OK, first issue, probably minor. I get this installing the default php: "This port is deprecated; you may wish to reconsider installing it: PHP 5.4 is End of Life http://php.net/supported-versions.php. It is scheduled to be removed on or after 2016-01-15." Figuring I should go to the latest version then, I installed php56 and then progressed to php56-extensions. All good except that I found two of the extensions listed as required in the appendix for BSD are not present in the extensions setup to select. Those two are: php-spl php-pcre unfortunately the same issue is present in the base/default php-extensions as I went back there to see if they were present. I also get a STOP when php-mbstring comes up, saying it has vulnerabilities in the latest php56. I get a deprecated in the base/default php-extensions build. While compiling the default/base php5-extensions I get a STOP on building php5-phar. This is not in the list of required extensions but is listed as a dependency for php5-pdo (during its make). "===> php5-phar-5.4.45 has known vulnerabilities: php5-phar-5.4.45 is vulnerable: php -- multiple vulnerabilities CVE: CVE-2015-7804 CVE: CVE-2015-7803 WWW: https://vuxml.FreeBSD.org/freebsd/c1da8b75-6aef-11e5-9909-002590263bf5.html" So maybe three questions: 1. Should I use the deprecated (but seemingly default/base) php5 (5.4.x) or the newer php56? 2. Do the two missing extensions matter? if so, where do I get them? (see 2.a below!) 3. For the default php5-phar, am I safe setting 'DISABLE_VULNERABILITIES=yes' for make? I could do the same for the newer version and ignore the mbstring vulnerability. 2.a. Interestingly enough when I run php -m, it shows both SPL and pcre as loaded - I think they are actually in core for quite a long while now? perhaps they should be removed from the required list (unless it is assumed people are smarter than I and know they are part of core?)? So this whole thing is probably OK except for the issues with mbstring and phar vulnerabilities?
OK - in general just ignore the below. I redid all the php stuff (make deinstall, make clean, make install clean) in the default php5, all good, same thing in php5-extensions, except this time I unchecked php-phar since it was not in the list of required modules. Everything went well. Sorry to potentially have wasted anybody's time, I might get the hang of this UNIX stuff (again) yet. The only mild concern is that the default version of php5 is deprecated, which will lead to an php-mbstrings STOP (unless is it overridden as I noted below) if php56 is attempted. From: users [mailto:users-bounces(a)exim4u.org] On Behalf Of Helmut Fritz Sent: Tuesday, April 05, 2016 9:21 PM To: 'Exim4U General Discussion' Subject: [SPAM] [Exim4U] issues with php-extesions install OK, first issue, probably minor. I get this installing the default php: "This port is deprecated; you may wish to reconsider installing it: PHP 5.4 is End of Life http://php.net/supported-versions.php. It is scheduled to be removed on or after 2016-01-15." Figuring I should go to the latest version then, I installed php56 and then progressed to php56-extensions. All good except that I found two of the extensions listed as required in the appendix for BSD are not present in the extensions setup to select. Those two are: php-spl php-pcre unfortunately the same issue is present in the base/default php-extensions as I went back there to see if they were present. I also get a STOP when php-mbstring comes up, saying it has vulnerabilities in the latest php56. I get a deprecated in the base/default php-extensions build. While compiling the default/base php5-extensions I get a STOP on building php5-phar. This is not in the list of required extensions but is listed as a dependency for php5-pdo (during its make). "===> php5-phar-5.4.45 has known vulnerabilities: php5-phar-5.4.45 is vulnerable: php -- multiple vulnerabilities CVE: CVE-2015-7804 CVE: CVE-2015-7803 WWW: https://vuxml.FreeBSD.org/freebsd/c1da8b75-6aef-11e5-9909-002590263bf5.html" So maybe three questions: 1. Should I use the deprecated (but seemingly default/base) php5 (5.4.x) or the newer php56? 2. Do the two missing extensions matter? if so, where do I get them? (see 2.a below!) 3. For the default php5-phar, am I safe setting 'DISABLE_VULNERABILITIES=yes' for make? I could do the same for the newer version and ignore the mbstring vulnerability. 2.a. Interestingly enough when I run php -m, it shows both SPL and pcre as loaded - I think they are actually in core for quite a long while now? perhaps they should be removed from the required list (unless it is assumed people are smarter than I and know they are part of core?)? So this whole thing is probably OK except for the issues with mbstring and phar vulnerabilities?
In FreeBSD, please try to search for clues in /usr/ports/UPDATING whenever you encounter a weird issue. Also try and use pkg instead of ports whenever you can: man pkg I hope you are using FreeBSD 10.3 now that you are just starting and it was released this week:) On 6 April 2016 at 08:55, Helmut Fritz <helmut(a)fritz.us.com> wrote:
OK – in general just ignore the below.
I redid all the php stuff (make deinstall, make clean, make install clean) in the default php5, all good, same thing in php5-extensions, except this time I unchecked php-phar since it was not in the list of required modules. Everything went well.
Sorry to potentially have wasted anybody’s time, I might get the hang of this UNIX stuff (again) yet.
The only mild concern is that the default version of php5 is deprecated, which will lead to an php-mbstrings STOP (unless is it overridden as I noted below) if php56 is attempted.
*From:* users [mailto:users-bounces(a)exim4u.org] *On Behalf Of *Helmut Fritz *Sent:* Tuesday, April 05, 2016 9:21 PM *To:* 'Exim4U General Discussion' *Subject:* [SPAM] [Exim4U] issues with php-extesions install
OK, first issue, probably minor.
I get this installing the default php:
“This port is deprecated; you may wish to reconsider installing it:
PHP 5.4 is End of Life http://php.net/supported-versions.php.
