from:"Sam Varshavchik"

Re: [courier-users] Courier-AuthLib Configure Script Not Finding Installed ltdl.h Files

2016-12-12 Thread Sam Varshavchik


Michael S. Scaramella, Esq. writes:

Libtool 2.4.6 and Courier Unicode 1.4 are now reinstalled from source. I ran  
the Libtool configure script as “./configure --prefix=/usr/local --exec- 
prefix=/usr/local --sysconfdir=/usr/local/etc/libtool --localstatedir=/var -- 
includedir=/usr/local/include/libtool” which completed successfully. Running  
gmake and gmake install installed two copies of ldtl.h, one at  
/usr/local/share/libtool/, and another at /usr/local/include/libtool/. The  
following are relevant excerpts from the terminal session:


Just because you installed some files in some directory doesn't mean that  
your compiler will automatically find them.


Typically, a compiler searches for header files in /usr/include, and maybe  
/usr/local/include. If you stick something somewhere else, you have to tell  
the compiler, it won't find it for you. You can pass CPPFLAGS to configure,  
to specify an additional compilation flags.


However, your approach is overall wrong. I'm sure that libtool is already  
properly packaged for FreeBSD. I'm sure it's somewhere in the ports tree,  
and all you have to do is install it, and it will be properly installed in  
/usr/include, /usr/lib, and all the usual default system directories, where  
all applications will find them, by default.





pgptkISHkJ_pK.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] maildrop: Timeout quota exceeded

2016-12-11 Thread Sam Varshavchik

Mike - st257 writes:

On Fri, Dec 9, 2016 at 12:51 PM, Gordon Messmer  
<gordon.mess...@gmail.com> wrote:

   On 12/09/2016 07:55 AM, Mike - st257 wrote:
   > I don't yet have an answer why that file was present (doesn't exist in
   > my mailbox on that system), but moving it aside resolves the present
   > mail delivery problem.

   That file's presence indicates that a Maildir++ has a quota, and is used
   to track the quota and usage.  Periodically, a maildir reader must crawl
   the entire maildir to re-calculate usage, which could explain the
   timeout if an uncached read of all of the directories for that Maildir
   take a *really* long time.

(Agreed.)
The user's mailbox is large enough (my opinion, at a few Gigabytes) that  
crawling the entire maildir will take an extremely long time.

You should look into exactly how messages get ultimately delivered to the  
maildir.

Although maildrop may be used to filter/sort through incoming mail, it is  
possible that something else actually delivers the mail to the mailbox.

maildrop creates that actual filenames for each message with the size of the  
message encoded into it. This will skip the stat call when scanning the  
mailbox.

This will also explain why the calculated quota is off.

If you don't need mailbox quotas, you can simply get rid of the whole thing,  
as you did. But if you do install mailbox quotas, you need to use maildrop,  
or the deliverquota helper to deliver messages to a quota-enforced mailbox.

pgpPtYT3SwwE9.pgp
Description: PGP signature
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Looking for new Debian maintainers for courier-mta packages

2016-12-11 Thread Sam Varshavchik

Mark Constable writes:

On 12/12/16 01:03, Sam Varshavchik wrote:
> Although Github's bug tracker is enabled, I don't link to it directly
> from www.courier-mta.org/links.html, only to the mailing lists.
> Courier is stable, and requires very little maintenance. Github's bug
> tracker is there, for anyone that wants to use it.

Well there we go. Maybe it is possible to ask Sam to include the /debian
directories from Ondřejs' PPA packages into his Github and personal git
repos so the issue of the canonical (not Canonical) upstream source is
no longer ambiguous?

That should satisfy the Debian/Ubuntu upstream requirements so whoever
was the formal package maintainer would only have to build and submit
the packages direct from Github and a "bunch of us deb using guys" only
have to focus on the QA of that /debian directory which we could mainly
coordinate via the Github issue tracker, and of course this list.

That's certainly fine. Formal patches can be sent either via this mailing  
list or through Github.

pgpYJ39rZ1ReM.pgp
Description: PGP signature
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Looking for new Debian maintainers for courier-mta packages

2016-12-11 Thread Sam Varshavchik

Mark Constable writes:

> Two things:
> The package has no git source https://packages.qa.debian.org/c/courier.html
> Courier upstream has no bug-tracking system.
>
> I would choose GitHub as a place to store /debian and to communicate
> with upstream.

Unfortunately Sam doesn't seem interested in moving his whole development
system over to Github.

The Courier git repositories are on Github as well as Sourceforge. They've  
been there for years, and they've been linked to directly from  
http://www.courier-mta.org/repo.html.

Although Github's bug tracker is enabled, I don't link to it directly from  
www.courier-mta.org/links.html, only to the mailing lists. Courier is  
stable, and requires very little maintenance. Github's bug tracker is there,  
for anyone that wants to use it.

I did just notice that somewhere along the way, the link to the links.html  
page itself became not very prominent. This has been corrected.

pgpBDdeAm8_xE.pgp
Description: PGP signature
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] How to test imap idle

2016-12-02 Thread Sam Varshavchik

David Niklas writes:

On Tue, 15 Nov 2016 20:02:03 -0500
Sam Varshavchik <mr...@courier-mta.com> wrote:
> David Niklas writes:

> > Finally, running imapd from the test account it seems that I'm already
> > logged in:
> >
> > % imapd
> > * PREAUTH Ready.
> > INFO: LOGIN, user=test ip=[127.0.0.1], port=[0], protocol=IMAP
> > Z SELECT INBOX
> > Z NO UNABLE TO OPEN THIS  MAILBOX.
>
> No, it means that imapd is not started correctly, or from the wrong
> directory. imapd must be started from the account's maildir, not its
> home directory.

My default user, who is aliased to root and postmaster, has recently
gotten mail which was deposited into an Mbox named Maildir.

After creating three folder in Maildir/, cur/, new/, and tmp/ , I can get
mail. I'm now getting:
* 0 EXISTS
as opposed to 2 as stated in the man page when running "Z SELECT INBOX".
  famd is started, but I'm getting "entering idle mode", that is, without
the "Enhanced" part and the imapd processes are not communicating the
changes.
What do I do now? How do I diagnose?

If you're starting from the commandline, you have to set the same  
environment variables that get specified in the imapd configuration file.

For example, the imapd configuration file explains that IMAP_ENHANCEDIDLE
must be set to 1, so if imapd is invoked from the command line:

IMAP_ENHANCEDIDLE=1 ./imapd

pgpBuqcUzk2m4.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Mailman "Group mismatch error"

2016-11-28 Thread Sam Varshavchik


Lucio Crusca writes:


Given mailman is not complaining for the arduino@lists... mailing list,
I assume either courier is running it in the "daemon" group for that


It is running it under whatever groupid the arduino account specifies.


list, or mailman is working even if executed in the mailboxes group.
Whichever, I'd like the same to happen for the dlinguistico@lists...
list without having to create all the accounts like I did for the other
lists. Is it possible?


Make dlinguistico's account's group id and user id match the ones used for  
those mailman lists.




pgpCillgYI_s1.pgp
Description: PGP signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Alternate and extra IMAP folders

2016-11-16 Thread Sam Varshavchik


Mark Constable writes:


Ie; would it be possible to symlink "Sent Items" to "Sent" so the
users Outlook/Mail program is happy, Roundcube is happy, and that
courier-imap is happy dealing with one set of "real" folders?


Symlinking should work.


Is it possible to tell courier-imap PER CLIENT which folders to use?


Nope. An IMAP server has no knowledge of the brand of the IMAP client. It's  
just an anonymous socket connection from some IP address.


I do recall some dusty, forgotten IMAP extension where the client and the  
server exchange their software versions. That's it. It serves no other  
purpose, whatsoever, and, like every other IMAP extension, it is optional  
and the client and the server must be coded to use it.




pgpjCECsfJ0ar.pgp
Description: PGP signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] How to test imap idle

2016-11-15 Thread Sam Varshavchik


David Niklas writes:


I tried using ./Maildir, but then root does not have a Maildir so
connecting from  my test account returns "no such file or...".
Changing the path to an absolute one, I set -user and -group to test
(changing owner to match and I get:
* BYE Your account is temporarily unavailable (+t bit set on home
directory)


What part of this error message is unclear?


And couriertcpd says that the dir is locked.


And what's unclear about that?


Finally, running imapd from the test account it seems that I'm already
logged in:

% imapd
* PREAUTH Ready.
INFO: LOGIN, user=test ip=[127.0.0.1], port=[0], protocol=IMAP
Z SELECT INBOX
Z NO UNABLE TO OPEN THIS  MAILBOX.


No, it means that imapd is not started correctly, or from the wrong  
directory. imapd must be started from the account's maildir, not its home  
directory.




pgpu21yW2dMaI.pgp
Description: PGP signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Disable user account

2016-11-07 Thread Sam Varshavchik


Bowie Bailey writes:


On 11/7/2016 3:34 PM, Sam Varshavchik wrote:
> Bowie Bailey writes:
>
>> Using userdb, is there a way to disable an account for a user so that
>> they can no longer authenticate with the server?
>>
>> I know that I can simply reset the password, but I would prefer a
>> solution that would let me disable and then re-enable the account
>> without messing with the existing password.
>
> If you're using systempw, you can add an imappw/pop3pw/esmtppw fields,
> which by default override systempw, and set them to some random password.

That might work.  I assume esmtppw would be used when they authenticate
to send email?  I was looking for something like that, but I guessed I
missed it when I was going through the man pages.


Yes, esmtppw is SMTP authentication.




pgpAoNuZyvcea.pgp
Description: PGP signature
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Disable user account

2016-11-07 Thread Sam Varshavchik


Bowie Bailey writes:


Using userdb, is there a way to disable an account for a user so that
they can no longer authenticate with the server?

I know that I can simply reset the password, but I would prefer a
solution that would let me disable and then re-enable the account
without messing with the existing password.


If you're using systempw, you can add an imappw/pop3pw/esmtppw fields, which  
by default override systempw, and set them to some random password.




pgpDiUkrMvEXY.pgp
Description: PGP signature
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Is there a simple way to bounce a message via

2016-11-05 Thread Sam Varshavchik


Fred Drueck writes:


Hi Sam,

I understand the extension matching for the .courier files, it's the
same as for qmail, which is why I'm using .courier in the first place.

I've gone ahead and copied all the .courier files like

rm /home/testuser/.courier*
cp /home/listuser//home/testuser/.courier* /home/testuser/
chown -R testuser /home/testuser/

but, the behavior is still different.

For testuser, the mail continues to rejected during the SMTP exchange:

550 User  unknown

for listuser, the mail continues to be accepted during the SMTP
exchange:


Check the permissions of each account's home directory.

The SMTP server runs as a non-privileged user.

In order to verify the existence of .courier files, the home directory must  
be r-x. su to the courier user, and see if you can ls each home directory,  
and stat the .courier files.




pgpHqAxJNUlqS.pgp
Description: PGP signature
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Is there a simple way to bounce a message via

2016-11-04 Thread Sam Varshavchik


Fred Drueck writes:


Hi Sam,

Thanks again for your response.

For listuser, I have a number of files of the form

.courier-list
.courier-list-default
.courier-list-owner

And there used to be a .courier file, but I've renamed the

.courier-default

file, restarted courier, just in case there was some sort of data
cached in memory, but this does not cause courier to reject the
message during the SMTP exchange.


Of course not.

.courier-default means that any user- address is valid. user-list@,  
user-foo@, user-foo-bar-baz@, and so on.


See http://octopus/www.courier-mta.org/dot-courier.html for more information.

An address is non-deliverable only if it is not matches by a .courier file.




pgpczSr8fexNE.pgp
Description: PGP signature
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Is there a simple way to bounce a message via

2016-11-04 Thread Sam Varshavchik


Fred Drueck writes:


Thanks for the suggestion!

But, after reading a few man pages, I've become convinced that maybe I
should actually use a:

.mailfilter/rcptfilter-original_name

filter so we can refuse the message during the SMTP exchange.

During this process I've discovered some things that don't really make
a lot of sense to me:

Using a seperate, test user with a small number of .qmail files:

.courier-test  .courier-test~  .courier-test-default

and I try to send mail to, say:

testuser-bogus@domain

courier gives me:

550 User  unknown

The mail is not even accepted, a bounce notice will be generated by
the last SMTP server that tried to deliver the message.

But, if I send mail to the listuser like:

listuser-bogus@domain

the mail is accepted, though it fails to be delivered and will
generate a bounce message from the courier-nta server.

~/.courier-default

Neither user has either of these files:

~/.mailfilter/rcptfilter
~/.mailfilter/rcptfilter-default

both users have exactly one file of the form:

~/.mailfilter/rcptfilter-extension

Any ideas why this behavior is not consistent between the 2 users?


listuser must have a .courier-default file.




pgpG9BZM2UM4L.pgp
Description: PGP signature
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Is there a simple way to bounce a message via .courier files?

2016-11-03 Thread Sam Varshavchik


Fred Drueck writes:


Hello Everyone,

I've got a problem where I've had to rename one of my couriermlm
mailing lists.  Basically it went from:

user-original_name@domain

to

user-new_name@domain

I want to make sure that messages sent to the:

user-original_name@domain

generate a bounce message so that former users of the list (who have
been notified of the change, but are liable to not remember the change
if they don't get a bounce message) are warned if they send mail to
the old address.

