RE: [qmailtoaster] Alma Linux 9 QMT install failure

Henry, While I think everyone appreciates the enthusiasm, considering 9 only came out a few months ago, Eric [the hardest working man in Qmail] is probably not ready for 9 just yet. Give him a while to get a working 9 version ready :) . If you have to spin one up, I would go with Alma

RE: [qmailtoaster] iPhone updates / new ssl breaks connection

Remo, Here's mine... I run the/usr/bin/certbot renewcommand nightly. Then about an hour after that, I run this [change the secure.carlc.com to what ever URL your Letsencrypt cert is under]: #!/bin/bash # # Script to copy lets encrypt files to the right area and restart the needed

RE: [qmailtoaster] Certificate

Remo, I use LetsEncrypt, but I tell everyone who uses the service to use “secure.carlc.com” as the email server name. This causes the IMAP SSL to match up with the FQDN they are looking for. I never have an issue when LetsEncrypt does it automatic update [which is every 60 days as

RE: [qmailtoaster] Certificate

Rodrigo, Here’s my script for Letsencrypt, obviously, you would change out secure.carlc.com with the name of website on the email server that QMAIL runs: [root@mail7 ~]# more copy_letsencrypt_files.sh #!/bin/bash # # Script to copy lets encrypt files to the right area and restart the

RE: [qmailtoaster] Spamcop's RBL went rogue today for me

SPAMCOP.NET was not renewed as a domain by CISCO. There’s a big write up on Reddit. https://www.reddit.com/r/sysadmin/comments/l9asw7/spamcop_domain_expiredparked/ and https://www.bleepingcomputer.com/news/security/spamcop-anti-spam-service-suffers-an-outage-after-its-domain-expired/

[qmailtoaster] Clamd not restarting after update from 101 to 103

Ran into an issue where last night, two of my servers with clamav 101 versions updated to 103. After the update, the old clam was running, so if you reboot, you find that clam is not starting. In order to fix: 1) Install clamd Yum install clamd 2) uncomment the "LocalSocket" in

[qmailtoaster] RedHat's Blog on CentOS

https://blog.centos.org/2021/01/centos-community-newsletter-january-2020-210 1/ Interesting read... I still will stand behind any decision Eric has for our future direction. Carl - To unsubscribe, e-mail:

RE: [qmailtoaster] Clamd suggestions

I spent yesterday fighting with this... The newer 103 version had an issue with simscan, where it didn't start and read simscan correctly. This caused all my submission [port 587] to do "qq soft reject" failures. I was able to go back to the 101 qmt version that worked correctly on the two

RE: [qmailtoaster] Future of qmailtoaster on CentOS?

That's why I went in business for myself... Except I don't really advertise, I pick who I want for clients. This way, I can setup ANY type of VM I want, with ANY Linux distro I want to support. And as to going out of business in 3 days, that's the old tactic of "I got your money, now what ya

RE: [qmailtoaster] qmailtoaster and clamav version: 0.102.2

AIZAWA-san, While it's not the latest, it's still current enough to handle all the ClamAV scanning. I'm sure Eric will give you a better explanation, but you are not far behind in version and ability. Carl -Original Message- From: あいざわひろし [mailto:cobo...@gmail.com] Sent: Wednesday,

RE: [qmailtoaster] letsencrypt cert renewal commands

I created one that after you run the renew, it will install it” #!/bin/bash # # Script to copy lets encrypt files to the right area and restart the needed services. # # Initial concept by RCC 06/08.2018 # # Test if the letsencrypt live cert.pem file was changed in the last 24 hours...

RE: [qmailtoaster] Error on new mailserver setup

I think this is the old issue where /var/qmail/bin/qmail-queue is “ln” to queue-dk. You might want to undo the “ln” and create a new one to qmail-queue.orig …. Carl From: Jeff Koch [mailto:jeffk...@intersessions.com] Sent: Tuesday, October 22, 2019 08:50 AM To:

RE: [qmailtoaster] SSL Problem Dovecot

: Error: Could not find a minimum ssl_min_protocol setting from ssl_protocols = TLSv1.2 TLSv1.1 TLSv1 !SSLv3 !SSLv2: Unrecognized protocol 'SSLv2' Thanks, Gary On 9/4/2019 1:20 PM, CarlC Internet Services Service Desk wrote: For Dovecot, I use ssl_protocols = TLSv1.2 TLSv1.1 TLSv1 !SSLv3

RE: [qmailtoaster] SSL Problem Dovecot

For Dovecot, I use ssl_protocols = TLSv1.2 TLSv1.1 TLSv1 !SSLv3 !SSLv2 Then under ssl_cipher_list, I have a long list of ciphers [and blocked ones] that start with the strongest and work downward from there. When I run a scan against IMAPS, any that are found to be compromised, I change

RE: [qmailtoaster] SSL Problem Dovecot

Gary, https://www.immuniweb.com/ssl/ is perfect way to test. I think everyone

RE: [qmailtoaster] SSL Problem Dovecot

ver, but I'm not sure. Hope this helps. -Andy PS: Someone running the old version of openssl will need to put '-SSLv2" at the end of the cipherlist, whereas the newer version no longer supports it so it doesn't require removing it. And NO ONE should be using the SSLv2 protocol,

RE: [qmailtoaster] SSL Problem Dovecot

would you recommend? Thanks, Gary On 9/3/2019 3:28 PM, CarlC Internet Services Service Desk wrote: Your real problem is that this file is different based on which CentOS you’re on [or should I say, which openssl is loaded]. If you have CentOS 7, with openssl 1.0.2k, you can tune thi

RE: [qmailtoaster] SSL Problem Dovecot

Your real problem is that this file is different based on which CentOS you’re on [or should I say, which openssl is loaded]. If you have CentOS 7, with openssl 1.0.2k, you can tune this file to include each cipher you want [the file can actually be 10+ lines long wrapped]. This is so you can

RE: [qmailtoaster] Slow speeds on qmt repos

Which QMT repo are you pulling from? I know one of the repos run from my VMware cluster at the NOC and I don't show any slowness at the NOC. Carl -Original Message- From: Tony White [mailto:t...@ycs.com.au] Sent: Wednesday, June 19, 2019 11:35 AM To: qmailtoaster-list@qmailtoaster.com

RE: [qmailtoaster] SMTP configuration

that forces encryption before authentication. On 6/18/2019 6:46 AM, CarlC Internet Services Service Desk wrote: I have my own OpenVAS server to test my Qmail server for security. One of the things I get as a “medium” warning is “The remote host is running SMTP server that allows cleartext

[qmailtoaster] SMTP configuration

I have my own OpenVAS server to test my Qmail server for security. One of the things I get as a “medium” warning is “The remote host is running SMTP server that allows cleartext logins over unencrypted connections.” It’s saying we allow LOGIN and PLAIN for SMTP while supporting the

RE: [qmailtoaster] mailserver on AWS

02, 2019 02:16 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] mailserver on AWS Carl, how do you incorporate this in qmail? On 3/2/2019 12:04 PM, CarlC Internet Services Service Desk wrote: > Jeff [and Eric], > > Look at SSH port forwarding... I've done th

RE: [qmailtoaster] mailserver on AWS

Jeff [and Eric], Look at SSH port forwarding... I've done this before and it works great... You could do what Eric suggested, start on a different port, then on another server at a more reasonable host provider, forward that port 25 to your AWS instance via SSH.

[qmailtoaster] Issues with yum update....

Yum just started complaining with this: Could not retrieve mirrorlist https://www.qmailtoaster.org/qmt-mirrorlist-current error was 14: curl#60 - "Peer's Certificate issuer is not recognized." Something expired on the qmt repository? Carl

RE: [qmailtoaster] I do not understand this error!

I just tested it… I was able to login [anonymous FTP] and drill down to the rpms under CentOS7 as a test… Carl From: Tommi Järvilehto [mailto:tommi.jarvile...@datavahti.fi] Sent: Tuesday, October 16, 2018 03:42 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] I do

RE: [qmailtoaster] I do not understand this error!

When I see this, it’s because the customer’s email client does not support TLS 1.1 or 1.2… The last time, for me, it was a Windows 7 PC running Outlook 2007… I had to point the client to the websites that show how to install the latest TLS support onto Windows 7. Carl From: Tony

[qmailtoaster] LetsEncrypt auto update file...

Only because others are talking security and LetEncrypt… I put together a script that I run AFTER certbot renew checks are run. Figured I would include it here for the Qmail community to use: [root@mail7 ~]# more copy_letsencrypt_files.sh #!/bin/bash # # Script to copy lets encrypt files

RE: [qmailtoaster] tlsserverciphers

I guess nobody has an idea how to limit SMTP-SSL and SUBMISSION to only allow TLS 1, TLS 1.1 and TLS 1.2? -Original Message- From: CarlC Internet Services Service Desk [mailto:ab...@carlc.com] Sent: Sunday, June 03, 2018 09:38 AM To: qmailtoaster-list@qmailtoaster.com Subject: RE

RE: [qmailtoaster] tlsserverciphers

ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:!SSLv2 It's when I add the :!SSLv3 that I lose SSLv3 [good], TLS1 [bad] and TLS1.1 [don't care because it's really the same as 1.2]. Carl -Original Message- From: Eric Broch [mailto:ebr...@whitehorsetc.com] Sent: Sunday, June 03,

[qmailtoaster] tlsserverciphers

Is there any way to disable the SSLv3 protocol without it taking out TLS 1.0? When I add ":-SSLv3" to tlsserverciphers, I end up with just TLS 1.2 working... That's not good for any Thunderbird clients, they cannot longer connect to the smtp-ssl on port 465. Was there a patch, or something done

RE: [qmailtoaster] Delivery fail

I seem to remember this has something to do DNS… I know if the box is running its own BIND, then restart bind [ranges from “/etc/rc.d/init.d/named restart” to systemctl restart named). Carl From: Jeff Koch [mailto:jeffk...@intersessions.com] Sent: Friday, January 19, 2018 11:17 AM

[qmailtoaster] Fail2ban for Squirrelmail.

Dan, I have it working showing the IP address: In /etc/fail2ban/jail.conf: # squirrelmail [squirrelmail-iptables] enabled = true filter = squirrelmail action = iptables[name=SquirrelMail, port=http, protocol=tcp] sendmail-squirrelmail[name=SquirrelMail,dest=ab...@carlc.com,

RE: [qmailtoaster] connection issues again.

Would FAIL2BAN be an ideal setup here? I use it to control the attacks [example: more than 10 failed logins in 1 day, your banned for "X" hours]. Fail2ban also works with the SquirrelMail, Roundcube, etc... I have it setup on SMTP, SMTPS, SUBMISSION, POP3s and IMAPs. You can also use FAIL2BAN

RE: Re: [qmailtoaster] probles error 4.4.2

On the DNS, why do we get two answers?? nslookup 186.18.13.252 Server: 8.8.4.4 Address:8.8.4.4#53 Non-authoritative answer: 252.13.18.186.in-addr.arpa name = sistemas-sg.com.ar. 252.13.18.186.in-addr.arpa name = mail.sistemas-sg.com.ar. Authoritative

RE: [qmailtoaster] POP3 Secure on port 995

Oops... Forgot to say that if you're running dovecot: For CentOS 7 / Qmail server: look in /etc/dovecot/dovecot.conf and make all changes there. Carl -Original Message- From: CarlC Internet Services Service Desk [mailto:ab...@carlc.com] Sent: Friday, May 26, 2017 12:43 PM

RE: [qmailtoaster] POP3 Secure on port 995

Tony, While you're fixing that, check out http://www.qmailwiki.org/Qmail-control-files#control.2Ftlsserverciphers ... You can kill off all the older hackable SSLv2 and even kill off SSLv3 and TLSv1 if you don't have customers on older equipment/phones. I use the following ssltest.sh script

[qmailtoaster] New updates maybe have spamdyke issues.

This morning, upgraded the following: May 16 06:37:45 Updated: spamassassin-3.4.1-1.qt.el7.x86_64 May 16 06:37:56 Updated: simscan-1.4.0-1.qt.el7.x86_64 May 16 06:37:56 Updated: jasper-libs-1.900.1-30.el7_3.x86_64 May 16 06:37:57 Updated: ghostscript-9.07-20.el7_3.5.x86_64 May 16 06:38:07

RE: [qmailtoaster] Centos 5 and PCRE

From: Gary Bowling [mailto:g...@gbco.us] >Now the question is... how important is it to upgrade to Centos6 or Centos7? I did it to get openssl-1.0.x and kill anything below TLS 1.1. CentOS 5 is limited to openssl-0.9.6 unless you do major surgery [maybe easier now but getting

RE: [qmailtoaster] Sending outbound email works, but takes about 10 seconds.

Found the slowness... In the "run" file for smtp-ssl, I have: BLACKLIST=`cat /var/qmail/control/blacklists-ssl` Well, That file does not exist, so that plays havoc with: exec /usr/bin/softlimit -m 128000 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \ -u

RE: [qmailtoaster] Sending outbound email works, but takes about 10 seconds.

-Original Message- From: Tonix - >Check your dns. It looks like it takes time to solve client reverse ip. I'm using 8.8.4.4, 4.2.2.1 and 8.8.8.8... They do run pretty fast. That's in /etc/resolv.conf. It's the same setting as the old Email server had. Does QMail use a different place

RE: [qmailtoaster] Squirrelmail stopped working.

[mailto:ebr...@whitehorsetc.com] Sent: Sunday, February 19, 2017 10:53 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Squirrelmail stopped working. Did you restart dovecot? On 2/19/2017 7:25 AM, CarlC Internet Services Service Desk wrote: > Now, this one is just weird... I tes

RE: [qmailtoaster] Sending outbound email works, but takes about 10 seconds.

-Original Message- From: Eric Broch >does this happen in your webmail, squirrelmail and roundcube? Nope... Only with anything using smtp-ssl (port 465)... Carl - To unsubscribe, e-mail:

[qmailtoaster] Squirrelmail stopped working.

