From ladas at seznam.cz  Wed Feb  5 11:15:55 2020
From: ladas at seznam.cz (Ladislav Slanina)
Date: Wed, 05 Feb 2020 11:15:55 +0100
Subject: fail2ban for kolab-webadmin
Message-ID: <121632677.xO749Ls7lP@zbook>

Hi everybody.
Yesterday I search log files and try to find which can I use for fail2ban to monitor web access. But I did not find any, where there is all info in.
For user access is possible to use userlogins.log at roundcubemail log dir. But for kolab-webadmin I failed. At kolab-webadmin/errors I can find Invalid credentials message for user Directory Manager, but
not IP address. IP address I can find in httpd/ssl_access.log and ssl_request.log but there is not info about success or error. Is it possible to change the settings to push all info in one log file for kolab-webadmin access?

Thank you for any advice.

--
Greetings, ladas


From ladas at seznam.cz  Fri Feb  7 12:37:09 2020
From: ladas at seznam.cz (Ladislav Slanina)
Date: Fri, 07 Feb 2020 12:37:09 +0100
Subject: Webmail force username
Message-ID: <1715535.XZAHCD5Lp1@zbook>

Hi everybody.

Is it possible to force login username to UID only at webmail login (not alias and email) ? I found auth_attributes directive at ldap section at kolab.conf, but when I remove email and alias user cannot login at all. Exist some other parameter to force this?

Thank you for any answer

--
Greetings, ladas


From david at cryptix.net  Tue Feb 11 09:21:08 2020
From: david at cryptix.net (David Obando)
Date: Tue, 11 Feb 2020 09:21:08 +0100
Subject: guam - many errors in syslog
Message-ID: <d56b420c-6713-7996-1f74-be436f920518@cryptix.net>

Hi,

after putting some load (i.e. migrating mailboxes) on a kolab server I
see many guam errors (>50000 per day) like this:

Feb 11 09:16:01 mail guam[17433]: 09:16:01.474 [error] gen_fsm
<0.20974.0> in state passthrough terminated with reason: bad argument in
call to erlang:bit_size([<<"=\r\n:normal;font-style:normal;text-deco
ration:none;text-align:left;vertical-ali=\r\ngn:top;max-w...">>]) in
eimap:joined/2 line 487
Feb 11 09:16:01 mail guam[17433]: 09:16:01.474 [error] CRASH REPORT
Process <0.20974.0> with 0 neighbours exited with reason: bad argument
in call to erlang:bit_size([<<"=\r\n:normal;font-style:normal;tex
t-decoration:none;text-align:left;vertical-ali=\r\ngn:top;max-w...">>])
in eimap:joined/2 line 487

Does anyone have an idea what's happening there? What is the cause and
the effect of this error and how can I fix it?

Thanks and best regards,
David

-- 
encrypt!
gpg --keyserver pgp.mit.edu --recv-keys 6A25B6A3
Schl.-Fingerabdruck = 15FF 16DC 494C EABD 6DF8  B388 4EB8 056C 6A25 B6A3

From geoffn at gnaa.net  Thu Feb 13 00:12:56 2020
From: geoffn at gnaa.net (Geoff Nordli)
Date: Wed, 12 Feb 2020 15:12:56 -0800
Subject: tbsync setup
Message-ID: <e69b72f5-3207-f36c-ddb6-fcd0db427c39@gnaa.net>

Hi.

I am working on getting the calendar/tasks/contacts synced with 
thunderbird.

When I try to setup the tbsync it is failing.? Does anyone have some 
setup notes on getting it running.

URL:
https://mail.XXXX?.well-known/caldav (PROPFIND)

Request:
<d:propfind xmlns:d="DAV:"><d:prop><d:current-user-principal 
/></d:prop></d:propfind>

Response:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>405 Method Not Allowed</title>
</head>
<body>
<h1>Method Not Allowed</h1>
<p>The requested method PROPFIND is not allowed for the URL 
/.well-known/caldav.</p>
</body>
</html>


thanks,

Geoff

From geoffn at gnaa.net  Thu Feb 13 07:00:43 2020
From: geoffn at gnaa.net (Geoff Nordli)
Date: Wed, 12 Feb 2020 22:00:43 -0800
Subject: tbsync setup -- iRony not working
In-Reply-To: <e69b72f5-3207-f36c-ddb6-fcd0db427c39@gnaa.net>
References: <e69b72f5-3207-f36c-ddb6-fcd0db427c39@gnaa.net>
Message-ID: <9575e048-2976-35bf-0065-f6cff29667da@gnaa.net>

It actually seems like an issue with iRony.? I am not getting any 
logging in /var/log/iRony/.

curl https://server.ca/.well-known/caldav

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /.well-known/caldav was not found on this server.</p>
</body></html>

I have the iRony.conf file in httpd.conf.

cat /etc/httpd/conf.d/iRony.conf
Alias /iRony?? /usr/share/iRony/public_html

<Directory "/usr/share/iRony/public_html/">
 ??? AllowOverride All

 ??? <IfModule mod_authz_core.c>
 ??????? # Apache 2.4
 ??????? Require all granted
 ??? </IfModule>
 ??? <IfModule !mod_authz_core.c>
 ??????? # Apache 2.2
 ??????? Order Allow,Deny
 ??????? Allow from All
 ??? </IfModule>

 ??? RewriteEngine On
 ??? RewriteBase /iRony/
 ??? RewriteRule ^\.well-known/caldav?? / [R,L]
 ??? RewriteRule ^\.well-known/carddav? / [R,L]

 ??? RewriteCond? %{REQUEST_FILENAME}? !-f
 ??? RewriteCond? %{REQUEST_FILENAME}? !-d
 ??? RewriteRule? (.*)???????????????? index.php? [qsappend,last]

</Directory>

I have the dav and authz_core modules loaded:

apachectl -M | grep authz_cor
 ?authz_core_module (shared)

apachectl -M | grep dav
 ?dav_module (shared)
 ?dav_fs_module (shared)
 ?dav_lock_module (shared)

Any other ideas?

thanks,

Geoff


On 2020-02-12 3:12 p.m., Geoff Nordli wrote:
> Hi.
>
> I am working on getting the calendar/tasks/contacts synced with 
> thunderbird.
>
> When I try to setup the tbsync it is failing.? Does anyone have some 
> setup notes on getting it running.
>
> URL:
> https://mail.XXXX?.well-known/caldav (PROPFIND)
>
> Request:
> <d:propfind xmlns:d="DAV:"><d:prop><d:current-user-principal 
> /></d:prop></d:propfind>
>
> Response:
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html>
> <head>
> <title>405 Method Not Allowed</title>
> </head>
> <body>
> <h1>Method Not Allowed</h1>
> <p>The requested method PROPFIND is not allowed for the URL 
> /.well-known/caldav.</p>
> </body>
> </html>
>
>
> thanks,
>
> Geoff
>

From johannes.ranke at jrwb.de  Thu Feb 13 10:09:12 2020
From: johannes.ranke at jrwb.de (Johannes Ranke)
Date: Thu, 13 Feb 2020 10:09:12 +0100
Subject: tbsync setup -- iRony not working
In-Reply-To: <9575e048-2976-35bf-0065-f6cff29667da@gnaa.net>
References: <e69b72f5-3207-f36c-ddb6-fcd0db427c39@gnaa.net>
	<9575e048-2976-35bf-0065-f6cff29667da@gnaa.net>
Message-ID: <1921801.VJXJMh38MM@ryz>

Hi,

according to the config you posted, your iRony server (like mine e.g.) is 
configured to serve iRony in the iRony subdirectory, and not at the webroot.

So your call would read

curl https://server.ca/iRony/.well-known/caldav

On my server, with DAVx5 successfully syncing, I get a 302 (this document has 
moved).

My calendars are at

https://server.xy/iRony/calendars/user at server.xy/abcdef123456

but DAVx5 found these somehow via an autodiscovery mechanism.

Johannes

Am Donnerstag, 13. Februar 2020, 07:00:43 CET schrieb Geoff Nordli:
> It actually seems like an issue with iRony.  I am not getting any
> logging in /var/log/iRony/.
> 
> curl https://server.ca/.well-known/caldav
> 
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>404 Not Found</title>
> </head><body>
> <h1>Not Found</h1>
> <p>The requested URL /.well-known/caldav was not found on this server.</p>
> </body></html>
> 
> I have the iRony.conf file in httpd.conf.
> 
> cat /etc/httpd/conf.d/iRony.conf
> Alias /iRony   /usr/share/iRony/public_html
> 
> <Directory "/usr/share/iRony/public_html/">
>      AllowOverride All
> 
>      <IfModule mod_authz_core.c>
>          # Apache 2.4
>          Require all granted
>      </IfModule>
>      <IfModule !mod_authz_core.c>
>          # Apache 2.2
>          Order Allow,Deny
>          Allow from All
>      </IfModule>
> 
>      RewriteEngine On
>      RewriteBase /iRony/
>      RewriteRule ^\.well-known/caldav   / [R,L]
>      RewriteRule ^\.well-known/carddav  / [R,L]
> 
>      RewriteCond  %{REQUEST_FILENAME}  !-f
>      RewriteCond  %{REQUEST_FILENAME}  !-d
>      RewriteRule  (.*)                 index.php  [qsappend,last]
> 
> </Directory>
> 
> I have the dav and authz_core modules loaded:
> 
> apachectl -M | grep authz_cor
>   authz_core_module (shared)
> 
> apachectl -M | grep dav
>   dav_module (shared)
>   dav_fs_module (shared)
>   dav_lock_module (shared)
> 
> Any other ideas?
> 
> thanks,
> 
> Geoff
> 
> On 2020-02-12 3:12 p.m., Geoff Nordli wrote:
> > Hi.
> > 
> > I am working on getting the calendar/tasks/contacts synced with
> > thunderbird.
> > 
> > When I try to setup the tbsync it is failing.  Does anyone have some
> > setup notes on getting it running.
> > 
> > URL:
> > https://mail.XXXX?.well-known/caldav (PROPFIND)
> > 
> > Request:
> > <d:propfind xmlns:d="DAV:"><d:prop><d:current-user-principal
> > /></d:prop></d:propfind>
> > 
> > Response:
> > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> > <html>
> > <head>
> > <title>405 Method Not Allowed</title>
> > </head>
> > <body>
> > <h1>Method Not Allowed</h1>
> > <p>The requested method PROPFIND is not allowed for the URL
> > /.well-known/caldav.</p>
> > </body>
> > </html>
> > 
> > 
> > thanks,
> > 
> > Geoff
> 
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users



From geoffn at gnaa.net  Fri Feb 14 01:07:55 2020
From: geoffn at gnaa.net (Geoff Nordli)
Date: Thu, 13 Feb 2020 16:07:55 -0800
Subject: tbsync setup -- iRony not working
In-Reply-To: <1921801.VJXJMh38MM@ryz>
References: <e69b72f5-3207-f36c-ddb6-fcd0db427c39@gnaa.net>
	<9575e048-2976-35bf-0065-f6cff29667da@gnaa.net>
	<1921801.VJXJMh38MM@ryz>
Message-ID: <d43c79bb-22f9-4456-b6c9-ed717b162404@gnaa.net>

Hi Johannes.

I made some strides, but now I am getting a 405 Method not allowed error.


URL:
https://XXXX/.well-known/carddav (PROPFIND)

Request:
<d:propfind xmlns:d="DAV:"><d:prop><d:current-user-principal 
/></d:prop></d:propfind>

Response:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>405 Method Not Allowed</title>
</head>
<body>
<h1>Method Not Allowed</h1>
<p>The requested method PROPFIND is not allowed for the URL 
/.well-known/carddav.</p>
</body>
</html>

Any thoughts?

thanks,

Geoff


On 2020-02-13 1:09 a.m., Johannes Ranke wrote:
> Hi,
>
> according to the config you posted, your iRony server (like mine e.g.) is
> configured to serve iRony in the iRony subdirectory, and not at the webroot.
>
> So your call would read
>
> curl https://server.ca/iRony/.well-known/caldav
>
> On my server, with DAVx5 successfully syncing, I get a 302 (this document has
> moved).
>
> My calendars are at
>
> https://server.xy/iRony/calendars/user at server.xy/abcdef123456
>
> but DAVx5 found these somehow via an autodiscovery mechanism.
>
> Johannes
>
> Am Donnerstag, 13. Februar 2020, 07:00:43 CET schrieb Geoff Nordli:
>> It actually seems like an issue with iRony.  I am not getting any
>> logging in /var/log/iRony/.
>>
>> curl https://server.ca/.well-known/caldav
>>
>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
>> <html><head>
>> <title>404 Not Found</title>
>> </head><body>
>> <h1>Not Found</h1>
>> <p>The requested URL /.well-known/caldav was not found on this server.</p>
>> </body></html>
>>
>> I have the iRony.conf file in httpd.conf.
>>
>> cat /etc/httpd/conf.d/iRony.conf
>> Alias /iRony   /usr/share/iRony/public_html
>>
>> <Directory "/usr/share/iRony/public_html/">
>>       AllowOverride All
>>
>>       <IfModule mod_authz_core.c>
>>           # Apache 2.4
>>           Require all granted
>>       </IfModule>
>>       <IfModule !mod_authz_core.c>
>>           # Apache 2.2
>>           Order Allow,Deny
>>           Allow from All
>>       </IfModule>
>>
>>       RewriteEngine On
>>       RewriteBase /iRony/
>>       RewriteRule ^\.well-known/caldav   / [R,L]
>>       RewriteRule ^\.well-known/carddav  / [R,L]
>>
>>       RewriteCond  %{REQUEST_FILENAME}  !-f
>>       RewriteCond  %{REQUEST_FILENAME}  !-d
>>       RewriteRule  (.*)                 index.php  [qsappend,last]
>>
>> </Directory>
>>
>> I have the dav and authz_core modules loaded:
>>
>> apachectl -M | grep authz_cor
>>    authz_core_module (shared)
>>
>> apachectl -M | grep dav
>>    dav_module (shared)
>>    dav_fs_module (shared)
>>    dav_lock_module (shared)
>>
>> Any other ideas?
>>
>> thanks,
>>
>> Geoff
>>
>> On 2020-02-12 3:12 p.m., Geoff Nordli wrote:
>>> Hi.
>>>
>>> I am working on getting the calendar/tasks/contacts synced with
>>> thunderbird.
>>>
>>> When I try to setup the tbsync it is failing.  Does anyone have some
>>> setup notes on getting it running.
>>>
>>> URL:
>>> https://mail.XXXX?.well-known/caldav (PROPFIND)
>>>
>>> Request:
>>> <d:propfind xmlns:d="DAV:"><d:prop><d:current-user-principal
>>> /></d:prop></d:propfind>
>>>
>>> Response:
>>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
>>> <html>
>>> <head>
>>> <title>405 Method Not Allowed</title>
>>> </head>
>>> <body>
>>> <h1>Method Not Allowed</h1>
>>> <p>The requested method PROPFIND is not allowed for the URL
>>> /.well-known/caldav.</p>
>>> </body>
>>> </html>
>>>
>>>
>>> thanks,
>>>
>>> Geoff
>> _______________________________________________
>> users mailing list
>> users at lists.kolab.org
>> https://lists.kolab.org/mailman/listinfo/users
>
>

From t.mohrfeldt at liesegang.sh  Tue Feb 18 11:07:37 2020
From: t.mohrfeldt at liesegang.sh (T. Mohrfeldt (Liesegang GmbH))
Date: Tue, 18 Feb 2020 11:07:37 +0100
Subject: Kolab Webadmin not working (anymore)
Message-ID: <7cfb9b78ff73c3d212e421570c54bcba@liesegang.sh>

Hi knowledgeable folks,

as of recent I cannot create new users with the kolab-webadmin. I tried 
restarting the services, the server, updating and praying. Nothing 
helped thus far.

The problem seems to be the lack of the preselected E-Mail server on the 
4th tab of the new user dialog. For existing users there the field is 
filled with localhost.

I did not change any configs or did otherwise tamper with the server.

How can I get kolab-webadmin talking to the rest of the system again?

With kind regards

Torben Mohrfeldt

From i.bin at dah.am  Tue Feb 18 17:31:38 2020
From: i.bin at dah.am (Skale, Franz)
Date: Tue, 18 Feb 2020 17:31:38 +0100
Subject: Kolab Webadmin not working (anymore)
In-Reply-To: <7cfb9b78ff73c3d212e421570c54bcba@liesegang.sh>
References: <7cfb9b78ff73c3d212e421570c54bcba@liesegang.sh>
Message-ID: <96bae618dc78ddc93b01c204e2e4cac6@dah.am>

Hi Torben,
start by enabling debug mode: (snippet of my kolab.conf wap section):

[kolab_wap]
skin = default
sql_uri = mysql://kolab:xxxxxxxxxxxxxxx at localhost/kolab
ssl_verify_peer = false
ssl_verify_host = true
api_url = https://server.example.com/kolab-webadmin/api
debug_mode = trace

Also check that the logdir exists: /var/log/kolab-webadmin
Owner must be set to your webserver runas:
drwxr-x--- 2 www-data www-data 4096 Feb  5 13:23 /var/log/kolab-webadmin

After enabled debug logging, you should have two logfiles, console and 
errors:

/var/log/kolab-webadmin/console
/var/log/kolab-webadmin/errors

Check your webserver logfiles for php errors !

Best regards
Franz


Am 2020-02-18 11:07, schrieb T. Mohrfeldt (Liesegang GmbH):
> Hi knowledgeable folks,
> 
> as of recent I cannot create new users with the kolab-webadmin. I
> tried restarting the services, the server, updating and praying.
> Nothing helped thus far.
> 
> The problem seems to be the lack of the preselected E-Mail server on
> the 4th tab of the new user dialog. For existing users there the field
> is filled with localhost.
> 
> I did not change any configs or did otherwise tamper with the server.
> 
> How can I get kolab-webadmin talking to the rest of the system again?
> 
> With kind regards
> 
> Torben Mohrfeldt
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users

From i.bin at dah.am  Wed Feb 19 10:56:15 2020
From: i.bin at dah.am (Skale, Franz)
Date: Wed, 19 Feb 2020 10:56:15 +0100
Subject: Kolab Webadmin not working (anymore)
In-Reply-To: <317d949d0933f09d45fdb30c0c469e05@liesegang.sh>
References: <7cfb9b78ff73c3d212e421570c54bcba@liesegang.sh>
	<96bae618dc78ddc93b01c204e2e4cac6@dah.am>
	<317d949d0933f09d45fdb30c0c469e05@liesegang.sh>
Message-ID: <6cf9c825f77bb89a42f8ed04579b05d5@dah.am>

Hi Torben,
The console log should exist.
Perhaps the webserver user cannot create a file ?
Anyhow, check the cache dir for files and also check that the symlinks 
exist:
lrwxrwxrwx 1 root root   25 Nov 18  2016 /usr/share/kolab-webadmin/cache 
-> /var/cache/kolab-webadmin
drwxr-xr-x 2 root root 4096 Dec  1 09:55 
/usr/share/kolab-webadmin/hosted
drwxr-xr-x 7 root root 4096 Feb 18 17:26 /usr/share/kolab-webadmin/lib
lrwxrwxrwx 1 root root   23 Nov 18  2016 /usr/share/kolab-webadmin/logs 
-> /var/log/kolab-webadmin
drwxr-xr-x 5 root root 4096 Dec  1 09:55 
/usr/share/kolab-webadmin/public_html
Try to remove the cached PHP files and take a look.
As a last resort start apache2 with the -X flag in foreground to debug.


Best regards
Franz

Am 2020-02-19 09:10, schrieb T. Mohrfeldt (Liesegang GmbH):
> Hello Franz,
> 
> thank you for getting me on track.
> First of all I checked my apache log. Nothing to worry except a 
> spamming of:
> 
> unnamed app(15286) KSystemTimeZonesPrivate::readConfig: readConfig():
> local zone= "UTC"
> unnamed app(15286) KSystemTimeZonesPrivate::readZoneTab: readZoneTab(
> "/usr/share/zoneinfo/zone.tab" )
> 
> I have no clue what this is about...
> 
> I've checked for the folder/permissions you've mentioned and already
> had them + a errors file but no console file
> 
> The errors file had at one point mentioned the loss of connection to
> ldap, but not right now.
> 
> I've changed my kolab.cnf [kolab_wap] section as suggested by you.
> But still no console file and nothing new in errors. I restarted
> kolabd and httpd services shouldn't that do the trick?
> 
> If nothing helps, I have to go for a reboot, but that's possible in
> 12+ hours from now, because of business hours right now ;-)
> 
> With kind regards
> 
> Torben Mohrfeldt
> 
> 
> 
> Am 18.02.2020 17:31, schrieb Skale, Franz:
>> Hi Torben,
>> start by enabling debug mode: (snippet of my kolab.conf wap section):
>> 
>> [kolab_wap]
>> skin = default
>> sql_uri = mysql://kolab:xxxxxxxxxxxxxxx at localhost/kolab
>> ssl_verify_peer = false
>> ssl_verify_host = true
>> api_url = https://server.example.com/kolab-webadmin/api
>> debug_mode = trace
>> 
>> Also check that the logdir exists: /var/log/kolab-webadmin
>> Owner must be set to your webserver runas:
>> drwxr-x--- 2 www-data www-data 4096 Feb  5 13:23 
>> /var/log/kolab-webadmin
>> 
>> After enabled debug logging, you should have two logfiles, console and 
>> errors:
>> 
>> /var/log/kolab-webadmin/console
>> /var/log/kolab-webadmin/errors
>> 
>> Check your webserver logfiles for php errors !
>> 
>> Best regards
>> Franz
>> 
>> 
>> Am 2020-02-18 11:07, schrieb T. Mohrfeldt (Liesegang GmbH):
>>> Hi knowledgeable folks,
>>> 
>>> as of recent I cannot create new users with the kolab-webadmin. I
>>> tried restarting the services, the server, updating and praying.
>>> Nothing helped thus far.
>>> 
>>> The problem seems to be the lack of the preselected E-Mail server on
>>> the 4th tab of the new user dialog. For existing users there the 
>>> field
>>> is filled with localhost.
>>> 
>>> I did not change any configs or did otherwise tamper with the server.
>>> 
>>> How can I get kolab-webadmin talking to the rest of the system again?
>>> 
>>> With kind regards
>>> 
>>> Torben Mohrfeldt
>>> _______________________________________________
>>> users mailing list
>>> users at lists.kolab.org
>>> https://lists.kolab.org/mailman/listinfo/users
>> _______________________________________________
>> users mailing list
>> users at lists.kolab.org
>> https://lists.kolab.org/mailman/listinfo/users

From geoffn at gnaa.net  Wed Feb 19 18:22:34 2020
From: geoffn at gnaa.net (Geoff Nordli)
Date: Wed, 19 Feb 2020 09:22:34 -0800
Subject: tbsync setup -- iRony not working
In-Reply-To: <d38267e1-6544-c538-fe97-bc9875b9d2a1@badici.ro>
References: <e69b72f5-3207-f36c-ddb6-fcd0db427c39@gnaa.net>
	<9575e048-2976-35bf-0065-f6cff29667da@gnaa.net>
	<d38267e1-6544-c538-fe97-bc9875b9d2a1@badici.ro>
Message-ID: <577b2078-454c-26c6-a564-ef634ca0573a@gnaa.net>

Hi.

I did not have that link in the config folder.? I added it.

Also, I adjusted the apache configuration.

I am getting a forbidden error message now.

URL:
https://XXXXX/iRony/.well-known/carddav (PROPFIND)

Request:
<d:propfind xmlns:d="DAV:"><d:prop><d:current-user-principal 
/></d:prop></d:propfind>

Response:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>403 Forbidden</title>
</head>
<body>
<h1>Forbidden</h1>
<p>You don't have permission to access /iRony/.well-known/carddav
on this server.</p>
</body>
</html>

In the apache log.

[Thu Feb 13 12:01:52.694157 2020] [authz_core:error] [pid 2377] [client 
192.168.0.149:37290] AH01630: client denied by server configuration: 
/usr/share/iRony/public_html/.well-known

When I do my google fu, it suggests I should be using Require all 
granted instead for apache 2.4

When I change that it gives me a 405 method not allowed error message.


URL:
https://XXXXX/.well-known/carddav (PROPFIND)

Request:
<d:propfind xmlns:d="DAV:"><d:prop><d:current-user-principal 
/></d:prop></d:propfind>

Response:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>405 Method Not Allowed</title>
</head>
<body>
<h1>Method Not Allowed</h1>
<p>The requested method PROPFIND is not allowed for the URL 
/.well-known/carddav.</p>
</body>
</html>



Any other ideas?

Geoff



On 2020-02-12 10:26 p.m., MIhai Badici wrote:
>
> Did you have a symlynk of roundcube config in iRony/config ?
>
> ?ls -lah config/
> total 24K
> drwxr-xr-x? 2 root root 4.0K Feb? 1 17:19 .
> drwxr-xr-x 11 root root 4.0K Feb? 1 14:18 ..
> lrwxrwxrwx? 1 root root?? 42 Feb? 1 14:16 config.inc.php -> 
> /usr/share/roundcubemail/config/config.inc.php
> -rw-r--r--? 1 root root 5.9K Feb? 1 17:19 dav.inc.php
>
> And in Apache:
>
>
> ? Alias /iRony?? /usr/share/iRony/public_html
> ???? <Directory /usr/share/iRony/public_html>
> ??????????????? Options Indexes FollowSymLinks MultiViews
> ??????????????? AllowOverride None
> ??????????????? Order allow,deny
> ??????????????? allow from all
>
>
>
> ??? RewriteEngine On
> ??? RewriteBase /iRony/
> ??? RewriteRule ^\.well-known/caldav?? / [L,R=301]
> ??? RewriteRule ^\.well-known/carddav? / [L,R=301]
>
> ??? RewriteCond? %{REQUEST_FILENAME}? !-f
> ??? RewriteCond? %{REQUEST_FILENAME}? !-d
> ??? RewriteRule? (.*)???????????????? index.php? [qsappend,last]
>
> ??? SetEnv CALDAV???? 1
> ??? SetEnv CARDDAV??? 1
> ??? SetEnv WEBDAV???? 1
> </Directory>
>
>
> On 2/13/20 8:00 AM, Geoff Nordli wrote:
>> It actually seems like an issue with iRony.? I am not getting any 
>> logging in /var/log/iRony/.
>>
>> curl https://server.ca/.well-known/caldav
>>
>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
>> <html><head>
>> <title>404 Not Found</title>
>> </head><body>
>> <h1>Not Found</h1>
>> <p>The requested URL /.well-known/caldav was not found on this 
>> server.</p>
>> </body></html>
>>
>> I have the iRony.conf file in httpd.conf.
>>
>> cat /etc/httpd/conf.d/iRony.conf
>> Alias /iRony?? /usr/share/iRony/public_html
>>
>> <Directory "/usr/share/iRony/public_html/">
>> ??? AllowOverride All
>>
>> ??? <IfModule mod_authz_core.c>
>> ??????? # Apache 2.4
>> ??????? Require all granted
>> ??? </IfModule>
>> ??? <IfModule !mod_authz_core.c>
>> ??????? # Apache 2.2
>> ??????? Order Allow,Deny
>> ??????? Allow from All
>> ??? </IfModule>
>>
>> ??? RewriteEngine On
>> ??? RewriteBase /iRony/
>> ??? RewriteRule ^\.well-known/caldav?? / [R,L]
>> ??? RewriteRule ^\.well-known/carddav? / [R,L]
>>
>> ??? RewriteCond? %{REQUEST_FILENAME}? !-f
>> ??? RewriteCond? %{REQUEST_FILENAME}? !-d
>> ??? RewriteRule? (.*)???????????????? index.php? [qsappend,last]
>>
>> </Directory>
>>
>> I have the dav and authz_core modules loaded:
>>
>> apachectl -M | grep authz_cor
>> ?authz_core_module (shared)
>>
>> apachectl -M | grep dav
>> ?dav_module (shared)
>> ?dav_fs_module (shared)
>> ?dav_lock_module (shared)
>>
>> Any other ideas?
>>
>> thanks,
>>
>> Geoff
>>
>>
>> On 2020-02-12 3:12 p.m., Geoff Nordli wrote:
>>> Hi.
>>>
>>> I am working on getting the calendar/tasks/contacts synced with 
>>> thunderbird.
>>>
>>> When I try to setup the tbsync it is failing.? Does anyone have some 
>>> setup notes on getting it running.
>>>
>>> URL:
>>> https://mail.XXXX?.well-known/caldav (PROPFIND)
>>>
>>> Request:
>>> <d:propfind xmlns:d="DAV:"><d:prop><d:current-user-principal 
>>> /></d:prop></d:propfind>
>>>
>>> Response:
>>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
>>> <html>
>>> <head>
>>> <title>405 Method Not Allowed</title>
>>> </head>
>>> <body>
>>> <h1>Method Not Allowed</h1>
>>> <p>The requested method PROPFIND is not allowed for the URL 
>>> /.well-known/caldav.</p>
>>> </body>
>>> </html>
>>>
>>>
>>> thanks,
>>>
>>> Geoff
>>>
>> _______________________________________________
>> users mailing list
>> users at lists.kolab.org
>> https://lists.kolab.org/mailman/listinfo/users

From geoffn at gnaa.net  Thu Feb 20 04:52:54 2020
From: geoffn at gnaa.net (Geoff Nordli)
Date: Wed, 19 Feb 2020 19:52:54 -0800
Subject: kolab webadmin problems creating user user.u201cmailu201d
Message-ID: <3a14146d-f813-66c6-d589-256308d38e3a@gnaa.net>

Hi.

I am working on disabling the recipient policy.? Somehow I keep getting 
the user.u201cmailu201d show up in an "other" tab in the kolab webadmin.

It is similar to an older kolab post, but I didn't see an answer.

https://webcache.googleusercontent.com/search?q=cache:MfS0pLDEAkgJ:lists.kolab.org/pipermail/users/2014-March/016875.html+&cd=1&hl=en&ct=clnk&gl=ca

When I remove the mail snippet from the sample-insert-user_types.php 
file, then the other tab goes away, but there is no place to enter the 
primary e-mail address.

This is the mail snippet I am using:

 ????????????????? ?mail? => Array(
 ??????????????????????????? ?optional? => true
 ??????????????????????? ),

The only thing I can think of is I made a mistake when I changed the 
sample-insert-user_types.php file and tried to update the fields.? Then 
I corrected the error and applied it again.

any thoughts?

thanks,

Geoff

From catwiesel at gmx.net  Sun Feb 23 15:39:59 2020
From: catwiesel at gmx.net (Matthias Busch)
Date: Sun, 23 Feb 2020 15:39:59 +0100
Subject: Log IPs of IMAP connections (attempts)
Message-ID: <1453bbf5-81d5-df07-7dce-9a5a986d8591@gmx.net>

Hey,

since GUAM is proxying the imap connections, cyrus only ever sees
localhost connections.

Anyone know how to setup guam to log the connections? Mostly looking
towards logging failed attempts with the IP attempting to login.
Want to setup a bruteforce block via fail2ban....

Thanks in advance
Mat

From fmw at cryptix.net  Mon Feb 24 14:50:28 2020
From: fmw at cryptix.net (Florian)
Date: Mon, 24 Feb 2020 14:50:28 +0100
Subject: Alias Domains: transparently deliver to user@parent.domain
Message-ID: <9a5cfd96-2e72-790b-668b-c0135af638c9@cryptix.net>

Hi all

In a setup with alias domains for a parent domain, is there a way to
transparently deliver mail addressed to an alias domain, to the mail
address in the parent domain, without explicitly listing them in a
user's contacts?

Example:

Parent domain: example.com
Aliases: example.org, example.net

deliver user at example.ORG, user at example.NET -> user at example.COM

Regards,
Florian

From ladas at seznam.cz  Mon Feb 24 15:02:55 2020
From: ladas at seznam.cz (Ladislav Slanina)
Date: Mon, 24 Feb 2020 15:02:55 +0100
Subject: Log IPs of IMAP connections (attempts)
In-Reply-To: <1453bbf5-81d5-df07-7dce-9a5a986d8591@gmx.net>
References: <1453bbf5-81d5-df07-7dce-9a5a986d8591@gmx.net>
Message-ID: <2038614.3bjx6eCS66@zbook>

Hi Mat.

A year ago at this place guys sugest me switch guam off and use directly imap. After that logging should work.

Greetings, ladas

> Hey,
> 
> since GUAM is proxying the imap connections, cyrus only ever sees
> localhost connections.
> 
> Anyone know how to setup guam to log the connections? Mostly looking
> towards logging failed attempts with the IP attempting to login.
> Want to setup a bruteforce block via fail2ban....
> 
> Thanks in advance
> Mat
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users
> 




From ladas at seznam.cz  Mon Feb 24 15:06:58 2020
From: ladas at seznam.cz (Ladislav Slanina)
Date: Mon, 24 Feb 2020 15:06:58 +0100
Subject: Outlook active sync Contacts
Message-ID: <3833714.GNvVoo1vLg@zbook>

Hi everybody.

When I configure active sync between Kolab and Outlook2016 I can see at Outlook only one address book folder. Others folders not sync. Is it bug or feature? Calendars and tasks works well. Thanks for any hint.


--
Greetings, ladas


From sruli at saurymper.com  Mon Feb 24 16:41:17 2020
From: sruli at saurymper.com (sruli s)
Date: Mon, 24 Feb 2020 15:41:17 +0000
Subject: Log IPs of IMAP connections (attempts)
In-Reply-To: <2038614.3bjx6eCS66@zbook>
References: <1453bbf5-81d5-df07-7dce-9a5a986d8591@gmx.net>
	<2038614.3bjx6eCS66@zbook>
Message-ID: <2880e051-8775-1bf2-819e-3f2eda469f4f@saurymper.com>

Hi,

What exactly does GUAM add, what do I loose if i turn it off?

Thanks

Sruli

On 24/02/2020 14:02, Ladislav Slanina wrote:
> Hi Mat.
>
> A year ago at this place guys sugest me switch guam off and use directly imap. After that logging should work.
>
> Greetings, ladas
>
>> Hey,
>>
>> since GUAM is proxying the imap connections, cyrus only ever sees
>> localhost connections.
>>
>> Anyone know how to setup guam to log the connections? Mostly looking
>> towards logging failed attempts with the IP attempting to login.
>> Want to setup a bruteforce block via fail2ban....
>>
>> Thanks in advance
>> Mat
>> _______________________________________________
>> users mailing list
>> users at lists.kolab.org
>> https://lists.kolab.org/mailman/listinfo/users
>>
>
>
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.kolab.org/pipermail/users/attachments/20200224/04d71b5c/attachment.sig>

From laskov at festa.bg  Mon Feb 24 20:09:03 2020
From: laskov at festa.bg (Valentin Laskov)
Date: Mon, 24 Feb 2020 21:09:03 +0200
Subject: Log IPs of IMAP connections (attempts)
In-Reply-To: <2880e051-8775-1bf2-819e-3f2eda469f4f@saurymper.com>
References: <1453bbf5-81d5-df07-7dce-9a5a986d8591@gmx.net>
	<2038614.3bjx6eCS66@zbook>
	<2880e051-8775-1bf2-819e-3f2eda469f4f@saurymper.com>
Message-ID: <66eaeca7-bbbd-4681-b8d4-c026e6ac27b7@festa.bg>

Hi,

?? 24.02.2020 ? 17:41, sruli s ??????:
> What exactly does GUAM add, what do I loose if i turn it off?
>
https://users.kolab.narkive.com/Yrd2z5mV/securing-kolab-16-on-centos-7-howto-questions

See bottom of the page

Regards
V

From sruli at saurymper.com  Mon Feb 24 21:32:56 2020
From: sruli at saurymper.com (sruli s)
Date: Mon, 24 Feb 2020 20:32:56 +0000
Subject: Log IPs of IMAP connections (attempts)
In-Reply-To: <66eaeca7-bbbd-4681-b8d4-c026e6ac27b7@festa.bg>
References: <1453bbf5-81d5-df07-7dce-9a5a986d8591@gmx.net>
	<2038614.3bjx6eCS66@zbook>
	<2880e051-8775-1bf2-819e-3f2eda469f4f@saurymper.com>
	<66eaeca7-bbbd-4681-b8d4-c026e6ac27b7@festa.bg>
Message-ID: <d38b506f-8cb2-b8ea-6585-92a653ff46be@saurymper.com>

Thanks for that, the original question however remains, how can I get
the original IP's for bad logins / non-existing accounts?

On 24/02/2020 19:09, Valentin Laskov wrote:
> Hi,
>
> ?? 24.02.2020 ? 17:41, sruli s ??????:
>> What exactly does GUAM add, what do I loose if i turn it off?
>>
> https://users.kolab.narkive.com/Yrd2z5mV/securing-kolab-16-on-centos-7-howto-questions
>
>
> See bottom of the page
>
> Regards
> V
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.kolab.org/pipermail/users/attachments/20200224/2312d57b/attachment.sig>

From laskov at festa.bg  Tue Feb 25 14:08:51 2020
From: laskov at festa.bg (Valentin Laskov)
Date: Tue, 25 Feb 2020 15:08:51 +0200
Subject: Log IPs of IMAP connections (attempts)
In-Reply-To: <d38b506f-8cb2-b8ea-6585-92a653ff46be@saurymper.com>
References: <1453bbf5-81d5-df07-7dce-9a5a986d8591@gmx.net>
	<2038614.3bjx6eCS66@zbook>
	<2880e051-8775-1bf2-819e-3f2eda469f4f@saurymper.com>
	<66eaeca7-bbbd-4681-b8d4-c026e6ac27b7@festa.bg>
	<d38b506f-8cb2-b8ea-6585-92a653ff46be@saurymper.com>
Message-ID: <2e4d2518-d179-ec8e-9c4b-93049bf5a575@festa.bg>

Hello,

?? 24.02.2020 ? 22:32, sruli s ??????:
> Thanks for that, the original question however remains, how can I get
> the original IP's for bad logins / non-existing accounts?
if you decide to stop and disable guam the steps must be (untested ! ) 
as follows:

1. In /etc/cyrus.conf , section SERVICES add new line

imap????????? cmd="imapd"?? listen="imap"??????????? prefork=5

and change line

imaps?????? cmd="imapd -s"? listen="127.0.0.1:9993"??? prefork=5

to

imaps?????? cmd="imapd -s"? listen="imaps" prefork=5

2. execute (in Centos 7) as root

# systemctl stop guam.service
# systemctl restart cyrus-imapd.service

3. Make some tests with mail clients

4. If all is OK and you like the result, execute

# systemctl disable guam.service
# systemctl mask guam.service

If you do not like it, restore /etc/cyrus.conf and restart services above.

