Re: [qmailtoaster] DKIM

[Gary Bowling]

  
  


Oh, and totally agree that using drop ins is much better than
  patching. 



Gary



On 3/23/2024 11:05 AM, Gary Bowling
  wrote:


  
  
  
  Thanks.
  Yes, spamassassin is working fine for the verification of
inbound DKIM. Looks like that's part of the stock spamassassin
install as long as you have the Mail::SpamAssassin::Plugin::DKIM
plugin installed. 
  
  
  
  
  
  On 3/23/2024 10:58 AM, Eric Broch
wrote:
  
  

Looks like there's an updated version of the script on
  Manuel's site, I'll put that on github
In lieu of patching qmail...again...I thought using drop ins
  was preferable. That said,
spamassassin can be used on the ingress side of your server
  to score dkim in messages.


On 3/23/2024 8:23 AM, Gary Bowling
  wrote:


  
  
  
  hmm, not sure. Maybe a weekend thing. Glad to know it's
still there though for future needs.
  
  
  
  
  
  On 3/23/2024 9:56 AM, ebroch
wrote:
  
  

Not sure why github is timing out on you but
  I can navigate right to the page







  Sent
from my Galaxy






   Original message 
  From: Gary Bowling 
  
  Date: 2024-03-23 7:49 a.m. (GMT-07:00) 
  To: qmailtoaster-list@qmailtoaster.com
  
  Subject: Re: [qmailtoaster] DKIM 
  
  



Ok, qmail-remote for use with DKIM signing outgoing
  messages is just a perl scrip written by Manuel Mausz way
  back in 2007 that just calls qmail-remote.orig. I'm not
  sure where the official toaster version is kept now, but
  you easily download it from here:
https://manuel.mausz.at/coding/qmail-dkim/qmail-dkim-0.3.pl
Change the name of your qmail-remote to qmail-remote.orig
  and change the name of the perl script to qmail-remote



I just copied it from my old server. 



Now my DKIM signing is working correctly. 



On 3/23/2024 9:24 AM, Gary
  Bowling wrote:


  
  
  Oops, got a bit confused there between signing and
verifying.. 
  
  For signing, it looks like we are still using a
modified qmail-remote. So back to my original question.

  
  Where do we get the qmail-remote for DKIM these days?


This page: http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster

Shows to get it from here:

wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote


But that times out and doesn't work.
  
  
  Gary
  
  
  
  On 3/23/2024 8:31 AM, Gary
Bowling wrote:
  
  


Hmm, this line in the wiki says qmail-queue needs to
  be  "link" which mine is not.


4. DKIM verification (no patch):
  
     Assumes 'QMAILQUEUE="/var/qmail/bin/simscan"'
  defined in /etc/tcprules.d/tcp.smtp
     && /var/qmail/bin/qmail-queue is a
  link.
     Note: Spamassassin has DKIM verification making
  this unnecessary.


and it also says maybe we're now doing it in
  Spamassassin, but no instructions on how to do that.


What IS the best way to do DKIM with an
  updated server???


Gary



On 3/23/2024 8:24 AM, Gary
  Bowling wrote:


  
  
  I see, looks like we're using a combination of
simscan and 

Re: [qmailtoaster] DKIM

[Gary Bowling]

  
  


Thanks.
Yes, spamassassin is working fine for the verification of inbound
  DKIM. Looks like that's part of the stock spamassassin install as
  long as you have the Mail::SpamAssassin::Plugin::DKIM plugin
  installed. 





On 3/23/2024 10:58 AM, Eric Broch
  wrote:


  
  Looks like there's an updated version of the script on Manuel's
site, I'll put that on github
  In lieu of patching qmail...again...I thought using drop ins
was preferable. That said,
  spamassassin can be used on the ingress side of your server to
score dkim in messages.
  
  
  On 3/23/2024 8:23 AM, Gary Bowling
wrote:
  
  



hmm, not sure. Maybe a weekend thing. Glad to know it's still
  there though for future needs.





On 3/23/2024 9:56 AM, ebroch wrote:


  
  Not sure why github is timing out on you but I
can navigate right to the page
  
  
  
  
  
  
  
Sent
  from my Galaxy
  
  
  
  
  
  
 Original message 
From: Gary Bowling 

Date: 2024-03-23 7:49 a.m. (GMT-07:00) 
To: qmailtoaster-list@qmailtoaster.com

Subject: Re: [qmailtoaster] DKIM 


  
  
  
  Ok, qmail-remote for use with DKIM signing outgoing
messages is just a perl scrip written by Manuel Mausz way
back in 2007 that just calls qmail-remote.orig. I'm not sure
where the official toaster version is kept now, but you
easily download it from here:
  https://manuel.mausz.at/coding/qmail-dkim/qmail-dkim-0.3.pl
  Change the name of your qmail-remote to qmail-remote.orig
and change the name of the perl script to qmail-remote
  
  
  
  I just copied it from my old server. 
  
  
  
  Now my DKIM signing is working correctly. 
  
  
  
  On 3/23/2024 9:24 AM, Gary
Bowling wrote:
  
  


Oops, got a bit confused there between signing and
  verifying.. 

For signing, it looks like we are still using a modified
  qmail-remote. So back to my original question. 

Where do we get the qmail-remote for DKIM these days?
  
  
  This page: http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
  
  Shows to get it from here:
  
  wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
  
  
  But that times out and doesn't work.


Gary



On 3/23/2024 8:31 AM, Gary
  Bowling wrote:


  
  
  Hmm, this line in the wiki says qmail-queue needs to
be  "link" which mine is not.
  
  
  4. DKIM verification (no patch):

   Assumes 'QMAILQUEUE="/var/qmail/bin/simscan"'
defined in /etc/tcprules.d/tcp.smtp
   && /var/qmail/bin/qmail-queue is a link.
   Note: Spamassassin has DKIM verification making
this unnecessary.
  
  
  and it also says maybe we're now doing it in
Spamassassin, but no instructions on how to do that.
  
  
  What IS the best way to do DKIM with an updated
server???
  
  
  Gary
  
  
  
  On 3/23/2024 8:24 AM, Gary
Bowling wrote:
  
  


I see, looks like we're using a combination of
  simscan and modifying /var/qmail/supervise/smtp/run to
  do DKIM now and not modifying qmail-remote.






On 3/23/2024 7:57 AM, Gary
  Bowling wrote:


  
  
  Where do we get the qmail-remote for DKIM these
days?
  
  
  This page: 

Re: [qmailtoaster] DKIM

[Eric Broch]

Looks like there's an updated version of the script on Manuel's site, 
I'll put that on github


In lieu of patching qmail...again...I thought using drop ins was 
preferable. That said,


spamassassin can be used on the ingress side of your server to score 
dkim in messages.



On 3/23/2024 8:23 AM, Gary Bowling wrote:



hmm, not sure. Maybe a weekend thing. Glad to know it's still there 
though for future needs.




On 3/23/2024 9:56 AM, ebroch wrote:
Not sure why github is timing out on you but I can navigate right to 
the page




Sent from my Galaxy


 Original message 
From: Gary Bowling 
Date: 2024-03-23 7:49 a.m. (GMT-07:00)
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] DKIM


Ok, qmail-remote for use with DKIM signing outgoing messages is just 
a perl scrip written by Manuel Mausz way back in 2007 that just calls 
qmail-remote.orig. I'm not sure where the official toaster version is 
kept now, but you easily download it from here:


https://manuel.mausz.at/coding/qmail-dkim/qmail-dkim-0.3.pl

Change the name of your qmail-remote to qmail-remote.orig and change 
the name of the perl script to qmail-remote



I just copied it from my old server.


Now my DKIM signing is working correctly.


On 3/23/2024 9:24 AM, Gary Bowling wrote:



Oops, got a bit confused there between signing and verifying..

For signing, it looks like we are still using a modified 
qmail-remote. So back to my original question.


Where do we get the qmail-remote for DKIM these days?


This page: 
http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster


Shows to get it from here:

wget 
https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote



But that times out and doesn't work.


Gary


On 3/23/2024 8:31 AM, Gary Bowling wrote:



Hmm, this line in the wiki says qmail-queue needs to be "link" 
which mine is not.



4. DKIM verification (no patch):

   Assumes 'QMAILQUEUE="/var/qmail/bin/simscan"' defined in 
/etc/tcprules.d/tcp.smtp

   && /var/qmail/bin/qmail-queue is a link.
   Note: Spamassassin has DKIM verification making this 
unnecessary.



and it also says maybe we're now doing it in Spamassassin, but no 
instructions on how to do that.



What *IS* the best way to do DKIM with an updated server???


Gary


On 3/23/2024 8:24 AM, Gary Bowling wrote:



I see, looks like we're using a combination of simscan and 
modifying /var/qmail/supervise/smtp/run to do DKIM now and not 
modifying qmail-remote.





On 3/23/2024 7:57 AM, Gary Bowling wrote:



Where do we get the qmail-remote for DKIM these days?


This page: 
http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster


Shows to get it from here:

wget 
https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote



But that times out and doesn't work.


Thanks, Gary

--

Gary Bowling
The Moderns on Spotify 



- 
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional 
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
- 
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional 
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
- 
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional 
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
- 
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional 
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
- 
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional 
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
- 
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 

Re: [qmailtoaster] Certificate Error

[Gary Bowling]

  
  


Absolutely. I think I've got that already, as that's the way the
  default install works, but I should probably go do some tests just
  to make sure.  Nothing like configuring a client and trying it to
  test it out. 



Gary



On 3/23/2024 10:25 AM, Tonix wrote:


  
  Glad to hear. In any case any usage
of submission port, both to local and external domains, should
be done only by authenticated users.
  
  
  Tonino
  
  
  
  
  
  Il 23/03/2024 12:38, Gary Bowling ha
scritto:
  
  

Thanks, the error turned out to be solved by fixing up the 
  /var/qmail/supervise/submission/run file to accept starttls
  and encrypted passwords. 



On 3/23/2024 4:20 AM, Tonix wrote:


  
  "However, when I try to send to external
domains, I get the error that CHKUSER rejected relaying,
saying "client not allowed to relay"".
  
  
  That means sending user is not authenticated.
  
  
  Probably your submission port accepts messages
from anyone for local domains.
  
  
  
  Tonino
  
  
  
Il 23 marzo 2024 00:35:38 CET, g...@gbco.us
  ha scritto:

  Ok, in my old server's /var/qmail/supervise/submission/run file, I had the following line.

export REQUIRE_AUTH=1


In the new server, it had the following line.

export SMTPAUTH="!"


I'm not sure what the syntax on the new server line means. I changed the line to be like my old server and now sending mail through port 587, with starttls for local domains.

However, when I try to send to external domains, I get the error that CHKUSER rejected relaying, saying "client not allowed to relay"

Maybe I'm making progress, but don't know.

Gary


On 2024-03-22 19:30, g...@gbco.us wrote:
Well, this is the way many of my clients are already configured... So
I have to figure out a way to make it work, or go back to my old
server. Not really an option to reconfigure all my clients.

Thanks, Gary


On 2024-03-22 19:26, Remo Mattei wrote:
You need to use password not encrypted.


Inviato da iPhone

Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha scritto:


I can send mail via the roundcube web mail. That's where this message is coming from.

When sending mail from thunderbird, I have my smtp server set up in my client as

Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error. The server responded:  TLS no valid RSA private key: error:8002:system library::No such file or directory (#4.3.0).


To create certificates on my new server. I retrieved certs from letencrypt and then did this.

cp -p /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem.lastmonth
cat /etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem > /var/qmail/control/servercert.pem

chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem



Any idea what's going on with this error?

thanks, GaryTo unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



  

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  
  
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

[Tonix]

Glad to hear. In any case any usage of submission port, both to local 
and external domains, should be done only by authenticated users.


Tonino


Il 23/03/2024 12:38, Gary Bowling ha scritto:


Thanks, the error turned out to be solved by fixing up the 
/var/qmail/supervise/submission/run file to accept starttls and 
encrypted passwords.



On 3/23/2024 4:20 AM, Tonix wrote:
"However, when I try to send to external domains, I get the error 
that CHKUSER rejected relaying, saying "client not allowed to relay"".


That means sending user is not authenticated.

Probably your submission port accepts messages from anyone for local 
domains.


Tonino


Il 23 marzo 2024 00:35:38 CET, g...@gbco.us ha scritto:

Ok, in my old server's /var/qmail/supervise/submission/run file,
I had the following line. export REQUIRE_AUTH=1 In the new
server, it had the following line. export SMTPAUTH="!" I'm not
sure what the syntax on the new server line means. I changed the
line to be like my old server and now sending mail through port
587, with starttls for local domains. However, when I try to send
to external domains, I get the error that CHKUSER rejected
relaying, saying "client not allowed to relay" Maybe I'm making
progress, but don't know. Gary On 2024-03-22 19:30, g...@gbco.us
wrote:

Well, this is the way many of my clients are already
configured... So I have to figure out a way to make it work,
or go back to my old server. Not really an option to
reconfigure all my clients. Thanks, Gary On 2024-03-22 19:26,
Remo Mattei wrote:

You need to use password not encrypted. Inviato da iPhone

Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha
scritto:  I can send mail via the roundcube web
mail. That's where this message is coming from. When
sending mail from thunderbird, I have my smtp server
set up in my client as Port 587 startTLS Encrypted
Password This is the same as I had with a number of
clients on my old server. When I try to send email, I
get this error. Sending of the message failed. An
error occurred while sending mail: Outgoing server
(SMTP) error. The server responded: TLS no valid RSA
private key: error:8002:system
library::No such file or directory (#4.3.0). To
create certificates on my new server. I retrieved
certs from letencrypt and then did this. cp -p
/var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.lastmonth cat

/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
> /var/qmail/control/servercert.pem chown
vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem Any idea
what's going on with this error? thanks, Gary


To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com For
additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com 




To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com For
additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com 



To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 



To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

- 
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 

Re: [qmailtoaster] DKIM

[Gary Bowling]

  
  


hmm, not sure. Maybe a weekend thing. Glad to know it's still
  there though for future needs.





On 3/23/2024 9:56 AM, ebroch wrote:


  
  Not sure why github is timing out on you but I can
navigate right to the page
  
  
  
  
  
  
  
Sent from
  my Galaxy
  
  
  
  
  
  
 Original message 
From: Gary Bowling  
Date: 2024-03-23 7:49 a.m. (GMT-07:00) 
To: qmailtoaster-list@qmailtoaster.com 
Subject: Re: [qmailtoaster] DKIM 


  
  
  
  Ok, qmail-remote for use with DKIM signing outgoing messages is
just a perl scrip written by Manuel Mausz way back in 2007 that
just calls qmail-remote.orig. I'm not sure where the official
toaster version is kept now, but you easily download it from
here:
  https://manuel.mausz.at/coding/qmail-dkim/qmail-dkim-0.3.pl
  Change the name of your qmail-remote to qmail-remote.orig and
change the name of the perl script to qmail-remote
  
  
  
  I just copied it from my old server. 
  
  
  
  Now my DKIM signing is working correctly. 
  
  
  
  On 3/23/2024 9:24 AM, Gary Bowling
wrote:
  
  


Oops, got a bit confused there between signing and
  verifying.. 

For signing, it looks like we are still using a modified
  qmail-remote. So back to my original question. 

Where do we get the qmail-remote for DKIM these days?
  
  
  This page: http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
  
  Shows to get it from here:
  
  wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
  
  
  But that times out and doesn't work.


Gary



On 3/23/2024 8:31 AM, Gary Bowling
  wrote:


  
  
  Hmm, this line in the wiki says qmail-queue needs to be 
"link" which mine is not.
  
  
  4. DKIM verification (no patch):

   Assumes 'QMAILQUEUE="/var/qmail/bin/simscan"' defined
in /etc/tcprules.d/tcp.smtp
   && /var/qmail/bin/qmail-queue is a link.
   Note: Spamassassin has DKIM verification making this
unnecessary.
  
  
  and it also says maybe we're now doing it in Spamassassin,
but no instructions on how to do that.
  
  
  What IS the best way to do DKIM with an updated
server???
  
  
  Gary
  
  
  
  On 3/23/2024 8:24 AM, Gary
Bowling wrote:
  
  


I see, looks like we're using a combination of simscan
  and modifying /var/qmail/supervise/smtp/run to do DKIM now
  and not modifying qmail-remote.






On 3/23/2024 7:57 AM, Gary
  Bowling wrote:


  
  
  Where do we get the qmail-remote for DKIM these days?
  
  
  This page: http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
  Shows to get it from here:
  
  wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
  
  
  But that times out and doesn't work. 
  
  
  
  Thanks, Gary
  
  -- 

Gary Bowling
 The Moderns on Spotify 

  
- To
  unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  
- To
  unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

- To
unsubscribe, e-mail: 

Re: [qmailtoaster] DKIM

[ebroch]

Not sure why github is timing out on you but I can navigate right to the 
pageSent from my Galaxy
 Original message From: Gary Bowling  Date: 
2024-03-23  7:49 a.m.  (GMT-07:00) To: qmailtoaster-list@qmailtoaster.com 
Subject: Re: [qmailtoaster] DKIM 


Ok, qmail-remote for use with DKIM signing outgoing messages is
  just a perl scrip written by Manuel Mausz way back in 2007 that
  just calls qmail-remote.orig. I'm not sure where the official
  toaster version is kept now, but you easily download it from here:
https://manuel.mausz.at/coding/qmail-dkim/qmail-dkim-0.3.pl
Change the name of your qmail-remote to qmail-remote.orig and
  change the name of the perl script to qmail-remote



I just copied it from my old server. 



Now my DKIM signing is working correctly. 



On 3/23/2024 9:24 AM, Gary Bowling
  wrote:


  
  
  
  Oops, got a bit confused there between signing and verifying..

  
  For signing, it looks like we are still using a modified
qmail-remote. So back to my original question. 
  
  Where do we get the qmail-remote for DKIM these days?


This page:

http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster

Shows to get it from here:

wget 
https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote


But that times out and doesn't work.
  
  
  Gary
  
  
  
  On 3/23/2024 8:31 AM, Gary Bowling
wrote:
  
  



Hmm, this line in the wiki says qmail-queue needs to be 
  "link" which mine is not.


4. DKIM verification (no patch):
  
     Assumes 'QMAILQUEUE="/var/qmail/bin/simscan"' defined
  in /etc/tcprules.d/tcp.smtp
     && /var/qmail/bin/qmail-queue is a link.
     Note: Spamassassin has DKIM verification making this
  unnecessary.


and it also says maybe we're now doing it in Spamassassin,
  but no instructions on how to do that.


What IS the best way to do DKIM with an updated
  server???


Gary



On 3/23/2024 8:24 AM, Gary Bowling
  wrote:


  
  
  
  I see, looks like we're using a combination of simscan and
modifying /var/qmail/supervise/smtp/run to do DKIM now and
not modifying qmail-remote.
  
  
  
  
  
  
  On 3/23/2024 7:57 AM, Gary
Bowling wrote:
  
  



Where do we get the qmail-remote for DKIM these days?


This page: 
http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
Shows to get it from here:

wget 
https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote


But that times out and doesn't work. 



Thanks, Gary

-- 
  
  Gary Bowling
   The Moderns on Spotify 
  

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com
  
- To
  unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  
-
  To unsubscribe, e-mail:
  qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
  qmailtoaster-list-h...@qmailtoaster.com

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM

[Gary Bowling]

  
  


Ok, qmail-remote for use with DKIM signing outgoing messages is
  just a perl scrip written by Manuel Mausz way back in 2007 that
  just calls qmail-remote.orig. I'm not sure where the official
  toaster version is kept now, but you easily download it from here:
https://manuel.mausz.at/coding/qmail-dkim/qmail-dkim-0.3.pl
Change the name of your qmail-remote to qmail-remote.orig and
  change the name of the perl script to qmail-remote



I just copied it from my old server. 



Now my DKIM signing is working correctly. 



On 3/23/2024 9:24 AM, Gary Bowling
  wrote:


  
  
  
  Oops, got a bit confused there between signing and verifying..

  
  For signing, it looks like we are still using a modified
qmail-remote. So back to my original question. 
  
  Where do we get the qmail-remote for DKIM these days?


This page:
http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster

Shows to get it from here:

wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote


But that times out and doesn't work.
  
  
  Gary
  
  
  
  On 3/23/2024 8:31 AM, Gary Bowling
wrote:
  
  



Hmm, this line in the wiki says qmail-queue needs to be 
  "link" which mine is not.


4. DKIM verification (no patch):
  
     Assumes 'QMAILQUEUE="/var/qmail/bin/simscan"' defined
  in /etc/tcprules.d/tcp.smtp
     && /var/qmail/bin/qmail-queue is a link.
     Note: Spamassassin has DKIM verification making this
  unnecessary.


and it also says maybe we're now doing it in Spamassassin,
  but no instructions on how to do that.


What IS the best way to do DKIM with an updated
  server???


Gary



On 3/23/2024 8:24 AM, Gary Bowling
  wrote:


  
  
  
  I see, looks like we're using a combination of simscan and
modifying /var/qmail/supervise/smtp/run to do DKIM now and
not modifying qmail-remote.
  
  
  
  
  
  
  On 3/23/2024 7:57 AM, Gary
Bowling wrote:
  
  



Where do we get the qmail-remote for DKIM these days?


This page: http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
Shows to get it from here:

wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote


But that times out and doesn't work. 



Thanks, Gary

-- 
  
  Gary Bowling
   The Moderns on Spotify 
  

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  
- To
  unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  
-
  To unsubscribe, e-mail:
  qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
  qmailtoaster-list-h...@qmailtoaster.com

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM

[Gary Bowling]

  
  


Oops, got a bit confused there between signing and verifying.. 

For signing, it looks like we are still using a modified
  qmail-remote. So back to my original question. 

Where do we get the qmail-remote for DKIM these days?
  
  
  This page:
http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
  
  Shows to get it from here:
  
  wget
  https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
  
  
  But that times out and doesn't work.


Gary



On 3/23/2024 8:31 AM, Gary Bowling
  wrote:


  
  
  
  Hmm, this line in the wiki says qmail-queue needs to be  "link"
which mine is not.
  
  
  4. DKIM verification (no patch):

   Assumes 'QMAILQUEUE="/var/qmail/bin/simscan"' defined in
/etc/tcprules.d/tcp.smtp
   && /var/qmail/bin/qmail-queue is a link.
   Note: Spamassassin has DKIM verification making this
unnecessary.
  
  
  and it also says maybe we're now doing it in Spamassassin, but
no instructions on how to do that.
  
  
  What IS the best way to do DKIM with an updated
server???
  
  
  Gary
  
  
  
  On 3/23/2024 8:24 AM, Gary Bowling
wrote:
  
  



I see, looks like we're using a combination of simscan and
  modifying /var/qmail/supervise/smtp/run to do DKIM now and not
  modifying qmail-remote.






On 3/23/2024 7:57 AM, Gary Bowling
  wrote:


  
  
  
  Where do we get the qmail-remote for DKIM these days?
  
  
  This page: http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
  Shows to get it from here:
  
  wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
  
  
  But that times out and doesn't work. 
  
  
  
  Thanks, Gary
  
  -- 

Gary Bowling
 The Moderns on Spotify 

  
- To
  unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  
-
  To unsubscribe, e-mail:
  qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
  qmailtoaster-list-h...@qmailtoaster.com

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

[Peter Peterse]

Yeh, but the email software didn't accept the ecdsa key. I've tried the key 
order but keeps failing. But now I've seen this thread it could be a config 
option.

Greets,
Peter

Gary Bowling  schreef op 23 maart 2024 12:36:21 CET:
>
>Thanks Peter, good to know as it looks like they are going to ecdsa for the 
>default.
>
>
>On 3/23/2024 3:18 AM, Peter Peterse wrote:
>
>Hi,
>
> Letsencrypt van generate rsa keys by using --key-type rsa 
>
> The order in my servercert.pem is private key followed by the fullchain file. 
> I'm using Almalinux 9
>
> Regards,
> Peter
>
>
>
>g...@gbco.us  schreef op 23 maart 2024 00:05:48 CET:
>
> It looks like letsencrypt is now using ecdsa by default. So I went back and 
> copied my certs off my old server, probably not what I really want to do. But 
> it did give me a different error. Now I'm getting this one. Sending of the 
> message failed. The Outgoing server (SMTP) mail.gbco.us does not seem to 
> support encrypted passwords. If you just set up the account, try changing the 
> 'Authentication method' in 'Account settings | Outgoing server (SMTP)' to 
> 'Normal password'. I thought I tested this before with the new server, but 
> maybe I didn't test it correctly. Anyone got any ideas? On 2024-03-22 18:29, 
> g...@gbco.us  wrote: 
>
>I can send mail via the roundcube web mail. That's where this message is 
>coming from. When sending mail from thunderbird, I have my smtp server set up 
>in my client as Port 587 startTLS Encrypted Password This is the same as I had 
>with a number of clients on my old server. When I try to send email, I get 
>this error. Sending of the message failed. An error occurred while sending 
>mail: Outgoing server (SMTP) error. The server responded: TLS no valid RSA 
>private key: error:8002:system library::No such file or directory 
>(#4.3.0). To create certificates on my new server. I retrieved certs from 
>letencrypt and then did this. cp -p /var/qmail/control/servercert.pem 
>/var/qmail/control/servercert.pem.lastmonth cat 
>/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem 
>
>/var/qmail/control/servercert.pem 
>
> chown vpopmail:qmail /var/qmail/control/servercert.pem chmod 640 
> /var/qmail/control/servercert.pem Any idea what's going on with this error? 
> thanks, Gary
>To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
> For additional 
>commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
> 
>
>To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
> For additional 
>commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
> 
>
> - To 
> unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For 
> additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 

Re: [qmailtoaster] DKIM

[Gary Bowling]

  
  


Hmm, this line in the wiki says qmail-queue needs to be  "link"
  which mine is not.


4. DKIM verification (no patch):
  
     Assumes 'QMAILQUEUE="/var/qmail/bin/simscan"' defined in
  /etc/tcprules.d/tcp.smtp
     && /var/qmail/bin/qmail-queue is a link.
     Note: Spamassassin has DKIM verification making this
  unnecessary.


and it also says maybe we're now doing it in Spamassassin, but no
  instructions on how to do that.


What IS the best way to do DKIM with an updated server???


Gary



On 3/23/2024 8:24 AM, Gary Bowling
  wrote:


  
  
  
  I see, looks like we're using a combination of simscan and
modifying /var/qmail/supervise/smtp/run to do DKIM now and not
modifying qmail-remote.
  
  
  
  
  
  
  On 3/23/2024 7:57 AM, Gary Bowling
wrote:
  
  



Where do we get the qmail-remote for DKIM these days?


This page: http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
Shows to get it from here:

wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote


But that times out and doesn't work. 



Thanks, Gary

-- 
  
  Gary Bowling
   The Moderns on Spotify 
  

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  
-
  To unsubscribe, e-mail:
  qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
  qmailtoaster-list-h...@qmailtoaster.com

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM

[Gary Bowling]

  
  


I see, looks like we're using a combination of simscan and
  modifying /var/qmail/supervise/smtp/run to do DKIM now and not
  modifying qmail-remote.






On 3/23/2024 7:57 AM, Gary Bowling
  wrote:


  
  
  
  Where do we get the qmail-remote for DKIM these days?
  
  
  This page:
http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
  Shows to get it from here:
  
  wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
  
  
  But that times out and doesn't work. 
  
  
  
  Thanks, Gary
  
  -- 

Gary Bowling
 The Moderns on Spotify 

  
-
  To unsubscribe, e-mail:
  qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
  qmailtoaster-list-h...@qmailtoaster.com

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] DKIM

[Gary Bowling]

  
  


Where do we get the qmail-remote for DKIM these days?


This page:
http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
Shows to get it from here:

wget
  https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote


But that times out and doesn't work. 



Thanks, Gary

-- 
  
  Gary Bowling
   The
Moderns on Spotify 
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

[Gary Bowling]

  
  
Thanks, the error turned out to be solved by fixing up the 
  /var/qmail/supervise/submission/run file to accept starttls and
  encrypted passwords. 



On 3/23/2024 4:20 AM, Tonix wrote:


  
  "However, when I try to send to external domains,
I get the error that CHKUSER rejected relaying, saying "client
not allowed to relay"".
  
  
  That means sending user is not authenticated.
  
  
  Probably your submission port accepts messages
from anyone for local domains.
  
  
  
  Tonino
  
  
  
Il 23 marzo 2024 00:35:38 CET, g...@gbco.us
  ha scritto:

  Ok, in my old server's /var/qmail/supervise/submission/run file, I had the following line.

export REQUIRE_AUTH=1


In the new server, it had the following line.

export SMTPAUTH="!"


I'm not sure what the syntax on the new server line means. I changed the line to be like my old server and now sending mail through port 587, with starttls for local domains.

However, when I try to send to external domains, I get the error that CHKUSER rejected relaying, saying "client not allowed to relay"

Maybe I'm making progress, but don't know.

Gary


On 2024-03-22 19:30, g...@gbco.us wrote:
Well, this is the way many of my clients are already configured... So
I have to figure out a way to make it work, or go back to my old
server. Not really an option to reconfigure all my clients.

Thanks, Gary


On 2024-03-22 19:26, Remo Mattei wrote:
You need to use password not encrypted.


Inviato da iPhone

Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha scritto:


I can send mail via the roundcube web mail. That's where this message is coming from.

When sending mail from thunderbird, I have my smtp server set up in my client as

Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error. The server responded:  TLS no valid RSA private key: error:8002:system library::No such file or directory (#4.3.0).


To create certificates on my new server. I retrieved certs from letencrypt and then did this.

cp -p /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem.lastmonth
cat /etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem > /var/qmail/control/servercert.pem

chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem



Any idea what's going on with this error?

thanks, GaryTo unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

[Gary Bowling]

  
  


Thanks Peter, good to know as it looks like they are going to
  ecdsa for the default.



On 3/23/2024 3:18 AM, Peter Peterse
  wrote:


  
  Hi,

Letsencrypt van generate rsa keys by using --key-type rsa 

The order in my servercert.pem is private key followed by the
fullchain file. I'm using Almalinux 9

Regards,
Peter
  
  
  
  
g...@gbco.us schreef op 23 maart 2024 00:05:48
  CET:

  
It looks like letsencrypt is now using ecdsa by default.

So I went back and copied my certs off my old server, probably not what I really want to do. But it did give me a different error. Now I'm getting this one.

Sending of the message failed.
The Outgoing server (SMTP) mail.gbco.us does not seem to support encrypted passwords. If you just set up the account, try changing the 'Authentication method' in 'Account settings | Outgoing server (SMTP)' to 'Normal password'.


I thought I tested this before with the new server, but maybe I didn't test it correctly. Anyone got any ideas?




On 2024-03-22 18:29, g...@gbco.us wrote:
I can send mail via the roundcube web mail. That's where this message
is coming from.

When sending mail from thunderbird, I have my smtp server set up in my client as

Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error.
The server responded:  TLS no valid RSA private key:
error:8002:system library::No such file or directory
(#4.3.0).


To create certificates on my new server. I retrieved certs from
letencrypt and then did this.

cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.lastmonth
cat
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
/var/qmail/control/servercert.pem

chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem



Any idea what's going on with this error?

thanks, GaryTo unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

[Tonix]

"However, when I try to send to external domains, I get the error that 
CHKUSER rejected relaying, saying "client not allowed to relay"".


That means sending user is not authenticated.

Probably your submission port accepts messages from anyone for local 
domains.


Tonino


Il 23 marzo 2024 00:35:38 CET, g...@gbco.us ha scritto:

   Ok, in my old server's /var/qmail/supervise/submission/run file, I
   had the following line. export REQUIRE_AUTH=1 In the new server, it
   had the following line. export SMTPAUTH="!" I'm not sure what the
   syntax on the new server line means. I changed the line to be like
   my old server and now sending mail through port 587, with starttls
   for local domains. However, when I try to send to external domains,
   I get the error that CHKUSER rejected relaying, saying "client not
   allowed to relay" Maybe I'm making progress, but don't know. Gary On
   2024-03-22 19:30, g...@gbco.us wrote:

   Well, this is the way many of my clients are already
   configured... So I have to figure out a way to make it work, or
   go back to my old server. Not really an option to reconfigure
   all my clients. Thanks, Gary On 2024-03-22 19:26, Remo Mattei
   wrote:

   You need to use password not encrypted. Inviato da iPhone

   Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha
   scritto:  I can send mail via the roundcube web mail.
   That's where this message is coming from. When sending
   mail from thunderbird, I have my smtp server set up in
   my client as Port 587 startTLS Encrypted Password This
   is the same as I had with a number of clients on my old
   server. When I try to send email, I get this error.
   Sending of the message failed. An error occurred while
   sending mail: Outgoing server (SMTP) error. The server
   responded: TLS no valid RSA private key:
   error:8002:system library::No such file or
   directory (#4.3.0). To create certificates on my new
   server. I retrieved certs from letencrypt and then did
   this. cp -p /var/qmail/control/servercert.pem
   /var/qmail/control/servercert.pem.lastmonth cat
   
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
> /var/qmail/control/servercert.pem chown
   vpopmail:qmail /var/qmail/control/servercert.pem chmod
   640 /var/qmail/control/servercert.pem Any idea what's
   going on with this error? thanks, Gary
   

   To unsubscribe, e-mail:
   qmailtoaster-list-unsubscr...@qmailtoaster.com For
   additional commands, e-mail:
   qmailtoaster-list-h...@qmailtoaster.com 


   

   To unsubscribe, e-mail:
   qmailtoaster-list-unsubscr...@qmailtoaster.com For
   additional commands, e-mail:
   qmailtoaster-list-h...@qmailtoaster.com 


   
   To unsubscribe, e-mail:
   qmailtoaster-list-unsubscr...@qmailtoaster.com For additional
   commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 


   
   To unsubscribe, e-mail:
   qmailtoaster-list-unsubscr...@qmailtoaster.com For additional
   commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

[Peter Peterse]

Hi,

Letsencrypt van generate rsa keys by using --key-type rsa 

The order in my servercert.pem is private key followed by the fullchain file. 
I'm using Almalinux 9

Regards,
Peter


g...@gbco.us schreef op 23 maart 2024 00:05:48 CET:
>
>It looks like letsencrypt is now using ecdsa by default.
>
>So I went back and copied my certs off my old server, probably not what I 
>really want to do. But it did give me a different error. Now I'm getting this 
>one.
>
>Sending of the message failed.
>The Outgoing server (SMTP) mail.gbco.us does not seem to support encrypted 
>passwords. If you just set up the account, try changing the 'Authentication 
>method' in 'Account settings | Outgoing server (SMTP)' to 'Normal password'.
>
>
>I thought I tested this before with the new server, but maybe I didn't test it 
>correctly. Anyone got any ideas?
>
>
>
>
>On 2024-03-22 18:29, g...@gbco.us wrote:
>> I can send mail via the roundcube web mail. That's where this message
>> is coming from.
>> 
>> When sending mail from thunderbird, I have my smtp server set up in my 
>> client as
>> 
>> Port 587
>> startTLS
>> Encrypted Password
>> 
>> This is the same as I had with a number of clients on my old server.
>> 
>> When I try to send email, I get this error.
>> 
>> Sending of the message failed.
>> An error occurred while sending mail: Outgoing server (SMTP) error.
>> The server responded:  TLS no valid RSA private key:
>> error:8002:system library::No such file or directory
>> (#4.3.0).
>> 
>> 
>> To create certificates on my new server. I retrieved certs from
>> letencrypt and then did this.
>> 
>> cp -p /var/qmail/control/servercert.pem
>> /var/qmail/control/servercert.pem.lastmonth
>> cat
>> /etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
>> > /var/qmail/control/servercert.pem
>> 
>> chown vpopmail:qmail /var/qmail/control/servercert.pem
>> chmod 640 /var/qmail/control/servercert.pem
>> 
>> 
>> 
>> Any idea what's going on with this error?
>> 
>> thanks, Gary
>> 
>> -
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>
>-
>To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>