Now, this one is just weird... I tested squirrelmail and even had others test before changing the IP address to make a server live... After changing the IP address, squirrelmail fails to login. But here's the fun part, it's set to use localhost. Maybe someone else can see what I'm missing: Using

[qmailtoaster] Sending outbound email works, but takes about 10 seconds.

With a newly installed QMT, when we send emails, it works... But it takes about 10 seconds.. It just sits at sending on the client side waiting for the server to complete. Before I go digging into this, has anyone else seen this? Or is it some simple setting I've missed :) Thanks, Carl

RE: [qmailtoaster] Validating RBLs are in use

Chris, I loaded a stock QMT install, and in /var/qmail/supervise/smtp/run, it has the line: BLACKLIST=`cat /var/qmail/control/blacklists` Which is used by SMTP before SPAMDYKE is called: exec /usr/bin/softlimit -m 6400 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c

RE: [qmailtoaster] Roundcube with QMT

Angus, Thanks, you setups helped. I used Eric's to get it running, then read over yours and added a few goodies. This was the perfect 1-2 punch to get roundcube running on our new CentOS 7 server. Carl - To unsubscribe,

RE: [qmailtoaster] Roundcube with QMT

>It is that simple! >Roundcube comes with EPEL >Again, look at the top of the page, here: >http://www.qmailtoaster.com/extras.html Eric, Your right, it was that simple :) ... Got it working thanks to the instructions. Thanks, I owe you a beer. Carl

[qmailtoaster] Roundcube with QMT

Dan, Cool, I was always interested in Roundcube. Any gotcha's on installation? Or do I just "yum install roundcube" [Doubt it's that easy or I would be that lucky] :) ? Thanks! Carl -Original Message- From: Dan McAllister Roundcube is the service most of my clients prefer. It will

[qmailtoaster] SQwebmail

For our newer CentOS 7 qmail servers, does anyone have a recommended procedure to build SQwebmail [and do we need to load Courier? I hope not]. We have squirrelmail working [thank you Eric], but wanted to see what other webmail type applications we can load, and we have a few users who want to

RE: [qmailtoaster] Converting an old Qmail server with old short passwords to newer Qmail

c P.S. I hope this helps. On 2/11/2017 11:17 PM, CarlC Internet Services Service Desk wrote: I'm converting an older CentOS 5 server [which started life as a CentOS 4 server many years ago] to a new CentOS 7 server. I've moved everything over, and was doing rsyncs [and Database updates

[qmailtoaster] Converting an old Qmail server with old short passwords to newer Qmail

I'm converting an older CentOS 5 server [which started life as a CentOS 4 server many years ago] to a new CentOS 7 server. I've moved everything over, and was doing rsyncs [and Database updates of vpopmail/valias]. I've hit an interesting problem, the new CentOS 7 server will not allow me to

RE: [qmailtoaster] Uptick in spam / sa-learn

From: Eric Broch [mailto:ebr...@whitehorsetc.com] >. I know of another individual who uses a Barracuda Anti-Spam appliance that >works well. Eric, IMHO, hit the nail on the head. Don’t expect the mail server [or should I say Qmail server] to handle the front end spam. We use

RE: [qmailtoaster] Problemas...

>CNAME lookup failed temporarily. (#4.4.3) Many years ago I remember that the problem was in DNS, and the server was running its own DNS: /etc/rc.d/init.d/named restart Use the fix it. Also, wasn’t there some big DNS qmail patch that fixes this issue? Carl

RE: [qmailtoaster] How to make mirror all the emails with all the mailbox in another server or storage

>In this case, What i am thinking, Why should i make all the emails sync with >another server or storage disk at the same time when deliver the email. I’m sure someone else has a better answer, but you could just rsync the /home/vpopmail/domains/ area without a delete [that is the default

RE: [qmailtoaster] latest version of qmt or vm please

>I'm running it on CentOS 7 with no problem using those same files. I'm on a >VPS though, I didn't try it in VMWare. Same here… I just spun up a new CentOS 7 and loaded the latest qmt about 3 months ago. No issues what so ever. Carl

RE: [qmailtoaster] catch all account and the spam

>From: Dan McAllister >Now I can't just reply to HOW without adding my 2-cents worth as to why I think "bounce-no-mailbox" is the WORST of the options: >- It allows spammers to "mine" your domain for "good" email addresses (which then get sold!). how? Send a note to a...@yourdomain.com,

RE: [qmailtoaster] qmailtoaster installation large installation

I’ve been using Qmail since 2000, and as an ISP, it’s saved my rear end more times than I can tell you compared to other Email servers I’ve had to deal with… I’ve been lurking on the QMT lists via the web for years, and finally decided to join the list. Largest we got for a while was over