Courier Mail Server

Saxon Jones writes:

> After alot of fiddling about on my test server I cannot for the life
> of me get this to work if the domain is listed in locals. I made
> interbaun.com be the only line in the locals file and so I thought it
> would search LDAP for saxon@... but it doesn't seem to. If I

It should search for either saxon@..., or saxon@..., I forget 
offhand which.  So try using whatever you have set in the defaultdomain or 
the me control files.

If you don't have anything in there, use whatever is returned by the 
hostname command.

Hey guys!

I'm attempting to build Courier-IMAP but have run into some problems.
Everything chugs along fine until:

Compiling imaplogin.c
imaplogin.c: In function `do_imap_command':
imaplogin.c:373: warning: implicit declaration of function
`courier_safe_printf'
Compiling authenticate_auth.c
Compiling proxy.c
Linking imaplogin
imaplogin.o: In function `do_imap_command':
imaplogin.o(.text+0x70c): undefined reference to `courier_safe_printf'
imaplogin.o(.text+0x883): undefined reference to `courier_safe_printf'
collect2: ld returned 1 exit status
make[3]: *** [imaplogin] Error 1
make[3]: Leaving directory `/usr/src/redhat/BUILD/courier-imap-4.0.1/imap'
make[2]: *** [all] Error 2
make[2]: Leaving directory `/usr/src/redhat/BUILD/courier-imap-4.0.1/imap'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/src/redhat/BUILD/courier-imap-4.0.1'
make: *** [all] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.51521 (%build)

On a side note, the server compiled and installed the entire Courier package
just fine, but I decided to go with a different MTA.  The package worked
fine with the other MTA, but it just feels messy as now I have five other
processes running when I really only want Courier-IMAP, Courier-POP3, and
Courer-Authlib.

courieruucp
courierlocal
courierfax
courieresmtp
courierdsn

I did a Google/list search for the above error, but I couldn't find the same
error.  Everything else seemed to have obvious missing things like
courier-authlib.

Thanks in advance.


Michael

Paul Keogh writes:

> 
> Hi,
> 
> Any recommendations on an IMAP4 C API that I could use to develop
> clients
> against Couriers IMAP server ?
> 
> I've looked at the one from University of Washington already.

Well, Cone, http://www.courier-mta.org/cone/ does install a C++ API toolkit 
that's equivalent to c-client.  It covers everything that's covered by 
c-client, but it's a C++ API, and provides access to a number of things that 
c-client doesn't, such as ACLs.

Michael Nguyen writes:

> Hey guys!
> 
> I'm attempting to build Courier-IMAP but have run into some problems.
> Everything chugs along fine until:
> 
> Compiling imaplogin.c
> imaplogin.c: In function `do_imap_command':
> imaplogin.c:373: warning: implicit declaration of function
> `courier_safe_printf'

courier-authlib wasn't installed correctly.

Thomas von Hassel writes:

> I finaly got it to work, works great, but i can only se details about 
> outbound smtp. What about inbound ?

What about it?

If you found the outbound smtp stats, you must've also found the inbound 
stats.  They're on the same menu, and there's more of them.

On 3/2-2005, at 13.11, Sam Varshavchik wrote:

> Thomas von Hassel writes:
>
>> I finaly got it to work, works great, but i can only se details about=20=

>> outbound smtp. What about inbound ?
>
> What about it?
>
> If you found the outbound smtp stats, you must've also found the=20
> inbound stats.  They're on the same menu, and there's more of them.

yes, by network, by time, etc. but not in a nice overview like outbound=20=

... unless im missing something ...

/thomas

--
Med venlig hilsen
Thomas von Hassel
thomas@...

Verm=F8 Gruppen A/S
H.N. Andersens Vej 3-5 - 7400 Herning - 70 25 73 25 - http://www.vermoe.dk

Verm=F8 Gruppen A/S er et kommunikationshus med en bred palette af=20
kompetencer. Vores fire kerneomr=E5der er reklamebureau, medier, =
internet=20
og foto.
Vi udgiver magasinerne Magasinet Midtjylland og Midtjylland Viborg,=20
avisen Midtjylland Hverdag med metroXpress, samt Erhvervs Magasinet.
Huset besk=E6ftiger med datterselskaber ca. 50 medarbejdere.

Thomas von Hassel writes:

> 
> On 3/2-2005, at 13.11, Sam Varshavchik wrote:
> 
>> Thomas von Hassel writes:
>>
>>> I finaly got it to work, works great, but i can only se details about 
>>> outbound smtp. What about inbound ?
>>
>> What about it?
>>
>> If you found the outbound smtp stats, you must've also found the 
>> inbound stats.  They're on the same menu, and there's more of them.
> 
> yes, by network, by time, etc. but not in a nice overview like outbound 
> ... unless im missing something ...

There isn't a breakdown by mailbox because mail delivered to mailboxes was 
not necessarily received via SMTP, and there's no easy way to tie an 
individual local delivery to the original IP address.

Inbound SMTP reports concern the individual sources of SMTP 
connections, broken down by connecting networks, and various error 
condititions.  There is a report of rejected SMTP mail broken down by the 
recepient's address, because that information is easily associated in the 
logs.

> Yes.  Courier tarpits all SMTP errors, including user unknown.  Check 
> your mail logs.

What am I looking for in the logs?  I don't see anything about tarpits.

> But even with the tarpit in place you shouldn't be seeing so much crap 
> coming through.
> Unless you've installed a virtual domain alias catch-all.

It's not "coming through" anymore (I turned off the alias that it was 
running), but it still looks like a fair amount of annoying traffic, not 
to mention crap filling up my logs.

-Chris

Chris Petersen writes:

>> Yes.  Courier tarpits all SMTP errors, including user unknown.  Check 
>> your mail logs.
> 
> What am I looking for in the logs?  I don't see anything about tarpits.

You're looking for the fact that the same IP address is not filling up the 
logs with error messages.  At most you should see only a few error messages 
from the same IP address, spaced widely apart.

>> But even with the tarpit in place you shouldn't be seeing so much crap 
>> coming through.
>> Unless you've installed a virtual domain alias catch-all.
> 
> It's not "coming through" anymore (I turned off the alias that it was 
> running), but it still looks like a fair amount of annoying traffic, not 
> to mention crap filling up my logs.

It's better that crap fills your logs, rather than your mailbox.

> You're looking for the fact that the same IP address is not filling up 
> the logs with error messages.  At most you should see only a few error 
> messages from the same IP address, spaced widely apart.

Maybe my definition of "a few" is too low:

  Jan 31 01:08:11 indra courieresmtpd: started,ip=[::ffff:218.81.228.26]
  Jan 31 01:08:22 indra courieresmtpd: 
error,relay=::ffff:218.81.228.26,from=<rharekoth@...>: 
550 User unknown.
  Jan 31 01:08:27 indra courieresmtpd: 
error,relay=::ffff:218.81.228.26,from=<romanagiireenland@...>: 
550 User unknown.
  Jan 31 01:08:30 indra courieresmtpd: 
error,relay=::ffff:218.81.228.26,from=<cadee@...>: 
550 User unknown.
  Jan 31 01:08:34 indra courieresmtpd: 
error,relay=::ffff:218.81.228.26,from=<beckydelima@...>: 
550 User unknown.
  Jan 31 01:08:34 indra courieresmtpd: 
error,relay=::ffff:218.81.228.26,from=<penny@...>: 
550 User unknown.
  Jan 31 01:08:38 indra courieresmtpd: 
error,relay=::ffff:218.81.228.26,from=<rharekoth@...>: 
550 User unknown.
  Jan 31 01:08:46 indra courieresmtpd: 
error,relay=::ffff:218.81.228.26,from=<romanagiireenland@...>: 
550 User unknown.
  Jan 31 01:08:50 indra courieresmtpd: 
error,relay=::ffff:218.81.228.26,from=<beckydelima@...>: 
550 User unknown.
  Jan 31 01:08:50 indra courieresmtpd: 
error,relay=::ffff:218.81.228.26,from=<penny@...>: 
550 User unknown.
  Jan 31 01:09:11 indra courieresmtpd: 
error,relay=::ffff:218.81.228.26,from=<rharekoth@...>: 
550 User unknown.
  Jan 31 01:09:19 indra courieresmtpd: 
error,relay=::ffff:218.81.228.26,from=<romanagiireenland@...>: 
550 User unknown.
  Jan 31 01:09:23 indra courieresmtpd: 
error,relay=::ffff:218.81.228.26,from=<beckydelima@...>: 
550 User unknown.
  Jan 31 01:09:23 indra courieresmtpd: 
error,relay=::ffff:218.81.228.26,from=<penny@...>: 
550 User unknown.
  Jan 31 01:10:18 indra courieresmtpd: 
error,relay=::ffff:218.81.228.26,from=<rharekoth@...>: 
550 User unknown.
  Jan 31 01:10:24 indra courieresmtpd: 
error,relay=::ffff:218.81.228.26,from=<romanagiireenland@...>: 
550 User unknown.
  Jan 31 01:10:28 indra courieresmtpd: 
error,relay=::ffff:218.81.228.26,from=<penny@...>: 
550 User unknown.
  Jan 31 01:11:59 indra courieresmtpd: started,ip=[::ffff:218.81.228.26]
  Jan 31 01:11:59 indra courieresmtpd: started,ip=[::ffff:218.81.228.26]

It continues on like that for another 10 or so before logging a 
connection timeout.  I've noticed that *most* connections like this only 
get 3-5 messages in (about 25-30 seconds apart), but occasionally one 
will sneak through and send 30+ like this without much delay between 
them (which is what led me to wonder if the tarpit was being activated). 
  Obviously, the tarpit works, since most connections seem to get shut 
down pretty quickly, but I'm curious why some of these occasionally slip 
through.

-Chris

Chris Petersen writes:

>> You're looking for the fact that the same IP address is not filling up 
>> the logs with error messages.  At most you should see only a few error 
>> messages from the same IP address, spaced widely apart.
> 
> Maybe my definition of "a few" is too low:
> 
>   Jan 31 01:08:11 indra courieresmtpd: started,ip=[::ffff:218.81.228.26]
>   Jan 31 01:08:22 indra courieresmtpd: 
> error,relay=::ffff:218.81.228.26,from=<rharekoth@...>: 
> 550 User unknown.
>   Jan 31 01:08:27 indra courieresmtpd: 
> error,relay=::ffff:218.81.228.26,from=<romanagiireenland@...>: 
> 550 User unknown.
>   Jan 31 01:08:30 indra courieresmtpd: 
> error,relay=::ffff:218.81.228.26,from=<cadee@...>: 
> 550 User unknown.
>   Jan 31 01:08:34 indra courieresmtpd: 
> error,relay=::ffff:218.81.228.26,from=<beckydelima@...>: 
> 550 User unknown.
>   Jan 31 01:08:34 indra courieresmtpd: 
> error,relay=::ffff:218.81.228.26,from=<penny@...>: 
> 550 User unknown.
>   Jan 31 01:08:38 indra courieresmtpd: 
> error,relay=::ffff:218.81.228.26,from=<rharekoth@...>: 
> 550 User unknown.
>   Jan 31 01:08:46 indra courieresmtpd: 
> error,relay=::ffff:218.81.228.26,from=<romanagiireenland@...>: 
> 550 User unknown.
>   Jan 31 01:08:50 indra courieresmtpd: 
> error,relay=::ffff:218.81.228.26,from=<beckydelima@...>: 
> 550 User unknown.
>   Jan 31 01:08:50 indra courieresmtpd: 
> error,relay=::ffff:218.81.228.26,from=<penny@...>: 
> 550 User unknown.
>   Jan 31 01:09:11 indra courieresmtpd: 
> error,relay=::ffff:218.81.228.26,from=<rharekoth@...>: 
> 550 User unknown.
>   Jan 31 01:09:19 indra courieresmtpd: 
> error,relay=::ffff:218.81.228.26,from=<romanagiireenland@...>: 
> 550 User unknown.
>   Jan 31 01:09:23 indra courieresmtpd: 
> error,relay=::ffff:218.81.228.26,from=<beckydelima@...>: 
> 550 User unknown.
>   Jan 31 01:09:23 indra courieresmtpd: 
> error,relay=::ffff:218.81.228.26,from=<penny@...>: 
> 550 User unknown.
>   Jan 31 01:10:18 indra courieresmtpd: 
> error,relay=::ffff:218.81.228.26,from=<rharekoth@...>: 
> 550 User unknown.
>   Jan 31 01:10:24 indra courieresmtpd: 
> error,relay=::ffff:218.81.228.26,from=<romanagiireenland@...>: 
> 550 User unknown.
>   Jan 31 01:10:28 indra courieresmtpd: 
> error,relay=::ffff:218.81.228.26,from=<penny@...>: 
> 550 User unknown.
>   Jan 31 01:11:59 indra courieresmtpd: started,ip=[::ffff:218.81.228.26]
>   Jan 31 01:11:59 indra courieresmtpd: started,ip=[::ffff:218.81.228.26]
> 
> It continues on like that for another 10 or so before logging a 
> connection timeout.  I've noticed that *most* connections like this only 
> get 3-5 messages in (about 25-30 seconds apart), but occasionally one 
> will sneak through and send 30+ like this without much delay between 
> them (which is what led me to wonder if the tarpit was being activated). 
>   Obviously, the tarpit works, since most connections seem to get shut 
> down pretty quickly, but I'm curious why some of these occasionally slip 
> through.

Because eventually they will hit a valid mailbox.  No tarpit is perfect.

Furthermore, the default configuration allows a maximum of four simultaneous 
connections from the same IP address.  Any in excess are silently dropped, 
and not even logged.  It's not obvious but your logs do show the attacker 
trying to use multiple connections.

No tarpit is 100% effective, but without it you'd have even longer logs, and 
even more crap in the mailboxes.

Thursday, February 3, 2005, 23:39, you wrote:

> does anyone have recomendation for linux distro?

> putting up new dual opteron box.  will be doing courier mail plus
> Apache / postgresql / php.

> ideally will run same on notebook, development server, backup server,
> and eventual offload/mirror server.

  How about Gentoo. It would install quickly and provide native 64bit
  support and really good performance.


~S

chester c young said:
> does anyone have recomendation for linux distro? putting up new dual
> opteron box.  will be doing courier mail plus Apache / postgresql / php.
> ideally will run same on notebook, development server, backup server,
> and eventual offload/mirror server.

I'm upgrading my Courier box in a few weeks (read: as soon as I can get my
boss to release the funds).  I also plan to use a dual Opteron setup with
plenty (6-8 gigs) ram and ~100gigs RAID10 storage.  I plan to use the soon
to be released RedHat Enterprise Linux 4 for AMD64.  I'm currently using
RHEL3 and have been extremely pleased with it's performance, stability and
easy update system.  RHEL4 should also be quite stable as it's built off
of Fedora Core 2/3.  Security updates and support will also be made
available until 2012.  We're a educational institution so we can pickup a
RHEL4 Advanced Server for $50 but if the commercial price tag is to large
for you, consider looking at one of the RHEL clones like CentOS or
Whitebox.  They should be releasing RHEL4 clones soon after RH puts the
SRPMS on the website and they can compile them.  I believe Sam develops on
Fedora Core 2 or 3 so it is a well supported platform.

Jay
-- 
Jay Lee
Network / Systems Administrator
Information Technology Dept.
Philadelphia Biblical University
--