fr33.info

User Tools

Site Tools

linux:emailserver:courier

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
linux:emailserver:courier [2015/11/01 11:01]
tkilla 		linux:emailserver:courier [2018/04/03 15:27] (current)
tkilla
Line 18: Line 18:
 Brutal way: Brutal way:
   /etc/init.d/courier-mta stop   /etc/init.d/courier-mta stop
-  cd /var/lib/courier ; rm -fR msgs/* msgq/* +  /etc/init.d/courier-mta-ssl stop 
-  /etc/init.d/couriermta start +  cd /var/lib/courier 
 +  mv msgs msgserror 
 +  mv msgq msgqerror 
 +  mkdir msgs 
 +  mkdir msgq 
 +  chown courier:courier msgs 
 +  chown courier:courier msgq 
 +   
 +  /etc/init.d/courier-mta start  
 +  /etc/init.d/courier-mta-ssl start  
 + 
 + 
 +**better scripts:** https://github.com/svarshavchik/courier-contrib 
  
 generate, check and activate aliases: generate, check and activate aliases:
Line 33: Line 46:
  
 ===== config tricks ===== ===== config tricks =====
 +
 +
 +===== SSL Certificates =====
 +
 +...tricky!
 +
 +All config files use these two variables, so I set them to the same cert files in all configs:
 +
 +Private Key and Cert and intermediate-cert and root-cert(s) combined in one file. The order is unclear. I had the private key first for many years, but documentations speak about putting the cert first:
 +
 +  cat myserver.example.com.key myserver.example.com.crt [intermediate.crt] > myserver.example.com.pem 
 +                
 +
 +  TLS_CERTFILE=/etc/courier/cert.pem
 +
 +This contains the intermidiate-certs - i use the ca-bundle provided by the vert dealer
 +This seems to be only used by eSMTP - IMAP and POP works without it
 +
 +  TLS_TRUSTCERTS=/etc/courier/inter.crt
 +
 +
 +Checks:
 +  openssl s_client -starttls imap -connect myserver.example.com:143
 +https://www.sslchecker.com/sslchecker
 +
 +SMTP-Error after cert install: "no cipher suites found": ~might~ have been a problem with gnutls, which was fixed by updating (2018.01). he cert order is irrelavant and an old TLS_TRUSTCERTS works, too.
 +
 +
 +==== disable sslv2 and insecure ciphers ====
 +
 +WORK IN PROGRESS
 +
 +set the following in /etc/courier/imapd-ssl, pop3d-ssl, esmtpd,esmtpd-ssl, courierd:
 +
 +  TLS_PROTOCOL="TLS1_2:TLS1_1:TLS1"
 +  TLS_CIPHER_LIST="!SSLv2:!SSLv3:TLSv1:TLSv1_1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
 +
 +and additionally this in /etc/courier/imapd-ssl, pop3d-ssl
 +
 +  TLS_STARTTLS_PROTOCOL="TLS1_2:TLS1_1:TLS1"
 +
 +
  
 ==== .forward ==== ==== .forward ====
Line 52: Line 107:
  
   original-receiver@example.com,test@example.com,test2@example.com   original-receiver@example.com,test@example.com,test2@example.com
 +
 +
 +==== Slow Connections ====
 +
 +Disable TCPDOPTS -noidentlookup for imap, pop, esamtp. It performs an ident lookup and waits for timeout then.
 +
 +If SMTP sending is slow, e.g. in webmail, add "-noidentlookup" to /etc/courier/esmtpd's TCPDOPTS
  
  
Line 77: Line 139:
   - DNS TXT / SPF Record setzen z.B. v=spf1 mx -all   - DNS TXT / SPF Record setzen z.B. v=spf1 mx -all
   - abuse@domain alias einrichten   - abuse@domain alias einrichten
 +  - **check blacklists!**
 +
 +
 +==== 556 Address unavailable error ====
 +
 +There have been too many errors sending to this local address, so courier disables it for 2 hours to avoid backscatter.
 +
 +This should show (all) 556 blocked addresses, but does not work:
 +  courier show all | <email>
 +
 +
 +This releases the lock, so the address becomes available (maybe restart courier):
 +  courier clear all | <email>
 +  
  
  
Line 103: Line 179:
  
  
 +==== Plugins ====
 +
 +Some useful Plugins and Settings:
  
 +https://www.syn-flut.de/spamassassin-erkennungsrate-deutlich-verbessern
  
 +We use these:
 +  * RelayCountry
 +  * local DNS Resolver to avoid getting blacklisted by blacklists for too many DNS queries
  
  
linux/emailserver/courier.1446372090.txt.gz · Last modified: 2015/11/01 11:01 by tkilla

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki