RE: [courier-users] My Modest Proposal

2004-02-12 Thread Derrick T. Woolworth 
I think its important to the evolution of Courier that it eventually support 
modification of messages from any courierfilter.  I've never quite understood 
why this isn't allowed - possibly a filesize issue, security?  I would only be 
guessing, but in the grand scheme of things I'm sure there's a lot of folks 
that would love this ability.

I'd like to hear from Sam regarding the effort to make this modification and 
perhaps why its so long in coming?

Thanks,

D

-- 
Derrick T. Woolworth
RD Technology, LLC.
6701 W. 121st, Suite 310
Overland Park, KS 66209
Phone: (913) 491-0345
Fax:   (913) 491-1645


Quoting Mitch (WebCob) [EMAIL PROTECTED]:

| Hi Lloyd.
| 
| Would like to hear what others think including Sam - but it sounds like the
| best of a bad situation to me. I wonder how the effort and overhead you are
| making compare with a patch to courier that would allow modification of
| message files during global filtering. Although such an option may lower the
| efficiency of delivery perhaps if submitted as a compile time option it
| could be acceptable for inclusion in the distribution.
| 
| Personally, I make my hacks as a last resort after trying to ellicit
| support, as maintaining them - particularly when dependancies on the core
| software may not be broken with future versions.
| 
| I've seen people running filters twice to do rejection and modification
| separately - maybe before embarcing on this you might want to do some
| benchmarks?
| 
| Just a few thoughts.
| 
| m/
| 
|  -Original Message-
|  From: [EMAIL PROTECTED]
|  [mailto:[EMAIL PROTECTED] Behalf Of Lloyd
|  Zusman
|  Sent: Wednesday, February 11, 2004 5:21 AM
|  To: [EMAIL PROTECTED]
|  Subject: [courier-users] My Modest Proposal
| 
| 
|  In one or two other threads, I mentioned a Modest Proposal for a small
|  change in Courier.  I'm about to start work on a patch and a piece of
|  add-on software that implement this proposal, and so I want to describe
|  it here, in a bit more detail.
| 
|  The problem I'm trying to solve is this: for reasons of efficiency,
|  Courier's global filters cannot modify messages.  Only local filters can
|  do that.  Because a global filter can cause an immediate failure during
|  the SMTP dialog, there are some functions that are best performed during
|  a global filter.  But some of these functions make minor changes to the
|  message, such as the addition of header fields.  SPF is one such
|  function.
| 
|  The recommended solution for this, namely having the global filter
|  modify the control file in order to block message delivery and then
|  re-injecting a modified version of the message, is cumbersome,
|  inelegant, overly complex, and probably inefficient.
| 
|  Therefore, I propose the following:
| 
|  A small change is made to Courier (probably only a few lines of code in
|  submit.C) which will cause a unique ID to be put into the Received:
|  header for every message that Courier processes.  Because this ID will
|  be visible both during global and local filtering, it provides a way to
|  match a message going through a local filter with its predecessor that
|  might have gone through a global filter.  This allows state information
|  to be maintained for the life of a message through the local and global
|  filters.
| 
|  I propose the generation of this unique ID instead of using the
|  Message-ID header, because we cannot count on Message-ID being totally
|  unique.
| 
|  How does this solve the problem that I mentioned above?  Well, a global
|  filter that wants to change a message can create an entry in a data
|  store using this unique ID as a key.  In this entry will be some sort of
|  description of the change.  Later, when the message passes through the
|  local filter, the data store is accessed and the entry is looked up by
|  means of this same unique ID.  The local filter then interprets this
|  data and makes whatever modification is necessary to the message.
| 
|  As an adjunct to this small patch to (probably) submit.C, I will also
|  write a package that can be used within global and local filters to
|  manage this data store.  Since I'm using courier-pythonfilter for my
|  global filtering, I will write this adjunct package in Python.  Of
|  course, there is no requirement to use this package.  Many people
|  will just want to ignore this unique ID, and others will want to
|  use it in their own ways.
| 
|  An example should clarify this.  Here's how this would work with SPF:
| 
|  1.  SMTP dialog begins.
| 
|  2.  A global filter is invoked at the appropriate time in order to
|  perform SPF checking.  If this test fails, the message is
|  immediately rejected.  But if it succeeds,  we need to add an
|  SPF-Received header to the message.
| 
|  3.  Still within the global filter, extract the new unique ID from
|  Courier's Received header in the message.
| 
|  4.  Using my adjunct data store package, persist an appropriate
|  SPF-Received

Re: [courier-users] Re: Global filtering

2004-02-12 Thread Alessandro Vesely 
Nice one, thank you

 $TCPREMOTEHOST (and/or maybe $TCPLOCALPORT) is all you need.
 
 Courier currently lacks some mechanism to exclude hosts from filtering.
 One easy to implement solution could be to skip the filtering-stage
 alltogether when RELAYCLIENT (and maybe BLOCK=) ist set.
 
 But if you reinject the message via pipe to sendmail it wont be filtered
 since this is by default limited to messages received via smtp, and this
 also gets you around the per-source limit of couriertcpd.

Not refiltering by system specification is the cleanest thing to do.

 Messing around with the control- and datafiles is still an ugly hack though,

I think I got how to do it; still have to test it with batchsize=4 but I
got the basis. That's the official method. I think courier uses it internally
either.

Ale


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Re: Global filtering

2004-02-12 Thread Alessandro Vesely 
 I think Roland answered most of this already - except to say that the way to
 exclude messages from refiltering was to set an X-Already-Seen-By-My-Filter
 header so that you could skip re-running if you saw that header. Suggested
 injection method was I belive by sendmail call.
 

The X-Already-Seen-By-My-Filter will stay in the mail message,
thus is not secret. So this works for filters that allow the
sender to skip them. (I don't happen to have an example of such
a thing, but I believe there are cases...)

Julian Mehnle wrote:
 
 That's a bad idea, since any spammer or virus could send messages with
 that header field already included, and thus bypass filtering.

That's basically correct.

Mitch (WebCob) wrote:
 
 1) there is no reason this would remain constant

If the filter digitally signes the already filtered content, then that works.
Otherwise the filter has no method to distinguish spoofed headers, except
perhaps looking up a database based on some key...

 2) as this value is only used locally, it wouldn't be that quick to leak
 (relative to other leaks of addresses

The header would be readable to all users. Unless the filter overwrites
its content on-file: E.g. reinject with X-Already-Seen-By-My-Filter: 1234
but upon finding it overwrite on-file as X-Already-Seen-By-My-Filter: 

 3) it would be very easy to rotate this regularly to keep it from being guessed

I don't think you can make assumption as to when the reinjected message will
come around. Can that be a couple of days? So old values must remain valid.

 4) there would be a trail of received headers that could be used to validate it

But it can be spoofed...
 
 Don't think it's the best option, but this was the best idea when this was last
 discussed.

It seemed to me as well, but when I tried to write it it made no sense any more.

 I don't know WHY we can't change the architecture to allow filters
 to modify the messages... perhaps someone with more C knowlege than I can look at it?

The explanation I recall is that filtering happens while courier is in the middle
of something and it keeps offsets to various mime entities. If that's true the trick
in (2) above might work.

 [...] compare with a patch to courier that would allow modification of
 message files during global filtering. Although such an option may lower the
 efficiency of delivery perhaps if submitted as a compile time option it
 could be acceptable for inclusion in the distribution.

I think the architectural change you mention could be done without having to
re-parse each message after any filtering. E.g. there could be an api that
manages the single mime entities and that is used by courier an filters alike.
But I bet this is not one of Sam's priorities.

Ale


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Re: My Modest Proposal

2004-02-12 Thread Lloyd Zusman 
Mitch \(WebCob\) [EMAIL PROTECTED] writes:

 Hi Lloyd.

 Would like to hear what others think including Sam - but it sounds like the
 best of a bad situation to me. I wonder how the effort and overhead you are
 making compare with a patch to courier that would allow modification of
 message files during global filtering. Although such an option may lower the
 efficiency of delivery perhaps if submitted as a compile time option it
 could be acceptable for inclusion in the distribution.

Well, from what I know about the structure of Courier, it would take
a lot of refactoring to allow the modification of messages during
a global filter.  That's because the message file that we see during
this step is a temporary file.  The real message file has not yet
been created, as far as I know.

You can see the sequence of events that take place during message
processing here:  http://www.courier-mta.org/queue.html


 Personally, I make my hacks as a last resort after trying to ellicit
 support, as maintaining them - particularly when dependancies on the core
 software may not be broken with future versions.

If you look through the archives of this mailing list, you will see over
the years that there have been numerous requests made for the ability to
modify messages within global filters, and these have gotton nowhere.  I
believe that there is plenty of popular support for this feature which
has, so far, been ignored.

And keep in mind that I posted my Modest Proposal as a solicitation for
discussion.  Any patches that I post will also be for the purpose of a
feasibility study.

I seriously doubt that my patch would end up being part of any official
Courier release simply because I post it here.  It would just spur more
discussion, I hope.

And as for this patch itself, remember that it consists solely of
putting a unique id field into the Received header.  This is a minor
change, and it mirrors what some other MTA's already do.  Even if we
don't end up using this to facilitate the methodology that I outlined in
my Modest Proposal, it still is a useful feature in and of itself.


 I've seen people running filters twice to do rejection and modification
 separately - maybe before embarcing on this you might want to do some
 benchmarks?

I fully intend to perform some benchmarks to _compare_ the
rejection/re-insertion idea with my proposed methodology.  I can only do
this once I have written the code outlined in my proposal.  This will
be completed in a few days, at which time I'll run the benchmarks and
post the results here ... as well as my patch and code.


 Just a few thoughts.

 m/

-- 
 Lloyd Zusman
 [EMAIL PROTECTED]



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Does Courier override MX entries with local settings? If yes, how to change this?

2004-02-12 Thread Tim Hunter 
Peter Holm wrote:
 Hi,

 does courier override dns mx entries with it´s local settings? I have
 a situation, where this happens. I would like to change this.


courier does not change any dns settings, however if a domain is in
hosteddomains or in locals it is treated as such and will attempt to deliver
locally, unless overridden with esmtproutes (check details at
http://www.courier-mta.org/courier.html )
You seem to have a special case because as you have it configured you are
treating domains as locally delivered although they are not, you could
possbily put a global esmtproutes entry when the server is in fallback mode
and remove it when its working as the master.

 Server.A is a machine that is configured as a Fallback Mail Server. If
 the main.mailserver.dom is offline, dns A records change and Server.A
 will be main.mailserver.tld itself. (Yes, multiple mx records should
 be sufficient, but we use this fallback for webservers anyway so using
 it for mailservers was a site-effect...)

 So Server.A has always a fully functional courier configuration for
 several domains, including example.com, waiting in hot standby mode
 for it´s combat order.

 Now, just for some practical reasons and to not let the machine feel
 so lonely, I am using this Server.A as the  mailserver for some
 private addresses. So I discovered, if I want to send mail to a
 friendsdomain.tld, that is configured in esmptacceptmailfor and
 hosteddomains on the same machine, it will never leave Server.A.

 Note: dig mx friendsdomain.tld in this case will NOT point with any
 hostname or ip to Server.A !

 So, if I understand things right, courier seems to override infos from
 mx record with the settings in /etc/courier.

 Is this a feature? Can this be changed? What did i wrong?

 If you want to discuss [dis-] advantages of the dns a-record-changing
 fallback strategy, this should be a seperate thread but nevertheless
 it would be very interesting to hear your opinions.


 Thanks for your attention!

 Have a nice day,
 Peter




---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56alloc_id438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Re: My Modest Proposal

2004-02-12 Thread Lloyd Zusman 
Lloyd Zusman [EMAIL PROTECTED] writes:

 [ ... ]

 And as for this patch itself, remember that it consists solely of
 putting a unique id field into the Received header.  This is a minor
 change, and it mirrors what some other MTA's already do.  Even if we
 don't end up using this to facilitate the methodology that I outlined in
 my Modest Proposal, it still is a useful feature in and of itself.

This patch is attached.  It's for courier-0.44.2.20040207.  It adds an
id field to the Received header, as in the 3rd line of this example:

  Received: from speed.spamwall.net ([:::66.55.26.26])
(TLS: TLSv1/SSLv3,256bits,AES256-SHA)
id 2LYK%swpAQCyOStAlKYKAGP4qUs
by asfast.net with esmtp; Thu, 12 Feb 2004 03:30:41 -0500

The majority of the code in this patch is for the algorithm for
generating the ID.  The insertion of the ID itself takes just 2-3 lines
of code.

I have not yet completed the data store module that will make use of
this ID to implement my Modest Proposal.  Once I complete and test this
code, I will post it, along with the results of benchmarks that I will
run, comparing it to the rejection/re-insertion methodology.

*** courier/submit.C.orig	Mon Dec 15 20:51:29 2003
--- courier/submit.C	Thu Feb 12 07:34:41 2004
***
*** 12,17 
--- 12,18 
  #include	rfc2045/rfc2045charset.h
  #include	rfc1035/rfc1035.h
  #include	rfc1035/rfc1035mxlist.h
+ #include	rfc2045/rfc2045.h
  #include	numlib/numlib.h
  #include	dbobj.h
  #include	afx.h
***
*** 35,41 
--- 36,52 
  #if	HAVE_UNISTD_H
  #include	unistd.h
  #endif
+ #if	TIME_WITH_SYS_TIME
+ #include 	sys/time.h
  #include	time.h
+ #else
+ #if	HAVE_SYS_TIME_H
+ #include	sys/time.h
+ #else
+ #include	time.h
+ #endif
+ #endif
+ #include	netdb.h
  
  #define	TIMEOUT	1800
  
***
*** 935,940 
--- 946,1076 
  static void getrcpt(struct rw_info *rwi);
  static void rcpttoerr(int, const char *, struct rw_info *);
  
+ struct unique_id_buffer
+ {
+ 	struct in_addr ip;
+ 	int pid;
+ 	struct timeval calltime;
+ 	unsigned int counter;
+ };
+ #define UNIQUE_BUFFER_SIZE (sizeof (unique_id_buffer))
+ 
+ static int write_unique_bytes(const char *p, size_t l, void *vp)
+ {
+ char **cp = (char **) vp;
+ 
+ 	while (l  0)
+ 	{
+ 		switch (*p)
+ 		{
+ 		case '\r':
+ 		case '\n':
+ 		case '=':
+ 			p++;
+ 			l--;
+ 			continue;
+ 		case '/':
+ 			*p++;
+ 			**cp = '@';
+ 			break;
+ 		case '+':
+ 			*p++;
+ 			**cp = '%';
+ 			break;
+ 		default:
+ 			**cp = *p++;
+ 			break;
+ 		}
+ 		++*cp;
+ 		l--;
+ 	}
+ 
+ 	return 0;
+ }
+ 
+ union ul_byte_overlay {
+ 	unsigned long ul;
+ 	struct {
+ 		unsigned char b[4];
+ 	} uc;
+ };
+ 
+ static unsigned long reverse_bytes(unsigned long item)
+ {
+ union ul_byte_overlay inp;
+ union ul_byte_overlay out;
+ 
+ 	inp.ul = item;
+ 	for (int i = 0; i  4; i++) {
+ 		out.uc.b[i] = inp.uc.b[3 - i];
+ 	}
+ 	return (out.ul);
+ }
+ 
+ static char* unique_id()
+ {
+ static char result[ (UNIQUE_BUFFER_SIZE + 3) / 3 * 4 + 1 ];
+ static struct unique_id_buffer unique_id_buff = { 0 };
+ 
+ char* rp = result;
+ struct rfc2045_encode_info encodeInfo;
+ 
+ 	if (unique_id_buff.pid == 0)
+ 	{
+ char hostbuff[256];
+ struct hostent* he;
+ 
+ 		// First call only.
+ 		unique_id_buff.pid = getpid();
+ 		gethostname(hostbuff, sizeof (hostbuff) - 1);
+ 		he = gethostbyname(hostbuff);
+ 		if (he == NULL)
+ 		{
+ 			memset((char*) unique_id_buff.ip, 0xff, 
+ 			   sizeof (unique_id_buff.ip));
+ 		}
+ 		else
+ 		{
+ 			struct in_addr hin;
+ 			if (he-h_addrtype != AF_INET || 
+ 			he-h_length  (int) sizeof (hin))
+ 			{
+ memset((char*) unique_id_buff.ip, 0xff, 
+    sizeof (unique_id_buff.ip));
+ 			}
+ 			else
+ 			{
+ memcpy((char*) hin, he-h_addr_list[0], 
+    sizeof (hin));
+ memcpy((char*) unique_id_buff.ip, 
+    (char*) (hin.s_addr),
+    sizeof (unique_id_buff.ip));
+ 			}
+ 		}
+ 		srandomdev();
+ 		unique_id_buff.counter = (unsigned long) random();
+ 	}
+ 
+ 	gettimeofday(unique_id_buff.calltime, NULL);
+ 
+ 	rfc2045_encode_start(encodeInfo, base64, write_unique_bytes, rp);
+ 	rfc2045_encode(encodeInfo, (char*) unique_id_buff, 
+ 		   UNIQUE_BUFFER_SIZE);
+ 	rfc2045_encode_end(encodeInfo);
+ 	*rp = 0;
+ 
+ 	// It doesn't matter if the following increment overflows,
+ 	// because that will only be a problem if this routine is called
+ 	// 2**32 times within a single microsecond. By the time systems
+ 	// are fast enough for this to happen, we should refactor this
+ 	// routine.
+ 
+ 	unique_id_buff.counter = 
+ 		reverse_bytes(reverse_bytes(unique_id_buff.counter) + 1);
+ 
+ 	return (result);
+ }
+ 
  static void getrcpts(struct rw_info *rwi)
  {
  struct mailfrominfo *mf=(struct mailfrominfo *)rwi-udata;
***
*** 1087,1092 
--- 1223,1232 
  		line += identinfo;
  		line += ')';
  	}
+ 
+ 	// Now, always insert a unique ID
+ 	line += \n  id ;
+ 	line += unique_id();
  
  	line += \n  by ;
  	line += config_me();

[courier-users] Rejection/re-insertion methodology howto?

2004-02-12 Thread David Bruha 
Hi,
I am now fighting my way through configuring courier-mta with virus and
spam filtering and I must admit I lack some good documentation for that.

I have read about the rejection/re-insertion metodology and would like
to ask you if you could enlighten me about it a little bit more. As far
as I understand it, its' a method where courier accepts an email on one
port (25) then forwards it to a global filtering program. This program
then makes any tests necessary and (if the message is ok) re-sends the
message to courier to another port. Is that correct? Could anyone show
me a functional example, please?

Best regards,

David.



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] can't find root@www.my-domain.com

2004-02-12 Thread Jeff Jansen 
On Thursday 12 February 2004 13:19, Eric Livingston wrote:
 Yet, I get error messages emailed to me with 550 errors, saying that
 [EMAIL PROTECTED] is an unknown user.

 What am I missing? My aliases file started with:

 root: postmaster

If you'll forgive one of those maybe you missed the obvious type questions, 
is postmaster a defined local user?

Jeff Jansen



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] IMAP/POP-SSL and Comodo Certificates

2004-02-12 Thread Stefan Hornburg 
Hello,

I would like to know how to use Comodo SSL certificates with Courier
POP/IMAP etc. Setting up Apache to recognize this is a no-brainer ...

For Courier I did the following steps:

- put the Comodo root certificates into /usr/lib/courier/rootcerts alongside
  with the shipped one
- run c_rehash on this directory
- put the certificate and the private key for the mail domain into 
/etc/courier/imapd.pem
- restart courier-imap-ssl

Running:

openssl s_client -connect mail.myhost.net:imaps -CApath /usr/lib/courier/rootcerts/

on the mail server shows Verify: 0.

Is anything alright now ? Are there any mail clients (preferably for Linux) which
show the SSL certificate (chain) ?

Racke

-- 
LinuXia Systems = http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP = http://www.icdevgroup.org/
Interchange Development Team



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

RE: [courier-users] Re: My Modest Proposal

2004-02-12 Thread Malcolm Weir 
 -Original Message-
 From: Lloyd Zusman
 Sent: Thursday, February 12, 2004 4:15 AM

[ Snip ]

 And as for this patch itself, remember that it consists 
 solely of putting a unique id field into the Received 
 header.  This is a minor change, and it mirrors what some 
 other MTA's already do.  Even if we don't end up using this 
 to facilitate the methodology that I outlined in my Modest 
 Proposal, it still is a useful feature in and of itself.

I think overall I agree with Lloyd here that this proposal is both low cost
and generally beneficial, which is more than one can say about the other
schemes discussed!

And if the unique ID is kept simple (I've received Lloyd's patch, but
haven't yet had a chance to look at the code, so I don't know how simple it
is) it seems to me that, say, adding the ID to the maillog would have some
nice consequences for admins.

With only a little thought, it seems to me that a 12 byte ID (encoded
base64, naturally, for a 16 character string) would do the trick: IP and
socket from which the thing arrived, 32 bit time-in-seconds, and a 16 bit
iterating counter (to disambiguate messages received through the same socket
during the same second; 64K messages/sec should be fine).  Spoofing can be
prevented by positioning: only the first (or last, whichever is easier) ID
header would count, just as only the last Received-From: can be trusted.

This approach (having Courier add an ID) seems to have the virtue that those
who don't care about rewriting (i.e. those for whom the current
globalfilter/locafilter scheme works sufficiently well) aren't penalized
much by the new header, while those that want/need sophisticated
globalfiltering pay whatever price is necessary for their requirements.


  Lloyd Zusman
  [EMAIL PROTECTED]

Malc.



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] can't find root@www.my-domain.com

2004-02-12 Thread Eric Livingston 
- Original Message - 
From: Jeff Jansen [EMAIL PROTECTED]
To: Courier Users List [EMAIL PROTECTED]
Sent: Thursday, February 12, 2004 10:26 AM
Subject: Re: [courier-users] can't find [EMAIL PROTECTED]


 On Thursday 12 February 2004 13:19, Eric Livingston wrote:
  Yet, I get error messages emailed to me with 550 errors, saying that
  [EMAIL PROTECTED] is an unknown user.
 
  What am I missing? My aliases file started with:
 
  root: postmaster

 If you'll forgive one of those maybe you missed the obvious type
questions,
 is postmaster a defined local user?

 Jeff Jansen

I have an alias for postmaster, like this:

postmaster: eric

This appears near the bottom and seems to work in general, as several other
aliases that point to postmaster do wind up getting to my account just fine.



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Re: My Modest Proposal

2004-02-12 Thread Jon Nelson 
On Thu, 12 Feb 2004, Lloyd Zusman wrote:

 Well, from what I know about the structure of Courier, it would take
 a lot of refactoring to allow the modification of messages during
 a global filter.  That's because the message file that we see during
 this step is a temporary file.  The real message file has not yet
 been created, as far as I know.

 You can see the sequence of events that take place during message
 processing here:  http://www.courier-mta.org/queue.html

I don't think that's quite accurate.  My understanding of that same
document is that we are operating on the same exact message that ends up
being processed by courierd, but it's *current name* is such that
courerd ignores it until submit renames it.  However, it's not like when
filtering is done, submit creates *another* copy of the message, it's
just renamed.

 And as for this patch itself, remember that it consists solely of
 putting a unique id field into the Received header.  This is a minor
 change, and it mirrors what some other MTA's already do.  Even if we
 don't end up using this to facilitate the methodology that I outlined in
 my Modest Proposal, it still is a useful feature in and of itself.

To me, it's just a hack.  Sorry, but that's how I feel.

  I've seen people running filters twice to do rejection and modification
  separately - maybe before embarcing on this you might want to do some
  benchmarks?

 I fully intend to perform some benchmarks to _compare_ the
 rejection/re-insertion idea with my proposed methodology.  I can only do
 this once I have written the code outlined in my proposal.  This will
 be completed in a few days, at which time I'll run the benchmarks and
 post the results here ... as well as my patch and code.

I think that's a great idea!  However, my suggestion would be to use
submit to your advantage here.  The submit protocol is well documented
somewhere (I read it for over an hour the other night) and while a
little unwieldy IMO it also seems like the best way to do injection.

I come from a qmail background, and it seems to me that 'submit' takes
the place of qmail-inject and qmail-queue.  It also seems like there
might be some benefit to writing a qmail-inject-like wrapper for submit.

--
Ensign Walnut approaches Dr. Crusher with caution...

Jon Nelson [EMAIL PROTECTED]
C and Python Code Gardener


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Rejection/re-insertion methodology howto?

2004-02-12 Thread Jon Nelson 
On Thu, 12 Feb 2004, David Bruha wrote:

 Hi,
 I am now fighting my way through configuring courier-mta with virus and
 spam filtering and I must admit I lack some good documentation for that.

 I have read about the rejection/re-insertion metodology and would like
 to ask you if you could enlighten me about it a little bit more. As far
 as I understand it, its' a method where courier accepts an email on one
 port (25) then forwards it to a global filtering program. This program
 then makes any tests necessary and (if the message is ok) re-sends the
 message to courier to another port. Is that correct? Could anyone show
 me a functional example, please?


I don't think that's quite right.  IIRC, it goes like this (I'm
probably wrong):

submit creates the control and data files in the temp queue.  These
are named in such a way that courierd doesn't pay attention to them.

Then, filtering takes place.  Note that one end of submit is still
talking to the sender (let's say esmtpd) and the other end is the
filtering stuff.  That's how (I think) the filtering messages get back
to the smtp dialog.  I'm probably way off base here.  Anyway, after
filtering is done, submit renames the control and data files and signals
courierd, and exits.

Mr. Sam: could you please give us a detailed process overview as to
how messages go from (say, esmtpd) through submit, through the global
filters, and then the final signaling of courierd?  If the queue docs on
courier-mta.org are close but a bit out of date (I don't see /any/
mention of global filtering there) I'm sure many of us would appreciate
an update somehwere.

I am willing to help out, but I need some pointers as to /where/ in the
process filtering happens, and which files are responsible.

Also, a reason why courier can't allow the modification of messages in
global filters would be cool, and if you could point us to the source
files relevant to that area I'm sure we'd all appreciate it.


--
Ensign Walnut approaches Dr. Crusher with caution...

Jon Nelson [EMAIL PROTECTED]
C and Python Code Gardener


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

RE: [courier-users] My Modest Proposal

2004-02-12 Thread Mitch \(WebCob\) 
Me too. If it's still a long way off, then maybe this is the way to go - on
the other hand if Sam can provide some guidance as to where one would have
to look to start making such a change - and perhaps what the bigger
challenges are, then maybe we can amass enough effort amounst us to make it
happen - eh?

m/

 -Original Message-
 From: Derrick T. Woolworth [mailto:[EMAIL PROTECTED]
 Sent: Thursday, February 12, 2004 12:43 AM
 To: Mitch (WebCob)
 Cc: Lloyd Zusman; [EMAIL PROTECTED]
 Subject: RE: [courier-users] My Modest Proposal


 I think its important to the evolution of Courier that it
 eventually support
 modification of messages from any courierfilter.  I've never
 quite understood
 why this isn't allowed - possibly a filesize issue, security?  I
 would only be
 guessing, but in the grand scheme of things I'm sure there's a
 lot of folks
 that would love this ability.

 I'd like to hear from Sam regarding the effort to make this
 modification and
 perhaps why its so long in coming?

 Thanks,

 D

 --
 Derrick T. Woolworth
 RD Technology, LLC.
 6701 W. 121st, Suite 310
 Overland Park, KS 66209
 Phone: (913) 491-0345
 Fax:   (913) 491-1645


 Quoting Mitch (WebCob) [EMAIL PROTECTED]:

 | Hi Lloyd.
 |
 | Would like to hear what others think including Sam - but it
 sounds like the
 | best of a bad situation to me. I wonder how the effort and
 overhead you are
 | making compare with a patch to courier that would allow modification of
 | message files during global filtering. Although such an option
 may lower the
 | efficiency of delivery perhaps if submitted as a compile time option it
 | could be acceptable for inclusion in the distribution.
 |
 | Personally, I make my hacks as a last resort after trying to ellicit
 | support, as maintaining them - particularly when dependancies
 on the core
 | software may not be broken with future versions.
 |
 | I've seen people running filters twice to do rejection and modification
 | separately - maybe before embarcing on this you might want to do some
 | benchmarks?
 |
 | Just a few thoughts.
 |
 | m/
 |
 |  -Original Message-
 |  From: [EMAIL PROTECTED]
 |  [mailto:[EMAIL PROTECTED] Behalf Of Lloyd
 |  Zusman
 |  Sent: Wednesday, February 11, 2004 5:21 AM
 |  To: [EMAIL PROTECTED]
 |  Subject: [courier-users] My Modest Proposal
 | 
 | 
 |  In one or two other threads, I mentioned a Modest Proposal for a small
 |  change in Courier.  I'm about to start work on a patch and a piece of
 |  add-on software that implement this proposal, and so I want
 to describe
 |  it here, in a bit more detail.
 | 
 |  The problem I'm trying to solve is this: for reasons of efficiency,
 |  Courier's global filters cannot modify messages.  Only local
 filters can
 |  do that.  Because a global filter can cause an immediate
 failure during
 |  the SMTP dialog, there are some functions that are best
 performed during
 |  a global filter.  But some of these functions make minor
 changes to the
 |  message, such as the addition of header fields.  SPF is one such
 |  function.
 | 
 |  The recommended solution for this, namely having the global filter
 |  modify the control file in order to block message delivery and then
 |  re-injecting a modified version of the message, is cumbersome,
 |  inelegant, overly complex, and probably inefficient.
 | 
 |  Therefore, I propose the following:
 | 
 |  A small change is made to Courier (probably only a few lines
 of code in
 |  submit.C) which will cause a unique ID to be put into the Received:
 |  header for every message that Courier processes.  Because this ID will
 |  be visible both during global and local filtering, it
 provides a way to
 |  match a message going through a local filter with its predecessor that
 |  might have gone through a global filter.  This allows state
 information
 |  to be maintained for the life of a message through the local
 and global
 |  filters.
 | 
 |  I propose the generation of this unique ID instead of using the
 |  Message-ID header, because we cannot count on Message-ID being totally
 |  unique.
 | 
 |  How does this solve the problem that I mentioned above?
 Well, a global
 |  filter that wants to change a message can create an entry in a data
 |  store using this unique ID as a key.  In this entry will be
 some sort of
 |  description of the change.  Later, when the message passes through the
 |  local filter, the data store is accessed and the entry is looked up by
 |  means of this same unique ID.  The local filter then interprets this
 |  data and makes whatever modification is necessary to the message.
 | 
 |  As an adjunct to this small patch to (probably) submit.C, I will also
 |  write a package that can be used within global and local filters to
 |  manage this data store.  Since I'm using courier-pythonfilter for my
 |  global filtering, I will write this adjunct package in Python.  Of
 |  course, there is no requirement to use this package.  Many people
 |  will just want to

Re: [courier-users] can't find root@www.my-domain.com

2004-02-12 Thread Jeff Jansen 
On Thursday 12 February 2004 15:49, Eric Livingston wrote:
 I have an alias for postmaster, like this:

 postmaster: eric

 This appears near the bottom and seems to work in general, as several other
 aliases that point to postmaster do wind up getting to my account just
 fine.

run makealiases -dump | sort and make sure that you see an alias

[EMAIL PROTECTED]:  [EMAIL PROTECTED]

The actual domain will be the contents of your /etc/courier/defaultdomain file 
or the me file if that doesn't exist.

Jeff Jansen



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Re: My Modest Proposal

2004-02-12 Thread Lloyd Zusman 
Malcolm Weir [EMAIL PROTECTED] writes:

 -Original Message-
 From: Lloyd Zusman
 Sent: Thursday, February 12, 2004 4:15 AM

 [ Snip ]

 And as for this patch itself, remember that it consists 
 solely of putting a unique id field into the Received 
 header.  This is a minor change, and it mirrors what some 
 other MTA's already do.  Even if we don't end up using this 
 to facilitate the methodology that I outlined in my Modest 
 Proposal, it still is a useful feature in and of itself.

 I think overall I agree with Lloyd here that this proposal is both low cost
 and generally beneficial, which is more than one can say about the other
 schemes discussed!

 And if the unique ID is kept simple (I've received Lloyd's patch, but
 haven't yet had a chance to look at the code, so I don't know how simple it
 is) it seems to me that, say, adding the ID to the maillog would have some
 nice consequences for admins.

 With only a little thought, it seems to me that a 12 byte ID (encoded
 base64, naturally, for a 16 character string) would do the trick: IP and
 socket from which the thing arrived, 32 bit time-in-seconds, and a 16 bit
 iterating counter (to disambiguate messages received through the same socket
 during the same second; 64K messages/sec should be fine).  Spoofing can be
 prevented by positioning: only the first (or last, whichever is easier) ID
 header would count, just as only the last Received-From: can be trusted.

This is always the topmost Received header.  submit writes that
header on top of the message before calling the global filter.

I use the following for my unique ID, encoded into base 64:

  32-bit IP address
  32-bit PID of submit (some systems use more than 16 bits for this)
  64-bit time from gettimeofday() [down to microseconds]
  32-bit incrementing counter

I don't know that it's possible to find out the original socket ID from
within the submit program (which is the sole program I patched) ...
submit is the program which adds the Received header, and it always
reads the message from stdin.

Hmm ... I now realize that I don't need the incrementing counter, since
there will be only one message processed per call to submit.  I will
remove it from my code and repost another patch once I test it.


 This approach (having Courier add an ID) seems to have the virtue that
 those who don't care about rewriting (i.e. those for whom the current
 globalfilter/locafilter scheme works sufficiently well) aren't
 penalized much by the new header, while those that want/need
 sophisticated globalfiltering pay whatever price is necessary for
 their requirements.

Yes.  Those are my main design goals.


-- 
 Lloyd Zusman
 [EMAIL PROTECTED]



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] IMAP/POP-SSL and Comodo Certificates

2004-02-12 Thread Bill Taroli 
I've had my Courier 0.44 install using Comodo certs -- that I also first 
used with apache -- working fine for a while now. The trick is that you 
have to split the certificate from the trusted certs. The cert for my 
domain (kept in /usr/lib/courier/share) was supplied in the config using 
TLS_CERTFILE and the *trusted* certs were stored and referenced in 
TLS_TRUSTCERTS.

that's all there was to it.

Stefan Hornburg wrote:

Hello,

I would like to know how to use Comodo SSL certificates with Courier
POP/IMAP etc. Setting up Apache to recognize this is a no-brainer ...
For Courier I did the following steps:

- put the Comodo root certificates into /usr/lib/courier/rootcerts alongside
 with the shipped one
- run c_rehash on this directory
- put the certificate and the private key for the mail domain into 
/etc/courier/imapd.pem
- restart courier-imap-ssl
Running:

openssl s_client -connect mail.myhost.net:imaps -CApath /usr/lib/courier/rootcerts/

on the mail server shows Verify: 0.

Is anything alright now ? Are there any mail clients (preferably for Linux) which
show the SSL certificate (chain) ?
	Racke

 



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

RE: [courier-users] Re: My Modest Proposal

2004-02-12 Thread Mitch \(WebCob\) 
 I think that's a great idea!  However, my suggestion would be to use
 submit to your advantage here.  The submit protocol is well documented
 somewhere (I read it for over an hour the other night) and while a
 little unwieldy IMO it also seems like the best way to do injection.

 I come from a qmail background, and it seems to me that 'submit' takes
 the place of qmail-inject and qmail-queue.  It also seems like there
 might be some benefit to writing a qmail-inject-like wrapper for submit.

I like that idea... wonder how hard it would be.

One side note though - a word of warning. SpamAssassin looks at received
headers and ALREADY fails to properly recognize courier's format - as a
result mail received locally from an authenticated user is not detected as
such and may be penalized for coming from a black hole listed IP

I've submitted a bug report and been told that it MAY be fixed by version
2.70 - doing this could likely derail this header test again, so if you use
SA you may have to code to skip it for locally authenticated users (which is
probably an efficient idea anyways...)

Looking forward to the benchmarks - and also secretly wanting to try
modifying a message file to see what happens. Maybe we misunderstood Sam -
it is possible a modification could be ok as long as it doesn't corrupt the
mime envelope?? Just a thought...

m/



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Re: My Modest Proposal

2004-02-12 Thread Lloyd Zusman 
Mitch \(WebCob\) [EMAIL PROTECTED] writes:

 [ ... ]

 Looking forward to the benchmarks - and also secretly wanting to try
 modifying a message file to see what happens. Maybe we misunderstood Sam -
 it is possible a modification could be ok as long as it doesn't corrupt the
 mime envelope?? Just a thought...

 m/

Well, I wish we did misunderstand, but we didn't.  It's definitely and
postively impossible to modify the message file during a global filter
and for those changes to end up in the delivered message.  Try it.

- Lloyd

-- 
 Lloyd Zusman
 [EMAIL PROTECTED]
 God bless you.


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Rejection/re-insertion methodology howto?

2004-02-12 Thread David Bruha 
Hmm - that's interesting. Really could use more documentation to this
topic (scheme, more about the filters). A Howto would be excellent. ;)

Regards,
David.

V t, 12. 02. 2004 v 17:22, Jon Nelson pe:
 On Thu, 12 Feb 2004, David Bruha wrote:

  Hi,
  I am now fighting my way through configuring courier-mta with virus and
  spam filtering and I must admit I lack some good documentation for that.
 
  I have read about the rejection/re-insertion metodology and would like
  to ask you if you could enlighten me about it a little bit more. As far
  as I understand it, its' a method where courier accepts an email on one
  port (25) then forwards it to a global filtering program. This program
  then makes any tests necessary and (if the message is ok) re-sends the
  message to courier to another port. Is that correct? Could anyone show
  me a functional example, please?


 I don't think that's quite right.  IIRC, it goes like this (I'm
 probably wrong):

 submit creates the control and data files in the temp queue.  These
 are named in such a way that courierd doesn't pay attention to them.

 Then, filtering takes place.  Note that one end of submit is still
 talking to the sender (let's say esmtpd) and the other end is the
 filtering stuff.  That's how (I think) the filtering messages get back
 to the smtp dialog.  I'm probably way off base here.  Anyway, after
 filtering is done, submit renames the control and data files and signals
 courierd, and exits.

 Mr. Sam: could you please give us a detailed process overview as to
 how messages go from (say, esmtpd) through submit, through the global
 filters, and then the final signaling of courierd?  If the queue docs on
 courier-mta.org are close but a bit out of date (I don't see /any/
 mention of global filtering there) I'm sure many of us would appreciate
 an update somehwere.

 I am willing to help out, but I need some pointers as to /where/ in the
 process filtering happens, and which files are responsible.

 Also, a reason why courier can't allow the modification of messages in
 global filters would be cool, and if you could point us to the source
 files relevant to that area I'm sure we'd all appreciate it.


 --
 Ensign Walnut approaches Dr. Crusher with caution...

 Jon Nelson [EMAIL PROTECTED]
 C and Python Code Gardener


 ---
 SF.Net is sponsored by: Speed Start Your Linux Apps Now.
 Build and deploy apps  Web services for Linux with
 a free DVD software kit from IBM. Click Now!
 http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
 ___
 courier-users mailing list
 [EMAIL PROTECTED]
 Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users





---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56alloc_id438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] EMTPD Blacklist A Record setting

2004-02-12 Thread Drew Gibson 
Quick question re- blacklists...

the webadmin page lists the 'A' Record setting as optional for a 
particular blacklist zone,

Is the Courier default 127.0.0.2  or any record?

(spamhaus.org have a combined lookup that may return 127.0.0.2 or 
127.0.0.4)

regards,

Drew



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Making user names case-insensitive?

2004-02-12 Thread Flavio Stanchina 
Is there a way to tell Courier that user names should be treated as 
case-insensitive?

I know I should educate my users until they understand that email 
addresses are case-sensitive, but until then...

--
Ciao,
Flavio Stanchina
Trento - Italy


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Odd sendmail issue

2004-02-12 Thread Anand Buddhdev 
On Thu, Feb 12, 2004 at 02:19:43PM -0800, Bill Taroli wrote:

 There is probably an obvious fix for this, but I'm noticing that emails 
 to a particular domain are failing. I'm receiving the following in the 
 diagnostics output:
 
 I0 P mail.sarc.org [207.215.13.60]
 I0 S STARTTLS
 I0 T smtp
 I0 R 454 4.3.3 TLS not available
 
 I checked to confirm that the *_TLS_REQUIRED option is NOT set in my 
 config files, except for emstpd-msa (for secure access for clients that 
 login in remote and relay). So what might be happening here?

The TLS_REQUIRED option refers to the esmtp *server* of courier. But
that's not your problem. Your problem is that the courier esmtp
*client* is seeing STARTTLS in the list of capabilities advertised by
the remote host, trying to use TLS, and failing because the remote
host doesn't actually support TLS despite advertising it. The remote
host is misconfigured.

You can override this in 2 ways:

1. Stop the esmtp client from trying TLS completely by disabling it in
the courierd control file.

2. Use the esmtproutes file to selectively disable TLS for certain
domains. Read the manual pages for details.

-- 
Anand Buddhdev


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Making user names case-insensitive?

2004-02-12 Thread Anand Buddhdev 
On Thu, Feb 12, 2004 at 11:33:45PM +0100, Flavio Stanchina wrote:

 Is there a way to tell Courier that user names should be treated as 
 case-insensitive?
 
 I know I should educate my users until they understand that email 
 addresses are case-sensitive, but until then...

man courier, and search for locallowercase

-- 
Anand Buddhdev


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Making user names case-insensitive?

2004-02-12 Thread Phillip Hutchings 
touch $COURIER_PREFIX/etc/locallowercase

On 13/02/2004, at 11:33 AM, Flavio Stanchina wrote:

Is there a way to tell Courier that user names should be treated as 
case-insensitive?

I know I should educate my users until they understand that email 
addresses are case-sensitive, but until then...
--
Phillip Hutchings
[EMAIL PROTECTED]
http://www.sitharus.com/


smime.p7s
Description: S/MIME cryptographic signature

[courier-users] unimportant authmysqlrc question

2004-02-12 Thread P.R. 
Hi

This is just a question out of curiosity, not a problem:

The sql database has a field home, with an absolute path to the
(virtual) home directory, e.g. /var/mail/directory/account
Is there a way to tell the authmysqlrc that there is a prefix which has
to be put before every home directory?

My idea was something like this

TMP_VAR home
MYSQL_HOME_FIELD/var/mail/$TMP_VAR

in the authmysqlrc

which for example would it make easy to migrate a whole Maildir
structure from /var to /tmp or /home.
(of course it is probably as easy to change the columns in the mysql
database - i am really just curious)

I have no scripting experience and I don't know which would be the
correct expression (maybe without the TMP_VAR-Variable) 

Greetings and thanks
Peter


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Re: My Modest Proposal

2004-02-12 Thread Sam Varshavchik 
Jon Nelson writes:

I come from a qmail background, and it seems to me that 'submit' takes
the place of qmail-inject and qmail-queue.  It also seems like there
might be some benefit to writing a qmail-inject-like wrapper for submit.
Submit takes place of qmail-queue.  sendmail takes place of qmail-inject.  
It's not an exact match, but that's the rough roles that they play.




pgp0.pgp
Description: PGP signature

[courier-users] Re: My Modest Proposal

2004-02-12 Thread Sam Varshavchik 
Derrick T. Woolworth writes:

I think its important to the evolution of Courier that it eventually support 
modification of messages from any courierfilter.  I've never quite understood 
why this isn't allowed - possibly a filesize issue, security?  I would only be 
guessing, but in the grand scheme of things I'm sure there's a lot of folks 
that would love this ability.

I'd like to hear from Sam regarding the effort to make this modification and 
perhaps why its so long in coming?
There are other things that take priority.  I'm only one person, and I have 
a day job that pays the bills.  Naturally, things need to be prioritized.



pgp0.pgp
Description: PGP signature

Re: [courier-users] Odd sendmail issue

2004-02-12 Thread Bill Taroli 




Other than having to specify an MX for a domain I don't administer,
this worked great. Thanks!

Anand Buddhdev wrote:

  On Thu, Feb 12, 2004 at 02:19:43PM -0800, Bill Taroli wrote:

  
  
There is probably an obvious fix for this, but I'm noticing that emails 
to a particular domain are failing. I'm receiving the following in the 
diagnostics output:

I0 P mail.sarc.org [207.215.13.60]
I0 S STARTTLS
I0 T smtp
I0 R 454 4.3.3 TLS not available

I checked to confirm that the *_TLS_REQUIRED option is NOT set in my 
config files, except for emstpd-msa (for secure access for clients that 
login in remote and relay). So what might be happening here?

  
  
The TLS_REQUIRED option refers to the esmtp *server* of courier. But
that's not your problem. Your problem is that the courier esmtp
*client* is seeing STARTTLS in the list of capabilities advertised by
the remote host, trying to use TLS, and failing because the remote
host doesn't actually support TLS despite advertising it. The remote
host is misconfigured.

You can override this in 2 ways:

1. Stop the esmtp client from trying TLS completely by disabling it in
the courierd control file.

2. Use the esmtproutes file to selectively disable TLS for certain
domains. Read the manual pages for details.

  





---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356_id=3438=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Message submission process (Re: Rejection/re-insertion methodology howto?)

2004-02-12 Thread Sam Varshavchik 
Jon Nelson writes:


Mr. Sam: could you please give us a detailed process overview as to
how messages go from (say, esmtpd) through submit, through the global
filters, and then the final signaling of courierd?  If the queue docs on
courier-mta.org are close but a bit out of date (I don't see /any/
mention of global filtering there) I'm sure many of us would appreciate
an update somehwere.
The queue docs are slightly dated, but they are mostly correct.  95% of the 
essential stuff in them hasn't changed.

The submit process is responsible for inserting a new message into the mail 
queue.  submit gets invoked by sendmail, courieresmtpd, or the courierdsn 
modules, as a child process.

It receives the necessary information it needs through a combination of 
command line options, environment variables, and standard input and output. 
The message itself is read from standard input, and saved in what eventually 
will be message's data file.  The message's control file is created at the 
same time.  The actual mechanics of creating and naming the files is still 
what the docs say it is.

The reason why a global filter cannot modify the message is because the 
submit process creates a data structure in memory, in parallel.  The data 
structure describes the starting position and the ending position of each 
logical entity within the message: where the headers and the message body 
begins and ends.  If the message contains MIME attachments each MIME 
attachment is also described as well.

This structure is needed in the even the submit process feels it necessary 
to rewrite the message.  A message may be rewritten for several reasons.  
The most common one would be to provide default values for MIME headers.  If 
you have a system script that runs a jobs and mails its output, and your 
system uses the iso-8859-1 character set natively, then chances are that 
your system script will not bother to supply the MIME header that specifies 
that the messages uses the iso-8859-1 character set.  Well, submit will do 
that for you, in this case.

The reason that external filters cannot modify the message is because doing 
so will throw off the internal data structure that describes the logical 
structure of the message, which is relied upon in order for submit to 
rewrite the message properly.  You do that, and submit is going to spit out 
complete crap.

And the reason that filtering cannot occur before the data structure is 
parsed is for efficiency's sake.  The message's structure is parsed in one 
sweep.  And it is done at the same time submit reads the message from 
standard input.

Rather than reading the message from standard input, saving it in a file, 
then reopening the file and reading the message again in order to parse it 
into its logical components, everything is done in one shot.  As submit 
reads the message and saves it in the data file, it simultaneously parses it 
at the same time, at virtually no additional cost.

The above should be sufficient to explain why global filters cannot touch 
the message.

Not that it's impossible to do this, but it is more than a trivial change or 
an addition, and will require some non-trivial effort to do that in an 
efficient manner.



pgp0.pgp
Description: PGP signature

RE: [courier-users] Making user names case-insensitive?

2004-02-12 Thread Mitch \(WebCob\) 
search for locallowercase in the manual. The restriction is that ALL your
user names and aliases MUST be in lower case... then all mixed case names
will be converted to lower case before matching and local delivery.

hth

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Flavio
 Stanchina
 Sent: Thursday, February 12, 2004 2:34 PM
 To: [EMAIL PROTECTED]
 Subject: [courier-users] Making user names case-insensitive?


 Is there a way to tell Courier that user names should be treated as
 case-insensitive?

 I know I should educate my users until they understand that email
 addresses are case-sensitive, but until then...

 --
 Ciao,
  Flavio Stanchina
  Trento - Italy




 ---
 SF.Net is sponsored by: Speed Start Your Linux Apps Now.
 Build and deploy apps  Web services for Linux with
 a free DVD software kit from IBM. Click Now!
 http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
 ___
 courier-users mailing list
 [EMAIL PROTECTED]
 Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users




---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Re: IMAP/POP-SSL and Comodo Certificates

2004-02-12 Thread Sam Varshavchik 
Stefan Hornburg writes:

Hello,

I would like to know how to use Comodo SSL certificates with Courier
POP/IMAP etc. Setting up Apache to recognize this is a no-brainer ...
For Courier I did the following steps:

- put the Comodo root certificates into /usr/lib/courier/rootcerts alongside
  with the shipped one
- run c_rehash on this directory
- put the certificate and the private key for the mail domain into 
/etc/courier/imapd.pem
- restart courier-imap-ssl
Try converting Comodo's cert to PEM, and appending it to imapd.pem



pgp0.pgp
Description: PGP signature

[courier-users] ESMTP Authentication problems

2004-02-12 Thread John BOSSERT 
Current issue - setting up ESMTP to use (simple) authentication.

ESMTP is showing me:

220 hermes.unifiedsignal.com ESMTP
250-Requested mail action okay, completed
250-8BITMIME
250 SIZE
No mention of:

250-AUTH LOGIN DIGEST-MD5 CRAM-MD5 PLAIN

(I wouldn't expect to see DIGEST-MD5 or PLAIN, per ESMTPAUTH below)

etc/courier/esmtpd contains (otherwise identical to esmtpd.dist):

AUTH_REQUIRED=1
AUTHMODULES=authdaemon
ESMTPAUTH=LOGIN CRAM-MD5
ESMTPDSTART=YES
What am I missing/where should I look?

--
John BOSSERT
[EMAIL PROTECTED]




---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

RE: [courier-users] Message submission process (Re: Rejection/re-insertion methodology howto?)

2004-02-12 Thread Mitch \(WebCob\) 
Hey Sam - Thanks!

I think I understand a lot better, and imagine others do too... And of
course if it isn't said often enough - we appreciate that you have a day job
too and that there are always priorities... Now, for those of use who want
to hack... I have a counter proposal...

First the long term (perhaps nirvana like) and then the short term hack.

Long term, it would be nice if a filter could signal - perhaps by exit code,
that the structure needed to be reread and reparsed before continuing. On
returning a certain exit code, courier could know that an acceptance was
given, but that the message was changed, and force an rebuild of the memory
structure you mentioned, using the message file as source. There may be a
more efficent way to do it, such as distinguishing between header only vs.
body mods, etc., but at least this would make the reparsing overhead only a
burden to those of us who need it - and it would still be better than
resending - right?

Short term hack:

So we can only make a change if it doesn't alter the position or structure
of existing data. That's the key. So lets do just that. Define a buffer
size, intended to be large enough to record whatever information you want to
modify in a filter Then, much like Lloyd has suggested, path submit.
Submit will now create a new header:

X-Filter-Info: XX
 
 

You could of course substiture X for any character you like - so long as it
doesn't break mail header standards. Then, you could wrap your arbitrary
filter data in base64, pad with X's, and replace the old header installed by
submit.

No message structure alteration, and an editable payload. Could even be done
multiple times as needed for diferent filters or purposes - create as many
place holder padded headers as needed - in fact this could be done
generically, by including this value from the config file - so that a
recompile isn't needed to change the headers As submit starts it could
append a value from /etc/addheaders to the message.

Anyone like this idea? Gets us to the editable header stage a lot quicker,
without as much overhead doesn't it?

Would I screw something up doing this?

Sam: Thanks again for your efforts and the explanation.

m/



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message submission process (Re: Rejection/re-insertion methodology howto?)

2004-02-12 Thread Markus Wernig 
On Thu, 12 Feb 2004 19:22:37 -0500
Sam Varshavchik [EMAIL PROTECTED] diligently divulged:

 The submit process is responsible for inserting a new message into the mail 
 queue.  submit gets invoked by sendmail, courieresmtpd, or the courierdsn 
 modules, as a child process.
 [...]
 Not that it's impossible to do this, but it is more than a trivial change or 
 an addition, and will require some non-trivial effort to do that in an 
 efficient manner.
 
 

Hello Sam and thank you for the thorough explanation.

Does submit then connect to the globalfilter (run_filter in submit2.C)? In that case I 
would propose to implement a simple protocol on the socket where submit waits for any 
additional information from the filter (as it seems to be waiting for the smtp 
response code on a pipe) that it then could insert into the memory structure it still 
has at hand. I suppose this would be in cdfilters.C and submit2.C. Correct?

tia /markus


pgp0.pgp
Description: PGP signature

RE: [courier-users] Odd sendmail issue

2004-02-12 Thread Malcolm Weir 
 
 -Original Message-
 From: Anand Buddhdev
 Sent: Thursday, February 12, 2004 3:09 PM

  There is probably an obvious fix for this, but I'm noticing that 
  emails to a particular domain are failing. I'm receiving 
  the following in the diagnostics output:
  
  I0 P mail.sarc.org [207.215.13.60]
  I0 S STARTTLS
  I0 T smtp
  I0 R 454 4.3.3 TLS not available
  
  I checked to confirm that the *_TLS_REQUIRED option is NOT 
  set in my 
  config files, except for emstpd-msa (for secure access for clients 
  that login in remote and relay). So what might be happening here?
 
 The TLS_REQUIRED option refers to the esmtp *server* of 
 courier. But that's not your problem. Your problem is that 
 the courier esmtp
 *client* is seeing STARTTLS in the list of capabilities 
 advertised by the remote host, trying to use TLS, and failing 
 because the remote host doesn't actually support TLS despite 
 advertising it. The remote host is misconfigured.

... And is likely a MS Exchange server without its security certificates
properly installed.

There is a known bug with Exchage in that it will advertise capabilities
that it subsequently decides it can't fulfill.


 You can override this in 2 ways:
 
 1. Stop the esmtp client from trying TLS completely by 
 disabling it in the courierd control file.
 
 2. Use the esmtproutes file to selectively disable TLS for 
 certain domains. Read the manual pages for details.

3.  Persuading the other end that their server/certificates need attention.

Option 2 is probably the most efficient!


 Anand Buddhdev

Malc.



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Re: ESMTP Authentication problems

2004-02-12 Thread Sam Varshavchik 
John BOSSERT writes:

Current issue - setting up ESMTP to use (simple) authentication.

ESMTP is showing me:

220 hermes.unifiedsignal.com ESMTP
250-Requested mail action okay, completed
There is no such message Requested mail action okay, completed in Courier.

Whatever this is, it's not Courier.



pgp0.pgp
Description: PGP signature

[courier-users] Re: Message submission process (Re: Rejection/re-insertion methodology howto?)

2004-02-12 Thread Sam Varshavchik 
Markus Wernig writes:

On Thu, 12 Feb 2004 19:22:37 -0500
Sam Varshavchik [EMAIL PROTECTED] diligently divulged:
The submit process is responsible for inserting a new message into the mail
queue.  submit gets invoked by sendmail, courieresmtpd, or the courierdsn
modules, as a child process.
[...]
Not that it's impossible to do this, but it is more than a trivial change or
an addition, and will require some non-trivial effort to do that in an
efficient manner.

Hello Sam and thank you for the thorough explanation.

Does submit then connect to the globalfilter (run_filter in submit2.C)? In
Yes, it's submit that talks to filters.

that case I would propose to implement a simple protocol on the socket
where submit waits for any additional information from the filter (as it
seems to be waiting for the smtp response code on a pipe) that it then
could insert into the memory structure it still has at hand. I suppose
this would be in cdfilters.C and submit2.C. Correct?
Well, it's not as easy as inserting something into something else.  The
stuff in question is a hierarchical tree, that contains offsets, field
contents, etc


pgp0.pgp
Description: PGP signature

[courier-users] Prevent folder deletion

2004-02-12 Thread Matt 
I have an exim router that automatically handles spam for virtual users,
by delivering it to a Maildir/.Spam folder.  I would like to make this
folder undeletable, like the Trash to maintain the integrity of the exim
router.  Is there an easy way to do this, or is the Trash functionality
hard-coded?

Thanks

Matt



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Message submission process (Re: Rejection/re-insertion methodology howto?)

2004-02-12 Thread Jon Nelson 

I won't quote more than necessary, but I *would* like to say thanks for
clarifying.  That most certainly helps out.  I'm still a little unclear
as to where exactly global filters are invoked and played with, but
since I'm composing this email after having read a few responses (which
ask questions I myself would ask) I'll leave it at a simple Thanks!


--
Ensign Walnut approaches Dr. Crusher with caution...

Jon Nelson [EMAIL PROTECTED]
C and Python Code Gardener


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Failure running .make after configuring courier-imap

2004-02-12 Thread Jacobs, Andre 
Title: Failure running .make after configuring courier-imap






Hello,

 I am running into a wall. I am trying to configure and install courier-imap, to be used with postfix, which I successfully built and installed. My problem is that the make script is looking for openssl/ssl.h and err.h and rand.h. I have done everything possible to get this going. I have installed Openssl which is housed in /usr/local . The files that make is referencing are located in /usr/local/ssl/include/openssl, but no matter how I place this location in the path or CCPFLAGS env, I get stopped at the same place. I went into the Makefile in the tcpd directory and manually put in the path, but this did not work. I created links to the file in the /tcpd directory it did not take. Below is the output. What am I missing? I have RTFM and many searches but nothing.

Thanks,

Andre

My System: Sun Blade 100, 5.9 Solaris


bash-2.05$ make

make all-gmake-check FOO=BAR

Making all in numlib

make all-am

Making all in gdbmobj

make all-am

Making all in soxwrap

make all-am

Making all in unicode

make all-am

Making all in rfc822

make all-am

Making all in rfc2045

make all-am

Making all in random128

make all-am

Making all in md5

make all-am

Making all in sha1

make all-am

Making all in rfc1035

make all-am

Making all in liblock

make all-am

Making all in maildir

make all-am

Making all in makedat

make all-am

Making all in libhmac

make all-am

Making all in userdb

make all-am

Making all in authlib

make all-am

/bin/bash ./make-authdaemond.sh make 

`authdaemond.plain' is up to date.

`authdaemond.ldap' is up to date.

`authdaemond.mysql' is up to date.

Making all in waitlib

make all-am

Making all in tcpd

make all-am

Compiling tlspasswordcache.c

tlspasswordcache.c:9:25: openssl/ssl.h: No such file or directory

tlspasswordcache.c:10:25: openssl/err.h: No such file or directory

tlspasswordcache.c:11:26: openssl/rand.h: No such file or directory

*** Error code 1

make: Fatal error: Command failed for target `tlspasswordcache.o'

Current working directory /tmp/courier-imap-2.2.1/tcpd

*** Error code 1

make: Fatal error: Command failed for target `all'

Current working directory /tmp/courier-imap-2.2.1/tcpd

*** Error code 1

make: Fatal error: Command failed for target `all-recursive'

[courier-users] Re: Failure running .make after configuring courier-imap

2004-02-12 Thread Sam Varshavchik 
Jacobs, Andre writes:

 HTML content follows 
Failure running .make after configuring courier-imap
Hello,

 I am running into a wall. I am trying to configure and install
courier-imap, to be used with postfix, which I successfully built and
installed. My problem is that the make script is looking for openssl/ssl.h
and err.h and rand.h. I have done everything possible to get this going. I
have installed Openssl which is housed in /usr/local . The files that make
is referencing are located in /usr/local/ssl/include/openssl, but no
matter how I place this location in the path or CCPFLAGS env, I get
You should use

CPPFLAGS=-I/usr/local/ssl/include
export CPPFLAGS
./configure [options]
You may also need to use LDFLAGS, depending upon where openssl's libraries
are installed.


pgp0.pgp
Description: PGP signature

[courier-users] [request], please extende MAXPERIP options

2004-02-12 Thread Miroslav Ris 
hi,

thanks Sam for courier-imap server.
it's really best!
i am using this over 2 years.

request:
please add per tcp/ip:netmask MAXPERIP options for courier-imap server.

problem:
using webmail (squirrelmail and smm) for access to mail boxes (about 5000
users, and set MAXPERIP=5000).
but same users use stupid M$ mail readers (MS Outlook Express and MS Entourage).
this apps generate lots connections to imap server (one connections for every
mail in local app cache) and server totally freeze.

need set MAXPERIP for webmail server to 5000 and for all others to 4.

thanks!

--
Miroslav Ris


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] dynamic delivery instruction and 550 User unknown

2004-02-12 Thread Nat Sakimura 
Hi.
(B
(BI am using dynamic delivery instruction in
(B/etc/courier/aliasdir/courier-default .
(BThe external program makes a lookup into a database and decides where is the
(Bfinal destination. I want to make it such that if the lookup fails, the mta
(Breturns 550 User unknown to the client program.
(B
(BHow can I achieve it?
(B
(BNat
(B
(B
(B
(B---
(BSF.Net is sponsored by: Speed Start Your Linux Apps Now.
(BBuild and deploy apps  Web services for Linux with
(Ba free DVD software kit from IBM. Click Now!
(Bhttp://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
(B___
(Bcourier-users mailing list
(B[EMAIL PROTECTED]
(BUnsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users