Bernd Plagge | 19 Dec 02:23 2014
Picon

Re: Mailing List moderation

Hi Sam,

thanks!

Yesterday I sent a cc moderation (failed as before).
Today I did not sign it but left the footer block - and it failed as well. So it seems that the signature is not
the problem.

I had a look at the cmlmmoderate.C program (version 0.68.2-1 Debian) and this is pretty straight forward -
searching for 'no', 'reject', additional message and filename/token.

It uses the std::getline function. 
There is a module_getline in moduledel.c which checks for EOF or '\n'.
Could this be the problem - as the footer is in Unicode and contains Japanese?

--- part of the second message - quoted printable - "
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Fri, 19 Dec 2014 01:17:01 +0900
erp-ledger-moderate <at> erp-online.jp wrote:

> =3D=3DCUT HERE=3D=3D
> Insert any rejection notice here.
> =3D=3DCUT HERE=3D=3D
>=20
> The following message has been previously send to you for moderation,
> but no response has been received.  You will receive periodic reminders
> to moderate this message until you do the following.  To approve this
> message and post it to the mailing list, reply to this message.  To
(Continue reading)

Bernd Plagge | 17 Dec 00:23 2014
Picon

Mailing List moderation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Sam,

thank you very much for your excellent mail server which I've been using happily for many year!

I've a minor issue with mailing list moderation.

As you can see I'm signing my mails and I have a biggish signature with some web links.
When I receive a moderation request and simply reply to it it won't be recognized and the post will not be sent
to the list.
If, however, I delete the signature block AND don't sign the message everything works perfectly.

So, it seems that the moderation mail is not recognized if it signed and/or contains some characters found
in the signature.
While I recognise that I can just switch signing off and remove the signature part this is easily forgotten.

Maybe you can address this in one of the future releases.

Thanks again,
Bernd

- -- Moderation Mail -------------
Content-Transfer-Encoding: base64

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Wed, 17 Dec 2014 08:14:06 +0900
(Continue reading)

Mark Constable | 16 Dec 07:20 2014
Picon

Slow sending out port 587

Thunderbird often hangs when picking up IMAP (starttls) and I've tried
all manner of tweaks but it still persists BUT now for the past week
trying to send email via port 587 is also taking up to 1 and 2 minutes
before the message actually gets accepted and sent from TB.

I've also been getting a huge amount of these, like 30,000 yesterday,
which I presume are hitting port 25 so I am not sure why these would
affect port 587.

Dec 16 17:01:45 s2 courieresmtpd: dropped blocked connection from ::ffff:96.45.25.223

I haven't touched the esmtpd MAXDAEMONS but increased esmtpd-msa 10 fold.

esmtpd MAXDAEMONS=40
esmtpd MAXPERC=5
esmtpd MAXPERIP=5
esmtpd-msa MAXDAEMONS=400
esmtpd-msa MAXPERC=200
esmtpd-msa MAXPERIP=200
esmtpd-ssl MAXDAEMONS=40
esmtpd-ssl MAXPERC=5
esmtpd-ssl MAXPERIP=5
imapd MAXDAEMONS=400
imapd MAXPERC=200
imapd MAXPERIP=200

I guess my question is if port 25 is getting hammered will that also
delay port 587's ability to handle incoming auth'd requests?

Bonus question, aside from fail2ban, has anyone got any rules for iptables
(Continue reading)

Mark Constable | 14 Dec 12:24 2014
Picon

alias user in virtual tables

Just a real low priority suggestion that may not be possible but having
to have an extra alias <at> domain user entry in a virtual password table
has always annoyed when using the same table with other services.

ATM I am seeing 2 SQL lookups, one to check user id/password and another
one to see if there is a alias <at> domain whereas the initial lookup could
include one extra field to check for the alias option. Save a SQL query
and also git rid of a lot of otherwise redundant alias database entries.

Surely it would be possible to have the authdaemon check the same users
entry and if there is a boolean yes/no "alias" column entry in a single
lookup?

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
courier-users mailing list
courier-users <at> lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Alessandro Vesely | 11 Dec 20:32 2014
Picon

Added whitespace breaks DKIM signatures

Sam,

when MAL wrote me about this bug I thought it was a sendmail idiosyncrasy.  He
found that a long display phrase makes the From: header wrapped.  I checked
several DKIM validators and found (only) one of them succeeded; that is, the
From: line wasn't wrapped, like in local bcc's.

After further investigation I found out that Courier smtp client wraps header
lines longer than 70 (rfc822_getaddrs_wrap).  Sendmail unwraps the newline to
work around a Lotus Notes quirk which used to cause some misbehavior in some
clients.  I'm not clear whether esmtpclient only wraps in some cases or
Applemail (the server that hosts the succeeding test) does a better unwrapping
by also removing the two additional spaces.  All of that seems to be buried
quite deeply in email history.  If you recollect any details, I'll forward that
to the folks at opendkim who helped me understanding this oddity.

For outbound mail, the obvious workaround is to use the "relaxed" DKIM header
canonicalization, which disregards whitespace.  Some may prefer to skip the
rewriting entirely, but I have no idea of the pros and cons of it.  "Simple"
canonicalization would be better in case whitespace matters.  Is it worth
making the rewriting configurable?

