On 2017-05-18 at 19:03 +0200, Alessandro Vesely wrote:
> Although the real issue is maildrop, let me note the following about
> courier-base:
>
> * couriertcpd could be just suggested or recommended, not required,
>
> * testmxlookup could be moved to courier-mta,
>
> * I don't see how maildir
On 2017-05-02 at 09:12 +0200, Michelle Konzack wrote:
> I have just discovered, that if user "www-data" touch the file
> "~/.courier-foo" courier accept it and does not complain about a from
> file owner!
>
> I allowed my PHP scripts to create/modify/delete files in the user homes
>
On 2017-05-01 at 13:43 +0200, Michelle Konzack wrote:
> Hello,
>
> what is the easiest way to allow users to creat throw-away emails?
>
> I do this somehow over aliases, but when I change/delete one, I have
> always to run makealiases. I do not really like the idea, to run a
>
As someone interested in keeping courier in Debian, I had been
interested in looking at Ondřej changes (and its consequences) since I
first saw this thread.
I have now compiled the new packages and performed a (really basic)
local install.
I'm not too keen on the move of couriertls into
On 2016-09-06 at 17:04 +0200, Lucio Crusca wrote:
> Hello,
>
> I receive several spam emails from forged email addresses and so do my
> customers. Most of the forged addresses are from one of the hosted
> domains to a real user of the same hosted domain (scan...@sulweb.org and
> the like).
>
Sam Varshavchik wrote:
> But this is treating the symptom, rather than the ailment. I think if
> you set up an SPF record, Google will be more receptive to your mail.
>
> Additionally, what Google does or does not do has no bearing on
> sending mail to anyone else, so if you're having problems
Mark Constable wrote:
> > >
> > > Would mail clients like Thunderbird need to understand SNI as
> > > well
> > > or would it be up to only the server daemon to present the right
> > > certificate?
> > Both. SNI is a protocol extension. Both the client and the server
> > have to be explicitly
Hello all
I would sometimes like to know the recipient a message was originally
addressed to, aka. the address provided in the RCPT TO:
However, both the final email and the mail log provide the recipient
after address rewriting and alias expansion. Which means the original
recipient is not
Hello Viktor
The problem is the CNAME being resolved. The client should be checking
the certificate for the original hostname that it was asked to connect
to, which in this case would match.
Otherwise, if you wanted to connect securely to smtp.mandrillapp.com, I
could perform a MITM injecting a
lucio wrote:
Is it possible it has support for both?
You could compile it twice, having a couriertls-openssl and a
couriertls-gnutls binary. However, in the end you need to use exactly
one framework for encrypting each connection, so there's little gain
there.
I find interesting the idea of
Daniel Zwick wrote:
Am 03.07.2015 um 01:48 schrieb Sam Varshavchik:
Lucio Crusca writes:
Hello everybody,
mxtoolbox says that my SMTP is slow:
http://mxtoolbox.com/domain/sulweb.org/
http://mxtoolbox.com/domain/wanisbunes.eu/ comes up with Reverse DNS
does not match SMTP
Szépe Viktor wrote:
Good morning!
Does anyone have experience with courier-pythonfilter in Python3?
Modern OS-es have Python3 as a standard package.
Thank you!
Szépe Viktor
Note they will also support python2
If all you want is to have it running, changing the shebang may be
enough.
Lindsay Haisley wrote:
I sent an email to my Gmail account containing the forbidden .TLDs
and
didn't get a warning. Maybe the list .
A mail directly sent from your server will probably have a bonus for
passing SPF for the email from.
Mentioning .ninja shouldn't make anyone think it's a domain, and much
less Google, that has pretty good spam filters. Looks like a bayesian
considering all ninja mentions as spam (just think how many of those
domains it would have seen).
So... are those anti-open source ninjas? ;)
Alessandro Vesely wrote:
On Fri 27/Feb/2015 15:26:03 +0100 Jan Ingvoldstad wrote:
On Fri, Feb 27, 2015 at 12:05 PM, Alessandro Vesely ves...@tana.it wrote:
but would it be worth?
Use case 1:
Hi, this is $customer,
could you please provide a log for which IP addresses have
There are several things that the remote address would make possible,
easier or have it as a prerequisite:
* The authdaemon could be centrally logging who is requesting which
account (not so interesting by itself)
* The authdaemon could throttle abusing ips (something the services
can't do, as
On Sam Varshavchik wrote:
The top links are a problem and you've gone and added some funky
javascript
for a dropdown menu which I never noticed before :)
That menu has been there for years. It's pretty lame coding.
I think the main problem of the current website is that menu. It doesn't
I would like to have available in the authdaemon the remote ip which is
attempting the authentication.
This could be implemented in the AUTH request as a fifth line containing
remoteip remoteport localip localport [\n]
Not so sure if/how to implement it for PRE and PASSWD, though.
What do you
Jeff Potter wrote:
(I don’t understand why Apple doesn't use SRV records — when you
enter an email address, they make an HTTPS connection to their
servers with the domain to see if they can auto-setup the results
for the user, but there’s no clear way to get into their system.
I suppose
Wolfgang Jeltsch wrote:
Hi,
thank you very much for this information.
Has there been any new insight into how Courier is affected by this bug?
And is Courier affected by the “follow-up” CVE-2014-7169?
All the best,
Wolfgang
Any program which allows untrusted variable contents into
Wolfgang Jeltsch wrote:
Am Donnerstag, den 25.09.2014, 22:16 +0200 schrieb Ángel González:
Any program which allows untrusted variable contents into the
environment and can be made to spawn a bash descendant is affected.
The question is how an attacker can convince Courier to set
Sam Varshavchik wrote:
And is Courier affected by the “follow-up” CVE-2014-7169?
I don't think the follow-up exploit is in scope. To use the follow-up
explot, so far, you need to somehow stuff the character into an
email address.
This is going to be a problem, since the character
Sam Varshavchik wrote:
I still want to do some more changes to the rpm packaging script,
first. That, pretty much, are the only pending changes I have now;
unless they affect you, you can just take the current snapshot, and go
with it.
I found a minor bug (wrong EOL) in courier-imap.
Bowie Bailey wrote:
On 9/8/2014 7:51 PM, Sam Varshavchik wrote:
Bowie Bailey writes:
On 9/5/2014 7:39 PM, Sam Varshavchik wrote:
The presence of the From header /after/ the blank line is a tell-tale
sign that the message text was delivered to an mbox file, and then read
back
from
Bowie Bailey wrote:
I was trying to diagnose exactly what is happening by watching the
communication between the servers, but I can't seem to turn off TLS when
talking to the other Courier server. There used to be a /SECURITY=NONE
switch in esmtproutes, but I don't see it in the man page
Bowie Bailey wrote:
Interesting, but that doesn't really give me what I'm looking for. I
want to see the full text of the smtp conversation including the text
of
the email as it is being sent. I can see some of that in the strace,
Increase the value of the -s parameter (that's the
This adds support for the location used by Debian/Ubuntu.
---
docbook/manpages.in | 55 ++
docbook/manpages.xsl | 55 --
docbook/sgml2html| 15 ++
docbook/sgml2man | 16
27 matches
Mail list logo