Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Email System For The Home Network - Version 2.1
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3 ... 10, 11, 12 ... 25, 26, 27  Next  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
beowulf
Apprentice
Apprentice


Joined: 07 Apr 2003
Posts: 225

PostPosted: Wed Jan 07, 2004 11:02 pm    Post subject: Reply with quote

numerodix wrote:
The only oddity currently in existence is Outlook Express asking me to pass a username, password and domain (?) for every session, required to send mail. Obviously, the login info is stored in the settings so I don't know what this is about but once it gets the values, sending mail works fine.

I also picked up a tip on the forum about adding "always_bcc = " to the postfix main.cf, thus enabling me to sort my sent mail in foders corresponding to the account it was sent from. :)

When you mentioned virus scanning, you said one should direct the mail to the mta at port 25, any pointers on how to do that? :)

For outlook express, what version do you have and did you enable SPA?

The always_bcc thing sounds good, I assume you're using procmail to filter the email to a .sent-email/ maildir or something similar? I think I'm going to add that to my system and also the guide. Thanks.

As for the virus scanning on the server side, I have no idea really.... never added one just mentioned it because a previous poster brought up an issue where the email was not scanned because mail was not directed to port 25.... I have no tips for that... sorry...
_________________
I have nothing witty to say here... ever :-(
Back to top
View user's profile Send private message
numerodix
l33t
l33t


Joined: 18 Jul 2002
Posts: 743
Location: nl.eu

PostPosted: Thu Jan 08, 2004 12:48 am    Post subject: Reply with quote

Outlook Express 6.

I've tried both on and off. If I turn it on, I get a message box with 3 input fields for user, pass and domain. If I turn it off, I get the same box only the user name is correctly filled in. I then type in the password and click ok and the message gets sent.

The idea was that if you want to use the same setup for multiple pop/imap accounts, you can use procmail to filter the mail accordingly. For instance using a few special filters and then dumping the rest into separate folders for the respective accounts so that you know where the mail was sent to. But when you send mail, you might want to know which account you sent it from, so that you avoid a huge pile of sent mail all mixed up.

Some clients (kmail) let you specify that mail sent from a certain profile goes into a certain sent dir. Others don't, the most elegant would be to have a server side mechanism for it. So I thought I would use the always_bcc directive to send a copy of each message back to the server (again filtered through procmail).

For example..

Code:
########################################################
######### default recipes outgoing
########################################################


# ---> john@free.com <---
:0
* ^From:.*john@free\.com
.john@free.sent/


# ---> sally@house.net <---
:0
* ^From:.*sally@house\.net
.sally@house.sent/


########################################################
######### default recipes incoming
########################################################

## default sorting when all else fails ##


# ---> john@free.com <---
:0
* ^TO_john@free\.com
.john@free/


# ---> sally@house.net <---
:0
* ^TO_sally@house\.net
.sally@house/


I will not vouch for those procmail rules, I'm sure they are quite lame since I've used procmail now for 2 days but I think you get the idea.

Note that if you do this, and you send mail from john to sally, you should either remove the duplicate filter rule (if you have it) or send it to another account not involved here, otherwise it will be marked as a duplicate (either the mail sent or the bcc returned, depending on which one gets there first).
_________________
undvd - ripping dvds should be as simple as unzip
Back to top
View user's profile Send private message
beowulf
Apprentice
Apprentice


Joined: 07 Apr 2003
Posts: 225

PostPosted: Thu Jan 08, 2004 5:39 am    Post subject: Reply with quote

Interesting... I think I'll set this up on my system as well.... thanks!

numerodix wrote:
Outlook Express 6.

I've tried both on and off. If I turn it on, I get a message box with 3 input fields for user, pass and domain. If I turn it off, I get the same box only the user name is correctly filled in. I then type in the password and click ok and the message gets sent.


As to the Outlook Express issue..... When you're asked for your domain what are you entering? Have you tried the various domains such as:

1 - Windows machine Host name or "computer name"
2 - Server FQDN
3 - Server hostname
4 - Windows machine Computer name with Server domain name.

I think I missed a step in my email setup and I'll need to fix it... I remember being asked for a domain and fiddling around with it until it sent without any errors.....

