Quantcast
Channel: iRedMail — iRedMail Support
Viewing all 43386 articles
Browse latest View live

Re: Facing issue with mlmmj mailing list

December 17, 2019, 11:05 pm
$
0
0
ashb wrote:

iRedAPD is not rejecting the mail. It's doing DUNNO.
It's not rejecting but comes for moderation. More related to mlmmj or mlmmjadmin configurations.

Do you have iRedAPD plugin "ldap_maillist_access_policy" enabled? if yes, please turn on debug mode in iRedAPD and send a testing email to reproduce this issue again. I need detailed log (in /var/log/iredapd/iredapd.log) for troubleshooting. FYI: https://docs.iredmail.org/debug.iredapd.html

Search

Re: New iRedMail 1.0 install with 1 relay domain => "Relay access denied"?

December 17, 2019, 11:14 pm
$
0
0

Here you go:

postconf_nonwork_iRed1.0.txt

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
allow_percent_hack = no
biff = no
body_checks = pcre:/etc/postfix/body_checks.pcre
command_directory = /usr/sbin
compatibility_level = 2
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_long_queue_ids = yes
enable_original_recipient = no
header_checks = pcre:/etc/postfix/header_checks
inet_interfaces = all
inet_protocols = all
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3
mail_owner = postfix
mailbox_size_limit = 26214400
mailq_path = /usr/bin/mailq
message_size_limit = 26214400
mlmmj_destination_recipient_limit = 1
mydestination = $myhostname, localhost, localhost.localdomain
mydomain = mx0.customer.example.com
myhostname = mx0.customer.example.com
mynetworks = 127.0.0.1 [::1] 10.xx.xx.xx/32 94.xx.xx.xx/32 10.xx.xx.0/24
myorigin = mx0.customer.example.com
newaliases_path = /usr/bin/newaliases
postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = drop
postscreen_dnsbl_action = drop
postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]*3 b.barracudacentral.org=127.0.0.2*2
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_whitelist_threshold = -2
postscreen_greet_action = drop
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
queue_directory = /var/spool/postfix
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
recipient_delimiter = +
relay_domains = $mydestination proxy:mysql:/etc/postfix/mysql/relay_domains.cf
relayhost = [smtpout.mtaroutes.com]:587
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp-amavis_destination_recipient_limit = 1
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tls_security_level = may
smtpd_command_filter = pcre:/etc/postfix/command_filter.pcre
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated check_helo_access pcre:/etc/postfix/helo_access.pcre reject_non_fqdn_helo_hostname reject_unknown_helo_hostname
smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unlisted_recipient check_policy_service inet:127.0.0.1:7777 permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_policy_service inet:127.0.0.1:12340
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_exceptions_networks = 94.230.50.135/32
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sender_restrictions = reject_non_fqdn_sender reject_unlisted_sender permit_mynetworks permit_sasl_authenticated check_sender_access pcre:/etc/postfix/sender_access.pcre reject_unknown_sender_domain
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem
smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_security_level = may
swap_bangpath = no
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf proxy:mysql:/etc/postfix/mysql/transport_maps_maillist.cf proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf proxy:mysql:/etc/postfix/mysql/catchall_maps.cf proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 2000
virtual_transport = dovecot
virtual_uid_maps = static:2000

postconf_working_iRed0.9.8

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
allow_percent_hack = no
biff = no
body_checks = pcre:/etc/postfix/body_checks.pcre
command_directory = /usr/sbin
compatibility_level = 2
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
header_checks = pcre:/etc/postfix/header_checks
inet_interfaces = all
inet_protocols = all
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3
mail_owner = postfix
mailbox_size_limit = 26214400
mailq_path = /usr/bin/mailq
message_size_limit = 26214400
mlmmj_destination_recipient_limit = 1
mydestination = $myhostname, localhost, localhost.localdomain
mydomain = mx0.customer.example.com
myhostname = mx0.customer.example.com
mynetworks = 127.0.0.1 [::1] 10.xx.xx.xx/32 94.xx.xx.xx/32 192.168.xx.0/24
myorigin = mx0.customer.example.com
newaliases_path = /usr/bin/newaliases
postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = drop
postscreen_dnsbl_action = drop
postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]*3 b.barracudacentral.org=127.0.0.2*2
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_whitelist_threshold = -2
postscreen_greet_action = drop
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
queue_directory = /var/spool/postfix
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
recipient_delimiter = +
relay_domains = $mydestination proxy:mysql:/etc/postfix/mysql/relay_domains.cf
relayhost = [smtpout.mtaroutes.com]:587
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp-amavis_destination_recipient_limit = 1
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tls_security_level = may
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated check_helo_access pcre:/etc/postfix/helo_access.pcre reject_non_fqdn_helo_hostname reject_unknown_helo_hostname
smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unlisted_recipient check_policy_service inet:127.0.0.1:7777 permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_exceptions_networks = 94.230.50.135/32
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sender_restrictions = reject_unknown_sender_domain reject_non_fqdn_sender reject_unlisted_sender permit_mynetworks permit_sasl_authenticated check_sender_access pcre:/etc/postfix/sender_access.pcre
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem
smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_security_level = may
swap_bangpath = no
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf proxy:mysql:/etc/postfix/mysql/transport_maps_maillist.cf proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf proxy:mysql:/etc/postfix/mysql/catchall_maps.cf proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 2000
virtual_transport = dovecot
virtual_uid_maps = static:2000

I am still wondering what I might have been doing wrong.

Thanks!

Re: New iRedMail 1.0 install with 1 relay domain => "Relay access denied"?

December 17, 2019, 11:24 pm
$
0
0

What is the dovecot quota checking service doing for relay domains?
I have the option "Relay without verifying local recipients" set.

There will be no local IMAP mailboxes on the server.

Re: New iRedMail 1.0 install with 1 relay domain => "Relay access denied"?

December 17, 2019, 11:34 pm
$
0
0

Here is a simple telnet SMTP test. Immediately when entering "RCPT TO" is denies relay access.

test@test01:~/Downloads$ telnet 10.xx.xx.xx 25
Trying 10.xx.xx.xx...
Connected to 10.xx.xx.xx.
Escape character is '^]'.
220 mx0.xx.xx ESMTP Postfix
EHLO mail.existinghostname.com
250-mx0.xx.xx
250-PIPELINING
250-SIZE 26214400
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
MAIL FROM:<my@email.address>
250 2.1.0 Ok
RCPT TO:<test@example.com>
554 5.7.1 <test@example.com>: Relay access denied
QUIT
221 2.0.0 Bye
Connection closed by foreign host.

Re: Facing issue with mlmmj mailing list

December 18, 2019, 12:43 am
$
0
0
ZhangHuangbin wrote:
ashb wrote:

iRedAPD is not rejecting the mail. It's doing DUNNO.
It's not rejecting but comes for moderation. More related to mlmmj or mlmmjadmin configurations.

Do you have iRedAPD plugin "ldap_maillist_access_policy" enabled? if yes, please turn on debug mode in iRedAPD and send a testing email to reproduce this issue again. I need detailed log (in /var/log/iredapd/iredapd.log) for troubleshooting. FYI: https://docs.iredmail.org/debug.iredapd.html


iRedAPD plugin "ldap_maillist_access_policy"  is enabled as default settings.

Attached debug log file of iredapd.

rupesh@hbwa.in is not a member of group xyz@hbwa.in and it is coming for moderation. I want  same domain email id should send a mail to xyz@hbwa.in without moderation and no rejection.


dn: mail=xyz@hbwa.in,ou=Groups,domainName=hbwa.in,o=domains,dc=hbwa,dc=in
accesspolicy: domain
accountstatus: active
enabledservice: mail
enabledservice: deliver
enabledservice: mlmmj
mail: xyz@hbwa.in
mailinglistid: 58dc39fb-b292-429f-8454-cb06c621d880
mtatransport: mlmmj:hbwa.in/xyz
objectclass: mailList

Re: Facing issue with mlmmj mailing list

December 18, 2019, 12:53 am
$
0
0

root@mail:~# python /opt/mlmmjadmin/tools/maillist_admin.py info xyz@hbwa.in
owner=[u'postmaster@hbwa.in']
disable_notify_when_moderator_only=no
moderate_non_subscriber_post=yes
extra_addresses=[]
notify_sender_when_moderated=no
disable_notify_when_missing_listaddress=no
disable_notify_subscription_moderated=no
disable_notify_when_access_denied=no
smtp_helo=
smtp_port=10027
only_subscriber_can_post=yes
disable_digest_subscription=no
enable_newsletter_subscription=no
only_subscriber_can_get_old_posts=yes
disable_notify_when_subscriber_only=no
moderated=no
close_list=no
disable_digest_text=no
disable_subscription_confirm=no
footer_text=
relay_host=
footer_html=
disable_nomail_subscription=no
disable_notify_when_exceeding_max_mail_size=no
subscription_moderators=[]
moderate_subscription=no
tocc=yes
disable_subscription=yes
subject_prefix=[XEN]
max_message_size=
custom_headers=[u'Precedence: list', u'X-Mailing-List: xyz@hbwa.in']
only_moderator_can_post=no
notify_owner_when_sub_unsub=no
owners=[u'postmaster@hbwa.in']
name=
disable_retrieving_old_posts=yes
disable_retrieving_subscribers=no
moderators=[u'anil@hbwa.in', u'ashish@hbwa.in']
disable_archive=no
disable_send_copy_to_sender=no
remove_headers=[]

Re: Facing issue with mlmmj mailing list

December 18, 2019, 1:12 am
$
0
0

You should set "moderate_non_subscriber_post=no" and "only_subscriber_can_post=no".

Re: Facing issue with mlmmj mailing list

December 18, 2019, 1:21 am
$
0
0

Thanks, but this has made gmail id sending mail without moderation.

I need to send email to  a mailing list group as

1. domain & members without moderation
2. others with moderation

No rejection in any case.

Search

Re: Senderscore Exceptions?

December 18, 2019, 3:34 am
$
0
0
ZhangHuangbin wrote:

I added a command line script to add whitelist IP addresses for senderscore plugin here:
https://github.com/iredmail/iRedAPD/blo … e_admin.py

Let me know if it doesn't work for you, or you need more features. Enjoy. big_smile

Hi @ZhangHuangbin, thank you for your help. The whitelist works perfectly!

Re: Cannot connect to mail server, following letsencrypt renewal

December 18, 2019, 3:48 am
$
0
0
ZhangHuangbin wrote:

You need to restart Postfix/Dovecot/Nginx after renewed the cert to load new cert.

I have! and rebooted the server, also to no avail!

DKIM Duplicate Signed

December 18, 2019, 6:06 pm
$
0
0

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.0
- Deployed with iRedMail offline
- Linux/BSD distribution name and version: Debian 10
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP -> Active Directory
- Web server: Nginx
- Manage mail accounts with iRedAdmin-Pro? NONE
====


emails do not pass verification on some servers

Bug 

KIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=example.com;
     h=content-language:content-type:content-type:mime-version:date
    :date:message-id:organization:subject:subject:from:from:to
    :reply-to; s=dkim; t=1576719870; x=1579311871; bh=uwS3JSJ5eBu19g
    l5hkhn6Ec8x/gAOEFtq5Hu5sHC2nI=; b=OPN43Jf1/hCkGqq1Hj/WjFwyHExAxE
    yclqclq0DLRTnvoYUzztRKKsNgXCoasTetEZM8wtP3j2RzLixpwnVqQkIcv0Za9u
    SXOX+JCHvPQITxRkVbotfR33prixOfGcxTh1JhjTdpUQtC7WdEOSA+sIW+Q80P92
    zj7Btg/GpRgG8=

h=content-language:content-type:content-type:mime-version:date
    :date:message-id:organization:subject:subject:from:from:to
    :reply-to;


Fine

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=example.com;
     h=content-language:content-type:mime-version:date:message-id
    :organization:subject:from:to:reply-to; s=dkim; t=1576720244; x=
    1579312245; bh=+pmCmcEsyRvDj8FjJAmvE8SiHasIBw0e1DsK/VV+Fmk=; b=k
    TnqG2a3xR32mPSdMciUgohOWTpAkfyaZQjf4i6Lzu9Ge4KRjfyE032RnFev7pC8F
    adf4Z8JIUQ+0taAF9egaAmzHAZlO47wpzLxPAvZVVLjhznZK6DULG446Pi9WRnpx
    dlHWtYQjvk1jDP2qFl1LJ7VBA49i2fYyoWGE+N19Gg=

HowTo
add rules $signed_header_fields to configuration amavis (/etc/amavis/conf.d/50-user)

$signed_header_fields{'to'} = 1;
$signed_header_fields{'from'} = 1;
$signed_header_fields{'received'} = 0;
$signed_header_fields{'subject'} = 1;
$signed_header_fields{'message-id'} = 1;
$signed_header_fields{'content-type'} = 1;
$signed_header_fields{'date'} = 1;
$signed_header_fields{'mime-version'} = 1;

Done


p.s. I think you should add similar rules by default

Re: Senderscore Exceptions?

December 19, 2019, 2:39 am
$
0
0

Thank you all my all point is clear today. I really needed this information.
I am a developer in Canada if you want to develop a website with a dynamic way then visit: Web Development Services
I think you all appreciate my work.

Since iRedMail 1.0 and Buster Mail delivery takes longer

December 19, 2019, 5:48 am
$
0
0

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.0
- Deployed with iRedMail Easy or the downloadable installer? No
- Linux/BSD distribution name and version: Debian Buster x64
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi.

Yesterday I updated from 0.9.9 to 1.0 (with your Guide) and after that from Stretch to Buster (with your Guide too).
All is working fine. But there is a small "Problem". Receiving Mails needs some time now. Before the Update round about 10 Seconds or faster and now 1 Minute or more. Any clues for that?

By the way ... thank you for your hard work with iRedMail. Using it since some years and I´m very satisfied. big_smile

Re: Since iRedMail 1.0 and Buster Mail delivery takes longer

December 19, 2019, 7:15 am
$
0
0

Debian Buster has a higher memory requirement than Stretch so try to increase memory by approximately 512 MB.

Re: Since iRedMail 1.0 and Buster Mail delivery takes longer

December 19, 2019, 8:20 am
$
0
0

Where exactly I should increase it? Postfix has no Memory option? My System has 8 GB Ram.
And there are only 3 Active Mail Accounts on the Server. Its not "overloaded".

EDIT:
Found an Error in mail.log

Dec 19 17:37:28 XXXXXX amavis[31324]: (31324-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/clamd.ctl) at (eval 113) line 659.\n

That could be the reason. How to solve?

EDIT 2:
I think I fixed it. Had an Error in the Service Status and clamav exited:

Dez 19 17:41:41 XXXXXXXX clamd[32085]: ERROR: Parse error at /etc/clamav/clamd.conf:79: Unknown option StatsPEDisabled

And this was for all Entries beginning with: Stats......

/etc/clamav/clamd.conf

Before:

StatsEnabled false
StatsPEDisabled true
StatsHostID auto
StatsTimeout 10

After:

#StatsEnabled false
#StatsPEDisabled true
#StatsHostID auto
#StatsTimeout 10

Now clamd is running again and mails are delivered quickly.

Additionaly I commented out this because of this Warning:

Dez 19 17:49:54 XXXXXXX clamd[32443]: WARNING: Ignoring deprecated option DetectBrokenExecutables at /etc/clamav/clamd.conf:40
#DetectBrokenExecutables false

And one common note because of Buster and Dovecot 3.x. It pulls this Warning:

doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:51: ssl_dh_parameters_length is no longer needed

Commented it out too.

Perhaps all this should be included in iRedMail 1.0.1 @ZhangHuangbin?

Search

Re: Since iRedMail 1.0 and Buster Mail delivery takes longer

December 19, 2019, 1:38 pm
$
0
0
Sascha_77 wrote:

Where exactly I should increase it? Postfix has no Memory option? My System has 8 GB Ram.
And there are only 3 Active Mail Accounts on the Server. Its not "overloaded".

EDIT:
Found an Error in mail.log

You did not mention anything about errors so I assumed everything was running as expected. In that light one obvious reason could be the increased memory requirement. I also saw the same warnings and errors as you which I simply deleted. You did also remember to create this file manually: /etc/ssl/dh2048_param.pem ?
See explanation here: https://forum.iredmail.org/post72005.html#p72005

Re: Why are you interested in iRedMail?

December 19, 2019, 1:58 pm
$
0
0

bao th? thao
<a href=https://www.datanumen.com/outlook-repair/>
afc cupV</a>

nftables rule no ping floods

December 19, 2019, 9:34 pm
$
0
0

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.0
- Deployed with iRedMail offline
- Linux/BSD distribution name and version: Debian 10
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP -> Active Directory
- Web server: Nginx
- Manage mail accounts with iRedAdmin-Pro? NONE
====

the rule describing flood blocking does not work, moreover, it blocks ping requests
but if you install it in the right place it works as expected

Fixit
example https://wiki.archlinux.org/index.php/Nf … Limit_rate

move the rules (# no ping floods) after this rule (# accept any localhost traffic)
You can also add a blacklist as I have done
nftables.conf

#!/usr/sbin/nft -f

flush ruleset

# `inet` applies to both IPv4 and IPv6.
table inet filter {

    set blacklist-v4 {
        type ipv4_addr
             flags interval
             auto-merge
             elements = { 185.176.221.167, 81.30.158.0/24,
                          213.137.128.0/19 }
    }

    chain input {
        type filter hook input priority 0;

        # accept any localhost traffic
        iif lo accept

        # no ping floods
        ip6 nexthdr icmpv6 icmpv6 type echo-request limit rate over 10/second burst 4 packets drop
        ip protocol icmp icmp type echo-request limit rate over 10/second burst 4 packets drop

        # accept traffic originated from us
        ct state established,related counter accept

        # drop ip form blacklist
        ip saddr @blacklist-v4 drop

        # accept ICMP & IGMP
        ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, mld-listener-query, mld-listener-report, mld-listener-reduction, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, ind-neighbor-solicit, ind-neighbor-advert, mld2-listener-report } accept
        ip protocol icmp icmp type { echo-request, destination-unreachable, router-solicitation, router-advertisement, time-exceeded, parameter-problem } accept
        ip protocol igmp accept

        # DNS/named/BIND/53
        #tcp dport 53 accept
        #udp dport 53 accept

        # ssh (only local)
        tcp dport 22 ip saddr { 10.0.0.0/8, 192.168.0.0/16} accept

        # http/https (only local)
        tcp dport 80 ip saddr { 10.0.0.0/8, 192.168.0.0/16} accept
        tcp dport 443 ip saddr { 10.0.0.0/8, 192.168.0.0/16} accept

        # smtp/submission
        tcp dport 25 accept
        tcp dport 587 accept

        # smtps/SMTP over SSL (only local)
        tcp dport 465 ip saddr { 10.0.0.0/8, 192.168.0.0/16} accept

        # pop3/pop3s
        tcp dport 110 accept
        tcp dport 995 accept

        # imap/imaps
        tcp dport 143 accept
        tcp dport 993 accept

        # sieve (only local)
        tcp dport 2000 ip saddr { 10.0.0.0/8, 192.168.0.0/16} accept
        tcp dport 4190 ip saddr { 10.0.0.0/8, 192.168.0.0/16} accept

        # zabbix (only local)
        tcp dport 1050 ip saddr { 10.0.0.0/8, 192.168.0.0/16} accept
        tcp dport 1051 ip saddr { 10.0.0.0/8, 192.168.0.0/16} accept


        # count and drop any other traffic
        counter drop
    }

    chain output {
        type filter hook output priority 0;
        policy accept;
    }

    chain forward {
        type filter hook forward priority 0;
        policy drop;
    }
}

Re: Why are you interested in iRedMail?

December 19, 2019, 10:32 pm
$
0
0

Not out the iRedMail is a very good mail. Most of the iPhone users use this mail. It has lots of plus points like easy and fast to deploy, full-featured, stable, etc are the good feature of iRedMail. And a few good features are you can check from https://www.facebook.com.

Re: Since iRedMail 1.0 and Buster Mail delivery takes longer

December 20, 2019, 12:22 am
$
0
0

Thats why I edited my post afterwards.

The File /etc/ssl/dh2048_param.pem is already there. And the Error Message was that the "lenght" parameter is not longer needed. And not that the .pem File is not  in place. wink

The thing is ... I always strictly Upgrade the iRedMail releases with the Guides here. Like many other people too. And these one who upgraded to Buster, iRedMail1.0 and Dovecot 3.x (like me) should actually have the same problem as me.

Viewing all 43386 articles
Browse latest View live
Search