I have installed Sqirrelmail, Postfix and Dovecot. Sqirrelmail does not relay any errors. There is no incoming or sending of mail.
Where "user1" is the user logged into Sqirrelmail.
Can anyone see my issue?
In var/log/mail.log
Jun 20 18:40:37 ip-172-31-25-194 dovecot: imap-login:
Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=13181, secured, session=
Jun 20 18:40:37 ip-172-31-25-194 dovecot: imap(user1):
Disconnected: Logged out in=44 out=831
Jun 20 18:40:37 ip-172-31-25-194 dovecot: imap-login:
Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=13183, secured, session=
Jun 20 18:40:37 ip-172-31-25-194 dovecot: imap(user1): Disconnected: Logged out in=285 out=1659
Jun 20 18:40:44 ip-172-31-25-194 postfix/smtpd[13184]: connect from localhost[127.0.0.1]
Jun 20 18:40:44 ip-172-31-25-194 postfix/smtpd[13184]: 6090B41CF0: client=localhost[127.0.0.1]
Jun 20 18:40:44 ip-172-31-25-194 postfix/cleanup[13187]: 6090B41CF0: message-id=<6afb833b41b27d476223ad9c04ae5a6c.squirrel#xxxxx.com>
Jun 20 18:40:44 ip-172-31-25-194 postfix/qmgr[29043]: 6090B41CF0: from=, size=699, nrcpt=1 (queue active)
Jun 20 18:40:44 ip-172-31-25-194 postfix/smtpd[13184]: disconnect from localhost[127.0.0.1]
Jun 20 18:40:44 ip-172-31-25-194 dovecot: imap-login:
Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=13189, secured, session=
Jun 20 18:40:44 ip-172-31-25-194 dovecot: imap(user1): Disconnected: Logged out in=600 out=524
Jun 20 18:40:44 ip-172-31-25-194 dovecot: imap-login:
Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=13191, secured, session=
Jun 20 18:40:44 ip-172-31-25-194 dovecot: imap(user1): Disconnected: Logged out in=117 out=1535
Update, I can now send mail to external domains, but not receive from external domains.
But user1#mydomain.com & user2#mydomain.com can send and receive emails to each other.
MX record exists:
10 # mail.mydomain.com 1 Hour
0 # smtp.mydomain.com 1 Hour
doveconf -n
auth_mechanisms = plain login
mail_location = maildir:~/Maildir
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = pop3 imap
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
ssl = no
userdb {
driver = passwd
}
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailbox_size_limit = 0
mydestination = mydomain.com, ip-172-31-25-194.us-west-2.compute.internal, localhost.us-west-2.compute.internal, localhost
myhostname = mydomain.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
queue_directory = /var/spool/postfix
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
Related
I am trying to setup a postfix/dovecot on ubuntu 20.x
After DOVECOT configuration I can connect(thru telnet, from my iPhone using gmail client) to port 143 and get IMAP handshake message, login etc.
BUT I get authentication failed error when connecting to port 993 (from iPhone)
then
I tried telnet 'mymailserver' 993 and get no IMAP handshake message..
Moreover, when i do openssl s_client -connect 'mailserver' 993 , I get the handshake message as expected..
Can someone help ?
Here is my dovecot -n
root#mail:/usr/share/dovecot/protocols.d# dovecot -n
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.7.2 ()
# OS: Linux 5.4.0-131-generic x86_64 Ubuntu 20.04.5 LTS
# Hostname: ****************
auth_mechanisms = plain login
auth_username_format = %n
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = " imap lmtp pop3"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
service submission-login {
inet_listener submission {
port = 587
}
}
ssl = required
ssl_cert = </etc/..../fullchain.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
driver = passwd
}
I'm following the Identity Server 4 Quickstart and I'm having a weird issue even though I followed it step by step.
It says (translated from German) connection denied by target computer.
Whats weird about this is that in the API project "we"(I) said ValidateAudience = false which I thought meant that tokens aren't being validated at all.
