fr33.info

User Tools

Site Tools

linux:emailserver:courier

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
linux:emailserver:courier [2017/01/22 12:49]
tkilla 		linux:emailserver:courier [2018/02/01 02:09]
tkilla
Line 29: Line 29:
   /etc/init.d/courier-mta start    /etc/init.d/courier-mta start 
   /etc/init.d/courier-mta-ssl start    /etc/init.d/courier-mta-ssl start 
 +
 +
 +**better scripts:** https://github.com/svarshavchik/courier-contrib
 +
  
 generate, check and activate aliases: generate, check and activate aliases:
Line 42: Line 46:
  
 ===== config tricks ===== ===== config tricks =====
 +
 +
 +===== SSL Certificates =====
 +
 +...tricky!
 +
 +All config files use these two variables, so I set them to the same cert files in all configs:
 +
 +Private Key and Cert and intermediate-cert and root-cert(s) combined in one file. The order is unclear. I had the private key first for many years, but documentations speak about putting the cert first:
 +
 +  cat myserver.example.com.key myserver.example.com.crt [intermediate.crt] > myserver.example.com.pem 
 +                
 +
 +  TLS_CERTFILE=/etc/courier/cert.pem
 +
 +This contains the intermidiate-certs - i use the ca-bundle provided by the vert dealer
 +This seems to be only used by eSMTP - IMAP and POP works without it
 +
 +  TLS_TRUSTCERTS=/etc/courier/inter.crt
 +
 +
 +Checks:
 +  openssl s_client -starttls imap -connect myserver.example.com:143
 +https://www.sslchecker.com/sslchecker
 +
 +SMTP-Error after cert install: "no cipher suites found": ~might~ have been a problem with gnutls, which was fixed by updating (2018.01). he cert order is irrelavant and an old TLS_TRUSTCERTS works, too.
  
  
Line 110: Line 140:
   - abuse@domain alias einrichten   - abuse@domain alias einrichten
   - **check blacklists!**   - **check blacklists!**
 +
 +
 +==== 556 Address unavailable error ====
 +
 +There have been too many errors sending to this local address, so courier disables it for 2 hours to avoid backscatter.
 +
 +This should show (all) 556 blocked addresses, but does not work:
 +  courier show all | <email>
 +
 +
 +This releases the lock, so the address becomes available (maybe restart courier):
 +  courier clear all | <email>
 +  
  
  
Line 136: Line 179:
  
  
 +==== Plugins ====
 +
 +Some useful Plugins and Settings:
  
 +https://www.syn-flut.de/spamassassin-erkennungsrate-deutlich-verbessern
  
 +We use these:
 +  * RelayCountry
 +  * local DNS Resolver to avoid getting blacklisted by blacklists for too many DNS queries
  
  
linux/emailserver/courier.txt ยท Last modified: 2018/04/03 15:27 by tkilla

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki