Update - I only just discovered a bunch of "No child available" errors in /var/log/sogo/sogo.log. They stopped immediately after I raised the PREFORK setting, so I think you fixed it!
Thanks ZhangHuangbin!
↧
Re: ActiveSync causing Nginx errors 499 (undefined) and 502 Bad Gateway
↧
Re: Default installation - SPAM getting through like crazy.
steveaggie wrote:
I lowered my threshold down to 0
Which setting did you update?
You should update Amavisd config file, parameter:
$sa_tag2_level_deflt =Restarting Amavisd service is requried after change.
P.S. It's easier to manage global / per-domain / per-user spam policy with iRedAdmin-Pro, screenshot attached.
↧
↧
Re: Unable to forward
qwazi wrote:
ERROR 1054 (42S22): Unknown column 'username' in 'where clause'
SQL table "vmail.alias" doesn't have column "username". It's "address".
↧
Re: Per User/Per Domain custom spam settings
Spam polices are available in iRedMail, but iRedAdmin-Pro supports managing it.
↧
Re: UWSGI Breaking issue
Do you have /etc/uwsgi-enabled/iredadmin.ini?
↧
↧
Re: Unable to forward
Thanks but now I'm getting the same error for 'goto'
When I use SHOW COLUMNS FROM vmail.alias it shows the address column but no goto column.
I'm still stuck.
↧
How to set up in iRedmail sending mail for foreign addresses through s
==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====Hello.
iRedmail product functionality was pleasant. I decided in the test environment to set up an email server with sending mail for foreign addresses through the mail.ru service, with integration of the server into the existing structure of AD, and upon operation to enter in продакшн. Basic data - OS Ubuntu 16.04 server, iredmail 0.9.7 (earlier version does not allow to set). At first I set up integration with AD under the article https://howitmake.ru/blog/ubuntu/81.html.
After internal mail was realized, passed to setup under this article http://trustore.ru/article/complex/223- … for-local.
I faced the following problem - after all actions described in article, mail through the accounting entry did not go to mail.ru.
The file/etc/postfix/main.cf contains lines:
relayhost = [smtp.mail.ru]:465
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options = noanonymous
smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_map
smtp_generic_maps = hash:/etc/postfix/generic
At /var/log/mail.log in attempt of sending the letter for a foreign address are present at this setup such line
postfix/smtp[8654]: SMTPS wrappermode (TCP port 465) requires setting "smtp_tls_wrappermode = yes", and "smtp_tls_security_level = encrypt" (or stronger),
respectively mail does not go to a foreign address, but to internal addresses passes.
It is clear, that smtps requires that in case of connection establishment the security level with encoding was used, and for operation of a rayleigh it is required to enter these lines in/etc/postfix/main.cf.
But by default the file the option of lower level of safety smtp_tls_security_level = is used by may.
In attempt of use of options
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
having commented out parameter #smtp_tls_security_level = may in the file/etc/postfix/main.cf
I receive in logs, when sending the letter for a foreign address:
Nov 29 10:01:23 mail-srv postfix/submission/smtpd[1643]: connect from localhost[127.0.0.1]
Nov 29 10:01:23 mail-srv postfix/submission/smtpd[1643]: Anonymous TLS connection established from localhost[127.0.0.1]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Nov 29 10:01:24 mail-srv postfix/submission/smtpd[1643]: B92F0101234: client=localhost[127.0.0.1], sasl_method=LOGIN, sasl_username=user@covp.loc
Nov 29 10:01:24 mail-srv postfix/cleanup[1647]: B92F0101234: message-id=<19e4919979b35d5eec0e7f209ea63607@covp.loc> Nov 29 10:01:24 mail-srv roundcube: <93lvb6ud> User user@covp.loc [192.168.1.53]; Message for 2004@mail.ru; 250: 2.0.0 Ok: queued as B92F0101234
Nov 29 10:01:24 mail-srv postfix/submission/smtpd[1643]: disconnect from localhost[127.0.0.1] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
Nov 29 10:01:24 mail-srv postfix/qmgr[1602]: B92F0101234: from=<user@covp.loc>, size=541, nrcpt=1 (queue active)
Nov 29 10:01:25 mail-srv postfix/amavis/smtp[1649]: SSL_connect error to 127.0.0.1[127.0.0.1]:10026: -1
Nov 29 10:01:25 mail-srv postfix/amavis/smtp[1649]: warning: TLS library problem: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
Nov 29 10:01:26 mail-srv postfix/amavis/smtp[1649]: B92F0101234: to=<2004@mail.ru>, relay=127.0.0.1[127.0.0.1]:10026, delay=1.7, delays=0.56/0.15/0.98/0, dsn=4.7.5, status=deferred (Cannot start TLS: handshake failure)
Also mail to internal addresses ceases to walk.
How it is possible to bypass a problem?....
↧
Re: Suggestions for lots of spam email getting to inbox
schnappi wrote:
smtp inet n - y - 1 postscreen
in postfix master.cf file mean that Postscreen services are enabled?
Yes.
schnappi wrote:
And is:
postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]*3 b.barracudacentral.org=127.0.0.2*2
basically the same as the default of:
postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*2
Not same.
Sometimes DNS query may get unexpected result, for example, it may return IP random IP like 202.xxx.xx.xx or 127.0.0.Y (Y >= 11). According to the DNSBL vendors, only few of 127.0.0.X are valid and replied from them, so we use "=127.0.0.[1..11]" to tell Postfix only take some action when the reply is valid.
Invalid DNSBL reply was reported by some users before. Also, in China, DNS query result may be hacked PURPOSELY by gov or DNS vendors. This is the fact happened in China (and i live in China, i have such experience).
↧
Re: Suggestions for lots of spam email getting to inbox
schnappi wrote:
warning: dnsblog reply timeout 10s for zen.spamhaus.org
Is your server very busy? zen.spamhaus.org limits to 300,000 queries per day for FREE use, if your server is busy and exceeds the limit, you may get unexpected DNS reply or timeout.
↧
↧
Re: mails to gmail is not delivered SMTP 550-5.7.1
Seems an Amavisd issue.
Any related log in Postfix log file (Amavisd logs to Postfix log file)?
↧
Re: Domain alias does not work
broth wrote:
In which table should I find the domain alias?
Is there a way to debug postfix to know what exactly it's doing?
Hard to tell without troubleshooting. First step is comparing Postfix SQL queries with default ones shipped in iRedMail.
broth wrote:
Well, is absolutely necessary I can make a new VM with 0.9.7 but then how shall I test? I can't use my production environment for testing. Only live debugging is possible (and even this is not great).
For testing, no need to be in production, just create few (fake) domains, the create alias domains, send email to the testing account.
↧
Re: Creating email groups/aliases
vickyjey wrote:
Would this documentation work for group mail?
YES.
↧
Re: Add mail list with phpLDAPadmin
Use the "default" template.
↧
↧
Re: Error in regex
Thanks for sharing. 
↧
Re: Managesieve redirection policy parameters
iRedMail stores all settings in /etc/dovecot/dovecot.conf, all files under /etc/dovecot/conf.d/ are ignored.
↧
Re: > MD5 check failed. Script exit
*) Can you access https://dl.iredmail.org/yum/misc/ on this server?
*) Try to download these 3 packages manually and copy them to directory "pkgs/misc/", then run iRedMail installer again.
↧
Re: An accout where spam can be forwarded
With Amavisd setting like below, Amavisd will save a copy of detected spam in SQL (quarantined):
$final_spam_destiny = D_DISCARD;
# Quarantine SPAM into SQL server.
$spam_quarantine_to = 'spam-quarantine';
$spam_quarantine_method = 'sql:';I suggest you try it on a testing machine first.
↧
↧
Re: Unable to forward
I tried that. It's too vague. I would be asking a lot more questions.
↧
Re: How bad is to have DKIM signature enabled, without dns txt record
It's better to sign DKIM signature and public correct public key in DNS record.
How to use signed DKIM signature is totally up to the recipient server, usually SpamAssassin just gives it a low score if signed but invalid (no DNS record or incorrect).
↧
Re: Disable IMAP (LDAP authentication)
AD doesn't have such LDAP attribute, so you cannot disable pop3/imap per user.
↧