy to install, but it seems to be sluggish with Apache-SSL 1.3.x. Hu? It is on my future plans, can you tell more? If you can, it would be best to setup 2 web-mail servers for redundancy and higher availability. Patches to Squirrel-mail can be problematic. Expect the unexpected. As for your system, ideally Apache 2.x with the latest stable version of PHP4 would probably result in the best performance and stability with Squirrel-mail. I am running Apache-SSL 1.3.x from a Debian Sarge Package and it seems clunky under a heavy load. Although it doesn't crash, it does slow down, to the point users notice the 1-2 second delays for imap requests. During the week, 1400 unique people use my web-mail server. Linux web-mail 2.4.19 #1 SMP Fri Oct 18 14:53:01 EDT 2002 i686 Intel(R) Pentium(R) III CPU family 1133MHz Genuine-Intel GNU/Linux I hit this around 10am and 11am Monday through Friday CPU usage is 100% on both CPU's. When I do a top, each of the apache processes seems to range from .5% to 80% depending on what the users are doing. If I could redo everything and we had the budget, I would have 2 servers behind a linux virtual server doing round robin load balancing. -- *Theodore Knab *Systems Engineer *Washington College *Maryland, USA --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Courier-LDAP - general question
Right now, i'm using Postfix/Mysql/Cyrus/Squirrelmail, but want to move to better stuff, specifically LDAP and Maildirs. I have both LDAP and Maildirs. The Courier developer[s] did a much better job with the LDAP auth module than the Cyrus people did when I was testing the 2. Additionally, Courier was easier to setup with LDAP. I've done lots of SQL stuff, but this is my first major research into LDAP.. I've been playing with some tools using the qmail.scheme stuff (qldapadmin), and i'm debating on adapting them. I guess you will be ok then. I am using the qmail.schema with postfix. It sounds like a hack, but it works. Yeah, file system quotas aren't all that useful if i'm going to do a full virtual-user system. I am using virtual-users but I also store uids and the local delivery agent. Thus, I guess my system is a hybrid virtual system. One thing I seem to have missed, is an example of where you've got multiple domains, possibly with multiple domains pointing to the same mailboxes.. I am not using virtual domains in LDAP. This may have been a bad design choice. Here are some links of people that documented how to do it: http://www.bastard.net/~kos/mailrouter/ http://jamm.sourceforge.net/howto/html/implementation.html -- *Theodore Knab *Systems Engineer *Washington College *Maryland, USA * --- --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Backing up Maildirs
Rsync seems like a very efficient way to back up mail shares. Rsync can be configured to backup only the changes on the mailboxes. Does anyone have an example rsync backup script that they would be willing to share ? If someone helps me with RSYNC, I can assist with LDAP. I am using the following services on our mail system: Postfix - Postfix/Courier \ / | LDAP-Squirrelmail You'll probably want to use rsync - man rsync for details. -- * *T Knab * *Washington College * *Maryland, USA * * --- This SF.NET email is sponsored by: Take your first step towards giving your online business a competitive advantage. Test-drive a Thawte SSL certificate - our easy online guide will show you how. Click here to get started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] mounting imap directory with noatime
