Quantcast
Channel: iRedMail — iRedMail Support
Viewing all 43363 articles
Browse latest View live

Re: Upgrade from iRedAPD 1.4.3 to 1.4.4

January 4, 2015, 12:14 pm
$
0
0

Thank you I edited /opt/iredapd/settings.py

In case someone else trips on this and is not familiar with the syntax
The line was plugins = ["sql_alias_access_policy", "sql_user_restrictions"]
I changed it to plugins = ["sql_alias_access_policy", "sql_user_restrictions","reject_null_sender"]

I was hoping for something like this.
More Info on what this does from /opt/iRedAPD-1.4.4/plugins/reject_null_sender.py

# Author: Zhang Huangbin <zhb _at_ iredmail.org>
#
# Purpose: Reject message submitted by sasl authenticated user but specifying
#          null sender in 'From:' header (from=<> in Postfix log).
#
#          If your user's password was cracked by spammer, spammer can use
#          this account to bypass smtp authentication, but with a null sender
#          in 'From:' header, throttling won't be triggered.
#
# How to use this plugin:
#
# *) Enable this plugin in iRedAPD config file /opt/iredapd/settings.py:
#
#    plugins = ['reject_null_sender', ...]
#
# *) Restart iRedAPD service.

Search

Re: Upgrade from iRedAPD 1.4.3 to 1.4.4

January 4, 2015, 12:23 pm
$
0
0
mir wrote:
jpforte wrote:

Where do it update Reject_null_sender to be a plugin?

/opt/iredapd/settings.py

jpforte wrote:

How do enable that? in postfix main it already has "smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031"

/etc/postfix/main.cf

I changed smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031

to

smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031,check_policy_service inet:127.0.0.1:7777

Then service postfix restart, with no errors.

Is this correct?

Re: Upgrade from iRedAPD 1.4.3 to 1.4.4

January 4, 2015, 2:16 pm
$
0
0

You should swap it around like:

smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777,check_policy_service inet:127.0.0.1:10031

END-OF-MESSAGE state is a fairly quick check so if it already fails this check there is no need to bring in the big guns.

Re: Upgrade from iRedAPD 1.4.3 to 1.4.4

January 4, 2015, 4:00 pm
$
0
0

Better to use it as first plugin:

plugins = ["reject_null_sender", "sql_alias_access_policy", "sql_user_restrictions"]

About smtpd_end_of_data_restrictions support, currently only one plugin is available in iRedAPD - "amavisd_message_size_limit". If you don't need it, you should not enable iRedAPD in smtpd_end_of_data_restrictions.

I'm sorry that I didn't make it clear in upgrade tutorial, will fix it later.

'reject_sender_login_mismatch' in /etc/postfix/main.cf without effect

January 4, 2015, 4:29 pm
$
0
0

======== Required information ====
- iRedMail version: 0.9.0
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: Ubuntu 12.04.5 LTS
- Related log if you're reporting an issue: /var/log/mail.log
====


Hello,

during the upgrade from 0.8.7 -> 0.9.0 I have tested the 'reject_sender_login_mismatch' postfix option without any effect on my server; set or unset doesn't matter, always the same:

Jan  5 01:15:35 post postfix/smtpd[12677]: connect from sender.abc.de[1.2.3.4]
Jan  5 01:15:36 post postfix/smtpd[12677]: 3534A40008E6: client=sender.abc.de[1.2.3.4], sasl_method=LOGIN, sasl_username=user1@example1.com
Jan  5 01:15:37 post postfix/cleanup[12682]: 3534A40008E6: message-id=<3644063.mmailer1900673248@home.lan>
Jan  5 01:15:37 post postfix/qmgr[10837]: 3534A40008E6: from=<user2@example1.com>, size=463, nrcpt=1 (queue active)
Jan  5 01:15:37 post postfix/smtpd[12677]: disconnect from sender.abc.de[1.2.3.4]

Any idea?
(The new iRedAPD plugin not activated yet)

Re: Originating mail domains that are not being managed by iRedMail

January 4, 2015, 5:22 pm
$
0
0

It seems the MySQL service problem caused by memory. Can u run "top" command and capture the data to check?

Re: 'reject_sender_login_mismatch' in /etc/postfix/main.cf without effect

January 4, 2015, 6:14 pm
$
0
0

*) Could you please show us output of command "postconf smtpd_recipient_restrictions"? and value of parameter 'plugins =' in /opt/iredapd/settings.py.

*) Are you running the latest iRedAPD-1.4.4?

Re: Originating mail domains that are not being managed by iRedMail

January 4, 2015, 6:16 pm
$
0
0
GJT wrote:

Jan  4 16:35:58 endeavour amavis[3109]: (03109-01) (!)connect to /tmp/clamd.sock                                                                                et failed, attempt #1: Can't connect to UNIX socket /tmp/clamd.socket: No such f                                                                                ile or directory

ClamAV service is not running.

