[courier-users] Courier build 20170725

2017-07-25 Thread Sam Varshavchik

Download: http://www.courier-mta.org/download.html

Updated development build restores the TLS_PROTOCOL setting, with the  
remaining available options, and updating the verifyfilter module to cache  
validated E-mail addresses.


Cumulative changes:

- OpenSSL 1.1.0 update. Some options to select specific TLS protocol levels  
are no longer available. The TLS_PROTOCOL setting adjusted accordingly, and  
the deprecated options are mapped to their nearest approximate setting. No  
changes to the GnuTLS alternative option.


- maildrop: added the new "system" command.

- The SMTP sending code has been rewritten and factored out into an internal  
library.


- New "verifyfilter" module, a filter module that verifies the email sender  
address by initiating a callback connection to the sender's domain, using  
the internal SMTP library. The module is also available as a "verifysmtp"  
command-line tool, that does the same.




pgpkx3SqauT3W.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] development version of Courier.

2017-07-25 Thread Sam Varshavchik

Matus UHLAR - fantomas writes:


On 24.07.17 21:17, Sam Varshavchik wrote:
- OpenSSL 1.1.0 update. Custom protocol level format selection has been  
deprecated. The TLS_PROTOCOL setting is removed from all configuration  
files, and the latest supported TLS version will always be used. No changes  
to the GnuTLS alternative option.


do you want to say that we'll be unable to disable/enable some protocol
versions as we did before?


Yes, and no. The OpenSSL library deprecated, and will be removing most of  
those options. They are no longer available via OpenSSL. But it turns out  
it's still possible to use some of the "+" configurations, so I'll be  
putting TLS_PROTOCOL back in, but with only a limited set of options to  
choose from.




pgpABai_dJOoo.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] (no subject)

2017-07-24 Thread Sam Varshavchik

Download: http://www.courier-mta.org/download.html

New development build of Courier is available. The major change is a top-to- 
bottom rewrite of the SMTP client, and a new mail filter (making use of the  
rewritten SMTP client). The SMTP client rewrite will result in a (several)  
version change bump, down the road.


The OpenSSL 1.1.0 change is also in the courier-imap package, and the  
maildrop change in the maildrop package.


Changes:

- OpenSSL 1.1.0 update. Custom protocol level format selection has been  
deprecated. The TLS_PROTOCOL setting is removed from all configuration  
files, and the latest supported TLS version will always be used. No changes  
to the GnuTLS alternative option.


- maildrop: added the new "system" command.

- The SMTP sending code has been rewritten and factored out into an
internal library.

- New "verifyfilter" module, a filter module that verifies the email sender  
address by initiating a callback connection to the sender's domain, using  
the internal SMTP library. The module is also available as a "verifysmtp"  
command-line tool, that does the same.




pgp8DId28lYif.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] SHA in userdb

2017-07-24 Thread Sam Varshavchik

SZÉPE Viktor writes:


Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>:


SZÉPE Viktor writes:


Hello!

Would it be possible to document secure hash (SHA-256) support in userdb?


systempw=$5$


Produced with mkpasswd --method=sha-256 PASS SALT


What do you mean "document"?


Just mention it somewhere.
For example on this man page
http://www.courier-mta.org/authlib/userdbpw.html


The userdbpw tool can only generate the '$1$'-formatted passwords.

userdbpw does support the -hmac-sha256 option, which is something else,
but which I'll add to the documentation.



pgpZIge1uvdUj.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] SHA in userdb

2017-07-24 Thread Sam Varshavchik

SZÉPE Viktor writes:


Hello!

Would it be possible to document secure hash (SHA-256) support in userdb?


systempw=$5$


Produced with mkpasswd --method=sha-256 PASS SALT


What do you mean "document"?




pgpFwXrxW686t.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] courieresmtpd: STARTTLS failed: Certificate is bad

2017-07-19 Thread Sam Varshavchik

Lucio Crusca writes:


Hello,

I've just installed a new Courier instance in a new Debian GNU/Linux 9 amd64  
server from distro packages.


This Courier should act as smart relay for another server and nothing else.

So far I've enabled courier-mta and courier-msa systemd services, changed  
the ports they listed on and created a real system account for mail relay  
(authpam). I've also let


TLS_VERIFYPEER=NONE

in /etc/courier/courierd.

Then I tested the smarthost from Thunderbird, by configuring it as outgoing  
server. It does not work. When TB tries to send a message, it connects to  
the non-default MSA port, it starts talking to the server (STARTTLS) for a  
few seconds, then it fails for "unknown reason". Server-side, in the logs, I  
get:


Jul 19 04:48:17 mrelay courieresmtpd: started,ip=[:::80.180.158.103]
Jul 19 04:48:18 mrelay courieresmtpd: courieresmtpd: STARTTLS failed:  
Certificate is bad


I don't know what to try next.


Check the server's certificate, esmtpd.pem. That's the only certificate in  
play here. The file is probably corrupted.


pgp4Q8tPJRZML.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Rerun .mailfilter?

2017-07-15 Thread Sam Varshavchik

Lucio Crusca writes:


Hello,

I've just edited my .mailfilter. Is it possible to run it once again for  
every already delivered message in my INBOX root maildir only, so that  
maildrop moves my messages in the respective new subfolders, according to  
the new .mailfilter rules?


There's no automatic way to do it. But, what you can do is manually move all  
messages from INBOX to a temporary directory, and then have a short script  
run maildrop in a loop, for each message on its standard input.


Something like:

cd $HOME
mkdir inbox.tmp
mv Maildir/cur/* inbox.tmp
for f in inbox.tmp/*
do
  maildrop <$f
done



pgp0GL1B_qYFP.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] sendmail removes bcc header unconditionally

2017-07-06 Thread Sam Varshavchik

Gordon Messmer writes:


On 07/06/2017 01:58 PM, Sam Varshavchik wrote:

This is a reasonable position to make, so I'll change this.



Thanks very much, Sam.  If you push a patch into git (github looks a bit out  
of date?) I'll test it.  Or, if you'd rather, I can modify sendmail and send  
a patch.


Yeah, github was a couple of commits behind. Just pushed everything out, and  
it's up to date now.





pgpJGQYoFfPpX.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] sendmail removes bcc header unconditionally

2017-07-06 Thread Sam Varshavchik

Gordon Messmer writes:


On 07/06/2017 03:54 AM, Sam Varshavchik wrote:
Would it work to simply use a custom header name instead of "Bcc:". Most  
email clients won't show it by default, but it's going to be there and can  
be looked at, in some way; and the email clients will also ignore it if the  
message is replied to.



That's the other option I'm looking at, and I'm more likely to go that route  
than introduce another message delivery code path in the framework.  Some  
record is better than no record, but I feel like that path would still be  
very slightly inferior to the solutions that Gmail and Courier IMAP  
provide.  Is there a logical reason why sendmail should remove the Bcc:  
header when headers aren't used to indicate recipients?


My recollection is hazy, but I thought that this was sendmail-sendmail's  
behavior, which was to simply strip off the Bcc: header from the mail.


The current version of sendmail's man page suggests – with some  
ambiguity – that only the -t option does that; so I don't know whether this  
was changed some time, or it was always like that.


I was curious as to the historical origin of this, and poking around the  
Intertubes all the references were to RFC 733 which only states that “the  
contents of this field are not included in copies of the message sent to the  
primary and secondary recipients. Some systems may choose to include the  
text of the "Bcc" field only in the author(s)'s copy, while others may also  
include it in the text sent to all those indicated in the "Bcc" list.”  
without going into much detail of how the recipient list is established; but  
the "may" part's only logical intepretation is that the whole thing is  
always optional.


Still, from a certain point of view, sendmail-sendmail's behavior is quite  
reasonable, too. You can say that by explicitly specifying the recipient  
list this places the onus on the sender to identify the so-called "primary  
and secondary" recipients; with the presumption that the sender is  
responsible for formatting the message, and the sender is wholly responsible  
for including or omitting the contents of the Bcc. This is a reasonable  
position to make, so I'll change this.


pgpU3zvzSFowB.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] sendmail removes bcc header unconditionally

2017-07-06 Thread Sam Varshavchik

Gordon Messmer writes:

I'm working on improving my "sentfolder" mail filter.  This filter works  
like GMail's SMTP system, copying messages that a user sends into their sent  
folder, so that messages only need to traverse the network once.  Courier  
IMAP has a better option, but no client support to speak of.


I've updated the sendfolder filter to examine the recipients in the control  
files and the message file headers, and add a Bcc: header for any addresses  
that don't appear in the message headers.  It then uses sendmail to send a  
copy to the user, along with a header that marks it for delivery to their  
sent folder. The problem here is that sendmail unconditionally removes the  
bcc: header.  I think it might be better if sendmail removed the bcc header  
only if it uses headers for the destination addresses, and left the bcc  
header if it uses destinations given as command line arguments.  Would that  
be an acceptable change?


I could work around the problem by using SMTP rather than sendmail, but I  
prefer to use sendmail to avoid passing through the courier filters (at  
least, in the default configuration).


Would it work to simply use a custom header name instead of "Bcc:". Most  
email clients won't show it by default, but it's going to be there and can  
be looked at, in some way; and the email clients will also ignore it if the  
message is replied to.




pgpRHc4p8PIVR.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Blacklisted email addresses not cleared

2017-07-05 Thread Sam Varshavchik

Bernd Plagge writes:


Hi all

I recently found some cases were blacklisted email addresses (recorded in  
/var/lib/courier/track) were not cleared by the "courier clear user@domain"  
command.


I ran strace and here  is the result:

fstat64(3, {st_mode=S_IFREG|0644, st_size=173, ...}) = 0
write(3, "1499264814 aem...@domain.com"..., 33) = 33
close(3)= 0
fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0
write(1, "m...@domain.com cleared.\n", 30) = 30
exit_group(0)   = ?


That's the expected result. An email address gets cleared by adding an A  
record, so this looks ok.


Reviewing the code in question I only see a potential problem with "clear  
all" not working correctly, but clearing an individual address should work.




pgp1WFJM2MF8d.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] setuid/setgid problem, mail from website not sent

2017-07-05 Thread Sam Varshavchik

Bernd Plagge writes:


Hi

I'm trying to send mail from website mail, or webmail.
However, sending doesn't work,

Log entries:

Jul 06 00:25:45 linde lighttpd[1182]: setuid/setgid: Operation not permitted
Jul 06 00:25:45 linde lighttpd[1182]: /cgi-bin/FormMail.pl: close sendmail  
pipe failed, mailprog=[/usr/lib/sendmail -oi -t] at (eval 9) line 108.


The courier sendmail program:
s -l /usr/sbin/sendmail
-rwxr-sr-x 1 root courier 59120 Jan 26  2015 /usr/sbin/sendmail


What can I do to solve this problem?


Permissions on the sendmail wrapper should be setuid root, not setgid.




pgprgnATZ9HsP.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Authenticate Clients via TLS client cert

2017-07-02 Thread Sam Varshavchik

Bernd Wurst writes:


Hello,

I'm struggling with the question if it is possible to authenticate
clients (optionally) with a client certificate. I found some docs about
dovecot implementing this [1] and was wondering if courier (SMTP) could
also be used with this?

I could not find something about it in the docs.


The desired use would be that we operate a local CA and issue
certificates that contain a user name (e-mail-address) as common name
and courier authenticates this certificate as the given user, so that
logging and processing will continue have the sender's data.

[1]: "Client certificate verification/authentication", half way down at
https://wiki.dovecot.org/SSL/DovecotConfiguration


http://www.courier-mta.org/install.html#sslcert

Also described further in the esmtpd-ssl configuration file, under  
TLS_EXTERNAL.


For this to work, the certificate subject needs to specify whatever would be  
used for the login ID when authenticating manually.




pgpi8XcrDFBKM.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] New releases of Courier packages.

2017-07-02 Thread Sam Varshavchik

Download: http://www.courier-mta.org/download.html

New releases of courier, courier-unicode, courier-authlib, courier-imap,  
sqwebmail, maildrop, and cone packages.


Changes:

- The courier-unicode library updated to use C++11 unicode features.

- Some SMTP connection failures were not reported correctly.

- maildir quota calculation will ignore symbolic links to folders.

- Fix TLS peer hostname verification issue caused by CNAME records.

- Do not use ANY queries for DNSBL lookups.

- Fix compilation errors with OpenSSL 1.1.0.

- Include several Debian patches.



pgpn8714cb_qg.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] szmlink counts as quota

2017-06-17 Thread Sam Varshavchik

SZÉPE Viktor writes:


Idézem/Quoting Gordon Messmer :


On 05/18/2017 06:31 PM, SZÉPE Viktor wrote:

Could it be that that Courier counts Sent folder size three time while
calculating quota?



Can you test this patch?


Thank you!!

Sam, could we incorporate this patch?


This was merged, with a slight technical change.


pgpck9H8x9x5n.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Message delivered, but no message in INBOX

2017-05-18 Thread Sam Varshavchik

Alessandro Vesely writes:

Although the real issue is maildrop, let me note the following about courier- 
base:


* couriertcpd could be just suggested or recommended, not required,


It most certainly is required. The default startup script require it.

I suppose you could customize the package to use inetd. Or systemd. To  
listen on the port and start the server.


This would mostly work for imap and pop3. But this is going to lose quite a  
bit of functionality with smtp, which depends on couriertcpd for setting  
environment variables based on the connecting IP address.




pgpwicQitusdk.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Message delivered, but no message in INBOX

2017-05-18 Thread Sam Varshavchik

Markus Wanner writes:


> The
> differences are in the configuration. The biggest difference is
> maildrop, because it ties in directly into mail delivery, and it has
> Courier-specific features, and Courier has maildrop-specific features as
> well.

Understood.

(If you're provided a maildrop binary, how do you tell which variant it is?)


$ maildrop -v
maildrop 2.8.5 Copyright 1998-2015 Double Precision, Inc.
Courier-specific maildrop build. This version of maildrop should only be used
with Courier, and not any other mail server.

Fairly unambiguous. This part of the version string is only present in the  
courier-specific maildrop build.






pgpB6mBu8cYkE.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Message delivered, but no message in INBOX

2017-05-17 Thread Sam Varshavchik

Markus Wanner writes:


Hi,

On 17.05.2017 02:44, Sam Varshavchik wrote:
> Only one maildrop package is needed. And one courier package, that's it.

Unfortunately, there is not separate courier-mta source release. Only


When I refer to source releases, I always refer to http://www.courier- 
mta.org/download.html



> Did you know that there's also a separate courier-imap package?

There is a courier-imap package for Debian, built from the courier
sources. Are you saying this one is incompatible to the separate
courier-imap source release?


I am not familiar with the details of Debian's packaging. I can only explain  
how I package the source.



And to live up to the simplicity you're advocating, I'd recommend
eliminating any difference between individual components and the bundle.
I'm not the first one to be caught by surprise, and I certainly won't be
the last one.


There are no functional differences, except for maildrop. The differences  
are in the configuration. The biggest difference is maildrop, because it  
ties in directly into mail delivery, and it has Courier-specific features,  
and Courier has maildrop-specific features as well.


It should be possible to build courier, and selectively carve out the built  
imap and sqwebmail components to be individually installed without courier.


But that's going to require writing custom startup scripts. There's only one  
startup script for courier, that starts everything. It's fairly easy to  
carve out imap and webmail as an optional subpackage. Courier's startup  
script will try starting them only if it finds them installed. But left to  
their own merits, the subpackages won't do anything without writing and  
adding some startup scripts into the subpackages. Then they can be installed  
independently and use without Courier. But then, you'll also have to fix  
courier's startup script not to try starting them itself, since the  
subpackage will take care of with its own startup script.


Again, all of the above describes what's in the upstream source. I am not  
familiar with Debian's packaging.




pgpNgJQRfNLDy.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Message delivered, but no message in INBOX

2017-05-16 Thread Sam Varshavchik

Markus Wanner writes:


I don't quite see how that matters. It's the same set of source files,
which would need the same set of security fixes, for example. What does
the duplication of efforts buy us?

I'd rather state that duplication of code is never a good idea, but a
sign for bad modularization.


Nothing is duplicated. It's one source repo. Packaging is a completely  
different matter.



By that reasoning, Debian would have to ship about a dozen variants of
maildrop packages. That's clearly not going to happen.


Only one maildrop package is needed. And one courier package, that's it.


While I generally agree that it's good practice to remove stuff that's
really not needed, the courier variant *is* needed (by some users,
including myself).


Certainly, and there's a single package that configures and installs  
everything: courier.



   Splitting sources and duplicating efforts only


Nothing is split. It's the same software, just packaged differently.


I'll check if it's feasible to re-add the courier-maildrop package in
Debian stretch (i.e. the Courier specific variant), but I'd greatly
appreciate if you could reconsider this split.


Nothing is split. There are two separate packages, for two separate  
situations. One, a single courier package, that includes everything  
configured to work together. And the second package is the maildrop package,  
configured without any courier dependencies, to be plugged into other mail  
servers. That's it. It couldn't be any simpler.


Did you know that there's also a separate courier-imap package? It's just  
the IMAP server component, that can be set up independently, and glued  
together with other mail servers. There's also the sqwebmail package, a mail  
server-independent webmail server.


And, of course, the Courier package installs everything, configured to work  
with each other. Couldn't be any simpler.


And things have been this simpler for over 20 years now. That's how long  
things have worked this way, with no issues. People get the right package  
for them, compile it, and install it. That's it.




pgpJLuPCMyOkl.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Message delivered, but no message in INBOX

2017-05-16 Thread Sam Varshavchik

Markus Wanner writes:


I'd quickly like to elaborate on why the former Debian maintainer
decided to do that and hope for your understanding:

Before, there was a courier-maildrop as well as a (stand-alone) maildrop
package. Meaning those two are built from the very same source, but


They should not be. maildrop is a separate source package. It's a tarball in  
of itself, that's built independently.


Now, the fact that this tarball contains code that's also found in another,  
larger, package, that's a different subject.



Couldn't most of this configuration be moved to runtime, rather than
compile time?


The Courier build of maildrop implements a Courier-specific option that's  
got ...a bit of juice to it, taking advantage of its temporary root  
permissions.


Although the relevant bits in question do all their due diligence, checking  
that the real uid/gid is the one that's baked into the source, and thusly is  
only available to Courier, etc., it's good practice to remove stuff that's  
not needed. Multiple layers of security. It's better to keep that code out  
of the non-Courier specific maildrop, altogether.


pgpIGACk1jI_e.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Message delivered, but no message in INBOX

2017-05-16 Thread Sam Varshavchik

Lucio Crusca writes:


but the maildrop manpage reports:

"-V is ignored when maildrop runs in delivery mode."

and maildropfilter manpage reports the same about the VERBOSE variable.


Then run maildrop manually, yourself. Run maildrop with -V from the shell,  
pipe a test message on standard input, and see what it logs.


is there any other switch to make maildrop log informations while in  
delivery mode?


Please advice, I'm at a loss.


Bottom line is that Debian's Courier package is not correctly built. If you  
can't figure out a workaround, there's no other option besides building your  
own Courier package, from source.





pgpZSidxVvAEO.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Message delivered, but no message in INBOX

2017-05-14 Thread Sam Varshavchik

Lucio Crusca writes:


Sam Varshavchik writes:
> From the logs, you've configured spamd to be responsible for delivering
> mail
 >
 > You have to take smaller steps, and get one thing working, at a time.

I've now moved spamd out of the way. My previous DEFAULTDELIVERY was

DEFAULTDELIVERY="|/usr/bin/spamc|/usr/bin/maildrop"

The current one is:

DEFAULTDELIVERY=./Maildir

and everyting works. However if I try to use maildrop alone, with:

DEFAULTDELIVERY="| /usr/bin/maildrop"

it stops working again, so I think I have a problem with maildrop rather
than spamd.


Then, look in the .mailfilter file to see what the delivery instructions are.

maildrop also has a verbose flag, that causes it to generate its own logging.




pgpB8shQVlAMs.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Message delivered, but no message in INBOX

2017-05-14 Thread Sam Varshavchik

Lucio Crusca writes:



E.g. no files written into the Maildir, despite the "Message delivered"
log. I've also tried to access the Maildir with Thunderbird and
RoundCube and they both confirm there aren't any messages.

I have no clue about what I should check... please help.


From the logs, you've configured spamd to be responsible for delivering  

mail, so you'll have to look in that direction.

You can start by completely removing spamd from your configuration, so that  
it's out of the picture, and with Courier delivering mail directly to the  
mailbox, confirming that mail delivery works. Once that's settled, you can  
then bring spamd back into the picture, and work on it.


When trying to do too many things at once, if something is broken somewhere  
it is often not clear where exactly the issue is. You have to take smaller  
steps, and get one thing working, at a time.




pgprDAtl_A3Ms.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] 456 Address temporarily unavailable

2017-05-13 Thread Sam Varshavchik

Lucio Crusca writes:


Now for the problem. Out of 6 accounts. 5 do work correctly. For one of
them Courier replies "456 Address temporarily unavailable".
"courier clear" on maxwell does not change the reply I get afterwards.


The 456 occurs only after a previous mail delivery failure. It's a temporary  
block on an email address that failed delivery. There's nothing to be done  
about it, the only thing you can do is address the original delivery failure.


You need to carefully examine your logs and locate the original delivery  
failure. The "courier clear" command takes an argument, either the email  
address or "courier clear all".


The email address given to "courier clear" may not necessarily be what you  
think it is when it is a local address, as a result of mail aliasing. So use  
"courier clear all" to remove all addresses, then make a delivery attempt,  
and carefully observe what the logs say.





pgpsQjXb2M6Ts.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Throw-Away EMails

2017-05-02 Thread Sam Varshavchik

Michelle Konzack writes:


On 2017-05-02 06:58:40 Sam Varshavchik hacked into the keyboard:
> Michelle Konzack writes:
>
> >Removing "~/.courier-default" and use  instead  "~/.courier-"
> >would be a better  solution  but  require  root  rights  (sudo?)  to  be
> >installed from a webinterface...
>
> Well, it requires the rights to create files in ~; not root but
> whichever userid owns that directory.

Already discovered...  ;-)

I was not aware, that courier allow this.


What, the existence of the .courier files themselves? They've been around  
for decades, with their functionality identical to the same functionality in  
Qmail, which has the same exact concept.


The fact that they can be created at will – we'll they're just files,  
that's all.


pgpJu3t1YN79F.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Throw-Away EMails

2017-05-02 Thread Sam Varshavchik

Michelle Konzack writes:


Removing "~/.courier-default" and use  instead  "~/.courier-"
would be a better  solution  but  require  root  rights  (sudo?)  to  be
installed from a webinterface...


Well, it requires the rights to create files in ~; not root but whichever  
userid owns that directory.




pgpaTMEimqIXb.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Alias stop working from one day to another...

2017-04-14 Thread Sam Varshavchik

Michelle Konzack writes:


I do not understand this problem.

The courier aliases config is untouched since beginning of January  2017
and it was working until 2017-01-28 for this particular address.   I  do
not find any notices in the logs what can happen the "address not found"

Can it be, that sometimes courier get a hickup and lost infos  from  the
alias table?


Changes to the alias file do not require a server restart. Courier checks  
the timestamp on the compiles the alias file, and rereads it when it  
changes. The only thing I can think of would be a situation involving  
network-mounted file storage, and a temporary, transient problem.




pgpZyLhECkneQ.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Alias stop working from one day to another...

2017-04-13 Thread Sam Varshavchik

Michelle Konzack writes:


Helloo *,

I do not understand WHY it does not more work, because before it WAS
working.

I have for my "ITSystems" account an alias file of

ab...@itsystems.tamay-dxxxn.net: catchall-tdnet.itsystems-abuse
supp...@itsystems.tamay-dxxxn.net: catchall-tdnet.itsystems-support
dhl-servi...@itsystems.tamay-dxxxn.net: catchall-tdnet.itsystems-dhl-services

where the first two are still working (since many years).

The third alias has compleately unexpected stoped working since  January
2017 after my Server was rebooted.

I run a check and dump with makealiases but there is no error at all.
Also a "courier show all" does not give any output

<19>1 2017-04-13T12:38:19.743227+02:00 mail courieresmtpd  - -   
error,relay=2a00:1450:4010:c07::230,from=,to=edhl- 
servi...@itsystems.tamay-dxxxn.net>: 550 User  unknown


Any hints?


What happens when you send mail directly to services@>.





pgpAGK59nCXlG.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] RBL answers

2017-03-31 Thread Sam Varshavchik

David Niklas writes:


On Fri, 24 Mar 2017 16:41:35 -0400
Sam Varshavchik <mr...@courier-mta.com> wrote:
>
> I think they're smart enough to understand how DNS works. I don't need
> to tell them that.
>
> I can't quite put my finger on why exactly I believe that this would be
> a waste of energy, trying to fight it. Call it a sixth sense, of sorts,
> of me being involved in this industry for a while.

If I brought the matter before them referencing this thread would you
mind?
(Not that I don't have better things to do but it's worth a try...)


Feel free. This is a public mailing list. I always thought that it was quite  
silly for anyone on a public mailing list, that's probably archived and  
searchable in a bunch of places, to have some kind of an issue with their  
public scribblings being forwarded all over the place.


pgpZLSQjf6heo.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Build 20170309 of Courier packages

2017-03-30 Thread Sam Varshavchik

Alessandro Vesely writes:


On Wed 29/Mar/2017 13:17:12 +0200 Sam Varshavchik wrote:
> I don't see anything in courier-authlib that needs C++. I think it's only  
the

> configure script in courier-authlib that's broken. Try build 20170329.

Could't find 20170329, where is it?


It was where it should've been: http://www.courier-mta.org/download.html#authlib

I noticed before that if you have a long-running browser session and you  
visited the page already you need a force-reload to get an updated page. Or  
quit or restart the browser. Messing around with non-default cache  
expiration headers for just that page isn't very high priority for me, at  
the moment.



authpgsqllib.cpp:14:22: fatal error: libpq-fe.h: No such file or directory
 #include 
  ^
compilation terminated.
Makefile:1352: recipe for target 'authpgsqllib.lo' failed

I reckon anyone having PostgreSQL should experience this error.  The include
file /usr/include/postgresql/libpq-fe.h cannot be found without a proper -I,
which is in CFLAGS but not CXXFLAGS.  The last authpgsqllib.c I have is in
courier-authlib-0.66.4.20160106 and named .cpp thereafter.


Ok, that was something else, that fell out of the C++ rewrite. Made another  
fix to configure.ac, which should fix this one too. Build 20170330 is there  
now.





pgpdYaDqWsfRu.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] courier-authlib: exported symbols

2017-03-30 Thread Sam Varshavchik

Markus Wanner writes:


Hello Sam,

I'm about to take over maintenance of the courier-mta packages in
Debian, so I'll likely have further questions.

Let's start with a simple one regarding courier-authlib:

Compared to 0.66.4, these three symbols have vanished from
libcourierauthcommon.so.0 in version 0.67.0:

 * auth_parse_chpass_clause@Base 0.66.4
 * auth_parse_select_clause@Base 0.66.4
 * authgetconfig@Base 0.66.4

What happened to them?

Removing symbols is certain to be backwards-incompatible, but the
library's soversion didn't change. If the authlib is intended to be
backwards-incompatible, mind to incement the soversion?

In addition, these methods were added:

>   
(c++)"courier::auth::config_file::expand_string(std::__cxx11::basic_string

Re: [courier-users] Can courier sort mail for one user into multiple subfolders for imap

2017-03-30 Thread Sam Varshavchik

li...@datenritter.de writes:


> Maybe scrap the whole thing. Use backticks to feed the email to a Perl
> script that safely parses headers.

Okay... the beforementioned problems left aside, what is the advantage?


You can safely implement the same functionality in Perl itself, instead of  
executing shell commands, which is difficult to do right without creating  
security holes.



It's all about a simple regex. IMHO, the beauty of all solutions
discussed here is that they use maildropfiler and nothing else.


maildropfilter is fine for simple mail filtering tasks. But it's not Perl.


"At the very least"? Does an external perl script have any security
advantage over this?


See above. A Perl script can validate and do a lot more things, all without  
shelling out to external commands.




pgptsokKIuh6S.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] SSL Report on Courier's TLS settings (includes answer)

2017-03-30 Thread Sam Varshavchik

Alessandro Vesely writes:


SSL/TLS compression Yes   INSECURE (more info)
[(more info)->https://community.qualys.com/blogs/securitylabs/ 
2012/09/14/crime-information-leakage-attack-against-ssltls]


I note the TLS_COMPRESSION option has gone away.  Are there other TLS  
options worth trying to remove compression?


The only known issue with TLS compression is when it is also used by web  
servers that also implement SPDY, and its own built-in compression.


You have to read https://en.wikipedia.org/wiki/CRIME very carefully.




pgpg2nKsVdOi7.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Can courier sort mail for one user into multiple subfolders for imap

2017-03-29 Thread Sam Varshavchik

li...@datenritter.de writes:


Below is how I did it. Unfortunately the script stopped working a few
months ago writing hundreds of mails to (mbox?-)files with useful names
like ".@".

My debug version with some extra logging needs more input, so I'll send
it to this list... ["Yo dawg, I heard you like mail filters..."]

Anyway, it's meant to make everything maintenance free. When the first
mail from a list you subscribed to is received, a maildir
".listname@some_domain_tld" is created and added to courierimapsubscribed.


# Check X-BeenThere which every good list server sets.
# List-ID is okay, too.
if ( /^X-BeenThere:\s+(.*)@(.*)/ )
{
# Pick local part and domain part, replace the dots with
# underscores.
### BUG: This leaves LPART and DPART empty. :( ###
LPART=`echo $MATCH1 | sed "s/\./_/g"`


If someone were to send an email with a carefully crafted header that reads:  
"X-BeenThere: ; rm -rf $HOME" you'll have a lot of cleanup to do.



Maybe additional quotation marks are required around "$MATCH[1|2]"?


Maybe scrap the whole thing. Use backticks to feed the email to a Perl  
script that safely parses headers.


At the very least use an additional =~ operator to verify that matched  
pattern is sane:


LOCALPART=$MATCH1

if ($LOCALPART =~ /^[A-Za-z0-9\.\-]+$/)


Then you can proceed and safely substitute $LOCALPART into an executed  
command.




pgpx7gjaJ2FBC.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Build 20170309 of Courier packages

2017-03-29 Thread Sam Varshavchik

Alessandro Vesely writes:


On Fri 17/Mar/2017 01:25:36 +0100 Sam Varshavchik wrote:
> Gordon Messmer writes:
>
>> On 03/15/2017 06:17 PM, Sam Varshavchik wrote:
>> > Ok, this actually turned out to be a small typo. Fixed in the
>> > just-uploaded 20170315, and it builds for me.
>>
>>
>> courier-unicode does build.  However, I'm unable to build the new
>> courier package with it installed (also under mock).
>>
>> https://paste.fedoraproject.org/paste/X1s-KLD0Eaiz9otZerh- 
wl5M1UNdIGYhyRLivL9gydE=

>>
>
> This should now be fixed in 20170316. All packages rebuilt, including
> courier-authlib which was also affected.

Compiling still fails for the missing C++ flags, as noted in
http://www.mail-archive.com/courier-users@lists.sourceforge.net/msg38753.html

That patch can work on the configure script directly (removing .ac from the
filename), then it compiles fine...

Out of curiosity, am I the only one stumbling on that?


Only the courier-authlib package?

I don't see anything in courier-authlib that needs C++. I think it's only  
the configure script in courier-authlib that's broken. Try build 20170329.





pgpiW3wST6hi4.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] monitoring prgram times out

2017-03-26 Thread Sam Varshavchik

SZÉPE Viktor writes:


Thank you again!

Running bind is too expensive for me. I usually use the caching DNS
resolver in the given datacenter plus µnscd
https://busybox.net/~vda/unscd/ which does local caching for Name
Service - which Courier apparently is not using.

>if (nodnslookup || getenv("NODNSLOOKUP")) return;

Is there a non-zero chance to get this into the next release?


Yes; I just have to test this myself.



pgpcC5hXxdUNt.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] monitoring prgram times out

2017-03-26 Thread Sam Varshavchik

SZÉPE Viktor writes:


Thank you for your support!

-nodnslookup is the solution for satellite type server which delivery
messages through one smarthost.

What should I do on normal (tcp/25,587,465 are open to the internet)
mail server where DNS lookup is necessary? Is there a way to exclude
localhost from DNS lookup on the initial (pre-EHLO) connection?


Looking at the code there does not appear to be a way to select -nodnslookup  
based on the connecting IP address.


There is a facility for selectively setting environment variables based on  
the connecting IP address, the smtpaccess list (see makesmttpaccess). But,  
currently nodnslookup just looks only at the parameter.


In tcpd.c, you can try changing

   if (nodnslookup) return;

to something like

   if (nodnslookup || getenv("NODNSLOOKUP"))  return;

and then put

127.0.0.1allow,NODNSLOOKUP=1

into the smtpaccess file.

But why don't you just run bind locally, and have it handle DNS resolution  
for local zones. You can have it listen only on local IP addresses, and  
thusly inaccessible from the Internet, and then get some benefits of a local  
DNS lookup cache.




pgpczm2zko9wi.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] monitoring prgram times out

2017-03-26 Thread Sam Varshavchik

SZÉPE Viktor writes:



2) Is it possible for Courier to skip DNS lookups for "localhost"?

I wonder why Courier is not using gethostbyname().
/etc/hosts contains:
127.0.0.1   localhost.localdomain localhost


gethostbyname/gethostbyaddr can only look up A addresses. Courier needs MX  
records, and so needs to use its own resolver; and with its own DNS resolver  
code already in place, it makes no sense to use different resolvers.


There are several options in the esmtpd config file that control DNS lookups  
on incoming connections:


BOFHCHECKDNS; and TCPDOPTS passes through the options to couriertcpd, such  
as -nodnslookup.






pgpmDsSvVVMSa.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] RBL answers

2017-03-24 Thread Sam Varshavchik

David Niklas writes:


On 03/10/2017(Fri) 15:35
> That's the other thing that the blacklists definitely don't want:
> excessi ve queries. Making two queries instead of one will put extra
> load on the blacklists, and slow down your mail delivery.
Well isn't that what they want, two quires instead of one?


No. From the looks of it, they want either an A or a TXT query.


> That's why I think that getting rid of ANY is counter-productive. But,
> it 's their call to make, so we'll go with that.
Why not tell them that courier has a valid use case for the ANY query?


I think they're smart enough to understand how DNS works. I don't need to  
tell them that.


I can't quite put my finger on why exactly I believe that this would be a  
waste of energy, trying to fight it. Call it a sixth sense, of sorts, of me  
being involved in this industry for a while.






pgpkOv8TlGNkS.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Server side sorting

2017-03-23 Thread Sam Varshavchik

Alessandro Vesely writes:

Their deficiencies notwithstanding (e.g. FAMPending: timeout), file systems  
are
way more mature than DBMS.  Even writing in PHP or Python at times requires  
to

consider the brand of the underlying database, let alone C/C++.  And DBs make
automating installation even harder than programming, IME.  How much does  
that

state of affairs condition current development?


Well, you've made my argument for the IMAP server to be little more than a  
translator between IMAP and the underlying filesystem. For that task, the  
current state of affairs is that the IMAP server is doing a pretty good job.




pgpcstTP02k_l.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Server side sorting

2017-03-22 Thread Sam Varshavchik

Alessandro Vesely writes:


Some IMAP servers use indexed files too.  Courier does not.  What is the
rationale behind that design choice?


I expected – as I said – for clients to handle their own caching and  
indexing. Indexing adds complexity. More code, more opportunities for bugs.  
Furthermore, there is no preset recipe for indexing. IMAP allows the client  
to request, and search, on any mail header, and on anything in the body of  
the email. There's nothing obvious to index. One could take the approach of  
indexing common mail headers; only to discover that one's own mail client  
doesn't search or request them. One could take the approach of indexing all  
headers only to get a client that caches everything itself, and thus never  
requests the same message twice; so now you're doing a lot of work creating  
an index that will never be used.


Another factor that the fact that maildirs are open to anyone. Anyone can  
come in and add or remove messages from a maildir. Allowing for this  
immediately increases the complexity of any indexing solution. It's one  
thing for an IMAP server that maintains its own private mail store, and all  
access to the mail has to go through the IMAP server. That makes it much  
easier to implement some kind of indexing. It's no longer as straightforward  
when anyone can come in and simply delete the message, that you previously  
indexed. This means that even if you have an index, you still have to go and  
check that the message still exists, before returning search results to the  
client. That, pretty much, takes back a good chunk one expected to gain,  
from indexing.






pgp5be9KjI78Q.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Server side sorting

2017-03-22 Thread Sam Varshavchik

Michelle Konzack writes:


Hello Sam,

On 2017-03-22 06:35:16 Sam Varshavchik hacked into the keyboard:
> The IMAP command is THREAD REFERENCES.

OK, this is fine since I can setup ANY commands.

> The response consists of
> message numbers, with parenthesis indicating various threads and
> subthreads:
>
> a THREAD REFERENCES UTF-8 ALL
> * THREAD (1)(2)(5 3 4)(6 7)(8)(9)(10 11 12)(13)(14)(15 16 17)(18)(19)
> (20 22)(21)(23 (24)(25))(26)(27)(28)(29)(30)(31)(32)(33)((34)(37)(39))
> (35)(36)(38)(40)(41)((42)(43))(44)(45 46)(47 48)(49 50 ((51)(52)))
> a OK THREAD done.

Hmm, question:

If I understand it right, the

a)  (1) mean a singel messages

but what does

b)  (5 3 4)

mean?  This would look like the message 5 came before 3 and 4 and then


Message numbers are assigned to messages the first time they're seen. If the  
IMAP server hasn't logged on for a while and is now seeing a bunch of  
messages for the first time, the order in which the files get read from the  
directory may not necessarily match the order they were delivered to. So  
the server may see a reply before the original message, and the REFERENCES  
sort will rearrange them in chronological order.



c)  (23 (24)(25))
d)  ((34)(37)(39))
e)  (49 50 ((51)(52)))

which look very courious to me.

> The complete specification is a somewhat of a big pill to swallow.
> See https://tools.ietf.org/html/rfc5256

It seems I have to suck it!


Yes.

This is one of the more …involved parts of IMAP. There's a lot of history  
and legacy involved. It's my understanding that some of the original actors  
have suffered health problems in recent past; so I don't want to say  
anything on that account.


But I'll say this. I believe that server-side sorting was a mistake. The  
most sensible usage model for IMAP is for the client to sync and cache with  
the server. An IMAP client should sort and thread messages using its cached  
message metadata and don't hassle the server with it.


A server is a shared resource. It never made any sense to me to offload as  
much processing as possible to the server. It makes more sense for most of  
the processing to be done on the client side, with the server's role limited  
to feeding the raw data to the client. There are more clients than there are  
servers. Clients, collectively have more shared processing power. A CPU  
currently busy sorting some knucklehead's ten year mail archive can't do  
anything else, for other clients. That never made any sense, but that's how  
IMAP is overall designed, to push as much processing to the server.


And, of course, it's much easier for some hacked-together IMAP-over-web  
client to send a single command and parse the response, than to do the job  
by itself.


pgptBsBdKg4mw.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Server side sorting

2017-03-22 Thread Sam Varshavchik

Michelle Konzack writes:


But how can I do thread sorting?

The squirrelmail sourcecode is really weird and I do not understand  how
it works.

Question:  Can I use for this the "IMAP CAPABILITY" server side sorting?

I access the imap account with php5 and php-imap.


The IMAP command is THREAD REFERENCES. The response consists of message  
numbers, with parenthesis indicating various threads and subthreads:


a THREAD REFERENCES UTF-8 ALL
* THREAD (1)(2)(5 3 4)(6 7)(8)(9)(10 11 12)(13)(14)(15 16 17)(18)(19)(20 22) 
(21)(23 (24)(25))(26)(27)(28)(29)(30)(31)(32)(33)((34)(37)(39))(35)(36)(38) 
(40)(41)((42)(43))(44)(45 46)(47 48)(49 50 ((51)(52)))

a OK THREAD done.

The complete specification is a somewhat of a big pill to swallow. See  
https://tools.ietf.org/html/rfc5256




pgp7tWVIXdk_9.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] journald logging

2017-03-21 Thread Sam Varshavchik

Bernd Plagge writes:


Hi Sam,
thanks for a great product!

Times are changing and with the introduction of systemd also comes journald.
Seems that running syslog in addition to journald is not very good.

So, I switched syslog off.
Now I find imap and pop messages in the log but no delivery result or  
messages about incoming mails. It seems that half of the Courier messages  
does not make it into the journal.


Are there any settings I've overseen? Courier logging is turned on but maybe  
there are additional journald settings.


I'm not familiar with this aspect of systemd.

All messages from Courier get logged the same way, to the "mail" facility.  
The only difference is that messages from the main courier daemon get sent  
directly to syslog, while other daemons log to standard error, which is  
piped to courierlogger, which reads them and syslog()s them.


I don't see anything obvious by perusing the various man pages.



pgpRPs30jf60w.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Build 20170309 of Courier packages

2017-03-16 Thread Sam Varshavchik

Gordon Messmer writes:


On 03/15/2017 06:17 PM, Sam Varshavchik wrote:
> Ok, this actually turned out to be a small typo. Fixed in the
> just-uploaded 20170315, and it builds for me.


courier-unicode does build.  However, I'm unable to build the new
courier package with it installed (also under mock).

https://paste.fedoraproject.org/paste/X1s-KLD0Eaiz9otZerh- 
wl5M1UNdIGYhyRLivL9gydE=


This should now be fixed in 20170316. All packages rebuilt, including  
courier-authlib which was also affected.




pgpZWky65hBKe.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] Courier build 20170315

2017-03-15 Thread Sam Varshavchik

Download: http://www.courier-mta.org/download.html

Changes:

- Fix TLS peer hostname verification issue caused by CNAME records.



pgpqnefY9mxD_.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Build 20170309 of Courier packages

2017-03-15 Thread Sam Varshavchik

Gordon Messmer writes:


On 03/11/2017 11:20 AM, Sam Varshavchik wrote:
> • A few more tweaks to the courier-unicode configuration script.


Building in mock fails on CentOS 7:

https://paste.fedoraproject.org/paste/knoYv8gNHfxhfF3flIz6EF5M1UNdIGYhyRLivL9gydE=


Ok, this actually turned out to be a small typo. Fixed in the just-uploaded  
20170315, and it builds for me.




pgpsFJiX7PdJ6.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Amazon SES "/SECURITY=REQUIRED set, but TLS is not available"

2017-03-15 Thread Sam Varshavchik

SZÉPE Viktor writes:



Thank you for your answer.

$ grep ^TLS_VERIFYPEER /etc/courier/*
/etc/courier/courierd:TLS_VERIFYPEER=NONE
/etc/courier/esmtpd:TLS_VERIFYPEER=NONE


Look in /proc and verify what TLS_VERIFYPEER is set to. This is a  
certificate verification error, and TLS_VERIFYPEER=NONE disables it.


Also verify that TLS_TRUSTCERTS is pointing to your trusted certificate  
authority list. With the CA certs on Fedora in /etc/pki/tls/cert.pem:


$ addcr | TLS_VERIFYPEER=PEER TLS_TRUSTCERTS=/etc/pki/tls/cert.pem ./couriertls 
-host=email-smtp.us-west-2.amazonaws.com -port=587 -protocol=smtp
220 email-smtp.amazonaws.com ESMTP SimpleEmailService-1868680227  
mCOkgyUFhRGTqHk4KAqP

EHLO octopus.email-scan.com
250-email-smtp.amazonaws.com
250-8BITMIME
250-SIZE 10485760
250-STARTTLS
250-AUTH PLAIN LOGIN
250 Ok
STARTTLS
220 Ready to start TLS
EHLO www.courier-mta.com
250-email-smtp.amazonaws.com
250-8BITMIME
250-SIZE 10485760
250-STARTTLS
250-AUTH PLAIN LOGIN
250 Ok





pgpmPVsCOdNab.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Amazon SES "/SECURITY=REQUIRED set, but TLS is not available"

2017-03-15 Thread Sam Varshavchik

SZÉPE Viktor writes:


6) telnet email-smtp.us-west-2.amazonaws.com 587
220 email-smtp.amazonaws.com ESMTP SimpleEmailService-1868680227
MmKC14V2dPS1oRPRtSjF

Courier says: /SECURITY=REQUIRED set, but TLS is not available
Could it be that Courier compares the SMTP banner
(email-smtp.amazonaws.com) to the certificate CN, not the specified
host name (email-smtp.us-west-2.amazonaws.com) ?


Looks like that server uses a self-signed certificate, and if it's not added  
to your trusted certificate store, TLS negotiation will fail.


You would think that Amazon has the resources to pay itself a few bucks each  
year, for a properly signed certificate.


You'll have to reset TLS_VERIFYPEER to NONE, in the esmtpd-ssl config file.



pgptGSH94vCGy.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] Build 20170309 of Courier packages

2017-03-11 Thread Sam Varshavchik

Download: http://www.courier-mta.org/download.html

New builds of courier-unicode, courier, courier-imap, sqwebmail, maildrop,  
and cone packages.


• A few more tweaks to the courier-unicode configuration script.

• All other packages are rebuilt against the new courier-unicode package,  
and require the new version for building, going forward.


• courier: switched blacklist lookups to use either TXT or A records instead  
of ANY, depending on the blacklist setting; documentation updated  
accordingly.





pgp8qxKt6KDu5.pgp
Description: PGP signature
--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] RBL answers

2017-03-11 Thread Sam Varshavchik

Matus UHLAR - fantomas writes:


>Is it worth considering A and TXT record lookups rather than ANY, given
>the request to stop sending requests for ANY result?  Might that request
>indicate that requests for ANY will not be supported in the future?

I got angry in the past at cloudflare for the stupid draft and already
blocked a domain using their DNS because of that.


I agree that this is somewhat dumb, and stupid. I understand the underlying  
technical factors. But it's still dumb, and stupid. Things have been working  
just fine, as is, for decades, with those same technical factors being  
present and everyone simply ignoring them. Nobody cares.


This is nothing more than some pointy-headed academician, or a bunch of  
them, suddenly figuring out the problem with ANY that nobody cared about,  
ever, and thinks that he is the first one, ever, to figure it out, and this  
is nothing more than a public demonstration of how smart these boneheads,  
who are pushing for this, are. Because, see, they're smarter than everyone  
else, for figuring out this horrible flaw in DNS's design.


But this is a battle that I cannot win. There will come a point that the  
blacklist operators will realize their short-sightedness in backing this  
idiocy. But, by that point, there will be nothing that they will be able to  
do about it. The cat's already out of the bag.




pgpi_Z_v1ew9s.pgp
Description: PGP signature
--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] RBL answers

2017-03-10 Thread Sam Varshavchik

SZÉPE Viktor writes:


Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>:

> In the long run this will be counterproductive, since the existing
> blacklists will now result in a generic "Access denied." bounces,
> instead of the blacklist-provided message that will point back to
> the blacklist. But, it's their decision to make.

I think Courier should issue an A query and if it is positive than a
TXT one to get the description.

What do you think about it?


That's the other thing that the blacklists definitely don't want: excessive  
queries. Making two queries instead of one will put extra load on the  
blacklists, and slow down your mail delivery.


That's why I think that getting rid of ANY is counter-productive. But, it's  
their call to make, so we'll go with that.




pgp22qgBGRjND.pgp
Description: PGP signature
--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] disposable addresses

2017-03-10 Thread Sam Varshavchik

SZÉPE Viktor writes:


Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>:

> SZÉPE Viktor writes:
>
>>
>> Hello!
>>
>> I've found a list of domains with the MX record mail.mailinator.com.
>> (23.239.11.30)
>>
>> Is there a way to throw away all emails going to mail.mailinator.com. ?
>>
>> Thank you.
>
> The "bofh badmx" setting in the courier config file. See the
> courier(8) man page.

Thank you.

My question is about *outgoing* emails.

I think badmx is for mail reception.


Yes, that's for incoming mail.

There's nothing specific for blocking mail to a particular MX. If you don't  
want to send mail to a particular domain, well, don't send it.


There are just several hackish way to bounce mail to a particular server. If  
you run your own DNS server you can simply inject a manual DNS entry for  
them, pointing to 127.0.0.1. Or, you can add that hostname to the locals  
file, making Courier think it's the name of the local machine, so it'll  
attempt to find a local mailbox of that name. Dependending on whether your  
mailbox happens to match the name of the recipient's mailbox, that can  
either be good, or bad…





pgpIDnA6K5eZT.pgp
Description: PGP signature
--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] RBL answers

2017-03-10 Thread Sam Varshavchik

Gordon Messmer writes:


I was checking the RBL queries and answers on a server this morning,
when I noticed this in the responses:
 Please stop asking for ANY.See draft-ietf-dnsop-refuse-any

Both spamhaus and abuseat provide this text in their replies to
Courier's RBL lookups.

Is it worth considering A and TXT record lookups rather than ANY, given
the request to stop sending requests for ANY result?  Might that request
indicate that requests for ANY will not be supported in the future?


Right now you can explicitly specify a message, to issue an A query:

"-block=zen.spamhaus.org,Go away!"

and this will result in an A query instead of an ANY.

ANY was a convenient way to get both an IP address code from the blocklist,  
as well as the blacklist-provided custom message.


The referenced document is a general DNS document, not particular to  
blacklists. But, because they're returning this response, this means they're  
on board with this, and don't want ANY requests. Have to respect that.


I'll change the logic to always request for A record, unless the custom  
message is explicitly set to '*', which will result in a TXT query.


In the long run this will be counterproductive, since the existing  
blacklists will now result in a generic "Access denied." bounces, instead of  
the blacklist-provided message that will point back to the blacklist. But,  
it's their decision to make.






pgp7NNXww7zjl.pgp
Description: PGP signature
--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] disposable addresses

2017-03-10 Thread Sam Varshavchik

SZÉPE Viktor writes:



Hello!

I've found a list of domains with the MX record mail.mailinator.com.
(23.239.11.30)

Is there a way to throw away all emails going to mail.mailinator.com. ?

Thank you.


The "bofh badmx" setting in the courier config file. See the courier(8) man  
page.


pgpffdiZUwQZB.pgp
Description: PGP signature
--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] courier-unicode build 20170308 released

2017-03-08 Thread Sam Varshavchik

Download: http://www.courier-mta.org/download.php#unicode

Revised configuration script to enable C++11 builds that should work with  
older versions of gcc.





pgpRu0XGuhmPg.pgp
Description: PGP signature
--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] courier unicode build 20170307

2017-03-07 Thread Sam Varshavchik

Bowie Bailey writes:


On 3/7/2017 7:17 AM, Sam Varshavchik wrote:
> Alessandro Vesely writes:
>
>> On Tue 07/Mar/2017 03:43:45 +0100 Sam Varshavchik wrote:
>> > Download: http://www.courier-mta.org/download.html#unicode
>> >
>> > This is a test build of the courier-unicode package, that uses
>> C++11's unicode
>> > support. Please report any build issues to the courier-users list.
>>
>> Yes, it works, but I had to manually set CXXFLAGS="-std=c++11". That
>> could be
>> avoided by using AX_CXX_COMPILE_STDCXX in configure.  I found no m4
>> dir, so I
>> added it and saved there the file I found in:
>> https://www.gnu.org/software/autoconf-archive/ax_cxx_compile_stdcxx.html
>>
>> I attach other minor changes.  I didn't test it on a "difficult"
>> system.  I
>> guess that if 'optional' works as advertised, the behavior won't get
>> worse.
>
> Ok, but C++11 is mandatory now, that's the whole point. Looks like
> this macro tries both -std=c++11 and -std=c++0x, which is what's
> needed; however looks like the macro executes a fairly extensive check
> for C++11 coverage, while all that's needed here is unicode string
> support.
>
> I've added this macro and prepared the 20150307 build. Can someone try
> courier-unicode-20150307 to see if it builds by default with gcc 4.4.

I tried it on my CentOS 6.6 system and it failed.  (Although your test
program did not give any errors.)

$ ./configure
...
checking whether g++ supports C++11 features by default... no
checking whether g++ supports C++11 features with -std=gnu++11... no
checking whether g++ supports C++11 features with -std=gnu++0x... no
checking whether g++ supports C++11 features with -std=c++11... no
checking whether g++ supports C++11 features with +std=c++11... no
checking whether g++ supports C++11 features with -h std=c++11... no
checking whether g++ supports C++11 features with -std=c++0x... no
checking whether g++ supports C++11 features with +std=c++0x... no
checking whether g++ supports C++11 features with -h std=c++0x... no
configure: error: *** A compiler with support for C++11 language
features is required.


That's fine. I would have to look at what you ended up with in your  
config.log to confirm this, but I'm fairly certain that the compiler fails  
that macro's thorough check for C++11 compliance. It checks a bunch of  
stuff, and gcc 4.4 is not fully C++11 compliant. Which is ok, since only  
unicode support is needed here.


I'll back that out, and replace it with my own check just for unicode.  
There'll be another build tomorrow.




pgpH7ytni76Dj.pgp
Description: PGP signature
--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] courier unicode build 20170307

2017-03-07 Thread Sam Varshavchik

Alessandro Vesely writes:


On Tue 07/Mar/2017 03:43:45 +0100 Sam Varshavchik wrote:
> Download: http://www.courier-mta.org/download.html#unicode
>
> This is a test build of the courier-unicode package, that uses C++11's  
unicode

> support. Please report any build issues to the courier-users list.

Yes, it works, but I had to manually set CXXFLAGS="-std=c++11".  That could  
be

avoided by using AX_CXX_COMPILE_STDCXX in configure.  I found no m4 dir, so I
added it and saved there the file I found in:
https://www.gnu.org/software/autoconf-archive/ax_cxx_compile_stdcxx.html

I attach other minor changes.  I didn't test it on a "difficult" system.  I
guess that if 'optional' works as advertised, the behavior won't get worse.


Ok, but C++11 is mandatory now, that's the whole point. Looks like this  
macro tries both -std=c++11 and -std=c++0x, which is what's needed;  
however looks like the macro executes a fairly extensive check for C++11  
coverage, while all that's needed here is unicode string support.


I've added this macro and prepared the 20150307 build. Can someone try  
courier-unicode-20150307 to see if it builds by default with gcc 4.4.


pgpNMhN_Fexvv.pgp
Description: PGP signature
--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] courier unicode build 20170306

2017-03-06 Thread Sam Varshavchik

Download: http://www.courier-mta.org/download.html#unicode

This is a test build of the courier-unicode package, that uses C++11's  
unicode support. Please report any build issues to the courier-users list.





pgps1WDCmKVFh.pgp
Description: PGP signature
--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Sender email?

2017-03-06 Thread Sam Varshavchik

Michelle Konzack writes:


Hello,

I the past I had something in my courier config which added the 
to the headers.  I need this more or less urgently, because  I  get  for
example messages from


Nothing comes to mind. Delivery to a local mailbox should add a Return-Path:  
header, unless a custom mail delivery agent is used.




Note:  I try to use /etc/bofh, but
   badfrom @globale-scanner.com>
   badfrom 

Just drop the IP address into the smtpaccess file.




pgp50HVsiVg95.pgp
Description: PGP signature
--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Poll: C++11 compiler support

2017-03-06 Thread Sam Varshavchik

Bowie Bailey writes:


On 3/5/2017 5:10 PM, Sam Varshavchik wrote:
>
> Ok, so squeeze should be taken care of, and most likely CentOS 5 and
> 6. Thanks for testing it.

CentOS 6 is using gcc 4.4.7 and works fine with the '-std=c++0x' flag.

CentOS 5 is using gcc 4.1.2 and does not work.

$ g++ -std=c++0x -o utest utest.C
cc1plus: error: unrecognized command line option "-std=c++0x"


I see a separate gcc44 package for CentOS 5, here:

http://mirror.centos.org/centos/5.11/os/x86_64/CentOS/

Even though CentOS 5 is now EOLed, It looks to me it will still be possible  
to build C++11 code using the gcc44 package.





pgpLjbVO1ez4n.pgp
Description: PGP signature
--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] [cone] Poll: C++11 compiler support

2017-03-06 Thread Sam Varshavchik

Nux! writes:


Hello,

Got errors with both commands:
CentOS 6 x86_64, gcc version 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC)

This could have some impact as CentOS 6 is still pretty used in the server  
world.


g++ -o utest utest.C
utest.C: In function ‘int main()’:
utest.C:5: error: ‘char32_t’ was not declared in this scope
utest.C:5: error: expected ‘;’ before ‘c’
utest.C:6: error: ‘u32string’ is not a member of ‘std’
utest.C:6: error: expected ‘;’ before ‘u’

g++ -std=c++11 -o utest utest.C
cc1plus: error: unrecognized command line option "-std=c++11"


Ok, now try:

g++ -std=c++0x -o utest utest.C




pgpTfWsdaGJrm.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Poll: C++11 compiler support

2017-03-05 Thread Sam Varshavchik

SZÉPE Viktor writes:


Idézem/Quoting Freddie Witherden <fred...@witherden.org>:

> Hi,
>
> On 05/03/2017 13:03, Sam Varshavchik wrote:
>>> $ g++ -o utest u.c
>>> u.c: In function ‘int main()’:
>>> u.c:5: error: ‘char32_t’ was not declared in this scope
>>> u.c:5: error: expected ‘;’ before ‘c’
>>> u.c:6: error: ‘u32string’ is not a member of ‘std’
>>> u.c:6: error: expected ‘;’ before ‘u’
>>>
>>> $ g++ -std=c++11 -o utest u.c
>>> cc1plus: error: unrecognized command line option "-std=c++11"
>>
>> Ok, so gcc 4.4 is not going to work.
>>
>> According to https://wiki.debian.org/LTS, squeeze has EOLed a year ago.
>>
>>> wheezy with gcc-4.7
>>>
>>> $ g++ -o utest u.c
>>> u.c: In function ‘int main()’:
>>> u.c:5:4: error: ‘char32_t’ was not declared in this scope
>>> u.c:5:13: error: expected ‘;’ before ‘c’
>>> u.c:6:4: error: ‘u32string’ is not a member of ‘std’
>>> u.c:6:19: error: expected ‘;’ before ‘u’
>>>
>>> $ g++ -std=c++11 -o utest u.c
>>> (no output)
>>
>> Ok, so with wheezy, and going forward, you should be ok by explicitly
>> using the -std=c++11 compiler flag.
>>
>> CentOS 5 also comes with gcc 4.4, and CentOS 5 EOLs and the end of this
>> month. But looks like CentOS 6 still uses gcc 4.4, until 2020. That's
>> likely to be problematic, but I'd still like to verify this. It's
>> remotely possible that Red Hat patched in some C++11 support in their
>> build of gcc 4.4.
>
> You can try with -std=c++0x which enables limited support and has been
> available since early 4.x releases.
>

Works on g++ 4.4:

$ g++ -std=c++0x -o utest u.c
(no output)


Ok, so squeeze should be taken care of, and most likely CentOS 5 and 6.  
Thanks for testing it.




pgpRDqpncGAhs.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Poll: C++11 compiler support

2017-03-05 Thread Sam Varshavchik

SZÉPE Viktor writes:


This is the case in Debian releases:
squeeze with gcc-4.4

$ g++ -o utest u.c
u.c: In function ‘int main()’:
u.c:5: error: ‘char32_t’ was not declared in this scope
u.c:5: error: expected ‘;’ before ‘c’
u.c:6: error: ‘u32string’ is not a member of ‘std’
u.c:6: error: expected ‘;’ before ‘u’

$ g++ -std=c++11 -o utest u.c
cc1plus: error: unrecognized command line option "-std=c++11"


Ok, so gcc 4.4 is not going to work.

According to https://wiki.debian.org/LTS, squeeze has EOLed a year ago.


wheezy with gcc-4.7

$ g++ -o utest u.c
u.c: In function ‘int main()’:
u.c:5:4: error: ‘char32_t’ was not declared in this scope
u.c:5:13: error: expected ‘;’ before ‘c’
u.c:6:4: error: ‘u32string’ is not a member of ‘std’
u.c:6:19: error: expected ‘;’ before ‘u’

$ g++ -std=c++11 -o utest u.c
(no output)


Ok, so with wheezy, and going forward, you should be ok by explicitly using  
the -std=c++11 compiler flag.


CentOS 5 also comes with gcc 4.4, and CentOS 5 EOLs and the end of this  
month. But looks like CentOS 6 still uses gcc 4.4, until 2020. That's likely  
to be problematic, but I'd still like to verify this. It's remotely possible  
that Red Hat patched in some C++11 support in their build of gcc 4.4.


pgpB3RP2KfSLP.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] Poll: C++11 compiler support

2017-03-05 Thread Sam Varshavchik
The forward match of progress is requiring a clean break from the pre-c++11  
days. Under consideration is migrating the courier-unicode library, used by  
both Courier and Cone, to use C++11's unicode support only.


I am taking a poll whether there's still any notable platforms where Courier  
and Cone is used that's still using an old compiler that does not support  
C++11.


According to gcc's documentation, gcc 4.8.1 was the first version with full  
C++11 support; but it's likely that older versions of gcc had sufficient  
support. gcc 4.5's compliance page gives Unicode string literals as  
supported, so I'm fairly confident of sufficient C++11 unicode support at  
least in gcc 4.5, at the latest.


I'd like to know if your compiler does not support C++11 unicode strings.  
This can be determined with a simple test:


#include 

int main()
{
   char32_t c=0;
   std::u32string u;

   return 0;
}

Save the above as "utest.C", then execute either:

g++ -o utest utest.C

or

g++ -std=c++11 -o utest utest.C

If either one completes without errors, you're good. This is if your  
compiler is "g++", of course. Certain platforms, like Debian, FreeBSD, and  
many others, might have multiple versions of gcc installed; typically as  
"g++NN". Use the appropriate command for your gcc.





pgpQXVyrO_vcO.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Courier MLM does not allow "post only"

2017-03-02 Thread Sam Varshavchik

Michelle Konzack writes:


Hello *,

I have a PHP5 script, which use IMAP to access a Listfolder and build an
index from the subjects (does not work correctly yet) for a Forum. I can
click on a topic and get a DATE sorted list of messages.  Later  I  will
also add the body of it.

This @#!@ does not really work, if stupid  users  take  a  mailing  list
message and change the subject line to post a new topic!


This is not limited to mailing lists. Usenet cl00bies will often do that,  
too.


There is no workaround, aside from public scolding.


I also discovered some seconds ago, that users can not set the  list  to
"post only", mean, they will continue getimg message from the List, even
if they can read the message other wise, e.g.  from  the  archive  or  a
second maila ccount.

Any suggestions whats going wrong here?


Pure post-only mail aliases do not exist in couriermlm. couriermlm's write- 
only aliases are attached to another subscribed address, which continues to  
get list mail. Both the subscribed address, and the alias, can be used to  
post to the list. When the subscribed address is removed from the list, the  
write-only alias goes with it.





pgp3D3fXkuNSG.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Courier MLM does not allow "post only"

2017-03-02 Thread Sam Varshavchik

Michelle Konzack writes:


Additional question:

Is it possibel, to add an unique THREAD ID to messages?

I mean, forcing mail users to replay correctly to an EXISTING topic
or open a NEW topic.

If not, how can I filter incoming ML messages through procmail?

It seems, the MLM does not work the same way as the rest of courier.


In what way? couriermlm does not keep track of previously sent messages. It  
does not search a message's References:, for previously sent messages. The  
threading you see in your IMAP client is part of the IMAP specification.  
Although the server is responsible for the threading, Courier-IMAP has to do  
it by the IMAP spec, and this is the only exception to that.


If you want that level of control over a mailing list, requiring specific  
actions to reply to existing messages, or creating a new thread, you're  
really talking about some web-based forum software. You can't meaningfully  
achieve such level of control over plain, garden-variety, email. Anyone can  
instruct their mail client to reply to an existing message, delete  
everything, and write a new mail from scratch, then send it off. Or, cut,  
and paste a received message into a new mail.


There's little that a mailing list manager can do about it, without engaging  
in complicated, overengineered, content inspection; attempting to  
heuristically determine whether the contents of a given message logically  
belong to some existing thread.




pgp6Imn2fZPUJ.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] Development builds of courier, courier-imap, and cone packages

2017-02-18 Thread Sam Varshavchik

Download: http://www.courier-mta.org/download.html

courier, courier-imap, and cone builds 20170218:

Changes:

- Fix compilation errors with OpenSSL 1.1.0




pgp455S_OPxxz.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] SendGrid certificate problem

2017-02-16 Thread Sam Varshavchik

SZÉPE Viktor writes:


Hello!

Could it be that Courier MTA cannot be configured to send emails
securely (using SSL) to Sendgrid because they have their hostname in
SAN not in CN?


The OpenSSL library does not validate peer hostnames, leaving it up to the  
application to do that. Courier's manual hostname validation code checks CN  
only.


Hostname validation for SMTP is a mess. Many servers use self-signed certs,  
not signed by a trusted CAs, as such most servers typically do not verify  
peer hostnames.


You can also recompile Courier to use GnuTLS, which handles hostname  
verification itself, and will presumably check SAN.




pgpDWOlfNdYSw.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] courier breaks under linux kernel 4.9

2017-02-08 Thread Sam Varshavchik

AndCycle writes:


Gentoo Linux dist.
Linux bacztwo 4.9.6-gentoo-r1 #2 SMP Wed Feb 8 04:09:10 CST 2017 x86_64
Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz GenuineIntel GNU/Linux
mail-mta/courier-0.76.4

I recently upgrade by linux kernel to 4.9.2, which result in courier
spit out following error message

Feb  8 05:10:24 bacztwo courieresmtpd[8789]: started,ip=[190.173.150.46]
Feb  8 05:10:25 bacztwo courieresmtpd[18270]: gdbm fatal: couldn't init
cache
Feb  8 05:10:25 bacztwo courieresmtpd[8789]: submitclient: EOF from submit.
Feb  8 05:10:25 bacztwo courieresmtpd[8789]:
error,relay=190.173.150.46,msg="502 ESMTP command error",cmd: DATA

as it complain gdbm fatal error, courier won't accept any smtp mail,
in the end I have to put an boot option "ignore_rlimit_data" to solve
this issue,

is there other proper way to fix this issue?


No issues with kernel 4.9.6 in Fedora.

What is ULIMIT set to, in your esmtpd configuration file? The default  
setting is 16384. Increase it.




pgp8vsnGq0XQD.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] Courier build 20170128 released

2017-01-28 Thread Sam Varshavchik

Current development build of Courier.

Download: http://www.courier-mta.org/download.html

Changes:

- Minor fixes to the configure script.

- Merged several FreeBSD and Debian patches.



pgp93drsNmdQz.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] courier-authlib 0.67.0 released

2017-01-28 Thread Sam Varshavchik

Download: http://www.courier-mta.org/download.html#authlib

Changes:

• Rewritten LDAP, MySQL, PostgreSQL, and SQLite modules. The replacement  
modules are backwards compatible, except for one PostgreSQL configuration  
setting, and an enhancement to all four modules: all runtime changes to each  
module's configuraiton file takes effect immediately and automatically, and  
does not require a daemon restart. Upgrading to this version requires strict  
adherence to the upgrade process, namely running 'make install-configure'.


• Exposed additional API calls to the courierauth.h header file.

• Added BuildRequires: perl-generators to the Fedora rpm spec file.

• Compilation warning fixes.



pgphB3mrB7lIj.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Error message from Remote Server

2017-01-27 Thread Sam Varshavchik

Michelle Konzack writes:


Your message to the following recipients cannot be delivered:

 :
 biscmail.cv.net [167.206.112.38]:
 >>> STARTTLS
 <<< 500 couriertls: connect: error:14094410:SSL  
routines:SSL3_READ_BYTES:sslv3 alert handshake failure


 :
 biscmail.cv.net [167.206.112.38]:
 >>> STARTTLS
 <<< 500 couriertls: connect: error:14094410:SSL  
routines:SSL3_READ_BYTES:sslv3 alert handshake failure


---

If your message was also sent to additional recipients, their delivery
status is not included in this report.  You may or may not receive
other delivery status notifications for additional recipients.

The original message follows as a separate attachment.
8<--

I have never gotten such error message.

with the exception of TLS1 things which I have removed last year already
and for my understanding is, that SSLv3 was negotiated  with  
and failed.  If I can not contact them by EMail I have to do an expensiv
long distance call.


The actual text of the error message comes from OpenSSL, and it is very  
misleading. Ignore the "sslv3" part of it. OpenSSL uses internal routines  
named "sslv3" that will autonegotiate the protocol level with the peer.


As I recall, you are using a relative older version of Courier. Since then,  
the OpenSSL API have been updated, and the default settings in the current  
version of Courier's configuration files will be sufficient to negotiate any  
protocol that's common to both the client and the server.


Also, the current version of Courier should handle TLS negotiation failures  
automatically. The unsent message will not initially bounce, and the next  
connection attempt will not attempt to negotiate TLS with the remote server.





pgpp1ssVKT9ho.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Date (YEAR) in /var/log/mail.log

2017-01-27 Thread Sam Varshavchik

Michelle Konzack writes:


Hallo,

I run currently an analyzer over the /var/log/mail.log*  file  from  the
last 12 years ;-) and now I run into trouble, because the prefixing date
has no YEAR stamp.

Is there a possibility to change this?


That's something that's syslog's territory. syslog generates the timestamps  
in /var/log files.



I was greping all configs, but found noting.

Any suggestions?


http://stackoverflow.com/questions/5065592/adding-year-in-the-syslog-message- 
linux



I really would like to know, which login/password they try...

However, over the last 12  years  there  where  NEVER  a  singel
account compromised.  Maybe I am  BOFH,  but  forcing  users  to
better passwords is unfortunately neccesary, since I do not want
to bother (have no time for it) with compromised accounts.


Courier is quite resilient to dictionary attacks. The combination of a  
default max limit of four connections from the same IP address, and  
aggressive tarpitting quickly kills most dictionary attacks before they go  
very far.




pgpq9HCtt6cmJ.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Courier, PayPal and STARTTLS

2017-01-27 Thread Sam Varshavchik

Greg Earle writes:


I was expecting an incoming e-mail from PayPal but noticed these errors
in my syslog when it tried to deliver it:

Jan 26 01:11:28 isolar courieresmtpd: [ID 702911 mail.info]  
started,ip=[:::173.0.84.227]
Jan 26 01:11:28 isolar courieresmtpd: [ID 952582 mail.error] courieresmtpd:  
STARTTLS failed: couriertls: connect: error:1408F10B:SSL  
routines:SSL3_GET_RECORD:wrong version number
Jan 26 01:11:38 isolar courieresmtpd: [ID 702911 mail.info]  
started,ip=[:::66.211.168.231]
Jan 26 01:11:39 isolar courieresmtpd: [ID 952582 mail.error] courieresmtpd:  
STARTTLS failed: couriertls: connect: error:1408F10B:SSL  
routines:SSL3_GET_RECORD:wrong version number
Jan 26 01:31:28 isolar courieresmtpd: [ID 702911 mail.info]  
started,ip=[:::173.0.84.228]
Jan 26 01:31:29 isolar courieresmtpd: [ID 952582 mail.error] courieresmtpd:  
STARTTLS failed: couriertls: connect: error:1408F10B:SSL  
routines:SSL3_GET_RECORD:wrong version number
Jan 26 01:31:39 isolar courieresmtpd: [ID 702911 mail.info]  
started,ip=[:::66.211.168.231]
Jan 26 01:31:39 isolar courieresmtpd: [ID 952582 mail.error] courieresmtpd:  
STARTTLS failed: couriertls: connect: error:1408F10B:SSL  
routines:SSL3_GET_RECORD:wrong version number


A Google search showed an old thread on here where Sam responded, saying
to set TLS_PROTOCOL to "TLS1" in both "esmtpd" and "esmtpd-ssl".  But
that's what I've already got mine set to:

isolar:1:1100 [/opt/courier/etc] # grep ^TLS_P esmtpd esmtpd-ssl
esmtpd:TLS_PROTOCOL=TLS1
esmtpd-ssl:TLS_PROTOCOL=TLS1

So what do I do?  Is there some trickery I can put into smtpaccess/default
to make them not try to do STARTTLS or something?  Or some other file?


Remove the TLS_PROTOCOL setting entirely, and have it fall back to the  
default setting.




pgpqWTP8I_Yhs.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Looking for new Debian maintainers for courier-mta packages

2017-01-26 Thread Sam Varshavchik

SZÉPE Viktor writes:



Idézem/Quoting Sam Varshavchik <mr...@courier-mta.com>:

> Ángel writes:
>
>> I would recommend automatically adding mkdhparams to /etc/cron.monthly,
>> too.
>
> The Fedora RPM package does precisely that.
>
>> Also, looking at the patches carried by debian, the numbers 1, 2, 3, 5,
>> 6, 7, 9, 12*, 13, 14, 17, 20, 21, 23 and 25 seem quite uncontroversial
>> for being applied upstream. Could you add them to your queue to ponder
>> their inclusion, Sam?
>
> I'll be happy to look at them. But I am not familiar with Debian's
> bug tracker. You can either provide the URLs, or use Github's bug
> tracker.

You can access Debian patches
from git
https://anonscm.debian.org/git/collab-maint/courier.git


Most of the above-referenced patches look quite reasonable. There would  
not've been any reason not to merge them in the first place.




pgpU8mcuXTNq9.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] SASL for authpipe -- a sticky note for Courier Authlib

2017-01-26 Thread Sam Varshavchik

Alessandro Vesely writes:


On Thu 26/Jan/2017 01:53:59 +0100 Sam Varshavchik wrote:
> Alessandro Vesely writes:
>> On Wed 25/Jan/2017 14:33:16 +0100 Sam Varshavchik wrote:
>>> Alessandro Vesely writes:
>>>>
>>>> The main difficulty is to get the sources for the include files:
>>>>
>>>> I include courierauth.h and courierauthsasl.h from authlib-devel.  But
>>>> I also need:
>>>>
>>>> #include"libs/libhmac/hmac.h" // for struct hmac_hashinfo
>>>> #include"cramlib.h" // for auth_cram_callback
>>>>
>>>> In addition, I also need auth.h, because cramlib.h includes it (it
>>>> would suffice to declare "struct authinfo;" to avoid the inclusion).
>>>> All file names in include_HEADER start with "courier", so some
>>>> renaming would be in order if this issue is ever addressed.
>>>
>>> It should be possible for you to support SASL authentication by using
>>> authsasl_list, that's declared in courierauthsasl.h.
>>
>> The authsasl_cram function declared in courierauthsasl.h seems to be
>> designed to be called /during/ the dialog.  In authProg, instead, I read
>> stuff more or less like:
>>
>>AUTH 30\nesmtp\nlogin\njoe@spam\npassword
>>
>> /after/ the dialog is already terminated.  If it was SASL instead of  
login, the
>> last two lines read would contain challenge and response, which I decode  
with
>> authsasl_frombase64(); then I pass cleartext password, challenge and  
response
>> to auth_cram_callback(), and based on its return code either authenticate  
the

>> user or fail.
>
> Yeah, ok.
>
> These exported functions are meant to be used for developing authentication
> clients, not servers.
>
> Looks like all you need are the functions in cramlib.h

Yes, and the structure defined in hmac.h.  I trimmed the text above so as to
make it more likely to fit on a sticky note, for the next release of authlib,
whenever it comes.


I don't follow – what's still left in hmac.h that needs to be visible, when  
using only the exported functions from cramlib.h?


The definition of hmac_hashinfo doesn't appear to need to be visible.  
The pointer to it will be initialized by auth_get_cram().





pgp51Cg5P9bd4.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Patches from FreeBSD

2017-01-26 Thread Sam Varshavchik

Gordon Messmer writes:

While working on updating the FreeBSD port, I noticed a few patches that may  
be appropriate for merging.


First, the test for -lcourier-unicode seems to be slightly deficient.  All  
of the AC_CHECK_LIB checks successfully locate libs in /usr/local/lib, but  
AC_LINK_IFELSE doesn't seem to.I think that's because that part of  
configure.ac stashes $LIBS where -L/usr/local/lib will be?  Regardless,  
maybe this section can be refactored to use AC_CHECK_LIB...


That particular tests checks not only for the library itself being  
installed, but also for the presence of the header files.


I'll replace that with both AC_CHECK_LIB and AC_CHECK_HEADER.

Second, courier/perms.sh.in sets a number of executables to 555, and others  
to 755.  The FreeBSD maintainer makes those consistent, removing write  
access.


Adjusting the permissions on the individual executables seems fine. However  
the entries for the directories have to stay there. The default  
configuration installs Courier completely inside the /usr/lib/courier tree,  
so all of these directories get created, and this sets the right permissions  
on them.





pgpQiq0D1laYg.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Looking for new Debian maintainers for courier-mta packages

2017-01-26 Thread Sam Varshavchik

Ángel writes:


I would recommend automatically adding mkdhparams to /etc/cron.monthly,
too.


The Fedora RPM package does precisely that.


Also, looking at the patches carried by debian, the numbers 1, 2, 3, 5,
6, 7, 9, 12*, 13, 14, 17, 20, 21, 23 and 25 seem quite uncontroversial
for being applied upstream. Could you add them to your queue to ponder
their inclusion, Sam?


I'll be happy to look at them. But I am not familiar with Debian's bug  
tracker. You can either provide the URLs, or use Github's bug tracker.


pgpUdzYzszHCg.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] SASL for authpipe -- a sticky note for Courier Authlib

2017-01-25 Thread Sam Varshavchik

Alessandro Vesely writes:


On Wed 25/Jan/2017 14:33:16 +0100 Sam Varshavchik wrote:
> Alessandro Vesely writes:
>>
>> while reviewing my Courier installation, I stumbled upon how my  
authProg.c is
>> compiled.  It uses -I/my/path/to/auth/cur -L/usr/path/to/courier-authlib  
and

>> -lcourierauthsasl, on a server with courier-authlib-0.66.4.20160106.  On a
>> stock Debian jessie (0.66.1) I have to add two more libraries.  The main
>> difficulty is to get the sources for the include files:
>>
>> I include courierauth.h and courierauthsasl.h from authlib-devel.  But I  
also

>> need:
>>
>> #include"libs/libhmac/hmac.h" // for struct hmac_hashinfo
>> #include"cramlib.h" // for auth_cram_callback
>>
>> In addition, I also need auth.h, because cramlib.h includes it (it would
>> suffice to declare "struct authinfo;" to avoid the inclusion).  All file  
names
>> in include_HEADER start with "courier", so some renaming would be in  
order if

>> this issue is ever addressed.
>>
>> I don't think I'm going to switch to binary versions of Courier any time  
soon,
>> so I don't really need a cleaner compiling environment for authpipe.   
However,
>> since a courier-authlib-dev package exists, I wonder why it doesn't  
support
>> SASL.  I use authsasl_frombase64, auth_cram_callback, and hmac_list.   
What do

>> everybody else do?
>
> It should be possible for you to support SASL authentication by using
> authsasl_list, that's declared in courierauthsasl.h. You shouldn't need to  
look

> at the lower-level functions.

Ehm, I may be dumb but I don't get it.  That struct is something like:

  struct authsasl_info authsasl_list[] = {
   {"EXTERNAL", 0},
   {"PLAIN", authsasl_plain},
   {"LOGIN", authsasl_login},
   {"CRAM-MD5", authsasl_cram},
   {"CRAM-SHA1", authsasl_cram},
   {"CRAM-SHA256", authsasl_cram},
   { 0, 0}};

Yes, I can find which cram types are available.  However,  
auth_cram_callback()

wants a struct hmac_hashinfo *h in its cci parameter.  The authsasl_cram
function declared in courierauthsasl.h seems to be designed to be called
/during/ the dialog.  In authProg, instead, I read stuff more or less like:

   AUTH 30\nesmtp\nlogin\njoe@spam\npassword

/after/ the dialog is already terminated.  If it was SASL instead of login,  
the

last two lines read would contain challenge and response, which I decode with
authsasl_frombase64(); then I pass cleartext password, challenge and response
to auth_cram_callback(), and based on its return code either authenticate the
user or fail.  Can I do that with some of the exported functions?


Yeah, ok.

These exported functions are meant to be used for developing authentication  
clients, not servers.


Looks like all you need are the functions in cramlib.h

Specifically, auth_get_cram() is going to decode the challenge and response
into a struct cram_callback_info.

Then, auth_cram_callback() takes a pointer to authinfo, where it only really  
looks at clearpasswd. The second argument is the pointer to the decoded  
cram_callback_info, which also contains a pointer to callback_func, that's

going to get invoked if the challenge was successful.




pgpw3FJ5DAhLZ.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] SASL for authpipe -- a sticky note for Courier Authlib

2017-01-25 Thread Sam Varshavchik

Alessandro Vesely writes:


Hi all,

while reviewing my Courier installation, I stumbled upon how my authProg.c is
compiled.  It uses -I/my/path/to/auth/cur -L/usr/path/to/courier-authlib and
-lcourierauthsasl, on a server with courier-authlib-0.66.4.20160106.  On a
stock Debian jessie (0.66.1) I have to add two more libraries.  The main
difficulty is to get the sources for the include files:

I include courierauth.h and courierauthsasl.h from authlib-devel.  But I  
also need:


#include"libs/libhmac/hmac.h" // for struct hmac_hashinfo
#include"cramlib.h" // for auth_cram_callback

In addition, I also need auth.h, because cramlib.h includes it (it would
suffice to declare "struct authinfo;" to avoid the inclusion).  All file  
names

in include_HEADER start with "courier", so some renaming would be in order if
this issue is ever addressed.

I don't think I'm going to switch to binary versions of Courier any time  
soon,
so I don't really need a cleaner compiling environment for authpipe.   
However,

since a courier-authlib-dev package exists, I wonder why it doesn't support
SASL.  I use authsasl_frombase64, auth_cram_callback, and hmac_list.  What do
everybody else do?


It should be possible for you to support SASL authentication by using  
authsasl_list, that's declared in courierauthsasl.h. You shouldn't need to  
look at the lower-level functions.


pgpai6QTTRanb.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Disable adding own hostname to sender's address

2017-01-23 Thread Sam Varshavchik

Michelle Konzack writes:


On 2017-01-23 06:33:48 Sam Varshavchik hacked into the keyboard:
> Adding
>
> NOADDRREWRITE=2
>
> to the courieresmtpd configuration file should do the trick.

Hmmm, even if I do not find ths OPTION in any manpages, I have added it
to /etc/courier/esmtpd and will see, what happen.

I will see, if I still get messages from  and ...

Oops!  --  Just restarted esmtpd and now I get

[ ssh command ]-
Jan 23 16:13:23 mail courieresmtpd: started,ip=[:::202.170.70.8]
Jan 23 16:13:24 mail courieresmtpd: error,relay=:::202.170.70.8,msg="554  
Syntax error - your mail software violates RFC 821.",cmd: MAIL FROM:  
x...@ore.net

Jan 23 16:13:55 mail courieresmtpd: started,ip=[:::202.170.70.8]
Jan 23 16:13:58 mail courieresmtpd: error,relay=:::202.170.70.8,msg="535  
Authentication failed.",cmd: AUTH


The config change has no effect on authentication.

You're logging a run-of-the-mill dictionary attack.


Is this a result of  NOADDRREWRITE=2  ?


No.



> The documentation for this is buried in the submit(8) man page.

...but not in my manpage!


Changelog shows that the option was added in 0.70, in January of 2013.



pgpUbe6nulyT9.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Disable adding own hostname to sender's address

2017-01-23 Thread Sam Varshavchik

Michelle Konzack writes:


Hello Bernd,

On 2017-01-23 07:38:30 Bernd Wurst hacked into the keyboard:
> What I want:
> Sent mail from local users (via sendmail CLI) should have the hostname
> appended. But mail from remote (spam) should not.

I have the same problem here since some years and could not figure  out,
how to avoid it.  Rejecting mails with "forgotten"  domain  name  whould
reject arround 20-40.000 spams per day on my mailserver.


Adding

NOADDRREWRITE=2

to the courieresmtpd configuration file should do the trick.

The documentation for this is buried in the submit(8) man page.



pgp8Wb5aZnpjS.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Best practize for $USER -> EMail

2017-01-20 Thread Sam Varshavchik

Michelle Konzack writes:


So my idea is, to use a script an rename all UNIX users by  a  construct
like
user1
user2
user3
etc

and then use the /etc/courier/aliases/  directory  to  point  the  EMail
adresses to the new user construct.

Do you think, this is OK?

I mean, I do absolutely not want  to  use  LDAP.   But  I  can  use  the
PostgreSQL to use the mapping or whatever is required.  I  mean,  I  can
use pam_pgsql and courier authpgsql.

Since my users can creathe ANY mail names of there  choice,  every  user
has a ~/.courier_aliasses file which is maped  to  /etc/courier/aliases/
and whatched by a cron process for changes which run "makealiases".

Question:   Is there a limitation in the number if files or symlinks  in
the /etc/courier/aliases/ directory? I think also  on  using
my PostgreSQL for all this aliasses and  generate  only  one
file automated which then run "makealiases"

Any suggestions?


This is mostly a system limitation. Last time I read this topic, Linux  
starts to grind down with around 2 files in the same directory. But  
that's old info, things might have changed. And that applies to native Linux  
filesystems. With NFS-mounted filesystems, this becomes an issue for the NFS  
server (won't matter if the server is also Linux, of course).


You don't have to have just one alias defined in each file of its own. You  
can put everything into a single alias file.


Linux userids are 32 bits; but it is not advised to use 32 bit userids for  
compatibility with filesystems and APIs that expect 16 bit UIDs. Pretty sure  
one of them is NFS, so that's going to be your limiting factor.





pgpCPuW8GEU5l.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Feature Request for WEBMLM

2017-01-19 Thread Sam Varshavchik

Michelle Konzack writes:


Hello and good morning/day/afternoon/evening or whatever,

I run now 14 (sub)domains as listservers and what me bother is,  that  I
must name the RC files

/etc/courier/webmlm/webmlmrc
webmlm2rc
webmlm3rc
...

and I have always to look into the files to know, which domain it is.
Something like

/etc/courier/webmlm/lists.itsystems.tamay-dogan.net
lists.electronica.tamay-dogan.net
lists.miila-mahe-aed.eu
lists.example.com

does not work.  Hence my  feature  request  is  to  have  by  default  a
/etc/courier/webmlm/ directory where the names  can  be  whatever,  mean
describtiv.


That is really not that much different from what webmlm is already doing.  
webmlm forms the name of the config file it uses from its own name, with  
"rc" appended.


Instead of creating "webmlm", "webmlm2", and so on, links in your cgi-bin  
directory, name those links whatever you want, and use the same names, with  
the "rc" suffix, for your configuration files (and start webmlmd  
accordingly). So what you're asking, essentially, is an option not to append  
the "rc" suffix.




pgpOS1kGoBNyg.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] New courier packages released.

2017-01-17 Thread Sam Varshavchik

Download: http://www.courier-mta.org/download.html

Minor releases of courier, courier-imap, sqwebmail, and maildrop packages.

Changes:

- Roll-up of fixes to accumulated reports compilation errors and  
compatibility issues.


- Improve compatibility with GnuPG 2



pgpwDpSm43JMf.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Where is the config option TLS_PEERCERTDIR located?

2017-01-16 Thread Sam Varshavchik

David Niklas writes:


It's mentioned in the section "ESMTP over TLS/SSL".
I ran grep -r TLS_PEERCERTDIR /etc/courier /usr/share/courier (I used
screen to copy the value from the docs exactly).
I don't get any results from grep.
Where does this value go?


A bit of obsolete documentation, this was combined with the TLS_TRUSTCERTS  
setting, which is described immediately afterwards. You can ignore this.


The configure script should be checking where the system trusted root  
certificates are typically installed, on most Linux distros, and  
initializing this setting automatically.


pgpLxl8GQQsEg.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Is authenticating with CRAM-SHA256 supported?

2017-01-16 Thread Sam Varshavchik

David Niklas writes:


The docs and the config files differ a bit on this.
Courier 0.75.0
Gentoo Linux


Looks like CRAM-SHA256 was added to the code base in 2005, so this should  
work fine.




pgpOelIWJJMWJ.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Preferred OS for Courier mail server

2017-01-10 Thread Sam Varshavchik

Hanno Böck writes:


Hi,

I'm more or less maintaining the gentoo packages.

On Sun, 8 Jan 2017 08:44:47 +0100
Dan Johansson  wrote:

> Yes, I agree that normally Gentoo has quite new packages, but some
> packages - like courier - lag somewhat behind.
> E.g. these are the "stable" version in portage at the moment:
> mail-mta/courier   0.75.0  (current is 0.76.3)

I wanted to bump a while ago, but the 0.76.3 had some issues for which
I sent patches (which sam has included, but not released yet).

Sam: Can we have a 0.76.4 or 0.77.0? I can include the patches, but if
possible I try to avoid that and stick with unpatched upstream releases.


Sure.

I'm a bit busy at the moment, but I should be able to swing this, next week.



pgpG3adm78PIE.pgp
Description: PGP signature
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Courier 0.76.3 released

2017-01-09 Thread Sam Varshavchik

Alexei Batyr' writes:


Sam Varshavchik writes:

> Download: http://www.courier-mta.org/download.html
>
Sam,

I've tried to upgrade Courier to the latest version on FreeBSD 10.3-RELEASE-
p11 and gmake failed with following errors:


Ok, made those fixes.

What compiler was that?




pgpvGJz4BR9B0.pgp
Description: PGP signature
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Preferred OS for Courier mail server

2017-01-07 Thread Sam Varshavchik

Dan Johansson writes:


Hallo,

I am planning to setup a new Courier mail server and I was just
wondering what is the preferred OS/distribution for a Courier install.
Today I am using Gentoo (but the package in Gentoo is not really up to
date).


I do what development work needs to be these days on Fedora.

All source code tarballs can be built directly into installable rpm packages:

rpmbuild -ta .tar.gz

This should also work on CentOS/RHEL.




pgpj0DKN89t7A.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] WebMLM start problem...

2017-01-06 Thread Sam Varshavchik

Michelle Konzack writes:


If I try to start MLM in the updatet Debian 7.11 system, I get following
error:

root@mail:/etc/init.d# ./courier-mlm restart
[ ok ] Stopping WebMLM daemon webmlmd.
[] Starting WebMLM daemon webmlmdMy uid/gid does not match 's
 failed!

I searched the whole thing but found noting different.  The  permissions
do not differ in any kind from the old ones.

I can still run the old courier installation (recompiled for Debian 7.11
without problems.

So, -- which uid/gid do not match?

Can it be, that one of the files in "LISTS=" is  wrong?   This  list  is
endless long!


Yes, it's one of the directories in LISTS. The error message isn't formatted  
right. I'll fix that, in the meantime you'll have to do some sleuthing:


echo $LISTS | tr ':' '\012' | while read D
do
  ls -ald $D
done

This should produce a list of all directories. Look for one whose ownership  
and permissions are broken.




pgpOcv1CZwVyN.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] nfs mounted /home/ not availlable problem...

2017-01-06 Thread Sam Varshavchik

Michelle Konzack writes:


which should work.  Currently I use  PAM  authentication,  but  want  to
switch to SQL auth, which I currently do not know, how to do  this  with
courier.


Check into Debian packaging. The mysql and postgres authentication modules  
should be in separate subpackages. This should be a matter of installing it,  
then setting up the authmysqlrc or the authpgsqlrc configuration file. The  
configuration file basically specifies the login information to the SQL  
server, and the layout of the table that serves the equivalent of  
/etc/passwd.




>From my point of view, courier should accept the message as long  as  it
can find the  per PAM or  SQL  and  deliver  the  message  to  the
~/Maildir/ when it is availlable.

Any suggestions or ideas whats wrong here?


Nope. Courier doesn't care and doesn't know anything about NFS. An  
unavailable storage server must result in some part of the shared filesystem  
going down.


pgpTaWrnzNmox.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] can not more setup aliasses

2017-01-02 Thread Sam Varshavchik

Michelle Konzack writes:


On 2017-01-02 13:17:33 Sam Varshavchik hacked into the keyboard:
> Do you have tamay-dogan.net listed in locals or hosteddomains?

The domain is in /etc/courier/locals.

The directory /etc/courier/hosteddomains
and the file  /etc/courier/hosteddomains.dat is not used.

I have just updated  but there is no change.

I do not find a singel error, because the system was running for more
then 7 years flawless and started buging me from one day to another.

All users (more then 2000) have for now to go  over  squirrelmail  which
give the hell of a load on my server...


And what happens in response to

$ ls ~domains

Since the alias is mapped to this local account?

Also, try using the aliaslookup command. aliaslookup performs a manual alias  
resolution.


There's also a

makealiases -dump

that show the parsed alias list.




pgp_60F2tdhYp.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] can not more setup aliasses

2017-01-02 Thread Sam Varshavchik

Michelle Konzack writes:


Hello Sam,

On 2017-01-02 11:00:38 Sam Varshavchik hacked into the keyboard:
> Well, something is not set up correctly.

:-/

> The 550 error shows only the local mailbox address, without @tamay- 
dogan.net;

> this indicates that tamay-dogan.net is defined as a local domain.

true

> So, either "domains" does not actually exist, in the alias file, or
> it itself points to a nonexistent mailbox.

But this looks right:

[ /etc/courier/aliasses/CATCHALL_tdnet.itsystems ]--
@itsystems.tamay-dogan.net: catchall-tdnet.itsystems
domainsATtamay-dogan.net: catchall-tdnet.itsystems


because all other aliasfiles are working  properly  and  have  the  same
style.  I can also access the catchall account from squieelmail.


Do you have tamay-dogan.net listed in locals or hosteddomains?



pgp4w4bucV8xj.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] can not more setup aliasses

2017-01-02 Thread Sam Varshavchik

Michelle Konzack writes:


Hi guys,

I have just tried to add a new alias "domains" to my

/etc/courier/aliases/catchall_tdnet.itsystems

and was running "makealiases" successfull! I can grep the correct values
in /etc/courier/aliases.dat. However, if I try to  send  a  mail  to  it
trough, my gmail account, I get this as reponse:

8<--
Date: Mon, 02 Jan 2017 14:44:48 +
From: Mail Delivery Subsystem 
To: linux4miche...@gmail.com
Subject: Delivery Status Notification (Failure)

Delivery to the following recipient failed permanently:

 domainsATtamay-dogan.net

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server
for the recipient domain tamay-dogan.net by mail.tamay-dogan.net.
[2a01:4f8:d12:1300::2].

The error that the other server returned was:
550 User  unknown



Well, something is not set up correctly.

The 550 error shows only the local mailbox address, without @tamay- 
dogan.net; this indicates that tamay-dogan.net is defined as a local domain.


So, either "domains" does not actually exist, in the alias file, or it  
itself points to a nonexistent mailbox.





pgpniVo8TPGNc.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] lo is down

2016-12-28 Thread Sam Varshavchik

SZÉPE Viktor writes:



Good evening!

I am investigating a strange monitoring phenomenon.
localhost (lo interface) is monitored on port 25 with a program called Monit.
Monit generates a very small SMTP communication.
Usually it is OK.

When the Internet-facing interface (eth0) is down - for some reason
but not DHCP - the test fails.

Of course couriertcpd binds on 127.0.0.1 only as "ADDRESS=127.0.0.1"

Could it be that Courier unbinds from localhost when eth0 is down?


Nope.

Sounds like either your entry in /etc/hosts for localhost refers to your  
public IP address, or your monitoring program is set up to monitor your  
public IP address.




pgptN7pSnNS27.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] imapd not authenticating, imapds is

2016-12-27 Thread Sam Varshavchik

Harry Duncan writes:

Every service works as before except vanilla imap where the MUA continually  
prompts for a password, set the account up again using imap over ssl and it  
works, set it up without ssl and it doesn't.



Barely makes a peep in the logs, I just see a connect and disconnect in  
mail.log


Use telnet to attempt to manually connect to the server, and see what  
happens:


telnet imap.example.com 143

xxx LOGIN userid password

The "xxx" is part of the command.



pgpqkhzP_ZIGf.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Adding "feature" to courier-pop3d

2016-12-23 Thread Sam Varshavchik

Svetozar Mihailov writes:


Hello,

I was requested to add "feature" to pop3, seen in t-online.de mail service.

When fetching mail from t-online via pop3 with 'leave on server', that
do not mark mails as 'seen' in t-online imap service.

That is unexpected behavior for me, but is usefull for few friends.


I implement that with additional AUXPOPTION from authdaemon ( mysql
backed ):

--- libs/imap/pop3dserver.c.orig2016-12-22 01:26:06.093047148 -0500
+++ libs/imap/pop3dserver.c 2016-12-22 01:27:34.025546151 -0500
@@ -727,6 +727,7 @@
 strcat(p, "S");

 if (lptr/* Don't mark as seen for TOP */
+   || auth_getoptionenvint("disablepop3seen")
 || rename(msglist_a[i]->filename, p))
 {
 free(p);


$ authtest -s pop3 office@domain
Authentication succeeded.

  Authenticated: office@domain  (uid 1000, gid 1000)
 Home Directory: /home/domain/office
Maildir: (none)
  Quota: (none)
Encrypted Password: (none)
Cleartext Password: password
Options: disablepop3seen=1


Is that is right place to do? Is this is correct modification?


That looks like the right fix.



pgprwjl9kPuAx.pgp
Description: PGP signature
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/intel___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Courier-AuthLib Configure Script Not Finding Installed ltdl.h Files

2016-12-13 Thread Sam Varshavchik

Michael S. Scaramella, Esq. writes:


Dear Sam:

Thank you for replying. I tried to keep my original message brief, and must  
have tried too hard. I also had thought that I should use a preconfigured  
installation. I originally installed the FreeBSD libtool package, then  
installed the port, and finally installed from source as a last resort. The  
courier-auth configure script never could find any of the three installed  
ltdl.h files. All ltdl.h files are still installed, and are identical. I  
tried copying the original ltdl.h file from /user/local/include to  
/usr/include, which does include other header files, but the courier-authlib  
configure script still fails with the same error: Unable to find ltdl.h.


Randomly copying files around is unlikely to have productive results.

You mentioned that I could “pass CPPFLAGS to configure.” Unless you have a  
better suggestion about what to try next, please point me toward any  
documentation available about how to appropriately pass CPPFLAGS to the  
configure script.


./configure "CPPFLAGS=-I"

You do not appear to have a tecnical background. This isn't very  
complicated, but some technical knowledge is needed to build software from  
source. Perhaps you should ask someone else in your organization for  
assistance, here.


pgpQRlO9jj8SH.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


  1   2   3   4   5   6   7   8   9   10   >