For inbound mail, rewriting doesn't seem to take place.  Correct?

Ale

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
(Continue reading)

Ben Kennedy | 9 Dec 05:04 2014
Picon

courierfilter on gentoo

Hey all.

Does anybody successfully have a working courierfilter setup working on Gentoo?

I have been running courier and a couple of filters to run rudimentary spam blocking (pythonfilter,
courierfilter, courier-filter-perl) for many years, but the setup has always been a
bailing-wire-and-gum pain in the ass; every time that the courier process goes down and comes back up,
these processes need to be killed by hand (courierfilter stop does not work) and then relaunched.  My
installation, for what should be commonplace requirements, has never felt smooth or properly-designed.

Is there a better way?

b

--
Ben Kennedy, chief magician
Zygoat Creative Technical Services
http://www.zygoat.ca

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
courier-users mailing list
courier-users <at> lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

(Continue reading)

Alessandro Vesely | 7 Dec 14:56 2014
Picon

Sendmail -n

Hi,

setting MIME=none before sending mail from the local host should prevent MIME
changes that invalidate DKIM signatures.  Is there a way to get those changes
before signing, instead?

I tried something like this Perl code:

     $final = `sendmail -n < $outfile`;
     write_file($outfile, $final);
     `dkimsign $outfile`;
     `sendmail -f $bounce $rcpt < $outfile`

It doesn't work.  For example, Content-Transfer-Encoding seems to be added
after signing.

I have filtering enabled for just esmtp --which is an annoyance because mail
sent locally with sendmail doesn't get signed automatically; but, IIRC,
enabling all would imply each cc in a mailfilter, say, or similar local mailbox
moves would have to be filtered anew, including av, as, etc.  So I have to sign
manually before sending.

Ale

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
(Continue reading)

Lindsay Haisley | 2 Dec 02:22 2014

Python library for Courier log files

Does there exist a python library for parsing courier's log files?

--

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |          --- The Roadie
http://www.fmp.com    |

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
courier-users mailing list
courier-users <at> lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Sam Varshavchik | 28 Nov 16:02 2014

Courier 20141127

Development courier build.

Download: http://www.courier-mta.org/download.html

Changes:

- SPF lookups can handle multiple text strings in an SPF DNS record.

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
courier-users mailing list
courier-users <at> lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Marcin 'Rambo' Roguski | 28 Nov 13:34 2014
Picon

smtpaccess and 517 rejects woes

I receive mail from one server that is (obviously) misconfigured, but -
unfortunately - it's in my interest to receive mail from it.

Recently I made rejection rules slightly more agressive, so my bofh
looks like this:

opt BOFHBADMIME=accept
opt BOFHCHECKHELO=1
opt MAXRCPT=500
opt BOFHSPFHARDERROR=fail,softfail
opt BOFHSPFHELO=pass,neutral,none,softfail,error,unknown
opt BOFHSPFMAILFROM=pass,neutral,none,softfail,error,unknown
opt BOFHSPFFROM=pass,neutral,none,softfail,error,unknown,mailfromok

Works fine, spam is being dropped and occasionally - misconfigured
MTAs, however recently I got this:

Nov 28 12:31:04 goldsmith courieresmtpd:
error,relay=::ffff:178.63.50.70,from=<-[edited]- <at> platon.com.pl>: 517 HELO mx1.evo.pl does not
match ::ffff:178.63.50.70

All right, that's what it was supposed to do, but this is the domain
I need to get mail from. So I added them to smtpaccess

mx1.evo.pl allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0,BOFHNOVRFY=1
178.63.50.70 allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0,BOFHNOVRFY=1
::ffff:178.63.50.70 allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0,BOFHNOVRFY=1

Rebuilt the binary file with makesmtpaccess, restarted everything just in case.
But their mail is still being rejected.
(Continue reading)

Bernd Wurst | 19 Nov 16:36 2014

Violation to RFC1035 (IP in MX)

Hi.

Courier rejects mail from domains that have MX records set up with plain
IP addresses. This is a valid check according to the RFC and I know
about that.

But I recently found out that the freaky "is my MX set up right" tool at
MX Toolbox (and no other tool I know) complains about IP address in MX
records. They state that this is completely ok. Not even a warning:
http://mxtoolbox.com/SuperTool.aspx?action=mx%3aisoloc.com&run=toolpage

That lead my to the question: WHY is it so bad to have IP addresses in
MX? Is whatever reason still valid in 2014? I did not find any ressource
describing a valid technical reason for this behaviour. Does anyone have
a good and understandable reason why this is such a bad idea?

It seems that today, most other major mail server software is happy with
domains that courier rejects.

I would appreciate if courier could be changed at least in this way:

If there is a valid MX record (maybe besides any invalid) with equal or
lower priority, courier should accept mail and route messages to the
valid MX and ignore the invalid. It should not matter if there is also
any bad record.

My current example is mail from the Domain "isoloc.com":
isoloc.com.		600	IN	MX	10 217.160.79.52.
isoloc.com.		600	IN	MX	10 smtp.isoloc.com.

(Continue reading)


Gmane