from:"Gary Bowling"

Re: [qmailtoaster] Rspam

2024-04-17 Thread Gary Bowling



  
  


Ah, ok. So you don't use it via simscan for the whole server. I
  may just leave it out, that's the way I had my old server set up
  but was trying to improve things with my new Rocky 9 setup.


Gary



On 4/17/2024 10:24 AM, Eric Broch
  wrote:


  
  The rspam documentation is awful, in my opinion, however, it is
drop in and can be used in .qmail files which is why I
implemented it. I will not be much help on configuring it.
  
  On 4/17/2024 8:19 AM, Gary Bowling
wrote:
  
  



Looks like my new server's rspam started blocking mail from
  the list for some reason. I took rspam out of simcontrol for
  now...  Eric, you probably see bounces from my server back to
  yours.



In the past I didn't use rspam but it seems to still be a
  going concern with 3.8.4 being the latest version. What's the
  advice on rspam these days? If I'm going to run it I need to
  learn how to manage it, whitelist things, etc. Right now I
  have little knowledge of it.
Thanks.



-- 
  
  Gary Bowling
   The Moderns album NEXT on your
favorite streaming platform 
  

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Rspam

2024-04-17 Thread Gary Bowling



  
  


Looks like my new server's rspam started blocking mail from the
  list for some reason. I took rspam out of simcontrol for now... 
  Eric, you probably see bounces from my server back to yours.



In the past I didn't use rspam but it seems to still be a going
  concern with 3.8.4 being the latest version. What's the advice on
  rspam these days? If I'm going to run it I need to learn how to
  manage it, whitelist things, etc. Right now I have little
  knowledge of it.
Thanks.



-- 
  
  Gary Bowling
   The
Moderns album NEXT on your favorite streaming platform 
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Rocky9 - new mailserver setup - off topic

2024-04-16 Thread Gary Bowling



  
  


You just have to have certbot installed (dnf install cerbot) and
  then have the timer active. That takes care of running it on a
  schedule and then you just configure it in all the directories
  under /etc/letsencrypt/
Here's what mine looks like.


[root@mail ~]# systemctl list-unit-files | grep certbot
certbot-renew.service
  static  -
certbot-renew.timer  
  enabled enabled

[root@mail ~]# systemctl list-timers certbot-renew.timer
  NEXT    LEFT  
  LAST   PASSED
  UNIT ACTIVATES
  Tue 2024-04-16 21:54:51 EDT 7h left Tue 2024-04-16 07:02:57 EDT 6h
  ago certbot-renew.timer certbot-renew.service
  

Once you get that done, Then you just need to set up apache with
  the virtualhosts and run certbot and it will prompt you for the
  virtualhost you want to set up a cert for. As long as you have
  apache and DNS configure correctly, it will challenge verify your
  site and install the cert. Once you get the cert set up, if you
  have the certbot-renew.timer enabled, it will take care of
  renewing that cert and execute the thing you put in the
  pre,post,deploy directories. 



Gary





On 4/16/2024 1:52 PM, Gary Bowling
  wrote:


  
  
  
  Yes, the script can go in those directories not in a cron. I
don't believe you have to call --deploy-hook on the command line
if the script is in those directories. Actually you don't call
anything in the command line, it's all done as part of the
certbot-renew.service and the certbot-renew.timer in systemd.
  That timer runs every day, but the cert won't renew unless it's
within 30 days of expiring. Whenever it renews it will run
whatever scripts are in those directories. Or at least that's my
understanding, I haven't had my script in the "post" directory
long enough yet to verify that it runs it, but that's my
understanding. I just moved my script to there from a cron based
on William's note. 
  
  
  
  Gary
  
  
  
  
  
  On 4/16/2024 10:34 AM, Eric Broch
wrote:
  
  

I thought William S. had mentioned something
  about a Let's Encrypt hook instead of a cron job. From what
  I've been reading, one's script simply goes in
  /etc/letsencrypt/renewal-hooks/{pre,post,deploy] or something
  like that, true? Then I suppose one calls certbot renew
  --deploy-hook or something like that. The documentation seemed
  sparse, anyway...
  
  
  Pipe in William if you have something.




  



  On Tue, Apr 16, 2024 at
    6:33 AM Gary Bowling <g...@gbco.us>
wrote:
  
  

  
  
  I'll help edit it if someone else that is currently
going through it wants to start it.  Maybe set up a
google doc and give some people edit access. Or give
read only access and we can drop comments/suggestions
back here for someone to edit. It's been a long time
since I set it up from scratch, so I'm a bit rusty on
that.
  
  
  
  It shouldn't be too hard to come up with something. I
like to do everything "standard" via the RH/Rocky way of
doing it. That way dnf updates work and I don't have as
much maintenance. So I don't compile, customize anything
unless I'm forced to.
  
  
  The only special part on my install is the script to
"cat" the certs and create a servercert.pem. Especially
with your new updates, if it works with ECDSA certs,
then no need for that custom rsa 2048 config part.
  
  
  With that, it should just be installing httpd, certbot,
and doing a standard config for the server name. The
only complication being if you use different names..
e.g. webmail.domain.com
and mail.domain.com or
something. It's much simpler if you use the same name
for both since letsencrypt queries back to the dns name
you set up on apache to validate. If you don't use the
same name, you either have to set up a dummy virtual

Re: [qmailtoaster] Re: Rocky9 - new mailserver setup - off topic

2024-04-16 Thread Gary Bowling

Yes, the script can go in those directories not in a cron. I
don't believe you have to call --deploy-hook on the command line
if the script is in those directories. Actually you don't call
anything in the command line, it's all done as part of the
certbot-renew.service and the certbot-renew.timer in systemd.
That timer runs every day, but the cert won't renew unless it's
within 30 days of expiring. Whenever it renews it will run
whatever scripts are in those directories. Or at least that's my
understanding, I haven't had my script in the "post" directory
long enough yet to verify that it runs it, but that's my
understanding. I just moved my script to there from a cron based
on William's note.

Gary

On 4/16/2024 10:34 AM, Eric Broch
wrote:

I thought William S. had mentioned something about
a Let's Encrypt hook instead of a cron job. From what I've been
reading, one's script simply goes in
/etc/letsencrypt/renewal-hooks/{pre,post,deploy] or something
like that, true? Then I suppose one calls certbot renew
--deploy-hook or something like that. The documentation seemed
sparse, anyway...

Pipe in William if you have something.

On Tue, Apr 16, 2024 at
6:33 AM Gary Bowling <g...@gbco.us>
wrote:

I'll help edit it if someone else that is currently going
through it wants to start it. Maybe set up a google doc
and give some people edit access. Or give read only access
and we can drop comments/suggestions back here for someone
to edit. It's been a long time since I set it up from
scratch, so I'm a bit rusty on that.

It shouldn't be too hard to come up with something. I
like to do everything "standard" via the RH/Rocky way of
doing it. That way dnf updates work and I don't have as
much maintenance. So I don't compile, customize anything
unless I'm forced to.

The only special part on my install is the script to
"cat" the certs and create a servercert.pem. Especially
with your new updates, if it works with ECDSA certs, then
no need for that custom rsa 2048 config part.

With that, it should just be installing httpd, certbot,
and doing a standard config for the server name. The only
complication being if you use different names.. e.g. webmail.domain.com and mail.domain.com or something.
It's much simpler if you use the same name for both since
letsencrypt queries back to the dns name you set up on
apache to validate. If you don't use the same name, you
either have to set up a dummy virtualhost in apache to do
the challenge validation on that name, or you have to use
another challenge method like DNS-01 to update your certs.
Toaster doc should probably have examples of both.

