Well, after lot's of access and ownership manipulation, I got the plugin installer to do something.
Of course now the roundcube web frontend is no longer working so yay.
What's the best way to get roundcube back to the way it was from the installation?
Hi.
we need som more information to help.
1) check that the certificates (CA intermediate, public and private key files ) have the correct ownership and mode
The private key file should be 0400 and the public key + CA cert can be 0644, and owned by root:root
2) check the config with
postconf | grep -i TLS
3) systemctl status postfix
4) telnet localhost 25
ehlo testing
check that the server responds with "250-STARTTLS"
5) When running the "openssl s_client" command, and the debug switch as
openssl s_client -connect localhost:25 -starttls smtp -debug
/ Regards I
If you have set reject_sender_login_mismatch plugin activated then it will not allow such emails.
https://docs.iredmail.org/manage.iredapd.html
And another note: one has to be very carefull when modifying the smtpd_helo_restrictions. The lines are evaluated in order top to down. So in Your case, you first reject "reject_non_fqdn_helo_hostname" and then "permit_sasl_authenticated". I would perhaps do it the other way around, to allow what ever hostname as long as they can log in using SASL, and then reject. But that's really up to Your environment to figure out what fits the best.
Regards,Yes I know the order and how it works, but if you want to stop majority of mismatching hosts that is the first point which will stop them. However in my case it is working flawlessly.
OK, fine with me.
For those of You finding this discusion later on:
Adding
reject_non_fqdn_helo_hostname
before
permit_sasl_authenticated
permit_mynetworks
effectivly drops any connections from misconfigured IMAP email clients (in the SMTP sending phase). If they dont send the FQDN in te EHLO phase, they are rejected.
If you are only using Roundcube/SOGo Web GUI, then you are fine.
The Postfix foras (elsewhere) shows various examples how to configure this, and the implications it might have.
Also check http://www.postfix.org/SMTPD_ACCESS_README.html
The evaluation order of the postfix access restriction lists are:
client, helo, sender, relay, recipient, data, or end-of-data
As soon as a restriction states REJECT or DEFER, the rest of the restriction lists are skipped. Thats why having a "PERMIT" statement in the top works like a white listening, for the more restrictive REJECT statements later on.
So in short: smtp_sender_restrictions are evaluated AFTER smtp_helo-retrictions (correct me if I'm wrong)
brgrds, I
[root@victoria ~]# postconf smtpd_helo_restrictions
smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated check_helo_access pcre:/etc/postfix/helo_access.pcre reject_non_fqdn_helo_hostname reject_unknown_helo_hostname
Please show me output of command:
postconf smtpd_helo_restrictions
[root@victoria ~]# postconf smtpd_helo_restrictions
smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated check_helo_access pcre:/etc/postfix/helo_access.pcre reject_non_fqdn_helo_hostname reject_unknown_helo_hostname
When i am in the profile page of the user panagiotis@iccs.gr i can only see the mail aliases of iccs.gr (and not the mail aliases of its-hellas.gr)
Bug confirmed.
Whenever, i press save changes in the profile page of panagiotis@iccs.gr, he is removed from the email aliases of its-hellas.gr
I cannot reproduce this one.
Sorted issue of reply to address by commenting 'Reply-To': '%(mail)s', field:
File:
/opt/mlmmjadmin/libs/default_settings.py
MLMMJ_DEFAULT_CUSTOM_HEADERS = {
'Precedence': 'list',
'X-Mailing-List': '%(mail)s',
#'Reply-To': '%(mail)s',
'List-Subscribe': '<mailto:%(listname)s+subscribe@%(domain)s?subject=Subscribe>',
'List-Unsubscribe': '<mailto:%(listname)s+unsubscribe@%(domain)s?subject=Unsubscribe>',
#'List-Help': '<mailto:%(listname)s+help@%(domain)s?subject=help>',
#'List-Owner': '<mailto:%(listname)s+owner@%(domain)s>',
}Amavisd and postfix settings look fine. Try this: Run SQL commands below as mysql root user:
USE amavisd; TRUNCATE quarantine; TRUNCATE msgrcpt; TRUNCATE msgs; TRUNCATE maddr;Then wait for new inbound/outbound email and check iRedAdmin-Pro Dashboard again.
I have the same problem (under Debian 9) and followed the instructions to this point with similar output, sadly it didn't help me. Top senders and recipients are still empty.
Do you ave any further ideas for me?
Regards
Jobu
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Linux/BSD distribution name and version: Debian GNU/Linux 7 (wheezy)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? NO
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hi!
When I start maillist_admin.py constantly get the error.
Example:
/opt/mlmmjadmin/tools# python maillist_admin.py create list@mydomain.xxx
Traceback (most recent call last):
File "maillist_admin.py", line 135, in <module>
_json = r.json()
TypeError: 'dict' object is not callable
or
/opt/mlmmjadmin/tools# python maillist_admin.py info list@mydomain.xxx
Traceback (most recent call last):
File "maillist_admin.py", line 119, in <module>
_json = r.json()
TypeError: 'dict' object is not callable
Is mlmmjadmin service running?
It depends on what changes you have made.
You can set ownership of roundcube to root and inside of it logs and temp folder rights to nginx / apache.
config.inc.php file should also need permission to nginx / apache only 0600.
Provide more logs or errors that you are facing.
are you upgrading to iRedMail-Pro?
You just need to
cd iRedAdmin-Pro-<VERSION>/tools/
bash upgrade_iredadmin.shmay be this can change the ML sender reply-to ID, it looks like the same issue I faced.
https://forum.iredmail.org/post65719.html#p65719
and restart mlmmjadmin service
When i am in the profile page of the user panagiotis@iccs.gr i can only see the mail aliases of iccs.gr (and not the mail aliases of its-hellas.gr)
This bug has been fixed in development edition of iRedAdmin-Pro, will be available in next release soon.
OK, fixed it in mlmmjadmin and release mlmmjadmin-1.7:
https://github.com/iredmail/mlmmjadmin/releases
You're looking for iRedMail, please download it here: https://www.iredmail.org/download.html
@jobu,
Please show us output of MySQL commands below:
USE amavisd;
DESC maddr;NOQUEUE: reject: RCPT from mail.diamondtrust.co.tz[41.221.53.90]: 450 4.7.1 <esa1.diamondtrust.co.tz>: Helo command rejected: Host not found; from=<prvs=807f07e8f=test@diamondtrust.co.tz> to=<test@eatv.tv> proto=ESMTP helo=<esa1.diamondtrust.co.tz>
Add line below in file /etc/postfix/helo_access.pcre should fix this rejection:
/^eas1\.diamondtrust\.co\.tz$/ OKAdding
reject_non_fqdn_helo_hostname
before
permit_sasl_authenticated
permit_mynetworks
effectivly drops any connections from misconfigured IMAP email clients (in the SMTP sending phase). If they dont send the FQDN in te EHLO phase, they are rejected.
We put "reject_non_fqdn_helo_hostname" after "permit_sasl_authenticated" (and "permit_mynetworks") on purpose. Because many Windows OS use non-fqdn hostname, so we need to bypass them if they successfully performed smtp auth.
I think your change will cause the issue.
Any ideas on this Zhang? I *really* need to get this working properly very soon.
Craig
