Re: Gmail saying email is unencrypted on Fresh iRedMail Install

February 15, 2017, 6:37 pm

≪ Previous: Re: Gmail saying email is unencrypted on Fresh iRedMail Install

someting wrote:

Received: from mail.examplexx.com (mail.examplexx.com. [191.xxx.xxx.123])
by mx.google.com with ESMTP id n14si3859523qkl.104.2017.02.15.14.23.45
for <mygmail@gmail.com>;
Wed, 15 Feb 2017 14:23:47 -0800 (PST)

This one is the key.

Do you have "smtp_tls_received_header = yes" in Postfix main.cf? NOTE: for server-to-server communication, it's "smtp_tls_received_header", not "smtpd_*"

↧

iRedAPD not start!

February 16, 2017, 12:02 am

≫ Next: Re: iRedAPD not start!

≪ Previous: Re: Gmail saying email is unencrypted on Fresh iRedMail Install

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
======== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5.-1
- Linux/BSD distribution name and version: CentOS 6
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? iRedAdmin-Pro-SQL 2.4.1
- Related log if you're reporting an issue:
====

iRedAPD error
#service iredapd restart
#iredapd is already stopped.
Starting iredapd ...
Traceback (most recent call last):
File "/opt/iredapd/iredapd.py", line 24, in <module>
from libs.logger import logger
File "/opt/iRedAPD-1.9.1/libs/logger.py", line 119, in <module>
log_level = getattr(logging, str(settings.log_level).upper())
AttributeError: 'module' object has no attribute 'log_level'

Iredapd.log
2017-02-16 11:05:59 INFO [203.162.146.186] RCPT, XXXXX , DUNNO
2017-02-16 11:05:59 INFO [203.162.146.186] RCPT, XXXXX, DUNNO
2017-02-16 11:05:59 INFO [203.162.146.186] END-OF-MESSAGE, XXXX-> , DUNNO

maillog.
Feb 16 11:51:04 mail2 postfix/submission/smtpd[7351]: NOQUEUE: reject: RCPT from mail2.mx.
[127.0.0.1]: 451 4.3.5 Server configuration problem; from=<test@xxx> to=<test@xxx> proto=ESMTP helo=<mail.xxx>
Feb 16 11:51:04 mail2 roundcube: ERROR: Invalid response code received from server (451) Feb 16 11:51:04 mail2 roundcube: <8koc4r2o> SMTP Error: Failed to add recipient 'test@xxx'. 4.3.5 Server configuration problem (Code: 451) in /var/www/roundcubemail-1.2.0/ program/lib/Roundcube/rcube.php on line 1595 (POST /mail/?_task=mail&_unlock=loading148722
0661719&_lang=en_US&_framed=1&_action=send)

Feb 16 14:46:56 mail2 abrt: detected unhandled Python exception in '/opt/iredapd/iredapd.py'
Feb 16 14:46:56 mail2 abrt-server[31703]: Saved Python crash dump of pid 31702 to /var/spool/abrt/pyhook-2017-02-16-14:46:56-31702
Feb 16 14:46:56 mail2 abrtd: Directory 'pyhook-2017-02-16-14:46:56-31702' creation detected Feb 16 14:46:56 mail2 abrtd: Executable '/opt/iredapd/iredapd.py' doesn't belong to any package and ProcessUnpackaged is set to 'no'
Feb 16 14:46:56 mail2 abrtd: 'post-create' on '/var/spool/abrt/pyhook-2017-02-16-14:46:56-31702' exited with 1 Feb 16 14:46:56 mail2 abrtd: Deleting problem directory '/var/spool/abrt/pyhook-2017-02-16-14:46:56-31702'

Mail server not send and receive mail. How can fix problem.
Thanks for your help.

↧

Re: iRedAPD not start!

February 16, 2017, 12:03 am

≫ Next: Re: iredapd header checks

≪ Previous: iRedAPD not start!

dudd wrote:

AttributeError: 'module' object has no attribute 'log_level'

Seems you don't have parameter "log_level =" in /opt/iredapd/settings.py. Please double check.

You can find sample config file under same directory: /opt/iredapd/settings.py.sample.

↧

Re: iredapd header checks

February 16, 2017, 12:04 am

≫ Next: Re: iRedAPD not start!

≪ Previous: Re: iRedAPD not start!

Here is a similar (anonymized) mail header and corresponding iredapd debug log.

Return-Path: <imzidqt@woodmebel.co.ua>
Delivered-To: user@mydomain.com
Received: from mail.mydomain.com (localhost [127.0.0.1])
    by mail.mydomain.com (Postfix) with ESMTP id 40BD520EA
    for <user@mydomain.com>; Mon, 13 Feb 2017 01:28:41 +0100 (CET)
X-Virus-Scanned: amavisd-new at mail.mydomain.com
X-Spam-Flag: YES
X-Spam-Score: 10.065
X-Spam-Level: **********
X-Spam-Status: Yes, score=10.065 tagged_above=2 required=6.2
    tests=[FUZZY_ERECT=1.306, HTML_IMAGE_ONLY_12=1.629,
    HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.259, MPART_ALT_DIFF=0.724,
    RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
    TVD_SPACE_RATIO=0.001, URIBL_ABUSE_SURBL=1.948, URIBL_BLACK=1.7,
    URIBL_DBL_SPAM=2.5] autolearn=no autolearn_force=no
Received: from mail.mydomain.com ([127.0.0.1])
    by mail.mydomain.com (mail.mydomain.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id ByfzbRYBd0EF for <user@mydomain.com>;
    Mon, 13 Feb 2017 01:28:38 +0100 (CET)
Received: from woodmebel.co.ua (woodmebel.co.ua [89.163.225.26])
    by mail.mydomain.com (Postfix) with ESMTP id D568616B2
    for <philipp@schellworth.de>; Mon, 13 Feb 2017 01:28:37 +0100 (CET)
Received: from woodmebel.co.ua (woodmebel.co.ua [89.163.225.26])
    by woodmebel.co.ua (Postfix) with ESMTPA id 32E241C220F3;
    Mon, 13 Feb 2017 02:03:11 +0200 (EET)
Message-ID: <6e9501d2859d$6b2963c0$1105fdfd@imzidqt>
Reply-To: "Versandapotheke" <imzidqt@woodmebel.co.ua>
From: "Versandapotheke" <imzidqt@woodmebel.co.ua>
To: <balou@saupacker-vom-erzgebirgsblick.de>
Subject: ***Spam*** Arzneimittel zur Erektionsdysfunktion
Date: Mon, 13 Feb 2017 02:03:50 +0200
MIME-Version: 1.0
Content-Type: multipart/related;
    type="multipart/alternative";
    boundary="----=_NextPart_000_0018_01D2859D.512D2B00"
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail 14.0.8117.416
X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8117.416

iredapd 2.0, iredmail 0.9.6 (upgraded from a clean 0.9.5-1 install) on CentOS 7.3.1611, LDAP backend

2017-02-13 01:28:37 DEBUG Connect from 127.0.0.1, port 36294.
2017-02-13 01:28:37 DEBUG smtp session: request=smtpd_access_policy
2017-02-13 01:28:37 DEBUG smtp session: protocol_state=RCPT
2017-02-13 01:28:37 DEBUG smtp session: protocol_name=ESMTP
2017-02-13 01:28:37 DEBUG smtp session: client_address=89.163.225.26
2017-02-13 01:28:37 DEBUG smtp session: client_name=woodmebel.co.ua
2017-02-13 01:28:37 DEBUG smtp session: reverse_client_name=woodmebel.co.ua
2017-02-13 01:28:37 DEBUG smtp session: helo_name=woodmebel.co.ua
2017-02-13 01:28:37 DEBUG smtp session: sender=imzidqt@woodmebel.co.ua
2017-02-13 01:28:37 DEBUG smtp session: recipient=user@mydomain.com
2017-02-13 01:28:37 DEBUG smtp session: recipient_count=0
2017-02-13 01:28:37 DEBUG smtp session: queue_id=
2017-02-13 01:28:37 DEBUG smtp session: instance=6459.58a0fdb5.89308.0
2017-02-13 01:28:37 DEBUG smtp session: size=836836
2017-02-13 01:28:37 DEBUG smtp session: etrn_domain=
2017-02-13 01:28:37 DEBUG smtp session: stress=
2017-02-13 01:28:37 DEBUG smtp session: sasl_method=
2017-02-13 01:28:37 DEBUG smtp session: sasl_username=
2017-02-13 01:28:37 DEBUG smtp session: sasl_sender=
2017-02-13 01:28:37 DEBUG smtp session: ccert_subject=
2017-02-13 01:28:37 DEBUG smtp session: ccert_issuer=
2017-02-13 01:28:37 DEBUG smtp session: ccert_fingerprint=
2017-02-13 01:28:37 DEBUG smtp session: ccert_pubkey_fingerprint=
2017-02-13 01:28:37 DEBUG smtp session: encryption_protocol=
2017-02-13 01:28:37 DEBUG smtp session: encryption_cipher=
2017-02-13 01:28:37 DEBUG smtp session: encryption_keysize=0
2017-02-13 01:28:37 DEBUG LDAP connection initialied success.
2017-02-13 01:28:37 DEBUG LDAP bind success.
2017-02-13 01:28:37 DEBUG --> Apply plugin: reject_to_hostname
2017-02-13 01:28:37 DEBUG <-- Result: DUNNO
2017-02-13 01:28:37 DEBUG --> Apply plugin: reject_null_sender
2017-02-13 01:28:37 DEBUG <-- Result: DUNNO
2017-02-13 01:28:37 DEBUG --> Apply plugin: reject_sender_login_mismatch
2017-02-13 01:28:37 DEBUG Not an authenticated sender (no sasl_username).
2017-02-13 01:28:37 DEBUG Sender domain is not hosted locally.
2017-02-13 01:28:37 DEBUG <-- Result: DUNNO
2017-02-13 01:28:37 DEBUG --> Apply plugin: greylisting
2017-02-13 01:28:37 DEBUG [SQL] Query greylisting whitelists: 
SELECT id, sender, comment
               FROM greylisting_whitelists
              WHERE account IN ('user@mydomain.com', '@mydomain.com', '@.')
2017-02-13 01:28:37 DEBUG No whitelist found.
2017-02-13 01:28:37 DEBUG [SQL] query greylisting settings: 
SELECT id, account, sender, sender_priority, active
               FROM greylisting
              WHERE account IN ('user@mydomain.com', '@mydomain.com', '@.')
              ORDER BY priority DESC, sender_priority DESC
2017-02-13 01:28:37 DEBUG [SQL] query result: [(1L, '@.', '@.', 0, 1)]
2017-02-13 01:28:37 DEBUG Greylisting should be applied according to SQL record: (id=1, account='@.', sender='@.')
2017-02-13 01:28:37 DEBUG [SQL] check whether client address (89.163.225.26) passed greylisting: 
SELECT id
               FROM greylisting_tracking
              WHERE client_address='89.163.225.26'
                    AND passed=1
              LIMIT 1
2017-02-13 01:28:37 DEBUG Client address (89.163.225.26) passed greylisting.
2017-02-13 01:28:37 DEBUG <-- Result: DUNNO
2017-02-13 01:28:37 DEBUG --> Apply plugin: throttle
2017-02-13 01:28:37 DEBUG Check sender throttling.
2017-02-13 01:28:37 DEBUG [SQL] Query throttle setting:

        SELECT id, account, priority, period, max_msgs, max_quota, msg_size
          FROM throttle
         WHERE kind='external' AND account IN ('89.163.225.26', '@ip', '@.', 'imzidqt@woodmebel.co.ua', '@woodmebel.co.ua', '@.woodmebel.co.ua', '@co.ua', '@.co.ua', '@ua', '@.ua', '89.163.225.*', '89.163.*.26')
         ORDER BY priority DESC
         
2017-02-13 01:28:37 DEBUG [SQL] Query result:
[]
2017-02-13 01:28:37 DEBUG No sender throttle setting.
2017-02-13 01:28:37 DEBUG Check recipient throttling.
2017-02-13 01:28:37 DEBUG [SQL] Query throttle setting:

        SELECT id, account, priority, period, max_msgs, max_quota, msg_size
          FROM throttle
         WHERE kind='inbound' AND account IN ('89.163.225.26', '@ip', '@.', 'user@mydomain.com', '@mydomain.com', ‘@.mydomain.com’, ‘@com’, '@.de', '89.163.225.*', '89.163.*.26')
         ORDER BY priority DESC
         
2017-02-13 01:28:37 DEBUG [SQL] Query result:
[]
2017-02-13 01:28:37 DEBUG No recipient throttle setting.
2017-02-13 01:28:37 DEBUG <-- Result: DUNNO
2017-02-13 01:28:37 DEBUG [+] Getting LDIF data of account: user@mydomain.com
2017-02-13 01:28:37 DEBUG search base dn: o=domains,dc=mydomain,dc=de
2017-02-13 01:28:37 DEBUG search scope: SUBTREE
2017-02-13 01:28:37 DEBUG search filter: (&(|(mail=user@mydomain.com)(shadowAddress=user@mydomain.com))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2017-02-13 01:28:37 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy']
2017-02-13 01:28:37 DEBUG result: [('mail=user@mydomain.de,ou=Users,domainName=mydomain.de,o=domains,dc=mydomain,dc=de', {'objectClass': ['inetOrgPerson', 'mailUser', 'shadowAccount', 'amavisAccount']})]
2017-02-13 01:28:37 DEBUG --> Apply plugin: ldap_maillist_access_policy
2017-02-13 01:28:37 DEBUG <-- Result: DUNNO (Recipient is not a mailing list account)
2017-02-13 01:28:37 DEBUG --> Apply plugin: amavisd_wblist
2017-02-13 01:28:37 DEBUG Possible policy senders: ['@.', 'imzidqt@woodmebel.co.ua', '@woodmebel.co.ua', '@.woodmebel.co.ua', '@co.ua', '@.co.ua', '@ua', '@.ua', 'imzidqt@*', '89.163.225.26', '89.163.225.*', '89.163.*.26']
2017-02-13 01:28:37 DEBUG Possible policy recipients: ['@.', 'user@mydomain.com', '@mydomain.com', '@.mydomain.com', '@com', '@.de']
2017-02-13 01:28:37 DEBUG Apply wblist for inbound message.
2017-02-13 01:28:37 DEBUG [SQL] Query local addresses: 
SELECT id, email
               FROM users
              WHERE email IN ('@.', 'user@mydomain.com', '@mydomain.com', '@.mydomain.com', '@com', '@.de')
           ORDER BY priority DESC
2017-02-13 01:28:37 DEBUG Local addresses (in `users`): [(1L, '@.')]
2017-02-13 01:28:37 DEBUG [SQL] Query external addresses: 
SELECT id, email
               FROM mailaddr
              WHERE email IN ('@.', 'imzidqt@woodmebel.co.ua', '@woodmebel.co.ua', '@.woodmebel.co.ua', '@co.ua', '@.co.ua', '@ua', '@.ua', 'imzidqt@*', '89.163.225.26', '89.163.225.*', '89.163.*.26')
           ORDER BY priority DESC
2017-02-13 01:28:37 DEBUG No record found in SQL database.
2017-02-13 01:28:37 DEBUG No valid sender id or recipient id.
2017-02-13 01:28:37 DEBUG <-- Result: DUNNO
2017-02-13 01:28:37 DEBUG Skip plugin: whitelist_outbound_recipient (protocol_state != RCPT)
2017-02-13 01:28:37 DEBUG Session ended.
2017-02-13 01:28:37 INFO 89.163.225.26 RCPT, imzidqt@woodmebel.co.ua -> user@mydomain.com, DUNNO [0.0992s]
2017-02-13 01:28:37 DEBUG Close LDAP connection.
2017-02-13 01:28:38 DEBUG smtp session: request=smtpd_access_policy
2017-02-13 01:28:38 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2017-02-13 01:28:38 DEBUG smtp session: protocol_name=ESMTP
2017-02-13 01:28:38 DEBUG smtp session: client_address=89.163.225.26
2017-02-13 01:28:38 DEBUG smtp session: client_name=woodmebel.co.ua
2017-02-13 01:28:38 DEBUG smtp session: reverse_client_name=woodmebel.co.ua
2017-02-13 01:28:38 DEBUG smtp session: helo_name=woodmebel.co.ua
2017-02-13 01:28:38 DEBUG smtp session: sender=imzidqt@woodmebel.co.ua
2017-02-13 01:28:38 DEBUG smtp session: recipient=user@mydomain.com
2017-02-13 01:28:38 DEBUG smtp session: recipient_count=1
2017-02-13 01:28:38 DEBUG smtp session: queue_id=D568616B2
2017-02-13 01:28:38 DEBUG smtp session: instance=6459.58a0fdb5.89308.0
2017-02-13 01:28:38 DEBUG smtp session: size=836836
2017-02-13 01:28:38 DEBUG smtp session: etrn_domain=
2017-02-13 01:28:38 DEBUG smtp session: stress=
2017-02-13 01:28:38 DEBUG smtp session: sasl_method=
2017-02-13 01:28:38 DEBUG smtp session: sasl_username=
2017-02-13 01:28:38 DEBUG smtp session: sasl_sender=
2017-02-13 01:28:38 DEBUG smtp session: ccert_subject=
2017-02-13 01:28:38 DEBUG smtp session: ccert_issuer=
2017-02-13 01:28:38 DEBUG smtp session: ccert_fingerprint=
2017-02-13 01:28:38 DEBUG smtp session: ccert_pubkey_fingerprint=
2017-02-13 01:28:38 DEBUG smtp session: encryption_protocol=
2017-02-13 01:28:38 DEBUG smtp session: encryption_cipher=
2017-02-13 01:28:38 DEBUG smtp session: encryption_keysize=0
2017-02-13 01:28:38 DEBUG LDAP connection initialied success.
2017-02-13 01:28:38 DEBUG LDAP bind success.
2017-02-13 01:28:38 DEBUG Skip plugin: reject_to_hostname (protocol_state != END-OF-MESSAGE)
2017-02-13 01:28:38 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2017-02-13 01:28:38 DEBUG Skip plugin: reject_sender_login_mismatch (protocol_state != END-OF-MESSAGE)
2017-02-13 01:28:38 DEBUG Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)
2017-02-13 01:28:38 DEBUG --> Apply plugin: throttle
2017-02-13 01:28:38 DEBUG Check sender throttling.
2017-02-13 01:28:38 DEBUG [SQL] Query throttle setting:

        SELECT id, account, priority, period, max_msgs, max_quota, msg_size
          FROM throttle
         WHERE kind='external' AND account IN ('89.163.225.26', '@ip', '@.', 'imzidqt@woodmebel.co.ua', '@woodmebel.co.ua', '@.woodmebel.co.ua', '@co.ua', '@.co.ua', '@ua', '@.ua', '89.163.225.*', '89.163.*.26')
         ORDER BY priority DESC
         
2017-02-13 01:28:38 DEBUG [SQL] Query result:
[]
2017-02-13 01:28:38 DEBUG No sender throttle setting.
2017-02-13 01:28:38 DEBUG Check recipient throttling.
2017-02-13 01:28:38 DEBUG [SQL] Query throttle setting:

        SELECT id, account, priority, period, max_msgs, max_quota, msg_size
          FROM throttle
         WHERE kind='inbound' AND account IN ('89.163.225.26', '@ip', '@.', 'user@mydomain.com', '@mydomain.com', '@.mydomain.com', '@com', '@.de', '89.163.225.*', '89.163.*.26')
         ORDER BY priority DESC
         
2017-02-13 01:28:38 DEBUG [SQL] Query result:
[]
2017-02-13 01:28:38 DEBUG No recipient throttle setting.
2017-02-13 01:28:38 DEBUG <-- Result: DUNNO
2017-02-13 01:28:38 DEBUG Skip plugin: ldap_maillist_access_policy (protocol_state != END-OF-MESSAGE)
2017-02-13 01:28:38 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2017-02-13 01:28:38 DEBUG --> Apply plugin: whitelist_outbound_recipient
2017-02-13 01:28:38 DEBUG No sasl_username found, skip.
2017-02-13 01:28:38 DEBUG <-- Result: DUNNO
2017-02-13 01:28:38 DEBUG Session ended.
2017-02-13 01:28:38 INFO 89.163.225.26 END-OF-MESSAGE, imzidqt@woodmebel.co.ua -> user@mydomain.com, DUNNO [0.0062s]
2017-02-13 01:28:38 DEBUG Close LDAP connection.

2017-02-16 09:05:17 INFO Starting iRedAPD (version: 2.0, backend: ldap), listening on 127.0.0.1:7777.
2017-02-16 09:05:17 INFO Log rotate type: time, interval: W6, backup copies: 12.
2017-02-16 09:05:17 INFO Loading plugin (priority: 100): reject_to_hostname
2017-02-16 09:05:17 INFO Loading plugin (priority: 100): reject_null_sender
2017-02-16 09:05:17 INFO Loading plugin (priority: 90): reject_sender_login_mismatch
2017-02-16 09:05:17 INFO Loading plugin (priority: 80): greylisting
2017-02-16 09:05:17 INFO Loading plugin (priority: 60): throttle
2017-02-16 09:05:17 INFO Loading plugin (priority: 50): ldap_maillist_access_policy
2017-02-16 09:05:17 INFO Loading plugin (priority: 40): amavisd_wblist
2017-02-16 09:05:17 INFO Loading plugin (priority: 10): whitelist_outbound_recipient

↧

Re: iRedAPD not start!

February 16, 2017, 12:22 am

≫ Next: Re: Skip vitual check

≪ Previous: Re: iredapd header checks

After problem I change /opt/iredapd/settings.py

# Log level: info, debug.
#log_level = "info"
log_level = "debug"

↧

Re: Skip vitual check

February 16, 2017, 12:36 am

≫ Next: Re: Gmail saying email is unencrypted on Fresh iRedMail Install

≪ Previous: Re: iRedAPD not start!

Just my setting of srs is wrong. I have select wrong database.

↧

Re: Gmail saying email is unencrypted on Fresh iRedMail Install

February 16, 2017, 2:56 am

≫ Next: I need to uninstall and reinstall Letsencrypt on my Iredmail server

≪ Previous: Re: Skip vitual check

ZhangHuangbin wrote:

someting wrote:
Received: from mail.examplexx.com (mail.examplexx.com. [191.xxx.xxx.123])
by mx.google.com with ESMTP id n14si3859523qkl.104.2017.02.15.14.23.45
for <mygmail@gmail.com>;
Wed, 15 Feb 2017 14:23:47 -0800 (PST)
This one is the key.
Do you have "smtp_tls_received_header = yes" in Postfix main.cf? NOTE: for server-to-server communication, it's "smtp_tls_received_header", not "smtpd_*"

Postfix doesn't seem to like "smtp_tls_received_header = yes". And it seems that only the internal smtpd connections are being encrypted and the outbound smtp connection to Gmail isn't.

You're right that is key.

While my emails show:
Received: from mail.examplexx.com (mail.examplexx.com. [191.xxx.xxx.123])
by mx.google.com with ESMTP id n14si3859523qkl.104.2017.02.15.14.23.45
for <mygmail@gmail.com>;
Wed, 15 Feb 2017 14:23:47 -0800 (PST)

And should be:
Received: from mail.examplexx.com (mail.examplexx.com. [191.xxx.xxx.123])
by mx.google.com with ESMTP id n14si3859523qkl.104.2017.02.15.14.23.45
for <mygmail@gmail.com>;
(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Wed, 15 Feb 2017 14:23:47 -0800 (PST)

It seems that the default settings of "smtp_tls_security_level = may" should be enough to apply tls to the server to server connection. Forcing encrypt with "smtp_tls_security_level = encrypt" makes the email undeliverable to Gmail - an email provider that definitely has tls capabilities.

Currently editing these in main.cf.

Maybe these settings need to be changed in master.cf to allow for the server to server smtp encryption?

↧

I need to uninstall and reinstall Letsencrypt on my Iredmail server

February 16, 2017, 8:23 am

≫ Next: Users cannot receive mail from same domain

≪ Previous: Re: Gmail saying email is unencrypted on Fresh iRedMail Install

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.6
- Linux/BSD distribution name and version: Ubuntu 16.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====

Hi all,
I have a LAMP ubuntu 16.04 working properly with Iredmail 0.9.6.

My Letsencrypt cert (1 Domain, 2 Subdomains, same cert) are coming up for renewal in three days, I keep getting errors that Letencrypt cannot autorenew.
So I would like to uninstall/reinstall So I can get the autorenew to work.
This is the error:

root@SERV:/home/adminpc# letsencrypt --apache renew
Processing /etc/letsencrypt/renewal/example.com.conf 2017-02-08
21:15:53,425:WARNING:letsencrypt.cli:Attempting to renew cert from
/etc/letsencrypt/renewal/example.com.conf produced an unexpected error: 'server'. Skipping.
All renewal attempts failed. The following certs could not be renewed:  
/etc/letsencrypt/live/example.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s) root@SERV:/home/adminpc#

Any help would be greatly appreciated.

↧

Users cannot receive mail from same domain

February 16, 2017, 8:54 am

≫ Next: Re: AWStats does not have any data

≪ Previous: I need to uninstall and reinstall Letsencrypt on my Iredmail server

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 2.4.0
- Linux/BSD distribution name and version: Ubuntu
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Yes
- Related log if you're reporting an issue:
====

We have a user that is unable to receive mail from another user on the same domain. They are able to receive mail fine from all external domain senders.

↧

Re: AWStats does not have any data

February 16, 2017, 12:43 pm

≫ Next: External server problem

≪ Previous: Users cannot receive mail from same domain

Data now displaying and icons showing properly after tweaking the awstats.conf (See below). From what I found in the Apache 2.4 documentation Require valid-user is still proper syntax.

#
Alias /awstatsclasses "/usr/share/awstats/wwwroot/classes/"
Alias /awstatscss "/usr/share/awstats/wwwroot/css/"
Alias /awstatsicons "/usr/share/awstats/wwwroot/icon/"
ScriptAlias /awstats/ "/usr/share/awstats/wwwroot/cgi-bin/"

DBDriver mysql
# Important note: use 'pass=' for MySQL, 'password=' for PostgreSQL.
DBDParams "host=127.0.0.1 port=3306 dbname=vmail user=vmail pass=[redacted]"

<Directory /usr/share/awstats/wwwroot/>
    DirectoryIndex awstats.pl
    Options ExecCGI

    AuthType Basic
    AuthName "Authentication required"
    AuthBasicProvider dbd
    AuthDBDUserPWQuery "SELECT password FROM mailbox WHERE username = %s AND isglobaladmin=1 LIMIT 1"

    Require valid-user
    # Require all granted
</Directory>

If I uncomment Require all granted, I get no prompt for authorization. It is pretty much open to the world. If I leave it as shown I am prompted for a username and password but the credentials for the global admin don't work. I have verified the postmaster@server.domain.com is a valid account and the password works.

↧

External server problem

February 16, 2017, 1:19 pm

≫ Next: Re: iRedAPD not start!

≪ Previous: Re: AWStats does not have any data

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
================ Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Linux/BSD distribution name and version: centos 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? NO
- Related log if you're reporting an issue:

Hi, a lot of our customers which have e-mail accounts on our server want to use MailChimp along with our services. This causes several issues - if example email contact@domain.pl exists on our iredmail based server and the domain contains both our and mailichimp SPF records it causes message dropping with an error "Sender address rejected: not logged in" . As there are many companies that provides bulk e-mail sending on the same basis it causes this problem very significant. Could you please provide us with solution or point us in the right direction to resolve the issue?

↧

Re: iRedAPD not start!

February 16, 2017, 5:02 pm

≫ Next: Re: Gmail saying email is unencrypted on Fresh iRedMail Install

≪ Previous: External server problem

Is iRedAPD working now after restarted?

dudd wrote:

Feb 16 14:46:56 mail2 abrtd: Directory 'pyhook-2017-02-16-14:46:56-31702' creation detected Feb 16 14:46:56 mail2 abrtd: Executable '/opt/iredapd/iredapd.py' doesn't belong to any package and ProcessUnpackaged is set to 'no'
Feb 16 14:46:56 mail2 abrtd: 'post-create' on '/var/spool/abrt/pyhook-2017-02-16-14:46:56-31702' exited with 1 Feb 16 14:46:56 mail2 abrtd: Deleting problem directory '/var/spool/abrt/pyhook-2017-02-16-14:46:56-31702'

Why "/var/spool/abrt" is involved in iredapd issue?

↧

Re: Gmail saying email is unencrypted on Fresh iRedMail Install

February 16, 2017, 5:05 pm

≫ Next: Re: I need to uninstall and reinstall Letsencrypt on my Iredmail server

≪ Previous: Re: iRedAPD not start!

someting wrote:

Maybe these settings need to be changed in master.cf to allow for the server to server smtp encryption?

"smtp_tls_security_level = may" in main.cf should be enough.

You cannot force to use encryption between servers -- if the other side doesn't have TLS support, the smtp session will fail.

↧

Re: I need to uninstall and reinstall Letsencrypt on my Iredmail server

February 16, 2017, 5:07 pm

≫ Next: Re: Users cannot receive mail from same domain

≪ Previous: Re: Gmail saying email is unencrypted on Fresh iRedMail Install

Dont use the "--apache" option, try '--webroot' instead.

↧

Re: Users cannot receive mail from same domain

February 16, 2017, 5:08 pm

≫ Next: Re: AWStats does not have any data

≪ Previous: Re: I need to uninstall and reinstall Letsencrypt on my Iredmail server

Any related error in both Postfix and Dovecot log files?

You may need to enable debug mode in Dovecot to get more detailed error:
http://www.iredmail.org/docs/debug.dovecot.html

↧

Re: AWStats does not have any data

February 16, 2017, 5:10 pm

≫ Next: Re: External server problem

≪ Previous: Re: Users cannot receive mail from same domain

gargoyle_ir wrote:

If I uncomment Require all granted, I get no prompt for authorization.

Did you use both "require valid-user" and "require all granted"? You must enable one and disable the other.

↧

Re: External server problem

February 16, 2017, 5:23 pm

≫ Next: Re: Gmail saying email is unencrypted on Fresh iRedMail Install

≪ Previous: Re: AWStats does not have any data

fisher006 wrote:

error "Sender address rejected: not logged in"

Add a new parameter in iRedAPD config file /opt/iredapd/settings.py like this:

ALLOWED_FORGED_SENDERS = ['user@mydomain.com', 'mydomain.com']

After restarted iredapd service, if someone else sends email with specified sender or sender domain as "From:" address, iRedAPD will not reject it.

↧

Re: Gmail saying email is unencrypted on Fresh iRedMail Install

February 16, 2017, 10:49 pm

≫ Next: Re: Gmail saying email is unencrypted on Fresh iRedMail Install

≪ Previous: Re: External server problem

ZhangHuangbin wrote:

if the other side doesn't have TLS support, the smtp session will fail.

Yes, since Gmail does have TLS support - it must be me and it is. A lookup for my certificate on port 993 - it shows my certificate is there. Port 443 - my certificate is there.

But when I looked up my certificates on port 587 - the tls sending port, it shows there isn't any certificate!

Explains why the emails aren't encrypting.

It must be postfix controlling this I assume. The only settings I changed in postfix were in main.cf -- the inet_protocols to ipv4 and three tls settings:

smtpd_tls_key_file = /etc/letsencrypt/live/mail.examplexx.com/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.examplexx.com/cert.pem
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.examplexx.com/chain.pem

Is there something else I can change to get port 587 to use the certificate?

↧