Thanks for showing me my error, I'll have it fixed in the next update....
_________________
I have nothing witty to say here... ever :-(
Back to top
View user's profile Send private message
numerodix
l33t
l33t


Joined: 18 Jul 2002
Posts: 743
Location: nl.eu

PostPosted: Thu Jan 08, 2004 7:59 pm    Post subject: Reply with quote

No, I tried all of those and that message box always pops up anyway. It's not an error per se, it does successfully send mail, only that extra authentication seems unnecessary.
_________________
undvd - ripping dvds should be as simple as unzip
Back to top
View user's profile Send private message
puke
Tux's lil' helper
Tux's lil' helper


Joined: 05 Oct 2002
Posts: 128

PostPosted: Fri Jan 09, 2004 2:05 am    Post subject: Reply with quote

numerodix Outlook Express has extra authentication options that are likely proprietary M$ extensions. They will probably need to be turned off to work with a system that uses an implementation of an open standard eg IMAP.

You may want to try using Mozilla Thunderbird instead of Outlook Express, if you are able to. In my experience Outlook Express is less featured and more of a dog to get working.

Of course you may not consider this a helpful response to your problem..! :?
Back to top
View user's profile Send private message
puke
Tux's lil' helper
Tux's lil' helper


Joined: 05 Oct 2002
Posts: 128

PostPosted: Fri Jan 09, 2004 2:56 am    Post subject: Reply with quote

beowulf wrote:

puke - Unfortunately I don't think you can restrict based on IP from the server. IP tables will allow you to easily do this however by dropping port 993.


Not only can you not restrict client IPs, courier-IMAP also runs as root! I guess a solution would be to use chrooted postfix for secure IMAP (instead of courier)?
Back to top
View user's profile Send private message
cmassa
n00b
n00b


Joined: 03 Jan 2004
Posts: 44
Location: seattle

PostPosted: Fri Jan 09, 2004 7:22 am    Post subject: ./CA.pl -newca horques Reply with quote

can anyone tell me why ./CA.pl -newca does nothing? the first time i ran it i got to the password input and i thought it took the input, but it just hung. i ctrl-c'd out and now if i run it again it does nothing.

if i continue with ./CA.pl -newreq it runs fine, but when i try to sign the cert i get this:

# ./CA.pl -sign
Using configuration from /etc/ssl/openssl.cnf
unable to load CA private key
17964:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:666:Expecting: ANY PRIVATE KEY
Signed certificate is in newcert.pem


any ideas???
Back to top
View user's profile Send private message
numerodix
l33t
l33t


Joined: 18 Jul 2002
Posts: 743
Location: nl.eu

PostPosted: Fri Jan 09, 2004 7:57 am    Post subject: Reply with quote

puke wrote:
numerodix Outlook Express has extra authentication options that are likely proprietary M$ extensions. They will probably need to be turned off to work with a system that uses an implementation of an open standard eg IMAP.

You may want to try using Mozilla Thunderbird instead of Outlook Express, if you are able to. In my experience Outlook Express is less featured and more of a dog to get working.

Of course you may not consider this a helpful response to your problem..! :?


I don't mean to be negative about it but I've been using Thunderbird for a couple of months and been forced to conclude that it's junk. The thing that ticks me off the most is how weird the polling is, Outlook Express always represents an up-to-date status of my mailbox, while Thunerbird sometimes doesn't know new mail has arrived, doesn't show the contents of some folders etc. I click to download mail, nothing happens, even though there is new mail to be found (talking about imap here btw). The account settings screen is also very cumbersome and if you want to change a default setting for one account, you have to do the exact same thing for them all.

But the number one most annoying Thunderbird problem is this.. it won't let me send mail. I haven't tried with my new postfix server but I have 2 pop accounts and one imap account that I use and with Thunderbird, I get errors from all of them when sending mail. Stuff like "recipient host not on accepted recipient list", whereas other email clients will just send the damn mail. I don't know what it is Thunderbird does, I certainly have tried jiggling with the settings but it's no good.
_________________
undvd - ripping dvds should be as simple as unzip
Back to top
View user's profile Send private message
beowulf
Apprentice
Apprentice


Joined: 07 Apr 2003
Posts: 225

PostPosted: Fri Jan 09, 2004 9:47 am    Post subject: Re: ./CA.pl -newca horques Reply with quote

puke - Yeah it really is the only feasable solution to the problem... and even then, the chroot needs to be able to work with non-chrooted software as well.... quite a configuration nightmare, but something I'd rather leave to another guide....

cmassa - After you've ran and killed CA.pl, have you gone and cleaned up the mess? Remove all the *.pem files as well as another file located further down.... Read the Troubleshooting section where I describe what files need to be removed....

If you have cleaned up the mess, could you please post the output of "ls -l /etc/ssl/misc" as well let me know if you added the nodes switch.
_________________
I have nothing witty to say here... ever :-(
Back to top
View user's profile Send private message
cmassa
n00b
n00b


Joined: 03 Jan 2004
Posts: 44
Location: seattle

PostPosted: Fri Jan 09, 2004 10:04 am    Post subject: Reply with quote

i clobbered the pem files, but i had just looked at the perl. and apparently, not very closely-- didnt see that anything was created in another directory.

just to clarify-- what pass phrase is required when running that first script?

thx--
Back to top
View user's profile Send private message
cmassa
n00b
n00b


Joined: 03 Jan 2004
Posts: 44
Location: seattle

PostPosted: Fri Jan 09, 2004 10:23 am    Post subject: Reply with quote

this post on another thread has me a little concerned...apparently there should be no request for a password:

Quote:
as you can see up the top, I was running ./CA.pl -newca

even so, they should screen out idiots like me from using gentoo :S

anyway, this time when I en-emerged openssl I rebooted.. the other times I didn't..

which was good cause it stopped ssh from working. b4 ssh was running and using the ssl libraries.. maybe that affected something.. I dunno..

anyway thanks heaps for your help


could ssh running be the cause? i hope not because the machine im working on is console only, and I'm not anywhere near it...it's only administered remotely...via ssh

heres the complete thread:

https://forums.gentoo.org/viewtopic.php?t=61398&highlight=pem+pass+phrase

had to kill it again--

here's the error:

18422:error:0906406D:PEM routines:DEF_CALLBACK:problems getting password:pem_lib.c:114:
18422:error:0906906F:PEM routines:PEM_ASN1_write_bio:read key:pem_lib.c:367:

oh yeah-- i did add the nodes switch. in fact, i followed the guide to the letter up to this point. (quite a comprehensive guide too...nice work!)
Back to top
View user's profile Send private message
puke
Tux's lil' helper
Tux's lil' helper


Joined: 05 Oct 2002
Posts: 128

PostPosted: Fri Jan 09, 2004 11:35 am    Post subject: Reply with quote

numerodix wrote:
I don't mean to be negative about it but I've been using Thunderbird for a couple of months and been forced to conclude that it's junk.


MUAs are always a personal preference thing so I try never to get religious about using one over another. In my experience, Thunderbird has been easier to configure than OE with various imap daemons. Just my 0.02!

I've got both Thunderbird and OE working perfectly with Courier-IMAP. Why don't you post some shots of your configs? I recall the domain prompt is something that can be turned off easily, I'm sure it was SPA, I think someone has already suggested that.
Back to top
View user's profile Send private message
numerodix
l33t
l33t


Joined: 18 Jul 2002
Posts: 743
Location: nl.eu

PostPosted: Fri Jan 09, 2004 12:37 pm    Post subject: Reply with quote

Here it is then:
[img:1e7706f36d]http://www.juventuz.com/_temp/postfix.jpg[/img:1e7706f36d]

Note: that bottom radiobox in the right window is actually selected, I clicked the other one by mistake when taking the screenshot :)
_________________
undvd - ripping dvds should be as simple as unzip
Back to top
View user's profile Send private message
beowulf
Apprentice
Apprentice


Joined: 07 Apr 2003
Posts: 225

PostPosted: Sat Jan 10, 2004 10:25 am    Post subject: Reply with quote

cmassa

No, I doubt it has anything to do with SSH running... as I've ran through this guide in an SSH session.... The password you're asked to create can be anything you like.... just use the same one throughout the codeblock dealing with certificate creation.

The errors listed are due to openssh not being able to sign the key because the password is wrong... either it wasn't set properly, or the -newreq and -newca used different passwords.... at least that is what my expierence tells me....

However, if this is not the case let me know and we'll continue to work on this...
_________________
I have nothing witty to say here... ever :-(
Back to top
View user's profile Send private message
puke
Tux's lil' helper
Tux's lil' helper


Joined: 05 Oct 2002
Posts: 128

PostPosted: Sun Jan 11, 2004 8:06 am    Post subject: Reply with quote

numerodix wrote:
Note: that bottom radiobox in the right window is actually selected, I clicked the other one by mistake when taking the screenshot :)


Well isn't that your problem then? "Use Secure Password Authentication" is checked on the bottom radiobox in the right window.

Uncheck "Use Secure Password Authentication".

And I'd uncheck the "Remember my password" as well. It's never a good idea on Windows clients IMHO. (What's the point of authentication when you're bypassing it on the client anyway)
Back to top
View user's profile Send private message
numerodix
l33t
l33t


Joined: 18 Jul 2002
Posts: 743
Location: nl.eu

PostPosted: Sun Jan 11, 2004 11:13 am    Post subject: Reply with quote

puke wrote:

Well isn't that your problem then? "Use Secure Password Authentication" is checked on the bottom radiobox in the right window.

Uncheck "Use Secure Password Authentication".

And I'd uncheck the "Remember my password" as well. It's never a good idea on Windows clients IMHO. (What's the point of authentication when you're bypassing it on the client anyway)


As stated earlier, I've tried it on and off and it doesn't make a difference.

numerodix wrote:
I've tried both on and off. If I turn it on, I get a message box with 3 input fields for user, pass and domain. If I turn it off, I get the same box only the user name is correctly filled in. I then type in the password and click ok and the message gets sent.

_________________
undvd - ripping dvds should be as simple as unzip
Back to top
View user's profile Send private message
sourmash
n00b
n00b


Joined: 15 Jan 2004
Posts: 18

PostPosted: Thu Jan 15, 2004 1:04 pm    Post subject: Reply with quote

Great guide however am I right in thinking that it is just aimed towards those that want to use their ISP to do smtp rather than do the smtp themselves?

I currently have an smtp server on one of my networks that I have friends connect in to and send email from ( using popbeforesmtp to authenticate them ) and would prefer to use sasl to authenticate them and to provide them with both pop and imap, would this guide work for me as it stands?

sourmash
Back to top
View user's profile Send private message
beowulf
Apprentice
Apprentice


Joined: 07 Apr 2003
Posts: 225

PostPosted: Thu Jan 15, 2004 8:20 pm    Post subject: Reply with quote

sourmash wrote:
Great guide however am I right in thinking that it is just aimed towards those that want to use their ISP to do smtp rather than do the smtp themselves?

I currently have an smtp server on one of my networks that I have friends connect in to and send email from ( using popbeforesmtp to authenticate them ) and would prefer to use sasl to authenticate them and to provide them with both pop and imap, would this guide work for me as it stands?

sourmash

You are correct that we use the ISP's SMTP server to send since this guide was written for a home network without it's own MX record.... However, if you have an MX record and an already working SMTP server, then this guide can be adapted. I believe it's a matter of removing any config option starting with "smtp_sasl_*" in the /etc/postfix/main.cf file. You'll still need to keep the "smtpd_sasl_*" options however. Also, enter your FQDN in the mydestination variable in main.cf... That shoudl do it, the guide is pretty much set up to act as a proper server but needs a few modificiations.

A few people have adapted this guide to work with a real SMTP server (real in the sense of an MX record pointing to the server), and I believe it's a trivial procedure. ..... The "receiving" section of this guide is pretty much independant of the sending section... so offering pop/imap to your friends shouldn't deviate from this guide too much....

All that said, this guide was not intended to offer services to a lot of people... As it stands now, it's tedious imo to maintain over 5 accounts.... just something to keep in mind... perhaps the virtual mailhosting guide would better suit you?
_________________
I have nothing witty to say here... ever :-(
Back to top
View user's profile Send private message
sourmash
n00b
n00b


Joined: 15 Jan 2004
Posts: 18

PostPosted: Thu Jan 15, 2004 8:31 pm    Post subject: Reply with quote

Thanks for the advice, I only have at present 2 people relaying through my server and do not intend on going above 4 so this should be suitable to my needs. On reading through the guide it appears that you only provide mail via IMAP and not via pop3s as well, I am not familiar with IMAP so can it run alongside pop3s in harmony or is it just best to stick with IMAP. My main concern with IMAP is that the users have to stay connected to the internet to download the mail as and when they read it from my server where as with pop3s they download it all to their workstations and can read it 'offline'.

Thanks

sourmash
Back to top
View user's profile Send private message
beowulf
Apprentice
Apprentice


Joined: 07 Apr 2003
Posts: 225

PostPosted: Thu Jan 15, 2004 8:42 pm    Post subject: Reply with quote

It should work fine...

Code:

root@server # vi /etc/courier-imap/pop3d.cnf
root@server # cd /etc/courier-imap && mkpop3dcert
root@server # /etc/init.d/courier-pop3d-ssl start
 * Starting courier-pop3d over SSL...                                     [ ok ]
root@server # rc-update add courier-pop3d-ssl default


Then connect to the server using POP over SSL at port 995.

Hope this helps.

