On Wed 08/Feb/2017 22:11:53 +0100 Gordon Messmer wrote:
> On 02/08/2017 10:24 AM, Alessandro Vesely wrote:
>> I revamped attachments.py in order to catch Javascript Trojans inside
>> a zip, which were driving me crazy.
>
> The current version supports libarchive, w
On Wed 19/Jul/2017 22:22:13 +0200 Lucio Crusca wrote:
> Il 19/07/2017 19:22, Alessandro Vesely ha scritto:
>> Did you actually check it? I mean
>>
>> certtool -i --infile /etc/courier/esmtpd.pem
>>
>> or
>>
>> openssl x509 -text -in /etc/cou
On Wed 19/Jul/2017 14:28:23 +0200 Lucio Crusca wrote:
> Il 19/07/2017 12:56, Sam Varshavchik ha scritto:
>> Check the server's certificate, esmtpd.pem. That's the only certificate
>> in play here. The file is probably corrupted.
>
> At first glance it seems ok, the structure is the same as
On Wed 07/Jun/2017 21:39:34 +0200 Gordon Messmer wrote:
> On 06/07/2017 04:32 AM, Alessandro Vesely wrote:
>> Last time I issued courierfilter stop, and then start.
>> However, that way I have to reload also clamav databases, which takes a long
>> time. Is there any
I changed the code of a filter which is already configured and running. Now I
have to install it. Last time I issued courierfilter stop, and then start.
However, that way I have to reload also clamav databases, which takes a long
time. Is there any better way to upgrade the running Python
On Thu 18/May/2017 00:19:07 +0200 Markus Wanner wrote:
> On 17.05.2017 09:48, Alessandro Vesely wrote:
>
>> My suggestion is to avoid disassembling the Courier tarball. That is, have
>> maildrop included by default in courier-mta, and possibly merge it with
>> courie
On Tue 16/May/2017 19:06:55 +0200 Markus Wanner wrote:
>
> I'll check if it's feasible to re-add the courier-maildrop package in
> Debian stretch (i.e. the Courier specific variant)
I'd suggest to avoid that. I use subjunctive because I install Courier from
tarballs rather than Debian packages,
On Mon 01/May/2017 13:43:09 +0200 Michelle Konzack wrote:
>
> what is the easiest way to allow users to creat throw-away emails?
>
> I do this somehow over aliases, but when I change/delete one, I have
> always to run makealiases. I do not really like the idea, to run a
> bashscript
Hi Markus,
On Fri 31/Mar/2017 09:36:27 +0200 Markus Wanner wrote:
> On 03/31/2017 12:26 AM, Sam Varshavchik wrote:
>> libcourierauthcommon is not solely an externally-linked library. It's
>> also linked to by other .so-s in the package. These symbols correspond
>> to internal APIs.
>
> Am I
On Fri 31/Mar/2017 00:28:49 +0200 Sam Varshavchik wrote:
> Alessandro Vesely writes:
>
>> authpgsqllib.cpp:14:22: fatal error: libpq-fe.h: No such file or directory
>> #include
>> ^
>> compilation terminated.
>> Makefile:1352: recipe
On Thu 30/Mar/2017 12:58:26 +0200 Sam Varshavchik wrote:
> Alessandro Vesely writes:
>
>> SSL/TLS compression Yes INSECURE (more info)
>> [(more
>> info)->https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-agai
On Wed 29/Mar/2017 13:17:12 +0200 Sam Varshavchik wrote:
> Alessandro Vesely writes:
>> On Fri 17/Mar/2017 01:25:36 +0100 Sam Varshavchik wrote:
>>>
>>> This should now be fixed in 20170316. All packages rebuilt, including
>>> courier-authlib which was also a
Thank you Szépe, I tried that last week and it was bad enough to convince me to
recompile the whole lot --something I had been procrastinating for a while. It
is a Debian with OpenSSL 1.0.1t.
Testing the new code, without TLS-specific settings, I got again logged on the
/recent worst/ table
On Fri 17/Mar/2017 01:25:36 +0100 Sam Varshavchik wrote:
> Gordon Messmer writes:
>
>> On 03/15/2017 06:17 PM, Sam Varshavchik wrote:
>> > Ok, this actually turned out to be a small typo. Fixed in the
>> > just-uploaded 20170315, and it builds for me.
>>
>>
>> courier-unicode does build.
On Wed 22/Mar/2017 18:47:10 +0100 Sam Varshavchik wrote:
> Alessandro Vesely writes:
>
>> Some IMAP servers use indexed files too. Courier does not. What is the
>> rationale behind that design choice?
>
> I expected – as I said – for clients to handle their own caching
On Wed 22/Mar/2017 16:55:09 +0100 Sam Varshavchik wrote:
>
> A server is a shared resource. It never made any sense to me to offload as
> much
> processing as possible to the server. It makes more sense for most of the
> processing to be done on the client side, with the server's role limited to
On Fri 10/Mar/2017 21:00:23 +0100 SZÉPE Viktor wrote:
> Idézem/Quoting Sam Varshavchik :
>> Gordon Messmer writes:
>>
>>> I was checking the RBL queries and answers on a server this morning,
>>> when I noticed this in the responses:
>>> Please stop asking for ANY.See
On Tue 07/Mar/2017 03:43:45 +0100 Sam Varshavchik wrote:
> Download: http://www.courier-mta.org/download.html#unicode
>
> This is a test build of the courier-unicode package, that uses C++11's unicode
> support. Please report any build issues to the courier-users list.
Yes, it works, but I had
On Fri 03/Mar/2017 06:42:38 +0100 Bernd Wurst wrote:
> When I use "pyclamav" as stated in the docs, clamd is not used and I
> have a breakdown (refuse all messages) when the running freshclam daemon
> reloads the database. Restarting the pythonfilter fixes this but it's
> annoying.
If you're
On Sun 19/Feb/2017 20:32:00 +0100 Gordon Messmer wrote:
> On 02/18/2017 04:45 PM, Mark Constable wrote:
>>> Is Ondřej still the package
>>> maintainer?
>> Not really, this explains Ondřej's position...
>
> I'd seen that, but I'm not intimately familiar with the Debian maintenance
> process. I'm
Hi all,
I revamped attachments.py in order to catch Javascript Trojans inside a zip,
which were driving me crazy. While I added that, I removed the configurable
archive. The attached flavor of the filter rejects just the extensions
hardcoded in the source.
Enjoy
Ale
#!/usr/bin/python
#
On Sat 28/Jan/2017 19:57:39 +0100 Sam Varshavchik wrote:
Changes:
• Rewritten LDAP, MySQL, PostgreSQL, and SQLite modules. The replacement
modules are backwards compatible, except for one PostgreSQL configuration
You need to configure CXXFLAGS too.
Ale
--- configure.ac2017-01-29
On Thu 26/Jan/2017 12:28:41 +0100 Sam Varshavchik wrote:
>> [edited context]
>> The main difficulty is to get the sources for the include files:
>>
>> I include courierauth.h and courierauthsasl.h from authlib-devel. But
>> I also need:
>>
>> #include"cramlib.h"
On Thu 26/Jan/2017 01:53:59 +0100 Sam Varshavchik wrote:
> Alessandro Vesely writes:
>> On Wed 25/Jan/2017 14:33:16 +0100 Sam Varshavchik wrote:
>>> Alessandro Vesely writes:
>>>>
>>>> The main difficulty is to get the sources for the includ
On Wed 25/Jan/2017 14:33:16 +0100 Sam Varshavchik wrote:
> Alessandro Vesely writes:
>>
>> while reviewing my Courier installation, I stumbled upon how my authProg.c is
>> compiled. It uses -I/my/path/to/auth/cur -L/usr/path/to/courier-authlib and
>> -lcourierauthsas
Hi all,
while reviewing my Courier installation, I stumbled upon how my authProg.c is
compiled. It uses -I/my/path/to/auth/cur -L/usr/path/to/courier-authlib and
-lcourierauthsasl, on a server with courier-authlib-0.66.4.20160106. On a
stock Debian jessie (0.66.1) I have to add two more
On Fri 20/Jan/2017 13:22:26 +0100 Michelle Konzack wrote:
> So my idea is, to use a script an rename all UNIX users by a construct
> like
> user1
> user2
> user3
> etc
>
> and then use the /etc/courier/aliases/ directory to point the EMail
>
On Tue 17/Jan/2017 04:11:09 +0100 Mark Constable wrote:
> [...] which can take advantage of the dovecot-antispam plugin that
> dynamically retrains spam when items are moved in or out of a Junk folder
> (interesting use of curl)...
Courier-IMAP has been lacking that hook for ever. Patching would
The old version choked with newer ClamAV (0.99 I think) and I didn't realize it
until someone told me. So here is the upgrade, albeit late...
http://www.tana.it/sw/avfilter/
Ale
--
--
Developer
On Thu 29/Dec/2016 00:44:53 +0100 Gordon Messmer wrote:
>
> Courier uses DNS for everything that comes to mind. Modifying
> /etc/hosts won't resolve the problem in question.
From that, I derive that production mail servers should run a caching[*] DNS
server /locally/. That's also necessary
On Sun 11/Dec/2016 12:51:00 +0100 Stefan Hornburg (Racke) wrote:
> On 12/11/2016 03:12 AM, Mark Constable wrote:
>> On 11/12/16 03:09, SZÉPE Viktor wrote:
>>> On 07/12/16 00:04, Ondřej Surý wrote:
I intend to properly orphan the packages before stretch release and
remove them from
On Mon 19/Sep/2016 13:58:28 +0200 Hanno Böck wrote:
>
> The variable sqwebmail_content_charset is defined twice, in sqwebmail.c
> and gpg.c. One of them should be declared as extern.
Isn't that the default? The C spec has sentences such as:
If the declaration of an identifier for an object
On Fri 02/Sep/2016 07:26:12 +0200 Milan Obuch wrote:
> On Thu, 1 Sep 2016 20:57:50 -0400 David Niklas wrote:
>
>> I wanted to know if courier could read the subject/from metadata so
>> that it could place courier mailing list mail into one folder and so
>> on with other mail received.
>
>
On Sun 14/Aug/2016 13:10:22 +0200 Mark Constable wrote:
> Because of arguments like this, and that I do not even want to offer
> non-SSL options, I routinely disable ports 143 and 587 and only use
> ports 993 and 465 for authenticated user mail...
>
>
On Sat 30/Jul/2016 14:30:18 +0200 Sam Varshavchik wrote:
> Matus UHLAR - fantomas writes:
>> On 29.07.16 06:48, Sam Varshavchik wrote:
>>> Courier should accept postmaster@[ipaddress], where ipaddress matches
>>> the connection's IP address. It won't accept any other IP address.
That means
s.
>
> On 29.07.16 18:41, Alessandro Vesely wrote:
>> Irrespectively or RELAYCLIENT?
>
> I actually don't think tht RELAYCLIENT should be taken into account.
> if the client has relaying privileges, (s)he should know hot co contact the
> server admin(s)
I tried is to send
On Fri 29/Jul/2016 12:48:25 +0200 Sam Varshavchik wrote:
> Alessandro Vesely writes:
>
>> SMTP provides for:
>>
>> address-literal = "[" ( IPv4-address-literal /
>> IPv6-address-literal /
>> General-addre
SMTP provides for:
address-literal = "[" ( IPv4-address-literal /
IPv6-address-literal /
General-address-literal ) "]"
; See Section 4.1.3
Mailbox= Local-part "@" ( Domain / address-literal )
However, Courier gives
On Wed 27/Jul/2016 17:48:26 +0200 SZÉPE Viktor wrote:
> You may block messages with executable attachment
> (exe,com,scr,pif,bat,cmd,vbs,js ...)
> and zip-s with executable in them.
Also any documents with macros, according to this picture:
On Sun 24/Jul/2016 16:19:40 +0200 Lindsay Haisley wrote:
>>>
>>> rsync doesn't qualify as a "mail retrieval agent".
It can be used to retrieve mail, despite its missing qualifications. And it
must skip tmp, lest fetch rubbish. So there is a class of maildir readers
which are neither mail
On Sun 24/Jul/2016 00:12:34 +0200 Sam Varshavchik wrote:
> Lindsay Haisley writes:
>> On Sat, 2016-07-23 at 13:29 -0700, Gordon Messmer wrote:
>>> In this case, I think that "MUA" simply means "the process that's
>>> reading the mail dir." In particular, it refers to Dovecot in the
>>> same
On Sat 09/Jul/2016 00:32:32 +0200 Gordon Messmer wrote:
> On 07/08/2016 03:04 PM, Alexei Batyr' wrote:
>>
>> Unfortunately spamers/fishers et al. already mastered SSL and STARTTLS and
>> successfully use them in brute force and other attacks.
>
> I'd expect so. I didn't recommend TLS as a measure
On Wed 08/Jun/2016 00:04:26 +0200 Sam Varshavchik wrote:
> SZÉPE Viktor writes:
>> Idézem/Quoting Sam Varshavchik :
>>> Alexei Batyr' writes:
Sam Varshavchik writes:
> SZÉPE Viktor writes:
>
>> Could you help me where is the syntax error in this address?
On Fri 27/May/2016 14:39:59 +0200 Matus UHLAR - fantomas wrote:
>
>> I don't know how to check what percentage of port 25 mailserver to
>> mailserver connections may be SSL encrypted to justify leaving SSL
>> on port 25 for server to server connections. Would you (or anyone)
>> have any idea how
On Wed 11/May/2016 18:04:46 +0200 Gordon Messmer wrote:
> On 05/11/2016 03:46 AM, MK wrote:
>> What are my options here?
>
>
> The one I'd recommend is: Set up the IMAP account on each client.
> Create a folder structure on the IMAP server that matches the client.
> Copy the content of each
On Fri 15/Apr/2016 02:28:48 +0200 Sam Varshavchik wrote:
> Jeff Potter writes:
>
>> Extrapolate this to the condition where “f...@domain.com” is actually an
>> alias for a few dozen people, and where on any given day one of them
>> happens to be over-quota: it causes the entire alias to
On Thu 14/Apr/2016 17:23:53 +0200 Bernd Wurst wrote:
> Thank you all for the answers.
>
> To clarify: Bouncing spam would be an option, technically, but we do not
> do that. For sure.
>
> I do have some experience with a custom localmailfilter but my question
> was if there's something ready
On Mon 11/Apr/2016 18:44:41 +0200 Gordon Messmer wrote:
>
> It's possible to scan the message during SMTP. It's possible to deliver
> or drop on a per-recipient basis, as well. You simply mark the message
> delivered for those recipients who wouldn't want to receive it.
> However, there's
On Mon 28/Mar/2016 13:28:04 +0200 courier wrote:
>
> I am interested to know about Courier settings, which I see on the
> simply web configuration: "Sender Policy Framework".
For an example, I use this to reject on mailfrom fail unless whitelisted:
opt BOFHSPFHELO=all
opt
On Thu 24/Mar/2016 03:12:14 +0100 Sam Varshavchik wrote:
> cour...@rcdrun.com writes:
>
>> Hello,
>>
>> I would like to know what are recommended SPF options.
>
> The "Sender Policy Framework Keywords" section in the courier(8) man page has
> a
> brief discussion about the suggested options.
On Sun 20/Mar/2016 00:14:15 +0100 Sam Varshavchik wrote:
> Alessandro Vesely writes:
>
>>> sqwebmail reads Courier's "defaultdomain" file. The standalone version of
>>> sqwebmail reads the "hostname" file, in its configuration directory.
>>
On Sat 19/Mar/2016 13:56:12 +0100 Sam Varshavchik wrote:
> Alessandro Vesely writes:
>>
>> Courier can authenticate users 'name@domain' or 'nameonly' with default
>> domain.
>> I forgot why I chose one or the other, there was no courier-authlib at the
>> time.
Hi all,
Courier can authenticate users 'name@domain' or 'nameonly' with default domain.
I forgot why I chose one or the other, there was no courier-authlib at the
time. If I were to start now, I'd use domainless tokens differing from their
corresponding mailbox addresses. But I want to as
On Mon 14/Mar/2016 02:26:09 +0100 Gordon Messmer wrote:
> On 03/11/2016 05:23 PM, PICCORO McKAY Lenz wrote:
>> my remote dain has startls, so from other server cannot send to that domain..
>
> I'm sorry, I don't know what you mean.
>
>> and in my documentation does not said that!
>> was always
On Thu 03/Mar/2016 13:17:49 +0100 Christopher Rüprich wrote:
(On Thu 03/Mar/2016 02:18:12 +0100 Sam Varshavchik wrote:)
>
>> Appending
>>
>> ALLOW_0=BLOCK2
>>
>> to the esmtpd configuration file, and restarting, should end up with
>> this stuff getting recorded in the headers.
>
> Thank you.
On Tue 01/Mar/2016 23:36:33 +0100 Sam Varshavchik wrote:
> Christopher Rüprich writes:
>
>> I'm using BLACKLISTS='-block=[...],BLOCK2' in /etc/courier/esmtp to
>> check incoming mail against a couple of dns-blacklists. I'd like to make
>> the result available to a maildrop-script in delivery
On Thu 18/Feb/2016 23:57:56 +0100 Sam Varshavchik wrote:
>
> I don't know whether or not Thunderbird suffers from the "user is too stupid
> to
> be shown real error messages" malady, that typically affects only
> Microsoft-written software.
TB is not marvelous, but did say "server responded:
lity.
There's something which works counter-intuitively in the SPF module, but that's
probably not even covered clearly by the RFC. I'd have preferred a 417 reply
code in this case.
Thank you for your interest
Ale
> -Original Message-
> From: Alessandro Vesely [mailto:ves...@tana.it]
On Thu 12/Nov/2015 17:04:29 +0100 Sam Varshavchik wrote:
> Alessandro Vesely writes:
>
>> I received a bunch of spam marked like this:
>>
>> Return-Path: <zl...@tana.it>
>> Received: from [210.205.1.118] (softdnserr [210.205.1.118])
>> by wmail.tan
Hi!
I received a bunch of spam marked like this:
Return-Path:
Received: from [210.205.1.118] (softdnserr [210.205.1.118])
by wmail.tana.it with ESMTP; Thu, 12 Nov 2015 09:55:57 +0100
id 005DC042.56445431.5BFC
Received-SPF: error (Address does not pass the
Hi Lucio,
On Mon 05/Oct/2015 17:53:50 +0200 Lucio Crusca wrote:
>
> I'm trying to add DKIM signatures to outgoing messages. I've followed this
> guide [1], but my feeling is that nothing is happening, as far as DKIM is
> concerned.
You should see a DKIM-Signature on outgoing mail, e.g. if you
On Fri 02/Oct/2015 02:05:42 +0200 Mitch (BitBlock) wrote:
> I have a courier 0.73.1 set up which respects strict SPF if the domain owner
> sets it (-all).
>
> I see a thread from November 2014 where Sam confirms that courier (at that
> time) was not supporting this format.
>
>
with the rest of the Received headers.
On 16.07.15 09:19, Alessandro Vesely wrote:
SA behavior is not affected by the field position within the header, AFAIK.
It
looks rather like a design decision, since SA behaves the same with
Authentication-Results fields (which are often placed before
On Wed 15/Jul/2015 22:41:30 +0200 Bowie Bailey wrote:
Unfortunately, SA ignores the header since it is placed at the bottom of
the header list rather than inline with the rest of the Received headers.
SA behavior is not affected by the field position within the header, AFAIK. It
looks
On Thu 09/Jul/2015 16:00:52 +0200 Bowie Bailey wrote:
On 7/8/2015 8:22 AM, Sam Varshavchik wrote:
Ideally, this should be handled entirely by SpamAssassin, which should
pass through the message immediately, unmodified, if the message was
already tagged with its headers. Each individual
On Fri 03/Jul/2015 00:48:35 +0200 Lucio Crusca wrote:
mxtoolbox says that my SMTP is slow: http://mxtoolbox.com/domain/sulweb.org/
[...]
What is taking nearly 13 seconds to complete the transactions that
mxtoolbox expects to complete in less than 5 seconds?
Testing my server I got the
On Mon 18/May/2015 16:45:02 +0200 Mark Constable wrote:
On Mon, 18 May 2015 07:03:21 AM Sam Varshavchik wrote:
Are you using self-signed certificates for IMAP and SMTP?
No, but admittedly just a cheap chained certificate...
What's the key length? This article seems to imply it must be =
RFC 7489 was published last month. Using zdkimfilter 1.5 it is easy to meet
DMARC minimum implementation requirements --section 8 of the RFC. That section
stresses the ability to send and receive reports, which is the most noteworthy
addition with respect to ADSP. It makes mail servers of
On Mon 02/Mar/2015 18:58:31 +0100 Jan Ingvoldstad wrote:
On Mon, Mar 2, 2015 at 5:24 PM, Alessandro Vesely ves...@tana.it wrote:
How about users deploying Tor?
Judging from their somewhat cute, naive paranoia, yes, they would be very
interested in that kind of data. :-)
There are also
On Mon 02/Mar/2015 15:54:05 +0100 Jan Ingvoldstad wrote:
On Sun, Mar 1, 2015 at 3:42 PM, Alessandro Vesely ves...@tana.it wrote:
Use case 1:
Hi, this is $customer,
could you please provide a log for which IP addresses have tried to logon
as $user?
The complete list of IP addresses
On Fri 27/Feb/2015 10:28:12 +0100 Jan Ingvoldstad wrote:
I hoped I could, by using e.g. less to view the debug log (debug level 1)
The debug log is useful for debugging, but lines get garbled if there are
concurrent logins, and it's not quite machine-readable.
[DATE] [host] imapd: LOGIN
On Thu 26/Feb/2015 16:22:09 +0100 Mark Constable wrote:
On 26/02/15 11:40, Sam Varshavchik wrote:
But the best course of action is to wrap that third party app,
somehow, and change the return address to use dashes instead of
pluses. That would make things much easier.
Thanks, I can see
On Thu 26/Feb/2015 02:40:57 +0100 Sam Varshavchik wrote:
Mark Constable writes:
I have a 3rd party app that produces a reply-to address like this...
ciab+605e46207a16cd9170493949c2684fb1-...@renta.net
What would be the best alias method to land this in the mailbox of
c...@renta.net? If
On Tue 24/Feb/2015 03:28:21 +0100 Sam Varshavchik wrote:
Well, the per-IP address differention is mostly related to the maximum number
of simultaneous connections that are accepted, and that's handled by
couriertcpd, not authdaemon.
Let me just add that an external tool, such as fail2ban,
On Mon 16/Feb/2015 13:18:21 +0100 Sam Varshavchik wrote:
No – the javascript popup menu are navigation links to /authlib, /imap,
/sqwebmail, /maildrop; which all have the same menu.
BTW, /unicode is not linked that way, and doesn't link back. Does that reflect
some kind of temporariness in
On Sat 07/Feb/2015 14:51:20 +0100 Hanno Böck wrote:
On Sat, 7 Feb 2015 08:40:07 -0500 Jeff Potter wrote:
465 has the benefit that the STARTTLS keyword can’t be MITM stripped.
That's kinda the thing: STARTTLS doesn't really make that much sense
any more in a world where we essentially want
On Sat 31/Jan/2015 13:55:24 +0100 Sam Varshavchik wrote:
Alessandro Vesely writes:
I have something like so:
vfprintf(stderr, fmt, ap);
va_end(ap);
fputc('\n', stderr);
That INFO: arrived from a sibling process. They both inherit fd 2 as a
pipe
to courierfilter
On Fri 30/Jan/2015 11:30:25 +0100 Szépe Viktor wrote:
Idézem/Quoting Alessandro Vesely ves...@tana.it:
Every now and then log lines from a filter through stderr to syslog get
intermixed. For example, this came as a single line:
Jan 29 13:49:35 wmail courierfilter:
zdkimfilter[31367
Every now and then log lines from a filter through stderr to syslog get
intermixed. For example, this came as a single line:
Jan 29 13:49:35 wmail courierfilter:
zdkimfilter[31367]:INFO:zdkimfilter[31364]:drop
msg,id=005DC056.54CA2C5F.7A7D: Found-Virusdrop
On Thu 22/Jan/2015 02:27:02 +0100 Justin Vallon wrote:
I am having a discussion in a support ticket about an MX record
pointing to a CNAME.
Searching for references for MX and CNAME leads to RFC 2181:
{{{
10.3. MX and NS records
The domain name used as the value of a NS resource
On Sun 11/Jan/2015 22:36:59 +0100 Gordon Messmer wrote:
On 01/09/2015 08:18 AM, Alessandro Vesely wrote:
To kill by pid is going to be difficult for forked filters. I issue a call
kill(0, SIGTERM) when the pipe is closed, but I had previously called
setsid().
I'll note that the man page
On Sat 10/Jan/2015 00:08:04 +0100 Sam Varshavchik wrote:
Alessandro Vesely writes:
Currently, the shutdown code just gives up, after a timeout, in this
manner. I
do agree that an attempt should be made to kill all processes, after a
reasonable timeout, so it's something that I need
On Thu 08/Jan/2015 23:51:56 +0100 Jeff Potter wrote:
4. After start, pythonfilter is not started — 'filterctl start pythonfilter'
fails to bring it up with this:
filterctl start pythonfilter
ln: creating symbolic link `/etc/courier/filters/active/pythonfilter'
to
The new version can interoperate better with other filters, as it can
reject/drop based on a header added by another filter, or install with a
different name so that another filter can reject/drop based on DKIM
verification.
See more detail at http://www.tana.it/sw/zdkimfilter/
Still no DMARC
On Tue 16/Dec/2014 19:22:05 +0100 Anders Le Chevalier wrote:
On 2014-12-16 07:20, Mark Constable wrote:
...
Bonus question, aside from fail2ban, has anyone got any rules for iptables
to block/drop on an OS level any courier-related authdaemon logins and
these port 25 access attempts?
On Sat 13/Dec/2014 03:23:57 +0100 Sam Varshavchik wrote:
Alessandro Vesely writes:
Right, so it must have been Apple's server
(http://www.appmaildev.com/en/dkim/)
I tentatively installed the following patch. It prevents wrapping without
apparently causing any blatant malfunction. What
On Fri 12/Dec/2014 00:29:42 +0100 Sam Varshavchik wrote:
Alessandro Vesely writes:
After further investigation I found out that Courier smtp client wraps header
lines longer than 70 (rfc822_getaddrs_wrap). Sendmail unwraps the newline to
work around a Lotus Notes quirk which used to cause
On Fri 12/Dec/2014 13:13:02 +0100 I wrote:
--- courier/libs/comrwheader.c.orig 2013-08-25 20:44:47.0 +0200
+++ courier/libs/comrwheader.c2014-12-12 09:03:44.0 +0100
@@ -98,7 +98,7 @@
unsigned i, l;
char*p;
-
On Fri 12/Dec/2014 13:44:43 +0100 Matus UHLAR - fantomas wrote:
On 12.12.14 13:13, Alessandro Vesely wrote:
I tentatively installed the following patch. It prevents wrapping without
apparently causing any blatant malfunction. What would you say about it?
(I didn't explore what unexpected
Sam,
when MAL wrote me about this bug I thought it was a sendmail idiosyncrasy. He
found that a long display phrase makes the From: header wrapped. I checked
several DKIM validators and found (only) one of them succeeded; that is, the
From: line wasn't wrapped, like in local bcc's.
After
On Sun 07/Dec/2014 15:05:36 +0100 Sam Varshavchik wrote:
setting MIME=none before sending mail from the local host should prevent MIME
changes that invalidate DKIM signatures. Is there a way to get those changes
before signing, instead?
I tried something like this Perl code:
$final =
Hi,
setting MIME=none before sending mail from the local host should prevent MIME
changes that invalidate DKIM signatures. Is there a way to get those changes
before signing, instead?
I tried something like this Perl code:
$final = `sendmail -n $outfile`;
write_file($outfile,
On Sun 30/Nov/2014 20:09:46 +0100 Matus UHLAR - fantomas wrote:
On 30.11.14 09:19, Sam Varshavchik wrote:
But, if someone wants to do that, this setting is available; and,
since it's their server, and if they wish to ignore the requirement
to not validate the HELO, it's their prerogative to
On Fri 28/Nov/2014 13:34:41 +0100 Marcin 'Rambo' Roguski wrote:
I receive mail from one server that is (obviously) misconfigured, but -
unfortunately - it's in my interest to receive mail from it.
Why is it misconfigured? Its SPF record is fine, and IP 178.63.50.70 is one of
the authorized
On Wed 12/Nov/2014 14:42:02 +0100 Matus UHLAR - fantomas wrote:
Stephan Knorr writes:
I am trying to deny authenticated esmtp (on port 587) for local users who
have configured their email-client with a foreign from-address (not in our
local domain).
On 12.11.14 08:13, Sam Varshavchik
On Mon 03/Nov/2014 19:48:55 +0100 I wrote:
For example, as I use MySQL, I could add a badpw field in the user table,
and
craft a select statement that returns the honeypot's username when the input
local_part matches the compromised password instead of the good one.
I cannot, of course.
Some bug fixes/added option here:
http://www.tana.it/sw/avfilter/
It works with ClamAV 0.98.4
Ale
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
On Wed 05/Nov/2014 12:20:38 +0100 Hanno Böck wrote:
Am Wed, 05 Nov 2014 08:19:36 +0100
schrieb Alessandro Vesely ves...@tana.it:
Not according to https://dmarcian.com/spf-survey/hboeck.de
If you look at the bottom of that page, that tool found 4 occurrences
of the same block
On Tue 04/Nov/2014 21:48:28 +0100 Hanno Böck wrote:
Am Tue, 4 Nov 2014 13:23:25 +0100
schrieb Matus UHLAR - fantomas uh...@fantomas.sk:
you should be glad you are receiving neutral, the SPF checker at
http://www.kitterman.com/spf/validate.html gives something different:
Results -
Hi,
a mailbox of mines was compromised last week. I hate that. I changed the
password just before the automated limit blocked the account. The spammer
seems to have a huge botnet, and I still see 535 Authentication failed in the
logs. I set DEBUG_LOGIN=2 to make sure they are using the old
1 - 100 of 648 matches
Mail list logo