It is scheduled to be removed on or after 2016-01-15.”
Figuring I should go to the latest version then, I installed php56 and then progressed to php56-extensions. All good except that I found two of the extensions listed as required in the appendix for BSD are not present in the extensions setup to select. Those two are:
php-spl
php-pcre
unfortunately the same issue is present in the base/default php-extensions as I went back there to see if they were present.
I also get a STOP when php-mbstring comes up, saying it has vulnerabilities in the latest php56. I get a deprecated in the base/default php-extensions build.
While compiling the default/base php5-extensions I get a STOP on building php5-phar. This is not in the list of required extensions but is listed as a dependency for php5-pdo (during its make).
“===> php5-phar-5.4.45 has known vulnerabilities:
php5-phar-5.4.45 is vulnerable:
php -- multiple vulnerabilities
CVE: CVE-2015-7804
CVE: CVE-2015-7803
WWW: https://vuxml.FreeBSD.org/freebsd/c1da8b75-6aef-11e5-9909-002590263bf5.html ”
So maybe three questions:
1. Should I use the deprecated (but seemingly default/base) php5 (5.4.x) or the newer php56?
2. Do the two missing extensions matter? if so, where do I get them? (see 2.a below!)
3. For the default php5-phar, am I safe setting ‘DISABLE_VULNERABILITIES=yes' for make? I could do the same for the newer version and ignore the mbstring vulnerability.
2.a. Interestingly enough when I run php –m, it shows both SPL and pcre as loaded – I think they are actually in core for quite a long while now? perhaps they should be removed from the required list (unless it is assumed people are smarter than I and know they are part of core?)?
So this whole thing is probably OK except for the issues with mbstring and phar vulnerabilities?
_______________________________________________ users mailing list users(a)exim4u.org https://exim4u.org/mailman/listinfo/users
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
Odhiambo, Yessir - using 10.3. Odhiambo/Gordon, Thx for the tips. I was, of course, compiling and installing everything that way. Old habit. I may well start over and just use packages to keep things clean. Helmut From: users [mailto:users-bounces(a)exim4u.org] On Behalf Of Gordon Dickens Sent: Wednesday, April 06, 2016 5:37 AM To: Exim4U General Discussion Subject: Re: [Exim4U] [SPAM] issues with php-extesions install Odhiambo is spot on here. You don't need to compile most of the software that you are going to use with FreeBSD. You can if you want, but that will be alot more time consuming. The "pkg" command is equivalent to "yum" in CentOS. However, "yum" refreshes the repositories automatically whereas you need to run "pkg update" to refresh repositories and then "pkg install" or "pkg update" to install or update packages. AFAIK, there are only two packages that you will need to compile using the ports collection in order to get Exim4U working: exim and dovecot2. You should compile these two packages in order to customize the configurations to work with mysql, sqlite, etc. Otherwise, you should be able to install everything with the "pkg" command. Also, FreeBSD has another command that maintains the main operating system called "freebsd-update". "freebsd-update" manages the kernel and the core operating system components. Use "freebsd-update fetch", freebsd-update install" to keep the core FreeBSD components up to date. You also need to manage your ports collection to make sure that you have the most up to date source code. To do that, use the "portsnap" command. For example: "portsnap fetch" and "portsnap update" These are your friends: man freebsd-update man portsnap man pkg FYI, Gordon On 04/06/2016 06:54 AM, Odhiambo Washington wrote: In FreeBSD, please try to search for clues in /usr/ports/UPDATING whenever you encounter a weird issue. Also try and use pkg instead of ports whenever you can: man pkg I hope you are using FreeBSD 10.3 now that you are just starting and it was released this week:) On 6 April 2016 at 08:55, Helmut Fritz <helmut(a)fritz.us.com> wrote: OK - in general just ignore the below. I redid all the php stuff (make deinstall, make clean, make install clean) in the default php5, all good, same thing in php5-extensions, except this time I unchecked php-phar since it was not in the list of required modules. Everything went well. Sorry to potentially have wasted anybody's time, I might get the hang of this UNIX stuff (again) yet. The only mild concern is that the default version of php5 is deprecated, which will lead to an php-mbstrings STOP (unless is it overridden as I noted below) if php56 is attempted. From: users [mailto:users-bounces(a)exim4u.org] On Behalf Of Helmut Fritz Sent: Tuesday, April 05, 2016 9:21 PM To: 'Exim4U General Discussion' Subject: [SPAM] [Exim4U] issues with php-extesions install OK, first issue, probably minor. I get this installing the default php: "This port is deprecated; you may wish to reconsider installing it: PHP 5.4 is End of Life http://php.net/supported-versions.php. It is scheduled to be removed on or after 2016-01-15." Figuring I should go to the latest version then, I installed php56 and then progressed to php56-extensions. All good except that I found two of the extensions listed as required in the appendix for BSD are not present in the extensions setup to select. Those two are: php-spl php-pcre unfortunately the same issue is present in the base/default php-extensions as I went back there to see if they were present. I also get a STOP when php-mbstring comes up, saying it has vulnerabilities in the latest php56. I get a deprecated in the base/default php-extensions build. While compiling the default/base php5-extensions I get a STOP on building php5-phar. This is not in the list of required extensions but is listed as a dependency for php5-pdo (during its make). "===> php5-phar-5.4.45 has known vulnerabilities: php5-phar-5.4.45 is vulnerable: php -- multiple vulnerabilities CVE: CVE-2015-7804 CVE: CVE-2015-7803 WWW: https://vuxml.FreeBSD.org/freebsd/c1da8b75-6aef-11e5-9909-002590263bf5.html" So maybe three questions: 1. Should I use the deprecated (but seemingly default/base) php5 (5.4.x) or the newer php56? 2. Do the two missing extensions matter? if so, where do I get them? (see 2.a below!) 3. For the default php5-phar, am I safe setting 'DISABLE_VULNERABILITIES=yes' for make? I could do the same for the newer version and ignore the mbstring vulnerability. 2.a. Interestingly enough when I run php -m, it shows both SPL and pcre as loaded - I think they are actually in core for quite a long while now? perhaps they should be removed from the required list (unless it is assumed people are smarter than I and know they are part of core?)? So this whole thing is probably OK except for the issues with mbstring and phar vulnerabilities? _______________________________________________ users mailing list users(a)exim4u.org https://exim4u.org/mailman/listinfo/users -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft." _______________________________________________ users mailing list users(a)exim4u.org https://exim4u.org/mailman/listinfo/users
OK guys, I generally have a server up and running on FreeBSD. I have a couple of issues though. 1. I created my first domain and users and all emails are being rejected: 2016-04-14 04:04:48 H=<domain.tld> [35.9.75.75] F=<> rejected RCPT <emailaddress(a)firstdomain.tld>: relay not permitted 1.a. I checked the mysql database, the domain and all users are created and all point to the proper mail reporistory. 1.b. I checked directory create permissions by creating a directory in the mailstore directory: root(a)svr6:/usr/local/etc # su -l exim4u $ pwd /usr/home/exim4u $ ls mail public_html $ cd mail $ mkdir test.com $ ls -l total 4 drwxr-xr-x 2 exim4u exim4u 512 Apr 14 04:16 test.com $ exit 1.c. I created a new virtual domain just to be able to work with a domain that is not critical. The postmaster welcome email was sent: ./maillog:Apr 14 04:26:51 svr6 sendmail[3131]: u3EBQocI003131: to=postmaster@<seconddomain.tld>, ctladdr=www (80/80), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30396, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (OK id=1aqfQA-0000oW-Qq) But no domain directory was created in the mailstore. 1.d. I checked the exim mainlog and found the reject: ./mainlog:2016-04-14 04:26:51 H=(svr6.fritz.us.com) [10.10.0.250] F=<www(a)svr6.fritz.us.com> rejected RCPT <postmaster(a)seconddomain.tld>: relay not permitted ./mainlog:2016-04-14 04:26:51 1aqfQA-0000oW-Qq ** postmaster@ seconddomain.tld R=dnslookup T=remote_smtp H=svr6.fritz.us.com [216.70.235.150]: SMTP error from remote mail server after RCPT TO:<postmaster@ seconddomain.tld>: 550 relay not permitted 1.e. Any ideas? 2. I installed dovecot 2 from packages: pkg install dovecot2 but I am not sure I can use it? It seems like it is not compiled with the mysql auth method! Am I correct? do I need to configure and compile it from ports? ./maillog:Apr 14 02:20:54 svr6 dovecot: auth: Fatal: Support not compiled in for passdb driver 'sql' Thx for any help. I have actually kept a 'log' of the steps and progress and can hopefully publish a complete single steps-to-install-and confirgure doc for FreeBSD (once it will works of course!). Helmut From: users [mailto:users-bounces(a)exim4u.org] On Behalf Of Helmut Fritz Sent: Wednesday, April 06, 2016 1:21 PM To: 'Exim4U General Discussion' Subject: Re: [Exim4U] [SPAM] issues with php-extesions install Odhiambo, Yessir - using 10.3. Odhiambo/Gordon, Thx for the tips. I was, of course, compiling and installing everything that way. Old habit. I may well start over and just use packages to keep things clean. Helmut From: users [mailto:users-bounces(a)exim4u.org] On Behalf Of Gordon Dickens Sent: Wednesday, April 06, 2016 5:37 AM To: Exim4U General Discussion Subject: Re: [Exim4U] [SPAM] issues with php-extesions install Odhiambo is spot on here. You don't need to compile most of the software that you are going to use with FreeBSD. You can if you want, but that will be alot more time consuming. The "pkg" command is equivalent to "yum" in CentOS. However, "yum" refreshes the repositories automatically whereas you need to run "pkg update" to refresh repositories and then "pkg install" or "pkg update" to install or update packages. AFAIK, there are only two packages that you will need to compile using the ports collection in order to get Exim4U working: exim and dovecot2. You should compile these two packages in order to customize the configurations to work with mysql, sqlite, etc. Otherwise, you should be able to install everything with the "pkg" command. Also, FreeBSD has another command that maintains the main operating system called "freebsd-update". "freebsd-update" manages the kernel and the core operating system components. Use "freebsd-update fetch", freebsd-update install" to keep the core FreeBSD components up to date. You also need to manage your ports collection to make sure that you have the most up to date source code. To do that, use the "portsnap" command. For example: "portsnap fetch" and "portsnap update" These are your friends: man freebsd-update man portsnap man pkg FYI, Gordon On 04/06/2016 06:54 AM, Odhiambo Washington wrote: In FreeBSD, please try to search for clues in /usr/ports/UPDATING whenever you encounter a weird issue. Also try and use pkg instead of ports whenever you can: man pkg I hope you are using FreeBSD 10.3 now that you are just starting and it was released this week:) On 6 April 2016 at 08:55, Helmut Fritz <helmut(a)fritz.us.com> wrote: OK - in general just ignore the below. I redid all the php stuff (make deinstall, make clean, make install clean) in the default php5, all good, same thing in php5-extensions, except this time I unchecked php-phar since it was not in the list of required modules. Everything went well. Sorry to potentially have wasted anybody's time, I might get the hang of this UNIX stuff (again) yet. The only mild concern is that the default version of php5 is deprecated, which will lead to an php-mbstrings STOP (unless is it overridden as I noted below) if php56 is attempted. From: users [mailto:users-bounces(a)exim4u.org] On Behalf Of Helmut Fritz Sent: Tuesday, April 05, 2016 9:21 PM To: 'Exim4U General Discussion' Subject: [SPAM] [Exim4U] issues with php-extesions install OK, first issue, probably minor. I get this installing the default php: "This port is deprecated; you may wish to reconsider installing it: PHP 5.4 is End of Life http://php.net/supported-versions.php. It is scheduled to be removed on or after 2016-01-15." Figuring I should go to the latest version then, I installed php56 and then progressed to php56-extensions. All good except that I found two of the extensions listed as required in the appendix for BSD are not present in the extensions setup to select. Those two are: php-spl php-pcre unfortunately the same issue is present in the base/default php-extensions as I went back there to see if they were present. I also get a STOP when php-mbstring comes up, saying it has vulnerabilities in the latest php56. I get a deprecated in the base/default php-extensions build. While compiling the default/base php5-extensions I get a STOP on building php5-phar. This is not in the list of required extensions but is listed as a dependency for php5-pdo (during its make). "===> php5-phar-5.4.45 has known vulnerabilities: php5-phar-5.4.45 is vulnerable: php -- multiple vulnerabilities CVE: CVE-2015-7804 CVE: CVE-2015-7803 WWW: https://vuxml.FreeBSD.org/freebsd/c1da8b75-6aef-11e5-9909-002590263bf5.html" So maybe three questions: 1. Should I use the deprecated (but seemingly default/base) php5 (5.4.x) or the newer php56? 2. Do the two missing extensions matter? if so, where do I get them? (see 2.a below!) 3. For the default php5-phar, am I safe setting 'DISABLE_VULNERABILITIES=yes' for make? I could do the same for the newer version and ignore the mbstring vulnerability. 2.a. Interestingly enough when I run php -m, it shows both SPL and pcre as loaded - I think they are actually in core for quite a long while now? perhaps they should be removed from the required list (unless it is assumed people are smarter than I and know they are part of core?)? So this whole thing is probably OK except for the issues with mbstring and phar vulnerabilities? _______________________________________________ users mailing list users(a)exim4u.org https://exim4u.org/mailman/listinfo/users -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft." _______________________________________________ users mailing list users(a)exim4u.org https://exim4u.org/mailman/listinfo/users
Hi, 2016-04-14 07:09, Helmut Fritz wrote:
OK guys, I generally have a server up and running on FreeBSD. I have a couple of issues though.
1. I created my first domain and users and all emails are being rejected: 2016-04-14 04:04:48 H=<domain.tld> [35.9.75.75] F=<> rejected RCPT <emailaddress(a)firstdomain.tld>: relay not permitted
1.a. I checked the mysql database, the domain and all users are created and all point to the proper mail reporistory.
<SNIP>
1.e. Any ideas?
I suggest you check this out: https://newspaint.wordpress.com/2014/08/22/testing-a-new-exim-configuration-... . Exim has built-in testing and debugging features, which might be of great help debugging issues like yours.
From your error messages, I would guess your exim doesn't treat virtual domains as local. Maybe you haven't configured it properly? Debugging should help you figure it out. For example, here's how to quickly see whether an email address is seen as local or not (note I did this under Debian, so the binary path might be a bit different):
rq(a)sonata:~$ /usr/sbin/exim4 -bt rimas(a)kudelis.lt # local address rimas(a)kudelis.lt -> /var/mail/vexim/kudelis.lt/rimas/Maildir transport = virtual_delivery rq(a)sonata:~$ /usr/sbin/exim4 -bt rq(a)rq.lt # local alias rimas(a)kudelis.lt -> /var/mail/vexim/kudelis.lt/rimas/Maildir transport = virtual_delivery rq(a)sonata:~$ /usr/sbin/exim4 -bt foo(a)example.org # non-local address R: dnslookup for foo(a)example.org foo(a)example.org router = dnslookup, transport = remote_smtp host example.org [2606:2800:220:1:248:1893:25c8:1946] host example.org [93.184.216.34]
2. I installed dovecot 2 from packages: pkg install dovecot2 but I am not sure I can use it? It seems like it is not compiled with the mysql auth method! Am I correct? do I need to configure and compile it from ports?
./maillog:Apr 14 02:20:54 svr6 dovecot: auth: Fatal: Support not compiled in for passdb driver 'sql'
I guess this bit of Gordon's email slipped through your eyes:
AFAIK, there are only two packages that you will need to compile using the ports collection in order to get Exim4U working: exim and dovecot2. You should compile these two packages in order to customize the configurations to work with mysql, sqlite, etc. Otherwise, you should be able to install everything with the "pkg" command.
If you didn't compile anything yet, then perhaps your Exim also doesn't support SQL at the moment? That could probably explain your first issue, although I don't think you would be able to run it with a bad configuration file (using unsupported features).
Thx for any help. I have actually kept a ‘log’ of the steps and progress and can hopefully publish a complete single steps-to-install-and confirgure doc for FreeBSD (once it will works of course!).
Great! Regards, Rimas
Rimas – doh! Let me give that a shot and I will reply back later today. I appreciate your eyes! Helmut From: users [mailto:users-bounces(a)exim4u.org] On Behalf Of Rimas Kudelis Sent: Wednesday, April 13, 2016 10:43 PM To: users(a)exim4u.org Subject: Re: [Exim4U] issues with setup Hi, 2016-04-14 07:09, Helmut Fritz wrote: OK guys, I generally have a server up and running on FreeBSD. I have a couple of issues though. 1. I created my first domain and users and all emails are being rejected: 2016-04-14 04:04:48 H=<domain.tld> [35.9.75.75] F=<> rejected RCPT <mailto:emailaddress(a)firstdomain.tld> <emailaddress(a)firstdomain.tld>: relay not permitted 1.a. I checked the mysql database, the domain and all users are created and all point to the proper mail reporistory. <SNIP> 1.e. Any ideas? I suggest you check this out: https://newspaint.wordpress.com/2014/08/22/testing-a-new-exim-configuration-... . Exim has built-in testing and debugging features, which might be of great help debugging issues like yours.
From your error messages, I would guess your exim doesn't treat virtual domains as local. Maybe you haven't configured it properly? Debugging should help you figure it out. For example, here's how to quickly see whether an email address is seen as local or not (note I did this under Debian, so the binary path might be a bit different):
rq(a)sonata:~$ /usr/sbin/exim4 -bt rimas(a)kudelis.lt # local address rimas(a)kudelis.lt -> /var/mail/vexim/kudelis.lt/rimas/Maildir transport = virtual_delivery rq(a)sonata:~$ /usr/sbin/exim4 -bt rq(a)rq.lt # local alias rimas(a)kudelis.lt -> /var/mail/vexim/kudelis.lt/rimas/Maildir transport = virtual_delivery rq(a)sonata:~$ /usr/sbin/exim4 -bt foo(a)example.org # non-local address R: dnslookup for foo(a)example.org foo(a)example.org router = dnslookup, transport = remote_smtp host example.org [2606:2800:220:1:248:1893:25c8:1946] host example.org [93.184.216.34] 2. I installed dovecot 2 from packages: pkg install dovecot2 but I am not sure I can use it? It seems like it is not compiled with the mysql auth method! Am I correct? do I need to configure and compile it from ports? ./maillog:Apr 14 02:20:54 svr6 dovecot: auth: Fatal: Support not compiled in for passdb driver 'sql' I guess this bit of Gordon's email slipped through your eyes: AFAIK, there are only two packages that you will need to compile using the ports collection in order to get Exim4U working: exim and dovecot2. You should compile these two packages in order to customize the configurations to work with mysql, sqlite, etc. Otherwise, you should be able to install everything with the "pkg" command. If you didn't compile anything yet, then perhaps your Exim also doesn't support SQL at the moment? That could probably explain your first issue, although I don't think you would be able to run it with a bad configuration file (using unsupported features). Thx for any help. I have actually kept a ‘log’ of the steps and progress and can hopefully publish a complete single steps-to-install-and confirgure doc for FreeBSD (once it will works of course!). Great! Regards, Rimas
OK - that was probably spot on. I had another issue (after exim and dovecot install) as well in that exim was looking specifically for /etc/exim/configure instead of /etc/exim/exim.conf. I fixed that with a symbolic link. So incoming smtp is working, the domain directory gets created with the user, etc. when the mail comes in. The issue is the domain directory is not getting created not getting created with any group permissions, only user. I did put the uid and gid int the web form when creating the domain. Since there are no group permissions and dovecot does not run as exim4u, it cannot access the mail store. Any ideas? I suppose I could have dovecot run as exim4u, but that does not seem like the right way to do it. I am able to send to other domains as well via smtp. Thx in advance! Helmut From: users [mailto:users-bounces(a)exim4u.org] On Behalf Of Helmut Fritz Sent: Wednesday, April 13, 2016 9:10 PM To: 'Exim4U General Discussion' Subject: [Exim4U] issues with setup OK guys, I generally have a server up and running on FreeBSD. I have a couple of issues though. 1. I created my first domain and users and all emails are being rejected: 2016-04-14 04:04:48 H=<domain.tld> [35.9.75.75] F=<> rejected RCPT <emailaddress(a)firstdomain.tld>: relay not permitted 1.a. I checked the mysql database, the domain and all users are created and all point to the proper mail reporistory. 1.b. I checked directory create permissions by creating a directory in the mailstore directory: root(a)svr6:/usr/local/etc # su -l exim4u $ pwd /usr/home/exim4u $ ls mail public_html $ cd mail $ mkdir test.com $ ls -l total 4 drwxr-xr-x 2 exim4u exim4u 512 Apr 14 04:16 test.com $ exit 1.c. I created a new virtual domain just to be able to work with a domain that is not critical. The postmaster welcome email was sent: ./maillog:Apr 14 04:26:51 svr6 sendmail[3131]: u3EBQocI003131: to=postmaster@<seconddomain.tld>, ctladdr=www (80/80), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30396, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (OK id=1aqfQA-0000oW-Qq) But no domain directory was created in the mailstore. 1.d. I checked the exim mainlog and found the reject: ./mainlog:2016-04-14 04:26:51 H=(svr6.fritz.us.com) [10.10.0.250] F=<www(a)svr6.fritz.us.com> rejected RCPT <postmaster(a)seconddomain.tld>: relay not permitted ./mainlog:2016-04-14 04:26:51 1aqfQA-0000oW-Qq ** postmaster@ seconddomain.tld R=dnslookup T=remote_smtp H=svr6.fritz.us.com [216.70.235.150]: SMTP error from remote mail server after RCPT TO:<postmaster@ seconddomain.tld>: 550 relay not permitted 1.e. Any ideas? 2. I installed dovecot 2 from packages: pkg install dovecot2 but I am not sure I can use it? It seems like it is not compiled with the mysql auth method! Am I correct? do I need to configure and compile it from ports? ./maillog:Apr 14 02:20:54 svr6 dovecot: auth: Fatal: Support not compiled in for passdb driver 'sql' Thx for any help. I have actually kept a 'log' of the steps and progress and can hopefully publish a complete single steps-to-install-and confirgure doc for FreeBSD (once it will works of course!). Helmut From: users [mailto:users-bounces(a)exim4u.org] On Behalf Of Helmut Fritz Sent: Wednesday, April 06, 2016 1:21 PM To: 'Exim4U General Discussion' Subject: Re: [Exim4U] [SPAM] issues with php-extesions install Odhiambo, Yessir - using 10.3. Odhiambo/Gordon, Thx for the tips. I was, of course, compiling and installing everything that way. Old habit. I may well start over and just use packages to keep things clean. Helmut From: users [mailto:users-bounces(a)exim4u.org] On Behalf Of Gordon Dickens Sent: Wednesday, April 06, 2016 5:37 AM To: Exim4U General Discussion Subject: Re: [Exim4U] [SPAM] issues with php-extesions install Odhiambo is spot on here. You don't need to compile most of the software that you are going to use with FreeBSD. You can if you want, but that will be alot more time consuming. The "pkg" command is equivalent to "yum" in CentOS. However, "yum" refreshes the repositories automatically whereas you need to run "pkg update" to refresh repositories and then "pkg install" or "pkg update" to install or update packages. AFAIK, there are only two packages that you will need to compile using the ports collection in order to get Exim4U working: exim and dovecot2. You should compile these two packages in order to customize the configurations to work with mysql, sqlite, etc. Otherwise, you should be able to install everything with the "pkg" command. Also, FreeBSD has another command that maintains the main operating system called "freebsd-update". "freebsd-update" manages the kernel and the core operating system components. Use "freebsd-update fetch", freebsd-update install" to keep the core FreeBSD components up to date. You also need to manage your ports collection to make sure that you have the most up to date source code. To do that, use the "portsnap" command. For example: "portsnap fetch" and "portsnap update" These are your friends: man freebsd-update man portsnap man pkg FYI, Gordon On 04/06/2016 06:54 AM, Odhiambo Washington wrote: In FreeBSD, please try to search for clues in /usr/ports/UPDATING whenever you encounter a weird issue. Also try and use pkg instead of ports whenever you can: man pkg I hope you are using FreeBSD 10.3 now that you are just starting and it was released this week:) On 6 April 2016 at 08:55, Helmut Fritz <helmut(a)fritz.us.com> wrote: OK - in general just ignore the below. I redid all the php stuff (make deinstall, make clean, make install clean) in the default php5, all good, same thing in php5-extensions, except this time I unchecked php-phar since it was not in the list of required modules. Everything went well. Sorry to potentially have wasted anybody's time, I might get the hang of this UNIX stuff (again) yet. The only mild concern is that the default version of php5 is deprecated, which will lead to an php-mbstrings STOP (unless is it overridden as I noted below) if php56 is attempted. From: users [mailto:users-bounces(a)exim4u.org] On Behalf Of Helmut Fritz Sent: Tuesday, April 05, 2016 9:21 PM To: 'Exim4U General Discussion' Subject: [SPAM] [Exim4U] issues with php-extesions install OK, first issue, probably minor. I get this installing the default php: "This port is deprecated; you may wish to reconsider installing it: PHP 5.4 is End of Life http://php.net/supported-versions.php. It is scheduled to be removed on or after 2016-01-15." Figuring I should go to the latest version then, I installed php56 and then progressed to php56-extensions. All good except that I found two of the extensions listed as required in the appendix for BSD are not present in the extensions setup to select. Those two are: php-spl php-pcre unfortunately the same issue is present in the base/default php-extensions as I went back there to see if they were present. I also get a STOP when php-mbstring comes up, saying it has vulnerabilities in the latest php56. I get a deprecated in the base/default php-extensions build. While compiling the default/base php5-extensions I get a STOP on building php5-phar. This is not in the list of required extensions but is listed as a dependency for php5-pdo (during its make). "===> php5-phar-5.4.45 has known vulnerabilities: php5-phar-5.4.45 is vulnerable: php -- multiple vulnerabilities CVE: CVE-2015-7804 CVE: CVE-2015-7803 WWW: https://vuxml.FreeBSD.org/freebsd/c1da8b75-6aef-11e5-9909-002590263bf5.html" So maybe three questions: 1. Should I use the deprecated (but seemingly default/base) php5 (5.4.x) or the newer php56? 2. Do the two missing extensions matter? if so, where do I get them? (see 2.a below!) 3. For the default php5-phar, am I safe setting 'DISABLE_VULNERABILITIES=yes' for make? I could do the same for the newer version and ignore the mbstring vulnerability. 2.a. Interestingly enough when I run php -m, it shows both SPL and pcre as loaded - I think they are actually in core for quite a long while now? perhaps they should be removed from the required list (unless it is assumed people are smarter than I and know they are part of core?)? So this whole thing is probably OK except for the issues with mbstring and phar vulnerabilities? _______________________________________________ users mailing list users(a)exim4u.org https://exim4u.org/mailman/listinfo/users -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft." _______________________________________________ users mailing list users(a)exim4u.org https://exim4u.org/mailman/listinfo/users
Hi Helmut, 2016-04-15 07:13, Helmut Fritz wrote:
So incoming smtp is working, the domain directory gets created with the user, etc. when the mail comes in. The issue is the domain directory is not getting created not getting created with any group permissions, only user. I did put the uid and gid int the web form when creating the domain.
Since there are no group permissions and dovecot does not run as exim4u, it cannot access the mail store.
Any ideas? I suppose I could have dovecot run as exim4u, but that does not seem like the right way to do it.
I just checked my server, and the situation is the same there: user's Maildir is created with access permissions for that user only. Yet my IMAP server runs under its own user. I don't think umask is really the issue here. At least according to the Dovecot manual, you're supposed to simply run it as root by default. See http://wiki2.dovecot.org/RunningDovecot . I guess it drops unnecessary permissions when a user connects. Regards, Rimas
Got it – will check. I think dovecot is running as dovecot. Kinda makes sense as exim is running as mailnull:mail but can drop mail into that mail store. Thx Rimas. From: users [mailto:users-bounces(a)exim4u.org] On Behalf Of Rimas Kudelis Sent: Thursday, April 14, 2016 9:58 PM To: users(a)exim4u.org Subject: Re: [Exim4U] issues with setup Hi Helmut, 2016-04-15 07:13, Helmut Fritz wrote: So incoming smtp is working, the domain directory gets created with the user, etc. when the mail comes in. The issue is the domain directory is not getting created not getting created with any group permissions, only user. I did put the uid and gid int the web form when creating the domain. Since there are no group permissions and dovecot does not run as exim4u, it cannot access the mail store. Any ideas? I suppose I could have dovecot run as exim4u, but that does not seem like the right way to do it. I just checked my server, and the situation is the same there: user's Maildir is created with access permissions for that user only. Yet my IMAP server runs under its own user. I don't think umask is really the issue here. At least according to the Dovecot manual, you're supposed to simply run it as root by default. See http://wiki2.dovecot.org/RunningDovecot . I guess it drops unnecessary permissions when a user connects. Regards, Rimas
OK – I think I am golden now. had a couple of other minor issues with dovecot as well but all figured out: -Needed to add ssl_protocols = !SSLv2 !SSLv3 to dovecot.conf (along with my ssl_cipher_list = ALL:!LOW:!MED:!SSLv2) so that more commonly available ciphers could be negotiated (TLS 1.2 has pretty limited ciphers that are not generally available on email clients) -a couple config and socket file path locations needed to be changed in config files I see that dovecot creates a new process for the imap connection that uses the uid and gid entered in the virtual domain creation form. Seems to be working well now, but I have a URIBL issue that I will send a separate message about if I do not find anything in the archives. Thx! From: users [mailto:users-bounces(a)exim4u.org] On Behalf Of Helmut Fritz Sent: Thursday, April 14, 2016 10:25 PM To: 'Exim4U General Discussion' Subject: Re: [Exim4U] issues with setup Got it – will check. I think dovecot is running as dovecot. Kinda makes sense as exim is running as mailnull:mail but can drop mail into that mail store. Thx Rimas. From: users [mailto:users-bounces(a)exim4u.org] On Behalf Of Rimas Kudelis Sent: Thursday, April 14, 2016 9:58 PM To: users(a)exim4u.org Subject: Re: [Exim4U] issues with setup Hi Helmut, 2016-04-15 07:13, Helmut Fritz wrote: So incoming smtp is working, the domain directory gets created with the user, etc. when the mail comes in. The issue is the domain directory is not getting created not getting created with any group permissions, only user. I did put the uid and gid int the web form when creating the domain. Since there are no group permissions and dovecot does not run as exim4u, it cannot access the mail store. Any ideas? I suppose I could have dovecot run as exim4u, but that does not seem like the right way to do it. I just checked my server, and the situation is the same there: user's Maildir is created with access permissions for that user only. Yet my IMAP server runs under its own user. I don't think umask is really the issue here. At least according to the Dovecot manual, you're supposed to simply run it as root by default. See http://wiki2.dovecot.org/RunningDovecot . I guess it drops unnecessary permissions when a user connects. Regards, Rimas
OK – so as you saw in me email a few minutes ago it looks like my new server is generally up and running. I asked a few of my co-workers to help test by sending me emails from their various personal accounts. All good except for one, this is another techy guy that runs his own email server as well (uses exim – not that it matters for this issue). His email bounced stating his domain was blacklisted at uribl.com. Here are the log entries: 2016-04-15 18:27:01 1arF0m-0002Vq-Qb H=mail-vk0-f51.google.com [209.85.213.51] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no F=<user(a)gmail.com> rejected during MIME ACL checks: Blacklisted URL in message. (warped.com) in. See http://lookup.uribl.com. 2016-04-15 18:29:07 1arF2o-0002WS-Uo H=mail-vk0-f48.google.com [209.85.213.48] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no F=<user(a)gmail.com> rejected during MIME ACL checks: Blacklisted URL in message. (uribl.com) in. See http://lookup.uribl.com. The first is his test email inbound. The second was him sending the reject message content. Questions: 1. Why does uribl.com blacklist their own URL in email messages (see log entry #2)? 2. Going to http://lookup.uribl.com and looking up warped.com, it is not listed! What gives? Should I be using this checking system? Thx! Helmut
It may well be a nameserver issue, although I am using my own. It is set to forward lookups to google for non-authoritative queries though. I have another I can switch to that does recursive, will try that. The interesting thing is that several other emails came through that were not blacklisted - same settings - both before and after the blocked email. Thx Gordon. From: users [mailto:users-bounces(a)exim4u.org] On Behalf Of Gordon Dickens Sent: Friday, April 15, 2016 11:41 AM To: Exim4U General Discussion Subject: Re: [Exim4U] URIBL blackist wrong? Are you running your own DNS nameserver? Otherwise, if you are using your ISP's nameserver (or any nameserver with lots of queries) then your queries are most probably being blocked by the URIBL server and which such refusal is interpreted as a blacklisted URL. The URIBL folks block nameservers that issue a large number of queries (millions/day) since, at that level, they want you to subscribe to their paid service. This has been previously discussed on this list and the simple fix is to implement and use your own nameserver with bind9/named. On 04/15/2016 02:26 PM, Helmut Fritz wrote: OK - so as you saw in me email a few minutes ago it looks like my new server is generally up and running. I asked a few of my co-workers to help test by sending me emails from their various personal accounts. All good except for one, this is another techy guy that runs his own email server as well (uses exim - not that it matters for this issue). His email bounced stating his domain was blacklisted at uribl.com. Here are the log entries: 2016-04-15 18:27:01 1arF0m-0002Vq-Qb H=mail-vk0-f51.google.com [209.85.213.51] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no F= <mailto:user(a)gmail.com> <user(a)gmail.com> rejected during MIME ACL checks: Blacklisted URL in message. (warped.com) in. See http://lookup.uribl.com. 2016-04-15 18:29:07 1arF2o-0002WS-Uo H=mail-vk0-f48.google.com [209.85.213.48] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no F= <mailto:user(a)gmail.com> <user(a)gmail.com> rejected during MIME ACL checks: Blacklisted URL in message. (uribl.com) in. See http://lookup.uribl.com. The first is his test email inbound. The second was him sending the reject message content. Questions: 1. Why does uribl.com blacklist their own URL in email messages (see log entry #2)? 2. Going to http://lookup.uribl.com and looking up warped.com, it is not listed! What gives? Should I be using this checking system? Thx! Helmut _______________________________________________ users mailing list users(a)exim4u.org https://exim4u.org/mailman/listinfo/users
Thx Gordon, yeah got all that - it (the nameserver) is actually on another server. One of those emails that came through did actually have a url: <https://www.avast.com/en-us/lp-esg-fav?utm_medium=email&utm_source=link&utm _campaign=sig-email&utm_content=webmail&utm_term=oa-2109-v2-b> https://ipmcdn.avast.com/images/2016/icons/icon-envelope-open-tick-round-ora nge-v1.png Virus-free. <https://www.avast.com/en-us/lp-esg-fav?utm_medium=email&utm_source=link&utm _campaign=sig-email&utm_content=webmail&utm_term=oa-2109-v2-b> www.avast.com And it passed through - it *seems* like it should not have? That said, the email initially in question went through after I changed the nameserver to the other one mentioned above. From: users [mailto:users-bounces(a)exim4u.org] On Behalf Of Gordon Dickens Sent: Friday, April 15, 2016 12:28 PM To: Exim4U General Discussion Subject: Re: [Exim4U] URIBL blackist wrong? Also, make sure to specify your nameserver(s) in /etc/resolv.conf such as: nameserver 127.0.0.1 or; nameserver <nameserver IP address> On 04/15/2016 03:20 PM, Gordon Dickens wrote: The URIBL service blocks blacklisted URL links in email. So, for you to see a URIBL rejection, then there must have been a URL link in the email. Emails that do not have URL links will never generate URIBL lookups. So, I'm guessing that the emails that were blocked had URL links whereas the emails that were delivered did not. Also, if you have already implemented your own nameserver then make sure that your /etc/hosts file has an entry for "127.0.1.1 localhost". On 04/15/2016 03:12 PM, Helmut Fritz wrote: It may well be a nameserver issue, although I am using my own. It is set to forward lookups to google for non-authoritative queries though. I have another I can switch to that does recursive, will try that. The interesting thing is that several other emails came through that were not blacklisted - same settings - both before and after the blocked email. Thx Gordon. From: users [mailto:users-bounces(a)exim4u.org] On Behalf Of Gordon Dickens Sent: Friday, April 15, 2016 11:41 AM To: Exim4U General Discussion Subject: Re: [Exim4U] URIBL blackist wrong? Are you running your own DNS nameserver? Otherwise, if you are using your ISP's nameserver (or any nameserver with lots of queries) then your queries are most probably being blocked by the URIBL server and which such refusal is interpreted as a blacklisted URL. The URIBL folks block nameservers that issue a large number of queries (millions/day) since, at that level, they want you to subscribe to their paid service. This has been previously discussed on this list and the simple fix is to implement and use your own nameserver with bind9/named. On 04/15/2016 02:26 PM, Helmut Fritz wrote: OK - so as you saw in me email a few minutes ago it looks like my new server is generally up and running. I asked a few of my co-workers to help test by sending me emails from their various personal accounts. All good except for one, this is another techy guy that runs his own email server as well (uses exim - not that it matters for this issue). His email bounced stating his domain was blacklisted at uribl.com. Here are the log entries: 2016-04-15 18:27:01 1arF0m-0002Vq-Qb H=mail-vk0-f51.google.com [209.85.213.51] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no F= <mailto:user(a)gmail.com> <user(a)gmail.com> rejected during MIME ACL checks: Blacklisted URL in message. (warped.com) in. See http://lookup.uribl.com. 2016-04-15 18:29:07 1arF2o-0002WS-Uo H=mail-vk0-f48.google.com [209.85.213.48] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no F= <mailto:user(a)gmail.com> <user(a)gmail.com> rejected during MIME ACL checks: Blacklisted URL in message. (uribl.com) in. See http://lookup.uribl.com. The first is his test email inbound. The second was him sending the reject message content. Questions: 1. Why does uribl.com blacklist their own URL in email messages (see log entry #2)? 2. Going to http://lookup.uribl.com and looking up warped.com, it is not listed! What gives? Should I be using this checking system? Thx! Helmut _______________________________________________ users mailing list users(a)exim4u.org https://exim4u.org/mailman/listinfo/users _______________________________________________ users mailing list users(a)exim4u.org https://exim4u.org/mailman/listinfo/users _______________________________________________ users mailing list users(a)exim4u.org https://exim4u.org/mailman/listinfo/users
participants (4)
-
Gordon Dickens -
Helmut Fritz -
Odhiambo Washington -
Rimas Kudelis