[edit: forgot to mention, they will co-exist fine together /]
_________________
I have nothing witty to say here... ever :-(
Back to top
View user's profile Send private message
sourmash
n00b
n00b


Joined: 15 Jan 2004
Posts: 18

PostPosted: Thu Jan 15, 2004 9:00 pm    Post subject: Reply with quote

Thanks again for your help, I have updated the config as suggested however when I try to log in via pop3s using SSL not TLS i keep getting an error in my mail log showing:

[pop3d-ssl] Unexpected SSL connection shutdown.

If I use TSL I get no error messages which is good but i also get no email !!

Any ideas?

Thanks

sourmash
Back to top
View user's profile Send private message
beowulf
Apprentice
Apprentice


Joined: 07 Apr 2003
Posts: 225

PostPosted: Thu Jan 15, 2004 9:07 pm    Post subject: Reply with quote

sourmash wrote:
Thanks again for your help, I have updated the config as suggested however when I try to log in via pop3s using SSL not TLS i keep getting an error in my mail log showing:

[pop3d-ssl] Unexpected SSL connection shutdown.

If I use TSL I get no error messages which is good but i also get no email !!

Any ideas?

Thanks

sourmash

What client are you using? Also keep in mind that you need to use your username/password that is stored in /etc/passwd when logging in... we used authpam for authdaemond...

Does this match?
Code:

cat /etc/courier-imap/pop3d | grep MAILDIR=
MAILDIR=.maildir


Is there mail in ".maildir/cur" or is it all stored in a subfolder of INBOX?
_________________
I have nothing witty to say here... ever :-(
Back to top
View user's profile Send private message
sourmash
n00b
n00b


Joined: 15 Jan 2004
Posts: 18

PostPosted: Thu Jan 15, 2004 10:55 pm    Post subject: Reply with quote

I am using Kmail and the same username/passwords I use to log on normally.

Yes it does match!

It appears to store new mail that is not first filtered with a procmail recipe in .maildir/new

However there are some emails in .maildir/cur

I dont appear to have a folder called inbox so i guess where mail retrieved by imap and shown in the email client as being in the inbox is located in cur. I am supprised that it is not just in a folder called .inbox

Thanks

sourmash
Back to top
View user's profile Send private message
sourmash
n00b
n00b


Joined: 15 Jan 2004
Posts: 18

PostPosted: Thu Jan 15, 2004 11:51 pm    Post subject: Reply with quote

update: Appears to be working fine now with pop3 and imap from within kmail, however in outlook express 6 (which my friends use) it just keeps asking for a username and password and does not appear to accept any connections, in my logs it shows this:

unknown password verifier

On searching it appears this is a common problem with OE6 and that cyrus-sasl needs to be compiled with the --enable-logon option which I am not sure if it is by default - do you? and that you have the following in your main.cf:

broken_sasl_auth_clients = yes

Which I have but still no joy, anyone else experiencing this as well as I followed the guide to the letter so I cant be the only one...can i...

thanks

sourmash
Back to top
View user's profile Send private message
beowulf
Apprentice
Apprentice


Joined: 07 Apr 2003
Posts: 225

PostPosted: Fri Jan 16, 2004 4:23 am    Post subject: Reply with quote

sourmash wrote:
update: Appears to be working fine now with pop3 and imap from within kmail, however in outlook express 6 (which my friends use) it just keeps asking for a username and password and does not appear to accept any connections, in my logs it shows this:

unknown password verifier

On searching it appears this is a common problem with OE6 and that cyrus-sasl needs to be compiled with the --enable-logon option which I am not sure if it is by default - do you? and that you have the following in your main.cf:

broken_sasl_auth_clients = yes

Which I have but still no joy, anyone else experiencing this as well as I followed the guide to the letter so I cant be the only one...can i...

thanks

sourmash

Yeah, OE is fickle for lack of a better word... Cyrus-Sasl is compiled, or configured with --enable-logon... cat /usr/portage/dev-libs/cyrus-sasl/cyrus-sasl-2.1.14.ebuild | grep login

For some, OE works with SPA enabled, with others SPA must be disabled.... it really is an annoying thing from what I've found... In any case step 3.3 is where we setup sasl for auth, so that's where I would double check.. Unfortunately, OE has trouble with CRAM-MD5, so I think the whole guide would need to be changed to not require CRAM-MD5 to send.... I've never looked into it as I've never needed to use OE... If I get a chance, I'll see if I can change the setup for better OE integration.... Sorry couldn't be of more help...
_________________
I have nothing witty to say here... ever :-(
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page Previous  1, 2, 3 ... 10, 11, 12 ... 25, 26, 27  Next
Page 11 of 27

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum