Quantcast
Channel: iRedMail
Viewing all 45763 articles
Browse latest View live

Re: DKIM Signing not work on Ubuntu 18.04.1 with Thunderbird or K9(Fixed!)

0
0

Thank you for your reply, I did get it working. So what I decided to do was just build another VM side by side, same everything. During my first install the iRedMail installer could not download from SOGo from the repository. APT was trying to install a version that was not there. I went to the url and installed the deb packages manually and ran the script which seemed to work fine. However, the DKIM signing wasn't working. Given all the variables, I thought....might as well go with a fresh VM.

So what I did. After I used your method to update Amavis, I created one domain / email address. I sent a test email to gmail, DKIM passed. Okay that was good. So I created one more domain / email.

I opened up /etc/amavis/conf.d/50-users and edited the file. I applied the concept of "Use one DKIM key for all mail domains" and restarted amavis. I created the TXT record for the new domain and verified with dig that everything was good and sent a test email to gmail.

Both emails from either domain showed "dkim=none" in the headers. So that narrowed it down further. It was perhaps a syntax issues. I then removed "the-new-domain" from /etc/amavis/conf.d/50-user and restarted amavis. Gmail was now showing dkim=pass from the initial email domain I created.

So what I ended up doing was creating a dkim key for each domain and editing the "50-user" conf file accordingly. Each domain sends from SOGo and Roundcube with a dkim=pass.

I am not sure why the one key for all domains did not work. I used the method outlined in documentation.

So this is my edited section of my 50-user conf:

# Add dkim_key here.
dkim_key('domain1.com', 'dkim', '/var/lib/dkim/domain1.com.pem');
dkim_key('domain2.com', 'dkim', '/var/lib/dkim/domain2.com.pem');
dkim_key('domain3.com', 'dkim', '/var/lib/dkim/domain3.com.pem');

@dkim_signature_options_bysender_maps = ({
    # 'd' defaults to a domain of an author/sender address,
    # 's' defaults to whatever selector is offered by a matching key

    # Per-domain dkim key
    'domain1.com' => {d => 'domain1.com', a => 'rsa-sha256', ttl => 30*24*3600 },
    'domain2.com' => {d => 'domain2.com', a => 'rsa-sha256', ttl => 30*24*3600 },
    'domain3.com' => {d => 'domain3.com', a => 'rsa-sha256', ttl => 30*24*3600 },
   
    # catch-all (one dkim key for all domains)
});

I guess the next big test will be to see if "ORIGINATION" is working when I send some test emails from my android or my desktops webmail client... Fingers crossed!

PS. Slick fix on the Amavis update. I am adding that to my notes. I didn't even think of that.


Re: DKIM Signing not work on Ubuntu 18.04.1 with Thunderbird or K9(Fixed!)

0
0

Congratulations on getting it to work.  Not sure why you had to create additional keys.  I have just started experimenting with  multiple domains and I chose to go with separate keys so I did not run into this issue.   Also the same I am glad you got it working.

Re: DKIM Signing not work on Ubuntu 18.04.1 with Thunderbird or K9(Fixed!)

0
0
Jef7 wrote:

Congratulations on getting it work.  Not sure why you had create additional keys.  I have just started experimenting with  multiple domains and I chose to go with separate keys so I did not run into this issue.   Also the same I am glad you got it working.


It was really driving me crazy. ....until our next great adventure! THNX!

Re: Mailing list bcc/ccn problem

0
0

I'll take a look.
Thanks

Re: connection refused

0
0

How to you connect "from another IP"? Mail client (which one) , testing with telnet, another mailserver?
How many "client errors" do you which to be allowed?

Have you changed any value for smtp_errors?
compare the actual settings with changed values
# postconf  |grep smtpd |grep error 
with
postconf -n |grep smtpd |grep error

Are your "other IP" banend in fail2ban? Check
# iptables -L f2b-postfix

SOGo capable of CardDAV subscription?

0
0

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): current
- Linux/BSD distribution name and version: CentOS 7.5
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? not yet
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi IRM Users and Admins!

I've got a third party system providing access to hosted address books by CardDAV.

Thunderbird is able to subscribe to these address books by CardDAV links.

My question is: Is SOGo also able to bind to them?

Thank you very much!

BR,
Irma

Re: connection refused

0
0
swejun wrote:

How to you connect "from another IP"? Mail client (which one) , testing with telnet, another mailserver?
How many "client errors" do you which to be allowed?

Have you changed any value for smtp_errors?
compare the actual settings with changed values
# postconf  |grep smtpd |grep error 
with
postconf -n |grep smtpd |grep error

Are your "other IP" banend in fail2ban? Check
# iptables -L f2b-postfix



I want this IP to never get blocked and I connected using smtp the error was that the"from" mail was different than that of the usermail.
No I didn't change any values

Re: Mailing list bcc/ccn problem

0
0

It doesn't work for me.
REPLY or REPLY all it automatically replies to MAILLIST ID not the sender's email ID from where the email came.
I've reboot the server not only services.


Re: Sort domains by alphabet is bugged when having relay domains

0
0

Thanks, gonna wait for the next release tho smile

Re: Mailing list bcc/ccn problem

0
0

You need mail alias account instead of mailing list account. try steps below to create a testing account and evaluate whether it's what you want:

- Login to iRedAdmin-Pro
- click "Add -> Mail Alias"

Re: SOGo capable of CardDAV subscription?

0
0
irma wrote:

My question is: Is SOGo also able to bind to them?

What do you mean "bind to them"?

Re: Antispam policy

Re: Mailing list bcc/ccn problem

0
0
ZhangHuangbin wrote:

You need mail alias account instead of mailing list account. try steps below to create a testing account and evaluate whether it's what you want:

- Login to iRedAdmin-Pro
- click "Add -> Mail Alias"

But user cannot unsubscribe from ML, and the ML cannot update by owner, just only from domain admin correct?

Configure DKIM and DMARC

0
0

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Linux/BSD distribution name and version: Ubuntu  16.0.4 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mariadb
- Web server (Apache or Nginx):nginx
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,

Is there a way to configure dkim + dmarc for the postfix service?

Best/ Yigal

Re: connection refused

0
0

So...., smtp is compulsory, i guess,  since it is a mail server..., but I mean what is producing the SMTP protocol to connect to your mail server?
1) a mail client (Thunderbird, OSX mail, Outlook, ...) with one of your mail users trying to send e-mail
2) a remote mail server trying  send e-mail to a local user
3) manual testing SMTP using "telnet  mail.server.ip 25"

Depending on the above, the approach to allow differs.
If it is 1), use SASL login on port 587 instead of port 25 without login.

If it is 3), the reasons for failing is that you send "ehlo" command to quickly. Wait a couple of seconds after connecting befor sending the ehlo command.

If it is 2), please provide logfiles that proves this.
a)First there is the Client connect name ( the name that the sending mailserver provides in the EHLO message),
b)then there is the Mail Envelope  MAIL_FROM, (which translates to mail header REPLY_TO)
c)and then the Mail Header FROM (what the mail client displays as FROM)
Which ones in combinations do you think the receiving mailserver rejects?
Please give examples

The a) check can bounce if the sending mail server doesnt provide a FQDN name matching the IP address
It can also bounce if the IP is listed in some black lists over known spammers
The b) check can bounce if the MAIL FROM address is not a valid mail address, non existing domain etc.
The c) check is normally not available, must be done in SpamAssassin rules.


Re: Configure DKIM and DMARC

Re: recovered - 1m ipv4 tcp listen drops - ipv4.tcplistenissues

0
0
ZhangHuangbin wrote:

It's safe to ignore this. "netdata" monitor is too sensitive.

Hi Zhang
Do you know if there's some way we can adjust the thresholds or disable them outright? I'm getting in the region of 40 notifications a day for critical/recovered events on a new iRedMail deployment...
Thanks

Re: SOGo capable of CardDAV subscription?

0
0

Like Thunderbird being able to use SOGo calendar by CalDAV, SOGo should be able to "import" address books (aka contacts) by CardDAV from the third party application.

Sample LDIF file of SOGo resource for IRM LDAP

0
0

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): current
- Linux/BSD distribution name and version: CentOS 7.5
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? not yet
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi IRM Users and Admins!

We would like to use resources (e.g. meeting rooms) in IRM/SOGo.

I guess that I followed correctly the guide at http://wiki.sogo.nu/ResourceConfiguration when I copied

calentry.schema
calentry-schema.ldif
calresource.schema
calresource-schema.ldif

to /etc/openldap/schema and inserted the lines

include     /etc/openldap/schema/calentry.schema
include     /etc/openldap/schema/calresource.schema

to /etc/openldap/slapd.conf

Having restarted the slapd service, the objectClasses and attributes were available.

My question is now:

Is there an example ldif file of a SOGo resource for iRedMail LDAP server?

I would like to have the minimum set of objectClasses and attributeTypes, of course including all required enabledServices.

My current resource's ldif file looks like the attached.

Thank you very much!

BR
Irma

Re: Sample LDIF file of SOGo resource for IRM LDAP

0
0

Doesn't seem that the file has been attached.

This is the content:

########################################################################
dn: mail=meetingroom@mycompany.com,ou=Users,domainName=mycompany.com,o=domains,dc=mycompany,dc=com
mail: meetingroom@mycompany.com
mailQuota: 1048576
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: mailUser
objectClass: shadowAccount
objectClass: amavisAccount
objectClass: person
objectClass: posixAccount
objectClass: top
storageBaseDirectory: /data/mboxes
enabledService: indexer-worker
enabledService: doveadm
enabledService: dsync
enabledService: shadowaddress
enabledService: displayedInGlobalAddressBook
enabledService: mail
enabledService: forwarding
enabledService: deliver
enabledService: lda
enabledService: lmtp
enabledService: smtp
enabledService: smtpsecured
enabledService: imap
enabledService: imapsecured
enabledService: imaptls
enabledService: managesieve
enabledService: managesievesecured
enabledService: sogo
enabledService: sieve
enabledService: sievesecured
enabledService: forward
enabledService: senderbcc
enabledService: recipientbcc
enabledService: internal
enabledService: lib-storage
amavisLocal: TRUE
accountStatus: active
shadowLastChange: 0
mailHost: localhost
cn: Meetingroom
gidNumber: 2104
homeDirectory: /data/mboxes/vmail1/mycompany.com/meetingroom/
mailMessageStore: vmail1/mycompany.com/meetingroom/
loginShell: /sbin/nologin
sn: Meetingroom
uid: meetingroom
uidNumber: 2104
userPassword: {CRYPT}$6$ncaXAOch$FuQ9weAfqMUvbKlsam2X/e13t0cIMrnvz/S7q/XqrWq4xyK
OigNGjMPYuvBvzVYrZRJPEUPatnFlHx5rhz74O1
displayName: Meetingroom

Viewing all 45763 articles
Browse latest View live




Latest Images