Here's a generic letsencrypt setup for Rocky 8/9 and
apache. Needs some tweaks to do the challenge verification
back to your roundcube apache virtualhost instead of the
default /var/www/html/ query. Or if you have separate
names you can use the /var/www/html/ for the dummy
virtualhost to get your mail server certs, but you'll
still need another one for the roundcube virtualhost.

https://www.cyberciti.biz/faq/how-to-secure-apache-with-lets-encrypt-certificates-on-rhel-8/

Hope this helps.. Gary

On 4/15/2024 1:33 PM, Eric Broch wrote:

Anyone feel like doing a write-up
and I'll put it on the wiki?

On 4/15/2024 11:18 AM, Gary Bowling wrote:

Ah, right. Actually it looks like I can just place my
script that I currently run in my cron job in the
/etc/letsencrypt/renewal-hooks/post/ directory and it
will run as a "post renew" script.

Thanks for that.

Gary

On 4/15/2024 1:04 PM, William Silverstein wrote:
I would not use a

Re: [qmailtoaster] Re: Rocky9 - new mailserver setup - off topic

2024-04-16 Thread Gary Bowling

I'll help edit it if someone else that is currently going through
it wants to start it. Maybe set up a google doc and give some
people edit access. Or give read only access and we can drop
comments/suggestions back here for someone to edit. It's been a
long time since I set it up from scratch, so I'm a bit rusty on
that.

It shouldn't be too hard to come up with something. I like to do
everything "standard" via the RH/Rocky way of doing it. That way
dnf updates work and I don't have as much maintenance. So I don't
compile, customize anything unless I'm forced to.

The only special part on my install is the script to "cat" the
certs and create a servercert.pem. Especially with your new
updates, if it works with ECDSA certs, then no need for that
custom rsa 2048 config part.

With that, it should just be installing httpd, certbot, and doing
a standard config for the server name. The only complication being
if you use different names.. e.g. webmail.domain.com and
mail.domain.com or something. It's much simpler if you use the
same name for both since letsencrypt queries back to the dns name
you set up on apache to validate. If you don't use the same name,
you either have to set up a dummy virtualhost in apache to do the
challenge validation on that name, or you have to use another
challenge method like DNS-01 to update your certs. Toaster doc
should probably have examples of both.

Here's a generic letsencrypt setup for Rocky 8/9 and apache.
Needs some tweaks to do the challenge verification back to your
roundcube apache virtualhost instead of the default /var/www/html/
query. Or if you have separate names you can use the
/var/www/html/ for the dummy virtualhost to get your mail server
certs, but you'll still need another one for the roundcube
virtualhost.

https://www.cyberciti.biz/faq/how-to-secure-apache-with-lets-encrypt-certificates-on-rhel-8/

Hope this helps.. Gary

On 4/15/2024 1:33 PM, Eric Broch wrote:

Anyone
feel like doing a write-up and I'll put it on the wiki?

On 4/15/2024 11:18 AM, Gary Bowling wrote:

Ah, right. Actually it looks like I can just place my script
that I currently run in my cron job in the
/etc/letsencrypt/renewal-hooks/post/ directory and it will run
as a "post renew" script.

Thanks for that.

Gary

On 4/15/2024 1:04 PM, William Silverstein wrote:
I would not use a cron script. I use
--deploy-hook option on the
certbot-auto to handle it.

On Mon, April 15, 2024 9:59 am, Gary Bowling wrote:
Great. One question. Seems like
everything on my server uses
/var/qmail/control/servercert.pem for the cert. Dovecot and
qmail
all use that file. And I have a cron job that runs once a
month to
check for a new letsencrypt cert and if there is one it
copies it
over to servercert.pem to update my mail server.

Is that the correct way to handle that? Or is that something
that is
left over from my old server that I moved over?

Thanks, Gary

On 4/15/2024 12:44 PM, Eric Broch wrote:

Neither,

/var/qmail/control/dh2048.pem
/var/qmail/control/rsa2048.pem

On 4/15/2024 10:33 AM, Gary Bowling wrote:

Thanks, will still require rsa?

On 4/15/2024 10:47 AM, Eric Broch wrote:

My next iteration on EL9 will remove keysize
it's deprecated,
has been for a while. Should have the new code
out within the
week.

SSL_CTX_set_tmp_rsa_callback Â·
openssl/openssl Â·
Discussion #23769 (github.com)

On 4/15/2024 6:25 AM, Gary Bowling
wrote:

Hey Jeff, glad you're making progress. Be aware that when
you g

Re: [qmailtoaster] Re: Rocky9 - new mailserver setup - off topic

2024-04-15 Thread Gary Bowling



  
  


Ah, right. Actually it looks like I can just place my script that
  I currently run in my cron job in the
  /etc/letsencrypt/renewal-hooks/post/ directory and it will run as
  a "post renew" script. 



Thanks for that. 

Gary



On 4/15/2024 1:04 PM, William
  Silverstein wrote:


  I would not use a cron script. I use --deploy-hook option on the
certbot-auto to handle it.


On Mon, April 15, 2024 9:59 am, Gary Bowling wrote:

  




Great. One question. Seems like everything on my server uses
/var/qmail/control/servercert.pem for the cert. Dovecot and qmail
all use that file. And I have a cron job that runs once a month to
check for a new letsencrypt cert and if there is one it copies it
over to servercert.pem to update my mail server.





Is that the correct way to handle that? Or is that something that   is
left over from my old server that I moved over?




Thanks, Gary




 On 4/15/2024 12:44 PM, Eric Broch   wrote:


Neither,

/var/qmail/control/dh2048.pem
 /var/qmail/control/rsa2048.pem


   On 4/15/2024 10:33 AM, Gary Bowling wrote:





Thanks, will still require rsa?



 On 4/15/2024 10:47 AM, Eric Broch   wrote:


My next iteration on EL9 will remove keysize it's deprecated,
has been for a while. Should have the new code out within the
week.

SSL_CTX_set_tmp_rsa_callback Â·   openssl/openssl Â·
Discussion #23769 (github.com)



   On 4/15/2024 6:25 AM, Gary         Bowling wrote:





Hey Jeff, glad you're making progress. Be aware that when
you get a new cert from Letsencrypt that the default now
retrieves an ECDSA cert. Which is fine for apache, but
doesn't work on qmail, or at least it didn't for me. To   fix
that you'll need to configure letsencrypt to give you   an RSA
2048 cert.





There are two ways to do that. If you want all your certs   to
be RSA 2048, you can add this to the
/etc/letsencrypt/cli.ini file.

key-type = rsa
   rsa-key-size = 2048




If you just want to do that for your keys you use in   qmail,
then you can put the above in the
/etc/letsencrypt/renewal/domain.conf file. Where "domain"   is
the name of the cert you're renewing. Certbot creates   the
file so it should already be there.




Gary




 On 4/14/2024 10:39 PM, Jeff   Koch wrote:

   I may have resolved this. I did
the Rocy9
distro install of apache and
copied the
mod_http2.so file over to our
install of apache. Seems
 to work (no errors)
but I won't know for sure until
we setup Lets
Encrypt SSL certbot tomorrow

 Jeff

   On 4/14/2024 3:11 PM, Jeff Koch wrote:


 Hi - we're setting up a new mailserver with Rocky 9 and
  the learning curve is slow as is usual with
the first time with a new distro.

 Anyway because our various scripts look for apache at
/usr/local/apache/ we've decided to compile
our own binary with the latest apache and
have run into trouble / errors related to
'nghttp2'.

 We did download, compile and install the latest
  nghttp2-1.61.0 from github. The configure and make
went well and http1.1 works but apache
generates the following error when we
activateÂ  mod_http2

 Â (Cannot load modules/mod_http2.so into server:
   /usr/local/apache2/modules/mod_http2.so: undefined
symbol:
nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation)

 If anyone on the list has compiled their own httpd
 2.4.59 with Rocky 9 would you mind sharing the
details ?

 Thanks, Jeff Koch



  -
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
-
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com For
additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
-
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com For
additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com

  
  



  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Rocky9 - new mailserver setup - off topic

2024-04-15 Thread Gary Bowling



  
  


Great. One question. Seems like everything on my server uses
  /var/qmail/control/servercert.pem for the cert. Dovecot and qmail
  all use that file. And I have a cron job that runs once a month to
  check for a new letsencrypt cert and if there is one it copies it
  over to servercert.pem to update my mail server.



Is that the correct way to handle that? Or is that something that
  is left over from my old server that I moved over?


Thanks, Gary



On 4/15/2024 12:44 PM, Eric Broch
  wrote:


  
  Neither,
  /var/qmail/control/dh2048.pem
/var/qmail/control/rsa2048.pem

  
  On 4/15/2024 10:33 AM, Gary Bowling
wrote:
  
  



Thanks, will still require rsa?


On 4/15/2024 10:47 AM, Eric Broch
  wrote:


  
  My next iteration on EL9 will remove keysize it's
deprecated, has been for a while. Should have the new code
out within the week.
  SSL_CTX_set_tmp_rsa_callback ·
  openssl/openssl · Discussion #23769 (github.com)
  
  
  On 4/15/2024 6:25 AM, Gary
Bowling wrote:
  
  



Hey Jeff, glad you're making progress. Be aware that when
  you get a new cert from Letsencrypt that the default now
  retrieves an ECDSA cert. Which is fine for apache, but
  doesn't work on qmail, or at least it didn't for me. To
  fix that you'll need to configure letsencrypt to give you
  an RSA 2048 cert. 



There are two ways to do that. If you want all your certs
  to be RSA 2048, you can add this to the
  /etc/letsencrypt/cli.ini file.
key-type = rsa
  rsa-key-size = 2048


If you just want to do that for your keys you use in
  qmail, then you can put the above in the
  /etc/letsencrypt/renewal/domain.conf file. Where "domain"
  is the name of the cert you're renewing. Certbot creates
  the file so it should already be there.


Gary



On 4/14/2024 10:39 PM, Jeff
  Koch wrote:


  
  I may have resolved this. I did the
Rocy9 distro install of apache and copied the
mod_http2.so file over to our install of apache. Seems
to work (no errors) but I won't know for sure until we
setup Lets Encrypt SSL certbot tomorrow

Jeff
  
  On 4/14/2024 3:11 PM, Jeff
Koch wrote:
  
   
Hi - we're setting up a new mailserver with Rocky 9 and
the learning curve is slow as is usual with the first
time with a new distro. 

Anyway because our various scripts look for apache at
/usr/local/apache/ we've decided to compile our own
binary with the latest apache and have run into trouble
/ errors related to 'nghttp2'. 

We did download, compile and install the latest
nghttp2-1.61.0 from github. The configure and make went
well and http1.1 works but apache generates the
following error when we activate  mod_http2 

 (Cannot load modules/mod_http2.so into server:
/usr/local/apache2/modules/mod_http2.so: undefined
symbol:
nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation) 

If anyone on the list has compiled their own httpd
2.4.59 with Rocky 9 would you mind sharing the details ?


Thanks, Jeff Koch 


  
  

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoas

Re: [qmailtoaster] Re: Rocky9 - new mailserver setup - off topic

2024-04-15 Thread Gary Bowling



  
  


Thanks, will still require rsa?


On 4/15/2024 10:47 AM, Eric Broch
  wrote:


  
  My next iteration on EL9 will remove keysize it's deprecated,
has been for a while. Should have the new code out within the
week.
  SSL_CTX_set_tmp_rsa_callback ·
  openssl/openssl · Discussion #23769 (github.com)
  
  
  On 4/15/2024 6:25 AM, Gary Bowling
wrote:
  
  



Hey Jeff, glad you're making progress. Be aware that when you
  get a new cert from Letsencrypt that the default now retrieves
  an ECDSA cert. Which is fine for apache, but doesn't work on
  qmail, or at least it didn't for me. To fix that you'll need
  to configure letsencrypt to give you an RSA 2048 cert. 



There are two ways to do that. If you want all your certs to
  be RSA 2048, you can add this to the /etc/letsencrypt/cli.ini
  file.
key-type = rsa
  rsa-key-size = 2048


If you just want to do that for your keys you use in qmail,
  then you can put the above in the
  /etc/letsencrypt/renewal/domain.conf file. Where "domain" is
  the name of the cert you're renewing. Certbot creates the file
  so it should already be there.


Gary



On 4/14/2024 10:39 PM, Jeff Koch
  wrote:


  
  I may have resolved this. I did the Rocy9
distro install of apache and copied the mod_http2.so file
over to our install of apache. Seems to work (no errors) but
I won't know for sure until we setup Lets Encrypt SSL
certbot tomorrow

Jeff
  
  On 4/14/2024 3:11 PM, Jeff Koch
wrote:
  
   
Hi - we're setting up a new mailserver with Rocky 9 and the
learning curve is slow as is usual with the first time with
a new distro. 

Anyway because our various scripts look for apache at
/usr/local/apache/ we've decided to compile our own binary
with the latest apache and have run into trouble / errors
related to 'nghttp2'. 

We did download, compile and install the latest
nghttp2-1.61.0 from github. The configure and make went well
and http1.1 works but apache generates the following error
when we activate  mod_http2 

 (Cannot load modules/mod_http2.so into server:
/usr/local/apache2/modules/mod_http2.so: undefined symbol:
nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation)


If anyone on the list has compiled their own httpd 2.4.59
with Rocky 9 would you mind sharing the details ? 

Thanks, Jeff Koch 


  
  

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Rocky9 - new mailserver setup - off topic

2024-04-15 Thread Gary Bowling



  
  


Hey Jeff, glad you're making progress. Be aware that when you get
  a new cert from Letsencrypt that the default now retrieves an
  ECDSA cert. Which is fine for apache, but doesn't work on qmail,
  or at least it didn't for me. To fix that you'll need to configure
  letsencrypt to give you an RSA 2048 cert. 



There are two ways to do that. If you want all your certs to be
  RSA 2048, you can add this to the /etc/letsencrypt/cli.ini file.
key-type = rsa
  rsa-key-size = 2048


If you just want to do that for your keys you use in qmail, then
  you can put the above in the /etc/letsencrypt/renewal/domain.conf
  file. Where "domain" is the name of the cert you're renewing.
  Certbot creates the file so it should already be there.


Gary



On 4/14/2024 10:39 PM, Jeff Koch wrote:


  
  I may have resolved this. I did the Rocy9
distro install of apache and copied the mod_http2.so file over
to our install of apache. Seems to work (no errors) but I won't
know for sure until we setup Lets Encrypt SSL certbot tomorrow

Jeff
  
  On 4/14/2024 3:11 PM, Jeff Koch
wrote:
  
   
Hi - we're setting up a new mailserver with Rocky 9 and the
learning curve is slow as is usual with the first time with a
new distro. 

Anyway because our various scripts look for apache at
/usr/local/apache/ we've decided to compile our own binary with
the latest apache and have run into trouble / errors related to
'nghttp2'. 

We did download, compile and install the latest nghttp2-1.61.0
from github. The configure and make went well and http1.1 works
but apache generates the following error when we activate 
mod_http2 

 (Cannot load modules/mod_http2.so into server:
/usr/local/apache2/modules/mod_http2.so: undefined symbol:
nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation)


If anyone on the list has compiled their own httpd 2.4.59 with
Rocky 9 would you mind sharing the details ? 

Thanks, Jeff Koch 


  
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Apache Config Q

2024-04-05 Thread Gary Bowling



  
  


When I go to the admin link for my server,
  https://mail.gbco.us/admin-toaster , it flips it to
  https://mail.gbco.usadmin-toaster/ and fails. 



The alias line in toaster.conf is 

 Alias /admin-toaster /usr/share/toaster/htdocs/admin/


I've tried fiddling around with the leading and ending "/" a few
  times, but nothing seems to change the behavior. 

The other links work properly.. stats-toaster and qmailadmin
  being the only ones I use deliberately. 



Any ideas?
  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM

2024-03-23 Thread Gary Bowling

Oh, and totally agree that using drop ins is much better than
patching.

Gary

On 3/23/2024 11:05 AM, Gary Bowling
wrote:

Thanks.
Yes, spamassassin is working fine for the verification of
inbound DKIM. Looks like that's part of the stock spamassassin
install as long as you have the Mail::SpamAssassin::Plugin::DKIM
plugin installed.

On 3/23/2024 10:58 AM, Eric Broch
wrote:

Looks like there's an updated version of the script on
Manuel's site, I'll put that on github
In lieu of patching qmail...again...I thought using drop ins
was preferable. That said,
spamassassin can be used on the ingress side of your server
to score dkim in messages.

On 3/23/2024 8:23 AM, Gary Bowling
wrote:

hmm, not sure. Maybe a weekend thing. Glad to know it's
still there though for future needs.

On 3/23/2024 9:56 AM, ebroch
wrote:

Not sure why github is timing out on you but
I can navigate right to the page

Sent
from my Galaxy

Original message
From: Gary Bowling

Date: 2024-03-23 7:49 a.m. (GMT-07:00)
To: qmailtoaster-list@qmailtoaster.com

Subject: Re: [qmailtoaster] DKIM

Ok, qmail-remote for use with DKIM signing outgoing
messages is just a perl scrip written by Manuel Mausz way
back in 2007 that just calls qmail-remote.orig. I'm not
sure where the official toaster version is kept now, but
you easily download it from here:
https://manuel.mausz.at/coding/qmail-dkim/qmail-dkim-0.3.pl
Change the name of your qmail-remote to qmail-remote.orig
and change the name of the perl script to qmail-remote

I just copied it from my old server.

Now my DKIM signing is working correctly.

On 3/23/2024 9:24 AM, Gary
Bowling wrote:

Oops, got a bit confused there between signing and
verifying..

For signing, it looks like we are still using a
modified qmail-remote. So back to my original question.

Where do we get the qmail-remote for DKIM these days?

This page: http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster

Shows to get it from here:

wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote

But that times out and doesn't work.

Gary

On 3/23/2024 8:31 AM, Gary
Bowling wrote:

Hmm, this line in the wiki says qmail-queue needs to
be "link" which mine is not.

4. DKIM verification (no patch):

Assumes 'QMAILQUEUE="/var/qmail/bin/simscan"'
defined in /etc/tcprules.d/tcp.smtp
&& /var/qmail/bin/qmail-queue is a
link.
Note: Spamassassin has DKIM verification making
this unnecessary.

and it also says maybe we're now doing it in
Spamassassin, but no instructions on how to do that.

What IS the best way to do DKIM with an
updated server???

Gary

On 3/23/2024 8:24 AM, Gary
Bowling wrote:

I see, looks like we're using a combination of

Re: [qmailtoaster] DKIM

2024-03-23 Thread Gary Bowling



  
  


Thanks.
Yes, spamassassin is working fine for the verification of inbound
  DKIM. Looks like that's part of the stock spamassassin install as
  long as you have the Mail::SpamAssassin::Plugin::DKIM plugin
  installed. 





On 3/23/2024 10:58 AM, Eric Broch
  wrote:


  
  Looks like there's an updated version of the script on Manuel's
site, I'll put that on github
  In lieu of patching qmail...again...I thought using drop ins
was preferable. That said,
  spamassassin can be used on the ingress side of your server to
score dkim in messages.
  
  
  On 3/23/2024 8:23 AM, Gary Bowling
wrote:
  
  



hmm, not sure. Maybe a weekend thing. Glad to know it's still
  there though for future needs.





On 3/23/2024 9:56 AM, ebroch wrote:


  
  Not sure why github is timing out on you but I
can navigate right to the page
  
  
  
  
  
  
  
Sent
  from my Galaxy
  
  
  
  
  
  
 Original message 
From: Gary Bowling 

Date: 2024-03-23 7:49 a.m. (GMT-07:00) 
To: qmailtoaster-list@qmailtoaster.com

Subject: Re: [qmailtoaster] DKIM 


  
  
  
  Ok, qmail-remote for use with DKIM signing outgoing
messages is just a perl scrip written by Manuel Mausz way
back in 2007 that just calls qmail-remote.orig. I'm not sure
where the official toaster version is kept now, but you
easily download it from here:
  https://manuel.mausz.at/coding/qmail-dkim/qmail-dkim-0.3.pl
  Change the name of your qmail-remote to qmail-remote.orig
and change the name of the perl script to qmail-remote
  
  
  
  I just copied it from my old server. 
  
  
  
  Now my DKIM signing is working correctly. 
  
  
  
  On 3/23/2024 9:24 AM, Gary
Bowling wrote:
  
  


Oops, got a bit confused there between signing and
  verifying.. 

For signing, it looks like we are still using a modified
  qmail-remote. So back to my original question. 

Where do we get the qmail-remote for DKIM these days?
  
  
  This page: http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
  
  Shows to get it from here:
  
  wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
  
  
  But that times out and doesn't work.


Gary



On 3/23/2024 8:31 AM, Gary
  Bowling wrote:


  
  
  Hmm, this line in the wiki says qmail-queue needs to
be  "link" which mine is not.
  
  
  4. DKIM verification (no patch):

   Assumes 'QMAILQUEUE="/var/qmail/bin/simscan"'
defined in /etc/tcprules.d/tcp.smtp
   && /var/qmail/bin/qmail-queue is a link.
   Note: Spamassassin has DKIM verification making
this unnecessary.
  
  
  and it also says maybe we're now doing it in
Spamassassin, but no instructions on how to do that.
  
  
  What IS the best way to do DKIM with an updated
server???
  
  
  Gary
  
  
  
  On 3/23/2024 8:24 AM, Gary
Bowling wrote:
  
  


I see, looks like we're using a combination of
  simscan and modifying /var/qmail/supervise/smtp/run to
  do DKIM now and not modifying qmail-remote.






    On 3/23/2024 7:57 AM, Gary
  Bowling wrote:


  
  
  Where do we get the qmail-remote for DKIM these
days?
  
  
  This page: http://wiki.qmai

Re: [qmailtoaster] Certificate Error

2024-03-23 Thread Gary Bowling

Absolutely. I think I've got that already, as that's the way the
default install works, but I should probably go do some tests just
to make sure. Nothing like configuring a client and trying it to
test it out.

Gary

On 3/23/2024 10:25 AM, Tonix wrote:

Glad to hear. In any case any usage
of submission port, both to local and external domains, should
be done only by authenticated users.

Tonino

Il 23/03/2024 12:38, Gary Bowling ha
scritto:

Thanks, the error turned out to be solved by fixing up the
/var/qmail/supervise/submission/run file to accept starttls
and encrypted passwords.

On 3/23/2024 4:20 AM, Tonix wrote:

"However, when I try to send to external
domains, I get the error that CHKUSER rejected relaying,
saying "client not allowed to relay"".

That means sending user is not authenticated.

Probably your submission port accepts messages
from anyone for local domains.

Tonino

Il 23 marzo 2024 00:35:38 CET, g...@gbco.us
ha scritto:

Ok, in my old server's /var/qmail/supervise/submission/run file, I had the following line.

export REQUIRE_AUTH=1

In the new server, it had the following line.

export SMTPAUTH="!"

I'm not sure what the syntax on the new server line means. I changed the line to be like my old server and now sending mail through port 587, with starttls for local domains.

However, when I try to send to external domains, I get the error that CHKUSER rejected relaying, saying "client not allowed to relay"

Maybe I'm making progress, but don't know.

Gary

On 2024-03-22 19:30, g...@gbco.us wrote:
Well, this is the way many of my clients are already configured... So
I have to figure out a way to make it work, or go back to my old
server. Not really an option to reconfigure all my clients.

Thanks, Gary

On 2024-03-22 19:26, Remo Mattei wrote:
You need to use password not encrypted.

