I sincerely doubt it From: Paul Bronson [mailto:signaldevelo...@gmail.com] Sent: Tuesday, June 27, 2017 2:42 PM To: Dino Edwards <dino.edwa...@mydirectmail.net> Subject: Re: [Djigzo users] Servers wont talk to me!
Hi Dino, Does this have to do with our 550 Mailbox unavailable issue? On Tue, Jun 27, 2017 at 2:36 PM, Dino Edwards <dino.edwa...@mydirectmail.net<mailto:dino.edwa...@mydirectmail.net>> wrote: I had to disable https on tomcat by inserting the following line in the /etc/default/tomcat6 file because no matter what I did, Ciphermail would redirect to port 8443: JAVA_OPTS="$JAVA_OPTS -Ddjigzo.https.all=false" After you do that, Ciphermail should answer on either port 8080 or 8888 don't remember which right off the top of my head. I have mine configured for port 8888 but if your Tomcat is running on 8080 obviously adjust the ProxyPass lines below to your port number. Here’s my apache config: <VirtualHost *:443> ProxyRequests Off SSLEngine on SSLCertificateFile /etc/ssl/certs/certificate.cer SSLCertificateKeyFile /etc/ssl/certs/private/key.key SSLCertificateChainFile /etc/ssl/certs/chain.cer SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /djigzo http://localhost:8888/djigzo ProxyPassReverse /djigzo http://localhost:8888/djigzo ProxyPass /web http://localhost:8888/web ProxyPassReverse /web http://localhost:8888/web ProxyTimeout 3600 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined CustomLog /var/log/apache2/ciphermail combined </VirtualHost> From: Paul Bronson [mailto:signaldevelo...@gmail.com<mailto:signaldevelo...@gmail.com>] Sent: Tuesday, June 27, 2017 10:25 AM To: Dino Edwards <dino.edwa...@mydirectmail.net<mailto:dino.edwa...@mydirectmail.net>> Cc: users@lists.djigzo.com<mailto:users@lists.djigzo.com> Subject: Re: [Djigzo users] Servers wont talk to me! DIno, Thanks for all your help! Can you post the complete apache config file? Also I think the paths are wrong (?) Mine is https://x.x.x.x:8443/ciphermail is the main admin page.. I wanted to change the main portal page to something else so I could block port access to 8443 on the firewall On Tue, Jun 27, 2017 at 8:08 AM, Dino Edwards via Users <users@lists.djigzo.com<mailto:users@lists.djigzo.com>> wrote: There is certainly way to do it with Tomcat but I can’t really help with that, I’m not that familiar with it. I can tell you that Apache is a much more advanced http server with a lot more functionality than Tomcat. Tomcat is primarily designed to serve Java Servlets and JSPs. My method is simpler I believe because it does not require you changing the configuration of Tomcat and ciphermail. You simply put Apache in front of it with the mod_proxy_ajp module which communicates with Tomcat using the default config. Of course, it’s all up to you how you want to proceed. From: Paul Bronson [mailto:signaldevelo...@gmail.com<mailto:signaldevelo...@gmail.com>] Sent: Monday, June 26, 2017 6:48 PM To: Dino Edwards <dino.edwa...@mydirectmail.net<mailto:dino.edwa...@mydirectmail.net>> Subject: Re: [Djigzo users] Servers wont talk to me! I dont NEED to use apache, is there a way to do it with tomcat? On Mon, Jun 26, 2017 at 2:54 PM, Dino Edwards via Users <users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com>>> wrote: The following settings in main.cf<http://main.cf><http://main.cf> should get you started for TLS: # TLS parameters smtpd_tls_cert_file = /etc/ssl/certs/cert.cer smtpd_tls_key_file = /etc/ssl/certs/key.key smtpd_tls_CAfile = /etc/ssl/certs/root.cer #smtpd_use_tls=yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_tls_loglevel = 1 I misspoke earlier. It’s been so long since I did this. Ciphermail comes bundled with Tomcat and it runs on port 8888 if I’m not mistaking. So, if you want to utilize Apache instead, you have to install mod_proxy_ajp module in Apache and setup an apache config like below: ProxyPass /djigzo http://localhost:8888/djigzo ProxyPassReverse /djigzo http://localhost:8888/djigzo ProxyPass /web http://localhost:8888/web ProxyPassReverse /web http://localhost:8888/web ProxyTimeout 3600 Changing the port has to be done within apache. So, if you want to use 443, you must of course install mod_ssl on apache, as well as certificate. I have a complete Apache config file if you want, let me know and I’ll post the relevant parts. From: Paul Bronson [mailto:signaldevelo...@gmail.com<mailto:signaldevelo...@gmail.com><mailto:signaldevelo...@gmail.com<mailto:signaldevelo...@gmail.com>>] Sent: Monday, June 26, 2017 2:42 PM To: Dino Edwards <dino.edwa...@mydirectmail.net<mailto:dino.edwa...@mydirectmail.net><mailto:dino.edwa...@mydirectmail.net<mailto:dino.edwa...@mydirectmail.net>>> Cc: users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com>> Subject: Re: [Djigzo users] Servers wont talk to me! Okay I will try that. I am also noticing that mxtoolbox states this server isn't configured for TLS? I do not see any settings under interface for this. Is this set on postfix main.cf<http://main.cf><http://main.cf><http://main.cf> file manually? Also if I wanted to remove the port or change the port to a default 443 do I need to do this within apache, or does the GUI do the config itself? On Mon, Jun 26, 2017 at 2:37 PM, Dino Edwards via Users <users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com>><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com>>>> wrote: I’m guessing sendmail got installed by accident or as part of something else. Not sure. I would either uninstall sendmail or change its port number if it’s absolutely necessary, although it doesn’t seem like that’s the case. Since the Web GUI runs on a different port, you can set whatever hostname you want in ciphermail as long as that hostname is resolvable by the outside world and as long as the back-end webserver (apache I assume) is configured to answer on that port. So, if you want the web portal to be https://webportal.domain.tld:8443/ in ciphermail under settings --> portal è Base URL you set it as follows: https://webportal.domain.tld:8443/web/portal/ From: Paul Bronson [mailto:signaldevelo...@gmail.com<mailto:signaldevelo...@gmail.com><mailto:signaldevelo...@gmail.com<mailto:signaldevelo...@gmail.com>><mailto:signaldevelo...@gmail.com<mailto:signaldevelo...@gmail.com><mailto:signaldevelo...@gmail.com<mailto:signaldevelo...@gmail.com>>>] Sent: Monday, June 26, 2017 2:13 PM To: Dino Edwards <dino.edwa...@mydirectmail.net<mailto:dino.edwa...@mydirectmail.net><mailto:dino.edwa...@mydirectmail.net<mailto:dino.edwa...@mydirectmail.net>><mailto:dino.edwa...@mydirectmail.net<mailto:dino.edwa...@mydirectmail.net><mailto:dino.edwa...@mydirectmail.net<mailto:dino.edwa...@mydirectmail.net>>>> Cc: users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com>><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com>>> Subject: Re: [Djigzo users] Servers wont talk to me! Hi Dino, Wonder why sendmail keeps trying to start then.. Odd. I'd really like to set the web portal to a different address versus the HELO name I meant, sorry. Paul On Mon, Jun 26, 2017 at 2:02 PM, Dino Edwards via Users <users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com>><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com>>><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com>><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com>>>>> wrote: You don't need both. One or the other, although Postfix is recommended. Different site, meaning different server? -----Original Message----- From: Users [mailto:users-boun...@lists.djigzo.com<mailto:users-boun...@lists.djigzo.com><mailto:users-boun...@lists.djigzo.com<mailto:users-boun...@lists.djigzo.com>><mailto:users-boun...@lists.djigzo.com<mailto:users-boun...@lists.djigzo.com><mailto:users-boun...@lists.djigzo.com<mailto:users-boun...@lists.djigzo.com>>><mailto:users-boun...@lists.djigzo.com<mailto:users-boun...@lists.djigzo.com><mailto:users-boun...@lists.djigzo.com<mailto:users-boun...@lists.djigzo.com>><mailto:users-boun...@lists.djigzo.com<mailto:users-boun...@lists.djigzo.com><mailto:users-boun...@lists.djigzo.com<mailto:users-boun...@lists.djigzo.com>>>>] On Behalf Of Paul Bronson via Users Sent: Monday, June 26, 2017 1:57 PM To: Martijn Brinkers <mart...@ciphermail.com<mailto:mart...@ciphermail.com><mailto:mart...@ciphermail.com<mailto:mart...@ciphermail.com>><mailto:mart...@ciphermail.com<mailto:mart...@ciphermail.com><mailto:mart...@ciphermail.com<mailto:mart...@ciphermail.com>>><mailto:mart...@ciphermail.com<mailto:mart...@ciphermail.com><mailto:mart...@ciphermail.com<mailto:mart...@ciphermail.com>><mailto:mart...@ciphermail.com<mailto:mart...@ciphermail.com><mailto:mart...@ciphermail.com<mailto:mart...@ciphermail.com>>>>> Cc: users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com>><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com>>><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com>><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com>>>> Subject: Re: [Djigzo users] Servers wont talk to me! IP Is not blacklisted, reverse DNS has been setup also. For some reason sendmail and postfix are using the same port? Do I need both? I would also like to set the web portal to a different site versus the hostname. On Fri, Jun 23, 2017 at 3:15 AM, Martijn Brinkers via Users < users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com>><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com>>><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com>><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com>>>>> wrote: > On 06/22/2017 10:32 PM, Paul Bronson via Users wrote: > > Okay here is what I have.. Still not sure what's wrong. > > > > http://imgur.com/a/k0ysM > > http://imgur.com/a/QuyaO > > http://imgur.com/a/9pNyl > > > > I have the IP listed in my networks. > > > > So my setup goes like this: > > > > Incoming email >> firewall >> email server > > > > Cipher mail is not used for incoming, but my outgoing setup is: > > > > Outgoing email >> email server >> ciphermail server >> firewall >> > internet > > > > For some reason I think something is getting clogged up on CM > > server. I have the email server (postfix) setup with a relayhost, so > > it will > forward > > all mails to the ciphermail server. The "locality" setting on my > > server > is > > "external" - does this matter? It's behind our firewall and should > > only > be > > sending mail off from our internal mail server. > > > > I had it on in the morning and the others told me they are getting a > > lot > of > > bouncebacks. I have a feeling this is because of the SFP records but > > I > want > > to make sure the server is setup properly. > > > > The OTP you helped me with works now also, thank you! > > > > Everything is inherited from global also. > > Once the email has been handled by the back-end (MPA), the email is > handed over to the MTA (Postfix). The MTA is responsible for > delivering the email. If the email is not delivered you should check > the MTA logs to see why. There can be a number of reasons why the > recipients mail server won't accept email: your IP address might be > dynamic (i.e., some consumer type ISP), there is no IP reverse name > for your IP address, the reverse IP name is not the same as the SMTP > helo name. your IP might be black-listed. > > Solving this does not involve making changes in the CipherMail global > settings. The only change in CipherMail that influences delivery is > the MTA helo name. > > Could you sent some MTA logs showing which mails were not delivered? > > What is the IP address the CipherMail gateway is using? > > Kind regards, > > Martijn Brinkers > > > -- > CipherMail email encryption > > Email encryption with support for S/MIME, OpenPGP, PDF encryption and > secure webmail pull. > > https://www.ciphermail.com > > Twitter: http://twitter.com/CipherMail > _______________________________________________ > Users mailing list > Users@lists.djigzo.com<mailto:Users@lists.djigzo.com><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com>><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com>>><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com>><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com>>>> > https://lists.djigzo.com/lists/listinfo/users > _______________________________________________ Users mailing list Users@lists.djigzo.com<mailto:Users@lists.djigzo.com><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com>><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com>>><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com>><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com>>>> https://lists.djigzo.com/lists/listinfo/users _______________________________________________ Users mailing list Users@lists.djigzo.com<mailto:Users@lists.djigzo.com><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com>><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com>>><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com>><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com>>>> https://lists.djigzo.com/lists/listinfo/users _______________________________________________ Users mailing list Users@lists.djigzo.com<mailto:Users@lists.djigzo.com><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com>><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com>>> https://lists.djigzo.com/lists/listinfo/users _______________________________________________ Users mailing list Users@lists.djigzo.com<mailto:Users@lists.djigzo.com><mailto:Users@lists.djigzo.com<mailto:Users@lists.djigzo.com>> https://lists.djigzo.com/lists/listinfo/users _______________________________________________ Users mailing list Users@lists.djigzo.com<mailto:Users@lists.djigzo.com> https://lists.djigzo.com/lists/listinfo/users _______________________________________________ Users mailing list Users@lists.djigzo.com https://lists.djigzo.com/lists/listinfo/users
