Re: [courier-users] Pythonfilter attachments

On Wed 08/Feb/2017 22:11:53 +0100 Gordon Messmer wrote: > On 02/08/2017 10:24 AM, Alessandro Vesely wrote: >> I revamped attachments.py in order to catch Javascript Trojans inside >> a zip, which were driving me crazy. > > The current version supports libarchive, w

Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad

On Wed 19/Jul/2017 22:22:13 +0200 Lucio Crusca wrote: > Il 19/07/2017 19:22, Alessandro Vesely ha scritto: >> Did you actually check it? I mean >> >> certtool -i --infile /etc/courier/esmtpd.pem >> >> or >> >> openssl x509 -text -in /etc/cou

Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad

On Wed 19/Jul/2017 14:28:23 +0200 Lucio Crusca wrote: > Il 19/07/2017 12:56, Sam Varshavchik ha scritto: >> Check the server's certificate, esmtpd.pem. That's the only certificate >> in play here. The file is probably corrupted. > > At first glance it seems ok, the structure is the same as

Re: [courier-users] Loading / reloading Pythonfilter

On Wed 07/Jun/2017 21:39:34 +0200 Gordon Messmer wrote: > On 06/07/2017 04:32 AM, Alessandro Vesely wrote: >> Last time I issued courierfilter stop, and then start. >> However, that way I have to reload also clamav databases, which takes a long >> time. Is there any

[courier-users] Loading / reloading Pythonfilter

I changed the code of a filter which is already configured and running. Now I have to install it. Last time I issued courierfilter stop, and then start. However, that way I have to reload also clamav databases, which takes a long time. Is there any better way to upgrade the running Python

Re: [courier-users] Message delivered, but no message in INBOX

On Thu 18/May/2017 00:19:07 +0200 Markus Wanner wrote: > On 17.05.2017 09:48, Alessandro Vesely wrote: > >> My suggestion is to avoid disassembling the Courier tarball. That is, have >> maildrop included by default in courier-mta, and possibly merge it with >> courie

Re: [courier-users] Message delivered, but no message in INBOX

On Tue 16/May/2017 19:06:55 +0200 Markus Wanner wrote: > > I'll check if it's feasible to re-add the courier-maildrop package in > Debian stretch (i.e. the Courier specific variant) I'd suggest to avoid that. I use subjunctive because I install Courier from tarballs rather than Debian packages,

Re: [courier-users] Throw-Away EMails

On Mon 01/May/2017 13:43:09 +0200 Michelle Konzack wrote: > > what is the easiest way to allow users to creat throw-away emails? > > I do this somehow over aliases, but when I change/delete one, I have > always to run makealiases. I do not really like the idea, to run a > bashscript

Re: [courier-users] courier-authlib: exported symbols

Hi Markus, On Fri 31/Mar/2017 09:36:27 +0200 Markus Wanner wrote: > On 03/31/2017 12:26 AM, Sam Varshavchik wrote: >> libcourierauthcommon is not solely an externally-linked library. It's >> also linked to by other .so-s in the package. These symbols correspond >> to internal APIs. > > Am I

Re: [courier-users] Build 20170309 of Courier packages

On Fri 31/Mar/2017 00:28:49 +0200 Sam Varshavchik wrote: > Alessandro Vesely writes: > >> authpgsqllib.cpp:14:22: fatal error: libpq-fe.h: No such file or directory >> #include >> ^ >> compilation terminated. >> Makefile:1352: recipe

Re: [courier-users] SSL Report on Courier's TLS settings (includes answer)

On Thu 30/Mar/2017 12:58:26 +0200 Sam Varshavchik wrote: > Alessandro Vesely writes: > >> SSL/TLS compression Yes INSECURE (more info) >> [(more >> info)->https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-agai

Re: [courier-users] Build 20170309 of Courier packages

On Wed 29/Mar/2017 13:17:12 +0200 Sam Varshavchik wrote: > Alessandro Vesely writes: >> On Fri 17/Mar/2017 01:25:36 +0100 Sam Varshavchik wrote: >>> >>> This should now be fixed in 20170316. All packages rebuilt, including >>> courier-authlib which was also a

Re: [courier-users] SSL Report on Courier's TLS settings (includes answer)

Thank you Szépe, I tried that last week and it was bad enough to convince me to recompile the whole lot --something I had been procrastinating for a while. It is a Debian with OpenSSL 1.0.1t. Testing the new code, without TLS-specific settings, I got again logged on the /recent worst/ table

Re: [courier-users] Build 20170309 of Courier packages

On Fri 17/Mar/2017 01:25:36 +0100 Sam Varshavchik wrote: > Gordon Messmer writes: > >> On 03/15/2017 06:17 PM, Sam Varshavchik wrote: >> > Ok, this actually turned out to be a small typo. Fixed in the >> > just-uploaded 20170315, and it builds for me. >> >> >> courier-unicode does build.

Re: [courier-users] Server side sorting

On Wed 22/Mar/2017 18:47:10 +0100 Sam Varshavchik wrote: > Alessandro Vesely writes: > >> Some IMAP servers use indexed files too. Courier does not. What is the >> rationale behind that design choice? > > I expected – as I said – for clients to handle their own caching

Re: [courier-users] Server side sorting

On Wed 22/Mar/2017 16:55:09 +0100 Sam Varshavchik wrote: > > A server is a shared resource. It never made any sense to me to offload as > much > processing as possible to the server. It makes more sense for most of the > processing to be done on the client side, with the server's role limited to

Re: [courier-users] RBL answers

On Fri 10/Mar/2017 21:00:23 +0100 SZÉPE Viktor wrote: > Idézem/Quoting Sam Varshavchik : >> Gordon Messmer writes: >> >>> I was checking the RBL queries and answers on a server this morning, >>> when I noticed this in the responses: >>> Please stop asking for ANY.See

Re: [courier-users] courier unicode build 20170306

On Tue 07/Mar/2017 03:43:45 +0100 Sam Varshavchik wrote: > Download: http://www.courier-mta.org/download.html#unicode > > This is a test build of the courier-unicode package, that uses C++11's unicode > support. Please report any build issues to the courier-users list. Yes, it works, but I had

Re: [courier-users] Spam filtering on SMTP level

On Fri 03/Mar/2017 06:42:38 +0100 Bernd Wurst wrote: > When I use "pyclamav" as stated in the docs, clamd is not used and I > have a breakdown (refuse all messages) when the running freshclam daemon > reloads the database. Restarting the pythonfilter fixes this but it's > annoying. If you're

Re: [courier-users] Future of Courier MTA

On Sun 19/Feb/2017 20:32:00 +0100 Gordon Messmer wrote: > On 02/18/2017 04:45 PM, Mark Constable wrote: >>> Is Ondřej still the package >>> maintainer? >> Not really, this explains Ondřej's position... > > I'd seen that, but I'm not intimately familiar with the Debian maintenance > process. I'm

[courier-users] Pythonfilter attachments

Hi all, I revamped attachments.py in order to catch Javascript Trojans inside a zip, which were driving me crazy. While I added that, I removed the configurable archive. The attached flavor of the filter rejects just the extensions hardcoded in the source. Enjoy Ale #!/usr/bin/python #

Re: [courier-users] courier-authlib 0.67.0 released

On Sat 28/Jan/2017 19:57:39 +0100 Sam Varshavchik wrote: Changes: • Rewritten LDAP, MySQL, PostgreSQL, and SQLite modules. The replacement modules are backwards compatible, except for one PostgreSQL configuration You need to configure CXXFLAGS too. Ale --- configure.ac2017-01-29

Re: [courier-users] SASL for authpipe -- a sticky note for Courier Authlib

On Thu 26/Jan/2017 12:28:41 +0100 Sam Varshavchik wrote: >> [edited context] >> The main difficulty is to get the sources for the include files: >> >> I include courierauth.h and courierauthsasl.h from authlib-devel. But >> I also need: >> >> #include"cramlib.h"

Re: [courier-users] SASL for authpipe -- a sticky note for Courier Authlib

On Thu 26/Jan/2017 01:53:59 +0100 Sam Varshavchik wrote: > Alessandro Vesely writes: >> On Wed 25/Jan/2017 14:33:16 +0100 Sam Varshavchik wrote: >>> Alessandro Vesely writes: >>>> >>>> The main difficulty is to get the sources for the includ

Re: [courier-users] SASL for authpipe -- a sticky note for Courier Authlib

On Wed 25/Jan/2017 14:33:16 +0100 Sam Varshavchik wrote: > Alessandro Vesely writes: >> >> while reviewing my Courier installation, I stumbled upon how my authProg.c is >> compiled. It uses -I/my/path/to/auth/cur -L/usr/path/to/courier-authlib and >> -lcourierauthsas

[courier-users] SASL for authpipe -- a sticky note for Courier Authlib

Hi all, while reviewing my Courier installation, I stumbled upon how my authProg.c is compiled. It uses -I/my/path/to/auth/cur -L/usr/path/to/courier-authlib and -lcourierauthsasl, on a server with courier-authlib-0.66.4.20160106. On a stock Debian jessie (0.66.1) I have to add two more

Re: [courier-users] Best practize for $USER -> EMail

On Fri 20/Jan/2017 13:22:26 +0100 Michelle Konzack wrote: > So my idea is, to use a script an rename all UNIX users by a construct > like > user1 > user2 > user3 > etc > > and then use the /etc/courier/aliases/ directory to point the EMail >

Re: [courier-users] rspamd for courier-mta

On Tue 17/Jan/2017 04:11:09 +0100 Mark Constable wrote: > [...] which can take advantage of the dovecot-antispam plugin that > dynamically retrains spam when items are moved in or out of a Junk folder > (interesting use of curl)... Courier-IMAP has been lacking that hook for ever. Patching would

[courier-users] avfilter-3.4

The old version choked with newer ClamAV (0.99 I think) and I didn't realize it until someone told me. So here is the upgrade, albeit late... http://www.tana.it/sw/avfilter/ Ale -- -- Developer

[courier-users] DNS, was lo is down

On Thu 29/Dec/2016 00:44:53 +0100 Gordon Messmer wrote: > > Courier uses DNS for everything that comes to mind. Modifying > /etc/hosts won't resolve the problem in question. From that, I derive that production mail servers should run a caching[*] DNS server /locally/. That's also necessary

Re: [courier-users] Fwd: Looking for new Debian maintainers for courier-mta packages

On Sun 11/Dec/2016 12:51:00 +0100 Stefan Hornburg (Racke) wrote: > On 12/11/2016 03:12 AM, Mark Constable wrote: >> On 11/12/16 03:09, SZÉPE Viktor wrote: >>> On 07/12/16 00:04, Ondřej Surý wrote: I intend to properly orphan the packages before stretch release and remove them from

Re: [courier-users] [patch] fix duplicate definition of sqwebmail_content_charset in courier

On Mon 19/Sep/2016 13:58:28 +0200 Hanno Böck wrote: > > The variable sqwebmail_content_charset is defined twice, in sqwebmail.c > and gpg.c. One of them should be declared as extern. Isn't that the default? The C spec has sentences such as: If the declaration of an identifier for an object

Re: [courier-users] Can courier sort mail for one user into multiple subfolders for imap

On Fri 02/Sep/2016 07:26:12 +0200 Milan Obuch wrote: > On Thu, 1 Sep 2016 20:57:50 -0400 David Niklas wrote: > >> I wanted to know if courier could read the subject/from metadata so >> that it could place courier mailing list mail into one folder and so >> on with other mail received. > >

Re: [courier-users] Ports 465 vs 587

On Sun 14/Aug/2016 13:10:22 +0200 Mark Constable wrote: > Because of arguments like this, and that I do not even want to offer > non-SSL options, I routinely disable ports 143 and 587 and only use > ports 993 and 465 for authenticated user mail... > >

Re: [courier-users] Address literals

On Sat 30/Jul/2016 14:30:18 +0200 Sam Varshavchik wrote: > Matus UHLAR - fantomas writes: >> On 29.07.16 06:48, Sam Varshavchik wrote: >>> Courier should accept postmaster@[ipaddress], where ipaddress matches >>> the connection's IP address. It won't accept any other IP address. That means

Re: [courier-users] Address literals

s. > > On 29.07.16 18:41, Alessandro Vesely wrote: >> Irrespectively or RELAYCLIENT? > > I actually don't think tht RELAYCLIENT should be taken into account. > if the client has relaying privileges, (s)he should know hot co contact the > server admin(s) I tried is to send

Re: [courier-users] Address literals

On Fri 29/Jul/2016 12:48:25 +0200 Sam Varshavchik wrote: > Alessandro Vesely writes: > >> SMTP provides for: >> >> address-literal = "[" ( IPv4-address-literal / >> IPv6-address-literal / >> General-addre

[courier-users] Address literals

SMTP provides for: address-literal = "[" ( IPv4-address-literal / IPv6-address-literal / General-address-literal ) "]" ; See Section 4.1.3 Mailbox= Local-part "@" ( Domain / address-literal ) However, Courier gives

Re: [courier-users] Fight against Dridex / Locky

On Wed 27/Jul/2016 17:48:26 +0200 SZÉPE Viktor wrote: > You may block messages with executable attachment > (exe,com,scr,pif,bat,cmd,vbs,js ...) > and zip-s with executable in them. Also any documents with macros, according to this picture:

Re: [courier-users] Management of maildir structures

On Sun 24/Jul/2016 16:19:40 +0200 Lindsay Haisley wrote: >>> >>> rsync doesn't qualify as a "mail retrieval agent". It can be used to retrieve mail, despite its missing qualifications. And it must skip tmp, lest fetch rubbish. So there is a class of maildir readers which are neither mail

Re: [courier-users] Management of maildir structures

On Sun 24/Jul/2016 00:12:34 +0200 Sam Varshavchik wrote: > Lindsay Haisley writes: >> On Sat, 2016-07-23 at 13:29 -0700, Gordon Messmer wrote: >>> In this case, I think that "MUA" simply means "the process that's >>> reading the mail dir." In particular, it refers to Dovecot in the >>> same

Re: [courier-users] Blocking Brute Force Auth Attacks

On Sat 09/Jul/2016 00:32:32 +0200 Gordon Messmer wrote: > On 07/08/2016 03:04 PM, Alexei Batyr' wrote: >> >> Unfortunately spamers/fishers et al. already mastered SSL and STARTTLS and >> successfully use them in brute force and other attacks. > > I'd expect so. I didn't recommend TLS as a measure

Re: [courier-users] Cron <root@szerver4> /usr/local/sbin/syslog-errors-infrequent.sh

On Wed 08/Jun/2016 00:04:26 +0200 Sam Varshavchik wrote: > SZÉPE Viktor writes: >> Idézem/Quoting Sam Varshavchik : >>> Alexei Batyr' writes: Sam Varshavchik writes: > SZÉPE Viktor writes: > >> Could you help me where is the syntax error in this address?

Re: [courier-users] Disable SSL for esmtpd on port 25

On Fri 27/May/2016 14:39:59 +0200 Matus UHLAR - fantomas wrote: > >> I don't know how to check what percentage of port 25 mailserver to >> mailserver connections may be SSL encrypted to justify leaving SSL >> on port 25 for server to server connections. Would you (or anyone) >> have any idea how

Re: [courier-users] Migrating old messages

On Wed 11/May/2016 18:04:46 +0200 Gordon Messmer wrote: > On 05/11/2016 03:46 AM, MK wrote: >> What are my options here? > > > The one I'd recommend is: Set up the IMAP account on each client. > Create a folder structure on the IMAP server that matches the client. > Copy the content of each

Re: [courier-users] 456 Address temporarily unavailable and aliases

On Fri 15/Apr/2016 02:28:48 +0200 Sam Varshavchik wrote: > Jeff Potter writes: > >> Extrapolate this to the condition where “f...@domain.com” is actually an >> alias for a few dozen people, and where on any given day one of them >> happens to be over-quota: it causes the entire alias to

Re: [courier-users] Best practice for SMTP level spam filter

On Thu 14/Apr/2016 17:23:53 +0200 Bernd Wurst wrote: > Thank you all for the answers. > > To clarify: Bouncing spam would be an option, technically, but we do not > do that. For sure. > > I do have some experience with a custom localmailfilter but my question > was if there's something ready

Re: [courier-users] Best practice for SMTP level spam filter

On Mon 11/Apr/2016 18:44:41 +0200 Gordon Messmer wrote: > > It's possible to scan the message during SMTP. It's possible to deliver > or drop on a per-recipient basis, as well. You simply mark the message > delivered for those recipients who wouldn't want to receive it. > However, there's

Re: [courier-users] What are recommended SPF options

On Mon 28/Mar/2016 13:28:04 +0200 courier wrote: > > I am interested to know about Courier settings, which I see on the > simply web configuration: "Sender Policy Framework". For an example, I use this to reject on mailfrom fail unless whitelisted: opt BOFHSPFHELO=all opt

Re: [courier-users] What are recommended SPF options

On Thu 24/Mar/2016 03:12:14 +0100 Sam Varshavchik wrote: > cour...@rcdrun.com writes: > >> Hello, >> >> I would like to know what are recommended SPF options. > > The "Sender Policy Framework Keywords" section in the courier(8) man page has > a > brief discussion about the suggested options.

Re: [courier-users] How do users get a strudel (@) in their name?

On Sun 20/Mar/2016 00:14:15 +0100 Sam Varshavchik wrote: > Alessandro Vesely writes: > >>> sqwebmail reads Courier's "defaultdomain" file. The standalone version of >>> sqwebmail reads the "hostname" file, in its configuration directory. >>

Re: [courier-users] How do users get a strudel (@) in their name?

On Sat 19/Mar/2016 13:56:12 +0100 Sam Varshavchik wrote: > Alessandro Vesely writes: >> >> Courier can authenticate users 'name@domain' or 'nameonly' with default >> domain. >> I forgot why I chose one or the other, there was no courier-authlib at the >> time.

[courier-users] How do users get a strudel (@) in their name?

Hi all, Courier can authenticate users 'name@domain' or 'nameonly' with default domain. I forgot why I chose one or the other, there was no courier-authlib at the time. If I were to start now, I'd use domainless tokens differing from their corresponding mailbox addresses. But I want to as

Re: [courier-users] error setting STARTTLS when send, unable to set security mode

On Mon 14/Mar/2016 02:26:09 +0100 Gordon Messmer wrote: > On 03/11/2016 05:23 PM, PICCORO McKAY Lenz wrote: >> my remote dain has startls, so from other server cannot send to that domain.. > > I'm sorry, I don't know what you mean. > >> and in my documentation does not said that! >> was always

Re: [courier-users] How do I make BLOCK2 available to maildrop in delivery mode?

On Thu 03/Mar/2016 13:17:49 +0100 Christopher Rüprich wrote: (On Thu 03/Mar/2016 02:18:12 +0100 Sam Varshavchik wrote:) > >> Appending >> >> ALLOW_0=BLOCK2 >> >> to the esmtpd configuration file, and restarting, should end up with >> this stuff getting recorded in the headers. > > Thank you.

Re: [courier-users] How do I make BLOCK2 available to maildrop in delivery mode?

On Tue 01/Mar/2016 23:36:33 +0100 Sam Varshavchik wrote: > Christopher Rüprich writes: > >> I'm using BLACKLISTS='-block=[...],BLOCK2' in /etc/courier/esmtp to >> check incoming mail against a couple of dns-blacklists. I'd like to make >> the result available to a maildrop-script in delivery

Re: [courier-users] problem with authentication modules

On Thu 18/Feb/2016 23:57:56 +0100 Sam Varshavchik wrote: > > I don't know whether or not Thunderbird suffers from the "user is too stupid > to > be shown real error messages" malady, that typically affects only > Microsoft-written software. TB is not marvelous, but did say "server responded:

Re: [courier-users] No SPF reject during DNS outage. How come?

lity. There's something which works counter-intuitively in the SPF module, but that's probably not even covered clearly by the RFC. I'd have preferred a 417 reply code in this case. Thank you for your interest Ale > -Original Message- > From: Alessandro Vesely [mailto:ves...@tana.it]

Re: [courier-users] No SPF reject during DNS outage. How come?

On Thu 12/Nov/2015 17:04:29 +0100 Sam Varshavchik wrote: > Alessandro Vesely writes: > >> I received a bunch of spam marked like this: >> >> Return-Path: <zl...@tana.it> >> Received: from [210.205.1.118] (softdnserr [210.205.1.118]) >> by wmail.tan

[courier-users] No SPF reject during DNS outage. How come?

Hi! I received a bunch of spam marked like this: Return-Path: Received: from [210.205.1.118] (softdnserr [210.205.1.118]) by wmail.tana.it with ESMTP; Thu, 12 Nov 2015 09:55:57 +0100 id 005DC042.56445431.5BFC Received-SPF: error (Address does not pass the

Re: [courier-users] zdkimfilter

Hi Lucio, On Mon 05/Oct/2015 17:53:50 +0200 Lucio Crusca wrote: > > I'm trying to add DKIM signatures to outgoing messages. I've followed this > guide [1], but my feeling is that nothing is happening, as far as DKIM is > concerned. You should see a DKIM-Signature on outgoing mail, e.g. if you

Re: [courier-users] Courier, and RFC 4408 (section 3.1.3 - multi line records).

On Fri 02/Oct/2015 02:05:42 +0200 Mitch (BitBlock) wrote: > I have a courier 0.73.1 set up which respects strict SPF if the domain owner > sets it (-all). > > I see a thread from November 2014 where Sam confirms that courier (at that > time) was not supporting this format. > >

Re: [courier-users] Received-SPF header

with the rest of the Received headers. On 16.07.15 09:19, Alessandro Vesely wrote: SA behavior is not affected by the field position within the header, AFAIK. It looks rather like a design decision, since SA behaves the same with Authentication-Results fields (which are often placed before

Re: [courier-users] Received-SPF header

On Wed 15/Jul/2015 22:41:30 +0200 Bowie Bailey wrote: Unfortunately, SA ignores the header since it is placed at the bottom of the header list rather than inline with the rest of the Received headers. SA behavior is not affected by the field position within the header, AFAIK. It looks

Re: [courier-users] Double spam filter

On Thu 09/Jul/2015 16:00:52 +0200 Bowie Bailey wrote: On 7/8/2015 8:22 AM, Sam Varshavchik wrote: Ideally, this should be handled entirely by SpamAssassin, which should pass through the message immediately, unmodified, if the message was already tagged with its headers. Each individual

Re: [courier-users] slow transactions

On Fri 03/Jul/2015 00:48:35 +0200 Lucio Crusca wrote: mxtoolbox says that my SMTP is slow: http://mxtoolbox.com/domain/sulweb.org/ [...] What is taking nearly 13 seconds to complete the transactions that mxtoolbox expects to complete in less than 5 seconds? Testing my server I got the

Re: [courier-users] Recent Windows 8.1 update problem

On Mon 18/May/2015 16:45:02 +0200 Mark Constable wrote: On Mon, 18 May 2015 07:03:21 AM Sam Varshavchik wrote: Are you using self-signed certificates for IMAP and SMTP? No, but admittedly just a cheap chained certificate... What's the key length? This article seems to imply it must be =

[courier-users] zdkimfilter 1.5 with DMARC support

RFC 7489 was published last month. Using zdkimfilter 1.5 it is easy to meet DMARC minimum implementation requirements --section 8 of the RFC. That section stresses the ability to send and receive reports, which is the most noteworthy addition with respect to ADSP. It makes mail servers of

Re: [courier-users] Passing the remote ip to authdaemond

On Mon 02/Mar/2015 18:58:31 +0100 Jan Ingvoldstad wrote: On Mon, Mar 2, 2015 at 5:24 PM, Alessandro Vesely ves...@tana.it wrote: How about users deploying Tor? Judging from their somewhat cute, naive paranoia, yes, they would be very interested in that kind of data. :-) There are also

Re: [courier-users] Passing the remote ip to authdaemond

On Mon 02/Mar/2015 15:54:05 +0100 Jan Ingvoldstad wrote: On Sun, Mar 1, 2015 at 3:42 PM, Alessandro Vesely ves...@tana.it wrote: Use case 1: Hi, this is $customer, could you please provide a log for which IP addresses have tried to logon as $user? The complete list of IP addresses

Re: [courier-users] Passing the remote ip to authdaemond

On Fri 27/Feb/2015 10:28:12 +0100 Jan Ingvoldstad wrote: I hoped I could, by using e.g. less to view the debug log (debug level 1) The debug log is useful for debugging, but lines get garbled if there are concurrent logins, and it's not quite machine-readable. [DATE] [host] imapd: LOGIN

Re: [courier-users] Aliasing

On Thu 26/Feb/2015 16:22:09 +0100 Mark Constable wrote: On 26/02/15 11:40, Sam Varshavchik wrote: But the best course of action is to wrap that third party app, somehow, and change the return address to use dashes instead of pluses. That would make things much easier. Thanks, I can see

Re: [courier-users] Aliasing

On Thu 26/Feb/2015 02:40:57 +0100 Sam Varshavchik wrote: Mark Constable writes: I have a 3rd party app that produces a reply-to address like this... ciab+605e46207a16cd9170493949c2684fb1-...@renta.net What would be the best alias method to land this in the mailbox of c...@renta.net? If

Re: [courier-users] Passing the remote ip to authdaemond

On Tue 24/Feb/2015 03:28:21 +0100 Sam Varshavchik wrote: Well, the per-IP address differention is mostly related to the maximum number of simultaneous connections that are accepted, and that's handled by couriertcpd, not authdaemon. Let me just add that an external tool, such as fail2ban,

[courier-users] Unicode, was Development

On Mon 16/Feb/2015 13:18:21 +0100 Sam Varshavchik wrote: No – the javascript popup menu are navigation links to /authlib, /imap, /sqwebmail, /maildrop; which all have the same menu. BTW, /unicode is not linked that way, and doesn't link back. Does that reflect some kind of temporariness in

Re: [courier-users] Ports, SSL and STARTTLS for ESMTP

On Sat 07/Feb/2015 14:51:20 +0100 Hanno Böck wrote: On Sat, 7 Feb 2015 08:40:07 -0500 Jeff Potter wrote: 465 has the benefit that the STARTTLS keyword can’t be MITM stripped. That's kinda the thing: STARTTLS doesn't really make that much sense any more in a world where we essentially want

Re: [courier-users] Garbled log lines

On Sat 31/Jan/2015 13:55:24 +0100 Sam Varshavchik wrote: Alessandro Vesely writes: I have something like so: vfprintf(stderr, fmt, ap); va_end(ap); fputc('\n', stderr); That INFO: arrived from a sibling process. They both inherit fd 2 as a pipe to courierfilter

Re: [courier-users] Garbled log lines

On Fri 30/Jan/2015 11:30:25 +0100 Szépe Viktor wrote: Idézem/Quoting Alessandro Vesely ves...@tana.it: Every now and then log lines from a filter through stderr to syslog get intermixed. For example, this came as a single line: Jan 29 13:49:35 wmail courierfilter: zdkimfilter[31367

[courier-users] Garbled log lines

Every now and then log lines from a filter through stderr to syslog get intermixed. For example, this came as a single line: Jan 29 13:49:35 wmail courierfilter: zdkimfilter[31367]:INFO:zdkimfilter[31364]:drop msg,id=005DC056.54CA2C5F.7A7D: Found-Virusdrop

Re: [courier-users] MX should not point to a CNAME?

On Thu 22/Jan/2015 02:27:02 +0100 Justin Vallon wrote: I am having a discussion in a support ticket about an MX record pointing to a CNAME. Searching for references for MX and CNAME leads to RFC 2181: {{{ 10.3. MX and NS records The domain name used as the value of a NS resource

Re: [courier-users] Failed filter restarts when restarting courier and filter times out when stopping

On Sun 11/Jan/2015 22:36:59 +0100 Gordon Messmer wrote: On 01/09/2015 08:18 AM, Alessandro Vesely wrote: To kill by pid is going to be difficult for forked filters. I issue a call kill(0, SIGTERM) when the pipe is closed, but I had previously called setsid(). I'll note that the man page

Re: [courier-users] Failed filter restarts when restarting courier and filter times out when stopping

On Sat 10/Jan/2015 00:08:04 +0100 Sam Varshavchik wrote: Alessandro Vesely writes: Currently, the shutdown code just gives up, after a timeout, in this manner. I do agree that an attempt should be made to kill all processes, after a reasonable timeout, so it's something that I need

Re: [courier-users] Failed filter restarts when restarting courier and filter times out when stopping

On Thu 08/Jan/2015 23:51:56 +0100 Jeff Potter wrote: 4. After start, pythonfilter is not started — 'filterctl start pythonfilter' fails to bring it up with this: filterctl start pythonfilter ln: creating symbolic link `/etc/courier/filters/active/pythonfilter' to

[courier-users] zdkimfilter 1.3

The new version can interoperate better with other filters, as it can reject/drop based on a header added by another filter, or install with a different name so that another filter can reject/drop based on DKIM verification. See more detail at http://www.tana.it/sw/zdkimfilter/ Still no DMARC

Re: [courier-users] Slow sending out port 587

On Tue 16/Dec/2014 19:22:05 +0100 Anders Le Chevalier wrote: On 2014-12-16 07:20, Mark Constable wrote: ... Bonus question, aside from fail2ban, has anyone got any rules for iptables to block/drop on an OS level any courier-related authdaemon logins and these port 25 access attempts?

Re: [courier-users] Added whitespace breaks DKIM signatures

On Sat 13/Dec/2014 03:23:57 +0100 Sam Varshavchik wrote: Alessandro Vesely writes: Right, so it must have been Apple's server (http://www.appmaildev.com/en/dkim/) I tentatively installed the following patch. It prevents wrapping without apparently causing any blatant malfunction. What

Re: [courier-users] Added whitespace breaks DKIM signatures

On Fri 12/Dec/2014 00:29:42 +0100 Sam Varshavchik wrote: Alessandro Vesely writes: After further investigation I found out that Courier smtp client wraps header lines longer than 70 (rfc822_getaddrs_wrap). Sendmail unwraps the newline to work around a Lotus Notes quirk which used to cause

Re: [courier-users] Added whitespace breaks DKIM signatures

On Fri 12/Dec/2014 13:13:02 +0100 I wrote: --- courier/libs/comrwheader.c.orig 2013-08-25 20:44:47.0 +0200 +++ courier/libs/comrwheader.c2014-12-12 09:03:44.0 +0100 @@ -98,7 +98,7 @@ unsigned i, l; char*p; -

Re: [courier-users] Added whitespace breaks DKIM signatures

On Fri 12/Dec/2014 13:44:43 +0100 Matus UHLAR - fantomas wrote: On 12.12.14 13:13, Alessandro Vesely wrote: I tentatively installed the following patch. It prevents wrapping without apparently causing any blatant malfunction. What would you say about it? (I didn't explore what unexpected

[courier-users] Added whitespace breaks DKIM signatures

Sam, when MAL wrote me about this bug I thought it was a sendmail idiosyncrasy. He found that a long display phrase makes the From: header wrapped. I checked several DKIM validators and found (only) one of them succeeded; that is, the From: line wasn't wrapped, like in local bcc's. After

Re: [courier-users] Sendmail -n

On Sun 07/Dec/2014 15:05:36 +0100 Sam Varshavchik wrote: setting MIME=none before sending mail from the local host should prevent MIME changes that invalidate DKIM signatures. Is there a way to get those changes before signing, instead? I tried something like this Perl code: $final =

[courier-users] Sendmail -n

Hi, setting MIME=none before sending mail from the local host should prevent MIME changes that invalidate DKIM signatures. Is there a way to get those changes before signing, instead? I tried something like this Perl code: $final = `sendmail -n $outfile`; write_file($outfile,

Re: [courier-users] smtpaccess and 517 rejects woes

On Sun 30/Nov/2014 20:09:46 +0100 Matus UHLAR - fantomas wrote: On 30.11.14 09:19, Sam Varshavchik wrote: But, if someone wants to do that, this setting is available; and, since it's their server, and if they wish to ignore the requirement to not validate the HELO, it's their prerogative to

Re: [courier-users] smtpaccess and 517 rejects woes

On Fri 28/Nov/2014 13:34:41 +0100 Marcin 'Rambo' Roguski wrote: I receive mail from one server that is (obviously) misconfigured, but - unfortunately - it's in my interest to receive mail from it. Why is it misconfigured? Its SPF record is fine, and IP 178.63.50.70 is one of the authorized

Re: [courier-users] Deny relay

On Wed 12/Nov/2014 14:42:02 +0100 Matus UHLAR - fantomas wrote: Stephan Knorr writes: I am trying to deny authenticated esmtp (on port 587) for local users who have configured their email-client with a foreign from-address (not in our local domain). On 12.11.14 08:13, Sam Varshavchik

Re: [courier-users] Turning accounts into honeypots

On Mon 03/Nov/2014 19:48:55 +0100 I wrote: For example, as I use MySQL, I could add a badpw field in the user table, and craft a select statement that returns the honeypot's username when the input local_part matches the compromised password instead of the good one. I cannot, of course.

[courier-users] avfilter-3.2

Some bug fixes/added option here: http://www.tana.it/sw/avfilter/ It works with ClamAV 0.98.4 Ale -- ___ courier-users mailing list courier-users@lists.sourceforge.net

Re: [courier-users] Courier and rfc 4408 spf

On Wed 05/Nov/2014 12:20:38 +0100 Hanno Böck wrote: Am Wed, 05 Nov 2014 08:19:36 +0100 schrieb Alessandro Vesely ves...@tana.it: Not according to https://dmarcian.com/spf-survey/hboeck.de If you look at the bottom of that page, that tool found 4 occurrences of the same block

Re: [courier-users] Courier and rfc 4408 spf

On Tue 04/Nov/2014 21:48:28 +0100 Hanno Böck wrote: Am Tue, 4 Nov 2014 13:23:25 +0100 schrieb Matus UHLAR - fantomas uh...@fantomas.sk: you should be glad you are receiving neutral, the SPF checker at http://www.kitterman.com/spf/validate.html gives something different: Results -

[courier-users] Turning accounts into honeypots

Hi, a mailbox of mines was compromised last week. I hate that. I changed the password just before the automated limit blocked the account. The spammer seems to have a huge botnet, and I still see 535 Authentication failed in the logs. I set DEBUG_LOGIN=2 to make sure they are using the old

  1   2   3   4   5   6   7   >