Posts by robbo007

    perfect thanks. This only updates the www part of the control panel. How can I update the IMAP/POP3 services with the same certificate?


    perl /var/www/imscp/engine/setup/imscp-setup -dr ssl ???

    Should this parameter go before the # Plugin::Postscreen - Begin ?


    I've found in /etc/postfix/main.cf the Post-screen plugin is at the end of the file when enabled.


    I added check_client_access hash:/etc/postfix/rbl_override to the smtpd_recipient_restrictions parameter to try and whitelist but it seems the post screen plugin is run before this? Where would I need to put the check_client_access hash:/etc/postfix/rbl_override parameter to get it running before the post-screen plugin runs? Any ideas?


    Code
    1. # SMTP restrictions
    2. smtpd_helo_required = yes
    3. smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit
    4. smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permit
    5. smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_client_access h$
    6. smtpd_data_restrictions = reject_multi_recipient_bounce, reject_unauth_pipelining

    Hello all,
    I have one client who uses a dynamic IP from his ISP but 7 out of the 10 IPS are blacklisted on the spam sites. I use the Spam Assassin and Post-screen plugins on the server which are ovioulsy blocking him sending email via my server. If he reboots his router he might get a clean IP address but most times they are all blacklisted. (Crappy ISP)


    Is there any way to exclude his domain from these checks so it does not check his Internet's IP before trying to send?


    Thanks,
    Rob

    I've also done this after googling more:


    deleted /etc/courier/dhparams.pem and recreated with DH_BITS=2048 mkdhparams


    I use Courier:


    ii courier-base 0.73.1-1.6 amd64 Courier mail server - base system
    ii courier-imap 4.15-1.6 amd64 Courier mail server - IMAP server
    ii courier-imap-ssl 4.15-1.6 amd64 Courier mail server - IMAP over SSL
    ii courier-pop 0.73.1-1.6 amd64 Courier mail server - POP3 server
    ii courier-pop-ssl 0.73.1-1.6 amd64 Courier mail server - POP3 over SSL
    ii courier-ssl 0.73.1-1.6 amd64 Courier mail server - SSL/TLS Support


    After rebooting the server I can use port 143 checking the SSL box. Is this now working? Or should the port be 993?

    Right.


    So the config file for courier is this one?


    /etc/courier/imap-ssl


    There is no sign of TLS_DHPARAMS= parameter in this file. The closest is: TLS_DHCERTFILE=


    I tried adding the following there:


    TLS_DHCERTFILE=/etc/courier/dhparams.pem


    Restarted Courier and I get the same error.


    I then tried adding the command from the website to the end of the /etc/courier/imap-ssl file. As there is no section defined.


    TLS_DHPARAMS=/etc/courier/dhparams.pem I removed previous edited entries and restarted courier. I now get:


    Unexpected SSL connection shutdown.


    A little different but still does not work. Hmmmm getting closer I think....

    If you see the error its referring to the /etc/imscp/imscp_services.pem file. I've triple checked it and don't see any discrepancies.


    Ive run openssl x509 -in imscp_services.pem -text -noout and I get a clear output no errors.

    I've upgraded to 1.5.1 just in case. still the same error. I've checked my /etc/imscp/imscp_services.pem file and the certificates contain in this order: private key, certificate and then my CA bundle. All have their own begin and end lines, there are no spaces or unwanted carriage returns. Googling the error seems to come up with cert format but don't see anything bad abut the format. Any ideas?


    Is the order right? Private key cert first?
    If its working for HTTPS on my control panel does that confirm my cert is good right?
    Does couriertls use the certs differently than apache?



    Code
    1. Nov 28 09:36:45 sosaria imapd-ssl: Unexpected SSL connection shutdown.
    2. Nov 28 09:36:50 sosaria imapd-ssl: couriertls: /etc/imscp/imscp_services.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line

    From Windows Outlook and Mac mail.