[qmailtoaster] sslv3_alert_handshake_failure due to limited cipher-set in tlsserverciphers

I've been using a limited (hardened) set of SSL ciphers in tlsserverciphers, but have noticed today that there have been 13 delivery failures from our server in the past twenty days:

[qmailtoaster] forwarding submission mail to alternate host

We have a customer who wants to use a Barracuda encryption service so they can be HIPAA compliant. They have requested that outgoing mail their office submits to our server on port 587 be forwarded to a barracuda network. I know qmail's `smtproutes` allows incoming mail for a domain to be

[qmailtoaster] email addresses beginning with a hyphen

the problem: http://goo.gl/6vq6ps -- Quinn Comendant Strangecode, LLC http://www.strangecode.com/ +1 530 636 2633 office @com and @strangecode

[qmailtoaster] wiki spam

I found this at http://wiki.qmailtoaster.com/index.php?title=FAQs (see attached). Q - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail:

Re: [qmailtoaster] Too many /tmp/clamav-*.tmp

On Thu, 24 May 2018 08:33:40 -0600, Eric Broch wrote: > Is this issue resolved if you remove the call to the wrapper script? Ok, I tried this, and it the number of tmp dirs is still increasing. I'll let it run like this for awhile to see if it improves. > Also, can you enable 'SIMSCAN_DEBUG=3'

Re: [qmailtoaster] Too many /tmp/clamav-*.tmp [SOLVED]

On Thu, 24 May 2018 16:12:35 -0600, Eric Broch wrote: > I think you should update ClamAV on your system. I while back there > was an issue with older ClamAV versions leaving orphaned file handles > on the system in the /tmp directory. The newer versions will resolve > this issue. That's a good

[qmailtoaster] Does not support TLS

I tested a server with mxtoolbox.com, and it gave an error that the server "Does not support TLS": "Your SMTP email server does advertise support for TLS. After connecting to your mail server we issue an EHLO command to introduce ourselves and to request that your server announce which

Re: [qmailtoaster] Does not support TLS

Another issue it reported is "SMTP Transaction Time: 15.174 seconds - Not good on Transaction Time". Is that an intentional delay due for "tar pitting"? Quinn - To unsubscribe, e-mail:

Re: [qmailtoaster] Does not support TLS

On Fri, 15 Jun 2018 10:47:55 +0700, Quinn Comendant wrote: > And it's true, here's the capabilities shows in a SMTP connection: > […] Correction: it's indicated as available by the "STARTTLS" tag. ¯\_(ツ)_/¯ And indeed, now it seems to be working, I'm getting "Supports TLS

[qmailtoaster] Discrepancy between vpopmail ↔︎ assign/vdominfo

There is a QMT server with 136 domains. It has 136 domains in its vpopmail DB and 136 domains under /home/vpopmail/domains. However, the /var/qmail/users/assign file has 157 distinct domains, and vdominfo reports 155 domains. The /home/vpopmail/bin/* tools are used exclusively for managing

Re: [qmailtoaster] Discrepancy between vpopmail ↔︎ assign/vdominfo

On Tue, 5 Jun 2018 22:18:23 -0600, Eric Broch wrote: > How do you manage vpopmail, by CLI, VQAdmin, qmailAdmin? Always by CLI tools from /home/vpopmail/bin/* Q - To unsubscribe, e-mail:

[qmailtoaster] 15 years later: Remote Code Execution in qmail (CVE-2005-1513)

Hello all, I just came across this security bulletin that affects qmail: https://www.qualys.com/2020/05/19/cve-2005-1513/remote-code-execution-qmail.txt “TLDR: In 2005, three vulnerabilities were discovered in qmail but were never fixed because they were believed to be unexploitable in a default

Re: [qmailtoaster] 15 years later: Remote Code Execution in qmail (CVE-2005-1513)

having a reasonable value in > /var/qmail/control/databytes > > Have you checked your deployed systems? > > I need to dig into how qmail-local is being called, so I can figure > out whether it has softlimits yet, but I need to get my kids to > school. :) > > -Chri

Re: [qmailtoaster] dot-qmail files

You can find .qmail documentation at `man dot-qmail`. I'd like to see your scripts, if you'd like to share. Quinn - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail:

[qmailtoaster] Let's Encrypt "DST Root CA X3" expires today

Hello all, The Let's Encrypt "DST Root CA X3" root certificate expired today, September 30, 2021. https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ For most users, this isn't an issue because the newer "ISRG Root X1" certificate is trusted on all new devices. Users with

Re: [qmailtoaster] Let's Encrypt "DST Root CA X3" expires today

On 30 Sep 2021 13:02:51, Quinn Comendant wrote: > I have a RoundCube server that is now unable to connect to an IMAP > server (older qmailtoaster running couriertls). The error in the > imap4-ssl log is "sslv3 alert certificate expired". I was able to solve this by updating t

Re: [qmailtoaster] Host email server on AWS cloud

Or don't send mail from AWS IP addresses at all; use a mail forwarding service such as MailChannels. Quinn - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail:

Re: [qmailtoaster] Best Config for new server

I will probably use Rocky when I rebuild my server, because it is one of the options on GCP, it has an EOL of June 2031. Q - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands,

Re: [qmailtoaster] Status of Domain Keys in QMT

a part of the sources but signing is done by a perl wrapper around qmail-remote. See here <https://qmailtoaster.org/dkim.html> . DKIM checking can be done by either spamassassin or rspam and is not necessary in QT. On 10/1/2023 12:18 PM, Quinn Comendant wrote: Hi all, What is the current stat

[qmailtoaster] Status of Domain Keys in QMT

Hi all, What is the current status of Domain Keys in QMT? I've been following the advice given in (“Unfortunately, domain keys are broken in Toaster. It's recommended that you disable them for the time being.”), but wonder if there

Re: [qmailtoaster] Outlook users get "unsupported encryption type" error after Windows update

On 13 Oct 2022, at 12:12, Jeff Koch wrote: I think this would indicate that our Dovecot IMAP supports TLSv1.2 and should work with the Outlook updates. Am I missing something? FWIW, I applied [Janno Sannik's

Re: [qmailtoaster] UIDVALIDITY value changed during Courier-to-Dovecot migration

On 19 Oct 2022, at 0:41, Quinn Comendant wrote: The so-called UIDVALIDITY value of the mailbox “INBOX” has changed. MailMate has to resynchronize the mailbox, that is, purge the local cache and refetch the messages of the mailbox. I think this may have been caused by the mailboxes actually

Re: [qmailtoaster] Outlook users get "unsupported encryption type" error after Windows update

Hi Andreas, I've had some users report this as well. Previously, they were getting this same error when receiving mail; upgrading to Dovecot (from Courier) resolved that. Now the issue seems to also exist with qmail-smtp. I'm not sure what is broken, because connections to port 587 support

[qmailtoaster] UIDVALIDITY value changed during Courier-to-Dovecot migration

I've done a test upgrade of a cloned server from Courier to Dovecot. So far, it's working well with most email clients, but when I reconfigure MailMate to connect to the new server, it gives me this error ([screenshot](https://send.strangecode.com/f/screen-shot-2022-10-18-at-23-51-55.png)):

[qmailtoaster] Outlook users get "unsupported encryption type" error after Windows update

Today we received several complaints from Outlook users who are unable to connect to QMT servers. They get this error: Task "u...@example.com - Sending: reported error (Ox800CCC1A) : 'Your server does not support the connection encryption type you have specified. Try changing the encryption

Re: [qmailtoaster] Outlook users get "unsupported encryption type" error after Windows update

The Windows system update on October 11, 2021 included a change to disable TLS 1.0 and 1.1 by default. - Windows blog post: [Plan for change: TLS 1.0 and TLS 1.1 soon to be disabled by default](https://blogs.windows.com/msedgedev/2020/03/31/tls-1-0-tls-1-1-schedule-update-edge-ie11/) -

Re: [qmailtoaster] Outlook users get "unsupported encryption type" error after Windows update

On 13 Oct 2022, at 12:12, Jeff Koch wrote: I think this would indicate that our Dovecot IMAP supports TLSv1.2 and should work with the Outlook updates. Yes, looks like a successful TLS 1.2 connection. When testing with openssl, I would add the `-tls1_2` option to force use of that protocol:

Re: [qmailtoaster] rocky 9 from centOS 7 suggestions?

On 10 Mar 2023, at 11:16, Gary Bowling wrote: What's the status these days of a repository that "just works" for installing the toaster? I'd love an update on this too. I'm planning an upgrade to Rocky 9 this year as well. I'm a developer, so not afraid of scripts, but had assumed that QMT

Re: [qmailtoaster] Rocky 9 Migration

On 23 Feb 2024, at 9:10, Gary Bowling wrote: LoadModule php5\_module modules/libphp5.so On my Rocky 9 box, this file does not exist and I cannot find that it is even suppose to exist. But I'm not sure how php is suppose to work on Apache without it. Hi Gary, Glad you worked it

<    1   2   3