In an effort to squeeze a little more write performance out of the drives on my Courier IMAP server I mounted the IMAP partition using the noatime flag. This flag increases performance because the drive does not have to update the inode time of every file touched. Will this cause problems with courier's auto delete feature ? IMAP_EMPTYTRASH=Trash:2 tknab2@imap:~$ mount /dev/sda5 on /var/imap type ext3 (rw,noexec,nosuid,nodev,noatime,data=journal,usrquota,grpquota) /dev/sdb8 on /var/spool type ext3 (rw,noatime,data=journal) -- * *Theodore Knab * *Systems Engineer [Linux] * *Washington College * *Maryland, USA * * --- * *My Desk: x7419 * *Fax: 410-778-7830 * * --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Need help about maildir format
1. How do i can setup Send Items folder,which copy send email automatic to this folder-on server(in maildir format) Use vacation as an auto responder. http://packages.debian.org/testing/mail/vacation.html http://www.udel.edu/topics/e-mail/vacation-only.html 2. Can u recommend program Webmail,which access maildir via IMAP protocol. I recommend squirrelmail or silkymail. - squirrelmail is free and very good http://www.squirrelmail.org/screenshots.php - silkymail is a derivitive of imp http://demo.silkymail.com/silkymail/imp/adv_login.php3?language=en -- * *Theodore Knab * *Systems Engineer [Linux] * *Washington College * *Maryland, USA * * --- * *My Desk: x7419 * *Fax: 410-778-7830 * * --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Need help about maildir format
1. How do i can setup Send Items folder,which copy send email automatic to this folder-on server(in maildir format) Sorry, I misread your question. This is a client configuration normally. But, your courier/imap config file should allow you to force copies of all sent imap mail to the box. Note, if you do this on the server make sure that users do not set their client up to put messages in the sent mail folder. Otherwise, they will get 2 copies. ##NAME: OUTBOX:0 # # The next set of options deal with the Outbox enhancement. # Uncomment the following setting to create a special folder, named # INBOX.Outbox # OUTBOX=.Sent -- * *Theodore Knab * *Systems Engineer [Linux] * *Washington College * *Maryland, USA * * --- * *My Desk: x7419 * *Fax: 410-778-7830 * * --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] ERROR: You have an incompatible existing mail filter, contact your system administrator
Is this just for the web admin client ? I use PERL to administrate my mailboxes. I also need to impose quotas of various sizes. I was going to write a tiny script that checks the LDAP quota and the gets the LDAP homeDir and writes the .mailfilter file in the /virtual_users_home/Maildir. Will this work ? How does it know it didn't create it? Sam said It looks for certain magic keywords that it generates in its own filters. I want to impose a quota - so I made the .mailfilter in /etc/skel so when I make a new user it's done Or is that not the way to achieve this goal? Sam said This is a somewhat of a chicken vs an egg problem. Sam said What you need to do is create a temporary .mailfilter file with your quota, Sam said deliver a single message, remove that message, remove the .mailfilter file, Sam said log into sqwebmail, go to the filter screen, and save an empty filter. Sam said You'll wind up with a stub .mailfilter file. Install the stub .mailfilter Sam said file into /etc/skel. -- * *Theodore Knab * *Systems Engineer [Unix] * * --- * * ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] diferent pop and imap authentication