5. Optional if you want to move imapd log messages in /var/log/imapd.log 
add in /etc/imapd.conf
syslog_facility: LOCAL6

add in /etc/rsyslog.conf
# Save Cyrus IMAP messages
local6.* /var/log/imapd.log

and execute
# systemctl restart rsyslog.service
# systemctl restart cyrus-imapd.service

Check content of /var/log/imapd.log
Check the existens of /etc/logrotate.d/cyrus-imapd . This is in my 
system where I added compression:

/var/log/imapd.log /var/log/auth.log {
 ??? missingok
 ??? compress
 ??? delaycompress
 ??? compresscmd /bin/bzip2
 ??? compressoptions -9
 ??? compressext .bz2
 ??? sharedscripts
 ??? postrotate
 ??????? /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> 
/dev/null || true
 ??? endscript
}

I hope we are ready :)

Regards
V. Laskov

From dh at dotlan.net  Tue Feb 25 15:31:54 2020
From: dh at dotlan.net (Daniel Hoffend)
Date: Tue, 25 Feb 2020 15:31:54 +0100
Subject: Log IPs of IMAP connections (attempts)
In-Reply-To: <1453bbf5-81d5-df07-7dce-9a5a986d8591@gmx.net>
References: <1453bbf5-81d5-df07-7dce-9a5a986d8591@gmx.net>
Message-ID: <8c14ac83f2d6b3d4ea8d7adc5d176cab@dotlan.net>

Hey Matthias

Currently I don't know of any possbility to turn connection logging on 
in guam. If someone is fluent with erlang they're welcome to join in and 
help us fixing and extending guam in this regard.

For those asking what guam does: Guam is the IMAP Reverse Proxy sitting 
in front of cyrus-imapd. When you're IMAP Clients connects to Kolab and 
listing all the IMAP folders, guam is "hiding" the groupware folders 
(like Calendars, Contacts, etc.) to non-kolab aware clients. Sure you 
can turn guam off and reconfigure cyrus (in cyrus.conf) to start listing 
on :143 and :993 again.

Beware that unware users of your email server don't know nothing about 
the ~9 additional folders. And if they deleting those "strange" email 
folders and objects they could end up losing their contacts or calender 
entries.

Apart from that: Any help with guam is appriciated.

--
Daniel Hoffend


Am 2020-02-23 15:39, schrieb Matthias Busch:
> Hey,
> 
> since GUAM is proxying the imap connections, cyrus only ever sees
> localhost connections.
> 
> Anyone know how to setup guam to log the connections? Mostly looking
> towards logging failed attempts with the IP attempting to login.
> Want to setup a bruteforce block via fail2ban....
> 
> Thanks in advance
> Mat
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users

From dh at dotlan.net  Tue Feb 25 15:37:28 2020
From: dh at dotlan.net (Daniel Hoffend)
Date: Tue, 25 Feb 2020 15:37:28 +0100
Subject: Outlook active sync Contacts
In-Reply-To: <3833714.GNvVoo1vLg@zbook>
References: <3833714.GNvVoo1vLg@zbook>
Message-ID: <bca674041ebaff4ec5989edf33d1dfd6@dotlan.net>

Hi

in Roundcube > Settings > Active Sync > Select Client

you can choose which folders you want to expose via Active Sync. Maybe 
not all of your contact folders are selected initially for your 
synchronization. But be aware that not all clients support multiple 
contact or calendar folders via the active sync protocol.

 From looking at the code the windowsoutlook client might be one of those
https://git.kolab.org/diffusion/S/browse/master/config/config.inc.php.dist$117

Since I'm not using outlook with kolab on daily basis, maybe give 
https://caldavsynchronizer.org a try.


--
Regards
Daniel

Am 2020-02-24 15:06, schrieb Ladislav Slanina:
> Hi everybody.
> 
> When I configure active sync between Kolab and Outlook2016 I can see
> at Outlook only one address book folder. Others folders not sync. Is
> it bug or feature? Calendars and tasks works well. Thanks for any
> hint.
> 
> 
> --
> Greetings, ladas
> 
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users

From laskov at festa.bg  Tue Feb 25 16:07:07 2020
From: laskov at festa.bg (Valentin Laskov)
Date: Tue, 25 Feb 2020 17:07:07 +0200
Subject: Log IPs of IMAP connections (attempts)
In-Reply-To: <8c14ac83f2d6b3d4ea8d7adc5d176cab@dotlan.net>
References: <1453bbf5-81d5-df07-7dce-9a5a986d8591@gmx.net>
	<8c14ac83f2d6b3d4ea8d7adc5d176cab@dotlan.net>
Message-ID: <25505078-b474-5cc0-af23-a4780348b1e3@festa.bg>


?? 25.02.2020 ? 16:31, Daniel Hoffend ??????:
> if they deleting those "strange" email folders and objects they could 
> end up losing their contacts or calender entries.

I guess unexpunge 
<https://www.cyrusimap.org/imap/reference/manpages/systemcommands/unexpunge.html> 
could come into the game in this case. :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20200225/d75c4606/attachment.html>

From ceo at teo-en-ming-corp.com  Tue Feb 25 16:11:00 2020
From: ceo at teo-en-ming-corp.com (Turritopsis Dohrnii Teo En Ming)
Date: Tue, 25 Feb 2020 15:11:00 +0000
Subject: Setting Up Mail Server Operation for CentOS Web Panel Web Hosting
	Control Panel on Amazon AWS Cloud
Message-ID: <SG2PR01MB214118E8ED8F4F67A9A66C2687ED0@SG2PR01MB2141.apcprd01.prod.exchangelabs.com>

Subject: Setting Up Mail Server Operation for CentOS Web Panel Web Hosting Control Panel on Amazon AWS Cloud

Author: Mr. Turritopsis Dohrnii Teo En Ming, Singapore
Date: 25 Feb 2020 Tuesday

PREREQUISITES
=============

Before embarking on this guide, you should read the following guide first.

Guide: Mr. Teo En Ming's Guide to Deploying CentOS Web Panel (CWP) Web Hosting Control Panel on Amazon AWS Cloud

Redundant blog links:

[1] https://tdtemcerts.blogspot.com/2020/02/mr-teo-en-mings-guide-to-deploying.html

[2] https://tdtemcerts.wordpress.com/2020/02/23/mr-teo-en-mings-guide-to-deploying-centos-web-panel-cwp-web-hosting-control-panel-on-amazon-aws-cloud/

EXTREMELY DETAILED INSTRUCTIONS OF TEO EN MING'S GUIDE
======================================================

Teo En Ming's DNS Zone File for domain teo-en-ming.com on Primary DNS Server
============================================================================

$TTL ? ?300
@ ? ? ? IN ? ? ?SOA ? ? ns1.teo-en-ming.com. ceo.teo-en-ming.com. (
? ? ? ? ?2020022502 ? ? ; Serial
? ? ? ? ? ? ?604800 ? ? ; Refresh
? ? ? ? ? ? ? 86400 ? ? ; Retry
? ? ? ? ? ? 2419200 ? ? ; Expire
? ? ? ? ? ? ?604800 ) ? ; Negative Cache TTL
;
; name servers - NS records
? ? ?IN ? ? ?NS ? ? ?ns1.teo-en-ming.com.
? ? ?IN ? ? ?NS ? ? ?ns2.teo-en-ming.com.

; mail servers - MX records
? ? ?IN	 ? ? MX	 ? ? 0		mail.teo-en-ming.com.

; name servers - A records
ns1.teo-en-ming.com. ? ? ? ? ?IN ? ? ?A ? ? ? 13.58.253.162
ns2.teo-en-ming.com. ? ? ? ? ?IN ? ? ?A ? ? ? 3.20.186.205

; mail servers - A records
mail.teo-en-ming.com.	 ? ? ?IN ? ? ?A ? ? ? 3.21.30.127

; Additional A records
www.teo-en-ming.com. ? ? ? ? ?IN ? ? ?A ? ? ? 3.21.30.127
teo-en-ming.com.	 ? ? ?IN ? ? ?A ? ? ? 3.21.30.127

; Sender Policy Framework (SPF) TXT records
teo-en-ming.com.	 ? ? ?IN ? ? ?TXT ? ? "v=spf1 ip4:3.21.30.127 -all"

===EOF===

REFERENCE
=========

Guide: Mail Exchange Record (MX)

Link: https://www.zytrax.com/books/dns/ch8/mx.html

REFERENCE
=========

Guide: How To: Lowering Your DNS TTLs

Link: https://www.liquidweb.com/kb/how-to-lowering-your-dns-ttls/

REFERENCE
=========

Discussion: Postfix: ?Connection timed out? on all outbound email [closed]

Link: https://serverfault.com/questions/585503/postfix-connection-timed-out-on-all-outbound-email

QUOTE:

"For anyone who found this question but is on AWS EC2: outgoing SMTP intentionally rate limited, but you can ask to have it relaxed."

REFERENCE
=========

Discussion: Intermittent exim gmail smtp connection timeout

Link: https://forums.cpanel.net/threads/intermittent-exim-gmail-smtp-connection-timeout.523911/

QUOTE:

"Just an update for anyone with a similar issue - with some fresh eyes and some more googling it sounds like this may be caused by some SMTP rate limitations built into the AWS EC2 network as Spam prevention.

They have a form to register to remove outgoing smtp connection limitations here:

https://aws.amazon.com/forms/ec2-email-limit-rdns-request

I've submitted and will update if this resolves the issues I was seeing."

QUOTE:

"Amazon SMTP traffic management indeed seems to have been the cause. Within a couple of hours of filling out the above form, I got an email confirmation from AWS that "traffic restrictions had been removed" and normal function resumed immediately.

Confusing the matters is that this SMTP traffic management is not documented well (and sometimes with contradicting information). It does not appear to be a hard cap limit, nor does it trigger any notification when it's applied - it actually appears to be a *throttle* on common SMTP ports, triggered by a very small number of connections, beyond which it allows a certain number of connections per/hour - which would absolutely create the kind of "intermittent" connectivity issues I saw (and the odd delivery order of mail in the queue depending on when a retry "won the lottery" to negotiate a connection).

Anyway - I hope that info is of some use to others in the future!"

REFERENCE
=========

Guide: Installing Telnet In CentOS/RHEL/Scientific Linux 6 & 7

Link: https://www.unixmen.com/installing-telnet-centosrhelscientific-linux-6-7/

Amazon Web Services' Reply to Teo En Ming
=========================================

Hello,

We approved your request for the removal of the EC2 email sending limitations on your Amazon Web Services account! If you requested removal of email sending limits on any other Amazon Elastic IPs, they've also been removed.

Because reverse DNS record entries are commonly considered in anti-spam filters, we recommend assigning a reverse DNS record to the Elastic IP address you use to send email to third parties. Please use the form located at this link to request a reverse DNS entry:
https://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/ec2-email-limit-rdns-request

If you'd like to proceed with assigning a reverse DNS record to the Elastic IP, the first step would be to configure the A record for the domain to match the desired PTR record on your side.

Please follow the instructions at the link below to create the A record:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-creating.html

Please let us know if you have any questions.

Regards,
Amazon Web Services

REFERENCE
=========

Guide: How to create an SPF TXT record?

Link: https://www.dmarcanalyzer.com/spf/how-to-create-an-spf-txt-record/

REFERENCE
=========

Guide: Linux BIND DNS Configure Sender Policy Framework ( SPF ) an e-mail Anti Forgery System

Link: https://www.cyberciti.biz/faq/howto-bind-djbdns-spf-antispam-dns-configuration/

Creating New User Account in CentOS Web Panel
=============================================

Login to CentOS Web Panel Admin Panel.

>From the left menu, click on User Accounts, then select New Account.

Domain name: teo-en-ming.com

Username: 

Password:

Admin Email:

Server IPs: 

Package: Default

Reseller: Not checked

Inode: 0

Process limit: 40

Open files: 150

Backup user account: checked

Shell Access: Disabled by default for security reasons: Unchecked

AutoSSL: Domain must be pointed to the server: Unchecked

Click Create.

Setting Up New Email Account
============================

Login to CentOS Web Panel User Panel.

>From the left menu, click Email Accounts, then click Email Accounts.

Click Add a New MailBox.

Email Address: ceo at teo-en-ming.com

Password:

Quota MB: 16000

Click Add.

Using Your New Email Account
============================

Login to Roundcube Webmail.

Click Settings.

>From the left menu, click Identities, then click ceo at teo-en-ming.com

Display Name: Turritopsis Dohrnii Teo En Ming

Click Save.

Congratulations! You can now start using your new email account.













-----BEGIN EMAIL SIGNATURE-----

The Gospel for all Targeted Individuals (TIs):

[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers

Link: https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html

********************************************************************************************



Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020):


[1] https://tdtemcerts.wordpress.com/

[2] https://tdtemcerts.blogspot.sg/

[3] https://www.scribd.com/user/270125049/Teo-En-Ming

-----END EMAIL SIGNATURE-----




From sruli at saurymper.com  Tue Feb 25 17:10:05 2020
From: sruli at saurymper.com (Sruli Saurymper)
Date: Tue, 25 Feb 2020 16:10:05 +0000
Subject: Log IPs of IMAP connections (attempts)
In-Reply-To: <8c14ac83f2d6b3d4ea8d7adc5d176cab@dotlan.net>
References: <1453bbf5-81d5-df07-7dce-9a5a986d8591@gmx.net>
	<8c14ac83f2d6b3d4ea8d7adc5d176cab@dotlan.net>
Message-ID: <00dafa7a-49a5-baf0-1f87-f773f2eadada@saurymper.com>

I have a friend who has written alot with erlang, have asked him to have
look, hopefully he will find some time.

On 25/02/2020 14:31, Daniel Hoffend wrote:
> Hey Matthias
>
> Currently I don't know of any possbility to turn connection logging on
> in guam. If someone is fluent with erlang they're welcome to join in
> and help us fixing and extending guam in this regard.
>
> For those asking what guam does: Guam is the IMAP Reverse Proxy
> sitting in front of cyrus-imapd. When you're IMAP Clients connects to
> Kolab and listing all the IMAP folders, guam is "hiding" the groupware
> folders (like Calendars, Contacts, etc.) to non-kolab aware clients.
> Sure you can turn guam off and reconfigure cyrus (in cyrus.conf) to
> start listing on :143 and :993 again.
>
> Beware that unware users of your email server don't know nothing about
> the ~9 additional folders. And if they deleting those "strange" email
> folders and objects they could end up losing their contacts or
> calender entries.
>
> Apart from that: Any help with guam is appriciated.
>
> -- 
> Daniel Hoffend
>
>
> Am 2020-02-23 15:39, schrieb Matthias Busch:
>> Hey,
>>
>> since GUAM is proxying the imap connections, cyrus only ever sees
>> localhost connections.
>>
>> Anyone know how to setup guam to log the connections? Mostly looking
>> towards logging failed attempts with the IP attempting to login.
>> Want to setup a bruteforce block via fail2ban....
>>
>> Thanks in advance
>> Mat
>> _______________________________________________
>> users mailing list
>> users at lists.kolab.org
>> https://lists.kolab.org/mailman/listinfo/users
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.kolab.org/pipermail/users/attachments/20200225/7cafa205/attachment.sig>

From ladas at seznam.cz  Thu Feb 27 12:15:01 2020
From: ladas at seznam.cz (Ladislav Slanina)
Date: Thu, 27 Feb 2020 12:15:01 +0100
Subject: Outlook questions
In-Reply-To: <5ecd60bd-7ada-97b2-689e-fff05e77eaf4@kolabsys.com>
References: <2385339.xnNWgkVVCr@zbook>
	<5ecd60bd-7ada-97b2-689e-fff05e77eaf4@kolabsys.com>
Message-ID: <2542480.9tsPYXEKYd@zbook>

Good afternoon Mr. Machniak and everybody in the maillist.

I am very sorry for the late answer. But I have more information.
At first I have a long discussin with a guy who maintain windows servers and gave me answers for my questions about exchange functionality. After this discussion I discovered, I try to catch a ghost. Exchange really cannot maintain more than one addressbook per user. When new addressbook as a shared object is created user can see it but cannot set it as outlook addressbook and not possible to sync it by activesync with mobile devices. I thought MS products are a bit better.
So, Kolab + Outlook2016 + caldavsynchronizer.org is a better solution than Exchange. I use Kolab without Guam to be possible to catch IP addresses of bad imap connections by fail2ban and rest of sync is https iRony. And for mobile devices works activesync even with shared folders.

Thanks' everybody who gave me some advice and wish all good luck with Kolab :)
--
Greetings, ladas



Dne ?ter? 25. ?nora 2020 11:31:01 CET jste napsal(a):
> On 25.02.2020 11:20, Ladislav Slanina wrote:
> 
> > So my easy question is: Exist some way how to sync Kolab with Outlook and hold this features? 
> 
> Outlook does not support multiple addressbooks, so I don't know how did
> you get that with Zarafa. For calendars/tasks it should work. You might
> need to change some config options. Make sure to use config as in
> https://git.kolab.org/diffusion/S/browse/master/config/config.inc.php.dist$109
> 
> -- 
> Aleksander Machniak
> Senior Software Engineer
> Kolab Systems AG: https://kolabsystems.com
> PGP: 19359DC1
> 



From ceo at teo-en-ming-corp.com  Thu Feb 27 16:03:00 2020
From: ceo at teo-en-ming-corp.com (Turritopsis Dohrnii Teo En Ming)
Date: Thu, 27 Feb 2020 15:03:00 +0000
Subject: Re-configuring BIND DNS Servers for CentOS Web Panel Web Hosting
	Control Panel on Amazon AWS Cloud
Message-ID: <SG2PR01MB2141E98189D2CCF239F7B73D87EB0@SG2PR01MB2141.apcprd01.prod.exchangelabs.com>

Subject: Re-configuring BIND DNS Servers for CentOS Web Panel Web Hosting Control Panel on Amazon AWS Cloud

Author: Mr. Turritopsis Dohrnii Teo En Ming, Singapore
Date: 27 Feb 2020 Thursday

Rationale for Re-configuration of BIND DNS Servers for CentOS Web Panel
=======================================================================

I have originally followed the approach for cPanel where there are 2 DNS-ONLY servers and one or more cPanel webservers. However, CentOS Web Panel 
implements DNS Clusters differently. Hence I have to re-configure BIND DNS Servers for CentOS Web Panel web hosting control panel.

PREREQUISITES
=============

Part 1 of the series: Mr. Teo En Ming's Guide to Deploying CentOS Web Panel (CWP) Web Hosting Control Panel on Amazon AWS Cloud

Redundant Blogger and Wordpress blog links:

[1] https://tdtemcerts.blogspot.com/2020/02/mr-teo-en-mings-guide-to-deploying.html

[2] https://tdtemcerts.wordpress.com/2020/02/23/mr-teo-en-mings-guide-to-deploying-centos-web-panel-cwp-web-hosting-control-panel-on-amazon-aws-cloud/

Part 2 of the series: Setting Up Mail Server Operation for CentOS Web Panel Web Hosting Control Panel on Amazon AWS Cloud

Redundant Blogger and Wordpress blog links:

[1] https://tdtemcerts.blogspot.com/2020/02/setting-up-mail-server-operation-for.html

[2] https://tdtemcerts.wordpress.com/2020/02/25/setting-up-mail-server-operation-for-centos-web-panel-web-hosting-control-panel-on-amazon-aws-cloud/

THIS guide is Part 3 of the series.

EXTREMELY DETAILED INSTRUCTIONS OF TEO EN MING'S GUIDE
======================================================

Login to Amazon AWS Console.

Setting Up Secondary/Slave DNS Server
=====================================

On the EC2 Dashboard, click Instances.

Click Launch Instance.

Search for centos in the AWS Markpetplace.

Select CentOS 7 (x86_64) - with Updates HVM (free tier eligible).

Click Continue.

Select t2.micro (free tier eligible).

Click Next: Configure Instance Details.

Network: Teo En Ming VPC

Subnet: Public subnet | us-east-2a

Click Protect against accidental termination.

Click Next: Add Storage

Size (GiB): 8

Click Next: Add Tags

Key = Name

Value = slave

Click Next: Configure Security Group

Click Select an existing security group

Select NameServers

Click Review and Launch.

Click Launch.

Select Choose an existing key pair.

Key pair name: cwp

Click Launch Instances.

Click Instances.

Select slave, right click and select Networking > Manage IP Addresses.

Click Allocate an elastic IP to this instance.

Click Allocate.

Click Associate this Elastic IP Address.

Instance: slave

Click Associate.

IPv4 address of Secondary/Slave DNS server is 3.12.224.179

$ ssh -i cwp.pem centos at 3.12.224.179

$ sudo passwd

$ su -

# yum -y update && yum -y install wget

# hostnamectl set-hostname ns2.teo-en-ming.com

# cd /usr/local/src && wget http://centos-webpanel.com/cwp-el7-latest && sh cwp-el7-latest

Started installing CentOS Web Panel at 9:00 PM on 26 Feb 2020 Wed.

Completed installing CentOS Web Panel at 9:05 PM on 26 Feb 2020 Wed.

Total duration: 5 mins.

#############################
# ? ? ?CWP Installed ? ? ? ?#
#############################

Go to CentOS WebPanel Admin GUI at http://SERVER_IP:2030/

http://3.12.224.179:2030
SSL: https://3.12.224.179:2031
---------------------
Username: root
Password: ssh server root password
MySQL root Password: 

#########################################################
? ? ? ? ? CentOS Web Panel MailServer Installer ? ? ? ? ?
#########################################################
SSL Cert name (hostname): ns2.teo-en-ming.com
SSL Cert file location /etc/pki/tls/ private|certs
#########################################################

Visit for help: www.centos-webpanel.com
Write down login details and press ENTER for server reboot!
Please reboot the server!
Reboot command: shutdown -r now

# reboot

REFERENCE
=========

Guide: Slave DNS Server & Manager - DNS Cluster

Link: https://wiki.centos-webpanel.com/slave-dns-server-manager-dns-cluster

REFERENCE
=========

Guide: Slave DNS Server & Manager download version

Link: https://wiki.centos-webpanel.com/slave-dns-server-manager-download-version

Login to the CentOS Web Panel Admin Panel on the Slave.

>From the left menu, click on CWP Settings, then select Edit Settings.

Admin Email: ceo at teo-en-ming-corp.com

Check Activate NAT-ed network configuration.

Click Save Changes.

Create a New Account on the Secondary/Slave DNS Server
======================================================

>From the left menu, click User Accounts, then click New Account.

Domain name: teo-en-ming.com

Username: slave

Package: default

Click Create.

Download Slave DNS Manager and upload it to public_html folder on the Secondary/Slave DNS Server
================================================================================================

ssh -i cwp.pem centos at 3.12.224.179

su -

cd /home/slave/public_html

wget http://dl1.centos-webpanel.com/files/cwp/addons/cwp-slave_dns.zip

unzip cwp-slave_dns.zip

mv slave_dns/* .

rm -f index.html

Fix file permissions on the Slave DNS Server
============================================

chown -R slave.slave /home/slave/public_html/*

MySQL: Create User and Database on the Slave DNS Server
=======================================================

>From the left menu, click SQL Services, then click MySQL Manager.

Click Create Database and User.

New Database for user: slave

Database Name: slave

Click Create Database.

Edit file /home/slave/public_html/inc/db_conn.php.sample and enter your database connection details

# nano /home/slave/public_html/inc/db_conn.php.sample

# mv inc/db_conn.php.sample inc/db_conn.php

# mysql slave_slave < sql/slave_dns.sql

# nano /etc/sudoers.d/slave

slave ?ALL= NOPASSWD: /bin/systemctl start named
slave ?ALL= NOPASSWD: /bin/systemctl stop named
slave ?ALL= NOPASSWD: /bin/systemctl restart named
slave ?ALL= NOPASSWD: /bin/systemctl reload named
slave ?ALL= NOPASSWD: /bin/systemctl status named
slave ?ALL= NOPASSWD: /bin/systemctl is-active named


# touch /etc/named/slave.conf

# chmod 771 /etc/named

# usermod -a -G named slave

# chown slave.named /etc/named/slave.conf

# mkdir /var/named/slave

# chown named.named /var/named/slave

Edit File: /etc/named.conf and add this in options section before closing }

masterfile-format text;

Add after options{} where other include lines are specifed

//Slave dns configuration
include "/etc/named/slave.conf";

Now you can login to Slave DNS Manager GUI by using a domain link of the account you have created.

Go to http://3.12.224.179/~slave/index.php?login

Default login for Slave DNS Manager GUI admin/root
Username: root
Password: FX8QKxvQ
* Please change the default password after the first login

Adding WebServers to Slave DNS Manager
======================================

- On Slave DNS manager GUI create a new user for each server or use a single for all webservers if you plan to transfer accounts from one to another webserver.

Click Add New User.

Username:

Password:

Email:

API Key:

API Secret:

Domain Limit: 1000000

Click Save.

- On Master CentOS Web Panel WebServer go to DNS Functions -> Slave DNS Manager

Buy CWPPro license first. It is only USD$1.49 compared to USD$20 for the license of cPanel. I can't afford to buy the license for cPanel, hence 
I have to settle for CentOS Web Panel.

Then ssh into your Master CentOS Web Panel Webserver.

# sh /scripts/update_cwp

You have successfully upgraded to CWPpro.

On the Master CentOS Web Panel, Go to DNS Functions -> Slave DNS Manager

API Key:

Secret Key:

Base URL: http://3.12.224.179/~slave

Master Server IP's: 3.21.30.127

Click Submit.

Master CentOS Web Panel WebServer configuration
===============================================

Edit File: /etc/named.conf and add this in options section before closing }

//Slave dns configuration
allow-transfer {3.12.224.179;};
allow-recursion {3.12.224.179;};
also-notify {3.12.224.179;};
masterfile-format text;

# named-checkconf

# systemctl restart named

REFERENCE
=========

Guide: How to setup DNS cluster on CWP 1 ? Install DNS Manager

Link: https://opentechy.com/how-to-setup-dns-cluster-on-cwp/

REFERENCE
=========

Guide: How to setup DNS cluster on CWP 2 ? Add webservers to DNS cluster

Link: https://opentechy.com/how-to-setup-dns-cluster-on-cwp-2-add-webservers-to-dns-cluster/

CONFIGURING CUSTOM NAME SERVERS AT YOUR DOMAIN REGISTRAR
========================================================

Go to Advanced Features > Hostnames

Host: ns1 	IP Addresses: 3.21.30.127
Host: ns2	IP Addresses: 3.12.224.179

Nameservers: Using custom nameservers

ns1.teo-en-ming.com

ns2.teo-en-ming.com

CONFIGURING NAME SERVERS ON THE MASTER CENTOS WEB PANEL WEBSERVER
==================================================================

>From the left menu, click DNS Functions, then click Edit Nameservers IPs.

Name Server 1: ns1.teo-en-ming.com	3.21.30.127

Name Server 2: ns2.teo-en-ming.com	3.12.224.179

Click Save changes.

# systemctl restart named

BIND DNS CONFIGURATION ON THE MASTER CENTOS WEB PANEL WEBSERVER
===============================================================

File /etc/named.conf:

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a any DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
	listen-on port 53 { any; };
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	recursing-file ?"/var/named/data/named.recursing";
	secroots-file ? "/var/named/data/named.secroots";
	allow-query ? ? { any; };

	/* 
	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
	 ? recursion. 
	 - If your recursive DNS server has a public IP address, you MUST enable access 
	 ? control to limit queries to your legitimate users. Failing to do so will
	 ? cause your server to become part of large scale DNS amplification 
	 ? attacks. Implementing BCP38 within your network would greatly
	 ? reduce such attack surface 
	*/
//	recursion no;

	dnssec-enable yes;
	dnssec-validation yes;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.root.key";

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";

//Slave dns configuration
allow-transfer {3.12.224.179;};
allow-recursion {3.12.224.179;};
also-notify {3.12.224.179;};
masterfile-format text;
};

logging {
? ? ? ? channel default_debug {
? ? ? ? ? ? ? ? file "data/named.run";
? ? ? ? ? ? ? ? severity dynamic;
? ? ? ? };
};

zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";


zone "ns1.teo-en-ming.com" {type master;file "/var/named/ns1.teo-en-ming.com.db";};
zone "ns2.teo-en-ming.com" {type master;file "/var/named/ns2.teo-en-ming.com.db";};

// zone teo-en-ming.com
zone "teo-en-ming.com" {type master; file "/var/named/teo-en-ming.com.db";};
// zone_end teo-en-ming.com

File /var/named/ns1.teo-en-ming.com.db:


; Panel %version%
; Zone file for ns1.teo-en-ming.com
$TTL 14400
ns1.teo-en-ming.com. ? ? ?86400 ? ? ?IN ? ? ?SOA ? ? ?ns1.teo-en-ming.com. ? ? ?info.centos-webpanel.com. ? ? ?(
? ? ? 				2013071600 ;serial, todays date+todays
? ? ? 				86400 ;refresh, seconds
? ? ? 				7200 ;retry, seconds
? ? ? 				3600000 ;expire, seconds
? ? ? 				86400 ;minimum, seconds
? ? ? )
ns1.teo-en-ming.com. 86400 IN NS ns1.teo-en-ming.com.
ns1.teo-en-ming.com. 86400 IN NS ns2.teo-en-ming.com.
ns1.teo-en-ming.com. 14400 IN A 3.21.30.127

File /var/named/ns2.teo-en-ming.com.db:


; Panel %version%
; Zone file for ns2.teo-en-ming.com
$TTL 14400
ns2.teo-en-ming.com. ? ? ?86400 ? ? ?IN ? ? ?SOA ? ? ?ns1.teo-en-ming.com. ? ? ?info.centos-webpanel.com. ? ? ?(
? ? ? 				2013071600 ;serial, todays date+todays
? ? ? 				86400 ;refresh, seconds
? ? ? 				7200 ;retry, seconds
? ? ? 				3600000 ;expire, seconds
? ? ? 				86400 ;minimum, seconds
? ? ? )
ns2.teo-en-ming.com. 86400 IN NS ns1.teo-en-ming.com.
ns2.teo-en-ming.com. 86400 IN NS ns2.teo-en-ming.com.
ns2.teo-en-ming.com. 14400 IN A 3.12.224.179

File /var/named/teo-en-ming.com.db:

; Generated by CWP
; Zone file for teo-en-ming.com
$TTL 14400
@ ? ?86400 ? ? ? ?IN ? ? ?SOA ? ? ns1.teo-en-ming.com. ceo.teo-en-ming-corp.com. (
				2020022453 ? ? ?; serial, todays date+todays
				3600 ? ? ? ? ? ?; refresh, seconds
				7200 ? ? ? ? ? ?; retry, seconds
				1209600 ? ? ? ? ; expire, seconds
				86400 ) ? ? ? ? ; minimum, seconds
@	86400	IN	NS		ns1.teo-en-ming.com.
@	86400	IN	NS		ns2.teo-en-ming.com.
@ IN A 3.21.30.127
localhost.teo-en-ming.com. IN A 127.0.0.1
@ IN MX 0 teo-en-ming.com.
mail 14400 IN CNAME teo-en-ming.com.
smtp 14400 IN CNAME teo-en-ming.com.
pop ?14400 IN CNAME teo-en-ming.com.
pop3 14400 IN CNAME teo-en-ming.com.
imap 14400 IN CNAME teo-en-ming.com.
webmail 14400 IN A 3.21.30.127
cpanel 14400 IN A 3.21.30.127
cwp 14400 IN A 3.21.30.127
www 14400 IN CNAME teo-en-ming.com.
ftp 14400 IN CNAME teo-en-ming.com.
_dmarc	14400	IN	TXT	"v=DMARC1; p=none"
@	14400	IN	TXT	"v=spf1 +a +mx +ip4:3.21.30.127 ~all"
ns1.teo-en-ming.com. 14400 IN A 3.21.30.127
ns2.teo-en-ming.com. 14400 IN A 3.12.224.179
default._domainkey 14400 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEXk5wQIfKJPjTkkj0yHGX8yIJOOrsOsvAqbqVaEBFBWhRlF7YxyGzchaAdWEVQkozcsWPIL5DgJ7vWBoJIGqfNOT7vO/lStqNcXC+2hYVIF7MTB8i6tBW1/UDEuL8oammKWDq8P9Fpduk6JppV7rtKXeFzrYj35ydIhDIKUABcwIDAQAB"

BIND DNS CONFIGURATION ON THE SLAVE DNS MANAGER
===============================================

File /etc/named.conf:

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a any DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
	listen-on port 53 { any; };
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	recursing-file ?"/var/named/data/named.recursing";
	secroots-file ? "/var/named/data/named.secroots";
	allow-query ? ? { any; };

	/* 
	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
	 ? recursion. 
	 - If your recursive DNS server has a public IP address, you MUST enable access 
	 ? control to limit queries to your legitimate users. Failing to do so will
	 ? cause your server to become part of large scale DNS amplification 
	 ? attacks. Implementing BCP38 within your network would greatly
	 ? reduce such attack surface 
	*/
	recursion no;

	dnssec-enable yes;
	dnssec-validation yes;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.root.key";

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
	
	masterfile-format text;
};

logging {
? ? ? ? channel default_debug {
? ? ? ? ? ? ? ? file "data/named.run";
? ? ? ? ? ? ? ? severity dynamic;
? ? ? ? };
};

zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";


// zone teo-en-ming.com
// zone "teo-en-ming.com" {type master; file "/var/named/teo-en-ming.com.db";};
// zone_end teo-en-ming.com

//Slave dns configuration
include "/etc/named/slave.conf";

File /var/named/teo-en-ming.com.db (WRONG, DON'T USE):

; Generated by CWP
; Zone file for teo-en-ming.com
$TTL 14400
@ ? ?86400 ? ? ? ?IN ? ? ?SOA ? ? ns1.centos-webpanel.com. ceo.teo-en-ming-corp.com. (
				2020022660 ? ? ?; serial, todays date+todays
				3600 ? ? ? ? ? ?; refresh, seconds
				7200 ? ? ? ? ? ?; retry, seconds
				1209600 ? ? ? ? ; expire, seconds
				86400 ) ? ? ? ? ; minimum, seconds
@	86400	IN	NS		ns1.centos-webpanel.com.
@	86400	IN	NS		ns2.centos-webpanel.com.
@ IN A 3.12.224.179
localhost.teo-en-ming.com. IN A 127.0.0.1
@ IN MX 0 teo-en-ming.com.
mail 14400 IN CNAME teo-en-ming.com.
smtp 14400 IN CNAME teo-en-ming.com.
pop ?14400 IN CNAME teo-en-ming.com.
pop3 14400 IN CNAME teo-en-ming.com.
imap 14400 IN CNAME teo-en-ming.com.
webmail 14400 IN A 3.12.224.179
cpanel 14400 IN A 3.12.224.179
cwp 14400 IN A 3.12.224.179
www 14400 IN CNAME teo-en-ming.com.
ftp 14400 IN CNAME teo-en-ming.com.
_dmarc	14400	IN	TXT	"v=DMARC1; p=none"
@	14400	IN	TXT	"v=spf1 +a +mx +ip4:3.12.224.179 ~all"
default._domainkey 14400 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCktDYpEtFO7dyJeErMbjHvyfJYU8RqDeS7WVqQnjH4fP42JSqPmxEFX+QytFTlGqd6ndlz9Tjqi1iZsD0ajB/+0Pkwq/KtL6NVo2TIqnXj8VebV9+FEcx+FGvLA/b5zz+Hfn0Bf+w/2T2bSwUm+tJoHilmANCFGlcGmpO9/lXvAwIDAQAB"

File /etc/named/slave.conf:

zone "teo-en-ming.com" { type slave; file "slave/db.teo-en-ming.com"; masters { 3.21.30.127; };}; //username:enming

That's all folks!















-----BEGIN EMAIL SIGNATURE-----

The Gospel for all Targeted Individuals (TIs):

[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers

Link: https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html

********************************************************************************************



Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020):


[1] https://tdtemcerts.wordpress.com/

[2] https://tdtemcerts.blogspot.sg/

[3] https://www.scribd.com/user/270125049/Teo-En-Ming

-----END EMAIL SIGNATURE-----




From krish.khit at gmail.com  Thu Feb 27 17:24:41 2020
From: krish.khit at gmail.com (Narendra Laga)
Date: Thu, 27 Feb 2020 21:54:41 +0530
Subject: Cyrus connection to the storage failed
Message-ID: <CANL=7-b2MckjHL0mP_3XN5iC0xLTtbYJhGtLswExXcdaKYgO+w@mail.gmail.com>

Hi All,

I had installed kolab recently with Cyrus 2.5.13 version. Currently am
facing couple of issues, could you please share suggestions to accomplish
the issues.

1) I had  issue with IMAP connections, if the the connections reached above
500 we getting  "Connection to the storage failed" on   my roundcube login
page.

2) few times we are getting errors, like "Empty startup greeting
(SSL://localhost:993


Thanks in advance !

Regards,
Narendra L
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20200227/9e0f830f/attachment.html>

From seb at stoffels.io  Thu Feb 27 22:48:12 2020
From: seb at stoffels.io (Sebastiaan)
Date: Fri, 28 Feb 2020 08:48:12 +1100
Subject: How to Unsubscribe from this list
In-Reply-To: <CANL=7-b2MckjHL0mP_3XN5iC0xLTtbYJhGtLswExXcdaKYgO+w@mail.gmail.com>
References: <CANL=7-b2MckjHL0mP_3XN5iC0xLTtbYJhGtLswExXcdaKYgO+w@mail.gmail.com>
Message-ID: <170889f1857.29b2d9155787.7431791669306992447@stoffels.io>

Hi there,

How do I unsub from this list? I no longer use Kolab. The link here: https://lists.kolab.org/mailman/listinfo/users

Does not work and my browser gives me a: PR_IO_TIMEOUT_ERROR on Firefox, and Chrome just times out without any specific error message.



If one of the mods or anyone can help, that would be great.





Seb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20200228/ac471f50/attachment.html>

From laskov at festa.bg  Fri Feb 28 10:32:39 2020
From: laskov at festa.bg (Valentin Laskov)
Date: Fri, 28 Feb 2020 11:32:39 +0200
Subject: guam eats a lot of system resources
Message-ID: <56044eec-1f5c-bd4a-35cb-34523bbd5abd@festa.bg>

Hi all,

I have another guam issue. It eats a lot of system resources and I have 
a lot of kernel messages (dmesg)

 ?Out of memory: Kill process 1067 (beam.smp)

It started this way:
/usr/lib64/erlang/erts-7.3.1.2/bin/beam.smp -Bd -- -root 
/usr/lib64/erlang/lib/kolab_guam-0.9.5 ....

Regards!
Valentin Laskov

?? 24.02.2020 ? 16:02, Ladislav Slanina ??????:
> Hi Mat.
>
> A year ago at this place guys sugest me switch guam off and use directly imap. After that logging should work.
>
> Greetings, ladas
>
>> Hey,
>>
>> since GUAM is proxying the imap connections, cyrus only ever sees
>> localhost connections.
>>
>> Anyone know how to setup guam to log the connections? Mostly looking
>> towards logging failed attempts with the IP attempting to login.
>> Want to setup a bruteforce block via fail2ban....
>>
>> Thanks in advance
>> Mat
>> _______________________________________________
>> users mailing list
>> users at lists.kolab.org
>> https://lists.kolab.org/mailman/listinfo/users
>>
>