Re: is there possible to setup multiserver in iredmail

December 6, 2018, 11:13 pm

≫ Next: Black- and whitelisted senders missing

≪ Previous: Re: Too_Many_Redirects Errors when accessing https://mail.company.com

ZhangHuangbin wrote:

napoleon.lam wrote:
Dec 6 15:31:58 ct-mailsitesTX postfix/lmtp[1392]: connect to 10.8.0.154[10.8.0.154]:24: No route to host
It's like a network issue, not iRedMail configuration.
Can you connect to port 24 with tool like 'telnet' on localhost, AND from another server (A to B, B to A)?

I have learned that the setup is other else to have it worked.
it just configure the right setting on relay. no need to involved lmtp

Thanks Zhang for your support.

↧

Black- and whitelisted senders missing

December 6, 2018, 11:50 pm

≫ Next: Password length not being enforced

≪ Previous: Re: is there possible to setup multiserver in iredmail

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Linux/BSD distribution name and version: CentOS 7.5
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL (MariaDB)
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro?: Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi Zhang,

The logs in iRedAdmin-Pro show entries like this for a domain admin:

2018-12-06 15:07:15     user@myserver.example.com     1.2.3.4     Add whitelists for @myserver.example.com: @.yahoo.com.

If I navigate (as postmaster user) to System -> Anti Spam -> Whitelists & Blacklists I do not see @.yahoo.com listed.

If I navigate to Domains and Accounts -> usersdomain.com -> White/Blacklist, all four boxes are empty.

If I log in as the user and navigate to Domains and Accounts -> usersdomain.com -> White/Blacklist, all four boxes are empty.

The user is complaining that he has whitelsited yahoo.com, but emails from yahoo.com addresses are still being caught in the quarantine.

Why is this?

Craig

↧

Password length not being enforced

December 7, 2018, 12:29 am

≫ Next: Re: Password length not being enforced

≪ Previous: Black- and whitelisted senders missing

Hi Zhang,

It's unclear to me from https://docs.iredmail.org/iredadmin-pro … olicy.html which "settings.py" file I should edit to set minimum and maximum password lengths. This is what I have on my system:

[08:14:31 root@server ~]# grep passwd_length /var/www/iRedAdmin-0.9/settings.py
#   - min_passwd_length: 0 means unlimited, but at least 1 character
#   - max_passwd_length: 0 means unlimited.
min_passwd_length = 8
max_passwd_length = 0
[08:15:41 root@server ~]# grep passwd_length /var/www/iRedAdmin-Pro-SQL-2.9.0/settings.py
#   - min_passwd_length: 0 means unlimited, but at least 1 character
#   - max_passwd_length: 0 means unlimited.
min_passwd_length = 12
max_passwd_length = 0
[08:15:45 root@server ~]#

In iRedAdmin-Pro I set up every new domain as follows under "Advanced" settings for the domain:

* Minimum password length: 12
* Maximum password length: 0

However, any user can change the minimum password length to 4, for example, defeating the purpose of setting a server-wide minimum!

Also, when I try to change the maximum to 0 (for unlimited), when I click "Save changes" the page reloads with the same old value in the box.

What am I doing wrong? Which "settings.py" file should I be using? And why are the setting in "settings.py" not working?

Before writing this post I ran

systemctl restart uwsgi

to make sure everything was properly set.

Craig

↧

Re: Password length not being enforced

December 7, 2018, 12:39 am

≫ Next: cant email to myself from IMAP client

≪ Previous: Password length not being enforced

As an ordinary user I even tried setting the minimum password length to 1, and it works! Scary!

↧

cant email to myself from IMAP client

December 7, 2018, 3:55 am

≫ Next: rsyslog

≪ Previous: Re: Password length not being enforced

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Linux/BSD distribution name and version: Ubuntu 16 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): Mysql
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No - But thinking we will - easier.. :-)
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

This is the setup.

Public IP>>firewall/SMTP Proxy>>iredmail server (10.100.100.70)

The private internal IP of the firewall/proxy is 10.100.100.1

If we connect to sogo front end, either via the private IP of the iredmail server(https://10.100.100.70/sogo/, on the local LAN OR connecting to sogo via the public IP (through the firewall), we can send and receive email no problem to external and internal accounts. (by internal i mean emailing to myself or another user setup on iredmail)

However, if we use an IMAP client (mac mail) that connects to the iredmail server on its private IP (10.100.100.70)

We get a bounceback if we try to email ourselves or another user on iredmail server.

The error we WERE getting yesterday was an SMTP AUTH error, shown below. (The sogo client was ok, just the IMAP client was failing)

Dec 6 16:13:00 host1 postfix/postscreen[12198]: CONNECT from [10.100.100.1]:53738 to [10.100.100.70]:25
Dec 6 16:13:00 host1 postfix/postscreen[12198]: PASS OLD [10.100.100.1]:53738
Dec 6 16:13:00 host1 postfix/smtpd[12199]: connect from unknown[10.100.100.1]
Dec 6 16:13:00 host1 postfix/smtpd[12199]: Anonymous TLS connection established from unknown[10.100.100.1]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Dec 6 16:13:00 host1 postfix/smtpd[12199]: NOQUEUE: reject: RCPT from unknown[10.100.100.1]: 554 5.7.1 <accounts@voiprofessional.com>: Recipient address rejected: SMTP AUTH is required for users under this sender domain; from=<accounts@voiprofessional.com> to=<accounts@voiprofessional.com> proto=ESMTP helo=<mail2.santoratech.com>
Dec 6 16:13:00 host1 postfix/smtpd[12199]: disconnect from unknown[10.100.100.1] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8

However today the problem has gone away...we have no idea why.

Generally if you can send ok from the web client (sogo) but an IMAP client connecting to the iredmail server directly fails, is this really an imap client issue only, or a iredmail issue? (just for future reference)

BTW MX records, DNS all seem to be ok, as the webmail client works ok, so i figured i can rule that out.
Sorry for the strange question, but any help or advice is appreciated. thanks

Here is a log of sending using webmail client sogo: working.

Dec 7 11:21:30 host1 postfix/postscreen[28410]: CONNECT from [127.0.0.1]:47398 to [127.0.0.1]:25
Dec 7 11:21:30 host1 postfix/postscreen[28410]: WHITELISTED [127.0.0.1]:47398
Dec 7 11:21:30 host1 postfix/smtpd[28413]: connect from localhost[127.0.0.1]
Dec 7 11:21:30 host1 postfix/smtpd[28413]: CD975540608: client=localhost[127.0.0.1]
Dec 7 11:21:30 host1 postfix/cleanup[28424]: CD975540608: message-id=<65d-5c0a5780-3-635d8900@182014036>
Dec 7 11:21:30 host1 postfix/qmgr[2379]: CD975540608: from=<accounts@voiprofessional.com>, size=962, nrcpt=1 (queue active)
Dec 7 11:21:30 host1 postfix/smtpd[28413]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Dec 7 11:21:43 host1 postfix/10025/smtpd[28738]: connect from localhost[127.0.0.1]
Dec 7 11:21:43 host1 postfix/10025/smtpd[28738]: 207A254060C: client=localhost[127.0.0.1]
Dec 7 11:21:43 host1 postfix/cleanup[28424]: 207A254060C: message-id=<65d-5c0a5780-3-635d8900@182014036>
Dec 7 11:21:43 host1 postfix/qmgr[2379]: 207A254060C: from=<accounts@voiprofessional.com>, size=2069, nrcpt=1 (queue active)
Dec 7 11:21:43 host1 postfix/10025/smtpd[28738]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Dec 7 11:21:43 host1 amavis[14917]: (14917-03) Passed CLEAN {RelayedInternal}, MYNETS LOCAL [127.0.0.1]:47398 <accounts@voiprofessional.com> -> <accounts@voiprofessional.com>, Queue-ID: CD975540608, Message-ID: <65d-5c0a5780-3-635d8900@182014036>, mail_id: ybdyVCgVDHHz, Hits: -0.999, size: 962, queued_as: 207A254060C, dkim_new=dkim:globecastmt.com, 12255 ms, Tests: [ALL_TRUSTED=-1,HTML_MESSAGE=0.001]
Dec 7 11:21:43 host1 postfix/amavis/smtp[28431]: CD975540608: to=<accounts@voiprofessional.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=12, delays=0.09/0/0.01/12, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 207A254060C)
Dec 7 11:21:43 host1 postfix/qmgr[2379]: CD975540608: removed
Dec 7 11:21:43 host1 postfix/pipe[28739]: 207A254060C: to=<accounts@voiprofessional.com>, relay=dovecot, delay=0.04, delays=0/0.02/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
Dec 7 11:21:43 host1 postfix/qmgr[2379]: 207A254060C: removed

Here is a log using an IMAP client: working today.

Dec 7 11:22:23 host1 postfix/postscreen[28410]: CONNECT from [10.100.100.1]:57476 to [10.100.100.70]:25
Dec 7 11:22:23 host1 postfix/postscreen[28410]: PASS OLD [10.100.100.1]:57476
Dec 7 11:22:23 host1 postfix/smtpd[28413]: connect from unknown[10.100.100.1]
Dec 7 11:22:23 host1 postfix/smtpd[28413]: Anonymous TLS connection established from unknown[10.100.100.1]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Dec 7 11:22:23 host1 postfix/smtpd[28413]: BFB17540608: client=unknown[10.100.100.1]
Dec 7 11:22:23 host1 postfix/cleanup[28424]: BFB17540608: message-id=<9EBF77EB-88C9-4E3B-BF35-09644E341839@voiprofessional.com>
Dec 7 11:22:23 host1 postfix/qmgr[2379]: BFB17540608: from=<accounts@voiprofessional.com>, size=1065, nrcpt=1 (queue active)
Dec 7 11:22:23 host1 postfix/smtpd[28413]: disconnect from unknown[10.100.100.1] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Dec 7 11:22:23 host1 postfix/10025/smtpd[28738]: connect from localhost[127.0.0.1]
Dec 7 11:22:23 host1 postfix/10025/smtpd[28738]: E981454060C: client=localhost[127.0.0.1]
Dec 7 11:22:23 host1 postfix/cleanup[28424]: E981454060C: message-id=<9EBF77EB-88C9-4E3B-BF35-09644E341839@voiprofessional.com>
Dec 7 11:22:23 host1 postfix/10025/smtpd[28738]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Dec 7 11:22:23 host1 postfix/qmgr[2379]: E981454060C: from=<accounts@voiprofessional.com>, size=1574, nrcpt=1 (queue active)
Dec 7 11:22:23 host1 amavis[14915]: (14915-05) Passed CLEAN {RelayedInbound}, [10.100.100.1]:57476 <accounts@voiprofessional.com> -> <accounts@voiprofessional.com>, Queue-ID: BFB17540608, Message-ID: <9EBF77EB-88C9-4E3B-BF35-09644E341839@voiprofessional.com>, mail_id: AxxyNRSTJVqr, Hits: -1, size: 1065, queued_as: E981454060C, 167 ms, Tests: [ALL_TRUSTED=-1]
Dec 7 11:22:23 host1 postfix/amavis/smtp[28431]: BFB17540608: to=<accounts@voiprofessional.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.19, delays=0.02/0/0/0.17, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as E981454060C)
Dec 7 11:22:23 host1 postfix/qmgr[2379]: BFB17540608: removed
Dec 7 11:22:23 host1 postfix/pipe[28739]: E981454060C: to=<accounts@voiprofessional.com>, relay=dovecot, delay=0.04, delays=0/0.01/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
Dec 7 11:22:23 host1 postfix/qmgr[2379]: E981454060C: removed

We did the following actions yesterday based on the docs. Can you tell me if this is ok or bad?

1.to add the smtp proxy to the whitelist, and checked using:

python /opt/iRedAPD-2.2/tools/wblist_admin.py --add --whitelist 10.100.100.1

python /opt/iRedAPD-2.2/tools/wblist_admin.py --list --whitelist
* Establishing SQL connection.
* List all inbound whitelist for account: @.
/usr/lib/python2.7/dist-packages/pymysql/cursors.py:158: Warning: '@@tx_isolation' is deprecated and will be removed in a future release. Please use '@@transaction_isolation' instead
result = self._query(query)
10.100.100.1

We also added the following to the /opt/iredmail/settings.py file

# Steve Added to try to stop the following error:
# "Recipient address rejected: SMTP AUTH is required for users under this sender domain"
MYNETWORKS = ['10.100.100.1']

So to be clear, today it seems emails are all working now, but we don't know why they were not before.

Thank you so much..

↧

rsyslog

December 7, 2018, 4:02 am

≫ Next: Re: Spam checking

≪ Previous: cant email to myself from IMAP client

I would like to configure the server to send the maillog to rsyslog which then puts the log entries in a MySQL database, making it easier to write application to continuously analyze it for blacklisting or other problems.

I noticed that rsyslog has been configured but I can't figure out is anything is enabled

Can I fiddle with rsyslog (like removing and starting from scratch) without messing with the iRedMail and iRedAdmin installation?

↧

Re: Spam checking

December 7, 2018, 4:38 am

≫ Next: Re: user is removed from mail alias for no apparent reason

≪ Previous: rsyslog

ZhangHuangbin wrote:

OK, here's a quick solution: add line below in Amavisd config file (better at the bottom of config file to avoid unexpected overwritten), then restart amavisd service:
$log_templ = $log_verbose_templ;

I had already tried that, still no output in the log.

↧

Re: user is removed from mail alias for no apparent reason

December 7, 2018, 5:14 am

≫ Next: Re: Spam checking

≪ Previous: Re: Spam checking

ZhangHuangbin wrote:

martin.rott wrote:
EDIT: to the primary question in this thread, I see there almost similar pattern in user SQL library - the SQL queries are totally unaware of the mail domain under which the user belongs, couldn't be this the root cause?
The logic is slightly different than removing a domain, you just remove one user, but the domain is still hosted on your server. So we should remove this user from forwarding destination. isn't it?
?

From admin point of view is better to keep the domains separated - and, moreover, what about users doing self-service? Again, possibly dangerous behavior, there were reasons for creating that forwarding before, it shouldn't dissapear without notice..

Example:
I host 2 domains, one has a large mailing list where are people from both domains, moderators of the list have to be notified about user disappearing from the list. Keep the forwarding, send the bounce, don't invent sending moderators notification emails about user deletion in mailing list they moderate..

smile

↧

Re: Spam checking

December 7, 2018, 5:36 am

≫ Next: Re: rsyslog

≪ Previous: Re: user is removed from mail alias for no apparent reason

Even restart Amavisd service doesn’t help?
That’s weird enough. No clue yet. sad
I suggest posting to Amavisd mailing list to get some help.

↧

Re: rsyslog

December 7, 2018, 5:38 am

≫ Next: Re: cant email to myself from IMAP client

≪ Previous: Re: Spam checking

I suppose you can simply add new rule for “mail.*” for this purpose?

↧

Re: cant email to myself from IMAP client

December 7, 2018, 5:45 am

≫ Next: Re: Password length not being enforced

≪ Previous: Re: rsyslog

steve888 wrote:

MYNETWORKS = ['10.100.100.1']

this setting is the key. smile

↧

Re: Password length not being enforced

December 7, 2018, 5:49 am

≫ Next: Re: is there possible to setup multiserver in iredmail

≪ Previous: Re: cant email to myself from IMAP client

Did you change password in iRedAdmin-Pro self-service or Roundcube/SOGo? They are not related, iRedAdmin-Pro settings does not affect Roundcube and sogo.

↧

Re: is there possible to setup multiserver in iredmail

December 7, 2018, 5:53 am

≫ Next: Re: greylisting problem

≪ Previous: Re: Password length not being enforced

Would you mind sharing your working solution?

↧

Re: greylisting problem

December 7, 2018, 6:05 am

≫ Next: Re: Black- and whitelisted senders missing

≪ Previous: Re: is there possible to setup multiserver in iredmail

如果是托管的邮箱，使用 /opt/iredapd/tools/spf_to_greylist_whitelists.py 将它的域名添加进去即可。
另外也让你的客户添加 SPF dns 记录。

↧

Re: Black- and whitelisted senders missing

December 7, 2018, 6:14 am

≫ Next: Duplicate emails in Outlook

≪ Previous: Re: greylisting problem

I'm a little confused with your real email domain name and the log:

- The log shows whitelist was added for your local mail domain "@myserver.example.com". So this is a per-domain whitelist (for "@myserver.example.com").
- You mentioned domain name is "usersdomain.com", i suppose what you mean is "example.com" which is parent domain of "myserver.example.com"? If yes, then this is not matched.

What i want to know is:

- Show me the domain name in log in correct format (the @myserver.example.com).
- Show me the domain name you checked in iRedAdmin-Pro.
- How can i reproduce this issue step-by-step?

↧

Duplicate emails in Outlook

December 7, 2018, 11:45 am

≫ Next: Re: Password length not being enforced

≪ Previous: Re: Black- and whitelisted senders missing

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): iRedMail-0.9.8
- Linux/BSD distribution name and version: CentOS Linux release 7.5.1804 (Core)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro?: No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,
I have setup the emails accounts on Outlook 2013 first as IMAP, to load the old emails in the accounts, then as ActiveSync. I have a problem with any new email that the accounts are receiving: it duplicate itself as many as it can, until the user delete the received email. After that, the duplicate process stop.
(the same account set it up on mobile as ActiveSync works fine. Also, no duplicate email appear on mobile even if in Outlook I have more than 100)

Tell me what I can do to stop this.

↧

Re: Password length not being enforced

December 7, 2018, 12:34 pm

≫ Next: Re: is there possible to setup multiserver in iredmail

≪ Previous: Duplicate emails in Outlook

I am only referring to what I (the postmaster) and ordinary users can do in iRedAdmin-Pro.

↧

Re: is there possible to setup multiserver in iredmail

December 7, 2018, 5:27 pm

≫ Next: Re: Iredapd outbound limits bypassed

≪ Previous: Re: Password length not being enforced

ZhangHuangbin wrote:

Would you mind sharing your working solution?

Please look at above on my setting on 2018-11-30 09:29:52 (the 2 images) I am sure i have reboot the server.

I changes back, and it worked all the way. i don't know why there is problem on that day, but it should be that setting.
I did not used lmtp presently and it work just as i expected.

Thanks anyway
Napoleon

↧

Re: Iredapd outbound limits bypassed

December 8, 2018, 12:01 am

≫ Next: Re: Black- and whitelisted senders missing

≪ Previous: Re: is there possible to setup multiserver in iredmail

Thanks Zhang,

in the mean time I have apply the patch, in the next days I will update to iRedAPD-2.1.

↧

Re: Black- and whitelisted senders missing

December 8, 2018, 2:00 am

≫ Next: Re: Black- and whitelisted senders missing

≪ Previous: Re: Iredapd outbound limits bypassed

Hi Zhang,

Thanks for your reply, but I'm confused about why you're confused, as that's a copy and paste of the log from my installation of iRedAdmin-Pro, with my own server's domain anonymised. The user's domain does not appear anywhere in the log.

I create domain users on my server in the form of clientCode@subdomain.mydomain.com (user@myserver.example.com in my post). I know you recommend against it in iRedAdmin and iRedAdmin-Pro when creating a user, but that's how I choose to do it.

If you need to know exactly what my domain and sub-domain are, please email or PM me and I'll happily provide them.

This user tried to whitelist @.yahoo.com for his own domain, let's call it example.NET, not for the whole server. His domain does not show up in the log.

ZhangHuangbin wrote:

What i want to know is:
- Show me the domain name in log in correct format (the @myserver.example.com).
- Show me the domain name you checked in iRedAdmin-Pro.
- How can i reproduce this issue step-by-step?

* I have copied and pasted the format exactly from iRedAdmin-Pro, but only changed my domain to maintain privacy. Since this isn't a networking question the actual domain shouldn't matter. The only domain that is real is @.yahoo.com
* I don't understand what you mean by "Show me the domain name you checked in iRedAdmin-Pro." Are you looking for a screen capture of something?
* I don't know how you can reproduce this, that's why I'm asking the question. However, I will ask the user to tell me exactly what he did to white- and blacklist these senders, but I suspect he did so from the drop-down list at the bottom of the quarantine page.

Thanks.

Craig

↧

Latest Images