Is there a simple way to do this?

It looks like qmail had a program for this:

bouncesaying

is there a courier equivalent of this?


Courier has a "mailbot" tool that can be used to generate various kinds of  
autoreplies. Have the old address's .courier file execute mailbot, with the  
appropriate options.




pgpTKauTFi3Ti.pgp
Description: PGP signature
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] catch all for one domain only

2016-11-02 Thread Sam Varshavchik

Lucio Crusca writes:

Il 02/11/2016 23:23, Sam Varshavchik ha scritto:

> Based on this description, you must be listing your virtual domains in
> the hosteddomains file, and using "makehostedomains".

Yes, I'm doing just that.

> This is documented in the makehosteddomains manual page: the address
> "alias@hosteddomain", with its own .courier files.
>

Sorry Sam for being so dull, I read the manpage but I couldn't make it
work, it still replies "User <sdssd...@usosalix.org> unknown". Here is
what I did:

1) created the user catch...@usosalix.org

No, as the manual page explains, the address is "alias", not "catchall". It  
should be "al...@usosalix.org".

pgpfRu6z4CZ3z.pgp
Description: PGP signature
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] catch all for one domain only

2016-11-02 Thread Sam Varshavchik


Lucio Crusca writes:



3) added the following line to hosteddomains:
 catch...@usosalix.org


hosteddomains is a list of domains, not email addresses.




pgpU9E0OngZ9Z.pgp
Description: PGP signature
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] catch all for one domain only

2016-11-02 Thread Sam Varshavchik


Lucio Crusca writes:


My Courier server hosts several virtual domains, and I'm trying to
configure a catch all address only for a few of the hosted domains. All
the mail accounts are listed in /etc/courier/userdb.

I've read dot-courier manpage, but I almost certainly got it wrong. To
my understanding, when the recipient cannot be found,
/etc/courier/aliasdir is the last resort and the file
/etc/courier/aliasdir/.courier-default is where I should put the catch
all rule.


Based on this description, you must be listing your virtual domains in the  
hosteddomains file, and using "makehostedomains".


This is documented in the makehosteddomains manual page: the address  
"alias@hosteddomain", with its own .courier files.




pgpAL1tjuBwKs.pgp
Description: PGP signature
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] strange log messages from courier-imapd

2016-10-19 Thread Sam Varshavchik


John Covici writes:


Hi.  I have been using your imap daemon for some time and it seems to
be working, but recently I changed the port to 993 and am using an
encrypted connections.  I am getting some unusual messages however
from my logs -- here is what I am getting:
  couriertls: /usr/share/dhparams.pem: error:02001002:system  
library:fopen:No such file or directory - 13 Times



Is there supposed to be such a file and if so, what are its contents?


The "Initial parameters, and a monthly cron job to generate DH parameters"  
section of INSTALL instructions (http://www.courier- 
mta.org/imap/INSTALL.html) explain that the mkdhparams script needs to be  
run after installing Courier, which creates this file.


If you're using your Linux distribution's package, there must be a problem  
with that package, as it should be taking care of that automatically for you.




Also, I am getting the following
  couriertls: /etc/courier-imap/imapd.pem: error:0906D06C:PEM  
routines:PEM_read_bio:no start line - 13 Times


The start line looks fine to me and is:
-BEGIN CERTIFICATE-


That file should contain your private key, and then your certificate,  
concatenated together:


-BEGIN PRIVATE KEY-

..

-END PRIVATE KEY-
-BEGIN CERTIFICATE-

..

-END CERTIFICATE-



pgpsEJgnqny8i.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] client TLS settings

2016-09-29 Thread Sam Varshavchik


SZÉPE Viktor writes:



Good evening!

AFAIK an SSL connection is build from the intersection of client &
server cypher suites.

TLS_PROTOCOL="TLSv1.2:TLSv1.1:TLS1"
TLS_CIPHER_LIST="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20- 
POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256..

TLS_DHPARAMS=/etc/courier/dhparams.pem

Do these have any effect in /etc/courier/courierd on Courier as SMTP client?


Yes. When sending mail, if the receiving mail server talks SSL, these  
settings will take effect.




pgpkLmhRxeJ0M.pgp
Description: PGP signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] TLS_STARTTLS_PROTOCOL removed from pop3d-ssl.dist.in

2016-09-26 Thread Sam Varshavchik


Matus UHLAR - fantomas writes:


On 26.09.16 16:13, Matus UHLAR - fantomas wrote:
>I have noticed that between courier 0.72 and 0.73 the
>"TLS_STARTTLS_PROTOCOL" option was removed off pop3d-ssl.dist.in, however it
>still exists in imapd-ssl.dist.in
>
>after some digging it seems comes from the commit [37a74e]
>
>https://sourceforge.net/p/courier/courier-libs.git/ci/ 
4d91075b1b90f68527304b45bb26637a17e1454d/log/?path=/imap/pop3d-ssl.dist.in

>
>2013-10-14 Sam Varshavchik <mr...@courier-mta.com>
>
>* libs/tcpd/libcouriertls.c (tls_create): Add TLSv1_1_method() and
>TLSv1_2 method(), based on patch by Rob Austein <s...@hactrn.net>.
>
>* pop3d-ssl.dist.in, imapd-ssl.dist.in: Fix up differences in the
>documentation of TLS options in various config files.
>
>
>... seems at least one difference was created at the time ;-)
>should it stay in pop3d-ssl script or should it be removed off imapd-ssl ?


OTOH, the TLS_CIPHER_LIST appears two times in imapd-ssl.dist.in
(I wasn't able to find out which commit caused that)


Both issues will be corrected.



pgpTiJCYTxf6h.pgp
Description: PGP signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] [patch] fix duplicate definition of sqwebmail_content_charset in courier

2016-09-20 Thread Sam Varshavchik


Alessandro Vesely writes:


On Mon 19/Sep/2016 13:58:28 +0200 Hanno Böck wrote:
>
> The variable sqwebmail_content_charset is defined twice, in sqwebmail.c
> and gpg.c. One of them should be declared as extern.

Isn't that the default?  The C spec has sentences such as:

 If the declaration of an identifier for an object has file scope and no
 storage-class specifier, its linkage is external.
https://www.securecoding.cert.org/confluence/display/c/DCL36-C. 
+Do+not+declare+an+identifier+with+conflicting+linkage+classifications


You're probably right; still this is a bit messy, and should be fixed.



pgps96MljTPZk.pgp
Description: PGP signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Courier Fails to Queue Messages

2016-09-18 Thread Sam Varshavchik


Joseph C. Lininger writes:


« HTML content follows »
Sam,
First thank you for your help.

I figured out part of the problem. courierd wasn't starting. There was a  
single file the script wanted that I didn't have. I put it in place and  
courierd at least started.


Now I'm having a problem with "no such file or directory", and the logs  
report "abnormal program termination". The program restarts every minute, but  
I'm sure you guessed as much. I figured out via searching (one of your posts  
actually) that this indicates corruption. I uninstalled, removed the local  
state directory, then reinstalled. It works fine, right up to the point that  
I try to send the first message. Then it starts doing that again. I'm at a  
loss. Currently I'm trying building from source rather than using the  
package, but if you have more insight into why it might be doing that it  
would help. At least then I could submit a fixed package for other users.


Sounds like a bad package.

Unfortunately, the number of ways to screw up any software install is not  
bounded.




pgpSffxPPOzea.pgp
Description: PGP signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] OAuth 2

2016-09-18 Thread Sam Varshavchik


m...@lechevalier.se writes:

Google has since a while started to block normal IMAP/SMTP access to gmail  
unless users specifically activate "Enable less secure apps" in their  
account settings. 


As alternative Google now require the use of OAuth 2.0 for authentication.  
The idea is to avoid showing the real user/password to each app that wants  
to connect to the account:  



Microsoft is also using OAuth2 with outlook.com  



OAuth website: 



Many clients are also moving towards this, like Outlook and Thunderbird.
Are there any plans support OAuth 2.0 with Courier?


At this time I have no immediate plans, at the moment; but patches are  
welcome.




pgpPZY3iNla6b.pgp
Description: PGP signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Courier Fails to Queue Messages

2016-09-18 Thread Sam Varshavchik


Joseph C. Lininger writes:


I installed Courier on Arch Linux  via the aur package. Everything works
fine for the most part. Courier can successfully authenticate against an
SQL database, it can access mailboxes to check mail, etc. One problem,
and it's a big one. When courier receives a message, it doesn't queue it
and deliver it to a mailbox. There's no entry in the logs or anything;
the message just disappears. I also tried sending mail to a remote
location manually by telnetting to the smtp server after temporarily
authorizing localhost to relay. The same thing happens. smtp server
indicates success, but the message is silently dropped. Finally, I've
tried using /usr/bin/sendmail to send a local message. That too doesn't
work. Can anyone shed light on this? I have *never* seen this in over 10
years of using Courier MTA.


The low hanging fruit: has Courier been started? "courier start".

When the server is not running, mail will still be accepted, but not queued  
up until the server starts.




pgpUt8zM2wfzQ.pgp
Description: PGP signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Courier 0.76.3 released

2016-09-17 Thread Sam Varshavchik


Download: http://www.courier-mta.org/download.html

Changes:

• courier: this is a small fix to allow the NOOP command before  
authentication takes place.





pgpfBMjvLKNeO.pgp
Description: PGP signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] addcr name collission - can we rename it?

2016-09-13 Thread Sam Varshavchik


Hanno Böck writes:


Hi,

There's a very old bug in the Gentoo bug tracker that there's a name
collission between the courier and the ucspi-tcp package:
https://bugs.gentoo.org/show_bug.cgi?id=223155

There are similar bug reports in plenty of other distributions:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476489
https://bugs.archlinux.org/task/9116

Debian has solved this with a complicated construction using multiple
alternatives, archlinux and gentoo simply by avoiding to install both
packages in parallel.

From what I can see the main purpose of the addcr command is that it
internally is used by the smtpd code. So I think this could probably be
renamed without causing too much trouble.

Sam, do you think we can change addcr to another name, e.g. caddcr,
addcr-courier, addcr.courier or whatever you feel is most suitable?
ucspi-tcp is very old and I doubt it'll be changed, yet it still seems
popular. And unlike the courier tool I think the ucspi-tcp tool isn't
primarily meant to be used internally, so renaming it would cause more
complications.


courier's addcr was historically intended to replace addcr from ucspi-tcp.

This is not the only binary in Courier that intentionally replaces some  
other tool's functionality.


Another one is preline, that intentionally provides the same functionality  
as procmail's getline. Why is that not a conflict?


A solution that's usually used elsewhere is to simply put Courier's bindir  
somewhere else, and then add it to the system shells' default PATHs. That's  
the default configure setting, bindir is /usr/lib/courier/bin.


Would that work here?



pgpxxBuwhIbZ4.pgp
Description: PGP signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Authentication and NOOP

2016-09-12 Thread Sam Varshavchik


Bernd Wurst writes:


Hi.

I recently set up a telephone system from german manufacturer AGFEO.
This one has the capability to send e-mails when a new call is received
on the voicebox.

As I also operate a server with courier mta, I just created an account
and set it up in the phone system.

But mail does not work. In the server log files, I find this one:
courieresmtpd: error,relay=[...],msg="535 Authentication required.",cmd:
NOOP

Am I right that this is because I require authentication (on port 587)
and this client does send a NOOP before auth and courier does not accept
NOOP unauthenticated.

As I really do not understand why this NOOP is sent here, I also do not
understand why courier rejects NOOP. NOOP is defined in RFC 5321 as follows:
   This command does not affect any parameters or previously entered
   commands.  It specifies no action other than that the receiver send a
   "250 OK" reply.

So does courier really kick off the client because of that NOOP?


It doesn't disconnect the client, it just rejects the command.

But I agree that this doesn't make a lot of sense, so this will be changed.



pgpTDoHIKG6Vb.pgp
Description: PGP signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] How to test imap idle

2016-09-06 Thread Sam Varshavchik


David Niklas writes:


Hello,
I've been following the imap man page (this is a fresh install), and I
su'ed into my test account and netcat to 127.0.0.1 143. I then entered:
C: login test 1234
S: login NO Error in  IMAP command received by server.

Now, there may be no error, but it sure is strange to get that message
no-matter what command I enter.
I figure that maybe there's a database I need to fill in with names and
passwords.
What do I do?


Each IMAP command starts with a command identifier, which is an arbitrary  
label. The letter "a" will be sufficient.


a login userid password




pgpzejCAGGztp.pgp
Description: PGP signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Log SMTP Auth

2016-08-22 Thread Sam Varshavchik


Bernd Wurst writes:


Hi.

I just wondered if there is any built-in way to have courier mail server
log Authentications (successful and unsuccessful) in a clean and simple way.

In esmtpd config, I can log the dialog, in authdaemonrc I can turn on
debugging but that's clearly not an easy way to have authentications
logged. Auth failures get logged as errorneous SMTP response but I did
not find anything about successful logins.

Any idea on that?


The only logging options are the ones that can be set in authdaemonrc, and  
in maillog.



I would like to build some heuristic detection about hacked accounts.
Not really rate limiting but something "alert me when an account logged
in a hundred times in a few minutes".


A single successful authentication is sufficient to send an unlimited number  
of emails. SMTP allows multiple emails to be sent for a single connection.





pgpcwUF3oPjdz.pgp
Description: PGP signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] What exactly is host name and machine name

2016-08-17 Thread Sam Varshavchik


David Niklas writes:


Hello,
I'm reading the courier docs and I'm trying to create a "fake" (not
connected to the internet), courier installation for my few computers at
home.
I read that I should enter my "hostname" and "machine name" in certain
files but I'm uncertain as to weather or not that means my "fake" name or
a "fake" fully qualified hostname (something with a .(com|org|etc)).


All configuration files use full hostnames.



pgp6ttPeafFbq.pgp
Description: PGP signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Mistake in courier man page

2016-08-17 Thread Sam Varshavchik


David Niklas writes:


< retryalpha, retrybeta, retrygamma, retrydelta
<
< These control files specify the schedule with which the Courier mail
< server tries to deliver each message that has a temporary, transient,
< delivery failure.retryalpha and retrygamma contain a time interval,
< specified in the same way as queuetime. retrybeta and retrymaxdelta
< contain small integral numbers only.

You'll notice that the first line contains retrydelta whereas the
paragraph uses retrymaxdelta. Which is correct?


retrymaxdelta is correct. The documentation will be corrected.



pgpNADTgkJXyS.pgp
Description: PGP signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] MTA STS / transport security

2016-08-14 Thread Sam Varshavchik


Hanno Böck writes:


I wanted to bring this up because obviously courier might be a project
interested in implementing this. Also right now would be the right time
if people want to influence the standards process and discuss whether
they have any concerns or ideas about this. The discussions happen in
the TLS UTA working [3].


[1] https://tools.ietf.org/html/draft-brotman-mta-sts-00


So, the proposal on the table is to have a mail server talk https, first, to  
a remote host.


This looks to me like a thinly disguised attempt to implement a tithe on  
smtps, to SSL certificate authorities.





pgpw2ndBZ0RId.pgp
Description: PGP signature
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. http://sdm.link/zohodev2dev___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Weired quota recalculation

2016-08-14 Thread Sam Varshavchik


chaouche yacine writes:


>- Original Message -
>From: Sam Varshavchik <mr...@courier-mta.com>
>To: Courier Users <courier-users@lists.sourceforge.net>
>Sent: Sunday, August 14, 2016 2:50 PM
>Subject: Re: [courier-users] Weired quota recalculation

>
>No.
>
>Courier calculates the size of the mailbox, in exact bytes. du/df report the
>usage in disk blocks.

That's du's default behaviour. Exact bytes are obtained with -b.

>> root@messagerie[CHROOT][10.10.10.20] /var/vmail/algerian- 
radio.dz/a.chaouche

>> # du -s -b
>> 698912048.
>>

I should have skipped the output of du alltogether.

Before maildirmake.courier -q
=
>> root@messagerie[CHROOT][10.10.10.20] ~/SCRIPTS/MAIL # head
>> /var/vmail/algerian-radio.dz/a.chaouche/maildirsize
>> 840957952S
>> 690880961 7252
>> root@messagerie[CHROOT][10.10.10.20] ~/SCRIPTS/MAIL #
>>

After maildirmake.courier -q
=
>> root@messagerie[CHROOT][10.10.10.20] ~/SCRIPTS/MAIL # maildirmake.courier  
-q

>> 7S /var/vmail/algerian-radio.dz/a.chaouche/
>> root@messagerie[CHROOT][10.10.10.20] ~/SCRIPTS/MAIL # head
>> /var/vmail/algerian-radio.dz/a.chaouche/maildirsize
>> 7S
>>  844259131  24530
>>
>> root@messagerie[CHROOT][10.10.10.20] ~/SCRIPTS/MAIL #


Both message count and maildir size have changed. Here's output of find . - 
type f | wc -l


root@messagerie[CHROOT][10.10.10.20] /var/vmail/algerian-radio.dz/a.chaouche  
# find . -type f | wc -l

7396
root@messagerie[CHROOT][10.10.10.20] /var/vmail/algerian-radio.dz/a.chaouche  
#


Which is closer to the original data stored in maildirsize


I would check the filesystem consistency using fsck.




pgpetSjDH64fu.pgp
Description: PGP signature
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. http://sdm.link/zohodev2dev___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] New courier, courier-imap, and maildrop packages

2016-08-14 Thread Sam Varshavchik


Download: http://www.courier-mta.org/download.html

Changes:

- courier: allow consecutive % and ! characters in return addresses. Still  
disallow consecutive periods, as that's still expressly prohibited in RFC  
2822.


- couriermlm NOBOZOS=1 option checks only the first word of the first line,  
not the first word of each line in the message.


- reformime: do not abort due to invalid encoding of the "name" attribute.

- imapd: the server should reject commands from buggy IMAP clients to delete  
the entire mailbox. This didn't work in some cases, letting IMAP clients  
nuke the entire mailbox.


- maildrop: implement the FLAGS variable.

- maildrop: fix a bug where the last line in a message wasn't getting  
searched, fix parsing of a message without a body.




pgpCNScwz_Nuc.pgp
Description: PGP signature
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. http://sdm.link/zohodev2dev___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Ports 465 vs 587

2016-08-14 Thread Sam Varshavchik


Mark Constable writes:


Because of arguments like this, and that I do not even want to offer
non-SSL options, I routinely disable ports 143 and 587 and only use
ports 993 and 465 for authenticated user mail...

https://www.agwa.name/blog/post/starttls_considered_harmful

However just now I notice this comment and am now concerned that ie;
port 465 might be deprecated and dropped by future Roundcube updates...

https://github.com/roundcube/roundcubemail/blob/ee895a2c96a33b854c62a5835a7a1fcd24c02b39/config/defaultshinc.php#L251

I guess my question is; how safe is it to continue to rely on NOT
using ports 143/587?


Perfectly safe.



pgp7DCego6500.pgp
Description: PGP signature
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. http://sdm.link/zohodev2dev___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Weired quota recalculation

2016-08-14 Thread Sam Varshavchik


chaouche yacine writes:


Bonjour courier users,

I have a weired problem with setting quotas on mailboxes. Here's an example :

For this mailbox, current consumed quota is 690880961 on a 840957952 limit

root@messagerie[CHROOT][10.10.10.20] ~/SCRIPTS/MAIL # head  
/var/vmail/algerian-radio.dz/a.chaouche/maildirsize

840957952S
690880961 7252
root@messagerie[CHROOT][10.10.10.20] ~/SCRIPTS/MAIL #

What's really on the disk is 698912048,
root@messagerie[CHROOT][10.10.10.20] /var/vmail/algerian-radio.dz/a.chaouche  
# du -s -b

698912048 .

root@messagerie[CHROOT][10.10.10.20] /var/vmail/algerian-radio.dz/a.chaouche  
#



I made the math it's 7 megs difference, but that's "ok" compared to when I  
change the quota limit from initial 840 957 952 to 700 000 000 (still above  
what's on disk and what's reported on maildirsize). Quota goes from  
690880961 to 844259131 ?


root@messagerie[CHROOT][10.10.10.20] ~/SCRIPTS/MAIL # maildirmake.courier -q  
7S /var/vmail/algerian-radio.dz/a.chaouche/
root@messagerie[CHROOT][10.10.10.20] ~/SCRIPTS/MAIL # head  
/var/vmail/algerian-radio.dz/a.chaouche/maildirsize

7S
  844259131  24530

root@messagerie[CHROOT][10.10.10.20] ~/SCRIPTS/MAIL #


Am I doing something wrong ?


No.

Courier calculates the size of the mailbox, in exact bytes. du/df report the  
usage in disk blocks. As you were taught in the "Operating System 101"  
course, in college, a single byte file will, with most filesystems, take up  
a single block of disk space, which on Linux is 4096 bytes.


See also: http://www.courier-mta.org/maildirquota.html



pgpTsvhZJbNgE.pgp
Description: PGP signature
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. http://sdm.link/zohodev2dev___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Address literals

2016-07-31 Thread Sam Varshavchik

Alessandro Vesely writes:

On Sat 30/Jul/2016 14:30:18 +0200 Sam Varshavchik wrote:
> Matus UHLAR - fantomas writes:
>> On 29.07.16 06:48, Sam Varshavchik wrote:
>>> Courier should accept postmaster@[ipaddress], where ipaddress matches
>>> the connection's IP address. It won't accept any other IP address.

That means ipaddress matches the /local side/ of the connection if the mail
address is a recipient, right?

You don't know who the recipient is until you check the domain.

>> what about servers behind DNAT?
>
> That's obviously a problem. But this problem is due to DNAT itself.
>
> If a mail server accepts any IP address, delivers locally for its own IP
> address, and relays everything else, DNAT will still be a problem there. A  
mail
> addressed to postmaster@[public ip address] which reach the server, which  
will

> promptly attempt to relay it.

Reverse lookup can be used to learn which domain's postmaster that would be,

That might be possible. The current implementation always uses the  
configured local domain (defaultdomain).

> I would also have to question whether anyone cares a lot about this legacy  
SMTP

> feature.

It is meant as a last resort, in case there's something wrong in the DNS.  An
extra bit of resiliency, which would almost never be used.

Well, what it's meant to be is one thing. What it actually is, is something  
that I would be surprised if it works correctly for more than one in a  
thousand domains, with the definition of "works" meaning that the mail gets  
delivered to someone who actually looks at it.

pgpdw83pSfULx.pgp
Description: PGP signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Address literals

2016-07-30 Thread Sam Varshavchik


Alessandro Vesely writes:


On Fri 29/Jul/2016 12:48:25 +0200 Sam Varshavchik wrote:
> Alessandro Vesely writes:
>
>> SMTP provides for:
>>
>> address-literal  = "[" ( IPv4-address-literal /
>>  IPv6-address-literal /
>>  General-address-literal ) "]"
>>  ; See Section 4.1.3
>>
>> Mailbox= Local-part "@" ( Domain / address-literal )
>>
>> However, Courier gives a syntax error:
>>
>> >>> rcpt to:<postmaster@[127.0.0.1]>
>> <<< 513 Syntax error.
>>
>> Has it always been so?  Why?
>
> Courier should accept postmaster@[ipaddress], where ipaddress matches the
> connection's IP address. It won't accept any other IP address.

Irrespectively or RELAYCLIENT?


Yes, because the recipient address is local.



pgpYq58fhBpkF.pgp
Description: PGP signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Address literals

2016-07-30 Thread Sam Varshavchik

Matus UHLAR - fantomas writes:

>Alessandro Vesely writes:
>>SMTP provides for:
>>
>>address-literal  = "[" ( IPv4-address-literal /
>> IPv6-address-literal /
>> General-address-literal ) "]"
>> ; See Section 4.1.3
>>
>>Mailbox= Local-part "@" ( Domain / address-literal )
>>
>>However, Courier gives a syntax error:
>>
>>>>> rcpt to:<postmaster@[127.0.0.1]>
>><<< 513 Syntax error.
>>
>>Has it always been so?  Why?

On 29.07.16 06:48, Sam Varshavchik wrote:
>Courier should accept postmaster@[ipaddress], where ipaddress matches
>the connection's IP address. It won't accept any other IP address.

what about servers behind DNAT?

That's obviously a problem. But this problem is due to DNAT itself.

If a mail server accepts any IP address, delivers locally for its own IP  
address, and relays everything else, DNAT will still be a problem there. A  
mail addressed to postmaster@[public ip address] which reach the server,  
which will promptly attempt to relay it.

If the mail server ignores the IP address, then the mail server itself  
cannot be used to relay mail for postmaster@[some public ip address].

I would also have to question whether anyone cares a lot about this legacy  
SMTP feature.

pgp9UDZj1ttTv.pgp
Description: PGP signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Address literals

2016-07-29 Thread Sam Varshavchik


Alessandro Vesely writes:


SMTP provides for:

address-literal  = "[" ( IPv4-address-literal /
 IPv6-address-literal /
 General-address-literal ) "]"
 ; See Section 4.1.3

Mailbox= Local-part "@" ( Domain / address-literal )

However, Courier gives a syntax error:

>>> rcpt to:
<<< 513 Syntax error.

Has it always been so?  Why?


Courier should accept postmaster@[ipaddress], where ipaddress matches the  
connection's IP address. It won't accept any other IP address.




pgpbvYdAKV_LL.pgp
Description: PGP signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Management of maildir structures

2016-07-25 Thread Sam Varshavchik

Lindsay Haisley writes:

On Mon, 2016-07-25 at 06:22 -0400, Sam Varshavchik wrote:
> new/cur split was meant to be merely a means to identify messages that  
were  
> seen for the very first time. Nothing more than the means to notify the  
user  

> "you have X new messages". This is not the same thing as how many unread  
> messages there are. Messages in cur may still be unread.

Sam, I made one further small change to the Wikipedia paragraph on
maildirs, which now states:

"When a maildir reading process (either a POP or IMAP server, or a mail
user agent acting locally) finds messages in the new directory it
_must_ move them to cur ... etc."

I did a bit of research on the term "mail retrieval agent" and it
doesn't look as if this is an apt description of a POP or IMAP daemon,
so I changed the wording to be more specific.

Is this technically correct, and is "must" appropriate?

I agree, this is technically correct.

pgp5MeQYm56uP.pgp
Description: PGP signature
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Management of maildir structures

2016-07-25 Thread Sam Varshavchik


Alessandro Vesely writes:


What is still missing is the purpose.  I grasp that MRAs and MUAs have a duty
which rsync is relieved of, but why?  (A similar duty is to delete any old  
file

left behind in tmp.  This is just housekeeping which any process can do.)

Rather than classifying maildir readers any further, it may be clearer to
explain, say, that such new-cur split is/was meant to ease some sort of
operations, such as client-side spam filtering.  IMAP and POP3 client don't
seem to need such functionality, so it must have been something related to
local MUAs.  Is that right?


new/cur split was meant to be merely a means to identify messages that were  
seen for the very first time. Nothing more than the means to notify the user  
"you have X new messages". This is not the same thing as how many unread  
messages there are. Messages in cur may still be unread.




pgpiMmIlb3BpQ.pgp
Description: PGP signature
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Management of maildir structures

2016-07-23 Thread Sam Varshavchik

Lindsay Haisley writes:

On Sat, 2016-07-23 at 13:29 -0700, Gordon Messmer wrote:
> In this case, I think that "MUA" simply means "the process that's
> reading the mail dir."  In particular, it refers to Dovecot in the
> same paragraph.

Well you may be right, except that "mail user agent" in that paragraph
is a link to a Wikipedia article which is pretty specific that the term
refers to an "email client" or "email reader".

I think my assumption is a safe one.  Thanks.

I would agree that "MUA" refers to anything that reads a maildir, in the  
most liberal interpretation.

pgp8I0FkZMWNh.pgp
Description: PGP signature
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] couriermlm bug, bouncing messages with 'Help' eve

2016-07-14 Thread Sam Varshavchik


Fred Drueck writes:


Hello Everyone,

I'm afraid that I'm complaining about some un-expected / misleading
behavior in the courier tools again.

When NOBOZOS=1 is set on a couriermlm list it will reject a message
that starts *any* line with a keyword.  E.g.

cat

Re: [courier-users] locking $HOME (~) directories (temporarily deferring delivery)

2016-07-14 Thread Sam Varshavchik


Fred Drueck writes:


I'm glad that you're going to correct either courier or the courier
documentation so the behavior regarding the sticky bit is consistent.


The online documentation was updated.


Ultimately, I have decided to forego locking home directories and have
rewritten my admin scripts to make atomic changes to .courier files,
(write tempfile, then mv tempfile to replace the current .courier
file) which should prevent me from having to lock home directories.


This is the correct approach in any case. A locking-based strategy should  
always be the last resort, only if no other alternatives are possible.  
Locking is fragile. If the process gets killed, the directory remains  
locked, interrupting mail delivery.


A file rename-based solution is the same general approach for implementing a  
wide variety of critical functions, that has been battle-tested for decades.  
The kernel guarantees that the file rename will either succeed, or not  
succeed. There is no compromise. Renaming to replace an existing file is  
guaranteed to either succeed or not succeed, and whatever is the outcome  
either the original file remains in place, or the new file renamed in place  
of the original file remains, and at all times the pathname resolves to  
either the old or the new file.


This is the basis for all maildir-based operations, where mail integrity is  
critical. sqwebmail does this to update the .mailfilter file, that maildrop  
reads. The process of inserting a new mail into the mail queue is also based  
on renaming a file, as an atomic operation that commits the new mail into  
the mail queue. The list goes on. This is how these things must be done.


pgp3VRWsr9z0S.pgp
Description: PGP signature
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Blocking Brute Force Auth Attacks

2016-07-08 Thread Sam Varshavchik

Nathan Harris writes:

On 7/8/2016 10:58 AM, Gordon Messmer wrote:
> On 07/08/2016 06:49 AM, Nathan Harris wrote:
>> Is there anything more
>> sophisticated or a better approach to solving this problem?
> I'd recommend that you not allow authentication on any non-encrypted
> protocols, and that'll only leave log analysis tools like fail2ban as
> options.
>

Gordon, first let me start with a big thank you for pythonfilter which I
have used for years.  As far as rejecting/disabling smtp authentication,
I was not aware there was a setting for this.

Set ESMTPAUTH and ESMTPAUTH_TLS to an empty string, in the esmtpd  
configuration file.

Before doing that, copy the current settings to the esmtpd-msa configuration  
file, its CUSTOM section is for that; so that authenticated smtp is still  
enabled on port 587.

pgpOXWDLV0lpc.pgp
Description: PGP signature
--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Blocking Brute Force Auth Attacks

2016-07-08 Thread Sam Varshavchik


Nathan Harris writes:


For a while now our server has been seeing a lot of brute force
authentication attacks.  Of course the source of these attacks is
constantly changing.  My firewall (pfSense) is running Snort and I am
using the following custom rules to help.

alert tcp $SMTP_SERVERS 25 -> $EXTERNAL_NET any (msg:"SMTP AUTH brute
force attack"; content:"535 Authentication failed."; nocase;
classtype:attempted-user; threshold:type threshold, track by_src, count
2, seconds 60; sid:1000500; rev:6;)

alert tcp $SMTP_SERVERS 25 -> $EXTERNAL_NET any (msg:"SMTP ERROR
potential spam or malware bot"; content:"502 ESMTP command error";
nocase; classtype:policy-violation; threshold:type threshold, track
by_src, count 2, seconds 60; sid:1000501; rev:4;)

alert tcp $SMTP_SERVERS 25 -> $EXTERNAL_NET any (msg:"SMTP SPAMHAUS
potential spam or malware bot"; content:"511 https://www.spamhaus.org;;
nocase; classtype:policy-violation; threshold:type threshold, track
by_src, count 1, seconds 60; sid:1000502; rev:4;)

alert tcp $SMTP_SERVERS 25 -> $EXTERNAL_NET any (msg:"SMTP SPAM detected
spam or malware bot"; content:"554 Mail rejected - spam detected";
nocase; classtype:policy-violation; threshold:type threshold, track
by_src, count 1, seconds 60; sid:1000503; rev:2;)

This is working fairly well.  However, it would also be good to
immediately block an IPs when an invalid user name is specified.  I have
looked at Fail2Ban which does a similar operation to what I'm doing
(except on the mail server's firewall).  Is there anything more
sophisticated or a better approach to solving this problem?


You should check the timestamps in the maillog. Courier's automatic  
tarpitting and rate limit is pretty good at keeping things under control.


Also, check whether or not you really need to enable authenticated SMTP on  
port 25. In most cases you can turn this off completely, and use only  
authenticated SMTP on port 587.


Just last month, on another mailing list one unfortunate soul discovered  
that he was succesfully dictionary-attacked, and had a queue-full of spam.


No tarpitting will help. fail2ban will work generally well, but it won't be  
fool-proof.




pgpEc0GfuDjE6.pgp
Description: PGP signature
--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] OpenSSL v1.1.0

2016-06-27 Thread Sam Varshavchik


Mark Constable writes:


Hi Sam, FWIW Debian "stretch" is currently rebuilding all SSL related
packages based on OpenSSL v1.1.0 which will also flow through to Ubuntu
packages pretty soon. Perhaps you could provide a tweak to help ondrej
build new deb packages, and no doubt this will affect rpm packages too.


Without having openssl 1.1.0 available, I can't really verify this, but try  
the following. Note that this will require rebuilding libs/tcpd/configure



diff --git a/tcpd/configure.ac b/tcpd/configure.ac
index 447ba72..e3c25b1 100644
--- a/tcpd/configure.ac
+++ b/tcpd/configure.ac
@@ -286,6 +286,7 @@ AC_MSG_RESULT($spipe)
AC_CHECK_HEADER(openssl/ssl.h,have_ssl_h=yes,have_ssl_h=no)
AC_CHECK_LIB(ssl, SSL_load_error_strings, have_ssl=yes, have_ssl=no,
-lcrypto)
+AC_CHECK_LIB(ssl, OPENSSL_cleanup,have_ssl=yes)

if test "$have_ssl" = "yes"
then
diff --git a/tcpd/libcouriertls.c b/tcpd/libcouriertls.c
index 81ef3e2..0c091ba 100644
--- a/tcpd/libcouriertls.c
+++ b/tcpd/libcouriertls.c
@@ -608,8 +608,10 @@ SSL_CTX *tls_create_int(int isserver, const struct 
tls_info *info,
if (first)
{
first=0;
+#if OPENSSL_API_COMPAT < 0x1010L
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
+#endif

while (RAND_status() != 1)
{



pgpyMn5sxCpfS.pgp
Description: PGP signature
--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Courier sourcing during test

2016-06-24 Thread Sam Varshavchik


David Niklas writes:


It also says that courier is installed
under /usr/lib/courier/sbin/courier which does not exist.


This should be the default installation directory. The installation  
directory is configurable, based on configure options.



I had to choose which piece of info was wrong, I choose the name. Bad
choice.
/usr/sbin/courier works fine, the ENV is cleaned and id is correct.
Problems solved.

If I submitted a few extra paragraphs for the courier docs to make it
more clear, do you think they'd accept, or is my experience to
exceptional/silly?


You're more than welcome to submit a contribution to improve any  
documentation.


For small changes and brief excerpts, plain text is fine. For large  
wholesale changes, its preferred to check out the git repo, and update the  
original html or Docbook XML source.




pgpVRi3sUUXcV.pgp
Description: PGP signature
--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] locking $HOME (~) directories (temporarily deferring delivery)

2016-06-18 Thread Sam Varshavchik

Fred Drueck writes:

However, on both Debian and Ubuntu (also Arch Linux, using a package
built from the AUR), even with courier-maildrop installed, it does not
appear that maildrop is invoked by default to deliver local mail.
Either that, or when maildrop is invoked in this manner, it *will*
deliver mail to a user home directory with the sticky bit set.

The default Courier configuration does not use maildrop.

The courier online documentation suggests this should not be the case:

http://www.courier-mta.org/local.html

> Output module
>
> setuids to the user indicated in the host parameter.
> If $HOME has the sticky bit set, defers the mail.

That's going to be corrected.

there are 2 points I'm trying to make in pointing this out, I guess:

1) the documentation is confusing, especially since courier-mta
appears to differ from qmail in it's default behavior

2) I would welcome suggestions on how to temporarily defer mail
delivery for one particular user, for both local and remote mail
deliveries.

You could set DEFAULTDELIVERY to something like this:

DEFAULTDELIVERY='| test -k $HOME && echo "Unavailable" && exit 1; exit 0
./Maildir'

DEFAULTDELIVERY is the default contents of $HOME/.courier, and can contain  
multiline delivery instructions.

Watch out for variables in the courierd config file. It is sourced as a  
shell script, hence the apostrophes.

pgpsPRluxhRrl.pgp
Description: PGP signature
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Courier build 20160610

2016-06-11 Thread Sam Varshavchik


Download: http://www.courier-mta.org/download.html

Changes:

- courier: allow consecutive % and ! characters in return addresses. Still  
disallow consecutive periods, as that's still expressly prohibited in RFC  
2822.




pgpKSAlrMB3xB.pgp
Description: PGP signature
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Cron <root@szerver4> /usr/local/sbin/syslog-errors-infrequent.sh

2016-06-07 Thread Sam Varshavchik


SZÉPE Viktor writes:



Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>:

> Alexei Batyr' writes:
>
>> Sam Varshavchik writes:
>>
>>> SZÉPE Viktor writes:
>>>
>>>> Hello!
>>>>
>>>> Could you help me where is the syntax error in this address?
>>>>
>>>> Jun  6 21:39:09 szerver4 courieresmtpd:
>>>> error,relay=:::195.228.245.161,from=<optimail-%9566%-
>>>> %22342...@optimail.hu>: 517 Syntax
>>>> error.
>>>>
>>>> AFAIK this is a very high volume newsletter.
>>>
>>> Unfortunately, this "high volume newsletter" violates RFC 2822 with its
>>> email address.
>>>
>>>> From section 3.4.1 of RFC 2822:
>>>
>>> addr-spec   =   local-part "@" domain
>>>
>>> local-part  =   dot-atom / quoted-string / obs-local-part
>>>
>>> In this case, the "dot-atom" form of local-part applies.
>>>
>>> Section 3.2.4 spcifies dot-atom as follows:
>>>
>>> atext   =   ALPHA / DIGIT / ; Any character except controls,
>>>"!" / "#" / ;  SP, and specials.
>>>"$" / "%" / ;  Used for atoms
>>>"&" / "'" /
>>>"*" / "+" /
>>>"-" / "/" /
>>>"=" / "?" /
>>>"^" / "_" /
>>>"`" / "{" /
>>>"|" / "}" /
>>>"~"
>>>
>>> atom=   [CFWS] 1*atext [CFWS]
>>>
>>> dot-atom=   [CFWS] dot-atom-text [CFWS]
>>>
>>> dot-atom-text   =   1*atext *("." 1*atext)
>>>
>>> In other words, the "%" character is a prohibited character in email
>>> addresses.
>>>
>> Hmm, AFAICS "%" explicitly indicated in 3.2.4 as _allowed_ character. I
>> couldn't find in recent logs incoming mail with "%" in address, but this
>> log line proves that courier outgoing smtp module considers such address  
as

>> valid:
>> courieresmtp: id=1A5BA195.56F2911C.
>> 3204,from=<eve...@pcweek.ru>,addr=<r.voron...@gs1ru.org>: 250  
Requested

>> mail action okay, completed
>
> I read this, initially, as excluding the listed characters, focusing
> on the "except controls, SP, and specials" comment, interpreting
> "specials" as referencing the given list. But on another read, I
> must admit that those characters are allowed.
>
> The actual error here is that % appears next to @, tripping the
> check that special characters may not be consecutive. There are
> reasons for that; namely historic, legacy, address rewriting rules
> (the makepercenthack man page has the details). Don't see any reason
> not to get rid of them, but this won't be a quick fix.
>
> Generally, using special characters, like that, in email addresses
> is not a very good idea.

Thank you for caring about my percent signs.

Could you develop an option for Courier that enables "$" and "%" in
email addresses?
Of course default=disabled.

Thank you!


I am consider either removing all processing related to % characters, or  
removing the check for consecutive special characters, which is the issue  
here.


pgp7YpjiS8mFB.pgp
Description: PGP signature
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Cron <root@szerver4> /usr/local/sbin/syslog-errors-infrequent.sh

2016-06-07 Thread Sam Varshavchik


Alexei Batyr' writes:


Sam Varshavchik writes:

> SZÉPE Viktor writes:
>
>> Hello!
>>
>> Could you help me where is the syntax error in this address?
>>
>> Jun  6 21:39:09 szerver4 courieresmtpd:
>> error,relay=:::195.228.245.161,from=<optimail-%9566%-
>> %22342...@optimail.hu>: 517 Syntax
>> error.
>>
>> AFAIK this is a very high volume newsletter.
>
> Unfortunately, this "high volume newsletter" violates RFC 2822 with its
> email address.
>
>> From section 3.4.1 of RFC 2822:
>
> addr-spec   =   local-part "@" domain
>
> local-part  =   dot-atom / quoted-string / obs-local-part
>
> In this case, the "dot-atom" form of local-part applies.
>
> Section 3.2.4 spcifies dot-atom as follows:
>
> atext   =   ALPHA / DIGIT / ; Any character except controls,
>"!" / "#" / ;  SP, and specials.
>"$" / "%" / ;  Used for atoms
>"&" / "'" /
>"*" / "+" /
>"-" / "/" /
>"=" / "?" /
>"^" / "_" /
>"`" / "{" /
>"|" / "}" /
>"~"
>
> atom=   [CFWS] 1*atext [CFWS]
>
> dot-atom=   [CFWS] dot-atom-text [CFWS]
>
> dot-atom-text   =   1*atext *("." 1*atext)
>
> In other words, the "%" character is a prohibited character in email
> addresses.
>
Hmm, AFAICS "%" explicitly indicated in 3.2.4 as _allowed_ character. I
couldn't find in recent logs incoming mail with "%" in address, but this
log line proves that courier outgoing smtp module considers such address as
valid:
courieresmtp: id=1A5BA195.56F2911C.
3204,from=<eve...@pcweek.ru>,addr=<r.voron...@gs1ru.org>: 250 Requested
mail action okay, completed


I read this, initially, as excluding the listed characters, focusing on the  
"except controls, SP, and specials" comment, interpreting "specials" as  
referencing the given list. But on another read, I must admit that those  
characters are allowed.


The actual error here is that % appears next to @, tripping the check that  
special characters may not be consecutive. There are reasons for that;  
namely historic, legacy, address rewriting rules (the makepercenthack man  
page has the details). Don't see any reason not to get rid of them, but this  
won't be a quick fix.


Generally, using special characters, like that, in email addresses is not a  
very good idea.




pgp98QofXTl9X.pgp
Description: PGP signature
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Courier sourcing during test

2016-06-03 Thread Sam Varshavchik


do...@mail.com writes:


Nope. ENV and BASH_ENV are still set to /root/.profile.

Ok. Time for strace.
strace -o oud -ff /usr/lib64/courier/courier/courierd start &


http://www.courier-mta.org/install.html#checks says to execute "courier  
start" not "courierd start".


Use "courier start", not "courierd start".




pgpRtTJIIxqvZ.pgp
Description: PGP signature
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Courier is malware

2016-06-02 Thread Sam Varshavchik


Zenon Panoussis writes:



Apocalypse has happened: the sun rose from the west and Sam
is now peddling malware. Proof:

http://qdh.nl/tmp/courier-is-malware.png .)

Sam, will you have a word with them?


I saw that about an hour ago with courier-imap-4.71.1. Verified the pgp sig,  
so Sourceforge has not been compromised, so that's good. Just to be sure, I  
uploaded courier-imap-4.71.1 to virustotal.com, and it didn't find anything.  
After that, I opened a support ticket with Sourceforge.


Now, given that Sourceforge is apparently doing this with other files too  
(and I won't waste my time uploading another file to virustotal), I did some  
digging around their help center (Sourceforge will probably not get around  
to reading my ticket until tomorrow), and found this page:


https://sourceforge.net/projects/courier/malware

which appears to be only visible to me, so here's the dump:

http://www.courier-mta.org/sourceforge-malware.pdf

From that, it's obvious to me that Sourceforge's malware scanner is on the  
fritz; and they rigged their system with a failsafe that if their virus  
scanner blows up, it defaults to malware being detected. Which is not really  
such a bad idea.


But one thing's bugging me, according to that, Sourceforge's malware scanner  
has been tossing its cookies for well over a month now, and this is the  
first time someone noticed it.


That could mean only one of two things. 1) Courier project isn't really  
getting much traffic for anyone to notice, and that's entirely plausible;  
and/or 2) Even the dates on that page are bogus.


Anyway, I'll give Sourceforge until tomorrow to figure out what's going on.  
My links from the download page are Sourceforge's default download links,  
that put up an interstitial with Sourceforge's banner ads, before starting  
the download. I am fine with Sourceforge trying to make a few pennies, here  
or there; but it looks like that it's possible to link directly to the  
downloads, bypassing Sourceforge's interstitial page with the bogus warnings.


If Sourceforge doesn't resolve it tomorrow, or I get an unhelpful response,  
they won't follow-up until Monday; and I'll just replace all the links with  
the direct download links, bypassing Sourceforge's banner ads, for now.




pgpoEFE6GIKVM.pgp
Description: PGP signature
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] courier-analog 0.17 released

2016-06-02 Thread Sam Varshavchik


Zenon Panoussis writes:



> • Added BuildRequires: perl-generators to the Fedora rpm spec file.

It breaks RHEL7 and its clones. There's no perl-generators there,
and if you grab it from Fedora and compile it, when you try to
install it you run into


[ … ]

Yeah. Feel free to ditch that BuildRequires: line. At some point,  
eventually, down the road, a future version of RHEL will, of course,  
incorporate the current RPM configuration. But that's some ways from now.  
For now, I need to figure out the best way to support both the current  
Fedora build requirements, and the legacy config.


However, since /usr/lib/rpm/perl.req appears to already exist, in some form,  
on RHEL, perhaps a BuildRequires: /usr/lib/rpm/perl.req will work, instead.  
Will do some testing.




pgpDlN1PTfMMm.pgp
Description: PGP signature
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] courier-analog 0.17 released

2016-06-02 Thread Sam Varshavchik


Download: http://www.courier-mta.org/download.php#analog

Changes:

• Added BuildRequires: perl-generators to the Fedora rpm spec file.

• Fixes inadvertent creation of empty directories in the root directory if  
courier-analog is executed without the --html option.




pgp7QZ6QSuAqc.pgp
Description: PGP signature
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Disable SSL for esmtpd on port 25

2016-05-28 Thread Sam Varshavchik

Mark Constable writes:

On 27/05/16 02:20, Matus UHLAR - fantomas wrote:
>> Some lame govt mailservers are still using SSL23...
>> "SSL23_GET_SERVER_HELLO:tlsv1 alert decode error"
>> and rather than whitelist them I'm sure I used to just disable SSL
>> via /etc/courier/esmtpd altogether (currently using v0.68.2)...
>
> why not whitelisting? Why to avoid security just because some can't
> cope with it?

We only use authenticated relaying via 465/SSL and 587/TLS so none
of our clients use port 25 for auth/relay. The problem is our client
recipient has to contact our support which then asks them for a copy
of the error, then I get it, then I have to squirrel around in the
mail logs to determine IP/hosts and hope a dig mx finds the right
mailserver etc then whitelists that server/mx and cross my fingers
I got all that right and our client can continue on their merry way.

Do you know for sure that the sender bounces the mail if it can't negotiate  
SSL; that the sender does not fallback to unencrypted?

pgpyNJOyiCXkz.pgp
Description: PGP signature
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Disable SSL for esmtpd on port 25

2016-05-26 Thread Sam Varshavchik


Mark Constable writes:


I just set up a new server and I can't for the life of me remember,
or find, how to disable SSL on port 25 for general incoming mail?

Some lame govt mailservers are still using SSL23...

SSL23_GET_SERVER_HELLO:tlsv1 alert decode error

and rather than whitelist them I'm sure I used to just disable SSL
via /etc/courier/esmtpd altogether (currently using v0.68.2)...

~ egrep -v "^(#|$)" /etc/courier/esmtpd
PATH=/usr/bin:/bin:/usr/bin:/usr/local/bin
SHELL=/bin/bash
ULIMIT=32768
BOFHCHECKDNS=1
BOFHNOEXPN=1
BOFHNOVRFY=1
TARPIT=1
NOADDMSGID=1
NOADDDATE=1
ESMTP_LOG_DIALOG=0
AUTH_REQUIRED=0
COURIERTLS=/usr/bin/couriertls


Remove the COURIERTLS setting.



pgpn_zexU_rgk.pgp
Description: PGP signature
--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Courier sourcing during test

2016-05-25 Thread Sam Varshavchik


David Niklas writes:


Hello,
I've successfully run the tests of courier 0.75.0 up to the part where
the msg writes info into the ID and ENV files.
Strangely, id output no info into the ID file though sh wrote
"/root/.profile" Permission denied. The env command output many variables
all from /etc/profile, thought the docs say that courier should have a
sanatized environment. All the files in /etc are default for courier with
the exception that I removed the database modules from courier's
authdaemond so that they would not load.
I imagine that courierd is sourcing /etc/profile as root and then trying
to read the user's (root's) .profile file.
The docs do not specify a method of solving this, what do I do?


The short, blunt answer is "figure it out". Something is definitely borked  
in your environment. You need to figure out why supposedly a new shell  
started under your userid wants to read /root/.profile. That's obviously  
wrong.


courierd does not source anything. It is a binary executable. "courier  
start" runs the courierctl.start script that reads the courierd  
configuration file with the -a flag, which imports its contents as  
environment variables, then starts courierd.


One of the sections in the courierd config file, named "SYSLOCALE" sources  
what the configure script detected as the system configuration file that  
sets the default system locale. It's a config file that's picked from a  
fixed list of known system config files. At this time, it's the first file  
from the following list which exists:


/etc/environment
/etc/default/locale
/etc/sysconfig/i18n  
/etc/sysconfig/language

/etc/locale.conf

If none of these are found, that section in the courierd file is blank. If  
found, the contents are read.


I think that courier is not getting started correctly, if you see stuff in  
your /etc/profile. That shouldn't happen. courierctl.start should be  
executing 'env -i', to wipe out all traces of your login shell's environment.





pgpZTserjDjn3.pgp
Description: PGP signature
--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] How to force quota recalculation ?

2016-05-24 Thread Sam Varshavchik


chaouche yacine writes:


Hello list,

maildirsize shows 200Mb+ of disk usage while du shows only 64Mb. How can I  
ask courier to recaclculate the quota and allow this poor user to receive  
mail again ?


Create and delete a folder using IMAP.




pgpVjHqDRVfRN.pgp
Description: PGP signature
--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] quarantine configuration - need advice

2016-05-21 Thread Sam Varshavchik


Bernd Plagge writes:


Hello,

I wanted to set up pythonfilter for quarantine notifications to users but  
I'm hitting some problems.

My courier version is 0.73 (Debian) and pythonfilter version is 1.10.

Pythonfilter README contains this information:
...
   After configuring the quaranting settings, you'll also need to create an
   alias which users can use to release messages.  The address given to
   users will use the system's hostname or Courier's "me" configuration
   file. See the man page for 'courier' for more information.  That
   hostname must appear in the "locals" configuration file.  The alias
   should be set up as a dot-courier file beginning with "quarantine",
   followed by a hyphen and then the siteid, ending with "-default".


hostname, courier 'me' file and courier 'locals' file look like this (real  
domain replaced)


/etc/hostname/   "serv99"
/etc/courier/me  "serv99.mydomain.com"
/etc/courier/locals  "mydomain.com"

When I set the quarantine system up with this data I did receive  
notification containing a link to "postmas...@serv99.mydomain.com".


This bounces because the address should be postmas...@mydomain.com.

>From the courier manual I concluded that the "me" file contains a *server  
name* but it is not required if the "locals" file contains the valid  
*domain*.

So, I removed the entry in the "me" file and ran "makealiases".

Quarantine notifications were created with the link:  
"postmas...@mydomain.com" and basically the release process worked  
(basically means that I received a message that the mail was not found in  
the DB but that is probably a unrelated problem).


However, now mails to other domains (in particular to gmail.com) didn't get  
delivered (message: server gmail not found). Therefore I had to revert the  
change.


Changes to locals/me should have no effect on outgoing mail (unless the  
destination email address matches the removed/added domain, of course).




pgpmsnZI42TsF.pgp
Description: PGP signature
--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Courier pop3 rereading maildir - urgent

2016-05-20 Thread Sam Varshavchik

mariobe...@bol.com.br writes:

Hi,

The reason for the rereading of email's is changing the type of filesystem,  
reiserfs to ext4?

That should make no difference.

Thanks.

--- 
[ www.viciotemcura.com ]---

 "A graça de nosso Senhor Jesus Cristo seja com todos vós."

_

De: mariobe...@bol.com.br
Enviada: Terça-feira, 17 de Maio de 2016 08:12
Para: courier-users@lists.sourceforge.net
Assunto: [courier-users] Courier pop3 rereading maildir - urgent

Hi,

1. File courierpop3dsizelist was copied in rsync;
2. rsync recursive from old maildir to new maildir;
old maildir --> /dev/md127 on /MailRoot type reiserfs (rw)
new maildir --> /dev/mapper/Grupo02-Volume_04 on /MailRoot type ext4  
(rw,relatime,stripe=512,data=ordered)

3. new maildir -> command rsync :
rsync -Crasvup  --delete --recursive courier@OLDSRVMAIL:/user folder/ /user  
folder/

The rsync command was used during the previous days, to reduce the transition  
time. /MailRoot has 1.4teras.

When the new server was restarted, gmail (pop3 import), outlook, thunderbird,  
reloaded all email's located on the user's maildir.

Apparently has no problems.

Thanks

--- 
[ www.viciotemcura.com ]---

 "A graça de nosso Senhor Jesus Cristo seja com todos vós."

_

De: mr...@courier-mta.com
Enviada: Segunda-feira, 16 de Maio de 2016 20:51
Para: courier-users@lists.sourceforge.net
Assunto: [courier-users] Courier pop3 rereading maildir - urgent

mariobe...@bol.com.br writes:

> « HTML content follows »
>
> Hi,
>  
> After moving the "maildir" to a new server. Messages are being loaded again
> (re-read) the email clients.
>
> How do I stop the reading? For it is doubling the "inbox" of users.

Either the courierpop3dsizelist file in each Maildir was not moved to the
new server, or the mail was moved via some other means, other than copying
the entire filesystem as is; such as, perhaps, copying mail via IMAP.

--

Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/ 
304595813;131938128;j___

courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

--

Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/ 
304595813;131938128;j___

courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

pgp6TkYIAU3FB.pgp
Description: PGP signature
--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Courier pop3 rereading maildir - urgent

2016-05-16 Thread Sam Varshavchik


mariobe...@bol.com.br writes:


« HTML content follows »

Hi,
 
After moving the "maildir" to a new server. Messages are being loaded again  
(re-read) the email clients.


How do I stop the reading? For it is doubling the "inbox" of users.


Either the courierpop3dsizelist file in each Maildir was not moved to the  
new server, or the mail was moved via some other means, other than copying  
the entire filesystem as is; such as, perhaps, copying mail via IMAP.


pgp9Mp9TyK7NF.pgp
Description: PGP signature
--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] DNS lookup problem

2016-05-12 Thread Sam Varshavchik

Bowie Bailey writes:

On 5/11/2016 7:45 PM, Sam Varshavchik wrote:
> Bowie Bailey writes:
>
>> $ testmxlookup westportyachtsales.com
>> Domain westportyachtsales.com:
>> Relay: mail.westportshipyard.com, Priority: 10, Address:
>> :::208.91.197.132
>
> There's something wrong with the westportshipyard.com domain.
...
> Looks to me like this domain's bill was due last month, and it was not
> paid, and the registrar took ownership of it.

Looks like you are right.  The westportshipyard.com website returns a
Network Solutions parking page.

However, that doesn't explain why testmxlookup and manual dns queries
return different results.  I ran a tcpdump on the mail server this
morning and found that testmxlookup is requesting an  record for
some reason.  When it doesn't get a result, it gives a soft error rather
than looking for the A record (which does exist).

[udp sum ok] 9540+ ? mail.westportshipyard.com. (43)
[udp sum ok] 9540 ServFail q: ? mail.westportshipyard.com. 0/0/0 (43)

Indeed. The parking NSes are broken, and throw up a SERVFAIL in response to  
a DNS query.

How do I prevent Courier from trying to use ipv6?

Only by recompiling Courier without any IPv6 support.

IPv6 has been here for a while. It's not a new kid on the block. If a DNS  
server barfs in response to an  query, it's the DNS server's problem.

pgps6WZ1SJTNj.pgp
Description: PGP signature
--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] DNS lookup problem

2016-05-11 Thread Sam Varshavchik


Bowie Bailey writes:


$ testmxlookup westportyachtsales.com
Domain westportyachtsales.com:
Relay: mail.westportshipyard.com, Priority: 10, Address:
:::208.91.197.132


There's something wrong with the westportshipyard.com domain.

Its registrar is network solutions.

$ whois westportshipyard.com.
[Querying whois.internic.net]
[Redirected to whois.networksolutions.com]
[Querying whois.networksolutions.com]
[whois.networksolutions.com]


No match for "WESTPORTSHIPYARD.COM.".

And poking whois.internic.net without redirection:

  Domain Name: WESTPORTSHIPYARD.COM
  Registrar: NETWORK SOLUTIONS, LLC.
  Sponsoring Registrar IANA ID: 2
  Whois Server: whois.networksolutions.com
  Referral URL: http://networksolutions.com
  Name Server: NS1.PENDINGRENEWALDELETION.COM
  Name Server: NS2.PENDINGRENEWALDELETION.COM
  Status: clientTransferProhibited  
https://icann.org/epp#clientTransferProhibited

  Updated Date: 24-apr-2016
  Creation Date: 21-apr-1996
  Expiration Date: 22-apr-2017

This domain's name servers look suspicious.

Looks to me like this domain's bill was due last month, and it was not paid,  
and the registrar took ownership of it.





pgpX2iAwVQ3fh.pgp
Description: PGP signature
--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Courier 0.76 on RHEL6

2016-05-09 Thread Sam Varshavchik


Gerhard Schneider writes:



Courier 0.76(.1) does not build on RHEL6 out of the box anymore.

Unresolved dependencies: procps-ng, perl-generators

Both are unavailable on RHEL/CentOS/Scientific Linux 6

Are they really needed or is there a workaround?


You should be able to simply remove these dependencies from the spec file.



pgpuIwgSMFbb8.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] courier 0.76.1, courier-imap 4.17.1 released

2016-05-08 Thread Sam Varshavchik


Download: http://www.courier-mta.org/download.php

Changes:

• Fixes TLS SNI support. Also settings in several SSL configuration files  
have been updated; obsolete settings have been removed.





pgp_ThIklPxCT.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] courier-mta.org website down?

2016-05-04 Thread Sam Varshavchik


Mark Constable writes:


On 05/04/16 14:18, Harry Duncan wrote:
> The usual site is missing and I get a cpanel message?

Yikes. I'm not even getting that. Whois and dig/ping work okay
but nothing on port 80 comes up for me.


Looks ok to me now. Looks like the web hosting company did some server  
maintenance.





pgpKRpBAxJQb1.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] accept local

2016-05-02 Thread Sam Varshavchik


Vytautas Kasparavičius writes:


Hi,
I have some accounts user1, user2, user3,... etc
I want to make user2 to accept mail only from local user user1 and user3
to accept only mail from local accounts. Is it possible?


It's possible if you write a custom courierfilter module. See the  
courierfilter man page for additional documentation.




pgptn5DEQ_XvW.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] courierd's pid file

2016-05-01 Thread Sam Varshavchik


SZÉPE Viktor writes:



Hello!

I am just experiencing with systemd.
I've noticed that courierd - the sending daemon - does not have a pid
file, that is why it cannot be monitored and restarted on failure.
(How is it possible to stop it at all? Through its FIFO?)


Yes, the FIFO is used to send commands to the running daemon, not just to  
stop it.


There's a popular meme that says that if a process stops abnormally, all you  
have to do is restart it, and this solves the problem.


Of course, that does nothing to solve the problem which caused the process  
to stop in the first place.


A much better approach is simply to make sure that the software is robust  
enough so that it doesn't stop running, for some reason, in the first place.  
In which case, it does not need any silly pid file, for some nebulous  
monitoring purpose.





pgpFwpzZVS9gr.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] I need working nginx configuration for webadmin

2016-04-30 Thread Sam Varshavchik


Rosario writes:


I can run courierwebadmin to see the front page, but not to see any
other like courierwebadmin/00something

I did search Google and my other CGI script works or multiple scripts
work, but they are different then webadmin script.


Did you try using the wrapper script from nginx.com, and the associated  
configuration settings?


Looked to me like it will work, but I don't use nginx. Other links that came  
up from a Google search also had a few other suggestions.




pgpf_flv8AxL7.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] I need working nginx configuration for webadmin

2016-04-30 Thread Sam Varshavchik


Rosario writes:


If anyone could point me to the working nginx configuration for courier
webadmin.

I have managed to run it over SSL connection, it complained that it is
not over SSL, due to Fast CGI in background, and I have solved that with
the file unsecure OK in ../webadmin/unsecureok

However, I get now only first page, if I click on any option I get
forbidden, it is probably due to nginx not being configured well.

If anyone has working nginx configuration for courier webadmin, let me
know.


You shouldn't need anything more than a working CGI setup.

The very first Google hit on "nginx cgi" is an nginx.com URL that comes  
complete with a wrapper script.




pgpNjt7yNuXVs.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] TLS SNI when Courier is built with OpenSSL

2016-04-29 Thread Sam Varshavchik


Mark Constable writes:


On 29/04/16 22:36, Sam Varshavchik wrote:
>>> I finally have a 0.76.0 ubuntu install to test and trying to get this to
>>> work...
>>>
>>> > - courier, courier-imap: add support for TLS SNI when Courier is built  
with OpenSSL.

>>>
>>> I've added this vhost settings but no sign the LetsEncrypt certificate is
>>> being delivered to Thunderbird.
>>>
>>> ~ ls -1 /etc/courier/*renta.net
>>> defaultdomain.ded1649.renta.net
>>> dsnfrom.ded1649.renta.net
>>> esmtpd.pem.ded1649.renta.net -> ../ssl/ded1649.renta.net/mailserver.pem
>>> imapd.pem.ded1649.renta.net -> ../ssl/ded1649.renta.net/mailserver.pem
>>> vhost.ded1649.renta.net
>
> Find the pid that's listening on localhost, then run strace on it. In my  
case it's pid 15018.

>
> # strace -s 256 -f -o z -p 15018
>
> Then, use couriertls like this:
>
> TLS_TRUSTCERTS=/etc/pki/tls/cert.pem TLS_VERIFYPEER=none couriertls \
> -host=localhost -port=143 -protocol=imap -verify=localhost
>
> Fedora installs all trusted certs in /etc/pki/tls/cert.pem; use the  
equivalent for Debian, Ubuntu, etc…

>
> The connection attempt will fail to verify the "localhost" certificate, of  
course. That's fine. Then:

>
> # grep imapd.pem z
> 2734  access("/usr/lib/courier-imap/share/imapd.pem.localhost", R_OK) = -1  
ENOENT (No such file or directory)

> 2734  access("/usr/lib/courier-imap/share/imapd.pem", R_OK) = 0
> 2734  open("/usr/lib/courier-imap/share/imapd.pem", O_RDONLY) = 10
>
> That shows that the server process tried to open imapd.pem.localhost,  
first.


Excellent, thank you Sam! Every variation I tried results in...

21989 access("/etc/courier/imapd.pem.xxx.xxx.104.254", R_OK) = -1 ENOENT (No  
such file or directory)

21989 open("/etc/courier/imapd.pem", O_RDONLY) = 5
21989 open("/etc/courier/imapd.pem", O_RDONLY) = 5

I don't seem to be able to use the -host=localhost parameter to couriertls.

My "netstat -tanup" gives me...

tcp6   0  0 :::465  :::* 
LISTEN  21926/couriertcpd
tcp6   0  0 :::25   :::* 
LISTEN  21895/couriertcpd
tcp6   0  0 :::993  :::* 
LISTEN  21947/couriertcpd
tcp6   0  1 xxx.xxx.104.254:993 xxx.xxx.99.177:54272 
FIN_WAIT1   -


Which is odd but the last field does indeed show an ip4 connection.

I used the below as I don't enable STARTTLS on 143 and -host=localhost
results in an almost empty strace dump file (like it's not even hitting
localhost at all)...

~ strace -s 256 -f -o z -p 21947
~ TLS_TRUSTCERTS=/etc/ssl/certs TLS_VERIFYPEER=none couriertls -host=xxx.xxx. 
104.254 -port=993 -protocol=imap -verify=localhost


993 is encrypted SSL, drop the -protocol option. -protocol negotiates  
STARTTLS. Using port 993:


$ TLS_TRUSTCERTS=/etc/pki/tls/cert.pem TLS_VERIFYPEER=none couriertls - 
host=localhost -port=993 -verify=example.com


This, for me, results in:

# grep imapd.pem z
30706 access("/usr/lib/courier-imap/share/imapd.pem.127.0.0.1", R_OK) = -1  
ENOENT (No such file or directory)

30706 open("/usr/lib/courier-imap/share/imapd.pem", O_RDONLY) = 5
30706 open("/usr/lib/courier-imap/share/imapd.pem", O_RDONLY) = 5
30706 access("/usr/lib/courier-imap/share/imapd.pem.example.com", R_OK) = -1  
ENOENT (No such file or directory)


If I symlink it:

# ln -s imapd.pem /usr/lib/courier-imap/share/imapd.pem.example.com

Then:

# grep imapd.pem z
30727 access("/usr/lib/courier-imap/share/imapd.pem.127.0.0.1", R_OK) = -1  
ENOENT (No such file or directory)

30727 open("/usr/lib/courier-imap/share/imapd.pem", O_RDONLY) = 5
30727 open("/usr/lib/courier-imap/share/imapd.pem", O_RDONLY) = 5
30727 access("/usr/lib/courier-imap/share/imapd.pem.example.com", R_OK) = 0
30727 open("/usr/lib/courier-imap/share/imapd.pem.example.com", O_RDONLY) = 5
30727 open("/usr/lib/courier-imap/share/imapd.pem.example.com", O_RDONLY) = 5
30727 open("/usr/lib/courier-imap/share/imapd.pem.example.com", O_RDONLY) = 5

That's the server finding it, and reading it.


- is a PTR record required for ded1649.renta.net?


Whether or not it's required, that's a DNS issue. It won't have any effect  
on SSL.




- is it possible the 0.76.0 package I am using is missing a build flag?


No, there are no explicit build flags.

- anything other than vhost.ded1649.renta.net and  
imapd.pem.ded1649.renta.net needed?


imapd.pem is always needed. That loads the default certificate. Then,  
imapd.pem. is needed, with  matching the -verify  
parameter (with the -host parameter used only to specify the hostname or the

Re: [courier-users] New courier and courier-imap release

2016-04-29 Thread Sam Varshavchik


Sam Varshavchik writes:


Mark Constable writes:


I finally have a 0.76.0 ubuntu install to test and trying to get this to
work...

> - courier, courier-imap: add support for TLS SNI when Courier is built  
with OpenSSL.


I've added this vhost settings but no sign the LetsEncrypt certificate is
being delivered to Thunderbird.

~ ls -1 /etc/courier/*renta.net
defaultdomain.ded1649.renta.net
dsnfrom.ded1649.renta.net
esmtpd.pem.ded1649.renta.net -> ../ssl/ded1649.renta.net/mailserver.pem
imapd.pem.ded1649.renta.net -> ../ssl/ded1649.renta.net/mailserver.pem
vhost.ded1649.renta.net

../ssl/ded1649.renta.net/mailserver.pem does exist and the default one
for the canonical host does work okay.

Is there some other settings I am missing?


No, there are no other settings, presuming TLS_CERTFILE in imapd-ssl points  
to imapd.pem, and Thunderbird is configured with the given hostname.


A debugging tip.

Find the pid that's listening on localhost, then run strace on it. In my  
case it's pid 15018.


# strace -s 256 -f -o z -p 15018

Then, use couriertls like this:

TLS_TRUSTCERTS=/etc/pki/tls/cert.pem TLS_VERIFYPEER=none couriertls \
   -host=localhost -port=143 -protocol=imap -verify=localhost

Fedora installs all trusted certs in /etc/pki/tls/cert.pem; use the  
equivalent for Debian, Ubuntu, etc…


The connection attempt will fail to verify the "localhost" certificate, of  
course. That's fine. Then:


# grep imapd.pem z
2734  access("/usr/lib/courier-imap/share/imapd.pem.localhost", R_OK) = -1  
ENOENT (No such file or directory)

2734  access("/usr/lib/courier-imap/share/imapd.pem", R_OK) = 0
2734  open("/usr/lib/courier-imap/share/imapd.pem", O_RDONLY) = 10


That shows that the server process tried to open imapd.pem.localhost, first.

There's a harmless debugging message there, that slipped by me, that I'll  
need to remove.




pgpOOnMtjbxaB.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] New courier and courier-imap release

2016-04-29 Thread Sam Varshavchik


Mark Constable writes:


I finally have a 0.76.0 ubuntu install to test and trying to get this to
work...

> - courier, courier-imap: add support for TLS SNI when Courier is built  
with OpenSSL.


I've added this vhost settings but no sign the LetsEncrypt certificate is
being delivered to Thunderbird.

~ ls -1 /etc/courier/*renta.net
defaultdomain.ded1649.renta.net
dsnfrom.ded1649.renta.net
esmtpd.pem.ded1649.renta.net -> ../ssl/ded1649.renta.net/mailserver.pem
imapd.pem.ded1649.renta.net -> ../ssl/ded1649.renta.net/mailserver.pem
vhost.ded1649.renta.net

../ssl/ded1649.renta.net/mailserver.pem does exist and the default one
for the canonical host does work okay.

Is there some other settings I am missing?


No, there are no other settings, presuming TLS_CERTFILE in imapd-ssl points  
to imapd.pem, and Thunderbird is configured with the given hostname.




pgpyAzWhM2Uj1.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] cone does not compile with libressl

2016-04-28 Thread Sam Varshavchik


Rosario writes:


Hello,

On Wed, Apr 27, 2016 at 06:15:13PM -0400, Sam Varshavchik wrote:
> Rosario writes:
>
> > Hello,
> >
> > LibreSSL www.libressl.org is more secure version of the OpenSSL. And
> > today I have tried to compile Cone, and it fails.
> >
> > I am just guessing it is maybe because I don't use OpenSSL version. It
> > would be nice to see that it does compile with the LibreSSL.
> >
> > But maybe I am wrong. Maybe it is something else.
> >
> > Rosario
>
> That compilation error should already be fixed, just need to create a new
> cone build.

I was thinking you refer to new version of cone, and I downloaded it,
and I get the error again.


No, not the current version, but a new version has to be built.



pgpvxTlcWYEpk.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] cone does not compile with libressl

2016-04-27 Thread Sam Varshavchik


Rosario writes:


Hello,

LibreSSL www.libressl.org is more secure version of the OpenSSL. And
today I have tried to compile Cone, and it fails.

I am just guessing it is maybe because I don't use OpenSSL version. It
would be nice to see that it does compile with the LibreSSL.

But maybe I am wrong. Maybe it is something else.

Rosario


That compilation error should already be fixed, just need to create a new  
cone build.




pgpRs_qQmF4U_.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] [courier-announce] New courier and courier-imap release

2016-04-26 Thread Sam Varshavchik

One additional change to note: the options to select SSL3 ciphers were  
removed from the TLS_PROTOCOL setting.


Sam Varshavchik writes:


Download: http://www.courier-mta.org/download.html

Changes:

- courier, courier-imap: add support for TLS SNI when Courier is built with  
OpenSSL.


- courier: "mx" SPF keyword ignores hosts without an MX, instead of  
returning an error.


- maildrop: fix parsing a message without a body, and without a blank line  
that separates the message's headers from its body.


This did not affect Courier which always inserts a blank line after headers,
even if a received message didn't have one.

- maildrop: fix maildrop not searching the last line of a text message.

- maildrop: FLAGS variable sets message flags when delivering a message to a  
maildir.


- Add Received-SPF: headers for the message envelope sender before the first  
Received: header. The Received-SPF: header for the HELO domain, if enabled,  
wasn't being added to the message due to a bug.


- courier-imap: explicitly flush unread input when executing STARTTLS.

- all: Added BuildRequires: perl-generators to the Fedora rpm spec file.

- courier, courier-imap: fix compilation warnings.



pgp2kRW_BbVrg.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] New courier and courier-imap release

2016-04-26 Thread Sam Varshavchik


Download: http://www.courier-mta.org/download.html

Changes:

- courier, courier-imap: add support for TLS SNI when Courier is built with  
OpenSSL.


- courier: "mx" SPF keyword ignores hosts without an MX, instead of  
returning an error.


- maildrop: fix parsing a message without a body, and without a blank line  
that separates the message's headers from its body.


This did not affect Courier which always inserts a blank line after headers,
even if a received message didn't have one.

- maildrop: fix maildrop not searching the last line of a text message.

- maildrop: FLAGS variable sets message flags when delivering a message to a  
maildir.


- Add Received-SPF: headers for the message envelope sender before the first  
Received: header. The Received-SPF: header for the HELO domain, if enabled,  
wasn't being added to the message due to a bug.


- courier-imap: explicitly flush unread input when executing STARTTLS.

- all: Added BuildRequires: perl-generators to the Fedora rpm spec file.

- courier, courier-imap: fix compilation warnings.



pgpKCeNorMqCp.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] allow syntax error

2016-04-24 Thread Sam Varshavchik


SZÉPE Viktor writes:


Hello!

First my server is blacklisted, and Courier bounced back to the sender,
as the sender is an alias to the same address as the original
recipient it was blacklisted and bounced again.
Then courier sent an email to the postmaster (and as it is smarthost
it has no local accounts), that message was forwarded to another
Courier installation (old 0.65).

From: was #@[] and I've got "517 Syntax error."
Is there a way the allow reception from #@[] ?


No. This is intentional, to keep your servers from mailbombing themselves.



pgp37SBoMPn_x.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] 456 Address temporarily unavailable and aliases

2016-04-14 Thread Sam Varshavchik


Jeff Potter writes:


Hi List,


What is the expected behavior for incoming email, when:
1) The address is an alias, say, f...@domain.com,  
that expands to two local users, user- 
a...@domain.com and use...@domain.com

2) use...@domain.com’s account is over-quota


What we’re seeing is a "456 Address temporarily unavailable” message to mail  
coming into the alias, meaning user-b doesn’t get the email, even though  
there account isn’t over quota.


The whole point of backscatter suppression is to prevent the mail queue from  
getting clogged up with mail to a nondeliverable recipient.


There's only one recipient address here, the alias address, and that's the  
only address that can be suppressed.


Extrapolate this to the condition where  
“f...@domain.com” is actually an alias for a few  
dozen people, and where on any given day one of them happens to be over- 
quota: it causes the entire alias to essentially constantly fail for  
everyone.


This means that aliases should either not include unreliable mail  
recipients, or backscatter suppression should be turned off (with all the  
repercussions that brings) in the bofh file:


opt BOFHSUPPRESSBACKSCATTER=none





pgpLR0WQahIVp.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Soft quotas for Maildir++?

2016-04-14 Thread Sam Varshavchik


Jeff Potter writes:



Is there a way to create soft quotas with a grace period for quota limits on  
a maildir?


We’re seeing too many cases of users coming up against their quotas where  
we’d like them to be able to go over for some period of time, before  
enforcing. As for “why not just set the quota larger?”, we want the quota  
warnings and email clients that display quota status to show the expected  
usage to based on the true hard quota.


The only available option is to deliver a warning message, when the mailbox  
reaches a certain percentage of the quota; the -w parameter to deliverquota,  
the -q parameter to maildirmake.





pgpOrwlMXcjKx.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] ./configure option to install sendmail in /usr/sbin

2016-04-14 Thread Sam Varshavchik


cour...@rcdrun.com writes:


I am unpacking courier from the sources and use this command line:

  $ ./configure --prefix=/usr --exec-prefix=/usr --sysconfdir=/etc/courier

only that does not install sendmail in /usr/sbin where most other
software expects it to be.

What to do to get sendmail in /usr/sbin?


You can use --exec-prefix=/usr/sbin to put all the binaries there.

But I don't know what "most other software" that is. sendmail is not a root- 
only executable. It can be executed by non-root userids just fine.




pgpfZepuzX2PJ.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] to much error DNS lookup failed, but testsmxloookup show good

2016-04-13 Thread Sam Varshavchik


PICCORO McKAY Lenz writes:


« HTML content follows »

2016-04-13 20:48 GMT-04:30 Sam Varshavchik <<URL:mailto:mrsam@courier- 
mta.com>mr...@courier-mta.com>:




 vnxpos00:/home/lavka# testmxlookup
 <URL:<URL:http://gmail.com>http://gmail.com><URL:http://gmail.com>gmail.
 com
 Soft error.
 vnxpos00:/home/lavka# 


Please fix your mail client and turn off HTML email. It looks terrible on  
non-HTML mail readers. You obviously didn't type "<URL:http://gmail.com>",  
but your email client turns plain text into links, and that's how they show  
up in non-HTML email clients, making your email hard to read.



   Fix your /etc/resolv.conf



etc resolv.conf are automatically set by network-manager and have valid  
entries



host <URL:http://gmail.com>gmail.com reports no error


I'm sure you didn't type "", but your HTML email client  
replaces your typed text with links, which makes it quite unreadable on non- 
HTML email clients.


Now I don't know what you meant by "valid entries", or how you reached that  
conclusion. You need to verify every name server that's listed in there. If  
some of them are down, or non-functioning, some of your DNS queries will  
work, others won't, randomly. Just because one or two DNS resolutions work  
does not prove that the nameserver configuration in /etc/resolv.conf is  
correct.




pgpUf1t7jJPaa.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] to much error DNS lookup failed, but testsmxloookup show good

2016-04-13 Thread Sam Varshavchik


PICCORO McKAY Lenz writes:


« HTML content follows »

now i have this error:

vnxpos00:/home/lavka# testmxlookup gmail.com
Soft error.
vnxpos00:/home/lavka# 

first time i got that string as error!!!

any suggestion?


Fix your /etc/resolv.conf




pgpCpAofx4S76.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Best practice for SMTP level spam filter

2016-04-12 Thread Sam Varshavchik

Gordon Messmer writes:

On 04/11/2016 03:56 PM, Sam Varshavchik wrote:
> maildrop's embedded mode runs for RCPT TO, and DATA commands.
> Additionally, when using the embedded in the default configuration,
> Courier will defer, using 4xx, recipients that do not have the
> embedded mode filter activated.

Thanks for clarification.  Obviously, I don't work with the
localmailfilter much.

So, Courier runs the localmailfilter API for users who have it enabled,
and defers the rest, so there are two deliveries expected, right?  How
does it handle the return code for the content filter if only one of a
set of recipients rejects the content?

I identified this gap in SMTP, maybe about ten years ago when I wrote this.  
At that time, I decided to generate an SMTP 5xx rejection, that's compatible  
with all SMTP servers, but is structured in a manner that permits a mail  
server to discern which individual recipients were undeliverable.

So, by default, the sender will think that all recipients were  
undeliverable, and the documentation specifies that this is the price you  
pay for enabling this. Translation: do not use this with email addresses you  
use to subscribe to mailing lists.

Earlier this year, I got an email about someone on IETF waking up and  
realizing this gap. They were working on something or other that tries to  
achieve the same goals, and didn't know that I did this a long time ago.  
Haven't heard anything else since.

pgpMX3P41SI3x.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Best practice for SMTP level spam filter

2016-04-12 Thread Sam Varshavchik


Gordon Messmer writes:


On 04/09/2016 09:19 PM, Bernd Wurst wrote:
> We use delivery by .courier files for both, local user accounts /
> aliases and virtualdomains. Spam filtering happens with some custom
> scripts inside the .courier files and therefore only deletion, sorting
> or bouncing is available.

Bouncing mail, especially spam, after it's accepted is a terrible idea.
In .courier and .mailfilter, you should only deliver or drop mail.


Specifically: if you bounce a message, Courier will stop accepting any more  
mail to this mailbox, for a short period of time.





pgpegrhMRMTKT.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Best practice for SMTP level spam filter

2016-04-11 Thread Sam Varshavchik


Gordon Messmer writes:


On 04/11/2016 12:22 PM, Jeff Potter wrote:
> Gordon, could one potentially change the replies after the first RCPT TO  
to 4xx responses, to ensure the incoming message is being delivered to  
exactly one user?


Not exactly.  Courier's mail filtering API only issues one call, after
the body is available.  There's a separate API to run users' mail
filters with maildrop's embedded mode, but unlike Sendmail's milter API,
Courier's API isn't available at every stage of the SMTP conversation.


maildrop's embedded mode runs for RCPT TO, and DATA commands. Additionally,  
when using the embedded in the default configuration, Courier will defer,  
using 4xx, recipients that do not have the embedded mode filter activated.





pgpNA4oCdxHDY.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] excellent SSL results

2016-04-10 Thread Sam Varshavchik


SZÉPE Viktor writes:


Q1
"Cipher Suites (sorted by strength as the server has no preference;"

Could you please help achieve server order as in Apache SSLHonorCipherOrder?


I cannot locate a similar option in GnuTLS's API. OpenSSL's documentation  
has a reputation for being rather scant, terse, and somewhat difficult to  
work with.


Perhaps one way would be to grab Apache's source, and see what this option  
does. I don't have the time to do this at this time. I'm open to accept  
patches to implement this kind of a configuration setting, for either the  
OpenSSL or the GnuTLS flavor.



Q2
I've set
TLS_CACHEFILE=/var/lib/courier/ssl_cache
TLS_CACHESIZE=524288
but still "Session resumption (caching) ->	No (IDs assigned but not  
accepted)"


These options do exist in the imapd-ssl and pop3d-ssl configuration file.  
They're missing in esmtpd-ssl, and I'll add them. Besides the existing  
documentation in imapd-ssl and pop3d-ssl, there's nothing else to document.




Could you help?
Please document TLS_CACHEFILE and TLS_CACHESIZE as they are necessary
to reach Qualys A+

Q3
"OCSP stapling -> No"
Would it be possible to enable it?


Again, this all depends on the availability of the API documentation in the  
underlying OpenSSL and GnuTLS libraries; and available time. Patches welcome.





pgpIIVrg5vIIp.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/
gampad/clk?id=1444514301=/ca-pub-7940484522588532___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] handle spam

2016-04-09 Thread Sam Varshavchik


SZÉPE Viktor writes:


Thank you!

> Defer the message for later.

Could it be that BLACKLISTS defers all messages at all times?


Correct.


He meant to defer a message on 127.0.0.2 reply *once* then accept it.

I think your suggestion will be: "That is possible by developing a
courier filter" because courier has to remember that one defer answer
and accept the message the second time.


Right.



pgpSLWwufRA7k.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/
gampad/clk?id=1444514301=/ca-pub-7940484522588532___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] handle spam

2016-04-09 Thread Sam Varshavchik


SZÉPE Viktor writes:



Good afternoon!

I've just read on http://psky.me/

ResponseMeaning / Recommended Action
--
NOERROR The IP address is question is fine for sending mail.Accept
the message

127.0.0.2   The IP address in question has been seen with a high rate of
spam.   Defer the message for later.

127.0.0.3   The IP address in question has been seen to have a very high
rate of spam.   Reject the message at SMTP submission.


How is it possible to implement deferring with Courier MTA?


This should be possible by using the settings that are documented in the  
couriertcpd manual page in the BLACKLISTS settings. Something like:


BLACKLISTS="'-block=dnsbl.example.com,BLOCK/127.0.0.2,450 Go away' 
'-block=dnsbl.example.com,BLOCK/127.0.0.3,550 Go away'"

Keep in mind that these are shell script fragments, so mind the quoting.



pgpKCJxU_tG93.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/
gampad/clk?id=1444514301=/ca-pub-7940484522588532___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] perftest1 need help

2016-04-03 Thread Sam Varshavchik

David Niklas writes:

On: 03/03/16(Thu) 22:17 Sam Varshavchik wrote:
>
> You need to start courier-authlib, before running this test.
>

Now I'm getting:
450 Service temporarily unavailable
test-test-X: Invalid address

The numbers are from 1 to 5. authdaemon says that it can't connect to
mysql (on stderr).

There you go. The connection to your mysql server has failed.

BTW:
This is the third time I've needed to write the list, could the
instructions for testing courier be clarified?

Unfortunately, the list of all possible things that can go wrong, when  
installing a relatively complicated piece of software, is unlimited. It is  
practically impossible to come up with a paint-by-numbers recipe that will  
handle all eventualities.

pgpp46HAa3E48.pgp
Description: PGP signature
--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471=/4140___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] How to disable ipv6

2016-03-30 Thread Sam Varshavchik

Ángel González writes:

Sam Varshavchik wrote:
> But this is treating the symptom, rather than the ailment. I think if
> you set up an SPF record, Google will be more receptive to your mail.
>  
> Additionally, what Google does or does not do has no bearing on
> sending mail to anyone else, so if you're having problems with other
> mail destinations, you need to take a closer look at your networking.

Rather than the spf (which is a record to tweak when enabling ipv6), I
suspect Mark's ipv6 address might not have a rdns to his own domain,
and the domain a  to the one.

As I understand it, IPv6 addresses are assigned in /64s to endpoints. Your  
hosts' MAC addresses form the second half of the IPv6 address, by default.

As such, in order for IPv6 reverse DNS to work, your internet provider has  
to delegate reverse DNS to you. I'm skeptical that most ISPs will have  
established processes for doing that, so reverse DNS for IPv6 addresses  
seems to be a problematic proposition, and Google insisting on reverse DNS  
for connecting IPv6 addresses appears to be intended to stymie everyone but  
large ISPs from sending mail to Google.

pgpi4sFbRKvcK.pgp
Description: PGP signature
--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471=/4140___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] esmtproutes (was How to disable ipv6)

2016-03-29 Thread Sam Varshavchik


Mark Constable writes:


In looking at esmtproutes I can't see how I can authenticate to port 587/TLS
or 465/SSL on the other end so how do I use esmtproutes...

domain:relay[,port][/SECURITY=STARTTLS][/SECURITY=REQUIRED][/SECURITY=SMTPS]

to emulate something like this setting for ssmtp?

mailhub=smtp.sendgrid.net:587
AuthUser=sendgridusername
AuthPass=sendgridpassword
UseSTARTTLS=YES


esmtproutes:

:smtp.sendgrid.net,587

esmtpauthclient:

smtp.sendgrid.net,587 login password




pgpsDJyrSufkI.pgp
Description: PGP signature
--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471=/4140___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] How to disable ipv6

2016-03-29 Thread Sam Varshavchik


Mark Constable writes:


I have a weird new install where mail comes in okay but trying to send out
just hangs with no real feedback as to why but just now an attempt to send
to Gmail gave me a hint...

"Our system has detected that this message does not meet IPv6 sending
guidelines regarding PTR records and authentication. Please review
https://support.google.com/mail/?p=ipv6_authentication_error for more
information."

So it seems that maybe courier-mta is trying to use ipv6 and seeing that
I'm not sure how to deal set up ipv6 I would like to completely disable
courier-mta (and imap for that matter) using ipv6 and default to ipv4.

I've set courierd:ESMTP_PREFER_IPV6_MX=0 but what other settings might
influence using ipv6 over ipv4?


The only way to turn off IPV6 completely is to compile from source --without- 
ipv6.


But this is treating the symptom, rather than the ailment. I think if you  
set up an SPF record, Google will be more receptive to your mail.  
Additionally, what Google does or does not do has no bearing on sending mail  
to anyone else, so if you're having problems with other mail destinations,  
you need to take a closer look at your networking.




pgpLK9sGpqZXg.pgp
Description: PGP signature
--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471=/4140___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] What are recommended SPF options

2016-03-23 Thread Sam Varshavchik


cour...@rcdrun.com writes:


Hello,

I would like to know what are recommended SPF options.


The "Sender Policy Framework Keywords" section in the courier(8) man page  
has a brief discussion about the suggested options.




pgpPjBdSf7uw3.pgp
Description: PGP signature
--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785351=/4140___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] How do users get a strudel (@) in their name?

2016-03-19 Thread Sam Varshavchik

Alessandro Vesely writes:

> It should be possible. The DEFDOMAIN setting in the imapd and pop3d
> configuration file specifies the default domain used.

I guess a domain is already in place by the time $SENDMAIL is called by  
imapd's

OUTBOX handler.

Correct.

> sqwebmail reads Courier's "defaultdomain" file. The standalone version of
> sqwebmail reads the "hostname" file, in its configuration directory.

I patch sendit.sh, and sign according to its $1 parameter.  I reread our
messages about patch of 2006-11-12, and still find it hard to get it  
straight...

Zdkimfilter looks at the 'i' authname in ctlfile.  At mines it always has a

What goes into mail is independent of what gets authenticated. Also,  
sqwebmail can be configured to allow for an editable From header, too.

pgp2GGz5GIORs.pgp
Description: PGP signature
--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231=/4140___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] maildrop vs courier-maildrop deb packages

2016-03-19 Thread Sam Varshavchik


Mark Constable writes:


On 17/03/16 21:00, Sam Varshavchik wrote:
>> How can I get back the previous maildrop behaviour where it treats
>> HOME as from the virtual homedir field rather than the home field
>> in /etc/passwd?
>
> Most likely by explicitly invoking maildrop with the -d option.

I've read through most of this twice today...

http://www.courier-mta.org/maildrop/maildropfilter.html

but I can't seem to translate that info into how to "explicitly invoke"
the -d option in this particular use case...

./courierd:DEFAULTDELIVERY="|/usr/bin/maildrop -w 90"

Is something like this possible?

DEFAULTDELIVERY="|/usr/bin/maildrop -w 90 -d ${RECIPIENT}"


Make them apostrophes. You don't want variable expansion at the time this  
setting is read, but rather when this is executed at delivery time.





pgp7hFt3Itoht.pgp
Description: PGP signature
--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231=/4140___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] maildrop vs courier-maildrop deb packages

2016-03-19 Thread Sam Varshavchik


Mark Constable writes:


I know this is about deb packaging details but someone here might know
the answer to this question. The very latest ubuntu devel packages are
dropping courier-maildrop in favour of just using the maildrop package
and aside from the default /etc/courier/maildroprc moving to
/etc/maildroprc I've noticed another slight difference...

courier-maildrop package, where HOME is from the mysql homedir field...

Mar 17 05:12:19 gc3 authdaemond[7616]:
Authenticated: sysusername=, sysuserid=1001, sysgroupid=1001,
homedir=/home/u/goldcoast.org/home/admin,
address=ad...@goldcoast.org, fullname=, maildir=,
quota=524288000S, options=

Mar 17 05:12:19 gc3 courierlocal[7751]:id=blah,
from=,addr=:
maildrop: Changing to /home/u/goldcoast.org/home/admin

maildrop package, where HOME now seems to be from getent passwd...

Mar 17 06:11:29 gc3 courierlocal[7751]:id=blah,
from=,addr=:
maildrop: Changing to /home/u/goldcoast.org

I have uncommented this in /etc/maildroprc but the above getent HOME
field remains the same...

DEFAULT="$HOME/Maildir"

How can I get back the previous maildrop behaviour where it treats HOME
as from the virtual homedir field rather than the home field in /etc/passwd?


Most likely by explicitly invoking maildrop with the -d option.



pgpOYehqQAm7w.pgp
Description: PGP signature
--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231=/4140___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

< 1 2 3 4 5 6 7 8 9 10 >

101 - 200 of 6657 matches

Mail list logo