Re: [qmailtoaster] DKIM new box
Without knowing what domain it is you're asking about, it is very hard to tell! Off the top of my head, DKIM signature verification failed suggests that qmail is signing your mails with the wrong certificate? Is the qmail install new, where maybe there are new signature keys that are not published in the DNS for the domain you're sending email from, or something with a subdomain where you have a key for domain.com but are signing with a key from mail.domain.com? On 9/12/21 12:35 PM, Remo Mattei wrote: X-IOL-DKIM: fail="signature verification failed” I am getting this on the remote box, Any suggestions on this? Thanks - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Issue with Qmailadmin
Thank you, Eric. That made zero difference. I am not certain, but believe the issue I am seeing is because of the suexec setup on CentOS8. Suexec will no longer su to a user who's UID or GID is less than 1000 - [root@hostname new]# suexec -V -D AP_DOC_ROOT="/var/www" -D AP_GID_MIN=1000 -D AP_HTTPD_USER="apache" -D AP_LOG_SYSLOG -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin" -D AP_UID_MIN=1000 -D AP_USERDIR_SUFFIX="public_html" With vpopmail as UID 89 and vchkpw as GID 89, I think suexec simply won't work. [root@hostname new]# ls -al /usr/share/qmailadmin/ total 212 drwxr-xr-x 5 root root 79 Nov 13 17:03 . drwxr-xr-x. 152 root root 4096 Nov 13 17:03 .. drwxr-xr-x 2 root root 4096 Nov 13 17:03 html drwxr-xr-x 3 apache apache 4096 Nov 13 17:03 images lrwxrwxrwx 1 vpopmail vchkpw 10 Oct 17 01:17 index.cgi -> qmailadmin drwxr-xr-x 2 root root 222 Nov 13 17:03 lang -rwsr-sr-x 1 vpopmail vchkpw 197144 Oct 17 01:17 qmailadmin Unfortunately there is no configuration file for suexec that would allow me to change it to allow 89:89 to be allowed. Compiling suexec from source probably could do it, but I'm hopeful there is another way around it? To get dspam web working I had to usermod dspam to UID & GID above 1000. It is possible I broke something in suexec when I did that, but I only mention it for complete transparency, I don't think that is likely. On 11/15/20 3:00 PM, Eric Broch wrote: Hi Jim, 1st) In order to do this you must change the url in the file /usr/share/squirrelmail/plugins/qmailadmin_login/config_default.php like so: #$qmlogin_cgi_url='/cgi-bin/qmailadmin'; $qmlogin_cgi_url='https://fqdn/qmailadmin/'; 2nd) I believe calling /usr/share/qmailadmin/qmailadmin from the cli is erroneous because options aren't being sent in as would happen with a _POST or something. Eric On 11/13/2020 4:37 PM, Eric Broch wrote: Thanks, Jim, I'll have a look. Eric On 11/13/2020 3:19 PM, Jim McNamara wrote: Hello, all. I noticed a problem with the qmailadmin website and wanted to check if others saw it as well. When I tried to change a user's password through the /webmail interface, I get an error which reads: Not Found The requested URL /cgi-bin/qmailadmin was not found on this server. Thinking that was odd, I tried going directly to /qmailadmin from a machine on the ACL, and received this arrow in the browser: Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. When I check the apache logs, I see this message: [Fri Nov 13 17:11:24.885140 2020] [cgid:error] [pid 829305:tid 139962968168192] [client 192.168.X.Y:49419] End of script output before headers: index.cgi, referer: https://obscured.tld/admin-toaster/ When I simply call the cgi script directly, I believe I have found the problem - [user@server ~]$ /usr/share/qmailadmin/index.cgi Content-Type: text/html; charset=iso-8859-1 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> http://www.w3.org/1999/xhtml;> QMT Mail Admin - ">eta http-equiv="content-type" content="text/html; charset=iso-8859-1 type="text/css" href="/qmailadmin/images/admin.login.css" media="screen" /> Notice the line under and above begins with a double quote? I believe that is the issue with the "end of script before headers? I used yum to remove and reinstall just qmailadmin, but the problem remained. Since the file is binary I don't believe I can simply edit it. My qmailadmin package is 1.2.16-5.1.qt.el8 from qmt-testing. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Issue with Qmailadmin
Hello, all. I noticed a problem with the qmailadmin website and wanted to check if others saw it as well. When I tried to change a user's password through the /webmail interface, I get an error which reads: Not Found The requested URL /cgi-bin/qmailadmin was not found on this server. Thinking that was odd, I tried going directly to /qmailadmin from a machine on the ACL, and received this arrow in the browser: Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. When I check the apache logs, I see this message: [Fri Nov 13 17:11:24.885140 2020] [cgid:error] [pid 829305:tid 139962968168192] [client 192.168.X.Y:49419] End of script output before headers: index.cgi, referer: https://obscured.tld/admin-toaster/ When I simply call the cgi script directly, I believe I have found the problem - [user@server ~]$ /usr/share/qmailadmin/index.cgi Content-Type: text/html; charset=iso-8859-1 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> http://www.w3.org/1999/xhtml;> QMT Mail Admin - ">eta http-equiv="content-type" content="text/html; charset=iso-8859-1 type="text/css" href="/qmailadmin/images/admin.login.css" media="screen" /> Notice the line under and above begins with a double quote? I believe that is the issue with the "end of script before headers? I used yum to remove and reinstall just qmailadmin, but the problem remained. Since the file is binary I don't believe I can simply edit it. My qmailadmin package is 1.2.16-5.1.qt.el8 from qmt-testing. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Incoming email issue from other domains
On 11/12/20 7:03 AM, ChandranManikandan wrote: Hi Folks, Now it's working, I have done below changes in /var/qmail/supervise/smtp/run Just enabled spamdyke conf lines then working. #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` SPAMDYKE="/usr/bin/spamdyke" SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf" SMTPD="/var/qmail/bin/qmail-smtpd" TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb" HOSTNAME=`hostname` VCHKPW="/home/vpopmail/bin/vchkpw" REQUIRE_AUTH=0 #export FORCETLS=0 export SMTPAUTH="" exec /usr/bin/softlimit -m 6400 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \ $SPAMDYKE --config-file $SPAMDYKE_CONF \ $SMTPD $VCHKPW /bin/true 2>&1 I noticed this as well on CentOS8, if you remove spamdyke from the smtp run file, the service will not run. It gives errors and does not run at all. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Letsencrypty for COS7
On 11/10/20 4:26 AM, ChandranManikandan wrote: Hi Friends, I have installed a new Machine with COS7 and Qmailtoaster for one domain. I want to add another domain hosting with the same machine. I have done letsencrypt ssl and dkim for one domain, how to add another domain for the same letsencrypt and dkim. Appreciate your could help me. -- */Regards, Manikandan.C /* Multiple domain DKIM is covered in step 2 of the instructions at http://www.qmailtoaster.net/dkim.html Multiple sites on differing SSL files is not possible. A good explanation of how to handle it can be read at https://www.hmailserver.com/forum/viewtopic.php?t=33198#p207547 . - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] QMT is not issuing a STARTTLS on outbound SMTP
Eric pointed at two links off-list. Sharing them here as one of them was my issue - my mail server is behind a Cisco firewall that was inspecting esmtp, and breaking the ability to use starttls with remote mail servers. After following the steps on this page: https://stomp.colorado.edu/blog/blog/2012/12/31/on-smtp-starttls-and-the-cisco-asa/ I was able to send emails over TLS to gmail and checktls.com. Received: from mymachine.tld (mymachine.tld. [9.8.7.6]) by mx.google.com with ESMTPS id n14si5034922qvr.97.2020.10.18.13.59.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 18 Oct 2020 13:59:34 -0700 (PDT) Thank you, Eric for your help & support in resolving this! On 10/17/20 8:44 PM, Jim McNamara wrote: All steps performed, emails to google are still going un-encrypted - [root@catchmail2 control]# qmailctl stop Stopping qmail-toaster: svscan qmail logging. [root@catchmail2 control]# systemctl stop dovecot [root@catchmail2 control]# yum makecache QMT Testing Repository 1.1 kB/s | 2.9 kB 00:02 QMT Testing Repository 94 kB/s | 57 kB 00:00 CentOS-8 - AppStream 1.6 kB/s | 4.3 kB 00:02 CentOS-8 - Base 14 kB/s | 3.9 kB 00:00 CentOS-8 - Extras 5.8 kB/s | 1.5 kB 00:00 Extra Packages for Enterprise Linux Modular 8 - x86_64 20 kB/s | 9.7 kB 00:00 Extra Packages for Enterprise Linux 8 - x86_64 77 kB/s | 4.4 kB 00:00 Remi's Modular repository for Enterprise Linux 8 - x86_64 5.7 kB/s | 3.5 kB 00:00 Safe Remi's RPM repository for Enterprise Linux 8 - x86_64 8.8 kB/s | 3.0 kB 00:00 Fedora 28 58 kB/s | 3.8 kB 00:00 Metadata cache created. [root@catchmail2 control]# yum reinstall qmail simscan qmailadmin dovecot vqadmin vpopmail libvpopmail ezmlm ezmlm-cgi Last metadata expiration check: 0:00:12 ago on Sat 17 Oct 2020 08:35:38 PM EDT. Installed package simscan-1.4.0-4.qt.el8.x86_64 (from qmt-testing) not available. No match for argument: libvpopmail Dependencies resolved. === Package Architecture Version Repository Size === Reinstalling: dovecot x86_64 2:2.3.11.3-8.qt.el8 qmt-testing 17 M ezmlm x86_64 0.53.324-3.qt.el8 qmt-testing 675 k ezmlm-cgi x86_64 0.53.324-3.qt.el8 qmt-testing 51 k qmail x86_64 1.03-3.3.1.qt.el8 qmt-testing 552 k qmailadmin x86_64 1.2.16-5.1.qt.el8 qmt-testing 2.2 M vpopmail x86_64 5.4.33-4.qt.el8 qmt-testing 385 k vqadmin x86_64 2.3.7-4.qt.el8 qmt-testing 126 k Transaction Summary === Total download size: 21 M Installed size: 78 M Is this ok [y/N]: y Downloading Packages: (1/7): ezmlm-cgi-0.53.324-3.qt.el8.x86_64.rpm 125 kB/s | 51 kB 00:00 (2/7): qmail-1.03-3.3.1.qt.el8.x86_64.rpm 729 kB/s | 552 kB 00:00 (3/7): ezmlm-0.53.324-3.qt.el8.x86_64.rpm 325 kB/s | 675 kB 00:02 (4/7): vpopmail-5.4.33-4.qt.el8.x86_64.rpm 381 kB/s | 385 kB 00:01 (5/7): vqadmin-2.3.7-4.qt.el8.x86_64.rpm 286 kB/s | 126 kB 00:00 (6/7): qmailadmin-1.2.16-5.1.qt.el8.x86_64.rpm 491 kB/s | 2.2 MB 00:04 (7/7): dovecot-2.3.11.3-8.qt.el8.x86_64.rpm 295 kB/s | 17 MB 00:59 --- Total 361 kB/s | 21 MB 00:59 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: vpopmail-5.4.33-4.qt.el8.x86_64 1/1 Running scriptlet: vpopmail-5.4.33-4.qt.el8.x86_64 1/14 groupadd: group 'vchkpw' already exists Reinstalling : vpopmail-5.4.33-4.qt.el8.x86_64 1/14 Running scriptlet: vpopmail-5.4.33-4.qt.el8.x86_64 1/14 Reinstalling : ezmlm-0.53.324-3.qt.el8.x86_64 2/14 Running scriptlet: qmail-1.03-3.3.1.qt.el8.x86_64 3/14 Adding qmailtoaster users and groups. groupadd: group 'nofiles' already exists groupadd: group 'qmail' already exists Reinstalling : qmail-1.03-3.3.1.qt.el8.x86_64 3/14 Running scriptlet: qmail-1.03-3.3.1.qt
Re: [qmailtoaster] QMT is not issuing a STARTTLS on outbound SMTP
ailadmin-1.2.16-5.1.qt.el8.x86_64 4/14 Running scriptlet: qmailadmin-1.2.16-5.1.qt.el8.x86_64 4/14 No webmail.css to move No webmail.css to remove Reinstalling : ezmlm-cgi-0.53.324-3.qt.el8.x86_64 5/14 Reinstalling : vqadmin-2.3.7-4.qt.el8.x86_64 6/14 Running scriptlet: dovecot-2:2.3.11.3-8.qt.el8.x86_64 7/14 Reinstalling : dovecot-2:2.3.11.3-8.qt.el8.x86_64 7/14 Running scriptlet: dovecot-2:2.3.11.3-8.qt.el8.x86_64 7/14 Cleanup : qmailadmin-1.2.16-5.1.qt.el8.x86_64 8/14 Running scriptlet: qmail-1.03-3.3.1.qt.el8.x86_64 9/14 Cleanup : qmail-1.03-3.3.1.qt.el8.x86_64 9/14 Running scriptlet: qmail-1.03-3.3.1.qt.el8.x86_64 9/14 Cleanup : vqadmin-2.3.7-4.qt.el8.x86_64 10/14 Cleanup : ezmlm-cgi-0.53.324-3.qt.el8.x86_64 11/14 Cleanup : ezmlm-0.53.324-3.qt.el8.x86_64 12/14 Running scriptlet: vpopmail-5.4.33-4.qt.el8.x86_64 13/14 