fr33.info

User Tools

Site Tools

linux:emailserver:courier

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
linux:emailserver:courier [2015/06/03 20:21]
tkilla 		linux:emailserver:courier [2018/04/03 15:27] (current)
tkilla
Line 3: Line 3:
 ===== useful commands and hints.. ===== ===== useful commands and hints.. =====
  
-generate, check and activate aliases: +**in case of fast sendingspam problems, ..: always check the mailq!** - it is stored in /var/lib/courier/msgs and /var/lib/courier/msgq you may delete and loose all pending outgoing mail by deleting these folders after stopping courier-mta.
- +
-   makealiases; makealiases -chk; courier flush +
  
 mailq displays a list of all messages that have not been delivered yet: mailq displays a list of all messages that have not been delivered yet:
  
    mailq|less    mailq|less
 +
 +
 +delete message from mailq - **cancelmsg sends an an error mail to the user!**:
 +  cancelmsg msgID
 +
 +Delete ALL messages from mailq - soft version - **cancelmsg sends an an error mail to the user!**
 +  for i in `mailq | egrep '^[0-9]' | awk ' {print $1}'`; do echo "Dropping message $i..."; cancelmsg $i; done
 +
 +Brutal way:
 +  /etc/init.d/courier-mta stop
 +  /etc/init.d/courier-mta-ssl stop
 +  cd /var/lib/courier
 +  mv msgs msgserror
 +  mv msgq msgqerror
 +  mkdir msgs
 +  mkdir msgq
 +  chown courier:courier msgs
 +  chown courier:courier msgq
 +  
 +  /etc/init.d/courier-mta start 
 +  /etc/init.d/courier-mta-ssl start 
 +
 +
 +**better scripts:** https://github.com/svarshavchik/courier-contrib
 +
 +
 +generate, check and activate aliases:
 +
 +   makealiases; makealiases -chk; courier flush
  
  
Line 17: Line 43:
    grep "error,relay"  /var/log/mail.log|less    grep "error,relay"  /var/log/mail.log|less
  
 +
 +
 +===== config tricks =====
 +
 +
 +===== SSL Certificates =====
 +
 +...tricky!
 +
 +All config files use these two variables, so I set them to the same cert files in all configs:
 +
 +Private Key and Cert and intermediate-cert and root-cert(s) combined in one file. The order is unclear. I had the private key first for many years, but documentations speak about putting the cert first:
 +
 +  cat myserver.example.com.key myserver.example.com.crt [intermediate.crt] > myserver.example.com.pem 
 +                
 +
 +  TLS_CERTFILE=/etc/courier/cert.pem
 +
 +This contains the intermidiate-certs - i use the ca-bundle provided by the vert dealer
 +This seems to be only used by eSMTP - IMAP and POP works without it
 +
 +  TLS_TRUSTCERTS=/etc/courier/inter.crt
 +
 +
 +Checks:
 +  openssl s_client -starttls imap -connect myserver.example.com:143
 +https://www.sslchecker.com/sslchecker
 +
 +SMTP-Error after cert install: "no cipher suites found": ~might~ have been a problem with gnutls, which was fixed by updating (2018.01). he cert order is irrelavant and an old TLS_TRUSTCERTS works, too.
 +
 +
 +==== disable sslv2 and insecure ciphers ====
 +
 +WORK IN PROGRESS
 +
 +set the following in /etc/courier/imapd-ssl, pop3d-ssl, esmtpd,esmtpd-ssl, courierd:
 +
 +  TLS_PROTOCOL="TLS1_2:TLS1_1:TLS1"
 +  TLS_CIPHER_LIST="!SSLv2:!SSLv3:TLSv1:TLSv1_1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
 +
 +and additionally this in /etc/courier/imapd-ssl, pop3d-ssl
 +
 +  TLS_STARTTLS_PROTOCOL="TLS1_2:TLS1_1:TLS1"
 +
 +
 +
 +==== .forward ====
 +
 +there are two ways, to configure forwarding of all mails:
 +
 +1. use $HOME/.courier to setup $HOME/.forward for one account
 +
 +  || dotforward
 +  | /usr/bin/maildrop
 +  
 +2. NOT TESTED: use /etc/courier/courierd to setup "dotforward" for all accounts
 +
 +  DEFAULTDELIVERY="||dotforward
 +  | /usr/bin/maildrop"
 +  
 +
 +Put the addresses to forward to in $HOME/.forward. 
 +
 +  original-receiver@example.com,test@example.com,test2@example.com
 +
 +
 +==== Slow Connections ====
 +
 +Disable TCPDOPTS -noidentlookup for imap, pop, esamtp. It performs an ident lookup and waits for timeout then.
 +
 +If SMTP sending is slow, e.g. in webmail, add "-noidentlookup" to /etc/courier/esmtpd's TCPDOPTS
  
  
Line 42: Line 139:
   - DNS TXT / SPF Record setzen z.B. v=spf1 mx -all   - DNS TXT / SPF Record setzen z.B. v=spf1 mx -all
   - abuse@domain alias einrichten   - abuse@domain alias einrichten
 +  - **check blacklists!**
 +
 +
 +==== 556 Address unavailable error ====
 +
 +There have been too many errors sending to this local address, so courier disables it for 2 hours to avoid backscatter.
 +
 +This should show (all) 556 blocked addresses, but does not work:
 +  courier show all | <email>
 +
 +
 +This releases the lock, so the address becomes available (maybe restart courier):
 +  courier clear all | <email>
 +  
  
  
Line 62: Line 173:
   * check: sa-awl root/.spamassassin/auto-whitelist | grep user@example.com   * check: sa-awl root/.spamassassin/auto-whitelist | grep user@example.com
   * copy /root/.spamassassin/auto-whitelist back to user dir   * copy /root/.spamassassin/auto-whitelist back to user dir
 +
 +check all auto-whitelists:
 +
 +  for i in /home/* ; do echo $i; sa-awl $i/.spamassassin/auto-whitelist| grep example; done;
  
  
 +==== Plugins ====
  
 +Some useful Plugins and Settings:
  
 +https://www.syn-flut.de/spamassassin-erkennungsrate-deutlich-verbessern
  
 +We use these:
 +  * RelayCountry
 +  * local DNS Resolver to avoid getting blacklisted by blacklists for too many DNS queries
  
  
linux/emailserver/courier.1433355683.txt.gz · Last modified: 2015/06/03 20:21 by tkilla

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki