This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux:emailserver:courier [2015/06/03 20:21] tkilla |
linux:emailserver:courier [2018/04/03 15:27] (current) tkilla |
||
---|---|---|---|
Line 3: | Line 3: | ||
===== useful commands and hints.. ===== | ===== useful commands and hints.. ===== | ||
- | generate, check and activate aliases: | + | **in case of fast sending, spam problems, ..: always |
- | + | ||
- | | + | |
mailq displays a list of all messages that have not been delivered yet: | mailq displays a list of all messages that have not been delivered yet: | ||
| | ||
+ | |||
+ | |||
+ | delete message from mailq - **cancelmsg sends an an error mail to the user!**: | ||
+ | cancelmsg msgID | ||
+ | |||
+ | Delete ALL messages from mailq - soft version - **cancelmsg sends an an error mail to the user!** | ||
+ | for i in `mailq | egrep ' | ||
+ | |||
+ | Brutal way: | ||
+ | / | ||
+ | / | ||
+ | cd / | ||
+ | mv msgs msgserror | ||
+ | mv msgq msgqerror | ||
+ | mkdir msgs | ||
+ | mkdir msgq | ||
+ | chown courier: | ||
+ | chown courier: | ||
+ | | ||
+ | / | ||
+ | / | ||
+ | |||
+ | |||
+ | **better scripts:** https:// | ||
+ | |||
+ | |||
+ | generate, check and activate aliases: | ||
+ | |||
+ | | ||
Line 17: | Line 43: | ||
grep " | grep " | ||
+ | |||
+ | |||
+ | ===== config tricks ===== | ||
+ | |||
+ | |||
+ | ===== SSL Certificates ===== | ||
+ | |||
+ | ...tricky! | ||
+ | |||
+ | All config files use these two variables, so I set them to the same cert files in all configs: | ||
+ | |||
+ | Private Key and Cert and intermediate-cert and root-cert(s) combined in one file. The order is unclear. I had the private key first for many years, but documentations speak about putting the cert first: | ||
+ | |||
+ | cat myserver.example.com.key myserver.example.com.crt [intermediate.crt] > myserver.example.com.pem | ||
+ | | ||
+ | |||
+ | TLS_CERTFILE=/ | ||
+ | |||
+ | This contains the intermidiate-certs - i use the ca-bundle provided by the vert dealer | ||
+ | This seems to be only used by eSMTP - IMAP and POP works without it | ||
+ | |||
+ | TLS_TRUSTCERTS=/ | ||
+ | |||
+ | |||
+ | Checks: | ||
+ | openssl s_client -starttls imap -connect myserver.example.com: | ||
+ | https:// | ||
+ | |||
+ | SMTP-Error after cert install: "no cipher suites found": | ||
+ | |||
+ | |||
+ | ==== disable sslv2 and insecure ciphers ==== | ||
+ | |||
+ | WORK IN PROGRESS | ||
+ | |||
+ | set the following in / | ||
+ | |||
+ | TLS_PROTOCOL=" | ||
+ | TLS_CIPHER_LIST=" | ||
+ | |||
+ | and additionally this in / | ||
+ | |||
+ | TLS_STARTTLS_PROTOCOL=" | ||
+ | |||
+ | |||
+ | |||
+ | ==== .forward ==== | ||
+ | |||
+ | there are two ways, to configure forwarding of all mails: | ||
+ | |||
+ | 1. use $HOME/ | ||
+ | |||
+ | || dotforward | ||
+ | | / | ||
+ | | ||
+ | 2. NOT TESTED: use / | ||
+ | |||
+ | DEFAULTDELIVERY=" | ||
+ | | / | ||
+ | | ||
+ | |||
+ | Put the addresses to forward to in $HOME/ | ||
+ | |||
+ | original-receiver@example.com, | ||
+ | |||
+ | |||
+ | ==== Slow Connections ==== | ||
+ | |||
+ | Disable TCPDOPTS -noidentlookup for imap, pop, esamtp. It performs an ident lookup and waits for timeout then. | ||
+ | |||
+ | If SMTP sending is slow, e.g. in webmail, add " | ||
Line 42: | Line 139: | ||
- DNS TXT / SPF Record setzen z.B. v=spf1 mx -all | - DNS TXT / SPF Record setzen z.B. v=spf1 mx -all | ||
- abuse@domain alias einrichten | - abuse@domain alias einrichten | ||
+ | - **check blacklists!** | ||
+ | |||
+ | |||
+ | ==== 556 Address unavailable error ==== | ||
+ | |||
+ | There have been too many errors sending to this local address, so courier disables it for 2 hours to avoid backscatter. | ||
+ | |||
+ | This should show (all) 556 blocked addresses, but does not work: | ||
+ | courier show all | < | ||
+ | |||
+ | |||
+ | This releases the lock, so the address becomes available (maybe restart courier): | ||
+ | courier clear all | < | ||
+ | | ||
Line 62: | Line 173: | ||
* check: sa-awl root/ | * check: sa-awl root/ | ||
* copy / | * copy / | ||
+ | |||
+ | check all auto-whitelists: | ||
+ | |||
+ | for i in /home/* ; do echo $i; sa-awl $i/ | ||
+ | ==== Plugins ==== | ||
+ | Some useful Plugins and Settings: | ||
+ | https:// | ||
+ | We use these: | ||
+ | * RelayCountry | ||
+ | * local DNS Resolver to avoid getting blacklisted by blacklists for too many DNS queries | ||