Inviato da iPhone

Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha scritto:

I can send mail via the roundcube web mail. That's where this message is coming from.

When sending mail from thunderbird, I have my smtp server set up in my client as

Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error. The server responded: TLS no valid RSA private key: error:8002:system library::No such file or directory (#4.3.0).

To create certificates on my new server. I retrieved certs from letencrypt and then did this.

cp -p /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem.lastmonth
cat /etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem > /var/qmail/control/servercert.pem

chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem

Any idea what's going on with this error?

thanks, GaryTo unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM

2024-03-23 Thread Gary Bowling



  
  


hmm, not sure. Maybe a weekend thing. Glad to know it's still
  there though for future needs.





On 3/23/2024 9:56 AM, ebroch wrote:


  
  Not sure why github is timing out on you but I can
navigate right to the page
  
  
  
  
  
  
  
Sent from
  my Galaxy
  
  
  
  
  
  
 Original message 
From: Gary Bowling  
Date: 2024-03-23 7:49 a.m. (GMT-07:00) 
To: qmailtoaster-list@qmailtoaster.com 
Subject: Re: [qmailtoaster] DKIM 


  
  
  
  Ok, qmail-remote for use with DKIM signing outgoing messages is
just a perl scrip written by Manuel Mausz way back in 2007 that
just calls qmail-remote.orig. I'm not sure where the official
toaster version is kept now, but you easily download it from
here:
  https://manuel.mausz.at/coding/qmail-dkim/qmail-dkim-0.3.pl
  Change the name of your qmail-remote to qmail-remote.orig and
change the name of the perl script to qmail-remote
  
  
  
  I just copied it from my old server. 
  
  
  
  Now my DKIM signing is working correctly. 
  
  
  
  On 3/23/2024 9:24 AM, Gary Bowling
wrote:
  
  


Oops, got a bit confused there between signing and
  verifying.. 

For signing, it looks like we are still using a modified
  qmail-remote. So back to my original question. 

Where do we get the qmail-remote for DKIM these days?
  
  
  This page: http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
  
  Shows to get it from here:
  
  wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
  
  
  But that times out and doesn't work.


Gary



On 3/23/2024 8:31 AM, Gary Bowling
  wrote:


  
  
  Hmm, this line in the wiki says qmail-queue needs to be 
"link" which mine is not.
  
  
  4. DKIM verification (no patch):

   Assumes 'QMAILQUEUE="/var/qmail/bin/simscan"' defined
in /etc/tcprules.d/tcp.smtp
   && /var/qmail/bin/qmail-queue is a link.
   Note: Spamassassin has DKIM verification making this
unnecessary.
  
  
  and it also says maybe we're now doing it in Spamassassin,
but no instructions on how to do that.
  
  
  What IS the best way to do DKIM with an updated
server???
  
  
  Gary
  
  
  
  On 3/23/2024 8:24 AM, Gary
Bowling wrote:
  
  


I see, looks like we're using a combination of simscan
  and modifying /var/qmail/supervise/smtp/run to do DKIM now
  and not modifying qmail-remote.






    On 3/23/2024 7:57 AM, Gary
  Bowling wrote:


  
  
  Where do we get the qmail-remote for DKIM these days?
  
  
  This page: http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
  Shows to get it from here:
  
  wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
  
  
  But that times out and doesn't work. 
  
  
  
  Thanks, Gary
  
  -- 
____
Gary Bowling
 The Moderns on Spotify 

  
- To
  unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  
- To
  unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

- To

Re: [qmailtoaster] DKIM

2024-03-23 Thread Gary Bowling



  
  


Ok, qmail-remote for use with DKIM signing outgoing messages is
  just a perl scrip written by Manuel Mausz way back in 2007 that
  just calls qmail-remote.orig. I'm not sure where the official
  toaster version is kept now, but you easily download it from here:
https://manuel.mausz.at/coding/qmail-dkim/qmail-dkim-0.3.pl
Change the name of your qmail-remote to qmail-remote.orig and
  change the name of the perl script to qmail-remote



I just copied it from my old server. 



Now my DKIM signing is working correctly. 



On 3/23/2024 9:24 AM, Gary Bowling
  wrote:


  
  
  
  Oops, got a bit confused there between signing and verifying..

  
  For signing, it looks like we are still using a modified
qmail-remote. So back to my original question. 
  
  Where do we get the qmail-remote for DKIM these days?


This page:
http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster

Shows to get it from here:

wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote


But that times out and doesn't work.
  
  
  Gary
  
  
  
  On 3/23/2024 8:31 AM, Gary Bowling
wrote:
  
  



Hmm, this line in the wiki says qmail-queue needs to be 
  "link" which mine is not.


4. DKIM verification (no patch):
  
     Assumes 'QMAILQUEUE="/var/qmail/bin/simscan"' defined
  in /etc/tcprules.d/tcp.smtp
     && /var/qmail/bin/qmail-queue is a link.
     Note: Spamassassin has DKIM verification making this
  unnecessary.


and it also says maybe we're now doing it in Spamassassin,
  but no instructions on how to do that.


What IS the best way to do DKIM with an updated
  server???


Gary



    On 3/23/2024 8:24 AM, Gary Bowling
  wrote:


  
  
  
  I see, looks like we're using a combination of simscan and
modifying /var/qmail/supervise/smtp/run to do DKIM now and
not modifying qmail-remote.
  
  
  
  
  
  
  On 3/23/2024 7:57 AM, Gary
Bowling wrote:
  
  



Where do we get the qmail-remote for DKIM these days?


This page: http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
Shows to get it from here:

wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote


But that times out and doesn't work. 



Thanks, Gary

-- 
  ________
  Gary Bowling
   The Moderns on Spotify 
  

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  
- To
  unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  
-
  To unsubscribe, e-mail:
  qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
  qmailtoaster-list-h...@qmailtoaster.com

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM

2024-03-23 Thread Gary Bowling



  
  


Oops, got a bit confused there between signing and verifying.. 

For signing, it looks like we are still using a modified
  qmail-remote. So back to my original question. 

Where do we get the qmail-remote for DKIM these days?
  
  
  This page:
http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
  
  Shows to get it from here:
  
  wget
  https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
  
  
  But that times out and doesn't work.


Gary



On 3/23/2024 8:31 AM, Gary Bowling
  wrote:


  
  
  
  Hmm, this line in the wiki says qmail-queue needs to be  "link"
which mine is not.
  
  
  4. DKIM verification (no patch):

   Assumes 'QMAILQUEUE="/var/qmail/bin/simscan"' defined in
/etc/tcprules.d/tcp.smtp
   && /var/qmail/bin/qmail-queue is a link.
   Note: Spamassassin has DKIM verification making this
unnecessary.
  
  
  and it also says maybe we're now doing it in Spamassassin, but
no instructions on how to do that.
  
  
  What IS the best way to do DKIM with an updated
server???
  
  
  Gary
  
  
  
  On 3/23/2024 8:24 AM, Gary Bowling
wrote:
  
  



I see, looks like we're using a combination of simscan and
  modifying /var/qmail/supervise/smtp/run to do DKIM now and not
  modifying qmail-remote.






    On 3/23/2024 7:57 AM, Gary Bowling
  wrote:


  
  
  
  Where do we get the qmail-remote for DKIM these days?
  
  
  This page: http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
  Shows to get it from here:
  
  wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
  
  
  But that times out and doesn't work. 
  
  
  
  Thanks, Gary
  
  -- 
________
Gary Bowling
 The Moderns on Spotify 

  
- To
  unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  
-
  To unsubscribe, e-mail:
  qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
  qmailtoaster-list-h...@qmailtoaster.com

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM

2024-03-23 Thread Gary Bowling



  
  


Hmm, this line in the wiki says qmail-queue needs to be  "link"
  which mine is not.


4. DKIM verification (no patch):
  
     Assumes 'QMAILQUEUE="/var/qmail/bin/simscan"' defined in
  /etc/tcprules.d/tcp.smtp
     && /var/qmail/bin/qmail-queue is a link.
     Note: Spamassassin has DKIM verification making this
  unnecessary.


and it also says maybe we're now doing it in Spamassassin, but no
  instructions on how to do that.


What IS the best way to do DKIM with an updated server???


Gary


    
    On 3/23/2024 8:24 AM, Gary Bowling
  wrote:


  
  
  
  I see, looks like we're using a combination of simscan and
modifying /var/qmail/supervise/smtp/run to do DKIM now and not
modifying qmail-remote.
  
  
  
  
  
  
  On 3/23/2024 7:57 AM, Gary Bowling
wrote:
  
  



Where do we get the qmail-remote for DKIM these days?


This page: http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
Shows to get it from here:

wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote


But that times out and doesn't work. 



Thanks, Gary

-- 
  ________
  Gary Bowling
   The Moderns on Spotify 
  

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  
-
  To unsubscribe, e-mail:
  qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
  qmailtoaster-list-h...@qmailtoaster.com

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM

2024-03-23 Thread Gary Bowling



  
  


I see, looks like we're using a combination of simscan and
  modifying /var/qmail/supervise/smtp/run to do DKIM now and not
  modifying qmail-remote.






On 3/23/2024 7:57 AM, Gary Bowling
  wrote:


  
  
  
  Where do we get the qmail-remote for DKIM these days?
  
  
  This page:
http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
  Shows to get it from here:
  
  wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
  
  
  But that times out and doesn't work. 
  
  
  
  Thanks, Gary
  
  -- 

Gary Bowling
 The Moderns on Spotify 

  
-
  To unsubscribe, e-mail:
  qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
  qmailtoaster-list-h...@qmailtoaster.com

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] DKIM

2024-03-23 Thread Gary Bowling



  
  


Where do we get the qmail-remote for DKIM these days?


This page:
http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
Shows to get it from here:

wget
  https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote


But that times out and doesn't work. 



Thanks, Gary

-- 
  
  Gary Bowling
   The
Moderns on Spotify 
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

2024-03-23 Thread Gary Bowling

Thanks, the error turned out to be solved by fixing up the
/var/qmail/supervise/submission/run file to accept starttls and
encrypted passwords.

On 3/23/2024 4:20 AM, Tonix wrote:

"However, when I try to send to external domains,
I get the error that CHKUSER rejected relaying, saying "client
not allowed to relay"".

That means sending user is not authenticated.

Probably your submission port accepts messages
from anyone for local domains.

Tonino

Il 23 marzo 2024 00:35:38 CET, g...@gbco.us
ha scritto:

Ok, in my old server's /var/qmail/supervise/submission/run file, I had the following line.

export REQUIRE_AUTH=1

In the new server, it had the following line.

export SMTPAUTH="!"

I'm not sure what the syntax on the new server line means. I changed the line to be like my old server and now sending mail through port 587, with starttls for local domains.

However, when I try to send to external domains, I get the error that CHKUSER rejected relaying, saying "client not allowed to relay"

Maybe I'm making progress, but don't know.

Gary

Thanks, Gary

On 2024-03-22 19:26, Remo Mattei wrote:
You need to use password not encrypted.

Inviato da iPhone

Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha scritto:

I can send mail via the roundcube web mail. That's where this message is coming from.

When sending mail from thunderbird, I have my smtp server set up in my client as

Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

To create certificates on my new server. I retrieved certs from letencrypt and then did this.

cp -p /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem.lastmonth
cat /etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem > /var/qmail/control/servercert.pem

chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem

Any idea what's going on with this error?

thanks, GaryTo unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

2024-03-23 Thread Gary Bowling

Thanks Peter, good to know as it looks like they are going to
ecdsa for the default.

On 3/23/2024 3:18 AM, Peter Peterse
wrote:

Hi,

Letsencrypt van generate rsa keys by using --key-type rsa

The order in my servercert.pem is private key followed by the
fullchain file. I'm using Almalinux 9

Regards,
Peter

g...@gbco.us schreef op 23 maart 2024 00:05:48
CET:

It looks like letsencrypt is now using ecdsa by default.

So I went back and copied my certs off my old server, probably not what I really want to do. But it did give me a different error. Now I'm getting this one.

Sending of the message failed.
The Outgoing server (SMTP) mail.gbco.us does not seem to support encrypted passwords. If you just set up the account, try changing the 'Authentication method' in 'Account settings | Outgoing server (SMTP)' to 'Normal password'.

I thought I tested this before with the new server, but maybe I didn't test it correctly. Anyone got any ideas?

On 2024-03-22 18:29, g...@gbco.us wrote:
I can send mail via the roundcube web mail. That's where this message
is coming from.

When sending mail from thunderbird, I have my smtp server set up in my client as

Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error.
The server responded: TLS no valid RSA private key:
error:8002:system library::No such file or directory
(#4.3.0).

To create certificates on my new server. I retrieved certs from
letencrypt and then did this.

cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.lastmonth
cat
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
/var/qmail/control/servercert.pem

chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem

Any idea what's going on with this error?

thanks, GaryTo unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

2024-03-22 Thread Gary Bowling



  
  


No that doesn't work. It only works if I have FORCETLS=1 and
  SMTPAUTH="!+cram"


Thanks, Gary



On 3/22/2024 9:05 PM, Eric Broch wrote:


  
  Try submission run file
  
  #!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export FORCETLS=0
export SMTPAUTH="!"

exec /usr/bin/softlimit -m 12800 \
    /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c
"$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 587 \
    $SMTPD $VCHKPW /bin/true 2>&1
  
  
  Thunderbird:
  Port: 587
  Connection Security: STARTTLS
  Authentication: Normal Password
  
  
  On 3/22/2024 6:34 PM, Gary Bowling
wrote:
  
  



Rocky 9.3.


Gary



On 3/22/2024 8:31 PM, Eric Broch
  wrote:


  
  What are you running EL 8 or 9?
  
  On 3/22/2024 6:28 PM, Gary
Bowling wrote:
  
  



Yea did that.


I tried what Remo suggested, which was to change the
  client send config to: 

port 465
SSL/TLS
Normal Password


This should send mail through the
  /var/qmail/supervise/smtps/ config. That worked, which
  told me my certs were actually ok. 



So now I needed to figure out how to make "Port 587,
  startTLS, and Encrypted Password" work. Which goes through
  /var/qmail/supervise/submission
I changed the run file in that directory by removing the
  line:
export SMTPAUTH="!"
and adding the lines
export FORCETLS=1
export SMTPAUTH="!+cram"


And now I can send mail through the submission port by
  configuring a client to "Port 587, startTLS, and Encrypted
  Password" and I can also send mail through "port 465,
  SSL/TLS, normal password"


That allows me to not have to reconfigure the clients who
  have configurations on port 587.


Eric - Do you see anything wrong with doing it that way?


Thanks, Gary





On 3/22/2024 8:08 PM, Eric
  Broch wrote:


  
   cat
  /etc/letsencrypt/live/mydomain.com/fullchain.pem
  /etc/letsencrypt/live/mydomain.com/privkey.pem >
  /var/qmail/control/servercert.pem
  On 3/22/2024 4:29 PM, g...@gbco.us
wrote:
  
   
I can send mail via the roundcube web mail. That's where
this message is coming from. 

When sending mail from thunderbird, I have my smtp
server set up in my client as 

Port 587 
startTLS 
Encrypted Password 

This is the same as I had with a number of clients on my
old server. 

When I try to send email, I get this error. 

Sending of the message failed. 
An error occurred while sending mail: Outgoing server
(SMTP) error. The server responded:  TLS no valid RSA
private key: error:8002:system library::No
such file or directory (#4.3.0). 


