Re: Howto authenticate smartPhone via Active Directory

[Steffen Kaiser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sat, 2 Dec 2017, Mark Foley wrote:


I have a Samba4 Active Directory server. Dovecot authenticates AD Users with 
domain credentials
using GSSAPI (Thunderbird client). I believe I have Dovecot set to attempt 
authentication via

 ^^ 

shadow first and. failing that, it does authenticate via GSSAPI.

Smartphones connect to Dovecot via port 143 and SSL.  They are not domain 
members so if the
shadow authentication fails, no other methods are tried and no connection is 
made.

What can I do with my dovecot config to fix this?


If you are asking about how to auth against AD with plain credentials, see 
https://wiki2.dovecot.org/AuthDatabase/LDAP


You can add another passdb {} . However, this enables any client to use 
plain credentials, incl. Thunderbird.


- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBWi4pxMQnQQNheMxiAQJeKQf/UmSsc1YRSgPAJKEjB12lJCpCX2oj8Wfd
qV9by9tyU942gNsAArBzMaSxgRWYb8yr6lmuPer0/HZJCQyExchjGgzc/HDeMJPU
uxt0dOVvY4SXmfwv+phwlDO3UvDt5sagLNNx54v8nal+OIxAZ+juAxs/NiNPTlt+
78R7TGaRj6Fxoyc/Ssf1CbCVr2ECK6m1YtJ+Jpe6Zi5FPMndx9rwWj/MMp5CW93/
UDUMM2wWoYBavzBXIEVb8Xi9n7PYJH8kdA4YILQdNrYTQR5k6XDLsKH9UYc/n216
CjktUGSC75E3zUk8a665gDJ+D/CjPfJSz/DICgkIeGAzweUfvVZk3Q==
=L5oG
-END PGP SIGNATURE-

Re: Mailsploit problem in responce of ENVELOPE

[TACHIBANA Masashi]

Hi,

Additionally, I just tried bellow:

 From: serv...@paypal.comhttps://www.hushmail.com style="display:none"\n\0...@mailsploit.com
 Reply-To: serv...@paypal.comhttps://www.hushmail.com style="display:none"\n\0...@mailsploit.com


Thanks


- Original Message -
> Hi,
> 
> Sorry, It comes by fetching ENVELOPE, not BODYSTRUCTURE.
> For example:
> 
> A01 UID FETCH 24 (ENVELOPE)
> * 4 FETCH (UID 24 ENVELOPE ("Fri, 08 Dec 2017 09:44:35 +0900" "test2" ((NIL 
> NIL "service" "paypal.com")) (("dev1" NIL "dev1-bounces" "example.com")) 
> ((NIL NIL "service" "paypal.com")) (("user1" NIL "user1" "example.com")) 
> (("dev1" NIL "dev1" "example.com")) NIL 
> "<20171206084846.478c.0...@example.com>" 
> "<20171208004435.6b4f.0...@example.com>"))
> A01 OK Fetch completed (0.000 secs).
> 
> > The metasploit generated emails contain a fake Reply-To header.  Are you
> > sure that the above isn't the Reply-To header?
> 
> I did test also Reply-To header, then had same response as above.
> 
> 
> - Original Message -
> > On Fri, Dec 08, 2017 at 18:47:37 +0900, TACHIBANA Masashi wrote:
> > > Hi,
> > > 
> > > I tried to see a mail that have a strange From header in bellow URL:
> > > 
> > > https://www.mailsploit.com/index
> > > 
> > > Then, I got BODYSTRUCTURE response contain next:
> > > 
> > > ((NIL NIL "service" "paypal.com"))
> > > 
> > > Are this problem already founded by anyone?
> > > So already fixed?
> > 
> > The metasploit generated emails contain a fake Reply-To header.  Are you
> > sure that the above isn't the Reply-To header?
> > 
> > The "FETCH 123 ENVELOPE" command will return both (and FETCH ALL includes
> > ENVELOPE).  From the IMAP RFC:
> > 
> > The fields of the envelope structure are in the following order:
> > date, subject, from, sender, reply-to, to, cc, bcc, in-reply-to, and
> > message-id.
> > 
> > Can you paste the whole IMAP command response?
> > 
> > Thanks,
> > 
> > Jeff.
> > 
> 
> --
> TACHIBANA Masashi  QUALITIA CO., LTD.
> mailto:tachib...@qualitia.co.jp
> 
> 
> 
--
TACHIBANA Masashi  QUALITIA CO., LTD.
mailto:tachib...@qualitia.co.jp

株式会社クオリティア
http://www.qualitia.co.jp/

Re: Mailsploit problem in responce of ENVELOPE

[TACHIBANA Masashi]

Hi,

Sorry, It comes by fetching ENVELOPE, not BODYSTRUCTURE.
For example:

A01 UID FETCH 24 (ENVELOPE)
* 4 FETCH (UID 24 ENVELOPE ("Fri, 08 Dec 2017 09:44:35 +0900" "test2" ((NIL NIL 
"service" "paypal.com")) (("dev1" NIL "dev1-bounces" "example.com")) ((NIL NIL 
"service" "paypal.com")) (("user1" NIL "user1" "example.com")) (("dev1" NIL 
"dev1" "example.com")) NIL "<20171206084846.478c.0...@example.com>" 
"<20171208004435.6b4f.0...@example.com>"))
A01 OK Fetch completed (0.000 secs).

> The metasploit generated emails contain a fake Reply-To header.  Are you
> sure that the above isn't the Reply-To header?

I did test also Reply-To header, then had same response as above.


- Original Message -
> On Fri, Dec 08, 2017 at 18:47:37 +0900, TACHIBANA Masashi wrote:
> > Hi,
> > 
> > I tried to see a mail that have a strange From header in bellow URL:
> > 
> > https://www.mailsploit.com/index
> > 
> > Then, I got BODYSTRUCTURE response contain next:
> > 
> > ((NIL NIL "service" "paypal.com"))
> > 
> > Are this problem already founded by anyone?
> > So already fixed?
> 
> The metasploit generated emails contain a fake Reply-To header.  Are you
> sure that the above isn't the Reply-To header?
> 
> The "FETCH 123 ENVELOPE" command will return both (and FETCH ALL includes
> ENVELOPE).  From the IMAP RFC:
> 
>   The fields of the envelope structure are in the following order:
>   date, subject, from, sender, reply-to, to, cc, bcc, in-reply-to, and
>   message-id.
> 
> Can you paste the whole IMAP command response?
> 
> Thanks,
> 
> Jeff.
> 

--
TACHIBANA Masashi  QUALITIA CO., LTD.
mailto:tachib...@qualitia.co.jp

Re: hosting emails at home

[Stephan H]

Originally I was on a business connection, so no port blocking.  I moved to
a residential connection at home and they blocked port 25.  So  I  enabled
my VPS in the cloud to relay my mail to the imap server in my home.  It's a
very simple setup.  I only allow a couple IPs to relay anything through (
my home IP and other VPS's).  Any other connection must be delivering to my
IP or it's rejected.  Then In the transport maps tell it to utilize a non
standard port

domain.com  relay:[home.domain.com:28]

On the home server's postfix I just define the relay host which also uses a
non standard port

relayhost: [vps1.domain.com:26]

At this point you just have to setup your postfix/dovecot config how you
want.  I'm using postfixadmin and both postfix and dovecot use mysql to
determine domains, users, and passwords.

On Sun, Dec 10, 2017 at 2:27 PM, Fabian A. Santiago <
fsanti...@garbage-juice.com> wrote:

> On December 10, 2017 5:25:46 PM EST, Stephan H  wrote:
> >Which part?  Hosting the email server at home or the relay in the
> >cloud?
> >
> >On Dec 10, 2017 14:53, "Fabian A. Santiago"
> >
> >wrote:
> >
> >> On December 10, 2017 3:39:05 PM EST, Stephan H 
> >wrote:
> >> >I have dovecot postfix setup on my home server as well.  I use a
> >> >virtual
> >> >server in the cloud as my mx record and mail relay and have my home
> >> >record
> >> >on dynamic dns.  It's really effective.
> >> >
> >> >On Dec 10, 2017 2:37 PM, "Fabian A. Santiago"
> >> >
> >> >wrote:
> >> >
> >> >> On December 10, 2017 2:49:35 PM EST, "André Rodier"
> >
> >> >> wrote:
> >> >> >Hello Mike,
> >> >> >
> >> >> >Yes, I am using a static IP address, but in theory, you could use
> >a
> >> >> >dynamic one.
> >> >> >
> >> >> >Nothing technically would prevent email exchanges between two
> >boxes,
> >> >as
> >> >> >long as the SPF records are up to date and the DKIM is properly
> >> >setup.
> >> >> >
> >> >> >Unfortunately, some ISPs are simply blacklisting full range of
> >> >private
> >> >> >IP addresses just because they are not officials / commercials.
> >> >> >
> >> >> >Kind regards,
> >> >> >André
> >> >> >
> >> >> >On 10/12/17 19:24, Mike wrote:
> >> >> >>
> >> >> >> Nice.
> >> >> >>
> >> >> >> Are you using a static IP in this setup?
> >> >> >>
> >> >> >> It doesn't seem like it, but wanted to be sure.
> >> >> >>
> >> >> >> Mike.
> >> >> >>
> >> >> >> Quoting André Rodier :
> >> >> >>
> >> >> >>> Hello everyone,
> >> >> >>>
> >> >> >>> I have been using Postfix and Dovecot for my personal emails
> >for
> >> >> >years.
> >> >> >>> After being tired of reinstalling my personal mail server many
> >> >> >times, I
> >> >> >>> am currently writing some Ansible scripts to do it
> >automatically.
> >> >> >>>
> >> >> >>> I obviously checked the other projects, and did not found
> >> >anything
> >> >> >close
> >> >> >>> to what I am looking for, so I am implementing it now.
> >> >> >>>
> >> >> >>> The final goal is to have a box that once online, would setup
> >> >> >itself, by
> >> >> >>> creating the certificates, the DKIM keys and update the
> >> >appropriate
> >> >> >DNS
> >> >> >>> records.
> >> >> >>>
> >> >> >>> This is so far what I have achieved:
> >> >> >>> - Automatic generation of certificates using LetsEncrypt
> >> >> >>> - Automatic update of the domain entries: imap, smtp, webmail,
> >> >etc.
> >> >> >>> - Automatic generation of a DKIM keys
> >> >> >>> - Automatic update of specific records (MX, SPF, DKIM, etc.)
> >> >> >>> - LDAP server for user accounts, with or without system login.
> >> >> >>> - Installation of Postfix, Dovecot and Roundcube
> >> >> >>>
> >> >> >>> Sending DKIM signed emails is working, and the IMAP server is
> >> >> >configured
> >> >> >>> as well, although basic.
> >> >> >>>
> >> >> >>> The postfix and dovecot configuration are not yet entirely
> >> >finished.
> >> >> >I
> >> >> >>> am planing to add an anti spam system, and sieve, amongst
> >other
> >> >> >things.
> >> >> >>>
> >> >> >>> Although in development during my spare time, the system is
> >> >normally
> >> >> >>> robust and you should be able to run it multiple times without
> >> >> >errors.
> >> >> >>>
> >> >> >>> If anyone is interested to use it, to have a look, or to take
> >> >part,
> >> >> >it
> >> >> >>> is here: https://github.com/progmaticltd/homebox
> >> >> >>>
> >> >> >>> Kind regards,
> >> >> >>> André Rodier.
> >> >> >>
> >> >> >>
> >> >>
> >> >> Non static ip'd mail servers are also blocked because they're
> >> >typically
> >> >> spammers.
> >> >> --
> >> >>
> >> >> Thanks,
> >> >>
> >> >> Fabian S.
> >> >>
> >> >> OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
> >> >>
> >>
> >> Stephan h, may I ask why you do that? Just out of curiosity.
> >> --
> >>
> >> Thanks,
> >>
> >> Fabian S.
> >>
> >> OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
> >>
>
> Both; the whole setup.
> --
>
> Thanks,
>
> Fabian S.
>

Re: hosting emails at home

[Kenneth Porter]

On 12/10/2017 12:39 PM, Stephan H wrote:

I have dovecot postfix setup on my home server as well.  I use a virtual
server in the cloud as my mx record and mail relay and have my home record
on dynamic dns.  It's really effective.


My MX points at a leased virtual server and my home server uses 
fetchmail to pull the mail into local mailboxes. I suppose dsync might 
be used instead of fetchmail.

Re: hosting emails at home

[Fabian A. Santiago]

On December 10, 2017 5:25:46 PM EST, Stephan H  wrote:
>Which part?  Hosting the email server at home or the relay in the
>cloud?
>
>On Dec 10, 2017 14:53, "Fabian A. Santiago"
>
>wrote:
>
>> On December 10, 2017 3:39:05 PM EST, Stephan H 
>wrote:
>> >I have dovecot postfix setup on my home server as well.  I use a
>> >virtual
>> >server in the cloud as my mx record and mail relay and have my home
>> >record
>> >on dynamic dns.  It's really effective.
>> >
>> >On Dec 10, 2017 2:37 PM, "Fabian A. Santiago"
>> >
>> >wrote:
>> >
>> >> On December 10, 2017 2:49:35 PM EST, "André Rodier"
>
>> >> wrote:
>> >> >Hello Mike,
>> >> >
>> >> >Yes, I am using a static IP address, but in theory, you could use
>a
>> >> >dynamic one.
>> >> >
>> >> >Nothing technically would prevent email exchanges between two
>boxes,
>> >as
>> >> >long as the SPF records are up to date and the DKIM is properly
>> >setup.
>> >> >
>> >> >Unfortunately, some ISPs are simply blacklisting full range of
>> >private
>> >> >IP addresses just because they are not officials / commercials.
>> >> >
>> >> >Kind regards,
>> >> >André
>> >> >
>> >> >On 10/12/17 19:24, Mike wrote:
>> >> >>
>> >> >> Nice.
>> >> >>
>> >> >> Are you using a static IP in this setup?
>> >> >>
>> >> >> It doesn't seem like it, but wanted to be sure.
>> >> >>
>> >> >> Mike.
>> >> >>
>> >> >> Quoting André Rodier :
>> >> >>
>> >> >>> Hello everyone,
>> >> >>>
>> >> >>> I have been using Postfix and Dovecot for my personal emails
>for
>> >> >years.
>> >> >>> After being tired of reinstalling my personal mail server many
>> >> >times, I
>> >> >>> am currently writing some Ansible scripts to do it
>automatically.
>> >> >>>
>> >> >>> I obviously checked the other projects, and did not found
>> >anything
>> >> >close
>> >> >>> to what I am looking for, so I am implementing it now.
>> >> >>>
>> >> >>> The final goal is to have a box that once online, would setup
>> >> >itself, by
>> >> >>> creating the certificates, the DKIM keys and update the
>> >appropriate
>> >> >DNS
>> >> >>> records.
>> >> >>>
>> >> >>> This is so far what I have achieved:
>> >> >>> - Automatic generation of certificates using LetsEncrypt
>> >> >>> - Automatic update of the domain entries: imap, smtp, webmail,
>> >etc.
>> >> >>> - Automatic generation of a DKIM keys
>> >> >>> - Automatic update of specific records (MX, SPF, DKIM, etc.)
>> >> >>> - LDAP server for user accounts, with or without system login.
>> >> >>> - Installation of Postfix, Dovecot and Roundcube
>> >> >>>
>> >> >>> Sending DKIM signed emails is working, and the IMAP server is
>> >> >configured
>> >> >>> as well, although basic.
>> >> >>>
>> >> >>> The postfix and dovecot configuration are not yet entirely
>> >finished.
>> >> >I
>> >> >>> am planing to add an anti spam system, and sieve, amongst
>other
>> >> >things.
>> >> >>>
>> >> >>> Although in development during my spare time, the system is
>> >normally
>> >> >>> robust and you should be able to run it multiple times without
>> >> >errors.
>> >> >>>
>> >> >>> If anyone is interested to use it, to have a look, or to take
>> >part,
>> >> >it
>> >> >>> is here: https://github.com/progmaticltd/homebox
>> >> >>>
>> >> >>> Kind regards,
>> >> >>> André Rodier.
>> >> >>
>> >> >>
>> >>
>> >> Non static ip'd mail servers are also blocked because they're
>> >typically
>> >> spammers.
>> >> --
>> >>
>> >> Thanks,
>> >>
>> >> Fabian S.
>> >>
>> >> OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
>> >>
>>
>> Stephan h, may I ask why you do that? Just out of curiosity.
>> --
>>
>> Thanks,
>>
>> Fabian S.
>>
>> OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
>>

Both; the whole setup.
--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC

Re: hosting emails at home

[Stephan H]

Which part?  Hosting the email server at home or the relay in the cloud?

On Dec 10, 2017 14:53, "Fabian A. Santiago" 
wrote:

> On December 10, 2017 3:39:05 PM EST, Stephan H  wrote:
> >I have dovecot postfix setup on my home server as well.  I use a
> >virtual
> >server in the cloud as my mx record and mail relay and have my home
> >record
> >on dynamic dns.  It's really effective.
> >
> >On Dec 10, 2017 2:37 PM, "Fabian A. Santiago"
> >
> >wrote:
> >
> >> On December 10, 2017 2:49:35 PM EST, "André Rodier" 
> >> wrote:
> >> >Hello Mike,
> >> >
> >> >Yes, I am using a static IP address, but in theory, you could use a
> >> >dynamic one.
> >> >
> >> >Nothing technically would prevent email exchanges between two boxes,
> >as
> >> >long as the SPF records are up to date and the DKIM is properly
> >setup.
> >> >
> >> >Unfortunately, some ISPs are simply blacklisting full range of
> >private
> >> >IP addresses just because they are not officials / commercials.
> >> >
> >> >Kind regards,
> >> >André
> >> >
> >> >On 10/12/17 19:24, Mike wrote:
> >> >>
> >> >> Nice.
> >> >>
> >> >> Are you using a static IP in this setup?
> >> >>
> >> >> It doesn't seem like it, but wanted to be sure.
> >> >>
> >> >> Mike.
> >> >>
> >> >> Quoting André Rodier :
> >> >>
> >> >>> Hello everyone,
> >> >>>
> >> >>> I have been using Postfix and Dovecot for my personal emails for
> >> >years.
> >> >>> After being tired of reinstalling my personal mail server many
> >> >times, I
> >> >>> am currently writing some Ansible scripts to do it automatically.
> >> >>>
> >> >>> I obviously checked the other projects, and did not found
> >anything
> >> >close
> >> >>> to what I am looking for, so I am implementing it now.
> >> >>>
> >> >>> The final goal is to have a box that once online, would setup
> >> >itself, by
> >> >>> creating the certificates, the DKIM keys and update the
> >appropriate
> >> >DNS
> >> >>> records.
> >> >>>
> >> >>> This is so far what I have achieved:
> >> >>> - Automatic generation of certificates using LetsEncrypt
> >> >>> - Automatic update of the domain entries: imap, smtp, webmail,
> >etc.
> >> >>> - Automatic generation of a DKIM keys
> >> >>> - Automatic update of specific records (MX, SPF, DKIM, etc.)
> >> >>> - LDAP server for user accounts, with or without system login.
> >> >>> - Installation of Postfix, Dovecot and Roundcube
> >> >>>
> >> >>> Sending DKIM signed emails is working, and the IMAP server is
> >> >configured
> >> >>> as well, although basic.
> >> >>>
> >> >>> The postfix and dovecot configuration are not yet entirely
> >finished.
> >> >I
> >> >>> am planing to add an anti spam system, and sieve, amongst other
> >> >things.
> >> >>>
> >> >>> Although in development during my spare time, the system is
> >normally
> >> >>> robust and you should be able to run it multiple times without
> >> >errors.
> >> >>>
> >> >>> If anyone is interested to use it, to have a look, or to take
> >part,
> >> >it
> >> >>> is here: https://github.com/progmaticltd/homebox
> >> >>>
> >> >>> Kind regards,
> >> >>> André Rodier.
> >> >>
> >> >>
> >>
> >> Non static ip'd mail servers are also blocked because they're
> >typically
> >> spammers.
> >> --
> >>
> >> Thanks,
> >>
> >> Fabian S.
> >>
> >> OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
> >>
>
> Stephan h, may I ask why you do that? Just out of curiosity.
> --
>
> Thanks,
>
> Fabian S.
>
> OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
>

Re: hosting emails at home

[André Rodier]

Hello Bruce et al,

One thing I did not specify. I have very strict idea in the way I am
installing a package on a server I put online.

Ideally, I want to have some install process I setup once and I don't
have to worry about anything, especially security.

When I have to install a software, let's say Roundcube, I prefer to use
the native version that comes with Debian server. Of course, it is a
little bit outdated, but I know there is a security team behind that
publishes security patches. I know these security patches will be
applied, while I sleep or while I am in holidays, if I install and
configure correctly unattended upgrades packages.

If really I want more control, I know there is packages on Debian that
will send me an email when updates are available, and I can install them
from anywhere using SSH.

In no case, I would be comfortable installing, on a Live server,
Roundcube from the git repository, which is done fir this project. It is
far too easy to forget and leave it for months with security issues
opened for a while.

Yes, I know there is cron scripts I can use to update the repository.
But even in this case, who is guarantee me that nothing will break on my
server? Once again, there is a Debian team that do a fabulous
integration work, and I don't want to break my mail server just to have
the latest version of Roundcube or Owncloud.