This sounds like a bad design that is going to cause an administrative headache in the near future. If you use the qmail.schema, you can specify the type of account the user has access to. qmail.schema ... attributetype ( 1.3.6.1.4.1.7006.1.2.1.12 NAME 'accountStatus' DESC 'The status of a user account: active, nopop, disabled' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) ... You might want reasses why you are doing it. On Mon, Apr 22, 2002 at 03:16:28PM +0100, [EMAIL PROTECTED] wrote: Hi, I have a server running Courier-imap and using LDAP authentication (authdaemon.ldap). Now I want to give access to POP3 using a diferent authentication criteria but using the same LDAP tree. Is this possible using Courier? I have only one configuration file for LDAP authentication. Is there any way to connect the pop server to another authdaemon? -- * *Theodore Knab * *Systems Engineer [Unix] * * --- * *My Desk: x7419 * *Fax: 410-778-7830* * ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] courier-(imap|pop) ldap
Everything looks ok. From what you showed, it should work. Of course, you would need show your LDAP account entry to really tell. ;-) The only thing that may be an issue is the fact you appear to be using LDAP_CRYPTPW. If your password is not formated properly ( {CRYPT}Z5V4Fa or {MD5}394569304823 ), in the LDAP directory, Courier won't allow you in. You might want to try using a clear-text password using the LDAP_CLEARPW clearPassword entry. Hope this helps isolate the problem. ;-) I've been struggling with getting courier-imap to authenticate against ldap. Or, more accurately, finding out what's happening. I'm using qmail as the mta, which is delivering mail normally (well, almost, but that's another issue). Here are some relevant entries from authldaprc: LDAP_SERVER localhost LDAP_PORT 389 LDAP_BASEDN dc=wedgeweed,dc=org LDAP_BINDDN cn=courier,dc=wedgeweed,dc=org LDAP_BINDPW plain text, corresponding to crypt userPassword for cn=courier,dc=wedgeweed,dc=org LDAP_TIMEOUT5 LDAP_AUTHBIND 0 (or 1, i've tried both and neither work) LDAP_MAIL mail LDAP_DOMAIN wedgeweed.org LDAP_GLOB_UID vmail LDAP_GLOB_GID vmail LDAP_HOMEDIRmailMessageStore LDAP_MAILDIRmailMessageStore LDAP_CRYPTPWuserPassword LDAP_DEREF never LDAP_TLS0 When I try to connect to the pop server, I provide the correct username and password, but the auth is refused, and the logs just have the following: Apr 22 22:17:37 chavez courierpop3login: Connection, ip=[:::127.0.0.1] Apr 22 22:17:46 chavez courierpop3login: LOGIN FAILED, ip=[:::127.0.0.1] Apr 22 22:17:47 chavez courierpop3login: Disconnected, ip=[:::127.0.0.1] The same happens for imap. I've tried to turn on OpenLDAP (2.0.34)'s logging, but nothing is showing up (this applies to all ldap lookups, even those that work -- any ideas for turning this on? the '-s' option didn't work...). This is one of the last things that's stopping my setup from working, and it would be really great to have it all finished. ;-) -- * *Theodore Knab * *Systems Engineer [Unix] * * --- * *My Desk: x7419 * *Fax: 410-778-7830* * ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] maildir logic
My setup works, but I am worried that this might cause problems. I setup my Courier IMAP to use the following dir. LDAP_MAILDIRmailmessagestore LDAP_HOMEDIRmailmessagestore mailMessageStore: /var/imap/mycoll/user2 homeDirectory: /dev/null What this be the proper way to setup courier directories ? mailMessageStore: /var/imap/mycoll/user2/Maildir/ homeDirectory : /var/imap/mycoll/user2/ or would this be ? mailMessageStore: /var/imap/mycoll/user2/Maildir homeDirectory : /var/imap/mycoll/user2 -- * *Theodore Knab * * ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] LDAP maildir and homedir using
I am using Luc Saillard's example file for creating my Ldap mailaccount entries. These Ldap entries use the authldap.schema. With using Luc's example, I was having trouble with the maildir entry. Authentication would not work unless the LDAP_MAILDIR was defined in the authldaprc. I wondering if this would be the proper way to implement the maildir in the authldaprc ? It works, but I am worried if it may cause problems ? /etc/courier/authldaprc # is this OK or could it cause problems ? LDAP_HOMEDIRhomeDirectory LDAP_MAILDIRhomeDirectory # end of question LDAP_SERVER 192.146.1.115 LDAP_PORT 389 LDAP_BASEDN ou=mailaccounts,dc=mycoll,dc=edu LDAP_BINDDN cn=courier,dc=mycoll,dc=edu LDAP_BINDPW mysecret LDAP_TIMEOUT10 LDAP_MAIL mail LDAP_DOMAIN mycoll.edu LDAP_GLOB_UID vmail #maps to uid 1001 LDAP_GLOB_GID vmail #maps to gid 1001 LDAP_MAILDIRQUOTA Quota LDAP_FULLNAME cn LDAP_CLEARPWclearPassword LDAP_CRYPTPWuserPassword Luc's Example: dn: [EMAIL PROTECTED], o=example, c=com ObjectClass: CourierMailAccount mail: [EMAIL PROTECTED] mail: xyz123 clearPassword: tux userPassword: {MD5}WrbkuYvH+3FvwH7Zj+34Ag== homeDirectory: /home/xyz123 uidNumber: 1001 gidNumber: 1001 My version: -- dn: [EMAIL PROTECTED],ou=mailaccounts, dc=mycoll, dc=edu objectclass: couriermailaccount mail: [EMAIL PROTECTED] mail: useradmin2 cn: mail user admin uidNumber: 1001 gidNumber: 1001 homedirectory: /home/staff/useradmin2 quota: 10M clearpassword: useradmin2 description: courier user admin no shell account dn: [EMAIL PROTECTED],ou=mailaccounts,dc=mycoll,dc=edu objectclass: couriermailaccount cn: test t. tinker homedirectory: /home/staff/tester1 mail: [EMAIL PROTECTED] mail: tester1 uidNumber: 1001 gidNumber: 1001 quota: 10M clearpassword: tester1 Just incase anyone is wondering why I am defining the uid and gid with globing enabled, the authldap.schema requires it. ... objectclass ( 1.3.6.1.4.1.10018.1.2.1 NAME 'CourierMailAccount' SUP top AUXILIARY DESC 'Mail account object as used by the Courier mail server' MUST ( mail $ homeDirectory $ uidNumber $ gidNumber ) ... * *Theodore Knab * * --- * * ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] LDAP authdaemon - (authldaprc working example) with OpenLDAP v2
I had a problem with my authldaprc file I just was not able to find the problem. Thanks for your help Sam :-) This is my new authldaprc. LDAP_SERVER 209.243.37.9 LDAP_PORT 389 LDAP_BASEDN ou=mailaccounts,dc=mycoll,dc=edu LDAP_BINDDN cn=courier,dc=mycoll,dc=edu LDAP_BINDPW testsecret LDAP_TIMEOUT10 LDAP_MAIL mail LDAP_DOMAIN mycoll.edu LDAP_GLOB_UID vmail LDAP_GLOB_GID vmail LDAP_HOMEDIRhomeDirectory LDAP_MAILDIRhomeDirectory LDAP_MAILDIRQUOTA Quota LDAP_FULLNAME cn LDAP_CLEARPWclearPassword LDAP_CRYPTPWuserPassword I found this problem difficult to troubleshoot because no error was given: Comment #MAIL_DIR and restart authdaemon and the client will compain that the connection was reset, but the logs simply display that a connection was made. No error is given. Apr 12 15:41:23 imap imaplogin: Connection, ip=[:::192.146.226.81] Apr 12 15:41:27 imap imaplogin: LOGIN, user=tester1, ip=[:::192.146.226.81] When just the #LDAP_HOME_DIR is commented, the same thing happens on the client side, but the log has meaning. Apr 12 15:45:33 imap imaplogin: Connection, ip=[:::192.146.226.81] Apr 12 15:45:33 imap imaplogin: chdir: No such file or directory -- * *Theodore Knab * * ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Troubleshooting authdaemon
I am troubleshooting the ldap authdaemon. I need some help. Maybe just a second set of eyes: ;-) I am using the following Debian packages: ii courier-authda 0.37.3-2 Courier Mail Server authentication ii courier-base 0.37.3-2 Courier Mail Server Base System ii courier-debug 0.37.3-2 Debugging Tools for Courier Mail ii courier-doc0.37.3-1 Documentation for the Courier Mail ii courier-imap 1.4.3-2IMAP daemon with PAM and Maildir ii courier-imap-s 1.4.3-1IMAP daemon with SSL, PAM and Maildir ii courier-ldap 0.37.3-2 LDAP support for Courier Mail Server rc courier-maildr 0.37.3-2 Mail delivery agent with filtering ii courier-pop0.37.3-2 POP3 daemon with PAM and Maildir ii courier-ssl0.37.3-1 Courier Mail Server SSL Package ii maildrop 1.3.7-2mail delivery agent with filter The following daemons are running: root 554 0.0 0.0 1436 448 ?S11:14 0:00 /usr/sbin/courierlogger imaplogin root 565 0.0 0.0 2216 696 ?S11:14 0:00 /usr/lib/courier/authlib/authdaemond.ldap start root 566 0.0 0.0 2356 1084 ?S11:14 0:00 /usr/lib/courier/authlib/authdaemond.ldap start root 567 0.0 0.0 2216 696 ?S11:14 0:00 /usr/lib/courier/authlib/authdaemond.ldap start root 568 0.0 0.0 2216 696 ?S11:14 0:00 /usr/lib/courier/authlib/authdaemond.ldap start root 569 0.0 0.0 2216 696 ?S11:14 0:00 /usr/lib/courier/authlib/authdaemond.ldap start root 570 0.0 0.0 2216 696 ?S11:14 0:00 /usr/lib/courier/authlib/authdaemond.ldap start root 592 0.0 0.0 1336 472 pts/2S11:19 0:00 grep -i courier root 551 0.0 0.0 1532 536 ?S11:14 0:00 /usr/sbin/couriertcpd -address=0 -stderrlogger=/usr/sbin/courierlogger -maxprocs=40 -maxperip=4 -pid=/var/run/courier/imapd.pid -nodnslookup -noidentlookup 143 /usr/lib/courier/courier/imaplogin /usr/lib/courier/authlib/authdaemon /usr/bin/imapd Maildir root 554 0.0 0.0 1436 448 ?S11:14 0:00 /usr/sbin/courierlogger imaplogin The tests seems to appear that everything is working on the server side, but I am getting a login failed from the client side. I am using both the netscape client and the mulberry client to test. Mulberry complains that the TCP is being reset: TCP/IP: connection reset by remote host while logining into server. Netscape complains: That it is unable to connect to server at the current location: It does exist: washmail:/home/tjk# nmap 209.243.37.154 Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ ) Interesting ports on WC-37-154.washcoll.edu (209.243.37.154): (The 1550 ports scanned but not shown below are in state: closed) Port State Service 22/tcp openssh 110/tcpopenpop-3 111/tcpopensunrpc 143/tcpopenimap2 Apr 11 11:00:18 imap-mail imaplogin: Connection, ip=[:::192.146.226.81] Apr 11 11:00:18 imap-mail imaplogin: LOGIN, user=tester1, ip=[:::192.146.226.81] Apr 11 11:06:15 imap-mail imaplogin: Connection, ip=[:::192.146.226.81] Apr 11 11:06:15 imap-mail imaplogin: LOGIN, user=tester1, ip=[:::192.146.226.81] Apr 11 11:06:18 imap-mail imaplogin: Connection, ip=[:::192.146.226.81] Apr 11 11:06:18 imap-mail imaplogin: LOGIN, user=tester1, ip=[:::192.146.226.81] Apr 11 11:07:53 imap-mail courierpop3login: Connection, ip=[:::192.146.226.81] Apr 11 11:07:53 imap-mail imaplogin: Connection, ip=[:::192.146.226.81] When I type in the wrong password, the client tells me it is wrong. Apr 11 11:13:24 imap-mail imaplogin: Connection, ip=[:::192.146.226.81] Apr 11 11:13:37 imap-mail imaplogin: LOGIN FAILED, ip=[:::192.146.226.81] Apr 11 11:13:55 imap-mail imaplogin: LOGIN, user=tester1, ip=[:::192.146.226.8 Could the name be a problem ?: imap-mail:/home/staff# cat /etc/hosts 127.0.0.1 imaplocalhost #not in dns as this 209.243.37.154 imap.washsholl.edu imap imap-mail The courier debug tool is getting this map-mail:/home/staff# courierauthtest tester1 tester1 Authenticated: module authdaemon Home directory: /home/staff/tester1 UID/GID: 1001/1001 AUTHADDR=tester1 AUTHFULLNAME=test t. tinker #syslog from remote ldap server seems to check out Apr 11 11:13:56 moe2 slapd[2852]: connection_get(20) Apr 11 11:13:56 moe2 slapd[2865]: SRCH ou=mailaccounts,dc=washcoll,dc=edu 2 0 Apr 11 11:13:56 moe2 slapd[2865]: 0 0 0 Apr 11 11:13:56 moe2 slapd[2865]: filter: ([EMAIL PROTECTED]) Apr 11 11:13:56 moe2 slapd[2865]: attrs: Apr 11 11:13:56 moe2 slapd[2865]: homeDirectory Apr 11 11:13:56 moe2 slapd[2865]: cn Apr 11 11:13:56 moe2 slapd[2865]: clearPassword Apr 11 11:13:56 moe2 slapd[2865]: userPassword Apr 11 11:13:56 moe2 slapd[2865]: mail Apr 11 11:13:56 moe2 slapd[2865]: Quota
Re: [courier-users] Troubleshooting authdaemon - ldaprc amended
Sorry, I didn't give my full authldaprc with the last post. I was missing some parts. Here is another try. On Thu, Apr 11, 2002 at 11:23:10AM -0400, Theodore J. Knab wrote: I am troubleshooting the ldap authdaemon. I need some help. Maybe just a second set of eyes: ;-) I am using the following Debian packages: ii courier-authda 0.37.3-2 Courier Mail Server authentication ii courier-base 0.37.3-2 Courier Mail Server Base System ii courier-debug 0.37.3-2 Debugging Tools for Courier Mail ii courier-doc0.37.3-1 Documentation for the Courier Mail ii courier-imap 1.4.3-2IMAP daemon with PAM and Maildir ii courier-imap-s 1.4.3-1IMAP daemon with SSL, PAM and Maildir ii courier-ldap 0.37.3-2 LDAP support for Courier Mail Server rc courier-maildr 0.37.3-2 Mail delivery agent with filtering ii courier-pop0.37.3-2 POP3 daemon with PAM and Maildir ii courier-ssl0.37.3-1 Courier Mail Server SSL Package ii maildrop 1.3.7-2mail delivery agent with filter The following daemons are running: root 554 0.0 0.0 1436 448 ?S11:14 0:00 /usr/sbin/courierlogger imaplogin root 565 0.0 0.0 2216 696 ?S11:14 0:00 /usr/lib/courier/authlib/authdaemond.ldap start root 566 0.0 0.0 2356 1084 ?S11:14 0:00 /usr/lib/courier/authlib/authdaemond.ldap start root 567 0.0 0.0 2216 696 ?S11:14 0:00 /usr/lib/courier/authlib/authdaemond.ldap start root 568 0.0 0.0 2216 696 ?S11:14 0:00 /usr/lib/courier/authlib/authdaemond.ldap start root 569 0.0 0.0 2216 696 ?S11:14 0:00 /usr/lib/courier/authlib/authdaemond.ldap start root 570 0.0 0.0 2216 696 ?S11:14 0:00 /usr/lib/courier/authlib/authdaemond.ldap start root 592 0.0 0.0 1336 472 pts/2S11:19 0:00 grep -i courier root 551 0.0 0.0 1532 536 ?S11:14 0:00 /usr/sbin/couriertcpd -address=0 -stderrlogger=/usr/sbin/courierlogger -maxprocs=40 -maxperip=4 -pid=/var/run/courier/imapd.pid -nodnslookup -noidentlookup 143 /usr/lib/courier/courier/imaplogin /usr/lib/courier/authlib/authdaemon /usr/bin/imapd Maildir root 554 0.0 0.0 1436 448 ?S11:14 0:00 /usr/sbin/courierlogger imaplogin The tests seems to appear that everything is working on the server side, but I am getting a login failed from the client side. I am using both the netscape client and the mulberry client to test. Mulberry complains that the TCP is being reset: TCP/IP: connection reset by remote host while logining into server. Netscape complains: That it is unable to connect to server at the current location: It does exist: washmail:/home/tjk# nmap 209.243.37.154 Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ ) Interesting ports on WC-37-154.washcoll.edu (209.243.37.154): (The 1550 ports scanned but not shown below are in state: closed) Port State Service 22/tcp openssh 110/tcpopenpop-3 111/tcpopensunrpc 143/tcpopenimap2 Apr 11 11:00:18 imap-mail imaplogin: Connection, ip=[:::192.146.226.81] Apr 11 11:00:18 imap-mail imaplogin: LOGIN, user=tester1, ip=[:::192.146.226.81] Apr 11 11:06:15 imap-mail imaplogin: Connection, ip=[:::192.146.226.81] Apr 11 11:06:15 imap-mail imaplogin: LOGIN, user=tester1, ip=[:::192.146.226.81] Apr 11 11:06:18 imap-mail imaplogin: Connection, ip=[:::192.146.226.81] Apr 11 11:06:18 imap-mail imaplogin: LOGIN, user=tester1, ip=[:::192.146.226.81] Apr 11 11:07:53 imap-mail courierpop3login: Connection, ip=[:::192.146.226.81] Apr 11 11:07:53 imap-mail imaplogin: Connection, ip=[:::192.146.226.81] When I type in the wrong password, the client tells me it is wrong. Apr 11 11:13:24 imap-mail imaplogin: Connection, ip=[:::192.146.226.81] Apr 11 11:13:37 imap-mail imaplogin: LOGIN FAILED, ip=[:::192.146.226.81] Apr 11 11:13:55 imap-mail imaplogin: LOGIN, user=tester1, ip=[:::192.146.226.8 Could the name be a problem ?: imap-mail:/home/staff# cat /etc/hosts 127.0.0.1 imaplocalhost #not in dns as this 209.243.37.154 imap.washsholl.edu imap imap-mail The courier debug tool is getting this map-mail:/home/staff# courierauthtest tester1 tester1 Authenticated: module authdaemon Home directory: /home/staff/tester1 UID/GID: 1001/1001 AUTHADDR=tester1 AUTHFULLNAME=test t. tinker #syslog from remote ldap server seems to check out Apr 11 11:13:56 moe2 slapd[2852]: connection_get(20) Apr 11 11:13:56 moe2 slapd[2865]: SRCH ou=mailaccounts,dc=washcoll,dc=edu 2 0 Apr 11 11:13:56 moe2 slapd[2865]: 0 0 0 Apr 11 11:13:56 moe2 slapd[2865]: filter: ([EMAIL PROTECTED]) Apr 11 11:13:56 moe2 slapd[2865]: attrs: Apr 11 11:13:56 moe2 slapd[2865]: homeDirectory Apr 11 11:13:56 moe2 slapd[2865]: cn Apr 11
Re: [courier-users] LDAP Authentication
What else can I do to see what is happening? Does anyone have any insight or suggestions ? Have you used the courierauthtest script that is part of the courier-debug package ? This will give feedback like this if it is not working: imap-mail:/home/staff# courierauthtest useradmin2 useradmin2 Temporary authentication failure from module authdaemon Authentication FAILED! imap-mail:/home/staff# courierauthtest tester1 tester1 Temporary authentication failure from module authdaemon Authentication FAILED! Then you can look in the syslog to find out why: Apr 11 16:23:21 imap-mail authdaemond.ldap: ldap_simple_bind_s failed: Invalid credentials Apr 11 16:23:57 imap-mail authdaemond.ldap: ldap_simple_bind_s failed: Invalid credentials Apr 11 16:24:42 imap-mail authdaemond.ldap: ldap_simple_bind_s failed: Invalid credentia -- * *Theodore Knab * * --- * * ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Tools for testing your IMAP setup
Is there a text based client debugger tool for IMAP that can be used to login to a server setup. I am looking for something that will Check mail. Write directories. Etc. and provide very verbose output. -- * *Theodore Knab * * --- * * ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users