To create certificates on my new server. I retrieved
certs from letencrypt and then did this. 

cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.lastmonth 
cat
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
> /var/qmail/control/servercert.pem 

chown vpopmail:qmail /var/qmail/control/servercert.pem 
chmod 640 /var/qmail/control/servercert.pem

Re: [qmailtoaster] Certificate Error

2024-03-22 Thread Gary Bowling



  
  


Rocky 9.3.


Gary



On 3/22/2024 8:31 PM, Eric Broch wrote:


  
  What are you running EL 8 or 9?
  
  On 3/22/2024 6:28 PM, Gary Bowling
wrote:
  
  



Yea did that.


I tried what Remo suggested, which was to change the client
  send config to: 

port 465
SSL/TLS
Normal Password


This should send mail through the /var/qmail/supervise/smtps/
  config. That worked, which told me my certs were actually ok.
  



So now I needed to figure out how to make "Port 587,
  startTLS, and Encrypted Password" work. Which goes through
  /var/qmail/supervise/submission
I changed the run file in that directory by removing the
  line:
export SMTPAUTH="!"
and adding the lines
export FORCETLS=1
export SMTPAUTH="!+cram"


And now I can send mail through the submission port by
  configuring a client to "Port 587, startTLS, and Encrypted
  Password" and I can also send mail through "port 465, SSL/TLS,
  normal password"


That allows me to not have to reconfigure the clients who
  have configurations on port 587.


Eric - Do you see anything wrong with doing it that way?


Thanks, Gary





On 3/22/2024 8:08 PM, Eric Broch
  wrote:


  
   cat
  /etc/letsencrypt/live/mydomain.com/fullchain.pem
  /etc/letsencrypt/live/mydomain.com/privkey.pem >
  /var/qmail/control/servercert.pem
  On 3/22/2024 4:29 PM, g...@gbco.us
wrote:
  
   
I can send mail via the roundcube web mail. That's where
this message is coming from. 

When sending mail from thunderbird, I have my smtp server
set up in my client as 

Port 587 
startTLS 
Encrypted Password 

This is the same as I had with a number of clients on my old
server. 

When I try to send email, I get this error. 

Sending of the message failed. 
An error occurred while sending mail: Outgoing server (SMTP)
error. The server responded:  TLS no valid RSA private key:
error:8002:system library::No such file or
directory (#4.3.0). 


To create certificates on my new server. I retrieved certs
from letencrypt and then did this. 

cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.lastmonth 
cat
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
> /var/qmail/control/servercert.pem 

chown vpopmail:qmail /var/qmail/control/servercert.pem 
chmod 640 /var/qmail/control/servercert.pem 



Any idea what's going on with this error? 

thanks, Gary 

- 
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


  

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

2024-03-22 Thread Gary Bowling



  
  


Yea did that.


I tried what Remo suggested, which was to change the client send
  config to: 

port 465
SSL/TLS
Normal Password


This should send mail through the /var/qmail/supervise/smtps/
  config. That worked, which told me my certs were actually ok. 



So now I needed to figure out how to make "Port 587, startTLS,
  and Encrypted Password" work. Which goes through
  /var/qmail/supervise/submission
I changed the run file in that directory by removing the line:
export SMTPAUTH="!"
and adding the lines
export FORCETLS=1
export SMTPAUTH="!+cram"


And now I can send mail through the submission port by
  configuring a client to "Port 587, startTLS, and Encrypted
  Password" and I can also send mail through "port 465, SSL/TLS,
  normal password"


That allows me to not have to reconfigure the clients who have
  configurations on port 587.


Eric - Do you see anything wrong with doing it that way?


Thanks, Gary





On 3/22/2024 8:08 PM, Eric Broch wrote:


  
   cat
  /etc/letsencrypt/live/mydomain.com/fullchain.pem
  /etc/letsencrypt/live/mydomain.com/privkey.pem >
  /var/qmail/control/servercert.pem
  On 3/22/2024 4:29 PM, g...@gbco.us
wrote:
  
   
I can send mail via the roundcube web mail. That's where this
message is coming from. 

When sending mail from thunderbird, I have my smtp server set up
in my client as 

Port 587 
startTLS 
Encrypted Password 

This is the same as I had with a number of clients on my old
server. 

When I try to send email, I get this error. 

Sending of the message failed. 
An error occurred while sending mail: Outgoing server (SMTP)
error. The server responded:  TLS no valid RSA private key:
error:8002:system library::No such file or directory
(#4.3.0). 


To create certificates on my new server. I retrieved certs from
letencrypt and then did this. 

cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.lastmonth 
cat
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
> /var/qmail/control/servercert.pem 

chown vpopmail:qmail /var/qmail/control/servercert.pem 
chmod 640 /var/qmail/control/servercert.pem 



Any idea what's going on with this error? 

thanks, Gary 

- 
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Question on /etc/sysconfig/spamassassin

2024-03-22 Thread Gary Bowling



  
  

Thanks Philip, that looks exactly like what I need. No "per user"
  settings via the -c, and no razor home dirs via -H, and the
  default clamd user is clamscan.


Thanks.





On 3/22/2024 1:45 PM, Philip Nix Guru
  wrote:


  
  Hello
  On my system I am using this
  SPAMDOPTIONS="-m10 -x -u clamscan"
  
  
  the user depends on how it is installed
  

  I did have the issuse with the #org
  SPAMDOPTIONS="-c -m5 -H --razor-home-dir='/var/lib/razor/'
  --razor-log-file='sys-syslog'"
  errors and right accesses
  
  
  Regards
  -P
  
  
  On 3/22/24 18:30, Gary Bowling wrote:
  
  



Also, in /etc/sysconfig/spamassassin  the options are set as
  follows:
# Options to spamd
  SPAMDOPTIONS="-c -m5 -H --razor-home-dir='/var/lib/razor/'
  --razor-log-file='sys-syslog'"



There was a thread about this back in 2022, but there really
  wasn't any conclusion on that thread. Razor is not installed
  or configured in the installation. What should those
  SPAMDOPTIONS really be?
-- 
  ____
  Gary Bowling
   The Moderns on Spotify 
  

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Question on /etc/sysconfig/spamassassin

2024-03-22 Thread Gary Bowling



  
  


Also, in /etc/sysconfig/spamassassin  the options are set as
  follows:
# Options to spamd
  SPAMDOPTIONS="-c -m5 -H --razor-home-dir='/var/lib/razor/'
  --razor-log-file='sys-syslog'"



There was a thread about this back in 2022, but there really
  wasn't any conclusion on that thread. Razor is not installed or
  configured in the installation. What should those SPAMDOPTIONS
  really be?
-- 
  ____
  Gary Bowling
   The
Moderns on Spotify 
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Spamdyke and Spamcop - blacklisting

2024-03-22 Thread Gary Bowling



  
  


Yes, I'm an old guy, so I know it's been around since the 90s.
  But not in as widespread use by "companies" as it is today. Many
  companies in the 90s had onsite microsoft mail servers, or
  sun/unix/linux mail servers  and a lot of the shared hosting was
  used by individuals and casual users, and spammers.


These days many of the small businesses my clients work with
  outsource their mail to hosted exchange or google. I realize a lot
  of spam originates from all the various MS domains and from gmail,
  but I cannot afford to completely block any of those servers. It
  kills my clients as they don't get emails from their customers and
  partners. 



g



On 3/22/2024 10:58 AM, William
  Silverstein wrote:


  

On Fri, March 22, 2024 4:40 am, Gary Bowling wrote:

  




In the spamdyke config, the default is to use spamcop for
blacklisting. I've had a lot of trouble recently with spamcop.   They
keep adding the outlook.com servers to their database. Which   means
every company that uses Microsoft office 365 for mail gets   blocked.
This has caused me a lot of problems as there are a lot   of companies
in the US that use office365 for mail hosting.





I am wondering if in these days we should be blacklisting server   ip
addresses. So many users are on shared services that blocking   entire
servers by ip seems like a bad idea. They also block entire   ip
ranges from hosting providers.


  
  Shared hosting has been around since the 1990s.

That was part of the idea behind blacklisting. That by blocking IP ranges,
it would encourage providers to stop spam because it would cause harm to
more than just the spamming customer.





  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Spamassassin

2024-03-22 Thread Gary Bowling



Thanks Eric, yes coming out of the repo is a better way to go. I guess 
that's not started by the supervise scripts any more? Looks like it's a 
standard systemd startup now.



Getting ready to cut over to my new server this weekend, so trying to 
clean up all the little things.



G


On 3/22/2024 10:55 AM, ebroch wrote:
I'm in the process updating the wiki page so some of the information 
on that page may be obsolete. SpamAssassin with our toaster is no 
longer compiled by me but comes straight from the repositories.




Sent from my Galaxy


 Original message 
From: Gary Bowling 
Date: 2024-03-22 8:39 a.m. (GMT-07:00)
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Spamassassin


I found it.


My old server used /etc/spamassassin/

My new server uses /etc/mail/spamassassin/


Therefore I need to pull out the custom items I've added to 
/etc/spamassassin/local.cf and move those to 
/etc/mail/spamassassin/local.cf



I'm still not sure about spamcop in spamdyke.conf.


On 3/22/2024 10:23 AM, Gary Bowling wrote:



This page, http://wiki.qmailtoaster.org/index.php?title=Spamassassin


says that it's using /etc/mail/spamassassin/ for the configuration.


However, that page also says, "The SpamAssassin daemon is started by 
the /var/qmail/supervise/spamd/run script."



and on the new install I don't even have this directory, yet spamd is 
running..  I really do try to go find information in the wiki and web 
sites before posting here, but so much of what's out there is so out 
of date, it's hard to trust anything it says.



Gary


On 3/22/2024 10:13 AM, Gary Bowling wrote:



While I was poking around looking at spam things..

There is a directory /etc/spamassassin/  contains what looks to 
be a full spamassassin configuration.


And there is a directory /etc/mail/spamassassin/    which also looks 
to contain a full spamassassin configuration.



Which directory does the server and spamd use? I think it's using 
/etc/spamassassin/    However, the other directory, 
/etc/mail/spamassassin/  looks to be the directory that gets 
installed and updated along with a "dnf update"



Thanks

--
________
Gary Bowling
The Moderns on Spotify 
<https://distrokid.com/hyperfollow/themoderns/bbrs>


- 
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional 
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
- 
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional 
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
- 
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Spamassassin

2024-03-22 Thread Gary Bowling



  
  


I found it.


My old server used /etc/spamassassin/ 

My new server uses /etc/mail/spamassassin/


Therefore I need to pull out the custom items I've added to
  /etc/spamassassin/local.cf and move those to
  /etc/mail/spamassassin/local.cf


I'm still not sure about spamcop in spamdyke.conf.



On 3/22/2024 10:23 AM, Gary Bowling
  wrote:


  
  
  
  This page, http://wiki.qmailtoaster.org/index.php?title=Spamassassin
  
  
  says that it's using /etc/mail/spamassassin/ for the
configuration. 
  
  
  
  However, that page also says, "The SpamAssassin daemon is
started by the /var/qmail/supervise/spamd/run script."
  
  
  and on the new install I don't even have this directory, yet
spamd is running..  I really do try to go find information in
the wiki and web sites before posting here, but so much of
what's out there is so out of date, it's hard to trust anything
it says.
  
  
  
  Gary
  
  
  
  On 3/22/2024 10:13 AM, Gary Bowling
wrote:
  
  



While I was poking around looking at spam things.. 

There is a directory /etc/spamassassin/  contains what
  looks to be a full spamassassin configuration. 

And there is a directory /etc/mail/spamassassin/    which
  also looks to contain a full spamassassin configuration. 



Which directory does the server and spamd use? I think it's
  using /etc/spamassassin/    However, the other directory,
  /etc/mail/spamassassin/  looks to be the directory that gets
  installed and updated along with a "dnf update"


Thanks

-- 
  ____
  Gary Bowling
   The Moderns on Spotify 
  

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  
-
  To unsubscribe, e-mail:
  qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
  qmailtoaster-list-h...@qmailtoaster.com

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Spamassassin

2024-03-22 Thread Gary Bowling



  
  


This page,
  http://wiki.qmailtoaster.org/index.php?title=Spamassassin


says that it's using /etc/mail/spamassassin/ for the
  configuration. 



However, that page also says, "The SpamAssassin daemon is started
  by the /var/qmail/supervise/spamd/run script."


and on the new install I don't even have this directory, yet
  spamd is running..  I really do try to go find information in the
  wiki and web sites before posting here, but so much of what's out
  there is so out of date, it's hard to trust anything it says.



Gary



On 3/22/2024 10:13 AM, Gary Bowling
  wrote:


  
  
  
  While I was poking around looking at spam things.. 
  
  There is a directory /etc/spamassassin/  contains what
looks to be a full spamassassin configuration. 
  
  And there is a directory /etc/mail/spamassassin/    which also
looks to contain a full spamassassin configuration. 
  
  
  
  Which directory does the server and spamd use? I think it's
using /etc/spamassassin/    However, the other directory,
/etc/mail/spamassassin/  looks to be the directory that gets
installed and updated along with a "dnf update"
  
  
  Thanks
  
  -- 
____
Gary Bowling
 The Moderns on Spotify 

  
-
  To unsubscribe, e-mail:
  qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
  qmailtoaster-list-h...@qmailtoaster.com

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Spamassassin

2024-03-22 Thread Gary Bowling



  
  


While I was poking around looking at spam things.. 

There is a directory /etc/spamassassin/  contains what looks
  to be a full spamassassin configuration. 

And there is a directory /etc/mail/spamassassin/    which also
  looks to contain a full spamassassin configuration. 



Which directory does the server and spamd use? I think it's using
  /etc/spamassassin/    However, the other directory,
  /etc/mail/spamassassin/  looks to be the directory that gets
  installed and updated along with a "dnf update"


Thanks

-- 
  ____
  Gary Bowling
   The
Moderns on Spotify 
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Spamdyke and Spamcop

2024-03-22 Thread Gary Bowling



  
  


In the spamdyke config, the default is to use spamcop for
  blacklisting. I've had a lot of trouble recently with spamcop.
  They keep adding the outlook.com servers to their database. Which
  means every company that uses Microsoft office 365 for mail gets
  blocked. This has caused me a lot of problems as there are a lot
  of companies in the US that use office365 for mail hosting. 



I am wondering if in these days we should be blacklisting server
  ip addresses. So many users are on shared services that blocking
  entire servers by ip seems like a bad idea. They also block entire
  ip ranges from hosting providers.



I'm thinking of removing all the blacklisting services in
  spamdyke. How do you guys handle this? 



Thanks, Gary

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Rocky 9 Migration - Moving Squirrelmail abooks to Roundcube

2024-02-24 Thread Gary Bowling



  
  


Thanks Eric, that did work!


gb



On 2/23/2024 11:37 PM, Eric Broch
  wrote:


  
  This might work
  GitHub -
  WebuddhaInc/squirrelmail-to-roundcube: Migrate SquirrelMail
  Address Book to Roundcube Contacts
  
  
  On 2/23/2024 4:39 PM, Gary Bowling
wrote:
  
  



Anyone have a script for moving Squirrelmail address books to
  the Roundcube database?

  Thanks, gb



-- 
  
  Gary Bowling
   The Moderns on Spotify 
  

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Rocky 9 Migration - Moving Squirrelmail abooks to Roundcube

2024-02-23 Thread Gary Bowling



  
  


Anyone have a script for moving Squirrelmail address books to the
  Roundcube database?

  Thanks, gb



-- 
  
  Gary Bowling
   The
Moderns on Spotify 
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

1 2 >

1 - 100 of 175 matches

Mail list logo