By staying inside the Debian ecosystem, I am also sure that some third
party applications or repositories will stay nicely integrated with the
current state of my server. For instance, I know that I should be able
to add syncthing (https://apt.syncthing.net/) repository as part of the
deployment process, without worrying too much about conflict from files
overwritten by these kind of manipulations.

I don't say one opinion is better that the other, it is just the way I
prefer to work - and as a matter - to live.

Kind regards,
André

On 10/12/17 19:46, André Rodier wrote:
> Thank you,
> 
> I remember to had a look at this project, and I found it huge.
> 
> I started mine because I want LDAP authentication.
> 
> I also wanted less features / programs, less obtrusive, and  better
> attention to small details, like automatic DKIM generation and DNS updates.
> 
> I hope not to end up with something as huge.
> 
> André
> 
> On 10/12/17 19:19, br...@secryption.com wrote:
>> Check out https://github.com/sovereign/sovereign/blob/master/README.md
>>
>>
>> Might have some of what you are looking for already done. 
>>
>>
>> Bruce
>>
>>
>> On Dec 10, 2017 2:06 PM, André Rodier  wrote:
>>
>> Hello everyone,
>>
>> I have been using Postfix and Dovecot for my personal emails for years.
>> After being tired of reinstalling my personal mail server many times, I
>> am currently writing some Ansible scripts to do it automatically.
>>
>> I obviously checked the other projects, and did not found anything close
>> to what I am looking for, so I am implementing it now.
>>
>> The final goal is to have a box that once online, would setup itself, by
>> creating the certificates, the DKIM keys and update the appropriate DNS
>> records.
>>
>> This is so far what I have achieved:
>> - Automatic generation of certificates using LetsEncrypt
>> - Automatic update of the domain entries: imap, smtp, webmail, etc.
>> - Automatic generation of a DKIM keys
>> - Automatic update of specific records (MX, SPF, DKIM, etc.)
>> - LDAP server for user accounts, with or without system login.
>> - Installation of Postfix, Dovecot and Roundcube
>>
>> Sending DKIM signed emails is working, and the IMAP server is configured
>> as well, although basic.
>>
>> The postfix and dovecot configuration are not yet entirely finished. I
>> am planing to add an anti spam system, and sieve, amongst other things.
>>
>> Although in development during my spare time, the system is normally
>> robust and you should be able to run it multiple times without errors.
>>
>> If anyone is interested to use it, to have a look, or to take part, it
>> is here: https://github.com/progmaticltd/homebox
>>
>> Kind regards,
>> André Rodier.
>>

Re: hosting emails at home

[Fabian A. Santiago]

On December 10, 2017 3:39:05 PM EST, Stephan H  wrote:
>I have dovecot postfix setup on my home server as well.  I use a
>virtual
>server in the cloud as my mx record and mail relay and have my home
>record
>on dynamic dns.  It's really effective.
>
>On Dec 10, 2017 2:37 PM, "Fabian A. Santiago"
>
>wrote:
>
>> On December 10, 2017 2:49:35 PM EST, "André Rodier" 
>> wrote:
>> >Hello Mike,
>> >
>> >Yes, I am using a static IP address, but in theory, you could use a
>> >dynamic one.
>> >
>> >Nothing technically would prevent email exchanges between two boxes,
>as
>> >long as the SPF records are up to date and the DKIM is properly
>setup.
>> >
>> >Unfortunately, some ISPs are simply blacklisting full range of
>private
>> >IP addresses just because they are not officials / commercials.
>> >
>> >Kind regards,
>> >André
>> >
>> >On 10/12/17 19:24, Mike wrote:
>> >>
>> >> Nice.
>> >>
>> >> Are you using a static IP in this setup?
>> >>
>> >> It doesn't seem like it, but wanted to be sure.
>> >>
>> >> Mike.
>> >>
>> >> Quoting André Rodier :
>> >>
>> >>> Hello everyone,
>> >>>
>> >>> I have been using Postfix and Dovecot for my personal emails for
>> >years.
>> >>> After being tired of reinstalling my personal mail server many
>> >times, I
>> >>> am currently writing some Ansible scripts to do it automatically.
>> >>>
>> >>> I obviously checked the other projects, and did not found
>anything
>> >close
>> >>> to what I am looking for, so I am implementing it now.
>> >>>
>> >>> The final goal is to have a box that once online, would setup
>> >itself, by
>> >>> creating the certificates, the DKIM keys and update the
>appropriate
>> >DNS
>> >>> records.
>> >>>
>> >>> This is so far what I have achieved:
>> >>> - Automatic generation of certificates using LetsEncrypt
>> >>> - Automatic update of the domain entries: imap, smtp, webmail,
>etc.
>> >>> - Automatic generation of a DKIM keys
>> >>> - Automatic update of specific records (MX, SPF, DKIM, etc.)
>> >>> - LDAP server for user accounts, with or without system login.
>> >>> - Installation of Postfix, Dovecot and Roundcube
>> >>>
>> >>> Sending DKIM signed emails is working, and the IMAP server is
>> >configured
>> >>> as well, although basic.
>> >>>
>> >>> The postfix and dovecot configuration are not yet entirely
>finished.
>> >I
>> >>> am planing to add an anti spam system, and sieve, amongst other
>> >things.
>> >>>
>> >>> Although in development during my spare time, the system is
>normally
>> >>> robust and you should be able to run it multiple times without
>> >errors.
>> >>>
>> >>> If anyone is interested to use it, to have a look, or to take
>part,
>> >it
>> >>> is here: https://github.com/progmaticltd/homebox
>> >>>
>> >>> Kind regards,
>> >>> André Rodier.
>> >>
>> >>
>>
>> Non static ip'd mail servers are also blocked because they're
>typically
>> spammers.
>> --
>>
>> Thanks,
>>
>> Fabian S.
>>
>> OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
>>

Stephan h, may I ask why you do that? Just out of curiosity. 
--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC

Re: hosting emails at home

[Stephan H]

I have dovecot postfix setup on my home server as well.  I use a virtual
server in the cloud as my mx record and mail relay and have my home record
on dynamic dns.  It's really effective.

