Re: [SM-USERS] smtps 465 works, submission 587 does not
>>> Squirrelmail runs on the same machine as postfix and sends mail fine > > Is there any reason you need an encrypted connection when sending mail > on the localhost? This just creates unnecessary overhead and is > usually avoided if the connection is not over public networks. It's > trivial to add a secondary listener to Postfix's master.cf that > accepts SquirrelMail/localhost-only email submissions unencrypted on > another port. Could you show me how to do that? >>> when postfix is configured for smtps 465. I read smtps is deprecated >>> so I switched postfix to submission 587 and changed the port in >>> squirrelmail's config but squirrelmail will no longer send mail. >>> Thunderbird sends mail fine over port 465 or 587. In squirrelmail I >>> get: >>> >>> ERROR: >>> Message not sent. Server replied: >>> 0 Can't open SMTP stream. >>> >>> In the postfix log I get: >>> >>> [postfix/smtpd] connect from localhost[127.0.0.1] >>> [postfix/smtpd] lost connection after UNKNOWN from localhost[127.0.0.1] >>> [postfix/smtpd] disconnect from localhost[127.0.0.1] >>> >>> Does anyone know how to fix this? >> >> I just read that squirrelmail doesn't work with STARTTLS. Is > > If you really need it, SquirrelMail version 1.5.2 supports it. Got it. I'm using 1.4.22. >> deprecated SSL port 465 the only way to connect securely to a mail >> server with squirrelmail? > > FWIW, although port 465 is deprecated, I'm not sure it (postfix's > smtps service) is going anywhere anytime soon. Just trying to stay ahead of the sunset. :) - Grant -- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] Address Book not working - LDAP & Active Directory
Thanks for the response. I determined the problem was due to php not being configured with ldap. I'm not sure how that happened as I am using a clone of a virtual machine snapshot I took from the functional email server, but it's working now so all is good. -- Dave From: Tomas Kuliavas To: Deee V ; squirrelmail-users@lists.sourceforge.net Sent: Thursday, December 1, 2011 9:31 PM Subject: Re: [SM-USERS] Address Book not working - LDAP & Active Directory 2011.11.30 00:13 Deee V rašė: > Hello, and thanks in advance for looking at this for me. > > I have two configurations, one unsecure and the other encrypting LDAP > traffic between my email and Active Directory servers using SASL and TLS. > The issue I'm experiencing is occurring with the secure server in regard > to the Address Book. I am attempting to connect to an Active Directory > server to perform address lookups, but it appears as though the request is > not being sent from the server. I am capturing packets between my secure > server and my Active Directory server, and when I log into Squirrelmail I > see the authentication packets between my servers, but when I attempt to > search for addresses no packets are being transmitted. I have performed > an ldapsearch from the secure server to the Active Directory server and > everything works perfectly, and since I can log into squirrelmail using > Active Directory accounts I know both servers are configured correctly. > My only assumption is the configuration of my Address Book is not proper. > If I > perform the same lookup using the unsecured server lookups run properly > and I see packets transmitted between the servers. SquirrelMail 1.4.x does not check ldap connectivity in configtest. See ldap connectivity test script in http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/trunk/squirrelmail/contrib/test_ldap.phps?view=log or use sample from http://www.php.net/ldap.examples-basic Check if LDAP address book is listed when you search for address. You can't see LDAP address book entries in main address book listing. They are displayed only when user searches for something. -- Tomas-- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
[SM-USERS] Attachment directory ownership/permissions
I just ran configtest.php and got: ERROR: You have configured PHP not to allow short tags (short_open_tag=off). This shouldn't be a problem with SquirrelMail or any plugin coded coded according to the SquirrelMail Coding Guidelines, but if you experience problems with PHP code being displayed in some of the pages and changing setting to "on" solves the problem, please file a bug report against the failing plugin. The correct contact information is most likely to be found in the plugin documentation. ERROR: Attachment dir (/var/local/squirrelmail/attach/) does not exist! Should I bother to change short_open_tag? It sounds like it's OK. I'm thinking I should create the attachment directory. What ownership and permissions should it have? - Grant -- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] Attachment directory ownership/permissions
Check to see if you have spelled the directory path correctly. Also go the directory and do a "pwd" to make sure. I mis-spelled it once & got that error once. The permissions should be drwxr-sr-x and the owner should be the same as the webserver's. I hope this helps, Frank On 08-12-2011 08:33, Grant wrote: > I just ran configtest.php and got: > > ERROR: You have configured PHP not to allow short tags > (short_open_tag=off). This shouldn't be a problem with SquirrelMail or > any plugin coded coded according to the SquirrelMail Coding > Guidelines, but if you experience problems with PHP code being > displayed in some of the pages and changing setting to "on" solves the > problem, please file a bug report against the failing plugin. The > correct contact information is most likely to be found in the plugin > documentation. > > ERROR: Attachment dir (/var/local/squirrelmail/attach/) does not exist! > > Should I bother to change short_open_tag? It sounds like it's OK. > > I'm thinking I should create the attachment directory. What ownership > and permissions should it have? > > - Grant > > -- > Cloud Services Checklist: Pricing and Packaging Optimization > This white paper is intended to serve as a reference, checklist and point of > discussion for anyone considering optimizing the pricing and packaging model > of a cloud services business. Read Now! > http://www.accelacomm.com/jaw/sfnl/114/51491232/ > - > squirrelmail-users mailing list > Posting guidelines: http://squirrelmail.org/postingguidelines > List address: squirrelmail-users@lists.sourceforge.net > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user > List info (subscribe/unsubscribe/change options): > https://lists.sourceforge.net/lists/listinfo/squirrelmail-users > > -- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] smtps 465 works, submission 587 does not
>>> Squirrelmail runs on the same machine as postfix and sends mail fine > > Is there any reason you need an encrypted connection when sending mail > on the localhost? This just creates unnecessary overhead and is > usually avoided if the connection is not over public networks. It's > trivial to add a secondary listener to Postfix's master.cf that > accepts SquirrelMail/localhost-only email submissions unencrypted on > another port. I ended up adjusting my postfix config and having Squirrelmail submit mail on port 25 without encryption or authentication since it is on the same machine as postfix. - Grant >>> when postfix is configured for smtps 465. I read smtps is deprecated >>> so I switched postfix to submission 587 and changed the port in >>> squirrelmail's config but squirrelmail will no longer send mail. >>> Thunderbird sends mail fine over port 465 or 587. In squirrelmail I >>> get: >>> >>> ERROR: >>> Message not sent. Server replied: >>> 0 Can't open SMTP stream. >>> >>> In the postfix log I get: >>> >>> [postfix/smtpd] connect from localhost[127.0.0.1] >>> [postfix/smtpd] lost connection after UNKNOWN from localhost[127.0.0.1] >>> [postfix/smtpd] disconnect from localhost[127.0.0.1] >>> >>> Does anyone know how to fix this? >> >> I just read that squirrelmail doesn't work with STARTTLS. Is > > If you really need it, SquirrelMail version 1.5.2 supports it. > >> deprecated SSL port 465 the only way to connect securely to a mail >> server with squirrelmail? > > FWIW, although port 465 is deprecated, I'm not sure it (postfix's > smtps service) is going anywhere anytime soon. -- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] Attachment directory ownership/permissions
>> I just ran configtest.php and got: >> >> ERROR: You have configured PHP not to allow short tags >> (short_open_tag=off). This shouldn't be a problem with SquirrelMail or >> any plugin coded coded according to the SquirrelMail Coding >> Guidelines, but if you experience problems with PHP code being >> displayed in some of the pages and changing setting to "on" solves the >> problem, please file a bug report against the failing plugin. The >> correct contact information is most likely to be found in the plugin >> documentation. >> >> ERROR: Attachment dir (/var/local/squirrelmail/attach/) does not exist! >> >> Should I bother to change short_open_tag? It sounds like it's OK. >> >> I'm thinking I should create the attachment directory. What ownership >> and permissions should it have? > > Check to see if you have spelled the directory path correctly. Also go > the directory and do a "pwd" to make sure. I mis-spelled it once & got > that error once. > The permissions should be drwxr-sr-x and the owner should be the same as > the webserver's. No. Frank, you too should reconsider your directory permissions. Both of you should read this: http://squirrelmail.org/docs/admin/admin-3.html -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php -- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] smtps 465 works, submission 587 does not
On Thu, Dec 8, 2011 at 7:50 AM, Grant wrote: Squirrelmail runs on the same machine as postfix and sends mail fine >> >> Is there any reason you need an encrypted connection when sending mail >> on the localhost? This just creates unnecessary overhead and is >> usually avoided if the connection is not over public networks. It's >> trivial to add a secondary listener to Postfix's master.cf that >> accepts SquirrelMail/localhost-only email submissions unencrypted on >> another port. > > Could you show me how to do that? Add something such as this to master.cf, the port in this example being 10025, which you'd need to change in the SquirrelMail config too. localhost:10025 inet n - n - - smtpd -o mynetworks=127.0.0.0/8 -o content_filter= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions= -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= There's a heap of other things you can add to this to tweak performance as well, but this is OT here. Using port 25 is OK, as long as you make sure no one else can use it as an open relay, but moving your webmail traffic to another port like this is better. Also, be careful/conscious about settings such as "-o content_filter=", since that could allow an attacker using a compromised account to send spam and/or virus-laden emails from your system. -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php -- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