As @michael mentioned, Amavisd and ClamAV services may stop due to lack of memory.

Search

Re: Return-Path filter for spam?

January 4, 2015, 6:26 pm

Problem with iRedMail 0.9.0, backupmx and custom relay broken

January 5, 2015, 12:57 am
$
0
0

======== Required information ====
- iRedMail version: 0.9.0
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: Debian 7
- Related log if you're reporting an issue:
====

Hello Zhang,

Today I upgraded to the newest iRedMail 0.9.0 release (including iRedAPD etc...) according to your manual.
Thank you very much for your great software and documentation!

Unfortunately I discovered a problem and I would like to get your feedback about that issue.

Problem summary:
=================

BackupMX and custom SMTP relay is broken since 0.9.0

Why is this feature used:
=======================

We are accepting email for example.com, scan them for viruses, malware, do graylisting etc. If the email message is clean, it is relayed to the destination SMTP server. This function is somewhat like a SMTP firewall and scanning service for servers which shall not be reachable from the internet (like microsoft exchange)

Problem description:
===================

In the MySQL database vmail/domains the domain example.com has backupmx=1 and a custom SMTP relay setting smtp:[1.2.3.4]
This is done in order to accept the email messages but without checking the presence of the mailbox (which does not work for obvious reasons)

In the update description you tell to modify the transport_maps_domain.cf file in order to check if backupmx is 0
See:
http://www.iredmail.org/docs/upgrade.ir … query-file

Now incoming email messages for all customers subscribed to this feature are not forwarded anymore.
Postfix tries to send email to the MX record of the domain (to itself!!!) although even it shall send it to the configured transport setting in the database.

The web interface of iRedAdmin-Pro MySQL (1.9.0) the setting "Mark as backup MX" is grayed out and the question mark shows "Backup MX does not work with custom relay"

IMHO the new version does break a previously working and useful feature.

I reverted the modification to the transport_maps_domain.cf but iRedAdmin-Pro does still force the invalid setting sad

Please let me know.

Best regards,

Bernhard

----

Some logs:

Postfix sends email to itself (IP address hidden, connection timed out due to firewall NAT)

Jan  5 09:13:44 mail postfix/smtp[5190]: A973D29847: to=<xxx@example.com>, relay=none, delay=1094, delays=1063/0.03/30/0, dsn=4.4.1, status=deferred (connect to mail.xxxx.net[xx.xx.xx.xx]:25: Connection timed out)

This is how it shall look like:

Jan  5 09:55:29 mail postfix/smtp[6209]: C928E200AE: to=<xxx@example.com>, relay=xx.xx.xx.xx[xx.xx.xx.xx]:25, delay=0.46, delays=0.02/0.02/0.02/0.4, dsn=2.6.0, status=sent (250 2.6.0 <xxxx@gmail.com> [InternalId=378] Queued mail for delivery)

Re: 'reject_sender_login_mismatch' in /etc/postfix/main.cf without effect

January 5, 2015, 1:43 am
$
0
0

Thanks for your reply!

The initial version was 0.8.3 and I upgraded "from one release to the release immediately following it". I never skip any release!

~# postconf smtpd_recipient_restrictions
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname

Yes, running the latest iRedAPD-1.4.4 currently without the new 'reject_sender_login_mismatch' plugin, as mentioned above
/op/iredapd/settings.py:

plugins = ['ldap_maillist_access_policy', 'ldap_amavisd_block_blacklisted_senders', 'reject_null_sender']

Re: Return-Path filter for spam?

January 5, 2015, 3:36 am
$
0
0

the test is for mydomain.com within the return path string...

Sogo mail aliases

January 5, 2015, 3:59 am
$
0
0

==== Required information ====
- iRedMail version: 0.9.0
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):LDAP
- Linux/BSD distribution name and version: Ubuntu 14.04
- Related log if you're reporting an issue:
====
Helo

I use iRedmail with SOGo on LDAP without Roundcube.
I try create mail alias for user account but without success.

What documentation should I use? iRedmail or SOGo ?

Could you help me ?

Sogo mail group

January 5, 2015, 4:12 am
$
0
0

==== Required information ====
- iRedMail version: 0.9.0
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):LDAP
- Linux/BSD distribution name and version: Ubuntu 14.04
iRedmail with SOGo on LDAP without Roundcube.
====
Helo

Like my other topics about mail aliases, in this I ask about mail group and normal group create in iRedmail with SOGo.
I have problem to find information about this. I don't know what I should search.
iRedmail config or SOGo config? Perhaps other ?

Mail Group (in my thinking) - that is group of users with one mail address. When I send mail for this address all users from groups receive this mail. Send mail for this group is possible only for group moderators or member of group.

Normal Group - that is group of users ( with or without mail address). When I create appointment or task and add this group name for recipients, all users from this group should receive invitation.

Could you help me ?

iRedOS

January 5, 2015, 7:29 am
$
0
0

hello.
I want to note that iREDMail wonderful product
often used it and implemented in the organization.
I have a big request to you is.
Please anyone has .iso files iRedOS 0.6.0 and 0.7.1 (i386 + x64).
I will be very grateful, I really need these files. I can not find them on the Internet.
thank you. mail: free@ustsmsk.ru

Search

Re: Originating mail domains that are not being managed by iRedMail

January 5, 2015, 10:37 am
$
0
0
ZhangHuangbin wrote:
GJT wrote:

Jan  4 16:35:58 endeavour amavis[3109]: (03109-01) (!)connect to /tmp/clamd.sock                                                                                et failed, attempt #1: Can't connect to UNIX socket /tmp/clamd.socket: No such f                                                                                ile or directory

ClamAV service is not running.

As @michael mentioned, Amavisd and ClamAV services may stop due to lack of memory.


guys,

I believe the problem is not the lack of memory on the server, because as we can see below, I'm all active services and have a relatively free margin of memory.

# top
top - 18:27:29 up 11 min,  1 user,  load average: 0.00, 0.03, 0.05
Tasks:  86 total,   1 running,  85 sleeping,   0 stopped,   0 zombie
%Cpu(s):  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem:    508936 total,   361428 used,   147508 free,     5420 buffers
KiB Swap:        0 total,        0 used,        0 free,    26188 cached

  PID USER      PR  NI  VIRT  RES  SHR S  %CPU %MEM    TIME+  COMMAND
    1 root      20   0 10652  132    0 S   0.0  0.0   0:00.53 init
    2 root      20   0     0    0    0 S   0.0  0.0   0:00.00 kthreadd
    3 root      20   0     0    0    0 S   0.0  0.0   0:00.02 ksoftirqd/0
    5 root      20   0     0    0    0 S   0.0  0.0   0:00.00 kworker/u:0
    6 root      rt   0     0    0    0 S   0.0  0.0   0:00.00 migration/0
    7 root      rt   0     0    0    0 S   0.0  0.0   0:00.00 watchdog/0
    8 root       0 -20     0    0    0 S   0.0  0.0   0:00.00 cpuset
    9 root       0 -20     0    0    0 S   0.0  0.0   0:00.00 khelper
   10 root      20   0     0    0    0 S   0.0  0.0   0:00.00 kdevtmpfs
   11 root       0 -20     0    0    0 S   0.0  0.0   0:00.00 netns
   12 root      20   0     0    0    0 S   0.0  0.0   0:00.00 sync_supers
   13 root      20   0     0    0    0 S   0.0  0.0   0:00.00 bdi-default
   14 root       0 -20     0    0    0 S   0.0  0.0   0:00.00 kintegrityd
   15 root       0 -20     0    0    0 S   0.0  0.0   0:00.00 kblockd
   16 root      20   0     0    0    0 S   0.0  0.0   0:00.16 kworker/0:1
   17 root      20   0     0    0    0 S   0.0  0.0   0:00.00 khungtaskd
   18 root      20   0     0    0    0 S   0.0  0.0   0:00.04 kswapd0

However, I must admit that the service of Clamav is not working. When I run the script iRedMail.sh always have the same and single error during the installation of the packages, as taken from the console:

Clamav-freshclam setting up (0.98.4 + dfsg-0 + deb7u2) ...
[Ok] Starting ClamAV virus database updater: freshclam.
Setting up clamav (0.98.4 + dfsg-0 + deb7u2) ...
Setting up clamav-daemon (0.98.4 + dfsg-0 + deb7u2) ...
[FAIL] Clamav signatures not found in / var / lib / clamav ... failed!
[FAIL] Please retrieve Them using freshclam ... failed!
[FAIL] Then run '/etc/init.d/clamav-daemon start' ... failed!

I have done several searches to verify the reason why I can not do Clamav be installed correctly, but not getting success. So I decided to remove the clamav package, believing that they would not lack for being an antivirus.

In connection to the amavis, he is running even when the error happens because the only service that is for MySQL.

Well, I'm the disposition to perform the test it is necessary to seek a solution.

Thank you all.

Regards

Re: Originating mail domains that are not being managed by iRedMail

January 5, 2015, 11:08 am
$
0
0

You do not have enough free RAM on our server to start clamav. You need to add more RAM

Re: Mailbox is full with SOGo notifications after 0.9.0!

January 6, 2015, 6:45 am
$
0
0

Looks like a bug in iRedMail, will try to reproduce this issue and fix it.

Btw, did you install sogo manually or install it by iRedMail?

Re: Howto disable SMTP service for specific mailbox

January 6, 2015, 6:46 am
$
0
0

changing mailbox.enablesmtp and mailbox.enablesmtpsecured to 0 is the right way. How did you test sending mail?

Re: LDAP ISSUE Intergrating Microsoft Active directory to iredmail

January 6, 2015, 6:48 am
$
0
0

my conf file looks like yours , he can't get adressbook ... is there a solution to know my adressbook name on AD ?

Viewing all 43363 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>