On Dec 10, 2017 2:37 PM, "Fabian A. Santiago" 
wrote:

> On December 10, 2017 2:49:35 PM EST, "André Rodier" 
> wrote:
> >Hello Mike,
> >
> >Yes, I am using a static IP address, but in theory, you could use a
> >dynamic one.
> >
> >Nothing technically would prevent email exchanges between two boxes, as
> >long as the SPF records are up to date and the DKIM is properly setup.
> >
> >Unfortunately, some ISPs are simply blacklisting full range of private
> >IP addresses just because they are not officials / commercials.
> >
> >Kind regards,
> >André
> >
> >On 10/12/17 19:24, Mike wrote:
> >>
> >> Nice.
> >>
> >> Are you using a static IP in this setup?
> >>
> >> It doesn't seem like it, but wanted to be sure.
> >>
> >> Mike.
> >>
> >> Quoting André Rodier :
> >>
> >>> Hello everyone,
> >>>
> >>> I have been using Postfix and Dovecot for my personal emails for
> >years.
> >>> After being tired of reinstalling my personal mail server many
> >times, I
> >>> am currently writing some Ansible scripts to do it automatically.
> >>>
> >>> I obviously checked the other projects, and did not found anything
> >close
> >>> to what I am looking for, so I am implementing it now.
> >>>
> >>> The final goal is to have a box that once online, would setup
> >itself, by
> >>> creating the certificates, the DKIM keys and update the appropriate
> >DNS
> >>> records.
> >>>
> >>> This is so far what I have achieved:
> >>> - Automatic generation of certificates using LetsEncrypt
> >>> - Automatic update of the domain entries: imap, smtp, webmail, etc.
> >>> - Automatic generation of a DKIM keys
> >>> - Automatic update of specific records (MX, SPF, DKIM, etc.)
> >>> - LDAP server for user accounts, with or without system login.
> >>> - Installation of Postfix, Dovecot and Roundcube
> >>>
> >>> Sending DKIM signed emails is working, and the IMAP server is
> >configured
> >>> as well, although basic.
> >>>
> >>> The postfix and dovecot configuration are not yet entirely finished.
> >I
> >>> am planing to add an anti spam system, and sieve, amongst other
> >things.
> >>>
> >>> Although in development during my spare time, the system is normally
> >>> robust and you should be able to run it multiple times without
> >errors.
> >>>
> >>> If anyone is interested to use it, to have a look, or to take part,
> >it
> >>> is here: https://github.com/progmaticltd/homebox
> >>>
> >>> Kind regards,
> >>> André Rodier.
> >>
> >>
>
> Non static ip'd mail servers are also blocked because they're typically
> spammers.
> --
>
> Thanks,
>
> Fabian S.
>
> OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
>

Re: hosting emails at home

[Fabian A. Santiago]

On December 10, 2017 2:49:35 PM EST, "André Rodier"  wrote:
>Hello Mike,
>
>Yes, I am using a static IP address, but in theory, you could use a
>dynamic one.
>
>Nothing technically would prevent email exchanges between two boxes, as
>long as the SPF records are up to date and the DKIM is properly setup.
>
>Unfortunately, some ISPs are simply blacklisting full range of private
>IP addresses just because they are not officials / commercials.
>
>Kind regards,
>André
>
>On 10/12/17 19:24, Mike wrote:
>> 
>> Nice.
>> 
>> Are you using a static IP in this setup?
>> 
>> It doesn't seem like it, but wanted to be sure.
>> 
>> Mike.
>> 
>> Quoting André Rodier :
>> 
>>> Hello everyone,
>>>
>>> I have been using Postfix and Dovecot for my personal emails for
>years.
>>> After being tired of reinstalling my personal mail server many
>times, I
>>> am currently writing some Ansible scripts to do it automatically.
>>>
>>> I obviously checked the other projects, and did not found anything
>close
>>> to what I am looking for, so I am implementing it now.
>>>
>>> The final goal is to have a box that once online, would setup
>itself, by
>>> creating the certificates, the DKIM keys and update the appropriate
>DNS
>>> records.
>>>
>>> This is so far what I have achieved:
>>> - Automatic generation of certificates using LetsEncrypt
>>> - Automatic update of the domain entries: imap, smtp, webmail, etc.
>>> - Automatic generation of a DKIM keys
>>> - Automatic update of specific records (MX, SPF, DKIM, etc.)
>>> - LDAP server for user accounts, with or without system login.
>>> - Installation of Postfix, Dovecot and Roundcube
>>>
>>> Sending DKIM signed emails is working, and the IMAP server is
>configured
>>> as well, although basic.
>>>
>>> The postfix and dovecot configuration are not yet entirely finished.
>I
>>> am planing to add an anti spam system, and sieve, amongst other
>things.
>>>
>>> Although in development during my spare time, the system is normally
>>> robust and you should be able to run it multiple times without
>errors.
>>>
>>> If anyone is interested to use it, to have a look, or to take part,
>it
>>> is here: https://github.com/progmaticltd/homebox
>>>
>>> Kind regards,
>>> André Rodier.
>> 
>> 

Non static ip'd mail servers are also blocked because they're typically 
spammers. 
--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC

Re: Doveadm backup error.

[Dovecot list]

But on other side i have that same settings (Only on dovecot 1 ) ID and GID
are that same, and on other site i dont have any info in logs...
I think this is @ dovecot 2 problem, but dont know how to solve it...
Best regards.

2017-12-01 8:02 GMT+01:00 Aki Tuomi :

> This is probably problem on the other end.
>
> Aki
>
>
> On 20.11.2017 19:36, Dovecot list wrote:
> > Hello. I try to migrate dovecot 1 to dovecot 2 with doveadm backup.
> > But when i try to set doveadm backup i get :
> >
> > mx3:/root/dsync@[23:11] # doveadm -v -c ah.temp backup -R -u a...@test.pl
> >  imapc:
> > doveadm(a...@test.pl ): Error: Mail access for users with
> UID
> > 145 not permitted (see first_valid_uid in config file, uid from userdb
> > lookup).
> > doveadm(a...@test.pl ): Error: User init failed
> >
> >
> > mx3:/root/dsync@[22:13] # ls -la /home/mail/vhosts/test.pl/a...@test.pl/
> > 
> > total 1
> > drwxr-xr-x  2 vmail  vmail  2 Nov 12 23:59 .
> >
> > mx3:/root/dsync@[22:14] # doveadm user a...@test.pl 
> > field   value
> > uid 145
> > gid 145
> > home/home/mail/vhosts/test.pl/a...@test.pl <
> http://i-pi.pl/ahu...@i-pi.pl>
> > mailmdbox:~/mdbox
> > quota_rule  *:storage=5M
> >
> > mx3:/root/dsync@[22:14] # id 145
> > uid=145(vmail) gid=145(vmail) groups=145(vmail)
> >
> > mx3:/root/dsync@[1:14] # doveconf -n | grep 145
> > first_valid_uid = 145
> > last_valid_uid = 145
> >
> > I dont have any idea whats is the problem.
> > Best regards.
>
>

Re: hosting emails at home

[André Rodier]

Hello Mike,

Yes, I am using a static IP address, but in theory, you could use a
dynamic one.

Nothing technically would prevent email exchanges between two boxes, as
long as the SPF records are up to date and the DKIM is properly setup.

Unfortunately, some ISPs are simply blacklisting full range of private
IP addresses just because they are not officials / commercials.

Kind regards,
André

On 10/12/17 19:24, Mike wrote:
> 
> Nice.
> 
> Are you using a static IP in this setup?
> 
> It doesn't seem like it, but wanted to be sure.
> 
> Mike.
> 
> Quoting André Rodier :
> 
>> Hello everyone,
>>
>> I have been using Postfix and Dovecot for my personal emails for years.
>> After being tired of reinstalling my personal mail server many times, I
>> am currently writing some Ansible scripts to do it automatically.
>>
>> I obviously checked the other projects, and did not found anything close
>> to what I am looking for, so I am implementing it now.
>>
>> The final goal is to have a box that once online, would setup itself, by
>> creating the certificates, the DKIM keys and update the appropriate DNS
>> records.
>>
>> This is so far what I have achieved:
>> - Automatic generation of certificates using LetsEncrypt
>> - Automatic update of the domain entries: imap, smtp, webmail, etc.
>> - Automatic generation of a DKIM keys
>> - Automatic update of specific records (MX, SPF, DKIM, etc.)
>> - LDAP server for user accounts, with or without system login.
>> - Installation of Postfix, Dovecot and Roundcube
>>
>> Sending DKIM signed emails is working, and the IMAP server is configured
>> as well, although basic.
>>
>> The postfix and dovecot configuration are not yet entirely finished. I
>> am planing to add an anti spam system, and sieve, amongst other things.
>>
>> Although in development during my spare time, the system is normally
>> robust and you should be able to run it multiple times without errors.
>>
>> If anyone is interested to use it, to have a look, or to take part, it
>> is here: https://github.com/progmaticltd/homebox
>>
>> Kind regards,
>> André Rodier.
> 
> 

Re: hosting emails at home

[André Rodier]

Thank you,

I remember to had a look at this project, and I found it huge.

I started mine because I want LDAP authentication.

I also wanted less features / programs, less obtrusive, and  better
attention to small details, like automatic DKIM generation and DNS updates.

I hope not to end up with something as huge.

André

On 10/12/17 19:19, br...@secryption.com wrote:
> Check out https://github.com/sovereign/sovereign/blob/master/README.md
> 
> 
> Might have some of what you are looking for already done. 
> 
> 
> Bruce
> 
> 
> On Dec 10, 2017 2:06 PM, André Rodier  wrote:
> 
> Hello everyone,
> 
> I have been using Postfix and Dovecot for my personal emails for years.
> After being tired of reinstalling my personal mail server many times, I
> am currently writing some Ansible scripts to do it automatically.
> 
> I obviously checked the other projects, and did not found anything close
> to what I am looking for, so I am implementing it now.
> 
> The final goal is to have a box that once online, would setup itself, by
> creating the certificates, the DKIM keys and update the appropriate DNS
> records.
> 
> This is so far what I have achieved:
> - Automatic generation of certificates using LetsEncrypt
> - Automatic update of the domain entries: imap, smtp, webmail, etc.
> - Automatic generation of a DKIM keys
> - Automatic update of specific records (MX, SPF, DKIM, etc.)
> - LDAP server for user accounts, with or without system login.
> - Installation of Postfix, Dovecot and Roundcube
> 
> Sending DKIM signed emails is working, and the IMAP server is configured
> as well, although basic.
> 
> The postfix and dovecot configuration are not yet entirely finished. I
> am planing to add an anti spam system, and sieve, amongst other things.
> 
> Although in development during my spare time, the system is normally
> robust and you should be able to run it multiple times without errors.
> 
> If anyone is interested to use it, to have a look, or to take part, it
> is here: https://github.com/progmaticltd/homebox
> 
> Kind regards,
> André Rodier.
> 

Re: hosting emails at home

[Kenneth Porter]

--On Sunday, December 10, 2017 7:05 PM + André Rodier 
 wrote:



This is so far what I have achieved:


How about MIMEDefang, ClamAV, and SpamAssassin? I'm currently running 
MD+Clam from sendmail and SA from procmail, but I'm open to seeing the 
equivalent solution with Postfix and the Dovecot LDA.


(One thing that keeps me from switching to Postfix is the need to accept 
"plussed" addresses using both the plus sign and the dot (for websites that 
refuse "+" in an email address).)

Re: hosting emails at home

[bruce]

Check out https://github.com/sovereign/sovereign/blob/master/README.md


Might have some of what you are looking for already done. 


Bruce


On Dec 10, 2017 2:06 PM, André Rodier  wrote:

Hello everyone,

I have been using Postfix and Dovecot for my personal emails for years.
After being tired of reinstalling my personal mail server many times, I
am currently writing some Ansible scripts to do it automatically.

I obviously checked the other projects, and did not found anything close
to what I am looking for, so I am implementing it now.

The final goal is to have a box that once online, would setup itself, by
creating the certificates, the DKIM keys and update the appropriate DNS
records.

This is so far what I have achieved:
- Automatic generation of certificates using LetsEncrypt
- Automatic update of the domain entries: imap, smtp, webmail, etc.
- Automatic generation of a DKIM keys
- Automatic update of specific records (MX, SPF, DKIM, etc.)
- LDAP server for user accounts, with or without system login.
- Installation of Postfix, Dovecot and Roundcube

Sending DKIM signed emails is working, and the IMAP server is configured
as well, although basic.

The postfix and dovecot configuration are not yet entirely finished. I
am planing to add an anti spam system, and sieve, amongst other things.

Although in development during my spare time, the system is normally
robust and you should be able to run it multiple times without errors.

If anyone is interested to use it, to have a look, or to take part, it
is here: https://github.com/progmaticltd/homebox

Kind regards,
André Rodier.

Re: hosting emails at home

[Jeff Abrahamson]

On 10/12/17 20:05, André Rodier wrote:
> Hello everyone,
>
> I have been using Postfix and Dovecot for my personal emails for years.
> After being tired of reinstalling my personal mail server many times, I
> am currently writing some Ansible scripts to do it automatically.

Kudos, it's a good project.  Thanks for sharing it.

I thought it might be useful to offer a counterpoint: I thought about
automating server setup, but decided against it because I do it seldom
enough (for my personal serveres) that I should expect bitrot and
software evolution to make what I automate not quite work the way I
expect on next setup.  Instead, I wrote up extensive notes about how I
set up my servers with a few scripts to help me compare config files. 
It's a work in progress, like all such things.

https://github.com/JeffAbrahamson/hosts/tree/master/p27

The real point, I suppose, is that if I have to set up a new version of
my server, say because I'm upgrading OS significantly, I'd like to force
myself to look at what I'm doing rather than have the false confidence
that comes from having perfectly scripted it some years back but not
having thought through texting in light of whatever changes have
happened to software since.

Reasonable people may dispute these points.  It's also significant that
I don't like to spend the time on devops necessary to debug these sorts
of things, so there's a lot of personal taste in it.

-- 

Jeff Abrahamson
+33 6 24 40 01 57
+44 7920 594 255

http://p27.eu/jeff/

hosting emails at home

[André Rodier]

Hello everyone,

I have been using Postfix and Dovecot for my personal emails for years.
After being tired of reinstalling my personal mail server many times, I
am currently writing some Ansible scripts to do it automatically.

I obviously checked the other projects, and did not found anything close
to what I am looking for, so I am implementing it now.

The final goal is to have a box that once online, would setup itself, by
creating the certificates, the DKIM keys and update the appropriate DNS
records.

This is so far what I have achieved:
- Automatic generation of certificates using LetsEncrypt
- Automatic update of the domain entries: imap, smtp, webmail, etc.
- Automatic generation of a DKIM keys
- Automatic update of specific records (MX, SPF, DKIM, etc.)
- LDAP server for user accounts, with or without system login.
- Installation of Postfix, Dovecot and Roundcube

Sending DKIM signed emails is working, and the IMAP server is configured
as well, although basic.

The postfix and dovecot configuration are not yet entirely finished. I
am planing to add an anti spam system, and sieve, amongst other things.

Although in development during my spare time, the system is normally
robust and you should be able to run it multiple times without errors.

If anyone is interested to use it, to have a look, or to take part, it
is here: https://github.com/progmaticltd/homebox

Kind regards,
André Rodier.