Cleanup : vpopmail-5.4.33-4.qt.el8.x86_64 13/14 Running scriptlet: dovecot-2:2.3.11.3-8.qt.el8.x86_64 14/14 Cleanup : dovecot-2:2.3.11.3-8.qt.el8.x86_64 14/14 Running scriptlet: dovecot-2:2.3.11.3-8.qt.el8.x86_64 14/14 Verifying : dovecot-2:2.3.11.3-8.qt.el8.x86_64 1/14 Verifying : dovecot-2:2.3.11.3-8.qt.el8.x86_64 2/14 Verifying : ezmlm-0.53.324-3.qt.el8.x86_64 3/14 Verifying : ezmlm-0.53.324-3.qt.el8.x86_64 4/14 Verifying : ezmlm-cgi-0.53.324-3.qt.el8.x86_64 5/14 Verifying : ezmlm-cgi-0.53.324-3.qt.el8.x86_64 6/14 Verifying : qmail-1.03-3.3.1.qt.el8.x86_64 7/14 Verifying : qmail-1.03-3.3.1.qt.el8.x86_64 8/14 Verifying : qmailadmin-1.2.16-5.1.qt.el8.x86_64 9/14 Verifying : qmailadmin-1.2.16-5.1.qt.el8.x86_64 10/14 Verifying : vpopmail-5.4.33-4.qt.el8.x86_64 11/14 Verifying : vpopmail-5.4.33-4.qt.el8.x86_64 12/14 Verifying : vqadmin-2.3.7-4.qt.el8.x86_64 13/14 Verifying : vqadmin-2.3.7-4.qt.el8.x86_64 14/14 Installed products updated. Reinstalled: dovecot-2:2.3.11.3-8.qt.el8.x86_64 ezmlm-0.53.324-3.qt.el8.x86_64 ezmlm-cgi-0.53.324-3.qt.el8.x86_64 qmail-1.03-3.3.1.qt.el8.x86_64 qmailadmin-1.2.16-5.1.qt.el8.x86_64 vpopmail-5.4.33-4.qt.el8.x86_64 vqadmin-2.3.7-4.qt.el8.x86_64 Complete! [root@catchmail2 control]# qmailctl start Starting qmail-toaster: svscan. [root@catchmail2 control]# systemctl start dovecot Received: from mymachine.tld (mymachine.tld. [9.8.7.6]) by mx.google.com with ESMTP id j88si3945739qva.198.2020.10.17.17.39.46 for ; Sat, 17 Oct 2020 17:39:46 -0700 (PDT) [root@catchmail2 control]# tail -15 /var/log/qmail/send/current | tai64nlocal 2020-10-17 20:32:45.531796500 status: local 0/10 remote 0/60 2020-10-17 20:35:11.747983500 status: qmail-todo stop processing asap 2020-10-17 20:35:11.747985500 status: exiting 2020-10-17 20:38:54.831394500 status: local 0/10 remote 0/60 2020-10-17 20:38:54.831396500 starting delivery 1: msg 8428249 to local packetalk.net-r...@packetalk.net 2020-10-17 20:38:54.831397500 status: local 1/10 remote 0/60 2020-10-17 20:38:55.909789500 delivery 1: deferral: lda(r...@mymachine.tld):_Error:_net_connect_unix(/var/run/dovecot/stats-writer)_failed:_Permission_denied/ 2020-10-17 20:38:55.909790500 status: local 0/10 remote 0/60 2020-10-17 20:39:46.472501500 new msg 8497403 2020-10-17 20:39:46.472502500 info msg 8497403: bytes 798 from qp 732415 uid 89 2020-10-17 20:39:46.472547500 starting delivery 2: msg 8497403 to remote othe...@gmail.com 2020-10-17 20:39:46.472553500 status: local 0/10 remote 1/60 2020-10-17 20:39:47.141395500 delivery 2: success: _173.194.204.26_accepted_message./Remote_host_said:_250_2.0.0_OK__1602981587_j88si3945739qva.198_-_gsmtp/ 2020-10-17 20:39:47.141578500 status: local 0/10 remote 0/60 2020-10-17 20:39:47.141672500 end msg 8497403 On 10/17/20 5:14 PM, Eric Broch wrote: This is CentOS 8/MariaDB install? If so, please reinstall these packages... # qmailctl stop # systemctl stop dovecot # yum makecache # yum reinstall qmail simscan qmailadmin dovecot vqadmin vpopmail libvpopmail ezmlm ezmlm-cgi # qmailctl start # systemctl start dovecot On 10/17/2020 2:23 PM, Jim McNamara wrote: In my haste I had left out the last bit of data! I have mariadb rather than mysql -\ [root@catchmail2 control]# yum list mariadb Last metadata expiration check: 0:42:09 ago on Sat 17 Oct 2020 03:40:24 PM EDT. Installed Packages mariadb.x86_64 3:10.3.17-1.module_el8.1.0+257+48736ea6 @AppStream [root@catchmail2 control]# yum list mysql Last metadata expiration check: 0:42:21 ago on Sat 17 Oct 2020 03:40:24 PM EDT. Available Packages mysql.x86_64 8.0.21-1.module_el8.2.0+493+63b41e36 AppStream [root@catchmail2 control]# On 10/17/20 3:17 PM, Jim McNamara wrote: Eric asked for a few bits of info. [root@catchmail2 control]# ls -alrt /v
Re: [qmailtoaster] QMT is not issuing a STARTTLS on outbound SMTP
[root@catchmail2 control]# ls -la /var/qmail/control/ total 132 drwxr-xr-x. 3 root qmail 4096 Oct 16 01:01 . drwxr-xr-x. 13 root qmail 159 Oct 1 10:09 .. -rw-r--r--. 1 root qmail 32 Sep 29 17:19 badloadertypes -rw-r--r-- 1 root root 2048 Oct 9 15:08 badloadertypes.cdb -rw-r--r--. 1 root qmail 25 Sep 29 17:19 badmailfrom -rw-r--r--. 1 root qmail 29 Sep 29 17:19 badmailto -rw-r--r--. 1 root qmail 360 Sep 29 17:19 badmimetypes -rw-r--r-- 1 root root 2048 Oct 9 15:08 badmimetypes.cdb lrwxrwxrwx. 1 root qmail 14 Sep 29 17:19 clientcert.pem -> servercert.pem -rw-r--r--. 1 root qmail 4 Sep 29 17:19 concurrencyincoming -rw-r--r--. 1 root qmail 3 Sep 29 17:19 concurrencyremote -rw-r--r--. 1 root qmail 9 Sep 29 17:19 databytes -rw-r--r--. 1 root qmail 11 Sep 29 17:19 defaultdelivery -rw-r--r--. 1 root qmail 14 Oct 1 10:07 defaultdomain -rw-r--r--. 1 root qmail 14 Oct 1 10:07 defaulthost -rw-r--r-- 1 root qmail 424 Oct 16 01:01 dh2048.pem drwxr-xr-x. 2 qmailr qmail 202 Oct 8 11:15 dkim -rw-r--r--. 1 root root 10 Oct 6 09:45 locals -rw---. 1 root root 0 Oct 1 10:09 locals.lock -rw-r--r--. 1 root qmail 4 Sep 29 17:19 logcount -rw-r--r--. 1 root qmail 8 Sep 29 17:19 logsize -rw-r--r--. 1 root qmail 25 Oct 1 10:07 me -rw-r-. 1 root vchkpw 2830 Oct 1 10:07 orig-servercert.pem -rw-r--r--. 1 root qmail 14 Oct 1 10:07 plusdomain -rw-r--r--. 1 root qmail 0 Sep 29 17:19 policy -rw-r--r--. 1 root qmail 6 Sep 29 17:19 queuelifetime -rw-r--r--. 1 root root 251 Oct 6 09:45 rcpthosts -rw---. 1 root root 0 Oct 1 10:09 rcpthosts.lock -rw-r--r-- 1 root qmail 1679 Oct 16 01:01 rsa2048.pem -rw-r- 1 root vchkpw 8934 Oct 15 16:43 servercert.pem -rw-r--r--. 1 46 root 59 Dec 24 2013 simcontrol -rw-r--r-- 1 root root 2129 Oct 9 15:08 simcontrol.cdb -rw-r--r-- 1 root root 2166 Oct 9 15:08 simversions.cdb -rw-r--r--. 1 root qmail 87 Oct 1 10:07 smtpgreeting -rw-r--r--. 1 root qmail 0 Sep 29 17:19 smtproutes -rw-r--r--. 1 root qmail 2 Sep 29 17:19 spfbehavior lrwxrwxrwx. 1 root root 35 Oct 1 10:07 tlsclientciphers -> /var/qmail/control/tlsserverciphers -rw-r--r--. 1 root qmail 3285 Oct 1 10:07 tlsserverciphers -rw-r--r--. 1 root root 452 Oct 6 09:45 virtualdomains -rw---. 1 root root 0 Oct 1 10:09 virtualdomains.lock CheckTLS.com reports: FAILED FAILED //email/test From: Your email was sent, however it was NOT SENT SECURELY using TLS. The log of the mail to checktls.com - 2020-10-16 07:14:48.069306500 new msg 8497405 2020-10-16 07:14:48.069309500 info msg 8497405: bytes 817 from qp 569418 uid 89 2020-10-16 07:14:48.069310500 starting delivery 87: msg 8497405 to remote t...@testsender.checktls.com 2020-10-16 07:14:48.069311500 status: local 0/10 remote 1/60 2020-10-16 07:14:48.521062500 delivery 87: success: _165.227.190.238_accepted_message./Remote_host_said:_250_Ok/ 2020-10-16 07:14:48.521064500 status: local 0/10 remote 0/60 2020-10-16 07:14:48.521065500 end msg 8497405 2020-10-16 07:14:57.942882500 new msg 8497405 2020-10-16 07:14:57.942883500 info msg 8497405: bytes 2348 from qp 569438 uid 89 2020-10-16 07:14:57.942884500 starting delivery 88: msg 8497405 to local mymachine.tld...@mymachine.tld 2020-10-16 07:14:57.942885500 status: local 1/10 remote 0/60 2020-10-16 07:14:57.997390500 delivery 88: success: lda(m...@mymachine.tld):_Error:_net_connect_unix(/var/run/dovecot/stats-writer)_failed:_Permission_denied/did_0+0+1/ 2020-10-16 07:14:57.997392500 status: local 0/10 remote 0/60 2020-10-16 07:14:57.997393500 end msg 8497405 I obscured my public IP in the thread to 9.8.7.6, but the headers in the gmail message show my mail server's IP, there is no smarthost that I am aware of. On 10/15/20 7:51 PM, Eric Broch wrote: I can't remember a time when sending to gmail failed to produce a tls connection. I don't wonder if there is a smarthost in between stopping it? On 10/15/2020 5:23 PM, Jaime Lerner wrote: An easier place to check is to go to checktls.com to get an excellent output of your mailserver connection and whether it is using TLS. Might help with trouble-shooting *From: *Eric Broch *Reply-To: * *Date: *Thursday, October 15, 2020 at 5:39 PM *To: * *Subject: *Re: [qmailtoaster] QMT is not issuing a STARTTLS on outbound SMTP What's this look like # ls -la /var/qmail/control On 10/15/2020 2:54 PM, Jim McNamara wrote: [root@catchmail2 control]# yum list installed | grep qmail qmail.x86_64 1.03-3.3.1.qt.el8 @qmt-testing qmailadmin.x86_64 1.2.16-5.1.qt.el8 @qmt-testing qmailmrtg.x86_64 4.2-4.qt.el8 @qmt-testing On 10/15/20 4:48 PM, Eric Broch wrote: What version of qmail? On 10/15/2020 2:47 PM, Jim McNamara wrote: Received: from mymachi
Re: [qmailtoaster] QMT is not issuing a STARTTLS on outbound SMTP
[root@catchmail2 control]# yum list installed | grep qmail qmail.x86_64 1.03-3.3.1.qt.el8 @qmt-testing qmailadmin.x86_64 1.2.16-5.1.qt.el8 @qmt-testing qmailmrtg.x86_64 4.2-4.qt.el8 @qmt-testing On 10/15/20 4:48 PM, Eric Broch wrote: What version of qmail? On 10/15/2020 2:47 PM, Jim McNamara wrote: Received: from mymachine.tld (mymachine.tld. [9.8.7.6]) by mx.google.com with ESMTP id p5si1775654qvb.199.2020.10.15.09.52.15 for ; Thu, 15 Oct 2020 09:52:15 -0700 (PDT) Received: from mymachine.tld (mymachine.tld. [9.8.7.6]) by mx.google.com with ESMTP id n10si156346qvl.1.2020.10.15.13.37.49 for ; Thu, 15 Oct 2020 13:37:49 -0700 (PDT) No mention whatsoever of TLS, the next lines of the headers begin: Received-SPF: pass On 10/15/20 3:32 PM, Eric Broch wrote: Check the header of an email you've sent to Gmail from your QMT, you should see something like the following: Received: from localhost (mx.mydomain.com. [xxx.xxx.xxx.xxx]) by mx.google.com with ESMTPS id be3si1766151plb.73.2020.10.15.11.34.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); I'm sending from a CentOS 8/QMT I just fired up and am testing. Eric On 10/15/2020 12:57 PM, Jim McNamara wrote: Hello, list! According to http://www.qmailtoaster.net/notls.html , all outbound SMTP should be using TLS unless a domain is configured explicitly not use it. However, without even creating the directory /var/qmail/control/notlshosts every message I send from my server to gmail.com is going unencrypted. The /var/log/qmail/send/current file has entries like: 2020-10-15 14:29:58.418313500 new msg 8428251 2020-10-15 14:29:58.418315500 info msg 8428251: bytes 574 from qp 511025 uid 89 2020-10-15 14:29:58.418336500 starting delivery 1: msg 8428251 to remote anothe...@gmail.com 2020-10-15 14:29:58.418337500 status: local 0/10 remote 1/60 2020-10-15 14:29:59.220407500 delivery 1: success: _173.194.204.26_accepted_message./Remote_host_said:_250_2.0.0_OK__1602786599_w13si301qtv.16_-_gsmtp/ 2020-10-15 14:29:59.220525500 status: local 0/10 remote 0/60 2020-10-15 14:29:59.220563500 end msg 8428251 The message in gmail shows up with the padlock having a red line through it, indicating it was not encrypted during transit. Since I see the 250 in the send log, I would assume that should my server attempt to use TLS, there should be a, "starttls" getting logged? My /var/qmail/supervise/send/run file is simply: #!/bin/sh exec /var/qmail/rc Did I do something wrong that outbound SMTP is not even asking for TLS? - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] QMT is not issuing a STARTTLS on outbound SMTP
Received: from mymachine.tld (mymachine.tld. [9.8.7.6]) by mx.google.com with ESMTP id p5si1775654qvb.199.2020.10.15.09.52.15 for ; Thu, 15 Oct 2020 09:52:15 -0700 (PDT) Received: from mymachine.tld (mymachine.tld. [9.8.7.6]) by mx.google.com with ESMTP id n10si156346qvl.1.2020.10.15.13.37.49 for ; Thu, 15 Oct 2020 13:37:49 -0700 (PDT) No mention whatsoever of TLS, the next lines of the headers begin: Received-SPF: pass On 10/15/20 3:32 PM, Eric Broch wrote: Check the header of an email you've sent to Gmail from your QMT, you should see something like the following: Received: from localhost (mx.mydomain.com. [xxx.xxx.xxx.xxx]) by mx.google.com with ESMTPS id be3si1766151plb.73.2020.10.15.11.34.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); I'm sending from a CentOS 8/QMT I just fired up and am testing. Eric On 10/15/2020 12:57 PM, Jim McNamara wrote: Hello, list! According to http://www.qmailtoaster.net/notls.html , all outbound SMTP should be using TLS unless a domain is configured explicitly not use it. However, without even creating the directory /var/qmail/control/notlshosts every message I send from my server to gmail.com is going unencrypted. The /var/log/qmail/send/current file has entries like: 2020-10-15 14:29:58.418313500 new msg 8428251 2020-10-15 14:29:58.418315500 info msg 8428251: bytes 574 from qp 511025 uid 89 2020-10-15 14:29:58.418336500 starting delivery 1: msg 8428251 to remote anothe...@gmail.com 2020-10-15 14:29:58.418337500 status: local 0/10 remote 1/60 2020-10-15 14:29:59.220407500 delivery 1: success: _173.194.204.26_accepted_message./Remote_host_said:_250_2.0.0_OK__1602786599_w13si301qtv.16_-_gsmtp/ 2020-10-15 14:29:59.220525500 status: local 0/10 remote 0/60 2020-10-15 14:29:59.220563500 end msg 8428251 The message in gmail shows up with the padlock having a red line through it, indicating it was not encrypted during transit. Since I see the 250 in the send log, I would assume that should my server attempt to use TLS, there should be a, "starttls" getting logged? My /var/qmail/supervise/send/run file is simply: #!/bin/sh exec /var/qmail/rc Did I do something wrong that outbound SMTP is not even asking for TLS? - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] QMT is not issuing a STARTTLS on outbound SMTP
Hello, list! According to http://www.qmailtoaster.net/notls.html , all outbound SMTP should be using TLS unless a domain is configured explicitly not use it. However, without even creating the directory /var/qmail/control/notlshosts every message I send from my server to gmail.com is going unencrypted. The /var/log/qmail/send/current file has entries like: 2020-10-15 14:29:58.418313500 new msg 8428251 2020-10-15 14:29:58.418315500 info msg 8428251: bytes 574 from qp 511025 uid 89 2020-10-15 14:29:58.418336500 starting delivery 1: msg 8428251 to remote anothe...@gmail.com 2020-10-15 14:29:58.418337500 status: local 0/10 remote 1/60 2020-10-15 14:29:59.220407500 delivery 1: success: _173.194.204.26_accepted_message./Remote_host_said:_250_2.0.0_OK__1602786599_w13si301qtv.16_-_gsmtp/ 2020-10-15 14:29:59.220525500 status: local 0/10 remote 0/60 2020-10-15 14:29:59.220563500 end msg 8428251 The message in gmail shows up with the padlock having a red line through it, indicating it was not encrypted during transit. Since I see the 250 in the send log, I would assume that should my server attempt to use TLS, there should be a, "starttls" getting logged? My /var/qmail/supervise/send/run file is simply: #!/bin/sh exec /var/qmail/rc Did I do something wrong that outbound SMTP is not even asking for TLS? - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Dspam Doesn't Install on CentOS 8
Thank you, Eric. That solved the issue with the installation of dspam. On 10/7/20 4:50 PM, Eric Broch wrote: here is the repo file and the mirror file # cat fedora.repo [fedora] name=Fedora 28 mirrorlist=file:///etc/yum.repos.d/fedoramirrors enabled=1 gpgcheck=0 priority=100 # cat fedoramirrors https://d2lzkl7pfhq30w.cloudfront.net/pub/archive/fedora/linux/releases/28/Everything/x86_64/os/ http://mirror.math.princeton.edu/pub/fedora-archive/fedora/linux/releases/28/Everything/x86_64/os/ http://pubmirror1.math.uh.edu/fedora-buffet/archive/fedora/linux/releases/28/Everything/x86_64/os/ https://pubmirror2.math.uh.edu/fedora-buffet/archive/fedora/linux/releases/28/Everything/x86_64/os/ http://mirrors.kernel.org/fedora-buffet/archive/fedora/linux/releases/28/Everything/x86_64/os/ https://dl.fedoraproject.org/pub/archive/fedora/linux/releases/28/Everything/x86_64/os/ On 10/7/2020 2:28 PM, Eric Broch wrote: I enabled fedora 28 repo at priority=100 (standard 99) so as not to mess with el8. Two packages are required from fedora perl-Mail-Mbox-MessageParser noarch 1.5105-11.fc28 fedora 59 k perl-Mail-MboxParser noarch 0.55-22.fc28 fedora 61 k On 10/7/2020 9:42 AM, Jim McNamara wrote: Hello, folks. I am in process of building a machine on CentOS 8 via the scripts and instructions from http://www.qmailtoaster.net/. I've encountered a problem with dspam however. When I download and execute https://raw.githubusercontent.com/qmtoaster/dspam/master/dspamdb.sh, this is the immediate output - [root@catchmail2 installs]# ./dspamdb.sh Last metadata expiration check: 1:45:28 ago on Wed 07 Oct 2020 08:39:09 AM EDT. Error: Problem 1: conflicting requests - nothing provides perl(Mail::MboxParser) needed by dspam-3.10.2-31.qt.mariadb.el8.x86_64 Problem 2: conflicting requests - nothing provides perl(GD::Graph::lines3d) needed by dspam-web-3.10.2-31.qt.mariadb.el8.x86_64 (try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages) The rest of the script continues and creates the database, but nothing practical gets installed: [root@catchmail2 installs]# which dspam /usr/bin/which: no dspam in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin) [root@catchmail2 installs]# find /usr -name dspam /usr/share/selinux/targeted/default/active/modules/100/dspam [root@catchmail2 installs]# In the (distant) past I got myself into deep trouble having some Perl modules installed via the OS and others from CPAN, more often than not the two separate install types wouldn't see/interact with one another, even when things end up somewhere below /usr/local. Before I tried again with the suggested --skip-broken or --nobest options added into the script, I wanted to write to make Eric aware that there's missing dependencies on a clean CentOS 8 install. I'll snapshot the machine and try again with --nobest. My suspicion is GD::Graph::lines3d would be unnecessary for a functional tool, but Mail::MboxParser is most likely a must have and no clear path to get it. If anyone has suggestions to those packages, I'd love to hear your suggestions. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Dspam Doesn't Install on CentOS 8
Hello, folks. I am in process of building a machine on CentOS 8 via the scripts and instructions from http://www.qmailtoaster.net/. I've encountered a problem with dspam however. When I download and execute https://raw.githubusercontent.com/qmtoaster/dspam/master/dspamdb.sh, this is the immediate output - [root@catchmail2 installs]# ./dspamdb.sh Last metadata expiration check: 1:45:28 ago on Wed 07 Oct 2020 08:39:09 AM EDT. Error: Problem 1: conflicting requests - nothing provides perl(Mail::MboxParser) needed by dspam-3.10.2-31.qt.mariadb.el8.x86_64 Problem 2: conflicting requests - nothing provides perl(GD::Graph::lines3d) needed by dspam-web-3.10.2-31.qt.mariadb.el8.x86_64 (try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages) The rest of the script continues and creates the database, but nothing practical gets installed: [root@catchmail2 installs]# which dspam /usr/bin/which: no dspam in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin) [root@catchmail2 installs]# find /usr -name dspam /usr/share/selinux/targeted/default/active/modules/100/dspam [root@catchmail2 installs]# In the (distant) past I got myself into deep trouble having some Perl modules installed via the OS and others from CPAN, more often than not the two separate install types wouldn't see/interact with one another, even when things end up somewhere below /usr/local. Before I tried again with the suggested --skip-broken or --nobest options added into the script, I wanted to write to make Eric aware that there's missing dependencies on a clean CentOS 8 install. I'll snapshot the machine and try again with --nobest. My suspicion is GD::Graph::lines3d would be unnecessary for a functional tool, but Mail::MboxParser is most likely a must have and no clear path to get it. If anyone has suggestions to those packages, I'd love to hear your suggestions. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com