RE: [courier-users] My Modest Proposal
I think its important to the evolution of Courier that it eventually support modification of messages from any courierfilter. I've never quite understood why this isn't allowed - possibly a filesize issue, security? I would only be guessing, but in the grand scheme of things I'm sure there's a lot of folks that would love this ability. I'd like to hear from Sam regarding the effort to make this modification and perhaps why its so long in coming? Thanks, D -- Derrick T. Woolworth RD Technology, LLC. 6701 W. 121st, Suite 310 Overland Park, KS 66209 Phone: (913) 491-0345 Fax: (913) 491-1645 Quoting Mitch (WebCob) [EMAIL PROTECTED]: | Hi Lloyd. | | Would like to hear what others think including Sam - but it sounds like the | best of a bad situation to me. I wonder how the effort and overhead you are | making compare with a patch to courier that would allow modification of | message files during global filtering. Although such an option may lower the | efficiency of delivery perhaps if submitted as a compile time option it | could be acceptable for inclusion in the distribution. | | Personally, I make my hacks as a last resort after trying to ellicit | support, as maintaining them - particularly when dependancies on the core | software may not be broken with future versions. | | I've seen people running filters twice to do rejection and modification | separately - maybe before embarcing on this you might want to do some | benchmarks? | | Just a few thoughts. | | m/ | | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED] Behalf Of Lloyd | Zusman | Sent: Wednesday, February 11, 2004 5:21 AM | To: [EMAIL PROTECTED] | Subject: [courier-users] My Modest Proposal | | | In one or two other threads, I mentioned a Modest Proposal for a small | change in Courier. I'm about to start work on a patch and a piece of | add-on software that implement this proposal, and so I want to describe | it here, in a bit more detail. | | The problem I'm trying to solve is this: for reasons of efficiency, | Courier's global filters cannot modify messages. Only local filters can | do that. Because a global filter can cause an immediate failure during | the SMTP dialog, there are some functions that are best performed during | a global filter. But some of these functions make minor changes to the | message, such as the addition of header fields. SPF is one such | function. | | The recommended solution for this, namely having the global filter | modify the control file in order to block message delivery and then | re-injecting a modified version of the message, is cumbersome, | inelegant, overly complex, and probably inefficient. | | Therefore, I propose the following: | | A small change is made to Courier (probably only a few lines of code in | submit.C) which will cause a unique ID to be put into the Received: | header for every message that Courier processes. Because this ID will | be visible both during global and local filtering, it provides a way to | match a message going through a local filter with its predecessor that | might have gone through a global filter. This allows state information | to be maintained for the life of a message through the local and global | filters. | | I propose the generation of this unique ID instead of using the | Message-ID header, because we cannot count on Message-ID being totally | unique. | | How does this solve the problem that I mentioned above? Well, a global | filter that wants to change a message can create an entry in a data | store using this unique ID as a key. In this entry will be some sort of | description of the change. Later, when the message passes through the | local filter, the data store is accessed and the entry is looked up by | means of this same unique ID. The local filter then interprets this | data and makes whatever modification is necessary to the message. | | As an adjunct to this small patch to (probably) submit.C, I will also | write a package that can be used within global and local filters to | manage this data store. Since I'm using courier-pythonfilter for my | global filtering, I will write this adjunct package in Python. Of | course, there is no requirement to use this package. Many people | will just want to ignore this unique ID, and others will want to | use it in their own ways. | | An example should clarify this. Here's how this would work with SPF: | | 1. SMTP dialog begins. | | 2. A global filter is invoked at the appropriate time in order to | perform SPF checking. If this test fails, the message is | immediately rejected. But if it succeeds, we need to add an | SPF-Received header to the message. | | 3. Still within the global filter, extract the new unique ID from | Courier's Received header in the message. | | 4. Using my adjunct data store package, persist an appropriate | SPF-Received
Re: [courier-users] Re: Global filtering
Nice one, thank you $TCPREMOTEHOST (and/or maybe $TCPLOCALPORT) is all you need. Courier currently lacks some mechanism to exclude hosts from filtering. One easy to implement solution could be to skip the filtering-stage alltogether when RELAYCLIENT (and maybe BLOCK=) ist set. But if you reinject the message via pipe to sendmail it wont be filtered since this is by default limited to messages received via smtp, and this also gets you around the per-source limit of couriertcpd. Not refiltering by system specification is the cleanest thing to do. Messing around with the control- and datafiles is still an ugly hack though, I think I got how to do it; still have to test it with batchsize=4 but I got the basis. That's the official method. I think courier uses it internally either. Ale --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Re: Global filtering
I think Roland answered most of this already - except to say that the way to exclude messages from refiltering was to set an X-Already-Seen-By-My-Filter header so that you could skip re-running if you saw that header. Suggested injection method was I belive by sendmail call. The X-Already-Seen-By-My-Filter will stay in the mail message, thus is not secret. So this works for filters that allow the sender to skip them. (I don't happen to have an example of such a thing, but I believe there are cases...) Julian Mehnle wrote: That's a bad idea, since any spammer or virus could send messages with that header field already included, and thus bypass filtering. That's basically correct. Mitch (WebCob) wrote: 1) there is no reason this would remain constant If the filter digitally signes the already filtered content, then that works. Otherwise the filter has no method to distinguish spoofed headers, except perhaps looking up a database based on some key... 2) as this value is only used locally, it wouldn't be that quick to leak (relative to other leaks of addresses The header would be readable to all users. Unless the filter overwrites its content on-file: E.g. reinject with X-Already-Seen-By-My-Filter: 1234 but upon finding it overwrite on-file as X-Already-Seen-By-My-Filter: 3) it would be very easy to rotate this regularly to keep it from being guessed I don't think you can make assumption as to when the reinjected message will come around. Can that be a couple of days? So old values must remain valid. 4) there would be a trail of received headers that could be used to validate it But it can be spoofed... Don't think it's the best option, but this was the best idea when this was last discussed. It seemed to me as well, but when I tried to write it it made no sense any more. I don't know WHY we can't change the architecture to allow filters to modify the messages... perhaps someone with more C knowlege than I can look at it? The explanation I recall is that filtering happens while courier is in the middle of something and it keeps offsets to various mime entities. If that's true the trick in (2) above might work. [...] compare with a patch to courier that would allow modification of message files during global filtering. Although such an option may lower the efficiency of delivery perhaps if submitted as a compile time option it could be acceptable for inclusion in the distribution. I think the architectural change you mention could be done without having to re-parse each message after any filtering. E.g. there could be an api that manages the single mime entities and that is used by courier an filters alike. But I bet this is not one of Sam's priorities. Ale --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: My Modest Proposal
Mitch \(WebCob\) [EMAIL PROTECTED] writes: Hi Lloyd. Would like to hear what others think including Sam - but it sounds like the best of a bad situation to me. I wonder how the effort and overhead you are making compare with a patch to courier that would allow modification of message files during global filtering. Although such an option may lower the efficiency of delivery perhaps if submitted as a compile time option it could be acceptable for inclusion in the distribution. Well, from what I know about the structure of Courier, it would take a lot of refactoring to allow the modification of messages during a global filter. That's because the message file that we see during this step is a temporary file. The real message file has not yet been created, as far as I know. You can see the sequence of events that take place during message processing here: http://www.courier-mta.org/queue.html Personally, I make my hacks as a last resort after trying to ellicit support, as maintaining them - particularly when dependancies on the core software may not be broken with future versions. If you look through the archives of this mailing list, you will see over the years that there have been numerous requests made for the ability to modify messages within global filters, and these have gotton nowhere. I believe that there is plenty of popular support for this feature which has, so far, been ignored. And keep in mind that I posted my Modest Proposal as a solicitation for discussion. Any patches that I post will also be for the purpose of a feasibility study. I seriously doubt that my patch would end up being part of any official Courier release simply because I post it here. It would just spur more discussion, I hope. And as for this patch itself, remember that it consists solely of putting a unique id field into the Received header. This is a minor change, and it mirrors what some other MTA's already do. Even if we don't end up using this to facilitate the methodology that I outlined in my Modest Proposal, it still is a useful feature in and of itself. I've seen people running filters twice to do rejection and modification separately - maybe before embarcing on this you might want to do some benchmarks? I fully intend to perform some benchmarks to _compare_ the rejection/re-insertion idea with my proposed methodology. I can only do this once I have written the code outlined in my proposal. This will be completed in a few days, at which time I'll run the benchmarks and post the results here ... as well as my patch and code. Just a few thoughts. m/ -- Lloyd Zusman [EMAIL PROTECTED] --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Does Courier override MX entries with local settings? If yes, how to change this?
Peter Holm wrote: Hi, does courier override dns mx entries with it´s local settings? I have a situation, where this happens. I would like to change this. courier does not change any dns settings, however if a domain is in hosteddomains or in locals it is treated as such and will attempt to deliver locally, unless overridden with esmtproutes (check details at http://www.courier-mta.org/courier.html ) You seem to have a special case because as you have it configured you are treating domains as locally delivered although they are not, you could possbily put a global esmtproutes entry when the server is in fallback mode and remove it when its working as the master. Server.A is a machine that is configured as a Fallback Mail Server. If the main.mailserver.dom is offline, dns A records change and Server.A will be main.mailserver.tld itself. (Yes, multiple mx records should be sufficient, but we use this fallback for webservers anyway so using it for mailservers was a site-effect...) So Server.A has always a fully functional courier configuration for several domains, including example.com, waiting in hot standby mode for it´s combat order. Now, just for some practical reasons and to not let the machine feel so lonely, I am using this Server.A as the mailserver for some private addresses. So I discovered, if I want to send mail to a friendsdomain.tld, that is configured in esmptacceptmailfor and hosteddomains on the same machine, it will never leave Server.A. Note: dig mx friendsdomain.tld in this case will NOT point with any hostname or ip to Server.A ! So, if I understand things right, courier seems to override infos from mx record with the settings in /etc/courier. Is this a feature? Can this be changed? What did i wrong? If you want to discuss [dis-] advantages of the dns a-record-changing fallback strategy, this should be a seperate thread but nevertheless it would be very interesting to hear your opinions. Thanks for your attention! Have a nice day, Peter --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id56alloc_id438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: My Modest Proposal
Lloyd Zusman [EMAIL PROTECTED] writes: [ ... ] And as for this patch itself, remember that it consists solely of putting a unique id field into the Received header. This is a minor change, and it mirrors what some other MTA's already do. Even if we don't end up using this to facilitate the methodology that I outlined in my Modest Proposal, it still is a useful feature in and of itself. This patch is attached. It's for courier-0.44.2.20040207. It adds an id field to the Received header, as in the 3rd line of this example: Received: from speed.spamwall.net ([:::66.55.26.26]) (TLS: TLSv1/SSLv3,256bits,AES256-SHA) id 2LYK%swpAQCyOStAlKYKAGP4qUs by asfast.net with esmtp; Thu, 12 Feb 2004 03:30:41 -0500 The majority of the code in this patch is for the algorithm for generating the ID. The insertion of the ID itself takes just 2-3 lines of code. I have not yet completed the data store module that will make use of this ID to implement my Modest Proposal. Once I complete and test this code, I will post it, along with the results of benchmarks that I will run, comparing it to the rejection/re-insertion methodology. *** courier/submit.C.orig Mon Dec 15 20:51:29 2003 --- courier/submit.C Thu Feb 12 07:34:41 2004 *** *** 12,17 --- 12,18 #include rfc2045/rfc2045charset.h #include rfc1035/rfc1035.h #include rfc1035/rfc1035mxlist.h + #include rfc2045/rfc2045.h #include numlib/numlib.h #include dbobj.h #include afx.h *** *** 35,41 --- 36,52 #if HAVE_UNISTD_H #include unistd.h #endif + #if TIME_WITH_SYS_TIME + #include sys/time.h #include time.h + #else + #if HAVE_SYS_TIME_H + #include sys/time.h + #else + #include time.h + #endif + #endif + #include netdb.h #define TIMEOUT 1800 *** *** 935,940 --- 946,1076 static void getrcpt(struct rw_info *rwi); static void rcpttoerr(int, const char *, struct rw_info *); + struct unique_id_buffer + { + struct in_addr ip; + int pid; + struct timeval calltime; + unsigned int counter; + }; + #define UNIQUE_BUFFER_SIZE (sizeof (unique_id_buffer)) + + static int write_unique_bytes(const char *p, size_t l, void *vp) + { + char **cp = (char **) vp; + + while (l 0) + { + switch (*p) + { + case '\r': + case '\n': + case '=': + p++; + l--; + continue; + case '/': + *p++; + **cp = '@'; + break; + case '+': + *p++; + **cp = '%'; + break; + default: + **cp = *p++; + break; + } + ++*cp; + l--; + } + + return 0; + } + + union ul_byte_overlay { + unsigned long ul; + struct { + unsigned char b[4]; + } uc; + }; + + static unsigned long reverse_bytes(unsigned long item) + { + union ul_byte_overlay inp; + union ul_byte_overlay out; + + inp.ul = item; + for (int i = 0; i 4; i++) { + out.uc.b[i] = inp.uc.b[3 - i]; + } + return (out.ul); + } + + static char* unique_id() + { + static char result[ (UNIQUE_BUFFER_SIZE + 3) / 3 * 4 + 1 ]; + static struct unique_id_buffer unique_id_buff = { 0 }; + + char* rp = result; + struct rfc2045_encode_info encodeInfo; + + if (unique_id_buff.pid == 0) + { + char hostbuff[256]; + struct hostent* he; + + // First call only. + unique_id_buff.pid = getpid(); + gethostname(hostbuff, sizeof (hostbuff) - 1); + he = gethostbyname(hostbuff); + if (he == NULL) + { + memset((char*) unique_id_buff.ip, 0xff, + sizeof (unique_id_buff.ip)); + } + else + { + struct in_addr hin; + if (he-h_addrtype != AF_INET || + he-h_length (int) sizeof (hin)) + { + memset((char*) unique_id_buff.ip, 0xff, + sizeof (unique_id_buff.ip)); + } + else + { + memcpy((char*) hin, he-h_addr_list[0], + sizeof (hin)); + memcpy((char*) unique_id_buff.ip, + (char*) (hin.s_addr), + sizeof (unique_id_buff.ip)); + } + } + srandomdev(); + unique_id_buff.counter = (unsigned long) random(); + } + + gettimeofday(unique_id_buff.calltime, NULL); + + rfc2045_encode_start(encodeInfo, base64, write_unique_bytes, rp); + rfc2045_encode(encodeInfo, (char*) unique_id_buff, + UNIQUE_BUFFER_SIZE); + rfc2045_encode_end(encodeInfo); + *rp = 0; + + // It doesn't matter if the following increment overflows, + // because that will only be a problem if this routine is called + // 2**32 times within a single microsecond. By the time systems + // are fast enough for this to happen, we should refactor this + // routine. + + unique_id_buff.counter = + reverse_bytes(reverse_bytes(unique_id_buff.counter) + 1); + + return (result); + } + static void getrcpts(struct rw_info *rwi) { struct mailfrominfo *mf=(struct mailfrominfo *)rwi-udata; *** *** 1087,1092 --- 1223,1232 line += identinfo; line += ')'; } + + // Now, always insert a unique ID + line += \n id ; + line += unique_id(); line += \n by ; line += config_me();
[courier-users] Rejection/re-insertion methodology howto?
Hi, I am now fighting my way through configuring courier-mta with virus and spam filtering and I must admit I lack some good documentation for that. I have read about the rejection/re-insertion metodology and would like to ask you if you could enlighten me about it a little bit more. As far as I understand it, its' a method where courier accepts an email on one port (25) then forwards it to a global filtering program. This program then makes any tests necessary and (if the message is ok) re-sends the message to courier to another port. Is that correct? Could anyone show me a functional example, please? Best regards, David. --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] can't find root@www.my-domain.com
On Thursday 12 February 2004 13:19, Eric Livingston wrote: Yet, I get error messages emailed to me with 550 errors, saying that [EMAIL PROTECTED] is an unknown user. What am I missing? My aliases file started with: root: postmaster If you'll forgive one of those maybe you missed the obvious type questions, is postmaster a defined local user? Jeff Jansen --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] IMAP/POP-SSL and Comodo Certificates
Hello, I would like to know how to use Comodo SSL certificates with Courier POP/IMAP etc. Setting up Apache to recognize this is a no-brainer ... For Courier I did the following steps: - put the Comodo root certificates into /usr/lib/courier/rootcerts alongside with the shipped one - run c_rehash on this directory - put the certificate and the private key for the mail domain into /etc/courier/imapd.pem - restart courier-imap-ssl Running: openssl s_client -connect mail.myhost.net:imaps -CApath /usr/lib/courier/rootcerts/ on the mail server shows Verify: 0. Is anything alright now ? Are there any mail clients (preferably for Linux) which show the SSL certificate (chain) ? Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
RE: [courier-users] Re: My Modest Proposal
-Original Message- From: Lloyd Zusman Sent: Thursday, February 12, 2004 4:15 AM [ Snip ] And as for this patch itself, remember that it consists solely of putting a unique id field into the Received header. This is a minor change, and it mirrors what some other MTA's already do. Even if we don't end up using this to facilitate the methodology that I outlined in my Modest Proposal, it still is a useful feature in and of itself. I think overall I agree with Lloyd here that this proposal is both low cost and generally beneficial, which is more than one can say about the other schemes discussed! And if the unique ID is kept simple (I've received Lloyd's patch, but haven't yet had a chance to look at the code, so I don't know how simple it is) it seems to me that, say, adding the ID to the maillog would have some nice consequences for admins. With only a little thought, it seems to me that a 12 byte ID (encoded base64, naturally, for a 16 character string) would do the trick: IP and socket from which the thing arrived, 32 bit time-in-seconds, and a 16 bit iterating counter (to disambiguate messages received through the same socket during the same second; 64K messages/sec should be fine). Spoofing can be prevented by positioning: only the first (or last, whichever is easier) ID header would count, just as only the last Received-From: can be trusted. This approach (having Courier add an ID) seems to have the virtue that those who don't care about rewriting (i.e. those for whom the current globalfilter/locafilter scheme works sufficiently well) aren't penalized much by the new header, while those that want/need sophisticated globalfiltering pay whatever price is necessary for their requirements. Lloyd Zusman [EMAIL PROTECTED] Malc. --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] can't find root@www.my-domain.com
- Original Message - From: Jeff Jansen [EMAIL PROTECTED] To: Courier Users List [EMAIL PROTECTED] Sent: Thursday, February 12, 2004 10:26 AM Subject: Re: [courier-users] can't find [EMAIL PROTECTED] On Thursday 12 February 2004 13:19, Eric Livingston wrote: Yet, I get error messages emailed to me with 550 errors, saying that [EMAIL PROTECTED] is an unknown user. What am I missing? My aliases file started with: root: postmaster If you'll forgive one of those maybe you missed the obvious type questions, is postmaster a defined local user? Jeff Jansen I have an alias for postmaster, like this: postmaster: eric This appears near the bottom and seems to work in general, as several other aliases that point to postmaster do wind up getting to my account just fine. --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Re: My Modest Proposal
On Thu, 12 Feb 2004, Lloyd Zusman wrote: Well, from what I know about the structure of Courier, it would take a lot of refactoring to allow the modification of messages during a global filter. That's because the message file that we see during this step is a temporary file. The real message file has not yet been created, as far as I know. You can see the sequence of events that take place during message processing here: http://www.courier-mta.org/queue.html I don't think that's quite accurate. My understanding of that same document is that we are operating on the same exact message that ends up being processed by courierd, but it's *current name* is such that courerd ignores it until submit renames it. However, it's not like when filtering is done, submit creates *another* copy of the message, it's just renamed. And as for this patch itself, remember that it consists solely of putting a unique id field into the Received header. This is a minor change, and it mirrors what some other MTA's already do. Even if we don't end up using this to facilitate the methodology that I outlined in my Modest Proposal, it still is a useful feature in and of itself. To me, it's just a hack. Sorry, but that's how I feel. I've seen people running filters twice to do rejection and modification separately - maybe before embarcing on this you might want to do some benchmarks? I fully intend to perform some benchmarks to _compare_ the rejection/re-insertion idea with my proposed methodology. I can only do this once I have written the code outlined in my proposal. This will be completed in a few days, at which time I'll run the benchmarks and post the results here ... as well as my patch and code. I think that's a great idea! However, my suggestion would be to use submit to your advantage here. The submit protocol is well documented somewhere (I read it for over an hour the other night) and while a little unwieldy IMO it also seems like the best way to do injection. I come from a qmail background, and it seems to me that 'submit' takes the place of qmail-inject and qmail-queue. It also seems like there might be some benefit to writing a qmail-inject-like wrapper for submit. -- Ensign Walnut approaches Dr. Crusher with caution... Jon Nelson [EMAIL PROTECTED] C and Python Code Gardener --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Rejection/re-insertion methodology howto?
On Thu, 12 Feb 2004, David Bruha wrote: Hi, I am now fighting my way through configuring courier-mta with virus and spam filtering and I must admit I lack some good documentation for that. I have read about the rejection/re-insertion metodology and would like to ask you if you could enlighten me about it a little bit more. As far as I understand it, its' a method where courier accepts an email on one port (25) then forwards it to a global filtering program. This program then makes any tests necessary and (if the message is ok) re-sends the message to courier to another port. Is that correct? Could anyone show me a functional example, please? I don't think that's quite right. IIRC, it goes like this (I'm probably wrong): submit creates the control and data files in the temp queue. These are named in such a way that courierd doesn't pay attention to them. Then, filtering takes place. Note that one end of submit is still talking to the sender (let's say esmtpd) and the other end is the filtering stuff. That's how (I think) the filtering messages get back to the smtp dialog. I'm probably way off base here. Anyway, after filtering is done, submit renames the control and data files and signals courierd, and exits. Mr. Sam: could you please give us a detailed process overview as to how messages go from (say, esmtpd) through submit, through the global filters, and then the final signaling of courierd? If the queue docs on courier-mta.org are close but a bit out of date (I don't see /any/ mention of global filtering there) I'm sure many of us would appreciate an update somehwere. I am willing to help out, but I need some pointers as to /where/ in the process filtering happens, and which files are responsible. Also, a reason why courier can't allow the modification of messages in global filters would be cool, and if you could point us to the source files relevant to that area I'm sure we'd all appreciate it. -- Ensign Walnut approaches Dr. Crusher with caution... Jon Nelson [EMAIL PROTECTED] C and Python Code Gardener --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
RE: [courier-users] My Modest Proposal
Me too. If it's still a long way off, then maybe this is the way to go - on the other hand if Sam can provide some guidance as to where one would have to look to start making such a change - and perhaps what the bigger challenges are, then maybe we can amass enough effort amounst us to make it happen - eh? m/ -Original Message- From: Derrick T. Woolworth [mailto:[EMAIL PROTECTED] Sent: Thursday, February 12, 2004 12:43 AM To: Mitch (WebCob) Cc: Lloyd Zusman; [EMAIL PROTECTED] Subject: RE: [courier-users] My Modest Proposal I think its important to the evolution of Courier that it eventually support modification of messages from any courierfilter. I've never quite understood why this isn't allowed - possibly a filesize issue, security? I would only be guessing, but in the grand scheme of things I'm sure there's a lot of folks that would love this ability. I'd like to hear from Sam regarding the effort to make this modification and perhaps why its so long in coming? Thanks, D -- Derrick T. Woolworth RD Technology, LLC. 6701 W. 121st, Suite 310 Overland Park, KS 66209 Phone: (913) 491-0345 Fax: (913) 491-1645 Quoting Mitch (WebCob) [EMAIL PROTECTED]: | Hi Lloyd. | | Would like to hear what others think including Sam - but it sounds like the | best of a bad situation to me. I wonder how the effort and overhead you are | making compare with a patch to courier that would allow modification of | message files during global filtering. Although such an option may lower the | efficiency of delivery perhaps if submitted as a compile time option it | could be acceptable for inclusion in the distribution. | | Personally, I make my hacks as a last resort after trying to ellicit | support, as maintaining them - particularly when dependancies on the core | software may not be broken with future versions. | | I've seen people running filters twice to do rejection and modification | separately - maybe before embarcing on this you might want to do some | benchmarks? | | Just a few thoughts. | | m/ | | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED] Behalf Of Lloyd | Zusman | Sent: Wednesday, February 11, 2004 5:21 AM | To: [EMAIL PROTECTED] | Subject: [courier-users] My Modest Proposal | | | In one or two other threads, I mentioned a Modest Proposal for a small | change in Courier. I'm about to start work on a patch and a piece of | add-on software that implement this proposal, and so I want to describe | it here, in a bit more detail. | | The problem I'm trying to solve is this: for reasons of efficiency, | Courier's global filters cannot modify messages. Only local filters can | do that. Because a global filter can cause an immediate failure during | the SMTP dialog, there are some functions that are best performed during | a global filter. But some of these functions make minor changes to the | message, such as the addition of header fields. SPF is one such | function. | | The recommended solution for this, namely having the global filter | modify the control file in order to block message delivery and then | re-injecting a modified version of the message, is cumbersome, | inelegant, overly complex, and probably inefficient. | | Therefore, I propose the following: | | A small change is made to Courier (probably only a few lines of code in | submit.C) which will cause a unique ID to be put into the Received: | header for every message that Courier processes. Because this ID will | be visible both during global and local filtering, it provides a way to | match a message going through a local filter with its predecessor that | might have gone through a global filter. This allows state information | to be maintained for the life of a message through the local and global | filters. | | I propose the generation of this unique ID instead of using the | Message-ID header, because we cannot count on Message-ID being totally | unique. | | How does this solve the problem that I mentioned above? Well, a global | filter that wants to change a message can create an entry in a data | store using this unique ID as a key. In this entry will be some sort of | description of the change. Later, when the message passes through the | local filter, the data store is accessed and the entry is looked up by | means of this same unique ID. The local filter then interprets this | data and makes whatever modification is necessary to the message. | | As an adjunct to this small patch to (probably) submit.C, I will also | write a package that can be used within global and local filters to | manage this data store. Since I'm using courier-pythonfilter for my | global filtering, I will write this adjunct package in Python. Of | course, there is no requirement to use this package. Many people | will just want to
Re: [courier-users] can't find root@www.my-domain.com
On Thursday 12 February 2004 15:49, Eric Livingston wrote: I have an alias for postmaster, like this: postmaster: eric This appears near the bottom and seems to work in general, as several other aliases that point to postmaster do wind up getting to my account just fine. run makealiases -dump | sort and make sure that you see an alias [EMAIL PROTECTED]: [EMAIL PROTECTED] The actual domain will be the contents of your /etc/courier/defaultdomain file or the me file if that doesn't exist. Jeff Jansen --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: My Modest Proposal
Malcolm Weir [EMAIL PROTECTED] writes: -Original Message- From: Lloyd Zusman Sent: Thursday, February 12, 2004 4:15 AM [ Snip ] And as for this patch itself, remember that it consists solely of putting a unique id field into the Received header. This is a minor change, and it mirrors what some other MTA's already do. Even if we don't end up using this to facilitate the methodology that I outlined in my Modest Proposal, it still is a useful feature in and of itself. I think overall I agree with Lloyd here that this proposal is both low cost and generally beneficial, which is more than one can say about the other schemes discussed! And if the unique ID is kept simple (I've received Lloyd's patch, but haven't yet had a chance to look at the code, so I don't know how simple it is) it seems to me that, say, adding the ID to the maillog would have some nice consequences for admins. With only a little thought, it seems to me that a 12 byte ID (encoded base64, naturally, for a 16 character string) would do the trick: IP and socket from which the thing arrived, 32 bit time-in-seconds, and a 16 bit iterating counter (to disambiguate messages received through the same socket during the same second; 64K messages/sec should be fine). Spoofing can be prevented by positioning: only the first (or last, whichever is easier) ID header would count, just as only the last Received-From: can be trusted. This is always the topmost Received header. submit writes that header on top of the message before calling the global filter. I use the following for my unique ID, encoded into base 64: 32-bit IP address 32-bit PID of submit (some systems use more than 16 bits for this) 64-bit time from gettimeofday() [down to microseconds] 32-bit incrementing counter I don't know that it's possible to find out the original socket ID from within the submit program (which is the sole program I patched) ... submit is the program which adds the Received header, and it always reads the message from stdin. Hmm ... I now realize that I don't need the incrementing counter, since there will be only one message processed per call to submit. I will remove it from my code and repost another patch once I test it. This approach (having Courier add an ID) seems to have the virtue that those who don't care about rewriting (i.e. those for whom the current globalfilter/locafilter scheme works sufficiently well) aren't penalized much by the new header, while those that want/need sophisticated globalfiltering pay whatever price is necessary for their requirements. Yes. Those are my main design goals. -- Lloyd Zusman [EMAIL PROTECTED] --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] IMAP/POP-SSL and Comodo Certificates
I've had my Courier 0.44 install using Comodo certs -- that I also first used with apache -- working fine for a while now. The trick is that you have to split the certificate from the trusted certs. The cert for my domain (kept in /usr/lib/courier/share) was supplied in the config using TLS_CERTFILE and the *trusted* certs were stored and referenced in TLS_TRUSTCERTS. that's all there was to it. Stefan Hornburg wrote: Hello, I would like to know how to use Comodo SSL certificates with Courier POP/IMAP etc. Setting up Apache to recognize this is a no-brainer ... For Courier I did the following steps: - put the Comodo root certificates into /usr/lib/courier/rootcerts alongside with the shipped one - run c_rehash on this directory - put the certificate and the private key for the mail domain into /etc/courier/imapd.pem - restart courier-imap-ssl Running: openssl s_client -connect mail.myhost.net:imaps -CApath /usr/lib/courier/rootcerts/ on the mail server shows Verify: 0. Is anything alright now ? Are there any mail clients (preferably for Linux) which show the SSL certificate (chain) ? Racke --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
RE: [courier-users] Re: My Modest Proposal
I think that's a great idea! However, my suggestion would be to use submit to your advantage here. The submit protocol is well documented somewhere (I read it for over an hour the other night) and while a little unwieldy IMO it also seems like the best way to do injection. I come from a qmail background, and it seems to me that 'submit' takes the place of qmail-inject and qmail-queue. It also seems like there might be some benefit to writing a qmail-inject-like wrapper for submit. I like that idea... wonder how hard it would be. One side note though - a word of warning. SpamAssassin looks at received headers and ALREADY fails to properly recognize courier's format - as a result mail received locally from an authenticated user is not detected as such and may be penalized for coming from a black hole listed IP I've submitted a bug report and been told that it MAY be fixed by version 2.70 - doing this could likely derail this header test again, so if you use SA you may have to code to skip it for locally authenticated users (which is probably an efficient idea anyways...) Looking forward to the benchmarks - and also secretly wanting to try modifying a message file to see what happens. Maybe we misunderstood Sam - it is possible a modification could be ok as long as it doesn't corrupt the mime envelope?? Just a thought... m/ --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Re: My Modest Proposal
Mitch \(WebCob\) [EMAIL PROTECTED] writes: [ ... ] Looking forward to the benchmarks - and also secretly wanting to try modifying a message file to see what happens. Maybe we misunderstood Sam - it is possible a modification could be ok as long as it doesn't corrupt the mime envelope?? Just a thought... m/ Well, I wish we did misunderstand, but we didn't. It's definitely and postively impossible to modify the message file during a global filter and for those changes to end up in the delivered message. Try it. - Lloyd -- Lloyd Zusman [EMAIL PROTECTED] God bless you. --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Rejection/re-insertion methodology howto?
Hmm - that's interesting. Really could use more documentation to this topic (scheme, more about the filters). A Howto would be excellent. ;) Regards, David. V t, 12. 02. 2004 v 17:22, Jon Nelson pe: On Thu, 12 Feb 2004, David Bruha wrote: Hi, I am now fighting my way through configuring courier-mta with virus and spam filtering and I must admit I lack some good documentation for that. I have read about the rejection/re-insertion metodology and would like to ask you if you could enlighten me about it a little bit more. As far as I understand it, its' a method where courier accepts an email on one port (25) then forwards it to a global filtering program. This program then makes any tests necessary and (if the message is ok) re-sends the message to courier to another port. Is that correct? Could anyone show me a functional example, please? I don't think that's quite right. IIRC, it goes like this (I'm probably wrong): submit creates the control and data files in the temp queue. These are named in such a way that courierd doesn't pay attention to them. Then, filtering takes place. Note that one end of submit is still talking to the sender (let's say esmtpd) and the other end is the filtering stuff. That's how (I think) the filtering messages get back to the smtp dialog. I'm probably way off base here. Anyway, after filtering is done, submit renames the control and data files and signals courierd, and exits. Mr. Sam: could you please give us a detailed process overview as to how messages go from (say, esmtpd) through submit, through the global filters, and then the final signaling of courierd? If the queue docs on courier-mta.org are close but a bit out of date (I don't see /any/ mention of global filtering there) I'm sure many of us would appreciate an update somehwere. I am willing to help out, but I need some pointers as to /where/ in the process filtering happens, and which files are responsible. Also, a reason why courier can't allow the modification of messages in global filters would be cool, and if you could point us to the source files relevant to that area I'm sure we'd all appreciate it. -- Ensign Walnut approaches Dr. Crusher with caution... Jon Nelson [EMAIL PROTECTED] C and Python Code Gardener --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id56alloc_id438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] EMTPD Blacklist A Record setting
Quick question re- blacklists... the webadmin page lists the 'A' Record setting as optional for a particular blacklist zone, Is the Courier default 127.0.0.2 or any record? (spamhaus.org have a combined lookup that may return 127.0.0.2 or 127.0.0.4) regards, Drew --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Making user names case-insensitive?
Is there a way to tell Courier that user names should be treated as case-insensitive? I know I should educate my users until they understand that email addresses are case-sensitive, but until then... -- Ciao, Flavio Stanchina Trento - Italy --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Odd sendmail issue
On Thu, Feb 12, 2004 at 02:19:43PM -0800, Bill Taroli wrote: There is probably an obvious fix for this, but I'm noticing that emails to a particular domain are failing. I'm receiving the following in the diagnostics output: I0 P mail.sarc.org [207.215.13.60] I0 S STARTTLS I0 T smtp I0 R 454 4.3.3 TLS not available I checked to confirm that the *_TLS_REQUIRED option is NOT set in my config files, except for emstpd-msa (for secure access for clients that login in remote and relay). So what might be happening here? The TLS_REQUIRED option refers to the esmtp *server* of courier. But that's not your problem. Your problem is that the courier esmtp *client* is seeing STARTTLS in the list of capabilities advertised by the remote host, trying to use TLS, and failing because the remote host doesn't actually support TLS despite advertising it. The remote host is misconfigured. You can override this in 2 ways: 1. Stop the esmtp client from trying TLS completely by disabling it in the courierd control file. 2. Use the esmtproutes file to selectively disable TLS for certain domains. Read the manual pages for details. -- Anand Buddhdev --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Making user names case-insensitive?
On Thu, Feb 12, 2004 at 11:33:45PM +0100, Flavio Stanchina wrote: Is there a way to tell Courier that user names should be treated as case-insensitive? I know I should educate my users until they understand that email addresses are case-sensitive, but until then... man courier, and search for locallowercase -- Anand Buddhdev --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Making user names case-insensitive?
touch $COURIER_PREFIX/etc/locallowercase On 13/02/2004, at 11:33 AM, Flavio Stanchina wrote: Is there a way to tell Courier that user names should be treated as case-insensitive? I know I should educate my users until they understand that email addresses are case-sensitive, but until then... -- Phillip Hutchings [EMAIL PROTECTED] http://www.sitharus.com/ smime.p7s Description: S/MIME cryptographic signature
[courier-users] unimportant authmysqlrc question
Hi This is just a question out of curiosity, not a problem: The sql database has a field home, with an absolute path to the (virtual) home directory, e.g. /var/mail/directory/account Is there a way to tell the authmysqlrc that there is a prefix which has to be put before every home directory? My idea was something like this TMP_VAR home MYSQL_HOME_FIELD/var/mail/$TMP_VAR in the authmysqlrc which for example would it make easy to migrate a whole Maildir structure from /var to /tmp or /home. (of course it is probably as easy to change the columns in the mysql database - i am really just curious) I have no scripting experience and I don't know which would be the correct expression (maybe without the TMP_VAR-Variable) Greetings and thanks Peter --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: My Modest Proposal
Jon Nelson writes: I come from a qmail background, and it seems to me that 'submit' takes the place of qmail-inject and qmail-queue. It also seems like there might be some benefit to writing a qmail-inject-like wrapper for submit. Submit takes place of qmail-queue. sendmail takes place of qmail-inject. It's not an exact match, but that's the rough roles that they play. pgp0.pgp Description: PGP signature
[courier-users] Re: My Modest Proposal
Derrick T. Woolworth writes: I think its important to the evolution of Courier that it eventually support modification of messages from any courierfilter. I've never quite understood why this isn't allowed - possibly a filesize issue, security? I would only be guessing, but in the grand scheme of things I'm sure there's a lot of folks that would love this ability. I'd like to hear from Sam regarding the effort to make this modification and perhaps why its so long in coming? There are other things that take priority. I'm only one person, and I have a day job that pays the bills. Naturally, things need to be prioritized. pgp0.pgp Description: PGP signature
Re: [courier-users] Odd sendmail issue
Other than having to specify an MX for a domain I don't administer, this worked great. Thanks! Anand Buddhdev wrote: On Thu, Feb 12, 2004 at 02:19:43PM -0800, Bill Taroli wrote: There is probably an obvious fix for this, but I'm noticing that emails to a particular domain are failing. I'm receiving the following in the diagnostics output: I0 P mail.sarc.org [207.215.13.60] I0 S STARTTLS I0 T smtp I0 R 454 4.3.3 TLS not available I checked to confirm that the *_TLS_REQUIRED option is NOT set in my config files, except for emstpd-msa (for secure access for clients that login in remote and relay). So what might be happening here? The TLS_REQUIRED option refers to the esmtp *server* of courier. But that's not your problem. Your problem is that the courier esmtp *client* is seeing STARTTLS in the list of capabilities advertised by the remote host, trying to use TLS, and failing because the remote host doesn't actually support TLS despite advertising it. The remote host is misconfigured. You can override this in 2 ways: 1. Stop the esmtp client from trying TLS completely by disabling it in the courierd control file. 2. Use the esmtproutes file to selectively disable TLS for certain domains. Read the manual pages for details. --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356_id=3438=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Message submission process (Re: Rejection/re-insertion methodology howto?)
Jon Nelson writes: Mr. Sam: could you please give us a detailed process overview as to how messages go from (say, esmtpd) through submit, through the global filters, and then the final signaling of courierd? If the queue docs on courier-mta.org are close but a bit out of date (I don't see /any/ mention of global filtering there) I'm sure many of us would appreciate an update somehwere. The queue docs are slightly dated, but they are mostly correct. 95% of the essential stuff in them hasn't changed. The submit process is responsible for inserting a new message into the mail queue. submit gets invoked by sendmail, courieresmtpd, or the courierdsn modules, as a child process. It receives the necessary information it needs through a combination of command line options, environment variables, and standard input and output. The message itself is read from standard input, and saved in what eventually will be message's data file. The message's control file is created at the same time. The actual mechanics of creating and naming the files is still what the docs say it is. The reason why a global filter cannot modify the message is because the submit process creates a data structure in memory, in parallel. The data structure describes the starting position and the ending position of each logical entity within the message: where the headers and the message body begins and ends. If the message contains MIME attachments each MIME attachment is also described as well. This structure is needed in the even the submit process feels it necessary to rewrite the message. A message may be rewritten for several reasons. The most common one would be to provide default values for MIME headers. If you have a system script that runs a jobs and mails its output, and your system uses the iso-8859-1 character set natively, then chances are that your system script will not bother to supply the MIME header that specifies that the messages uses the iso-8859-1 character set. Well, submit will do that for you, in this case. The reason that external filters cannot modify the message is because doing so will throw off the internal data structure that describes the logical structure of the message, which is relied upon in order for submit to rewrite the message properly. You do that, and submit is going to spit out complete crap. And the reason that filtering cannot occur before the data structure is parsed is for efficiency's sake. The message's structure is parsed in one sweep. And it is done at the same time submit reads the message from standard input. Rather than reading the message from standard input, saving it in a file, then reopening the file and reading the message again in order to parse it into its logical components, everything is done in one shot. As submit reads the message and saves it in the data file, it simultaneously parses it at the same time, at virtually no additional cost. The above should be sufficient to explain why global filters cannot touch the message. Not that it's impossible to do this, but it is more than a trivial change or an addition, and will require some non-trivial effort to do that in an efficient manner. pgp0.pgp Description: PGP signature
RE: [courier-users] Making user names case-insensitive?
search for locallowercase in the manual. The restriction is that ALL your user names and aliases MUST be in lower case... then all mixed case names will be converted to lower case before matching and local delivery. hth -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Flavio Stanchina Sent: Thursday, February 12, 2004 2:34 PM To: [EMAIL PROTECTED] Subject: [courier-users] Making user names case-insensitive? Is there a way to tell Courier that user names should be treated as case-insensitive? I know I should educate my users until they understand that email addresses are case-sensitive, but until then... -- Ciao, Flavio Stanchina Trento - Italy --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: IMAP/POP-SSL and Comodo Certificates
Stefan Hornburg writes: Hello, I would like to know how to use Comodo SSL certificates with Courier POP/IMAP etc. Setting up Apache to recognize this is a no-brainer ... For Courier I did the following steps: - put the Comodo root certificates into /usr/lib/courier/rootcerts alongside with the shipped one - run c_rehash on this directory - put the certificate and the private key for the mail domain into /etc/courier/imapd.pem - restart courier-imap-ssl Try converting Comodo's cert to PEM, and appending it to imapd.pem pgp0.pgp Description: PGP signature
[courier-users] ESMTP Authentication problems
Current issue - setting up ESMTP to use (simple) authentication. ESMTP is showing me: 220 hermes.unifiedsignal.com ESMTP 250-Requested mail action okay, completed 250-8BITMIME 250 SIZE No mention of: 250-AUTH LOGIN DIGEST-MD5 CRAM-MD5 PLAIN (I wouldn't expect to see DIGEST-MD5 or PLAIN, per ESMTPAUTH below) etc/courier/esmtpd contains (otherwise identical to esmtpd.dist): AUTH_REQUIRED=1 AUTHMODULES=authdaemon ESMTPAUTH=LOGIN CRAM-MD5 ESMTPDSTART=YES What am I missing/where should I look? -- John BOSSERT [EMAIL PROTECTED] --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
RE: [courier-users] Message submission process (Re: Rejection/re-insertion methodology howto?)
Hey Sam - Thanks! I think I understand a lot better, and imagine others do too... And of course if it isn't said often enough - we appreciate that you have a day job too and that there are always priorities... Now, for those of use who want to hack... I have a counter proposal... First the long term (perhaps nirvana like) and then the short term hack. Long term, it would be nice if a filter could signal - perhaps by exit code, that the structure needed to be reread and reparsed before continuing. On returning a certain exit code, courier could know that an acceptance was given, but that the message was changed, and force an rebuild of the memory structure you mentioned, using the message file as source. There may be a more efficent way to do it, such as distinguishing between header only vs. body mods, etc., but at least this would make the reparsing overhead only a burden to those of us who need it - and it would still be better than resending - right? Short term hack: So we can only make a change if it doesn't alter the position or structure of existing data. That's the key. So lets do just that. Define a buffer size, intended to be large enough to record whatever information you want to modify in a filter Then, much like Lloyd has suggested, path submit. Submit will now create a new header: X-Filter-Info: XX You could of course substiture X for any character you like - so long as it doesn't break mail header standards. Then, you could wrap your arbitrary filter data in base64, pad with X's, and replace the old header installed by submit. No message structure alteration, and an editable payload. Could even be done multiple times as needed for diferent filters or purposes - create as many place holder padded headers as needed - in fact this could be done generically, by including this value from the config file - so that a recompile isn't needed to change the headers As submit starts it could append a value from /etc/addheaders to the message. Anyone like this idea? Gets us to the editable header stage a lot quicker, without as much overhead doesn't it? Would I screw something up doing this? Sam: Thanks again for your efforts and the explanation. m/ --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message submission process (Re: Rejection/re-insertion methodology howto?)
On Thu, 12 Feb 2004 19:22:37 -0500 Sam Varshavchik [EMAIL PROTECTED] diligently divulged: The submit process is responsible for inserting a new message into the mail queue. submit gets invoked by sendmail, courieresmtpd, or the courierdsn modules, as a child process. [...] Not that it's impossible to do this, but it is more than a trivial change or an addition, and will require some non-trivial effort to do that in an efficient manner. Hello Sam and thank you for the thorough explanation. Does submit then connect to the globalfilter (run_filter in submit2.C)? In that case I would propose to implement a simple protocol on the socket where submit waits for any additional information from the filter (as it seems to be waiting for the smtp response code on a pipe) that it then could insert into the memory structure it still has at hand. I suppose this would be in cdfilters.C and submit2.C. Correct? tia /markus pgp0.pgp Description: PGP signature
RE: [courier-users] Odd sendmail issue
-Original Message- From: Anand Buddhdev Sent: Thursday, February 12, 2004 3:09 PM There is probably an obvious fix for this, but I'm noticing that emails to a particular domain are failing. I'm receiving the following in the diagnostics output: I0 P mail.sarc.org [207.215.13.60] I0 S STARTTLS I0 T smtp I0 R 454 4.3.3 TLS not available I checked to confirm that the *_TLS_REQUIRED option is NOT set in my config files, except for emstpd-msa (for secure access for clients that login in remote and relay). So what might be happening here? The TLS_REQUIRED option refers to the esmtp *server* of courier. But that's not your problem. Your problem is that the courier esmtp *client* is seeing STARTTLS in the list of capabilities advertised by the remote host, trying to use TLS, and failing because the remote host doesn't actually support TLS despite advertising it. The remote host is misconfigured. ... And is likely a MS Exchange server without its security certificates properly installed. There is a known bug with Exchage in that it will advertise capabilities that it subsequently decides it can't fulfill. You can override this in 2 ways: 1. Stop the esmtp client from trying TLS completely by disabling it in the courierd control file. 2. Use the esmtproutes file to selectively disable TLS for certain domains. Read the manual pages for details. 3. Persuading the other end that their server/certificates need attention. Option 2 is probably the most efficient! Anand Buddhdev Malc. --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: ESMTP Authentication problems
John BOSSERT writes: Current issue - setting up ESMTP to use (simple) authentication. ESMTP is showing me: 220 hermes.unifiedsignal.com ESMTP 250-Requested mail action okay, completed There is no such message Requested mail action okay, completed in Courier. Whatever this is, it's not Courier. pgp0.pgp Description: PGP signature
[courier-users] Re: Message submission process (Re: Rejection/re-insertion methodology howto?)
Markus Wernig writes: On Thu, 12 Feb 2004 19:22:37 -0500 Sam Varshavchik [EMAIL PROTECTED] diligently divulged: The submit process is responsible for inserting a new message into the mail queue. submit gets invoked by sendmail, courieresmtpd, or the courierdsn modules, as a child process. [...] Not that it's impossible to do this, but it is more than a trivial change or an addition, and will require some non-trivial effort to do that in an efficient manner. Hello Sam and thank you for the thorough explanation. Does submit then connect to the globalfilter (run_filter in submit2.C)? In Yes, it's submit that talks to filters. that case I would propose to implement a simple protocol on the socket where submit waits for any additional information from the filter (as it seems to be waiting for the smtp response code on a pipe) that it then could insert into the memory structure it still has at hand. I suppose this would be in cdfilters.C and submit2.C. Correct? Well, it's not as easy as inserting something into something else. The stuff in question is a hierarchical tree, that contains offsets, field contents, etc pgp0.pgp Description: PGP signature
[courier-users] Prevent folder deletion
I have an exim router that automatically handles spam for virtual users, by delivering it to a Maildir/.Spam folder. I would like to make this folder undeletable, like the Trash to maintain the integrity of the exim router. Is there an easy way to do this, or is the Trash functionality hard-coded? Thanks Matt --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Message submission process (Re: Rejection/re-insertion methodology howto?)
I won't quote more than necessary, but I *would* like to say thanks for clarifying. That most certainly helps out. I'm still a little unclear as to where exactly global filters are invoked and played with, but since I'm composing this email after having read a few responses (which ask questions I myself would ask) I'll leave it at a simple Thanks! -- Ensign Walnut approaches Dr. Crusher with caution... Jon Nelson [EMAIL PROTECTED] C and Python Code Gardener --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Failure running .make after configuring courier-imap
Title: Failure running .make after configuring courier-imap Hello, I am running into a wall. I am trying to configure and install courier-imap, to be used with postfix, which I successfully built and installed. My problem is that the make script is looking for openssl/ssl.h and err.h and rand.h. I have done everything possible to get this going. I have installed Openssl which is housed in /usr/local . The files that make is referencing are located in /usr/local/ssl/include/openssl, but no matter how I place this location in the path or CCPFLAGS env, I get stopped at the same place. I went into the Makefile in the tcpd directory and manually put in the path, but this did not work. I created links to the file in the /tcpd directory it did not take. Below is the output. What am I missing? I have RTFM and many searches but nothing. Thanks, Andre My System: Sun Blade 100, 5.9 Solaris bash-2.05$ make make all-gmake-check FOO=BAR Making all in numlib make all-am Making all in gdbmobj make all-am Making all in soxwrap make all-am Making all in unicode make all-am Making all in rfc822 make all-am Making all in rfc2045 make all-am Making all in random128 make all-am Making all in md5 make all-am Making all in sha1 make all-am Making all in rfc1035 make all-am Making all in liblock make all-am Making all in maildir make all-am Making all in makedat make all-am Making all in libhmac make all-am Making all in userdb make all-am Making all in authlib make all-am /bin/bash ./make-authdaemond.sh make `authdaemond.plain' is up to date. `authdaemond.ldap' is up to date. `authdaemond.mysql' is up to date. Making all in waitlib make all-am Making all in tcpd make all-am Compiling tlspasswordcache.c tlspasswordcache.c:9:25: openssl/ssl.h: No such file or directory tlspasswordcache.c:10:25: openssl/err.h: No such file or directory tlspasswordcache.c:11:26: openssl/rand.h: No such file or directory *** Error code 1 make: Fatal error: Command failed for target `tlspasswordcache.o' Current working directory /tmp/courier-imap-2.2.1/tcpd *** Error code 1 make: Fatal error: Command failed for target `all' Current working directory /tmp/courier-imap-2.2.1/tcpd *** Error code 1 make: Fatal error: Command failed for target `all-recursive'
[courier-users] Re: Failure running .make after configuring courier-imap
Jacobs, Andre writes: HTML content follows Failure running .make after configuring courier-imap Hello, I am running into a wall. I am trying to configure and install courier-imap, to be used with postfix, which I successfully built and installed. My problem is that the make script is looking for openssl/ssl.h and err.h and rand.h. I have done everything possible to get this going. I have installed Openssl which is housed in /usr/local . The files that make is referencing are located in /usr/local/ssl/include/openssl, but no matter how I place this location in the path or CCPFLAGS env, I get You should use CPPFLAGS=-I/usr/local/ssl/include export CPPFLAGS ./configure [options] You may also need to use LDFLAGS, depending upon where openssl's libraries are installed. pgp0.pgp Description: PGP signature
[courier-users] [request], please extende MAXPERIP options
hi, thanks Sam for courier-imap server. it's really best! i am using this over 2 years. request: please add per tcp/ip:netmask MAXPERIP options for courier-imap server. problem: using webmail (squirrelmail and smm) for access to mail boxes (about 5000 users, and set MAXPERIP=5000). but same users use stupid M$ mail readers (MS Outlook Express and MS Entourage). this apps generate lots connections to imap server (one connections for every mail in local app cache) and server totally freeze. need set MAXPERIP for webmail server to 5000 and for all others to 4. thanks! -- Miroslav Ris --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] dynamic delivery instruction and 550 User unknown
Hi. (B (BI am using dynamic delivery instruction in (B/etc/courier/aliasdir/courier-default . (BThe external program makes a lookup into a database and decides where is the (Bfinal destination. I want to make it such that if the lookup fails, the mta (Breturns 550 User unknown to the client program. (B (BHow can I achieve it? (B (BNat (B (B (B (B--- (BSF.Net is sponsored by: Speed Start Your Linux Apps Now. (BBuild and deploy apps Web services for Linux with (Ba free DVD software kit from IBM. Click Now! (Bhttp://ads.osdn.com/?ad_id=1356alloc_id=3438op=click (B___ (Bcourier-users mailing list (B[EMAIL PROTECTED] (BUnsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users