[qmailtoaster] Rocky9 - new mailserver setup - off topic

[Jeff Koch]

Hi Eric - Besides Rocky9/EL9 are you working with any other distros?  
EL9/epel is missing two libraries I need - libmaxminddb and  oniguruma.


Jeff


On 4/15/2024 12:44 PM, Eric Broch wrote:


Neither,

/var/qmail/control/dh2048.pem
/var/qmail/control/rsa2048.pem

On 4/15/2024 10:33 AM, Gary Bowling wrote:



Thanks, will still require rsa?


On 4/15/2024 10:47 AM, Eric Broch wrote:


My next iteration on EL9 will remove keysize it's deprecated, has 
been for a while. Should have the new code out within the week.


SSL_CTX_set_tmp_rsa_callback · openssl/openssl · Discussion #23769 
(github.com) <https://github.com/openssl/openssl/discussions/23769>



On 4/15/2024 6:25 AM, Gary Bowling wrote:



Hey Jeff, glad you're making progress. Be aware that when you get a 
new cert from Letsencrypt that the default now retrieves an ECDSA 
cert. Which is fine for apache, but doesn't work on qmail, or at 
least it didn't for me. To fix that you'll need to configure 
letsencrypt to give you an RSA 2048 cert.



There are two ways to do that. If you want all your certs to be RSA 
2048, you can add this to the /etc/letsencrypt/cli.ini file.


key-type = rsa
rsa-key-size = 2048


If you just want to do that for your keys you use in qmail, then 
you can put the above in the /etc/letsencrypt/renewal/domain.conf 
file. Where "domain" is the name of the cert you're renewing. 
Certbot creates the file so it should already be there.



Gary


On 4/14/2024 10:39 PM, Jeff Koch wrote:
I may have resolved this. I did the Rocy9 distro install of apache 
and copied the mod_http2.so file over to our install of apache. 
Seems to work (no errors) but I won't know for sure until we setup 
Lets Encrypt SSL certbot tomorrow


Jeff

On 4/14/2024 3:11 PM, Jeff Koch wrote:


Hi - we're setting up a new mailserver with Rocky 9 and the 
learning curve is slow as is usual with the first time with a new 
distro.


Anyway because our various scripts look for apache at 
/usr/local/apache/ we've decided to compile our own binary with 
the latest apache and have run into trouble / errors related to 
'nghttp2'.


We did download, compile and install the latest nghttp2-1.61.0 
from github. The configure and make went well and http1.1 works 
but apache generates the following error when we activate  mod_http2


 (Cannot load modules/mod_http2.so into server: 
/usr/local/apache2/modules/mod_http2.so: undefined symbol: 
nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation)


If anyone on the list has compiled their own httpd 2.4.59 with 
Rocky 9 would you mind sharing the details ?


Thanks, Jeff Koch




- 
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional 
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
- 
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional 
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 

Re: [qmailtoaster] Re: Rocky9 - new mailserver setup - off topic

[Jeff Koch]

Gary - thanks for this info - I'll add it to our setup notes.

Jeff

On 4/15/2024 8:25 AM, Gary Bowling wrote:



Hey Jeff, glad you're making progress. Be aware that when you get a 
new cert from Letsencrypt that the default now retrieves an ECDSA 
cert. Which is fine for apache, but doesn't work on qmail, or at least 
it didn't for me. To fix that you'll need to configure letsencrypt to 
give you an RSA 2048 cert.



There are two ways to do that. If you want all your certs to be RSA 
2048, you can add this to the /etc/letsencrypt/cli.ini file.


key-type = rsa
rsa-key-size = 2048


If you just want to do that for your keys you use in qmail, then you 
can put the above in the /etc/letsencrypt/renewal/domain.conf file. 
Where "domain" is the name of the cert you're renewing. Certbot 
creates the file so it should already be there.



Gary


On 4/14/2024 10:39 PM, Jeff Koch wrote:
I may have resolved this. I did the Rocy9 distro install of apache 
and copied the mod_http2.so file over to our install of apache. Seems 
to work (no errors) but I won't know for sure until we setup Lets 
Encrypt SSL certbot tomorrow


Jeff

On 4/14/2024 3:11 PM, Jeff Koch wrote:


Hi - we're setting up a new mailserver with Rocky 9 and the learning 
curve is slow as is usual with the first time with a new distro.


Anyway because our various scripts look for apache at 
/usr/local/apache/ we've decided to compile our own binary with the 
latest apache and have run into trouble / errors related to 'nghttp2'.


We did download, compile and install the latest nghttp2-1.61.0 from 
github. The configure and make went well and http1.1 works but 
apache generates the following error when we activate  mod_http2


 (Cannot load modules/mod_http2.so into server: 
/usr/local/apache2/modules/mod_http2.so: undefined symbol: 
nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation)


If anyone on the list has compiled their own httpd 2.4.59 with Rocky 
9 would you mind sharing the details ?


Thanks, Jeff Koch




- 
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 

[qmailtoaster] Re: Rocky9 - new mailserver setup - off topic

[Jeff Koch]

I may have resolved this. I did the Rocy9 distro install of apache and 
copied the mod_http2.so file over to our install of apache. Seems to 
work (no errors) but I won't know for sure until we setup Lets Encrypt 
SSL certbot tomorrow


Jeff

On 4/14/2024 3:11 PM, Jeff Koch wrote:


Hi - we're setting up a new mailserver with Rocky 9 and the learning 
curve is slow as is usual with the first time with a new distro.


Anyway because our various scripts look for apache at 
/usr/local/apache/ we've decided to compile our own binary with the 
latest apache and have run into trouble / errors related to 'nghttp2'.


We did download, compile and install the latest nghttp2-1.61.0 from 
github. The configure and make went well and http1.1 works but apache 
generates the following error when we activate mod_http2


 (Cannot load modules/mod_http2.so into server: 
/usr/local/apache2/modules/mod_http2.so: undefined symbol: 
nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation)


If anyone on the list has compiled their own httpd 2.4.59 with Rocky 9 
would you mind sharing the details ?


Thanks, Jeff Koch

[qmailtoaster] Rocky9 - new mailserver setup - off topic

[Jeff Koch]

Hi - we're setting up a new mailserver with Rocky 9 and the learning 
curve is slow as is usual with the first time with a new distro.


Anyway because our various scripts look for apache at /usr/local/apache/ 
we've decided to compile our own binary with the latest apache and have 
run into trouble / errors related to 'nghttp2'.


We did download, compile and install the latest nghttp2-1.61.0 from 
github. The configure and make went well and http1.1 works but apache 
generates the following error when we activate  mod_http2


 (Cannot load modules/mod_http2.so into server: 
/usr/local/apache2/modules/mod_http2.so: undefined symbol: 
nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation)


If anyone on the list has compiled their own httpd 2.4.59 with Rocky 9 
would you mind sharing the details ?


Thanks, Jeff Koch



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Qmail Admin File error 6 - IP Address Change

[Jeff Koch]

Hi Eric:

Here's an image. The user is in Ecuador. But don't cell phone data 
connections or even the Dish network often change IP addresses while 
you've got a screen open ?


Jeff





On 4/2/2024 9:39 AM, Eric Broch wrote:

I'm not aware of any, but giving it some thought:

What provider does this!!!???

Is there any software anywhere that could overcome something like this 
where once communication is establish between hosts and one host's IP 
address arbitrarily changes how could any communication still 
exist


*perplexed*


On 4/2/2024 7:27 AM, Jeff Koch wrote:

File error 6


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Qmail Admin File error 6 - IP Address Change

[Jeff Koch]

Hi - we have a user getting File error 6  errors ( IP != IP) when he 
uses qmail admin on his cell phone and tablet and sometimes from his 
office. This is due to his provider changing his IP address during his 
session. I understand qmail admin may view the IP change as session 
spoofing and cancels authentication. Is there any work-around that still 
provides session security?


Thanks,  Jeff

Re: [qmailtoaster] OT - Question about Rocky Linux

[Jeff Koch]

Hi - this is really OT but I trust the judgement of this group.

All of our servers are running CentOS 7 and we're little leery of the 
CentOS stream and with RedHat having taken over CentOS. However, we've 
been in the RH Linux eco-system for 25 years and SUSE, Debian and Ubuntu 
would be a tough adjustment. I hear a lot about Rocky Linux.  Are you 
CentOS guys comfortable with Rocky Linux?


Jeff



On 2/18/2024 4:28 PM, Gary Bowling wrote:



What is everyone doing with selinux on new Rocky 9 builds?


In the past, I've always disabled selinux. But maybe for some added 
security it's time to do something different. I've learned a bit about 
selinux and am using it successfully in my new web servers. But it 
comes with some things already set up for nginx and standard web 
directories. It will be a bit trickier with a "toaster."



Thanks, gb

--

The Moderns on Spotify 

- 
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 

Re: [qmailtoaster] Talk_faster_next_time

[Jeff Koch]

Hi Eric:

I guess what I'm trying to get my brain around is where in the smtp 
process and under what circumstances the message 
'421_Timeout._Talk_faster_next_time' is generated. To start ss this a 
spamdyke thing or a qmail-smtp thing ?


Jeff

On 2/11/2024 12:30 AM, Eric Broch wrote:

Can you bump the idle timeout up to a couple minutes
On Feb 10, 2024, at 8:53 PM, Jeff Koch  
wrote:


Hi List:

Maybe you can advise on this.

I am sending an email with a 23MB attachment from one QMT
mailserver to another. Both QMT server are on the same AWS
network. However, the email gets deferred with:

21:03:30.201449500 starting delivery 513699: msg 397530692

21:04:10.328736500 delivery 513699:

deferral:..failed_after_I_sent_the_message./Remote_host_said:_421_Tim
eout._Talk_faster_next_time./


Any idea what I should look at? It's only 40 seconds from the
start of the delivery to the 'Timeout'.

Spamdyke timeout settings on the receiving server:

idle-timeout-secs=30
connection-timeout-secs=1800

Thanks,  Jeff Koch

Re: [qmailtoaster] Talk_faster_next_time

[Jeff Koch]

Thanks Remo - I'll give it a try.   Jeff

On 2/11/2024 1:55 PM, Remo Mattei wrote:
My guess is lookup try to add or change dns server or put something in 
the host file see what happen.


--
Sent from iPhone

On sabato, feb 10, 2024 at 19:53, Jeff Koch
 wrote:
Hi List:

Maybe you can advise on this.

I am sending an email with a 23MB attachment from one QMT
mailserver to another. Both QMT server are on the same AWS
network. However, the email gets deferred with:

21:03:30.201449500 starting delivery 513699: msg 397530692

21:04:10.328736500 delivery 513699:

deferral:..failed_after_I_sent_the_message./Remote_host_said:_421_Tim
eout._Talk_faster_next_time./


Any idea what I should look at? It's only 40 seconds from the
start of the delivery to the 'Timeout'.

Spamdyke timeout settings on the receiving server:

idle-timeout-secs=30
connection-timeout-secs=1800

Thanks,  Jeff Koch

[qmailtoaster] Talk_faster_next_time

[Jeff Koch]

Hi List:

Maybe you can advise on this.

I am sending an email with a 23MB attachment from one QMT mailserver to 
another. Both QMT server are on the same AWS network. However, the email 
gets deferred with:


21:03:30.201449500 starting delivery 513699: msg 397530692

21:04:10.328736500 delivery 513699: 
deferral:..failed_after_I_sent_the_message./Remote_host_said:_421_Tim

eout._Talk_faster_next_time./


Any idea what I should look at? It's only 40 seconds from the start of 
the delivery to the 'Timeout'.


Spamdyke timeout settings on the receiving server:

idle-timeout-secs=30
connection-timeout-secs=1800

Thanks,  Jeff Koch

[qmailtoaster] Receiving repeat copies of large files from gmail

[Jeff Koch]

Hi List:

One of our users receives email with large excel file attachments - over 
20MB - from a gmail and Outlook accounts. He reported that with these 
very large emails he's getting multiple copies with a new copy coming 
every couple of hours.


I checked his inbox and these are identical complete emails except for 
the 'part' codes withing the email body. It seems as if gmail is not 
getting the proper message received response from out QMT mailserver 
and, as a result, resend the email.


Has anybody else seen something like this?  I don't think it's a timeout 
on our end because the emails are complete. Nor is it a size issue since 
we have databytes set to 60 MB.


Any ideas on what I should look at?

Regards, Jeff Koch

[qmailtoaster] More: Adding additional DKIM signatures to an email

[Jeff Koch]

List:

Actually this turns out to be a little more difficult than the info in 
'http://www.qmailtoaster.com/dkim.html'. We have a client sending out 
newsletters in behalf of other entities (allowed by their SPF's). But he 
wants to sign the emails with his domain's key.  So really the question 
is how does the dkim code know which key to use to sign the email.


Jeff


Hi List

We've had a request from a client that uses one of our QMT mailservers. 
He wants to know if we can add an additional DKIM signature to the 
emails his sends. Currently we sign all emails with the DKIM key 
associated with the host name of the mailserver. I suppose this would be 
an additional signature created by his key and validated by the DKIM 
entry in his DNS zone.


Any thoughts?

Regards, Jeff Koch

[qmailtoaster] Adding additional DKIM signatures to an email

[Jeff Koch]

Hi List

We've had a request from a client that uses one of our QMT mailservers. 
He wants to know if we can add an additional DKIM signature to the 
emails his sends. Currently we sign all emails with the DKIM key 
associated with the host name of the mailserver. I suppose this would be 
an additional signature created by his key and validated by the DKIM 
entry in his DNS zone.


Any thoughts?

Regards, Jeff Koch

Re: [qmailtoaster] Status of Domain Keys in QMT

[Jeff Koch]

The tcp.smtp on our QMT mailservers looks like this:

:allow,SIMSCAN_DEBUG="5",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="25",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private"

for outgoing mail we have a revised version of qmail-remote written in 
perl which signs outgoing mail.


Jeff

On 10/1/2023 2:18 PM, Quinn Comendant wrote:

Hi all,

What is the current status of Domain Keys in QMT? I've been following the advice 
given in  
(“Unfortunately, domain keys are broken in Toaster. It's recommended that you disable 
them for the time being.”), but wonder if there has been movement to fix this? 
Anybody get DKIM working?

Also, I noticed during a recent upgrade the `qmail-queue` symlink was pointing to 
`qmail-dk` by default; I thought by default it would go to `qmail-queue.orig` (the page 
above writes, "This will be disabled in future releases anyway").

Regards,
Quinn

-
To unsubscribe, e-mail:qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] forwarding to gmail address fails because of hard spf check

[Jeff Koch]

Peter - I don't think it matters whether the domain is added to 
rcpthosts or morercpthosts - the toaster will generally add additional 
domains to morercpthosts but it should work fine either way.


Jeff

On 1/4/2023 12:18 PM, Peter Peltonen wrote:
Okay I tested this setup and it seems to work, mail gets through and I 
get spf=pass for it in Gmail.


The only difference to the procedure I posted earlier were:

- needed to add srs.xyz.com  to morercpthosts and 
not to rcpthosts as I have more than 50 domains hosted

- at the end I ran qmailctl cdb and qmailctl restart, not sure if needed

Best,
Peter



On Tue, Jan 3, 2023 at 11:22 AM Peter Peltonen 
 wrote:


Googling "srs qmailtoaster" gave me this link:


http://wiki.qmailtoaster.net/index.php/Configuring_SRS_on_Toaster_1.03-1.3.13%2B

which does not work, it seems qmailtoaster.com
 should be used instead of .net

Okay now we have the instructions I guess I could try to test it,
I have a spare registered domain I could test with. Does this
sound ok procedure:

  * setup domain xyz.com  with SPF with hard fail
(-all) and the toaster as the MX
  * send email from xyz.com  to GMail through our
toaster: should pass ok
  * setup forwarding from xyz.com  to GMail
  * send email to xyz.com : should fail because
GMail does not accept
  * setup SRS at toaster:

 1. create NS record for domain srs.xyz.com 
with MX pointing to our toaster
 2. echo srs.xyz.com  >
/var/qmail/control/srs_domain
 3. mkpasswd -l 32 > /var/qmail/control/srs_secrets
 4. mkpasswd -l 32 >> /var/qmail/control/srs_secrets
 5. (repeat mkpasswd as many times you need, not sure how many is
really needed?)
 6. echo 7 > /var/qmail/control/srs_maxage
 7. echo 8 > /var/qmail/control/srs_hashlength
 8. qmailctl restart
 9. echo srs.xyz.com  >>
/var/qmail/control/rcpthosts
10. echo srs.xyz.com:srs >> /var/qmail/control/virtualdomains
11. echo "| /var/qmail/bin/srsfilter" >
/var/qmail/alias/.qmail-srs-default
(ownershp of other alias files on my server are user alias
group nofiles, so probably this should be changed to the same?)

  * send email to xyz.com : should pass ok


What do you think Angus?

Best,
Peter


On Mon, Jan 2, 2023 at 7:52 PM Angus McIntyre  wrote:



Peter Peltonen wrote on 1/2/23 11:57 AM:
> Some of my toaster users have their email forwarded to Gmail
... Some
> googling around tells me that SRS could be the solution for
this
> problem.
>
> There is info on this at Qmailtoaster Wiki, but the site
seems to be
> somehow broken.

Which page are you looking at, and in what way does it seem
broken?



http://wiki.qmailtoaster.com/index.php/Configuring_SRS_on_Toaster_1.03-1.3.13%2B

currently loads fine for me, and looks as if it has good
information.

I should stress that I haven't tried this yet. I didn't know
about SRS
until you posted this (thank you!) but I'm having the same
issue as you
and it sounds as if this might be just what I need.

Would anyone who's actually implemented this care to comment?

Angus


-
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster]Fixed - Outlook users get "unsupported encryption type" error after Windows update

[Jeff Koch]

Eric - good news - upgrading Dovecot to the latest CDB version fixed the 
problem. Outlook users with the current updates can now get their IMAP 
(and I guess POP3) mail.


Thanks as always for your help.

Jeff Koch



On 10/15/2022 10:15 AM, Eric Broch wrote:


wget 
http://repo.whitehorsetc.com/7/spl/cdb/testing/x86_64/dovecot-2.3.7.2-9.qt.cdb.el7.x86_64.rpm


yum update 
http://repo.whitehorsetc.com/7/spl/cdb/testing/x86_64/dovecot-2.3.7.2-9.qt.cdb.el7.x86_64.rpm



On 10/15/2022 7:45 AM, Jeff Koch wrote:

Hi Eric - thanks for the rpm - can I just install it as is?

I'll configure my Windows 10 laptop today to run Outlook, advanced 
logging and see if I can trace a connection.


Jeff



On 10/15/2022 6:50 AM, Eric Broch wrote:


Actually, this is the latest one for cdb:

http://repo.whitehorsetc.com/7/spl/cdb/testing/x86_64/dovecot-2.3.7.2-9.qt.cdb.el7.x86_64.rpm

But if you're seeing nothing in the dovecot log, it means that there 
is no connection being made to the server from the PC which 
indicates something going on on the PC not the server.


Can you use tcpdump to see if any connection is being made. Tailor 
the command for the remote host and port.


You could also turn on advanced logging in Dovecot to troubleshoot.

Again, if nothing is in the Dovecot log, is a connection even being 
attempted by Outlook. If it is, is it being blocked by some Windows 
issue?


It'd be nice to know, if any traffic from the PC is even going 
across the network.



On 10/14/2022 9:10 PM, Jeff Koch wrote:

Hi Eric:

We're using dovecot-2.2.32-22.qt.el7.cdb.x86_64.rpm but I see the 
lastest qmt release is 2.3.11.3-12.qt.el7. Would it do any good to 
upgrade?


Jeff

On 10/14/2022 7:38 PM, Eric Broch wrote:


What is in the Dovecot log?


On 10/13/2022 12:04 PM, Jeff Koch wrote:

Hi Eric:

Has anyone figured out what's going on and is this a good short 
term fix? We also have Outlook users that say they are not 
connecting to IMAP. However we use Dovecot IMAP and the SSL 
connection on port 993 says its using TLSv1.2


Jeff

On 10/12/2022 9:21 PM, Eric Broch wrote:


What version of qmt

On 10/12/2022 2:16 PM, Quinn Comendant wrote:


Today we received several complaints from Outlook users who are 
unable to connect to QMT servers. They get this error:


Task "u...@example.com - Sending: reported error (Ox800CCC1A) :
'Your server does not support the connection encryption
type you have
specified. Try changing the encryption method. Contact your
mail server
administrator or internet service provider (ISP) for
additional assistance.'

The error began after installing Windows 10 servicing stack 
update - 19042.1940, 19043.1940, and 19044.1940 
<https://support.microsoft.com/en-us/topic/october-11-2022-kb5018410-os-builds-19042-2130-19043-2130-and-19044-2130-6390f057-28ca-43d3-92ce-f4b79a8378fd>, 
and the problem was fixed by uninstalling the update.


Has anyone else experienced this, or know what the problem 
could be? I hope there is a config change I can make on QMT 
servers so that users will not need to uninstall the update.


Quinn

[qmailtoaster] Outlook users can't connect to QMT7 IMAP after Windows update

[Jeff Koch]

Hi - are there any suggestions on how to resolve this issue.

We're seeing more and more Outlook email client users complaining that 
they're no longer connecting to QMT7 IMAP to receive their mail.  This 
seems to have happened as a result of a recent Windows update.


Jeff Koch


On 10/13/2022 1:12 PM, Jeff Koch wrote:

Running the following command against our QMT mailservers shows:

openssl s_client -showcerts -connect mailserver.com:993

--
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 
7DF738EE6BD9096B6CAE8047C4FBE4A980227BBBA7BBCD940BCE1BC4CE5ABA17

    Session-ID-ctx:
    Master-Key: 
42D30E9F7D9185EC883D188F298901335359D2298CDD74D93CE83C0EDA8478E331F2E9C57F70CBED7F8963C0B866D874

    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
     - 52 39 f4 5c cc 71 71 4c-25 19 11 9a 4f 4e 71 e8 
R9.\.qqL%...ONq.
    0010 - d9 73 a6 0d 40 14 5a 52-d3 92 14 35 8e 7e 4b 0f 
.s..@.ZR...5.~K.

--

I think this would indicate that our Dovecot IMAP supports TLSv1.2 and 
should work with the Outlook updates. Am I missing something?


Jeff




On 10/13/2022 12:27 PM, Quinn Comendant wrote:


The Windows system update on October 11, 2021 included a change to 
disable TLS 1.0 and 1.1 by default.


  * Windows blog post: Plan for change: TLS 1.0 and TLS 1.1 soon to
be disabled by default

<https://blogs.windows.com/msedgedev/2020/03/31/tls-1-0-tls-1-1-schedule-update-edge-ie11/>
  * Windows support article: KB5017811—Manage Transport Layer
Security (TLS) 1.0 and 1.1 after default behavior change on
September 20, 2022

<https://support.microsoft.com/en-us/topic/kb5017811-manage-transport-layer-security-tls-1-0-and-1-1-after-default-behavior-change-on-september-20-2022-e95b1b47-9c7c-4d64-9baf-610604a64c3e>
  * Blog post: Windows 10: Beware of a possible TLS disaster on
October 2022 patchday

<https://borncity.com/win/2022/10/11/windows-10-achtung-vor-einem-mglichen-tls-desaster-zum-oktober-2022-patchday/>

Our QMT v1.3 system with this issue does support TLS 1.2 for smtp and 
submission, but Courier IMAP only supports up to TLS 1.0. Results via 
testssl.sh:



smtp and submission

|SSLv2 not offered (OK) SSLv3 offered (NOT ok) TLS 1 offered 
(deprecated) TLS 1.1 offered (deprecated) TLS 1.2 offered (OK) TLS 
1.3 not offered and downgraded to a weaker protocol |



imap

|SSLv2 not offered (OK) SSLv3 not offered (OK) TLS 1 offered 
(deprecated) TLS 1.1 not offered TLS 1.2 not offered and downgraded 
to a weaker protocol TLS 1.3 not offered and downgraded to a weaker 
protocol NPN/SPDY not offered ALPN/HTTP2 not offered |


Because the error should only occur when TLS 1.2 is not available, I 
think the |Ox800CCC1A| in Outlook occurs when doing an IMAP transaction.


This thread 
<https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg43073.html> 
started by Janno Sannik a couple years ago contains some hints how to 
upgrade or replace Courier for better TLS support.


Quinn

Re: [qmailtoaster] Outlook users get "unsupported encryption type" error after Windows update

[Jeff Koch]

Running the following command against our QMT mailservers shows:

openssl s_client -showcerts -connect mailserver.com:993

--
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 
7DF738EE6BD9096B6CAE8047C4FBE4A980227BBBA7BBCD940BCE1BC4CE5ABA17

    Session-ID-ctx:
    Master-Key: 
42D30E9F7D9185EC883D188F298901335359D2298CDD74D93CE83C0EDA8478E331F2E9C57F70CBED7F8963C0B866D874

    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
     - 52 39 f4 5c cc 71 71 4c-25 19 11 9a 4f 4e 71 e8 R9.\.qqL%...ONq.
    0010 - d9 73 a6 0d 40 14 5a 52-d3 92 14 35 8e 7e 4b 0f .s..@.ZR...5.~K.
--

I think this would indicate that our Dovecot IMAP supports TLSv1.2 and 
should work with the Outlook updates. Am I missing something?


Jeff




On 10/13/2022 12:27 PM, Quinn Comendant wrote:


The Windows system update on October 11, 2021 included a change to 
disable TLS 1.0 and 1.1 by default.


  * Windows blog post: Plan for change: TLS 1.0 and TLS 1.1 soon to be
disabled by default


  * Windows support article: KB5017811—Manage Transport Layer Security
(TLS) 1.0 and 1.1 after default behavior change on September 20,
2022


  * Blog post: Windows 10: Beware of a possible TLS disaster on
October 2022 patchday



Our QMT v1.3 system with this issue does support TLS 1.2 for smtp and 
submission, but Courier IMAP only supports up to TLS 1.0. Results via 
testssl.sh:



smtp and submission

|SSLv2 not offered (OK) SSLv3 offered (NOT ok) TLS 1 offered 
(deprecated) TLS 1.1 offered (deprecated) TLS 1.2 offered (OK) TLS 1.3 
not offered and downgraded to a weaker protocol |



imap

|SSLv2 not offered (OK) SSLv3 not offered (OK) TLS 1 offered 
(deprecated) TLS 1.1 not offered TLS 1.2 not offered and downgraded to 
a weaker protocol TLS 1.3 not offered and downgraded to a weaker 
protocol NPN/SPDY not offered ALPN/HTTP2 not offered |


Because the error should only occur when TLS 1.2 is not available, I 
think the |Ox800CCC1A| in Outlook occurs when doing an IMAP transaction.


This thread 
 
started by Janno Sannik a couple years ago contains some hints how to 
upgrade or replace Courier for better TLS support.


Quinn

Re: [qmailtoaster] qmail toaster support for BDAT

[Jeff Koch]

I do have to say that after running qmail toasters for over 20 years 
with over a few thousand users this is the first time I've heard of this 
issue. I should be getting complaints up the wazoo.  Jeff


On 8/29/2022 10:13 AM, Eric Broch wrote:

Tonix,

In your opinion, could this be fixed with a patch to the 'blast' 
function in qmail-smtpd to allow bare line feeds or would there need 
to be 'chunking' and 'bdat' calls added to smtp commands as well?


Eric

On 8/29/2022 7:16 AM, Tonix wrote:


Not only this (local) sender. Also other SMTP server which relay 
messages with same problem, or emails generated by application 
programs or network facilities which send simple alert emails not 
caring too much about CR LF.



Il 29/08/2022 14:56, Jeff Koch ha scritto:

Hi Tonino:

Does this mean that all of the emails this sender sends through her 
O365 server would be rejected ?


Jeff



On 8/29/2022 6:55 AM, Tonix wrote:


More exactly those messages will be rejected by remote O365 
receiver servers whose admins will have enabled the 
SMTPSEND.BareLinefeedsAreIllegal flag.


Tonino

Il 28/08/2022 22:20, Jeff Koch ha scritto:
Thanks Tonix - so the result is that messages from email clients 
(like Outlook) that add multiple bare line feeds in their messages 
and use O365 will now get rejected by the qmail toaster.  How nice 
of Microsoft.


Jeff

On 8/28/2022 2:27 PM, to...@interazioni.it wrote:

This document explains the problem:
https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/non-delivery-reports-in-exchange-online/fix-error-code-550-5-6-11-in-exchange-online 



I will omit my thought on remote admins.
A very simple rule in communication is: be strict when sending, 
be tolerant when receiving.


Regards,
Tonino


Il 28 agosto 2022 19:24:13 CEST, Jeff Koch 
 ha scritto:

>Further information:
>
>The sender also got the following message from his exchange 
mailserver when trying to send to our mailserver:

>
>Your message contains invalid characters (bare line feed 
characters) which the email servers at ..com don't support

>
>Jeff
>
>
>On 8/28/2022 12:45 PM, Jeff Koch wrote:
>>
>> Never heard of this before but an email sender to our 
mailserver got the following error message:

>>
>> 550 5.6.11 SMTPSEND.BareLinefeedsAreIllegal; message contains 
bare linefeeds, which cannot be sent via DATA and receiving 
system does not support BDAT

>>
>> Does anyone know whether the qmail toaster supports the SMTP 
protocol BDAT command ?

>>
>> Thanks,
>>
>> Jeff





-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com







-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] qmail toaster support for BDAT

[Jeff Koch]

Hi Tonino:

Does this mean that all of the emails this sender sends through her O365 
server would be rejected ?


Jeff



On 8/29/2022 6:55 AM, Tonix wrote:


More exactly those messages will be rejected by remote O365 receiver 
servers whose admins will have enabled the 
SMTPSEND.BareLinefeedsAreIllegal flag.


Tonino

Il 28/08/2022 22:20, Jeff Koch ha scritto:
Thanks Tonix - so the result is that messages from email clients 
(like Outlook) that add multiple bare line feeds in their messages 
and use O365 will now get rejected by the qmail toaster.  How nice of 
Microsoft.


Jeff

On 8/28/2022 2:27 PM, to...@interazioni.it wrote:

This document explains the problem:
https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/non-delivery-reports-in-exchange-online/fix-error-code-550-5-6-11-in-exchange-online 



I will omit my thought on remote admins.
A very simple rule in communication is: be strict when sending, be 
tolerant when receiving.


Regards,
Tonino


Il 28 agosto 2022 19:24:13 CEST, Jeff Koch 
 ha scritto:

>Further information:
>
>The sender also got the following message from his exchange 
mailserver when trying to send to our mailserver:

>
>Your message contains invalid characters (bare line feed 
characters) which the email servers at ..com don't support

>
>Jeff
>
>
>On 8/28/2022 12:45 PM, Jeff Koch wrote:
>>
>> Never heard of this before but an email sender to our mailserver 
got the following error message:

>>
>> 550 5.6.11 SMTPSEND.BareLinefeedsAreIllegal; message contains 
bare linefeeds, which cannot be sent via DATA and receiving system 
does not support BDAT

>>
>> Does anyone know whether the qmail toaster supports the SMTP 
protocol BDAT command ?

>>
>> Thanks,
>>
>> Jeff





-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] qmail toaster support for BDAT

[Jeff Koch]

Thanks Tonix - so the result is that messages from email clients (like 
Outlook) that add multiple bare line feeds in their messages and use 
O365 will now get rejected by the qmail toaster.  How nice of Microsoft.


Jeff

On 8/28/2022 2:27 PM, to...@interazioni.it wrote:

This document explains the problem:
https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/non-delivery-reports-in-exchange-online/fix-error-code-550-5-6-11-in-exchange-online

I will omit my thought on remote admins.
A very simple rule in communication is: be strict when sending, be 
tolerant when receiving.


Regards,
Tonino


Il 28 agosto 2022 19:24:13 CEST, Jeff Koch 
 ha scritto:

>Further information:
>
>The sender also got the following message from his exchange 
mailserver when trying to send to our mailserver:

>
>Your message contains invalid characters (bare line feed characters) 
which the email servers at ..com don't support

>
>Jeff
>
>
>On 8/28/2022 12:45 PM, Jeff Koch wrote:
>>
>> Never heard of this before but an email sender to our mailserver 
got the following error message:

>>
>> 550 5.6.11 SMTPSEND.BareLinefeedsAreIllegal; message contains bare 
linefeeds, which cannot be sent via DATA and receiving system does not 
support BDAT

>>
>> Does anyone know whether the qmail toaster supports the SMTP 
protocol BDAT command ?

>>
>> Thanks,
>>
>> Jeff

Re: [qmailtoaster] qmail toaster support for BDAT

[Jeff Koch]

Further information:

The sender also got the following message from his exchange mailserver 
when trying to send to our mailserver:


Your message contains invalid characters (bare line feed characters) 
which the email servers at ..com don't support


Jeff


On 8/28/2022 12:45 PM, Jeff Koch wrote:


Never heard of this before but an email sender to our mailserver got 
the following error message:


550 5.6.11 SMTPSEND.BareLinefeedsAreIllegal; message contains bare 
linefeeds, which cannot be sent via DATA and receiving system does not 
support BDAT


Does anyone know whether the qmail toaster supports the SMTP protocol 
BDAT command ?


Thanks,

Jeff

[qmailtoaster] qmail toaster support for BDAT

[Jeff Koch]

Never heard of this before but an email sender to our mailserver got the 
following error message:


550 5.6.11 SMTPSEND.BareLinefeedsAreIllegal; message contains bare 
linefeeds, which cannot be sent via DATA and receiving system does not 
support BDAT


Does anyone know whether the qmail toaster supports the SMTP protocol 
BDAT command ?


Thanks,

Jeff

[qmailtoaster] Qmailadmin IP address checking

[Jeff Koch]

Qmailadmin seems to check the IP address to maintain a session. However, 
we have a customer that uses a dish network and the IP address changes 
during browser sessions. This kicks out an error and logs the user out. 
Is there anyway to prevent qmailadmin from checking the IP address. Can 
or does it uses another method to maintain the session?


Regards, Jeff

[qmailtoaster] updating clamav

[Jeff Koch]

Hi:

Just to be sure what would be the commands to update clamav from 0.102.4 
to the latest EPEL 0.103.3 version?


I'm thinking

yum update clamav

But I notice that the original script to convert to the epel version used:

yum install clamav clamav-update clamd spamassassin -y

Is there anything else we would need to do?

Jeff

Re: [qmailtoaster] Host email server on AWS cloud

[Jeff Koch]

I have been successful using a T3 small and 25GB disk (ssd - st1 hhd is 
a little slow) - but you can try smaller. Once you have a setup that 
works take a snapshot and convert it into an AMI. Then you can clone 
that image to multiple new servers of any disk and cpu size you need. 
It's easy to make the disk larger but you can't make them smaller.


Sure, you can try with the free tier but you will need a public IP 
address - what's the worst that will happen


On 10/5/2021 11:58 PM, ChandranManikandan wrote:

Hi All,

Thanks for your suggestion,
May I know what the basic AWS package should purchase from AWS to run 
mail and web server. Can I try with a free tier account?
Am very new to AWS, Shall I take only ec2 storage, what's the minimum 
ec2 instance requirements like processor,RAM,Storage to run COS7 
instance.Could anyone support me step by step process to host there.



On Tue, Oct 5, 2021 at 11:36 PM Quinn Comendant > wrote:


Or don't send mail from AWS IP addresses at all; use a mail
forwarding service such as MailChannels.

Quinn

-
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com




--
*/Regards,
Manikandan.C
/*

Re: [qmailtoaster] Host email server on AWS cloud

[Jeff Koch]

Make sure you get a good IP address from AWS. You can get a bunch test 
them and release the ones you don't want.  If necessary try a different 
data center location. Many of AWS's IP addresses, networks and ASN's are 
blocked by major ISP's because it's easy for spammers to setup spamming 
servers. Also, you'll need to get AWS support to open outgoing port 25 
so your mailserver can send mail. They are pretty lenient about allowing 
that.


Jeff

On 10/5/2021 5:36 AM, ChandranManikandan wrote:

Hi Folks,
I am currently running COS7 with qmailtoaster & webserver on premises.
And am planning to migrate the same setup on AWS cloud.
I don't have any idea what to host and set up there.
Could anyone guide me for hosting the servers?
Appreciate your help and support.

--
*/Regards,
Manikandan.C
/*

Re: [qmailtoaster] Re: QM7 - Issues connecting with Outlook for Android

[Jeff Koch]

Hi Eric - just added auth_debug=yes to the end of 
/etc/dovecot/toaster.conf. The dovecot log is showing auth: Debug


Let me know when you test - thanks - Jeff




On 9/3/2021 10:25 AM, Eric Broch wrote:


When you get advanced logging for dovecot done let me know I'll test 
again.


Here are my settings for squirrelmail in 
/etc/squirrelmail/config_local.php


# imap server options
$imapServerAddress  = 'localhost';
$imap_server_type   = 'dovecot';
# SM doesn't support starttls until v1.5.1, so we'll use digest-md5 
til then

$imap_auth_mech = 'login';

On 9/2/2021 5:47 PM, Eric Broch wrote:

You can change squirrelmail config
On Sep 2, 2021, at 5:11 PM, Jeff Koch <mailto:jeffk...@intersessions.com>> wrote:


Hi Eric - tried removing digest-md5 and cram-md5. Found out
squirrelmail webmail won't work unless digest-md5 is in the
auth_mechanisms

Jeff

On 9/2/2021 10:31 AM, Eric Broch wrote:


both have

auth_mechanisms = plain login

On 9/2/2021 8:29 AM, Eric Broch wrote:


I have a 2 QMT 7 servers and they both work with
dovecot-2.3.11.3-12.qt.el7.x86_64


On 9/2/2021 7:55 AM, Jeff Koch wrote:

Hi Eric:

We'll try doing that but is this a problem with only our
mailserver or all QMT 7 mailservers?

Jeff

On 9/2/2021 9:44 AM, Eric Broch wrote:


Next to the check when entering the settings there is a
question mark circled to the left. Clicking that gives a menu
with 'Collect Diagnostics' & 'Contact Support'

On 9/2/2021 7:42 AM, Eric Broch wrote:


When the popup indicates a connection issue I push 'support'
button and error suggests a certificate issue. Two options
appear at this point: 'Talk to Agent' & 'OK'. If you 'talk
to an agent' you can do more advanced troublshooting like
sending an Outlook error log file to them. You might try this.

Eric

On 9/2/2021 7:11 AM, Jeff Koch wrote:

I could be wrong but I think Outlook for Android must be
very sensitive to the encryption ciphers being used and the
SSL/TLS versions. We use Let's Encrypt certificates - I
wonder if it's anything to do with that.

Jeff

On 9/2/2021 1:16 AM, Remo Mattei wrote:

I just found out to have the same issue from one of my
client.


Il giorno 2 set 2021, alle ore 02:49, Eric Broch
 ha scritto:



Try this script (replace with relevant user, password, &
host) from the command line of the server. It will yield
what version of TLS you're running.



#!/bin/bash

function imapscript () {
echo "a login $1 $2"
echo 'a logout'
sleep 1
echo 'quit'
}

user=some...@mydomain.com
pass=***
host=mail.mydomain.com

imapscript "$user" $pass  | openssl s_client -crlf
-connect $host:993



On 9/1/2021 6:29 PM, Eric Broch wrote:

Does your web mail work?
On Sep 1, 2021, at 5:12 PM, Jeff Koch <
jeffk...@intersessions.com
<mailto:jeffk...@intersessions.com>> wrote:

Neither IMAP or IMAPS will connect - Jeff

On 9/1/2021 6:16 PM, Eric Broch wrote:


What protocol, IMAP, IMAPS, SMTPS...?

On 9/1/2021 2:36 PM, Jeff Koch wrote:


We have a customer trying to connect to his
qmail-toaster email account using the MicroSoft
Outlook app on an Android phone. He keeps getting
bounced off with the message 'can't connect to
server' or 'can't login'.  I did some research on
the MS forums and apparently this Outlook app only
connects with SSL (no STARTTLS) and TLS 1.2 or
higher.  If the mailserver tries anything else
first the connection is dropped.

Is there any known work-around or configuration
adjustment needed to get this Android Outlook app
to work with the toaster.

We're running qmail-1.03-2.2.qt.cdb.el7.x86_64.rpm

Thanks, Jeff

Re: [qmailtoaster] Re: QM7 - Issues connecting with Outlook for Android

[Jeff Koch]

Hi Eric - tried removing digest-md5 and cram-md5. Found out squirrelmail 
webmail won't work unless digest-md5 is in the auth_mechanisms


Jeff

On 9/2/2021 10:31 AM, Eric Broch wrote:


both have

auth_mechanisms = plain login

On 9/2/2021 8:29 AM, Eric Broch wrote:


I have a 2 QMT 7 servers and they both work with 
dovecot-2.3.11.3-12.qt.el7.x86_64



On 9/2/2021 7:55 AM, Jeff Koch wrote:

Hi Eric:

We'll try doing that but is this a problem with only our mailserver 
or all QMT 7 mailservers?


Jeff

On 9/2/2021 9:44 AM, Eric Broch wrote:


Next to the check when entering the settings there is a question 
mark circled to the left. Clicking that gives a menu with 'Collect 
Diagnostics' & 'Contact Support'


On 9/2/2021 7:42 AM, Eric Broch wrote:


When the popup indicates a connection issue I push 'support' 
button and error suggests a certificate issue. Two options appear 
at this point: 'Talk to Agent' & 'OK'. If you 'talk to an agent' 
you can do more advanced troublshooting like sending an Outlook 
error log file to them. You might try this.


Eric

On 9/2/2021 7:11 AM, Jeff Koch wrote:
I could be wrong but I think Outlook for Android must be very 
sensitive to the encryption ciphers being used and the SSL/TLS 
versions. We use Let's Encrypt certificates - I wonder if it's 
anything to do with that.


Jeff

On 9/2/2021 1:16 AM, Remo Mattei wrote:

I just found out to have the same issue from one of my client.

Il giorno 2 set 2021, alle ore 02:49, Eric Broch 
 ha scritto:




Try this script (replace with relevant user, password, & host) 
from the command line of the server. It will yield what version 
of TLS you're running.




#!/bin/bash

function imapscript () {
echo "a login $1 $2"
echo 'a logout'
sleep 1
echo 'quit'
}

user=some...@mydomain.com
pass=***
host=mail.mydomain.com

</pre><tt>imapscript "$user" $pass  | openssl s_client -crlf -connect 
</tt><tt>$host:993
</tt><pre style="margin: 0em;">



On 9/1/2021 6:29 PM, Eric Broch wrote:

Does your web mail work?
On Sep 1, 2021, at 5:12 PM, Jeff Koch 
<mailto:jeffk...@intersessions.com>> wrote:


Neither IMAP or IMAPS will connect - Jeff

On 9/1/2021 6:16 PM, Eric Broch wrote:


What protocol, IMAP, IMAPS, SMTPS...?

On 9/1/2021 2:36 PM, Jeff Koch wrote:


We have a customer trying to connect to his
qmail-toaster email account using the MicroSoft Outlook
app on an Android phone. He keeps getting bounced off
with the message 'can't connect to server' or 'can't
login'.  I did some research on the MS forums and
apparently this Outlook app only connects with SSL (no
STARTTLS) and TLS 1.2 or higher.  If the mailserver
tries anything else first the connection is dropped.

Is there any known work-around or configuration
adjustment needed to get this Android Outlook app to
work with the toaster.

We're running qmail-1.03-2.2.qt.cdb.el7.x86_64.rpm

Thanks, Jeff

Re: [qmailtoaster] Re: QM7 - Issues connecting with Outlook for Android

[Jeff Koch]

I made this change - Jeff

On 9/2/2021 10:31 AM, Eric Broch wrote:


both have

auth_mechanisms = plain login

On 9/2/2021 8:29 AM, Eric Broch wrote:


I have a 2 QMT 7 servers and they both work with 
dovecot-2.3.11.3-12.qt.el7.x86_64



On 9/2/2021 7:55 AM, Jeff Koch wrote:

Hi Eric:

We'll try doing that but is this a problem with only our mailserver 
or all QMT 7 mailservers?


Jeff

On 9/2/2021 9:44 AM, Eric Broch wrote:


Next to the check when entering the settings there is a question 
mark circled to the left. Clicking that gives a menu with 'Collect 
Diagnostics' & 'Contact Support'


On 9/2/2021 7:42 AM, Eric Broch wrote:


When the popup indicates a connection issue I push 'support' 
button and error suggests a certificate issue. Two options appear 
at this point: 'Talk to Agent' & 'OK'. If you 'talk to an agent' 
you can do more advanced troublshooting like sending an Outlook 
error log file to them. You might try this.


Eric

On 9/2/2021 7:11 AM, Jeff Koch wrote:
I could be wrong but I think Outlook for Android must be very 
sensitive to the encryption ciphers being used and the SSL/TLS 
versions. We use Let's Encrypt certificates - I wonder if it's 
anything to do with that.


Jeff

On 9/2/2021 1:16 AM, Remo Mattei wrote:

I just found out to have the same issue from one of my client.

Il giorno 2 set 2021, alle ore 02:49, Eric Broch 
 ha scritto:




Try this script (replace with relevant user, password, & host) 
from the command line of the server. It will yield what version 
of TLS you're running.




#!/bin/bash

function imapscript () {
echo "a login $1 $2"
echo 'a logout'
sleep 1
echo 'quit'
}

user=some...@mydomain.com
pass=***
host=mail.mydomain.com

</pre><tt>imapscript "$user" $pass  | openssl s_client -crlf -connect 
</tt><tt>$host:993
</tt><pre style="margin: 0em;">



On 9/1/2021 6:29 PM, Eric Broch wrote:

Does your web mail work?
On Sep 1, 2021, at 5:12 PM, Jeff Koch 
<mailto:jeffk...@intersessions.com>> wrote:


Neither IMAP or IMAPS will connect - Jeff

On 9/1/2021 6:16 PM, Eric Broch wrote:


What protocol, IMAP, IMAPS, SMTPS...?

On 9/1/2021 2:36 PM, Jeff Koch wrote:


We have a customer trying to connect to his
qmail-toaster email account using the MicroSoft Outlook
app on an Android phone. He keeps getting bounced off
with the message 'can't connect to server' or 'can't
login'.  I did some research on the MS forums and
apparently this Outlook app only connects with SSL (no
STARTTLS) and TLS 1.2 or higher.  If the mailserver
tries anything else first the connection is dropped.

Is there any known work-around or configuration
adjustment needed to get this Android Outlook app to
work with the toaster.

We're running qmail-1.03-2.2.qt.cdb.el7.x86_64.rpm

Thanks, Jeff

Re: [qmailtoaster] Re: QM7 - Issues connecting with Outlook for Android

[Jeff Koch]

Hi Remo - were you able to fix this issue - Jeff

On 9/2/2021 1:16 AM, Remo Mattei wrote:

I just found out to have the same issue from one of my client.

Il giorno 2 set 2021, alle ore 02:49, Eric Broch 
 ha scritto:




Try this script (replace with relevant user, password, & host) from 
the command line of the server. It will yield what version of TLS 
you're running.




#!/bin/bash

function imapscript () {
echo "a login $1 $2"
echo 'a logout'
sleep 1
echo 'quit'
}

user=some...@mydomain.com
pass=***
host=mail.mydomain.com

imapscript "$user" $pass  | openssl s_client -crlf -connect $host:993



On 9/1/2021 6:29 PM, Eric Broch wrote:

Does your web mail work?
On Sep 1, 2021, at 5:12 PM, Jeff Koch <mailto:jeffk...@intersessions.com>> wrote:


Neither IMAP or IMAPS will connect - Jeff

On 9/1/2021 6:16 PM, Eric Broch wrote:


What protocol, IMAP, IMAPS, SMTPS...?

    On 9/1/2021 2:36 PM, Jeff Koch wrote:


We have a customer trying to connect to his qmail-toaster
email account using the MicroSoft Outlook app on an Android
phone. He keeps getting bounced off with the message 'can't
connect to server' or 'can't login'.  I did some research on
the MS forums and apparently this Outlook app only connects
with SSL (no STARTTLS) and TLS 1.2 or higher.  If the
mailserver tries anything else first the connection is dropped.

Is there any known work-around or configuration adjustment
needed to get this Android Outlook app to work with the toaster.

We're running qmail-1.03-2.2.qt.cdb.el7.x86_64.rpm

Thanks, Jeff

Re: [qmailtoaster] Re: QM7 - Issues connecting with Outlook for Android

[Jeff Koch]

Your email indicates your IP is 66.62.95.221.  The qmail submission log 
shows attempts on port 587 as follows:


2021-09-01 23:32:55.819455500 tcpserver: pid 16587 from 66.62.95.221
2021-09-01 23:32:55.819544500 tcpserver: ok 16587 
cygnus.avspamfilter.com:172.31.95.95:587 :66.62.95.221::30366

2021-09-01 23:32:55.931952500 tcpserver: end 16587 status 256

2021-09-02 00:07:53.764608500 tcpserver: pid 21468 from 66.62.95.221
2021-09-02 00:07:53.764691500 tcpserver: ok 21468 
cygnus.avspamfilter.com:172.31.95.95:587 :66.62.95.221::35488

2021-09-02 00:07:53.869720500 tcpserver: end 21468 status 256

2021-09-02 00:21:15.703165500 tcpserver: pid 23503 from 66.62.95.221
2021-09-02 00:21:15.703254500 tcpserver: ok 23503 
cygnus.avspamfilter.com:172.31.95.95:587 :66.62.95.221::23905

2021-09-02 00:21:16.300294500 tcpserver: end 23503 status 256

2021-09-02 00:23:28.560284500 tcpserver: pid 23762 from 66.62.95.221
2021-09-02 00:23:28.560367500 tcpserver: ok 23762 
cygnus.avspamfilter.com:172.31.95.95:587 :66.62.95.221::52957

2021-09-02 00:23:28.657856500 tcpserver: end 23762 status 256

2021-09-02 09:38:08.004793500 tcpserver: pid 6953 from 66.62.95.221
2021-09-02 09:38:08.004884500 tcpserver: ok 6953 
cygnus.avspamfilter.com:172.31.95.95:587 :66.62.95.221::55486

2021-09-02 09:38:08.110108500 tcpserver: end 6953 status 256

2021-09-02 09:46:00.124936500 tcpserver: pid 8169 from 66.62.95.221
2021-09-02 09:46:00.125021500 tcpserver: ok 8169 
cygnus.avspamfilter.com:172.31.95.95:587 :66.62.95.221::13733

2021-09-02 09:46:00.215268500 tcpserver: end 8169 status 256

2021-09-02 10:26:43.000845500 tcpserver: pid 15274 from 66.62.95.221
2021-09-02 10:26:43.000981500 tcpserver: ok 15274 
cygnus.avspamfilter.com:172.31.95.95:587 :66.62.95.221::21607

2021-09-02 10:26:43.095944500 tcpserver: end 15274 status 256

So it's clear you're connecting at least to 587.

Jeff

On 9/2/2021 11:22 AM, Eric Broch wrote:


I'm not sure I think it's your server, STILL, as you have NO 
indication that Micro Screw Outlook is even connecting to your host


On 9/2/2021 8:37 AM, Eric Broch wrote:


One server has a GoDaddy Certificate the other an auto renewing 
LetsEncrypt Certificate.


On 9/2/2021 8:29 AM, Eric Broch wrote:


I have a 2 QMT 7 servers and they both work with 
dovecot-2.3.11.3-12.qt.el7.x86_64



On 9/2/2021 7:55 AM, Jeff Koch wrote:

Hi Eric:

We'll try doing that but is this a problem with only our mailserver 
or all QMT 7 mailservers?


Jeff

On 9/2/2021 9:44 AM, Eric Broch wrote:


Next to the check when entering the settings there is a question 
mark circled to the left. Clicking that gives a menu with 'Collect 
Diagnostics' & 'Contact Support'


On 9/2/2021 7:42 AM, Eric Broch wrote:


When the popup indicates a connection issue I push 'support' 
button and error suggests a certificate issue. Two options appear 
at this point: 'Talk to Agent' & 'OK'. If you 'talk to an agent' 
you can do more advanced troublshooting like sending an Outlook 
error log file to them. You might try this.


Eric

On 9/2/2021 7:11 AM, Jeff Koch wrote:
I could be wrong but I think Outlook for Android must be very 
sensitive to the encryption ciphers being used and the SSL/TLS 
versions. We use Let's Encrypt certificates - I wonder if it's 
anything to do with that.


Jeff

On 9/2/2021 1:16 AM, Remo Mattei wrote:

I just found out to have the same issue from one of my client.

Il giorno 2 set 2021, alle ore 02:49, Eric Broch 
 ha scritto:




Try this script (replace with relevant user, password, & host) 
from the command line of the server. It will yield what 
version of TLS you're running.




#!/bin/bash

function imapscript () {
echo "a login $1 $2"
echo 'a logout'
sleep 1
echo 'quit'
}

user=some...@mydomain.com
pass=***
host=mail.mydomain.com

</pre><tt>imapscript "$user" $pass  | openssl s_client -crlf -connect 
</tt><tt>$host:993
</tt><pre style="margin: 0em;">



On 9/1/2021 6:29 PM, Eric Broch wrote:

Does your web mail work?
On Sep 1, 2021, at 5:12 PM, Jeff Koch 
<mailto:jeffk...@intersessions.com>> wrote:


Neither IMAP or IMAPS will connect - Jeff

On 9/1/2021 6:16 PM, Eric Broch wrote:


What protocol, IMAP, IMAPS, SMTPS...?

On 9/1/2021 2:36 PM, Jeff Koch wrote:


We have a customer trying to connect to his
qmail-toaster email account using the MicroSoft Outlook
app on an Android phone. He keeps getting bounced off
with the message 'can't connect to server' or 'can't
login'.  I did some research on the MS forums and
apparently this Outlook app only connects with SSL (no
STARTTLS) and TLS 1.2 or higher.  If the mailserver
tries anything else first the connection is dropped.

Is there any known work-around or configuration
adjustment needed to get this Android Outlook app to
work with the toaster.

We're running qmail-1.03-2.2.qt.cdb.el7.x86_64.rpm

Thanks, Jeff

Re: [qmailtoaster] Re: QM7 - Issues connecting with Outlook for Android

[Jeff Koch]

Hi Eric:

We'll try doing that but is this a problem with only our mailserver or 
all QMT 7 mailservers?


Jeff

On 9/2/2021 9:44 AM, Eric Broch wrote:


Next to the check when entering the settings there is a question mark 
circled to the left. Clicking that gives a menu with 'Collect 
Diagnostics' & 'Contact Support'


On 9/2/2021 7:42 AM, Eric Broch wrote:


When the popup indicates a connection issue I push 'support' button 
and error suggests a certificate issue. Two options appear at this 
point: 'Talk to Agent' & 'OK'. If you 'talk to an agent' you can do 
more advanced troublshooting like sending an Outlook error log file 
to them. You might try this.


Eric

On 9/2/2021 7:11 AM, Jeff Koch wrote:
I could be wrong but I think Outlook for Android must be very 
sensitive to the encryption ciphers being used and the SSL/TLS 
versions. We use Let's Encrypt certificates - I wonder if it's 
anything to do with that.


Jeff

On 9/2/2021 1:16 AM, Remo Mattei wrote:

I just found out to have the same issue from one of my client.

Il giorno 2 set 2021, alle ore 02:49, Eric Broch 
 ha scritto:




Try this script (replace with relevant user, password, & host) 
from the command line of the server. It will yield what version of 
TLS you're running.




#!/bin/bash

function imapscript () {
echo "a login $1 $2"
echo 'a logout'
sleep 1
echo 'quit'
}

user=some...@mydomain.com
pass=***
host=mail.mydomain.com

imapscript "$user" $pass  | openssl s_client -crlf -connect $host:993



On 9/1/2021 6:29 PM, Eric Broch wrote:

Does your web mail work?
On Sep 1, 2021, at 5:12 PM, Jeff Koch <mailto:jeffk...@intersessions.com>> wrote:


Neither IMAP or IMAPS will connect - Jeff

On 9/1/2021 6:16 PM, Eric Broch wrote:


What protocol, IMAP, IMAPS, SMTPS...?

On 9/1/2021 2:36 PM, Jeff Koch wrote:


We have a customer trying to connect to his qmail-toaster
email account using the MicroSoft Outlook app on an Android
phone. He keeps getting bounced off with the message 'can't
connect to server' or 'can't login'.  I did some research
on the MS forums and apparently this Outlook app only
connects with SSL (no STARTTLS) and TLS 1.2 or higher.  If
the mailserver tries anything else first the connection is
dropped.

Is there any known work-around or configuration adjustment
needed to get this Android Outlook app to work with the
toaster.

We're running qmail-1.03-2.2.qt.cdb.el7.x86_64.rpm

Thanks, Jeff

Re: [qmailtoaster] Re: QM7 - Issues connecting with Outlook for Android

[Jeff Koch]

I could be wrong but I think Outlook for Android must be very sensitive 
to the encryption ciphers being used and the SSL/TLS versions. We use 
Let's Encrypt certificates - I wonder if it's anything to do with that.


Jeff

On 9/2/2021 1:16 AM, Remo Mattei wrote:

I just found out to have the same issue from one of my client.

Il giorno 2 set 2021, alle ore 02:49, Eric Broch 
 ha scritto:




Try this script (replace with relevant user, password, & host) from 
the command line of the server. It will yield what version of TLS 
you're running.




#!/bin/bash

function imapscript () {
echo "a login $1 $2"
echo 'a logout'
sleep 1
echo 'quit'
}

user=some...@mydomain.com
pass=***
host=mail.mydomain.com

imapscript "$user" $pass  | openssl s_client -crlf -connect $host:993



On 9/1/2021 6:29 PM, Eric Broch wrote:

Does your web mail work?
On Sep 1, 2021, at 5:12 PM, Jeff Koch <mailto:jeffk...@intersessions.com>> wrote:


Neither IMAP or IMAPS will connect - Jeff

On 9/1/2021 6:16 PM, Eric Broch wrote:


What protocol, IMAP, IMAPS, SMTPS...?

    On 9/1/2021 2:36 PM, Jeff Koch wrote:


We have a customer trying to connect to his qmail-toaster
email account using the MicroSoft Outlook app on an Android
phone. He keeps getting bounced off with the message 'can't
connect to server' or 'can't login'.  I did some research on
the MS forums and apparently this Outlook app only connects
with SSL (no STARTTLS) and TLS 1.2 or higher.  If the
mailserver tries anything else first the connection is dropped.

Is there any known work-around or configuration adjustment
needed to get this Android Outlook app to work with the toaster.

We're running qmail-1.03-2.2.qt.cdb.el7.x86_64.rpm

Thanks, Jeff

Re: [qmailtoaster] Re: QM7 - Issues connecting with Outlook for Android

[Jeff Koch]

Connections from other email clients show in the dovecot log but not the 
attempts from Outlook for Android. - Jeff


On 9/1/2021 10:35 PM, Eric Broch wrote:

Check Dovecot log to see if Outlook is connecting.
On Sep 1, 2021, at 8:32 PM, Eric Broch <mailto:ebr...@whitehorsetc.com>> wrote:


Order:

1) Add new account
2) Enter email address & hit continue
3) Turn on advanced & fill in IMAP & SMTP Settings & hit check at
top of screen.
On Sep 1, 2021, at 8:23 PM, Eric Broch < ebr...@whitehorsetc.com
<mailto:ebr...@whitehorsetc.com>> wrote:

Also, your certificate must be valid or you'll run into problems
On Sep 1, 2021, at 8:19 PM, Eric Broch <
ebr...@whitehorsetc.com <mailto:ebr...@whitehorsetc.com>> wrote:

Just created an account with Outlook for Android
connecting to QMT/COS 7, you must use the advanced setting
option.
On Sep 1, 2021, at 8:11 PM, Eric Broch <
ebr...@whitehorsetc.com <mailto:ebr...@whitehorsetc.com>>
wrote:

I used to use Outlook but went to BlueMail.
On Sep 1, 2021, at 7:25 PM, Jeff Koch <
jeffk...@intersessions.com
<mailto:jeffk...@intersessions.com>> wrote:

Yes - and Gmail for Android works and can connect
to the email account. Also, Amazon Fire Tablet
(which is Android) can also connect to the email
account on a non-SSL basis. The only issue is
Microsoft Outlook for Android which can't
connect.  I'm sure there must be others on the
list with Android devices that have the current
Microsoft Outlook app. Are you able to connect to
a QM7 IMAP email account?

Jeff

On 9/1/2021 8:29 PM, Eric Broch wrote:

Does your web mail work?
On Sep 1, 2021, at 5:12 PM, Jeff Koch <
jeffk...@intersessions.com
<mailto:jeffk...@intersessions.com>> wrote:

Neither IMAP or IMAPS will connect - Jeff

On 9/1/2021 6:16 PM, Eric Broch wrote:


    What protocol, IMAP, IMAPS, SMTPS...?

On 9/1/2021 2:36 PM, Jeff Koch wrote:


We have a customer trying to connect to his
qmail-toaster email account using the
MicroSoft Outlook app on an Android phone.
He keeps getting bounced off with the
message 'can't connect to server' or 'can't
login'.  I did some research on the MS
forums and apparently this Outlook app only
connects with SSL (no STARTTLS) and TLS 1.2
or higher.  If the mailserver tries
anything else first the connection is dropped.

Is there any known work-around or
configuration adjustment needed to get this
Android Outlook app to work with the toaster.

We're running
qmail-1.03-2.2.qt.cdb.el7.x86_64.rpm

Thanks, Jeff

Re: [qmailtoaster] Re: QM7 - Issues connecting with Outlook for Android

[Jeff Koch]

Yup - did all that and when we hit check we get can't connect.

The servercert.pem is good through Sep 28th.

Thunderbird on the PC connects OK to the IMAP with SSL/TLS. But SMTP 
will only connect with STARTTLS.  Certificate is the same for dovecot 
IMAP and SMTP. Could there be a cipher issue?


Jeff

On 9/1/2021 10:32 PM, Eric Broch wrote:

Order:

1) Add new account
2) Enter email address & hit continue
3) Turn on advanced & fill in IMAP & SMTP Settings & hit check at top 
of screen.
On Sep 1, 2021, at 8:23 PM, Eric Broch <mailto:ebr...@whitehorsetc.com>> wrote:


Also, your certificate must be valid or you'll run into problems
On Sep 1, 2021, at 8:19 PM, Eric Broch < ebr...@whitehorsetc.com
<mailto:ebr...@whitehorsetc.com>> wrote:

Just created an account with Outlook for Android connecting to
QMT/COS 7, you must use the advanced setting option.
On Sep 1, 2021, at 8:11 PM, Eric Broch <
ebr...@whitehorsetc.com <mailto:ebr...@whitehorsetc.com>> wrote:

I used to use Outlook but went to BlueMail.
On Sep 1, 2021, at 7:25 PM, Jeff Koch <
jeffk...@intersessions.com
<mailto:jeffk...@intersessions.com>> wrote:

Yes - and Gmail for Android works and can connect to
the email account. Also, Amazon Fire Tablet (which is
Android) can also connect to the email account on a
non-SSL basis.  The only issue is Microsoft Outlook
for Android which can't connect.  I'm sure there must
be others on the list with Android devices that have
the current Microsoft Outlook app. Are you able to
connect to a QM7 IMAP email account?

Jeff

On 9/1/2021 8:29 PM, Eric Broch wrote:

Does your web mail work?
On Sep 1, 2021, at 5:12 PM, Jeff Koch <
jeffk...@intersessions.com
<mailto:jeffk...@intersessions.com>> wrote:

Neither IMAP or IMAPS will connect - Jeff

On 9/1/2021 6:16 PM, Eric Broch wrote:


What protocol, IMAP, IMAPS, SMTPS...?

On 9/1/2021 2:36 PM, Jeff Koch wrote:


We have a customer trying to connect to his
qmail-toaster email account using the MicroSoft
Outlook app on an Android phone. He keeps
getting bounced off with the message 'can't
connect to server' or 'can't login'.  I did
some research on the MS forums and apparently
this Outlook app only connects with SSL (no
STARTTLS) and TLS 1.2 or higher.  If the
mailserver tries anything else first the
connection is dropped.

Is there any known work-around or configuration
adjustment needed to get this Android Outlook
app to work with the toaster.

We're running qmail-1.03-2.2.qt.cdb.el7.x86_64.rpm

Thanks, Jeff

Re: [qmailtoaster] Re: QM7 - Issues connecting with Outlook for Android

[Jeff Koch]

We do use that option - Jeff

On 9/1/2021 10:19 PM, Eric Broch wrote:
Just created an account with Outlook for Android connecting to QMT/COS 
7, you must use the advanced setting option.
On Sep 1, 2021, at 8:11 PM, Eric Broch <mailto:ebr...@whitehorsetc.com>> wrote:


I used to use Outlook but went to BlueMail.
On Sep 1, 2021, at 7:25 PM, Jeff Koch < jeffk...@intersessions.com
<mailto:jeffk...@intersessions.com>> wrote:

Yes - and Gmail for Android works and can connect to the email
account. Also, Amazon Fire Tablet (which is Android) can also
connect to the email account on a non-SSL basis.  The only
issue is Microsoft Outlook for Android which can't connect. 
I'm sure there must be others on the list with Android devices
that have the current Microsoft Outlook app. Are you able to
connect to a QM7 IMAP email account?

Jeff

On 9/1/2021 8:29 PM, Eric Broch wrote:

Does your web mail work?
On Sep 1, 2021, at 5:12 PM, Jeff Koch <
jeffk...@intersessions.com
<mailto:jeffk...@intersessions.com>> wrote:

Neither IMAP or IMAPS will connect - Jeff

On 9/1/2021 6:16 PM, Eric Broch wrote:


What protocol, IMAP, IMAPS, SMTPS...?

    On 9/1/2021 2:36 PM, Jeff Koch wrote:


We have a customer trying to connect to his
qmail-toaster email account using the MicroSoft Outlook
app on an Android phone. He keeps getting bounced off
with the message 'can't connect to server' or 'can't
login'.  I did some research on the MS forums and
apparently this Outlook app only connects with SSL (no
STARTTLS) and TLS 1.2 or higher.  If the mailserver
tries anything else first the connection is dropped.

Is there any known work-around or configuration
adjustment needed to get this Android Outlook app to
work with the toaster.

We're running qmail-1.03-2.2.qt.cdb.el7.x86_64.rpm

Thanks, Jeff

Re: [qmailtoaster] Re: QM7 - Issues connecting with Outlook for Android

[Jeff Koch]

Hi Eric:

Here's what I get - BTW - I did see a reference in a forum post that 
AUTH=DIGEST-MD5 should be removed from dovecot


SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 
611DF740642D8DD1BED7CF03AF5C9CB6930406E3BA4D76A1BBC25A1275B1B9AF

    Session-ID-ctx:
    Master-Key: 
BA0399E80DE9DF60F0B90CFBE2B6C58438AB03DB427ECFE233A062DBDEBD7237824AAF8CBD445AEE22E184F863A6

    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
     - 8d f7 50 89 e0 14 cc 94-95 cf ab 4b af d9 a3 3f ..PK...?
    0010 - a9 9e 48 2b 48 5d a4 a1-37 62 f4 ed 62 43 31 e4 ..H+H]..7b..bC1.
    0020 - 51 49 3a 3c 25 6a 22 8c-99 f0 60 bf d0 df b8 4c QI:<%j"...`L
    0030 - 22 e8 da 05 9e 4e ef f0-7c 16 ae c5 af 16 1e 01 "N..|...
    0040 - 82 9a 62 79 93 0c 1b 73-bd b9 90 96 8e 5a 94 5d ..by...s.Z.]
    0050 - d6 9b 84 d4 88 1d 81 41-7a 24 29 97 d9 0f c5 6f ...Az$)o
    0060 - b8 69 ed b8 28 ce 62 82-03 4e e8 05 fb 8d 85 ae .i..(.b..N..
    0070 - a5 21 9d 17 f7 1e f1 7e-14 75 4a 79 56 c7 f3 95 .!.~.uJyV...
    0080 - c3 bc 50 90 de b0 51 1b-48 1c 4f df 9a 58 0d 4b ..P...Q.H.O..X.K
    0090 - c1 42 cb 64 4f 6c e9 7b-d5 1d 4a 04 dd 89 2a 2d .B.dOl.{..J...*-

    Start Time: 1630549460
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE 
IDLE AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot 
toaster ready.
a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE 
IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS 
THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN 
NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH 
ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE QUOTA] 
Logged in

* BYE Logging out
a OK Logout completed (0.001 + 0.000 + 0.001 secs).
closed


On 9/1/2021 8:49 PM, Eric Broch wrote:


Try this script (replace with relevant user, password, & host) from 
the command line of the server. It will yield what version of TLS 
you're running.




#!/bin/bash

function imapscript () {
echo "a login $1 $2"
echo 'a logout'
sleep 1
echo 'quit'
}

user=some...@mydomain.com
pass=***
host=mail.mydomain.com

imapscript "$user" $pass  | openssl s_client -crlf -connect $host:993



On 9/1/2021 6:29 PM, Eric Broch wrote:

Does your web mail work?
On Sep 1, 2021, at 5:12 PM, Jeff Koch <mailto:jeffk...@intersessions.com>> wrote:


Neither IMAP or IMAPS will connect - Jeff

On 9/1/2021 6:16 PM, Eric Broch wrote:


What protocol, IMAP, IMAPS, SMTPS...?

On 9/1/2021 2:36 PM, Jeff Koch wrote:


We have a customer trying to connect to his qmail-toaster email
account using the MicroSoft Outlook app on an Android phone. He
keeps getting bounced off with the message 'can't connect to
server' or 'can't login'.  I did some research on the MS forums
and apparently this Outlook app only connects with SSL (no
STARTTLS) and TLS 1.2 or higher.  If the mailserver tries
anything else first the connection is dropped.

Is there any known work-around or configuration adjustment
needed to get this Android Outlook app to work with the toaster.

We're running qmail-1.03-2.2.qt.cdb.el7.x86_64.rpm

Thanks, Jeff

Re: [qmailtoaster] Re: QM7 - Issues connecting with Outlook for Android

[Jeff Koch]

Eric - I should also mention that the email account works with Mail on 
the iPhone as well as Thunderbird on a desktop PC. - Jeff



Yes - and Gmail for Android works and can connect to the email account. 
Also, Amazon Fire Tablet (which is Android) can also connect to the 
email account on a non-SSL basis.  The only issue is Microsoft Outlook 
for Android which can't connect.  I'm sure there must be others on the 
list with Android devices that have the current Microsoft Outlook app. 
Are you able to connect to a QM7 IMAP email account?


Jeff

On 9/1/2021 8:29 PM, Eric Broch wrote:

Does your web mail work?
On Sep 1, 2021, at 5:12 PM, Jeff Koch <mailto:jeffk...@intersessions.com>> wrote:


Neither IMAP or IMAPS will connect - Jeff

On 9/1/2021 6:16 PM, Eric Broch wrote:


What protocol, IMAP, IMAPS, SMTPS...?

On 9/1/2021 2:36 PM, Jeff Koch wrote:


We have a customer trying to connect to his qmail-toaster email
account using the MicroSoft Outlook app on an Android phone. He
keeps getting bounced off with the message 'can't connect to
server' or 'can't login'.  I did some research on the MS forums
and apparently this Outlook app only connects with SSL (no
STARTTLS) and TLS 1.2 or higher.  If the mailserver tries
anything else first the connection is dropped.

Is there any known work-around or configuration adjustment
needed to get this Android Outlook app to work with the toaster.

We're running qmail-1.03-2.2.qt.cdb.el7.x86_64.rpm

Thanks, Jeff

Re: [qmailtoaster] Re: QM7 - Issues connecting with Outlook for Android

[Jeff Koch]

Yes - and Gmail for Android works and can connect to the email account. 
Also, Amazon Fire Tablet (which is Android) can also connect to the 
email account on a non-SSL basis.  The only issue is Microsoft Outlook 
for Android which can't connect.  I'm sure there must be others on the 
list with Android devices that have the current Microsoft Outlook app. 
Are you able to connect to a QM7 IMAP email account?


Jeff

On 9/1/2021 8:29 PM, Eric Broch wrote:

Does your web mail work?
On Sep 1, 2021, at 5:12 PM, Jeff Koch <mailto:jeffk...@intersessions.com>> wrote:


Neither IMAP or IMAPS will connect - Jeff

On 9/1/2021 6:16 PM, Eric Broch wrote:


What protocol, IMAP, IMAPS, SMTPS...?

On 9/1/2021 2:36 PM, Jeff Koch wrote:


We have a customer trying to connect to his qmail-toaster email
account using the MicroSoft Outlook app on an Android phone. He
keeps getting bounced off with the message 'can't connect to
server' or 'can't login'.  I did some research on the MS forums
and apparently this Outlook app only connects with SSL (no
STARTTLS) and TLS 1.2 or higher.  If the mailserver tries
anything else first the connection is dropped.

Is there any known work-around or configuration adjustment
needed to get this Android Outlook app to work with the toaster.

We're running qmail-1.03-2.2.qt.cdb.el7.x86_64.rpm

Thanks, Jeff

Re: [qmailtoaster] Re: QM7 - Issues connecting with Outlook for Android

[Jeff Koch]

Neither IMAP or IMAPS will connect - Jeff

On 9/1/2021 6:16 PM, Eric Broch wrote:


What protocol, IMAP, IMAPS, SMTPS...?

On 9/1/2021 2:36 PM, Jeff Koch wrote:


We have a customer trying to connect to his qmail-toaster email 
account using the MicroSoft Outlook app on an Android phone. He keeps 
getting bounced off with the message 'can't connect to server' or 
'can't login'.  I did some research on the MS forums and apparently 
this Outlook app only connects with SSL (no STARTTLS) and TLS 1.2 or 
higher.  If the mailserver tries anything else first the connection 
is dropped.


Is there any known work-around or configuration adjustment needed to 
get this Android Outlook app to work with the toaster.


We're running qmail-1.03-2.2.qt.cdb.el7.x86_64.rpm

Thanks, Jeff

[qmailtoaster] QM7 - Issues connecting with Outlook for Android

[Jeff Koch]

We have a customer trying to connect to his qmail-toaster email account 
using the MicroSoft Outlook app on an Android phone. He keeps getting 
bounced off with the message 'can't connect to server' or 'can't 
login'.  I did some research on the MS forums and apparently this 
Outlook app only connects with SSL (no STARTTLS) and TLS 1.2 or higher. 
If the mailserver tries anything else first the connection is dropped.


Is there any known work-around or configuration adjustment needed to get 
this Android Outlook app to work with the toaster.


We're running qmail-1.03-2.2.qt.cdb.el7.x86_64.rpm

Thanks, Jeff

Re: [qmailtoaster] New Error on SMTP

[Jeff Koch]

You are right - that's what we'll do. The port 26 thing came about 
decades ago when traveling users would find port 25 blocked.


Jeff

On 6/8/2021 5:12 PM, Remo Mattei wrote:

Why not use 465 then at this point?

Remo

On Jun 8, 2021, at 10:55 AM, Jeff Koch <mailto:jeffk...@intersessions.com>> wrote:


Hi Eric and list:

Thanks for the suggestion and for thinking about this.  In the 
meantime we figured out the problem. We've isolated the issue to a 
local ISP operating under the names Netlife/Ecuanet/Telconet. All 
users with issues are using this ISP. Changing the smtp port to 26 
solves the problem - which on our mailservers is prerouted and 
redirected to 587. Looks like the ISP is doing something on port 587.


Weird

Jeff



On 6/8/2021 4:11 PM, Eric Broch wrote:


If you're using spamdyke it will do TLS encryption. Disable it. In 
/etc/spamdyke/spamdyke.conf do the following:


# QMT does encryption/decryption when cert file is commented
#tls-certificate-file=/var/qmail/control/servercert.pem
tls-level=smtp

On 6/8/2021 12:19 PM, Jeff Koch wrote:


Hi

More info.

From some locations telnetting to port 587 on this mailserver and 
then entering EHLO gets a list of services that
includes STARTTLS and from other locations STARTTLS and PIPELINING 
are not shown. Any idea why that would happen?

What controls the list of services announced to email clients?

Jeff

Re: [qmailtoaster] New Error on SMTP

[Jeff Koch]

Hi Eric and list:

Thanks for the suggestion and for thinking about this.  In the meantime 
we figured out the problem. We've isolated the issue to a local ISP 
operating under the names Netlife/Ecuanet/Telconet. All users with 
issues are using this ISP. Changing the smtp port to 26 solves the 
problem - which on our mailservers is prerouted and redirected to 587.  
Looks like the ISP is doing something on port 587.


Weird

Jeff



On 6/8/2021 4:11 PM, Eric Broch wrote:


If you're using spamdyke it will do TLS encryption. Disable it. In 
/etc/spamdyke/spamdyke.conf do the following:


# QMT does encryption/decryption when cert file is commented
#tls-certificate-file=/var/qmail/control/servercert.pem
tls-level=smtp

On 6/8/2021 12:19 PM, Jeff Koch wrote:


Hi

More info.

From some locations telnetting to port 587 on this mailserver and 
then entering EHLO gets a list of services that
includes STARTTLS and from other locations STARTTLS and PIPELINING 
are not shown. Any idea why that would happen?

What controls the list of services announced to email clients?

Jeff

[qmailtoaster] New Error on SMTP

[Jeff Koch]

Hi

More info.

From some locations telnetting to port 587 on this mailserver and then 
entering EHLO gets a list of services that
includes STARTTLS and from other locations STARTTLS and PIPELINING are 
not shown. Any idea why that would happen?

What controls the list of services announced to email clients?

Jeff

Re: [qmailtoaster] New error on SMTP connections with Macs

[Jeff Koch]

I'll ask them. We also just changed the SMTP Greeting from the very long 
one with the toaster version number from the stock Toaster. Now it just 
says 'SMTP Server'.  Maybe the length of the greeting was confusing the 
email client.


Jeff

On 6/8/2021 11:04 AM, Eric Broch wrote:


It looks correct.

Can you provide the outlook settings and version as well as the mac?

Eric

On 6/8/2021 8:56 AM, Jeff Koch wrote:

Hi Eric:

This server uses V 1.03-2.qt.e17 - there have been no upgrades for at 
least two years. Does the telnet response in the screen shot look 
correct?


Jeff

On 6/8/2021 10:51 AM, Eric Broch wrote:


What version of qmail

Did it start after an upgrade?


On 6/8/2021 8:43 AM, Jeff Koch wrote:

Hi List:

Our qmail toaster users have just started reporting an SMTP sending 
error. These users are mostly sending mail on Mac's but this was 
also reported by one user sending with Outlook.


The error reads:
-
Send Message Error

Sending of the message failed.
An error occurred while sending mail: Unable to establish
a secure link with Outgoing server (SMTP)
'...' using STARTTLS since it doesn't
advertise that feature. Switch off STARTTLS for that
server or contact your service provider.
---

Checking the mailserver by telnetting to port 587 it clearly 
advertises STARTTLS:




Regards, Jeff Koch

Re: [qmailtoaster] New error on SMTP connections with Macs

[Jeff Koch]

Hi Eric:

This server uses V 1.03-2.qt.e17 - there have been no upgrades for at 
least two years. Does the telnet response in the screen shot look correct?


Jeff

On 6/8/2021 10:51 AM, Eric Broch wrote:


What version of qmail

Did it start after an upgrade?


On 6/8/2021 8:43 AM, Jeff Koch wrote:

Hi List:

Our qmail toaster users have just started reporting an SMTP sending 
error. These users are mostly sending mail on Mac's but this was also 
reported by one user sending with Outlook.


The error reads:
-
Send Message Error

Sending of the message failed.
An error occurred while sending mail: Unable to establish
a secure link with Outgoing server (SMTP)
'...' using STARTTLS since it doesn't
advertise that feature. Switch off STARTTLS for that
server or contact your service provider.
---

Checking the mailserver by telnetting to port 587 it clearly 
advertises STARTTLS:




Regards, Jeff Koch

[qmailtoaster] New error on SMTP connections with Macs

[Jeff Koch]

Hi List:

Our qmail toaster users have just started reporting an SMTP sending 
error. These users are mostly sending mail on Mac's but this was also 
reported by one user sending with Outlook.


The error reads:
-
Send Message Error

Sending of the message failed.
An error occurred while sending mail: Unable to establish
a secure link with Outgoing server (SMTP)
'...' using STARTTLS since it doesn't
advertise that feature. Switch off STARTTLS for that
server or contact your service provider.
---

Checking the mailserver by telnetting to port 587 it clearly advertises 
STARTTLS:




Regards, Jeff Koch

Re: [qmailtoaster] Fwd: qq soft reject after updating packages end of March 2021

[Jeff Koch]

Clamd runs quite differently when the epel version is installed

daemon is controlled with:

systemctl status clamd@scan

and to get better logging

Add SIMSCAN_DEBUG="5" to /etc/tcprules.d/tcp.smtp as in:

:allow,SIMSCAN_DEBUG="5",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="25"

The you'll see detailed clamdscan logging in /var/log/qmail/smtp and 
submission but make sure clamdscan is running


systemctl status clamd@scan

we got qq soft-rejects when the kernel ran out of memory and clamav has 
stopped. We found an entry in /var/log/messages:


Nov 18 15:10:13 machine kernel: Out of memory: Kill process 803 (clamd) 
score 165 or sacrifice child



Jeff

On 5/13/2021 4:16 PM, Benjamin Baez wrote:
I forgot to revisit that.  I noticed that clamd never came back up 
after the update.  Is there a different log now?


[root@mta01 ~]# cat /var/log/clamd/clamd.log
Sat Mar 27 11:23:30 2021 -> SelfCheck: Database status OK.
Sat Mar 27 11:33:30 2021 -> SelfCheck: Database status OK.
Sat Mar 27 11:43:30 2021 -> SelfCheck: Database status OK.
Sat Mar 27 11:53:31 2021 -> SelfCheck: Database status OK.
Sat Mar 27 11:56:20 2021 -> Waiting for all threads to finish
Sat Mar 27 11:56:23 2021 -> Shutting down the main socket.
Sat Mar 27 11:56:23 2021 -> ERROR: Can't unlink the pid file 
/var/run/clamav/clamd.pid

Sat Mar 27 11:56:23 2021 -> --- Stopped at Sat Mar 27 11:56:23 2021
Sat Mar 27 11:56:23 2021 -> Closing the main socket.
Sat Mar 27 11:56:23 2021 -> Socket file removed.

[root@mta01 ~]# toaststat

Status of toaster services
send: up (pid 32338) 15907 seconds
smtp: up (pid 32335) 15907 seconds
submission: up (pid 32336) 15907 seconds
send/log: up (pid 32340) 15907 seconds
smtp/log: up (pid 32339) 15907 seconds
submission/log: up (pid 32337) 15907 seconds

systemd service:         clamav-freshclam:       [  OK  ]
systemd service:                    spamd:       [  OK  ]
systemd service:                  dovecot:       [  OK  ]
systemd service:                  mariadb:       [  OK  ]
systemd service:                    httpd:       [  OK  ]
systemd service:                    named:       [  OK  ]
systemd service:                     ntpd:       [  OK  ]
systemd service:                     sshd:       [  OK  ]
systemd service:                  network:       [  OK  ]
systemd service:                    crond:       [  OK  ]
systemd service:                    acpid:       [  OK  ]
systemd service:                      atd:       [  OK  ]
systemd service:                   autofs:       [  OK  ]
systemd service:                   smartd:       [  OK  ]
systemd service:               irqbalance:       [  OK  ]

On Thu, May 13, 2021 at 1:03 PM Jeff Koch <mailto:jeffk...@intersessions.com>> wrote:


Did you check the clamav log?

Jeff

On 5/13/2021 12:30 PM, Benjamin Baez wrote:


Hi,

How do I troubleshoot this further?  In the past it would be
something to do with clamav or simscan, but don't have a lead
this time.

[root@mta01 ~]# tail -f /var/log/qmail/submission/current
@4000609d4c9217d2d2d4 tcpserver: status: 0/100
@4000609d52200e3031cc tcpserver: status: 1/100
@4000609d52200e39615c tcpserver: pid 1598 from 75.53.9.111
@4000609d52200e3a920c tcpserver: ok 1598
mta01.biospectra.com:75.53.9.76:587 :75.53.9.111::61177
@4000609d52201bf23a6c CHKUSER accepted sender: from

<mailto:bb...@biospectra.com:bbaez:> remote
<[10.16.1.123]:unknown:75.53.9.111> rcpt <> : sender accepted
@4000609d522027921aa4 CHKUSER relaying rcpt: from

<mailto:bb...@biospectra.com:bbaez:> remote
<[10.16.1.123]:unknown:75.53.9.111> rcpt mailto:benba...@gmail.com>> : client allowed to relay
@4000609d52202792265c policy_check: local bbaez -> remote
benba...@gmail.com <mailto:benba...@gmail.com> (AUTHENTICATED SENDER)
@4000609d522027922a44 policy_check: policy allows transmission
@4000609d52202925ce4c qmail-smtpd: qq soft reject (mail
server temporarily rejected message (#4.3.0)):
MAILFROM:mailto:bb...@biospectra.com>>
RCPTTO:benba...@gmail.com <mailto:rcptto%3abenba...@gmail.com>
@4000609d52230a71f14c tcpserver: end 1598 status 0
@4000609d52230a71f91c tcpserver: status: 0/100

[root@mta01 ~]# tail -f cat  /var/log/maillog
May 13 09:21:15 mta01 spamdyke[1592]:
ERROR(load_resolver_file()@search_fs.c:753): invalid/unparsable
nameserver found: 2600:1700:4a30:5b40::1
May 13 09:21:42 mta01 vpopmail[1599]: vchkpw-submission:
(CRAM-MD5) login success bb...@biospectra.com:75.53.9.111
<mailto:bb...@biospectra.com:75.53.9.111>

I don't think the IPv6 error is related but including it.

Thanks!

Re: [qmailtoaster] Fwd: qq soft reject after updating packages end of March 2021

[Jeff Koch]

Did you check the clamav log?

Jeff

On 5/13/2021 12:30 PM, Benjamin Baez wrote:


Hi,

How do I troubleshoot this further?  In the past it would be something 
to do with clamav or simscan, but don't have a lead this time.


[root@mta01 ~]# tail -f /var/log/qmail/submission/current
@4000609d4c9217d2d2d4 tcpserver: status: 0/100
@4000609d52200e3031cc tcpserver: status: 1/100
@4000609d52200e39615c tcpserver: pid 1598 from 75.53.9.111
@4000609d52200e3a920c tcpserver: ok 1598 
mta01.biospectra.com:75.53.9.76:587 :75.53.9.111::61177
@4000609d52201bf23a6c CHKUSER accepted sender: from 
 remote 
<[10.16.1.123]:unknown:75.53.9.111> rcpt <> : sender accepted
@4000609d522027921aa4 CHKUSER relaying rcpt: from 
 remote 
<[10.16.1.123]:unknown:75.53.9.111> rcpt > : client allowed to relay
@4000609d52202792265c policy_check: local bbaez -> remote 
benba...@gmail.com  (AUTHENTICATED SENDER)

@4000609d522027922a44 policy_check: policy allows transmission
@4000609d52202925ce4c qmail-smtpd: qq soft reject (mail server 
temporarily rejected message (#4.3.0)): MAILFROM:> RCPTTO:benba...@gmail.com 


@4000609d52230a71f14c tcpserver: end 1598 status 0
@4000609d52230a71f91c tcpserver: status: 0/100

[root@mta01 ~]# tail -f cat  /var/log/maillog
May 13 09:21:15 mta01 spamdyke[1592]: 
ERROR(load_resolver_file()@search_fs.c:753): invalid/unparsable 
nameserver found: 2600:1700:4a30:5b40::1
May 13 09:21:42 mta01 vpopmail[1599]: vchkpw-submission: (CRAM-MD5) 
login success bb...@biospectra.com:75.53.9.111


I don't think the IPv6 error is related but including it.

Thanks!

Re: [qmailtoaster] QQ issue

[Jeff Koch]

qq soft-rejects in smtp and submission logs - clamav wasn't running - 
fix was to restart clamav - then we found out from /var/log/messages 
that we ran out of memory


Nov 18 15:10:13 vidar kernel: Out of memory: Kill process 803 (clamd) 
score 165 or sacrifice child


systemctl status clamd@scan   (with new clamav setup install from epel )

Also, had qq soft-rejects when the permissions on /var/qmail/simscan/ 
were wrong should be chmod 2750 /var/qmail/simscan


Hope this helps, Jeff


On 3/23/2021 10:43 AM, Remo Mattei wrote:

Hello guys, I cannot remember what was the fix for the

qmail-smtpd: qq soft reject (mail server temporarily rejected message in the 
outgoing submissions

Any tips to refresh my memory are greatly appreciated.

Thanks
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Purging the queue

[Jeff Koch]

Hi Remo:

I checked the 'help' and tried. Not working for me.  Do you need to run 
it from any particular directory. And, for example, to delete all 
messges in the queue from 't...@yahoo.com' would you enter:


qmHandle -M t...@yahoo.com  ?

seems you should also be able to use:

qmHandle -tf 't...@yahoo.com'

but that didn't work either.

These spams that I'm trying to get rid of are all over 400MB

Jeff

On 2/22/2021 3:44 PM, Remo Mattei wrote:

Hi you mean qmHandle —help

That allows you to delete all the info into the queue
On Feb 22, 2021, at 12:38, Jeff Koch <mailto:jeffk...@intersessions.com>> wrote:


Hi

Does anyone have a link to a script that can be used to purge the 
queue of emails meeting containing certain email address or text 
strings?


Thanks, Jeff

[qmailtoaster] Purging the queue

[Jeff Koch]

Hi

Does anyone have a link to a script that can be used to purge the queue 
of emails meeting containing certain email address or text strings?


Thanks, Jeff

Re: [qmailtoaster] Future of qmailtoaster on CentOS?

[Jeff Koch]

Perhaps, as long as nothing related to the kernel or basic OS changed. 
And the updating would need to be tested. It would be bad if the server 
instance wouldn't boot. Then you'd be dead in the water.  I'd feel a 
little more confident using an OS/distribution supported by the cloud 
provider. We use AWS, GCP and Azure.


Jeff

On 12/11/2020 10:20 AM, Eric Broch wrote:


From what the Rocky Linux developers say, that distro should be out by 
CentOS 8 end-of-life, 12/31/2021. It should be elementary to change 
repos, right?


On 12/11/2020 8:10 AM, Jeff Koch wrote:

We have a similar situation with AWS.   Jeff

On 12/11/2020 9:45 AM, Gary Bowling wrote:



One issue I have is that my toaster is hosted on a virtual machine 
at Linode. Others may use virtual solutions as well.



These services offer virtual machines of several popular flavors, 
but you have to use whatever they offer. Linode offers servers in 
Centos, Alpine, Arch, Debian, Fedora, Gentoo, Slackware, Ubuntu, and 
OpenSUSE. To use their service, you choose a platform/OS and specs. 
It's built for you in their data center, then you log in and 
configure/install what you want.



So for Linode there is no Rocky-linux or FreeBSD. Not to say that 
Rocky won't be supported in the future. If it takes hold and many of 
the CentOS customers move that direction, I'm sure it will.



It's just something to keep in mind and consider as this is moved 
forward.



gary


On 12/11/2020 8:52 AM, Eric Broch wrote:


This looks like good news: https://github.com/rocky-linux

On another note: IBM bought/acquired 
<https://www.redhat.com/en/about/press-releases/ibm-closes-landmark-acquisition-red-hat-34-billion-defines-open-hybrid-cloud-future> 
Red Hat.



On 12/10/2020 8:35 AM, Eric Broch wrote:


/Fellow QMT enthusiasts:
/

/I became concerned about the future of CentOS a week or so ago 
///(not a premonition just my natural paranoia) /prior to their 
announcement two days back and visited centos.org to relieve my 
fears. I was confident at that point that having gotten QMT/CentOS 
8 ready I was good to go for ~10 years. My confidence MAY have 
been hasty. I'm still not sure what drawbacks 'stream' is going to 
bring, if any, and like Angus am apprehensive. It's supposed to be 
an intermediate environment between Fedora and RHEL. In my 
opinion, to release CentOS 8 and then move it from downstream to 
upstream after people have already migrated is short-sighted at 
the very least, and its name Community Enterprise OS (8) is now a 
misnomer. Living in somewhat of a cocoon, I was completely unaware 
that RH "joined" CentOS. I've heard some say that we've been 
freeloading off CentOS for years and now it's time to pay up. 
Never mind that a free kernel is used and we actually test the 
software and report bugs. That said, I have REALLY enjoyed using 
CentOS since the beginning.

/

/That said, having a look at the old spec files from *-toaster 
designation days when we built the QMT for specific platforms, 
Fedora, was among them along with Suse, Mandrake, so, at the 
beginning QMT was used in a non-Enterprise environment. Anyway...

/

/Personally, I'm interested in both Debian and FreeBSD and would 
like to go back halfway to multi-platform builds while keeping the 
current QMT/CentOS 8 offering. This would mitigate the problems, 
if there are any, we are seeing now (hopefully). I guess it just 
depends on when (or if) the mega-corps buy up all of the Linux 
distributions and hang us all out to dry. Given the Felliniesque 
nature of the world today nothing would surprise me anymore.

/

/One advantage of having a ports like mail server is the ability, 
if one is inclined to dig a little beyond binary installs, to make 
changes on the fly without having to wait for packages from the repo./


/I've tried to install FreeBSD, although somewhat half-heartedly, 
on Proxmox serveral times with no success. If anyone has any hints 
I'm all ears...just my 2 cents./


/So, if anyone is working on installing QMT on another platform 
please keep us apprised of your successes. If you feel like 
writing it up, I'll post it to the web site.

/

/I'll be looking into converting to *.deb packages (like rpm's, 
binary ease of install) in some way (I tried using alien...on the 
website) which can be used on Ubuntu and Debian Linux. Back to 
work for me...

/

/Eric B.
/

On 12/9/2020 7:31 PM, Tony White wrote:

Hi all,
  Anyone interested in BSD either Free or Open?
I am starting to work on building a FreeBSD version
of this for myself. Would like to know if anyone
else is interested.

best wishes
  Tony White

On 10/12/20 6:49 am, Unai Rodriguez wrote:

Debian!

-- unai

On Wed, Dec 9, 2020, at 8:20 PM, Boheme wrote:
I’ve been meaning to learn to compile all the source for Ubuntu 
for a

while. This may be the kick in the pants I needed.

-Sent from my Pip-Boy 3000

On 10/12/2020, at 12:50 AM, Angus McIntyre  
wrote:


Does anyone have any thoughts on t

Re: [qmailtoaster] Future of qmailtoaster on CentOS?

[Jeff Koch]

We have a similar situation with AWS.   Jeff

On 12/11/2020 9:45 AM, Gary Bowling wrote:



One issue I have is that my toaster is hosted on a virtual machine at 
Linode. Others may use virtual solutions as well.



These services offer virtual machines of several popular flavors, but 
you have to use whatever they offer. Linode offers servers in Centos, 
Alpine, Arch, Debian, Fedora, Gentoo, Slackware, Ubuntu, and OpenSUSE. 
To use their service, you choose a platform/OS and specs. It's built 
for you in their data center, then you log in and configure/install 
what you want.



So for Linode there is no Rocky-linux or FreeBSD. Not to say that 
Rocky won't be supported in the future. If it takes hold and many of 
the CentOS customers move that direction, I'm sure it will.



It's just something to keep in mind and consider as this is moved forward.


gary


On 12/11/2020 8:52 AM, Eric Broch wrote:


This looks like good news: https://github.com/rocky-linux

On another note: IBM bought/acquired 
 
Red Hat.



On 12/10/2020 8:35 AM, Eric Broch wrote:


/Fellow QMT enthusiasts:
/

/I became concerned about the future of CentOS a week or so ago 
///(not a premonition just my natural paranoia) /prior to their 
announcement two days back and visited centos.org to relieve my 
fears. I was confident at that point that having gotten QMT/CentOS 8 
ready I was good to go for ~10 years. My confidence MAY have been 
hasty. I'm still not sure what drawbacks 'stream' is going to bring, 
if any, and like Angus am apprehensive. It's supposed to be an 
intermediate environment between Fedora and RHEL. In my opinion, to 
release CentOS 8 and then move it from downstream to upstream after 
people have already migrated is short-sighted at the very least, and 
its name Community Enterprise OS (8) is now a misnomer. Living in 
somewhat of a cocoon, I was completely unaware that RH "joined" 
CentOS. I've heard some say that we've been freeloading off CentOS 
for years and now it's time to pay up. Never mind that a free kernel 
is used and we actually test the software and report bugs. That 
said, I have REALLY enjoyed using CentOS since the beginning.

/

/That said, having a look at the old spec files from *-toaster 
designation days when we built the QMT for specific platforms, 
Fedora, was among them along with Suse, Mandrake, so, at the 
beginning QMT was used in a non-Enterprise environment. Anyway...

/

/Personally, I'm interested in both Debian and FreeBSD and would 
like to go back halfway to multi-platform builds while keeping the 
current QMT/CentOS 8 offering. This would mitigate the problems, if 
there are any, we are seeing now (hopefully). I guess it just 
depends on when (or if) the mega-corps buy up all of the Linux 
distributions and hang us all out to dry. Given the Felliniesque 
nature of the world today nothing would surprise me anymore.

/

/One advantage of having a ports like mail server is the ability, if 
one is inclined to dig a little beyond binary installs, to make 
changes on the fly without having to wait for packages from the repo./


/I've tried to install FreeBSD, although somewhat half-heartedly, on 
Proxmox serveral times with no success. If anyone has any hints I'm 
all ears...just my 2 cents./


/So, if anyone is working on installing QMT on another platform 
please keep us apprised of your successes. If you feel like writing 
it up, I'll post it to the web site.

/

/I'll be looking into converting to *.deb packages (like rpm's, 
binary ease of install) in some way (I tried using alien...on the 
website) which can be used on Ubuntu and Debian Linux. Back to work 
for me...

/

/Eric B.
/

On 12/9/2020 7:31 PM, Tony White wrote:

Hi all,
  Anyone interested in BSD either Free or Open?
I am starting to work on building a FreeBSD version
of this for myself. Would like to know if anyone
else is interested.

best wishes
  Tony White

On 10/12/20 6:49 am, Unai Rodriguez wrote:

Debian!

-- unai

On Wed, Dec 9, 2020, at 8:20 PM, Boheme wrote:
I’ve been meaning to learn to compile all the source for Ubuntu 
for a

while. This may be the kick in the pants I needed.

-Sent from my Pip-Boy 3000


On 10/12/2020, at 12:50 AM, Angus McIntyre  wrote:

Does anyone have any thoughts on the likely future of 
qmailtoaster given the new plans for CentOS?


(See https://centos.org/distro-faq/ for more details)

I'd never actually heard of CentOS Stream before today, but 
having just painfully built a working toaster on top of CentOS 
8, I'm a little apprehensive about the impact of the proposed 
changes.


Comments?

Angus


- 

To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Future of qmailtoaster on CentOS?

[Jeff Koch]

Sorry - I was looking at the RHEL life-cycle dates - but looking at the 
correct dates perhaps it's better to stay with CentOS 7


Jeff

On 12/9/2020 11:07 AM, Eric Broch wrote:


I thought that it said that CentOS 7 would be support through 2024 and 
8 through 2021?


On 12/9/2020 8:11 AM, Jeff Koch wrote:
It appears CentOS 8 will continue to be support through 2024 - but 
this is concerning news - Jeff


On 12/9/2020 7:20 AM, Eric Broch wrote:
https://www.change.org/p/centos-governing-board-do-not-destroy-centos-by-using-it-as-a-rhel-upstream 



On 12/9/2020 4:50 AM, Angus McIntyre wrote:
Does anyone have any thoughts on the likely future of qmailtoaster 
given the new plans for CentOS?


(See https://centos.org/distro-faq/ for more details)

I'd never actually heard of CentOS Stream before today, but having 
just painfully built a working toaster on top of CentOS 8, I'm a 
little apprehensive about the impact of the proposed changes.


Comments?

Angus


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Future of qmailtoaster on CentOS?

[Jeff Koch]

It appears CentOS 8 will continue to be support through 2024 - but this 
is concerning news - Jeff


On 12/9/2020 7:20 AM, Eric Broch wrote:
https://www.change.org/p/centos-governing-board-do-not-destroy-centos-by-using-it-as-a-rhel-upstream 



On 12/9/2020 4:50 AM, Angus McIntyre wrote:
Does anyone have any thoughts on the likely future of qmailtoaster 
given the new plans for CentOS?


(See https://centos.org/distro-faq/ for more details)

I'd never actually heard of CentOS Stream before today, but having 
just painfully built a working toaster on top of CentOS 8, I'm a 
little apprehensive about the impact of the proposed changes.


Comments?

Angus


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Close to quota message or scam

[Jeff Koch]

One of our QT7 mailserver accounts got an email addressed to a 
non-existent account that was picked up by his catch-all with the subject


'Mail quota warning - You are close to your quota'

He's using about 0% of his quota which I confirmed by manually checking 
the space used by his account. The header on this email says almost 
nothing except the email came from Mailer-Daemon and it's addressed to 
'Valued Customer:;'


I've seen over-quota messages but never a warning message.  Is there 
anything in QT7 that could be generating such a message.


Thanks,

Jeff Koch

Re: [qmailtoaster] Alternative email filtering (Eset?)

[Jeff Koch]

Janno - let us know what you find out - we could better virus filtering as 
well. Drweb and avast may have Linux / qmail versions

Sent from my iPhone

> On Oct 5, 2020, at 9:19 AM, Eric Broch  wrote:
> 
> I used Sonicwall paid service and I know of others who have used Barracuda.
> 
> You would just set your MX record to point to the paid service MX and 
> configure the paid service MX to route whatever domains are hosted on your 
> QMT to it.
> 
> If you want outgoing service set up the paid service relay in QMT's 
> smtproutes file. You'll also want to find out if the paid service does TLS if 
> you need it.
> 
> I've also looked at things like Proxmox mail gateway and Mailcleaner 
> (https://www.mailcleaner.org && https://www.mailcleaner.org/documentation/). 
> If necessary you'll also want to find out if they do TLS.
> 
> Eric
> 
>> On 10/5/2020 6:59 AM, Gary Bowling wrote:
>> 
>> 
>> I don't know anything about eset. But, if I were looking for a paid 
>> alternative for virus, I would look at relay services.
>> 
>> 
>> A relay service that provides virus scanning makes things very simple and 
>> once configured makes your email server administration the same as it is 
>> now. Your server just sends outbound mail to the relay and inbound traffic 
>> is routed to the relay and then forwarded to your server (your dns mx 
>> records point to the relay service).
>> 
>> 
>> This also makes it the relay companies responsibility to keep you off 
>> blacklists and to resolve any issues with blacklists.
>> 
>> 
>> I haven't done a search for relay companies, but I've thought about it. It 
>> would remove all the things that are a hassle about running a mail server, 
>> which is spam/viruses/blacklists/etc and place that responsibility on 
>> someone else.
>> 
>> 
>> Just my 2 cents.
>> 
>> 
>> Gary
>> 
>> 
>>> On 10/5/2020 8:39 AM, Janno Sannik wrote:
>>> Has anyone tried/using alternative (maybe paid) service for virus scanning?
>>> 
>>> I'm thinking of getting Eset file server or email for linux package. I'm 
>>> really getting some viruses and Trojans going past clamav just to be hit on 
>>> the head with eset workstation security. File security is around 155usd 
>>> first buy and 80usd /yearly for the updates next year.
>>> 
>>> So was thinking to get the file server client and run the CLI to play ball 
>>> with qmail.
>>> 
>>> Sample here: 
>>> https://forum.eset.com/topic/23639-is-there-any-working-cli-scanner-for-linux/
>>> 
>>> 
>>> Has anybody done that or how hard would be to add ESET to the pipeline? For 
>>> me it does not seem too hard and I can make the legwork, but would rather 
>>> get some input before going forward with it.
>>> 
>>> 
>>> Regards,
>>> 
>>> Janno
>>> 
>>> 
>>> 
>>> 
>>> 
>>> -
>>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>> 
>> - To 
>> unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For 
>> additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
> 
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] SPF spfrules

[Jeff Koch]

Hi

Anyone know if QMT 7 supports the 'spfrules' option from the 
mail-spf-rc5.patch ?


Jeff Koch

[qmailtoaster] SPF issue found and resolved

[Jeff Koch]

Hi Eric:

Maybe you remember a few months ago I had a problem with a QMT7 
mailserver that was not checking SPF. We tried everything including 
comparing /var/qmail/bin file sizes against known working mailservers 
and were unable to find the problem.


So I setup a new instance at AWS and built a new QMT7 server and then 
compared everything. Finally I replaced the spamdyke.conf with the 
pristine copy from the new server and that did it. Apparently, the 
customer stuck the following line into the spamdyke.conf and that 
blocked SPF analysis:


access-file=/etc/tcprules.d/tcp.smtp

I commented out the line and the mailserver is doing 'spf-rejects; as it 
should


Go figure!

I thought you'd want to know should the issue come up for anyone else.

Regards

Jeff Koch

Re: [qmailtoaster] ClamAV and Viruses

[Jeff Koch]

Hi Eric:

I've spent the morning going from one mailserver to another checking 
/var/log/qmail/smtp and /var/log/qmail/submission to see what was 
happening and I'm more confused than before. Now it appears the 1.2MB 
email is getting scanned - at least on one server. I'm going to have to 
setup and document some tests.


But here's some interesting tidbits I learned:

1. Simcan is running ClamAV and checking for viruses (but not spam) on 
outgoing emails - this shows in /var/log/qmail/submission with 
SIMSCAN_DEBUG="5"


2. In tcprules.d/tcpsmtp if you assign RELAYCLIENT=""' to an IP address 
then mail from that IP is not checked by simscan for viruses or spam. 
Same thing happens if you forget to add 
QMAILQUEUE="/var/qmail/bin/simscan".


Jeff

On 9/17/2020 12:22 PM, Eric Broch wrote:


Jeff,

Also, can you post the whole simscan transaction?

Eric

On 9/17/2020 10:16 AM, Eric Broch wrote:


What's in /var/qmail/control/databytes ?

On 9/17/2020 8:50 AM, Jeff Koch wrote:

Hi Andreas:

Thanks. However we did some testing yesterday and found that a 1.2MB 
email with a PDF attachment was not getting scanned for viruses or 
spam whereas a 219KB email with a doc attachment was. I'm thinking 
there must be some other setting controlling what simscan scans or 
doesn't.


Jeff

On 9/17/2020 5:41 AM, Andreas Galatis wrote:

Hi Jeff,

the setting is in clamd.conf
# Files larger than this limit won't be scanned. Affects the input 
file itself
# as well as files contained inside it (when the input file is an 
archive, a

# document or some other kind of container).
# Value of 0 disables the limit.
# Note: disabling this limit or setting it too high may result in 
severe damage

# to the system.
# Default: 25M
#MaxFileSize 30M


Andreas

Am 16.09.20 um 23:24 schrieb Jeff Koch:

Hi Eric:

One thing I've noticed is that there's a message size limit on 
what simscan/spamd/clamd will check. Messages over several 
megabytes are skipped. Is there a config file somewhere 
controlling that?


Jeff

On 9/16/2020 2:07 PM, Eric Broch wrote:


Hi Jeff,

I'm not sure why ClamAV would miss a virus. Maybe they'd have a 
better ideal on the ClamAV mailing list.


I've never really depended on ClamAV or Spamassassin, though I'd 
like to, but when killing spam was absolutely necessary I used a 
third party spam gateway.


Eric

On 9/16/2020 9:43 AM, Jeff Koch wrote:


We think we're having a problem with one of our mailservers 
whereby user's PC's are getting hit with viruses. All 
mailservers have had ClamAV recently updated to version 0.102.4. 
The logs at /var/log/qmail/smtp and /var/log/qmail/submission 
show that ClamAV is indeed analyzing emails and attachments so 
we're trying to figure out how these viruses are getting 
through. We do see that most 'Virus Drops' are due to spoofed 
domains. Very, very few are noted as Trojans or actual viruses.


Can anyone share the results of:

grep simscan /var/log/qmail/smtp/current|tai64nlocal |less

showing that clamav is finding actual viruses?

Any thoughts or suggestions would be appreciated.

Jeff

Re: [qmailtoaster] ClamAV and Viruses

[Jeff Koch]

Hi Andreas:

Thanks. However we did some testing yesterday and found that a 1.2MB 
email with a PDF attachment was not getting scanned for viruses or spam 
whereas a 219KB email with a doc attachment was. I'm thinking there must 
be some other setting controlling what simscan scans or doesn't.


Jeff

On 9/17/2020 5:41 AM, Andreas Galatis wrote:

Hi Jeff,

the setting is in clamd.conf
# Files larger than this limit won't be scanned. Affects the input 
file itself
# as well as files contained inside it (when the input file is an 
archive, a

# document or some other kind of container).
# Value of 0 disables the limit.
# Note: disabling this limit or setting it too high may result in 
severe damage

# to the system.
# Default: 25M
#MaxFileSize 30M


Andreas

Am 16.09.20 um 23:24 schrieb Jeff Koch:

Hi Eric:

One thing I've noticed is that there's a message size limit on what 
simscan/spamd/clamd will check. Messages over several megabytes are 
skipped. Is there a config file somewhere controlling that?


Jeff

On 9/16/2020 2:07 PM, Eric Broch wrote:


Hi Jeff,

I'm not sure why ClamAV would miss a virus. Maybe they'd have a 
better ideal on the ClamAV mailing list.


I've never really depended on ClamAV or Spamassassin, though I'd 
like to, but when killing spam was absolutely necessary I used a 
third party spam gateway.


Eric

On 9/16/2020 9:43 AM, Jeff Koch wrote:


We think we're having a problem with one of our mailservers whereby 
user's PC's are getting hit with viruses. All mailservers have had 
ClamAV recently updated to version 0.102.4. The logs at 
/var/log/qmail/smtp and /var/log/qmail/submission show that ClamAV 
is indeed analyzing emails and attachments so we're trying to 
figure out how these viruses are getting through. We do see that 
most 'Virus Drops' are due to spoofed domains. Very, very few are 
noted as Trojans or actual viruses.


Can anyone share the results of:

grep simscan /var/log/qmail/smtp/current|tai64nlocal |less

showing that clamav is finding actual viruses?

Any thoughts or suggestions would be appreciated.

Jeff

Re: [qmailtoaster] ClamAV and Viruses

[Jeff Koch]

Hi Eric:

One thing I've noticed is that there's a message size limit on what 
simscan/spamd/clamd will check. Messages over several megabytes are 
skipped. Is there a config file somewhere controlling that?


Jeff

On 9/16/2020 2:07 PM, Eric Broch wrote:


Hi Jeff,

I'm not sure why ClamAV would miss a virus. Maybe they'd have a better 
ideal on the ClamAV mailing list.


I've never really depended on ClamAV or Spamassassin, though I'd like 
to, but when killing spam was absolutely necessary I used a third 
party spam gateway.


Eric

On 9/16/2020 9:43 AM, Jeff Koch wrote:


We think we're having a problem with one of our mailservers whereby 
user's PC's are getting hit with viruses. All mailservers have had 
ClamAV recently updated to version 0.102.4. The logs at 
/var/log/qmail/smtp and /var/log/qmail/submission show that ClamAV is 
indeed analyzing emails and attachments so we're trying to figure out 
how these viruses are getting through. We do see that most 'Virus 
Drops' are due to spoofed domains. Very, very few are noted as 
Trojans or actual viruses.


Can anyone share the results of:

grep simscan /var/log/qmail/smtp/current|tai64nlocal |less

showing that clamav is finding actual viruses?

Any thoughts or suggestions would be appreciated.

Jeff

[qmailtoaster] ClamAV and Viruses

[Jeff Koch]

We think we're having a problem with one of our mailservers whereby 
user's PC's are getting hit with viruses. All mailservers have had 
ClamAV recently updated to version 0.102.4. The logs at 
/var/log/qmail/smtp and /var/log/qmail/submission show that ClamAV is 
indeed analyzing emails and attachments so we're trying to figure out 
how these viruses are getting through. We do see that most 'Virus Drops' 
are due to spoofed domains. Very, very few are noted as Trojans or 
actual viruses.


Can anyone share the results of:

grep simscan /var/log/qmail/smtp/current|tai64nlocal |less

showing that clamav is finding actual viruses?

Any thoughts or suggestions would be appreciated.

Jeff

Re: [qmailtoaster] clamscan error

[Jeff Koch]

Eric - thanks - a lot of interesting hints.

Jeff

On 9/16/2020 9:42 AM, Eric Broch wrote:


https://www.howtoforge.com/community/threads/clamd-will-not-start.34559/

On 9/16/2020 7:40 AM, Eric Broch wrote:


Sorry, missed the first part of your question.

Have a look here:

https://github.com/kylefarris/clamscan/issues/25

On 9/16/2020 7:29 AM, Eric Broch wrote:


Is the service started?

On 9/16/2020 7:17 AM, Jeff Koch wrote:


Hi Eric:

I'm getting the following error when trying to restart clamd@scan

simscan: clamdscan: ERROR: Could not connect to clamd on 
LocalSocket /run/clamd.scan/clamd.sock: No such file or directory


Any idea how to handle this?

Jeff

[qmailtoaster] clamscan error

[Jeff Koch]

Hi Eric:

I'm getting the following error when trying to restart clamd@scan

simscan: clamdscan: ERROR: Could not connect to clamd on LocalSocket 
/run/clamd.scan/clamd.sock: No such file or directory


Any idea how to handle this?

Jeff

[qmailtoaster] ClamAV and Viruses

[Jeff Koch]

We're having a problem with one of our mailservers whereby user's PC's 
are getting hit with viruses. All mailservers have had ClamAV recently 
updated to version 1.4.0. The logs at /var/log/qmail/smtp and 
/var/log/qmail/submission show that ClamAV is indeed analyzing emails 
and attachments so we're trying to figure out how these viruses are 
getting through. We do see that most 'Virus Drops' are due to spoofed 
domains. Very, very few are noted as Trojans or actual viruses.


Any thoughts or suggestions would be appreciated.

Jeff

Re: [qmailtoaster] Smtproutes

[Jeff Koch]

I think the way it works is that domainname.com would be the domain name 
of who the mail is going to.


For example if you wanted to route all emails to Comcast addresses thru 
a mailserver at IP 74.28.22.16 via port 26 you would have a line that says:


comcast.net:74.28.22.16:26

Jeff

On 8/20/2020 2:39 PM, Eric Broch wrote:

What version of qmail

On 8/20/2020 12:24 PM, Miguel Angel Amable Ventura wrote:

Hello everyone,

I have been trying to set up the smtproutes file in 
/var/qmail/control/smtproutes


with the following information:

domainname.com:ip_address_dest:587

restarted qmail with:

qmailctl stop

qmailctl start

systemctl restart dovecot

But when I send an email from domainname.com it does not relay to the 
ip_address_dest server, instead it goes directly to the destination 
domain and does not do the smarthost function. Checking the logs in 
/var/log/qmail/send/current it does not even try to contact the 
smarthost! Maybe I am missing to restart any other service related to 
qmail to read the new config file?


Do you know what i am missing here to get it work ok?

Have a nice day!

Mike


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] ClamAV Upgrade

[Jeff Koch]

Hi List:

I see in our logs that

WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.1 Recommended version: 0.102.4

We're using QMT7. What's the recommended procedure for upgrading ClamAV

Thanks, Jeff

[qmailtoaster] Pruning qmailqueue

[Jeff Koch]

Hi - does anyone have a script that can be used to prune the qmailqueue. 
There used to be one that allowed us to search for and delete queued 
emails by sender or keyword. Very useful for getting rid of spam in the 
queue without deleting the entire queue.


 I remember using it on our old Bill's toaster mailservers but then it 
stopped working.


Thanks

Jeff

Re: [qmailtoaster] SPF logging

[Jeff Koch]

qmailmrtg-4.2-3.qt.el7.x86_64
qmail-1.03-2.2.1.qt.el7.x86_64
qmailadmin-1.2.16-2.qt.el7.x86_64

On 3/21/2020 11:41 AM, Eric Broch wrote:


rpm -qa | grep qmail

On 3/21/2020 9:38 AM, Jeff Koch wrote:

Hi Eric:

No - the one that doesn't work was built in October 2019. Where would 
I find the QMT 7 version?


According to the file qt_install.sh - it is installing 
qmt-release-1-7.qt.el7.noarch.rpm


Also, I ran the SPF test from 
https://notes.sagredo.eu/en/qmail-notes-185/spf-239.html with SPF 
behavior bumped up to '6' and the server does not respond with the 
spf.pobox.com message - as it should.


Another thing I notice is that the tcp.smtp rules file ends with:

:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="1000",CHKUSER_WRONGRCPTLIMIT="10",
NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan"

where as the other mailservers (where SPF does work) have:

:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="25",CHKUSER_WRONGRCPTLIMIT="10",
NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmailqueue.orig",
DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private"


Jeff


On 3/21/2020 11:16 AM, Eric Broch wrote:


Are all the servers running the same version of qmail?


On 3/21/2020 8:20 AM, Jeff Koch wrote:

Abel -

thanks. We see spf-reject entries in our older QMT7 mailservers but 
we have one that was built in October 2019 that is not showing any 
spf-rejects in it's smtp log despite the spfbehavior being set to '3'.


I don't see anything in tcprules.smtp or the 
/var/qmail/supervise/smtp/run file that overrides the spf behavior.


Is there anyway we can trouble shoot qmail-smtpd to figure why SPF 
checking is not working?


Jeff

On 3/20/2020 5:25 PM, a...@globalgate.com.ar wrote:



On Fri, 20 Mar 2020, Jeff Koch wrote:

Hi - last week we changed the SPF behavior on our mailservers to 
'3' and restarted QMT7. Where would we see logging of SPF 
failures on incoming mail? I did a grep of /var/log/qmail/smtp 
logs for 'SPF' and didn't see anything.


Just want to make sure SPF behavior is working.

Regards, Jeff





Hi,
you should be able to see entries ' spf-reject:' for example in 
your smtpd logs.


regards

--Abel

-
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] SPF logging

[Jeff Koch]

Hi Eric:

No - the one that doesn't work was built in October 2019. Where would I 
find the QMT 7 version?


According to the file qt_install.sh - it is installing 
qmt-release-1-7.qt.el7.noarch.rpm


Also, I ran the SPF test from 
https://notes.sagredo.eu/en/qmail-notes-185/spf-239.html with SPF 
behavior bumped up to '6' and the server does not respond with the 
spf.pobox.com message - as it should.


Another thing I notice is that the tcp.smtp rules file ends with:

:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="1000",CHKUSER_WRONGRCPTLIMIT="10",
NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan"

where as the other mailservers (where SPF does work) have:

:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="25",CHKUSER_WRONGRCPTLIMIT="10",
NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmailqueue.orig",
DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private"


Jeff


On 3/21/2020 11:16 AM, Eric Broch wrote:


Are all the servers running the same version of qmail?


On 3/21/2020 8:20 AM, Jeff Koch wrote:

Abel -

thanks. We see spf-reject entries in our older QMT7 mailservers but 
we have one that was built in October 2019 that is not showing any 
spf-rejects in it's smtp log despite the spfbehavior being set to '3'.


I don't see anything in tcprules.smtp or the 
/var/qmail/supervise/smtp/run file that overrides the spf behavior.


Is there anyway we can trouble shoot qmail-smtpd to figure why SPF 
checking is not working?


Jeff

On 3/20/2020 5:25 PM, a...@globalgate.com.ar wrote:



On Fri, 20 Mar 2020, Jeff Koch wrote:

Hi - last week we changed the SPF behavior on our mailservers to 
'3' and restarted QMT7. Where would we see logging of SPF failures 
on incoming mail? I did a grep of /var/log/qmail/smtp logs for 
'SPF' and didn't see anything.


Just want to make sure SPF behavior is working.

Regards, Jeff





Hi,
you should be able to see entries ' spf-reject:' for example in your 
smtpd logs.


regards

--Abel

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] SPF logging

[Jeff Koch]

Abel -

thanks. We see spf-reject entries in our older QMT7 mailservers but we 
have one that was built in October 2019 that is not showing any 
spf-rejects in it's smtp log despite the spfbehavior being set to '3'.


I don't see anything in tcprules.smtp or the 
/var/qmail/supervise/smtp/run file that overrides the spf behavior.


Is there anyway we can trouble shoot qmail-smtpd to figure why SPF 
checking is not working?


Jeff

On 3/20/2020 5:25 PM, a...@globalgate.com.ar wrote:



On Fri, 20 Mar 2020, Jeff Koch wrote:

Hi - last week we changed the SPF behavior on our mailservers to '3' 
and restarted QMT7.  Where would we see logging of SPF failures on 
incoming mail? I did a grep of /var/log/qmail/smtp logs for 'SPF' and 
didn't see anything.


Just want to make sure SPF behavior is working.

Regards, Jeff





Hi,
you should be able to see entries ' spf-reject:' for example in your 
smtpd logs.


regards

--Abel

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] SPF logging

[Jeff Koch]

Abel - thank you - exactly what I needed to know  - Jeff

On 3/20/2020 5:25 PM, a...@globalgate.com.ar wrote:



On Fri, 20 Mar 2020, Jeff Koch wrote:

Hi - last week we changed the SPF behavior on our mailservers to '3' 
and restarted QMT7.  Where would we see logging of SPF failures on 
incoming mail? I did a grep of /var/log/qmail/smtp logs for 'SPF' and 
didn't see anything.


Just want to make sure SPF behavior is working.

Regards, Jeff





Hi,
you should be able to see entries ' spf-reject:' for example in your 
smtpd logs.


regards

--Abel

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] SPF logging

[Jeff Koch]

Hi - last week we changed the SPF behavior on our mailservers to '3' and 
restarted QMT7.  Where would we see logging of SPF failures on incoming 
mail? I did a grep of /var/log/qmail/smtp logs for 'SPF' and didn't see 
anything.


Just want to make sure SPF behavior is working.

Regards, Jeff

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Dovecot Maximum number of connections from user+IP exceeded

[Jeff Koch]

We figured this out. You need to put

mail_max_userip_connections = 30

in the dovecot local.conf file.

Jeff

On 12/11/2019 3:12 PM, Tomasz Lachowicz wrote:

doveconf -p |grep mail_max


maybe dovecot dont include config files from conf.d directory

Thomas

W dniu 29.11.2019 o 22:50, Jeff Koch pisze:


Hi:

Our users are complaining about this error message:

Maximum number of connections from user+IP exceeded 
(mail_max_userip_connections=10)


We have adjusted the configuration entries at 
/etc/dovecot/conf.d/20-imap.conf and 20-pop3.conf to:


mail_max_userip_connections = 30
mail_max_userip_connections = 30

and restarted qmail and dovecot and yet the users are still getting 
this message saying they have exceeded the limit of 10.


How can I fix this?

Jeff




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] taps not working

[Jeff Koch]

The 'taps' function requires the qmail source code to be patched with 
the 'taps' code and recompiled. I don't think the 'taps' patch is 
included in QMT7


Jeff

On 12/2/2019 6:48 AM, ChandranManikandan wrote:

Hi Eric and friends,

The taps is not working on COS7.
Some email account transaction copied (tapped) to another dedicated 
email account on my earlier version COS6. It was working  well, i have 
copied the same file to the new server with the same path 
/var/qmail/control/taps. But unable to see the logs and tapped not 
working.

Could you advise how to do that in the new server.
--
*/Regards,
Manikandan.C
/*

[qmailtoaster] Dovecot Maximum number of connections from user+IP exceeded

[Jeff Koch]

Hi:

Our users are complaining about this error message:

Maximum number of connections from user+IP exceeded 
(mail_max_userip_connections=10)


We have adjusted the configuration entries at 
/etc/dovecot/conf.d/20-imap.conf and 20-pop3.conf to:


mail_max_userip_connections = 30
mail_max_userip_connections = 30

and restarted qmail and dovecot and yet the users are still getting this 
message saying they have exceeded the limit of 10.


How can I fix this?

Jeff

Re: [qmailtoaster] squirrelmail outgoing error on centos 7

[Jeff Koch]

Chandran:

Just a long shot but check your dovecot settings in the /etc/dovecot/ 
directory and make sure SSL encryption is optional - not required. Also, 
dovecot would be looking for an SSL certificate. We always point that 
setting to the SSL certificates at /var/qmail/control/servercert.pem. 
And although complicated to setup we get our mailserver certs from Lets 
Encrypt.


Jeff

On 11/21/2019 12:13 AM, r...@mattei.org wrote:

Use roundcube :)

Il giorno 20 nov 2019, alle ore 02:50, ChandranManikandan 
 ha scritto:



Hi Friends,

I have installed qmt on centos 7 and tried to send an email it 
getting below message.


Message not sent. Server replied:

Encryption required for requested authentication mechanism
538 auth not available without TLS (#5.3.3)


Could anyone facing this issue? and what causes?


--
*/Regards,
Manikandan.C
/*


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Solved - Re: [qmailtoaster] update soft-reject - clamd won't start

[Jeff Koch]

I added swap memory to the server and the following line will restart clamd

systemctl start clamav-daemon  to control clamd

Still don't know why after running for a month the mailserver should run 
our of memory.


Jeff


On 11/18/2019 8:30 PM, Jeff Koch wrote:


I found this in the /var/log/messages/ - 3:10pm is about when clamd 
stopped


Could there be a memory leak?

Jeff



Nov 18 15:09:59 vidar clamd: Mon Nov 18 15:09:59 2019 -> 
~/var/qmail/simscan/1574107789.220621.20708/im

age001.png: OK
Nov 18 15:10:12 vidar kernel: [  798]    46   798    21123 365  
45    0 0 fres

hclam
Nov 18 15:10:12 vidar kernel: [  803]    46   803   433606 330432 
784    0 0 clam

d
Nov 18 15:10:13 vidar kernel: [20682]    89 20682    10154 136  
24    0 0 clam

dscan
Nov 18 15:10:13 vidar kernel: [20756]    89 20756    10154 137  
25    0 0 clam

dscan
Nov 18 15:10:13 vidar kernel: Out of memory: Kill process 803 (clamd) 
score 165 or sacrifice child
Nov 18 15:10:13 vidar kernel: Killed process 803 (clamd), UID 46, 
total-vm:1734424kB, anon-rss:1321804k

B, file-rss:0kB, shmem-rss:0kB
Nov 18 15:10:13 vidar systemd: clamav-daemon.service: main process 
exited, code=killed, status=9/KILL
Nov 18 15:10:13 vidar systemd: Unit clamav-daemon.service entered 
failed state.

Nov 18 15:10:13 vidar systemd: clamav-daemon.service failed.

[qmailtoaster] update soft-reject - clamd won't start

[Jeff Koch]

I found this in the /var/log/messages/ - 3:10pm is about when clamd stopped

Could there be a memory leak?

Jeff



Nov 18 15:09:59 vidar clamd: Mon Nov 18 15:09:59 2019 -> 
~/var/qmail/simscan/1574107789.220621.20708/im

age001.png: OK
Nov 18 15:10:12 vidar kernel: [  798]    46   798    21123 365  
45    0 0 fres

hclam
Nov 18 15:10:12 vidar kernel: [  803]    46   803   433606 330432 
784    0 0 clam

d
Nov 18 15:10:13 vidar kernel: [20682]    89 20682    10154 136  
24    0 0 clam

dscan
Nov 18 15:10:13 vidar kernel: [20756]    89 20756    10154 137  
25    0 0 clam

dscan
Nov 18 15:10:13 vidar kernel: Out of memory: Kill process 803 (clamd) 
score 165 or sacrifice child
Nov 18 15:10:13 vidar kernel: Killed process 803 (clamd), UID 46, 
total-vm:1734424kB, anon-rss:1321804k

B, file-rss:0kB, shmem-rss:0kB
Nov 18 15:10:13 vidar systemd: clamav-daemon.service: main process 
exited, code=killed, status=9/KILL
Nov 18 15:10:13 vidar systemd: Unit clamav-daemon.service entered failed 
state.

Nov 18 15:10:13 vidar systemd: clamav-daemon.service failed.

[qmailtoaster] Update:Re: [qmailtoaster] qq soft-rejects

[Jeff Koch]

Update:  Problem was clamd stopped working. I started it in the 
foreground and mail is now going through and no more qq soft-rejects.


Now to figure out how clamd should have been started and why did it stop.

Jeff



On 11/18/2019 4:57 PM, Jeff Koch wrote:


About two hours ago one of our QMT7 mailservers started rejecting 
incoming port 25 and 587 messges with the following log entry:


qmail-smtpd: qq soft reject (mail server temporarily rejected message

before I start going nuts with debugging code has anybody seen this 
error and knows what the problem could be?


I feel as if a file got too big or a directory has too many files.

Regards, Jeff

[qmailtoaster] qq soft-rejects

[Jeff Koch]

About two hours ago one of our QMT7 mailservers started rejecting 
incoming port 25 and 587 messges with the following log entry:


qmail-smtpd: qq soft reject (mail server temporarily rejected message

before I start going nuts with debugging code has anybody seen this 
error and knows what the problem could be?


I feel as if a file got too big or a directory has too many files.

Regards, Jeff

Re: [qmailtoaster] SquirrelMail

[Jeff Koch]

True - but I think there's needs to be a pop3 or imap transaction first 
- an smtp transaction may not do it. So in the case where a user uses 
webmail exclusively dovecot may not get a chance to operate before 
squirrelmail errors out.  This is speculation on my part since I have 
not traced anything through.


Jeff

On 11/1/2019 10:42 AM, Eric Broch wrote:


Odd! Even though the cron job deleted maildirsize it should be 
recreated by Dovecot. This is my experience.


On 11/1/2019 7:45 AM, Jeff Koch wrote:

I think I may have found the problem.

I had a cron job running that was copied from an old version of 
Bill's Toaster that was deleting the maildirsize and quotawarn files 
on all domains once a day at midnight. The purpose was to force 
maildirsize to recalculate because we had had a problem with users 
getting quota warnings when their accounts were clearly not over quota.


I presume that the result of having done the above was to provide 
squirrel mail with null data on quota status leading to the errors we 
were getting.


I removed the cron job. We'll see what happens now.

Thanks to everyone for thinking through this for me .

Regards, Jeff Koch

On 10/31/2019 10:35 AM, Eric Broch wrote:
When I create a user with vadduser the maildirsize file is 
automatically created. When I open squirrelmail whatever is in this 
file is reflected in as quota. If I logout of squirrelmail and 
delete the file maildirsize and then log back in the file is created 
automatically by, I think, Dovecot. These are my dovecot settings


grep quota /etc/dovecot/*.conf

/etc/dovecot/toaster.conf:mail_plugins = $mail_plugins quota
/etc/dovecot/toaster.conf:plugin/quota = maildir
/etc/dovecot/toaster.conf:  args = cache_key=%u 
quota_template=quota_rule=*:backend=%q

/etc/dovecot/toaster.conf:  mail_plugins = $mail_plugins imap_quota
/etc/dovecot/toaster.conf:  quota = maildir:ignore=Trash
/etc/dovecot/toaster.conf:  quota_rule = ?:storage=0

On 10/30/2019 9:48 PM, Angus McIntyre wrote:
Some quick Googling suggests that this is a dovecot error, not a 
Squirrelmail error.


One person responding to a question about this error suggests 
checking '/etc/dovecot/dovecot.conf' to make sure that the 
'quotadict' variable is not commented out. I don't know if that's 
relevant to your situation, but I'd suggest digging into the 
dovecot logs and configuration to see if that suggests any issues.


Angus



On 2019-10-29 12:30, Jeff Koch wrote:

Here's a screen shot of the squirrel mail issue -  the error goes
away if I run vuserinfo from within the server - Jeff

On 10/28/2019 7:59 PM, Eric Broch wrote:


I've never seen it.

On 10/28/2019 5:28 PM, Jeff Koch wrote:


Hi Guys:

Periodically customers go into squirrelmail and see this error
message:

ERROR: Could not complete request.
Query:
Reason Given: Internal quota calculation error (0.001 + 0.000
secs).

I can fix it easily by doing a 'userinfo' on the email account.
Apparently that forces a recalculation of the user's quota usage
and fixes the error. But the question is why does this error show
up in the first place and how to prevent it from happening. Has
any one else seen this?

Jeff





-


To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com




-


To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] SquirrelMail

[Jeff Koch]

Hi Angus/Eric:

Angus - thank you for finding something on this issue but I'm not sure 
whether this is the problem. Here are my dovecot settings related to 
'quota'. They seem to be exactly the same as Eric's:


pegasus:/# grep quota /etc/dovecot/*.conf
/etc/dovecot/toaster.conf:mail_plugins = $mail_plugins quota
/etc/dovecot/toaster.conf:plugin/quota = maildir
/etc/dovecot/toaster.conf:  mail_plugins = $mail_plugins imap_quota
/etc/dovecot/toaster.conf:  args = cache_key=%u 
quota_template=quota_rule=*:backend=%q

/etc/dovecot/toaster.conf:  quota = maildir:ignore=Trash
/etc/dovecot/toaster.conf:  quota_rule = ?:storage=0

Jeff

On 10/31/2019 10:35 AM, Eric Broch wrote:
When I create a user with vadduser the maildirsize file is 
automatically created. When I open squirrelmail whatever is in this 
file is reflected in as quota. If I logout of squirrelmail and delete 
the file maildirsize and then log back in the file is created 
automatically by, I think, Dovecot. These are my dovecot settings


grep quota /etc/dovecot/*.conf

/etc/dovecot/toaster.conf:mail_plugins = $mail_plugins quota
/etc/dovecot/toaster.conf:plugin/quota = maildir
/etc/dovecot/toaster.conf:  args = cache_key=%u 
quota_template=quota_rule=*:backend=%q

/etc/dovecot/toaster.conf:  mail_plugins = $mail_plugins imap_quota
/etc/dovecot/toaster.conf:  quota = maildir:ignore=Trash
/etc/dovecot/toaster.conf:  quota_rule = ?:storage=0

On 10/30/2019 9:48 PM, Angus McIntyre wrote:
Some quick Googling suggests that this is a dovecot error, not a 
Squirrelmail error.


One person responding to a question about this error suggests 
checking '/etc/dovecot/dovecot.conf' to make sure that the 
'quotadict' variable is not commented out. I don't know if that's 
relevant to your situation, but I'd suggest digging into the dovecot 
logs and configuration to see if that suggests any issues.


Angus



On 2019-10-29 12:30, Jeff Koch wrote:

Here's a screen shot of the squirrel mail issue -  the error goes
away if I run vuserinfo from within the server - Jeff

On 10/28/2019 7:59 PM, Eric Broch wrote:


I've never seen it.

On 10/28/2019 5:28 PM, Jeff Koch wrote:


Hi Guys:

Periodically customers go into squirrelmail and see this error
message:

ERROR: Could not complete request.
Query:
Reason Given: Internal quota calculation error (0.001 + 0.000
secs).

I can fix it easily by doing a 'userinfo' on the email account.
Apparently that forces a recalculation of the user's quota usage
and fixes the error. But the question is why does this error show
up in the first place and how to prevent it from happening. Has
any one else seen this?

Jeff





-


To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com




-


To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] SquirrelMail

[Jeff Koch]

Here's a screen shot of the squirrel mail issue -  the error goes away 
if I run vuserinfo from within the server - Jeff




On 10/28/2019 7:59 PM, Eric Broch wrote:

I've never seen it.

On 10/28/2019 5:28 PM, Jeff Koch wrote:

Hi Guys:

Periodically customers go into squirrelmail and see this error message:

ERROR: Could not complete request.
Query:
Reason Given: Internal quota calculation error (0.001 + 0.000 secs).

I can fix it easily by doing a 'userinfo' on the email account. 
Apparently that forces a recalculation of the user's quota usage and 
fixes the error. But the question is why does this error show up in 
the first place and how to prevent it from happening. Has any one 
else seen this?


Jeff


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] SquirrelMail

[Jeff Koch]

Hi Guys:

Periodically customers go into squirrelmail and see this error message:

ERROR: Could not complete request.
Query:
Reason Given: Internal quota calculation error (0.001 + 0.000 secs).

I can fix it easily by doing a 'userinfo' on the email account. 
Apparently that forces a recalculation of the user's quota usage and 
fixes the error. But the question is why does this error show up in the 
first place and how to prevent it from happening. Has any one else seen 
this?


Jeff


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] CNAME patch

[Jeff Koch]

HI Eric

I recall there was a CNAME lookup issue a few year's ago and you found a 
patch that would disable CNAME lookups. Is the CNAME patch still needed?


Jeff



On 10/22/2019 9:51 PM, Eric Broch wrote:


In /var/qmail/supervise/smtp/run add

SIMSCAN_DEBUG=5

stop and start qmail

check log

On 10/22/2019 7:30 PM, Jeff Koch wrote:


Hi

On our new QMT7 mailserver we're seeing quite a few incoming emails 
being rejected with this message:


TLS reason: 451_mail_server_temporarily_rejected_message_(#4.3.0)

Anyone know what this is about ?

Thanks, Jeff Koch

P.S. Sorry for all the questions.


On 10/22/2019 9:27 AM, Eric Broch wrote:


Manual.

At some point I'll make an auto install...apologies.

On 10/22/2019 7:25 AM, Jeff Koch wrote:
Eric - thanks again. Question - is DKIM built in now or do we need 
to go through the setup process?


Jeff

On 10/22/2019 8:59 AM, Eric Broch wrote:


# ls -l /var/qmail/bin/qmail-queue /var/qmail/bin/qmail-queue.orig 
/var/qmail/bin/qmail-dk

-rws--x--x 1 qmailq qmail 52096 Jan 21  2018 /var/qmail/bin/qmail-dk
lrwxrwxrwx 1 root   root 23 Jun 14  2018 
/var/qmail/bin/qmail-queue -> /var/qmail/bin/qmail-dk
-rws--x--x 1 qmailq qmail 27040 Jan 21  2018 
/var/qmail/bin/qmail-queue.orig


Stop qmail

# qmailctl stop

Remove symlink to qmail-dk

# unlink /var/qmail/bin/qmail-queue

Move qmail-queue.orig to qmail-queue

# mv /var/qmail/bin/qmail-queue.orig /var/qmail/bin/qmail-queue

Start qmail

# qmailctl start

Remove DKSIGN, DKVERIFY, DKQUEUE (DomainKeys) from tcp.smtp.

# qmailctl cdb

On 10/22/2019 6:50 AM, Jeff Koch wrote:


Hi:

Anyone know why we would be seeing this message when trying to 
send email on a new QMT7 setup?


554 qmail-dk: Cannot sign message due to invalid message syntax. 
(#5.3.0)



Thanks, Jeff

Re: [qmailtoaster] Error on new mailserver setup

[Jeff Koch]

Hi

On our new QMT7 mailserver we're seeing quite a few incoming emails 
being rejected with this message:


TLS reason: 451_mail_server_temporarily_rejected_message_(#4.3.0)

Anyone know what this is about ?

Thanks, Jeff Koch

P.S. Sorry for all the questions.


On 10/22/2019 9:27 AM, Eric Broch wrote:


Manual.

At some point I'll make an auto install...apologies.

On 10/22/2019 7:25 AM, Jeff Koch wrote:
Eric - thanks again. Question - is DKIM built in now or do we need to 
go through the setup process?


Jeff

On 10/22/2019 8:59 AM, Eric Broch wrote:


# ls -l /var/qmail/bin/qmail-queue /var/qmail/bin/qmail-queue.orig 
/var/qmail/bin/qmail-dk

-rws--x--x 1 qmailq qmail 52096 Jan 21  2018 /var/qmail/bin/qmail-dk
lrwxrwxrwx 1 root   root 23 Jun 14  2018 
/var/qmail/bin/qmail-queue -> /var/qmail/bin/qmail-dk
-rws--x--x 1 qmailq qmail 27040 Jan 21  2018 
/var/qmail/bin/qmail-queue.orig


Stop qmail

# qmailctl stop

Remove symlink to qmail-dk

# unlink /var/qmail/bin/qmail-queue

Move qmail-queue.orig to qmail-queue

# mv /var/qmail/bin/qmail-queue.orig /var/qmail/bin/qmail-queue

Start qmail

# qmailctl start

Remove DKSIGN, DKVERIFY, DKQUEUE (DomainKeys) from tcp.smtp.

# qmailctl cdb

On 10/22/2019 6:50 AM, Jeff Koch wrote:


Hi:

Anyone know why we would be seeing this message when trying to send 
email on a new QMT7 setup?


554 qmail-dk: Cannot sign message due to invalid message syntax. 
(#5.3.0)



Thanks, Jeff

Re: [qmailtoaster] Error on new mailserver setup

[Jeff Koch]

Eric - thanks again. Question - is DKIM built in now or do we need to go 
through the setup process?


Jeff

On 10/22/2019 8:59 AM, Eric Broch wrote:


# ls -l /var/qmail/bin/qmail-queue /var/qmail/bin/qmail-queue.orig 
/var/qmail/bin/qmail-dk

-rws--x--x 1 qmailq qmail 52096 Jan 21  2018 /var/qmail/bin/qmail-dk
lrwxrwxrwx 1 root   root 23 Jun 14  2018 
/var/qmail/bin/qmail-queue -> /var/qmail/bin/qmail-dk
-rws--x--x 1 qmailq qmail 27040 Jan 21  2018 
/var/qmail/bin/qmail-queue.orig


Stop qmail

# qmailctl stop

Remove symlink to qmail-dk

# unlink /var/qmail/bin/qmail-queue

Move qmail-queue.orig to qmail-queue

# mv /var/qmail/bin/qmail-queue.orig /var/qmail/bin/qmail-queue

Start qmail

# qmailctl start

Remove DKSIGN, DKVERIFY, DKQUEUE (DomainKeys) from tcp.smtp.

# qmailctl cdb

On 10/22/2019 6:50 AM, Jeff Koch wrote:


Hi:

Anyone know why we would be seeing this message when trying to send 
email on a new QMT7 setup?


554 qmail-dk: Cannot sign message due to invalid message syntax. 
(#5.3.0)



Thanks, Jeff

Re: [qmailtoaster] Error on new mailserver setup

[Jeff Koch]

Eric - thanks - you are a life saver - Jeff

On 10/22/2019 8:59 AM, Eric Broch wrote:


# ls -l /var/qmail/bin/qmail-queue /var/qmail/bin/qmail-queue.orig 
/var/qmail/bin/qmail-dk

-rws--x--x 1 qmailq qmail 52096 Jan 21  2018 /var/qmail/bin/qmail-dk
lrwxrwxrwx 1 root   root 23 Jun 14  2018 
/var/qmail/bin/qmail-queue -> /var/qmail/bin/qmail-dk
-rws--x--x 1 qmailq qmail 27040 Jan 21  2018 
/var/qmail/bin/qmail-queue.orig


Stop qmail

# qmailctl stop

Remove symlink to qmail-dk

# unlink /var/qmail/bin/qmail-queue

Move qmail-queue.orig to qmail-queue

# mv /var/qmail/bin/qmail-queue.orig /var/qmail/bin/qmail-queue

Start qmail

# qmailctl start

Remove DKSIGN, DKVERIFY, DKQUEUE (DomainKeys) from tcp.smtp.

# qmailctl cdb

On 10/22/2019 6:50 AM, Jeff Koch wrote:


Hi:

Anyone know why we would be seeing this message when trying to send 
email on a new QMT7 setup?


554 qmail-dk: Cannot sign message due to invalid message syntax. 
(#5.3.0)



Thanks, Jeff

[qmailtoaster] Error on new mailserver setup

[Jeff Koch]

Hi:

Anyone know why we would be seeing this message when trying to send 
email on a new QMT7 setup?


554 qmail-dk: Cannot sign message due to invalid message syntax. (#5.3.0)


Thanks, Jeff

[qmailtoaster] Duplicate emails

[Jeff Koch]

We just migrated a QMT7 mailserver from one DC to another but since the backup 
was huge and it took couple days to FTP before we could do the final 
incremental backup we now have many accounts with duplicate emails. The file 
names are almost the same except for the suffixes. Does anyone know of a script 
That will remove these dups?

Jeff

Sent from my iPhone

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Qmail COS7 install question.

[Jeff Koch]

I think otherwise there is a risk of other standard COS7 being in the 
way - like postfix


On 10/20/2019 10:36 AM, Eric Broch wrote:

Not necessarily

On 10/20/2019 12:12 AM, Tony White wrote:

Hi folks,
  Is there a specific reason why the QMT install
for COS7 has to be a minimal install?



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Re: Rate limiting user submissions

[Jeff Koch]

Hi Eric:

This is the patch that we used with Bill's toaster and it was very 
effective in limiting the damage from hijacked email accounts.


http://spamthrottle.qmail.ca/

Let me know what you think

Jeff

On 8/22/2019 7:18 PM, Eric Broch wrote:

What about this tcpserver limits patch

https://qmail.jms1.net/ucspi-tcp/

On 8/22/2019 9:32 AM, Jeff Koch wrote:


Hi List

Sometimes a user's email credentials get hijacked and before we know 
it 100,000 spams go out. This doesn't happen very often but when it 
does it's a mess. Our mailserver gets blocked by major ISP and it 
takes weeks to get the blocks lifted. So I was thinking - is there 
any way to rate limit email accounts? For example, limit users to 
sending no faster than one email every few seconds. There used to be 
a patch for the old Bill's Qmail Toaster called 'spam throttle' that 
could do this.


Regards, Jeff

[qmailtoaster] Re: Rate limiting user submissions

[Jeff Koch]

Hi Eric:

That patch might work - is it already installed?

Jeff

On 8/22/2019 7:18 PM, Eric Broch wrote:

What about this tcpserver limits patch

https://qmail.jms1.net/ucspi-tcp/

On 8/22/2019 9:32 AM, Jeff Koch wrote:


Hi List

Sometimes a user's email credentials get hijacked and before we know 
it 100,000 spams go out. This doesn't happen very often but when it 
does it's a mess. Our mailserver gets blocked by major ISP and it 
takes weeks to get the blocks lifted. So I was thinking - is there 
any way to rate limit email accounts? For example, limit users to 
sending no faster than one email every few seconds. There used to be 
a patch for the old Bill's Qmail Toaster called 'spam throttle' that 
could do this.


Regards, Jeff

[qmailtoaster] Rate limiting user submissions

[Jeff Koch]

Hi List

Sometimes a user's email credentials get hijacked and before we know it 
100,000 spams go out. This doesn't happen very often but when it does 
it's a mess. Our mailserver gets blocked by major ISP and it takes weeks 
to get the blocks lifted. So I was thinking - is there any way to rate 
limit email accounts? For example, limit users to sending no faster than 
one email every few seconds. There used to be a patch for the old Bill's 
Qmail Toaster called 'spam throttle' that could do this.


Regards, Jeff

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Relaying mail to another server

[Jeff Koch]

Hi Eric:

This seems to work. Only needed to add the entry to smtproutes - used 
the IP address of the remote server and the port number. Just to be sure 
I spent some time testing whether we had an open relay and confirmed 
that we did not have an open relay.


Thanks for the help.

Jeff

On 7/3/2019 11:00 AM, Eric Broch wrote:


Backup /var/qmail/control/virtualhosts to 
/var/qmail/control/virtualhosts.bak and empty the new file of domains 
you don't want delivered locally, same with /var/qmail/control/locals.


Add entry to /var/qmail/control/smtproutes no quotes.

":remotehost:port"

You'll have to set up 'remotehost' to receive mail on new 'port'


http://wiki.qmailtoaster.com/index.php/Smtproutes

https://arstechnica.com/civis/viewtopic.php?f=16=67722


Let me know if it works.



On 7/3/2019 8:20 AM, Jeff Koch wrote:
Abel - thanks - I'll give it a try - how about forcing it to use port 
26 for outgoing mail?


Jeff

On 7/3/2019 9:39 AM, a...@globalgate.com.ar wrote:


On Wed, 3 Jul 2019, Jeff Koch wrote:


Date: Wed, 3 Jul 2019 09:35:20 -0400
From: Jeff Koch 
Reply-To: qmailtoaster-list@qmailtoaster.com
To: Eric Broch , 
qmailtoaster-list@qmailtoaster.com

Subject: [qmailtoaster] Relaying mail to another server


Hi - I need to temporarily relay all mail from a QMT7 mailserver to 
another server that will distribute the mail. Does anyone know how 
to reconfigure the QMT7 mailserver to do that?


This is because my host is currently blocking outgoing port 25 so I 
thought I'd relay the mail on port 26 to a server we have on 
another host. But I need to configure QMT7 to do that.


Regards, Jeff



Hi,

/usr/bin/echo  ":" >> /var/qmail/control/smtproutes


kind regards,


__Abel.

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Relaying mail to another server

[Jeff Koch]

Abel - thanks - I'll give it a try - how about forcing it to use port 26 
for outgoing mail?


Jeff

On 7/3/2019 9:39 AM, a...@globalgate.com.ar wrote:


On Wed, 3 Jul 2019, Jeff Koch wrote:


Date: Wed, 3 Jul 2019 09:35:20 -0400
From: Jeff Koch 
Reply-To: qmailtoaster-list@qmailtoaster.com
To: Eric Broch , 
qmailtoaster-list@qmailtoaster.com

Subject: [qmailtoaster] Relaying mail to another server


Hi - I need to temporarily relay all mail from a QMT7 mailserver to 
another server that will distribute the mail. Does anyone know how to 
reconfigure the QMT7 mailserver to do that?


This is because my host is currently blocking outgoing port 25 so I 
thought I'd relay the mail on port 26 to a server we have on another 
host. But I need to configure QMT7 to do that.


Regards, Jeff



Hi,

/usr/bin/echo  ":" >> /var/qmail/control/smtproutes


kind regards,


__Abel.

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com