// call api
var apiClient = new HttpClient();
apiClient.SetBearerToken(tokenResponse.AccessToken);
var response = await apiClient.GetAsync("https://localhost:6001/identity");
if (!response.IsSuccessStatusCode)
{
Console.WriteLine(response.StatusCode);
}
else
{
var content = await response.Content.ReadAsStringAsync();
Console.WriteLine(JArray.Parse(content));
}
I am truly confused.The Client does get an accessToken so that's not the problem ... I hope.
Github-Repo
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token
[16:15:42 Debug] IdentityServer4.Endpoints.TokenEndpoint
Start token request.
[16:15:42 Debug] IdentityServer4.Validation.ClientSecretValidator
Start client validation
[16:15:42 Debug] IdentityServer4.Validation.BasicAuthenticationSecretParser
Start parsing Basic Authentication secret
[16:15:42 Debug] IdentityServer4.Validation.PostBodySecretParser
Start parsing for secret in post body
[16:15:42 Debug] IdentityServer4.Validation.ISecretsListParser
Parser found secret: PostBodySecretParser
[16:15:42 Debug] IdentityServer4.Validation.ISecretsListParser
Secret id found: client
[16:15:42 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client client succeeded.
[16:15:42 Debug] IdentityServer4.Validation.ISecretsListValidator
Secret validator success: HashedSharedSecretValidator
[16:15:42 Debug] IdentityServer4.Validation.ClientSecretValidator
Client validation success
[16:15:42 Debug] IdentityServer4.Validation.TokenRequestValidator
Start token request validation
[16:15:42 Debug] IdentityServer4.Validation.TokenRequestValidator
Start client credentials token request validation
[16:15:42 Debug] IdentityServer4.Validation.TokenRequestValidator
client credentials token request validation success
[16:15:42 Information] IdentityServer4.Validation.TokenRequestValidator
Token request validation success, {"ClientId": "client", "ClientName": null, "GrantType": "client_credentials", "Scopes": "api1", "AuthorizationCode": null, "RefreshToken": null, "UserName": null, "AuthenticationContextReferenceClasses": null, "Tenant": null, "IdP": null, "Raw": {"grant_type": "client_credentials", "scope": "api1", "client_id": "client", "client_secret": "***REDACTED***"}, "$type": "TokenRequestValidationLog"}
[16:15:42 Debug] IdentityServer4.Services.DefaultClaimsService
Getting claims for access token for client: client
[16:15:42 Debug] IdentityServer4.Endpoints.TokenEndpoint
Token request success.
I think setting ValidateAudience = false will just ignore the audience claim, but still validate the other things in the token.
You can set the IncludeErrorDetails property to true and like this:
.AddJwtBearer(options =>
{
options.Audience = "payment";
options.Authority = "https://localhost:6001/";
//True if token validation errors should be returned to the caller.
options.IncludeErrorDetails = true;
When you set it to True, then you will get more details in the response header, like:
HTTP/1.1 401 Unauthorized
Date: Sun, 02 Aug 2020 11:19:06 GMT
WWW-Authenticate: Bearer error="invalid_token", error_description="The signature is invalid"
To further help you out, please post a sample access token and API configuration (Startup class)
See this article for further details
So in API/Properties/lauchsettings .... when generating the project it used a default sheme and in that sheme it sets a port of 43033 or smth
I am having the below terraform file where I am starting a Nginx server. Terraform is installing Nginx but the Nginx server did not start. I have to manually login to the ec2-machine and start the service. Where am i going wrong?
terraform {
required_version = ">=0.12, <0.13"
}
provider "aws" {
region = "ap-south-1"
}
resource "aws_instance" "ec2-instance" {
ami = "ami-04b2519c83e2a7ea5"
instance_type = "t2.micro"
vpc_security_group_ids = [aws_security_group.web_security.id]
key_name = "kops-keypair"
user_data = <<-EOF
#!/bin/bash
sudo yum update -y
sudo yum install nginx -y
sudo service start nginx
EOF
tags = {
Name = "nginx-instance",
created-date = "22-04-2020"
}
}
resource "aws_security_group" "web_security" {
name = "web-security"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
My bad. The command should be sudo service nginx start
I am hitting an API to get a cookie for authenticating subsequent requests. I need to get the cookie from this collection of response headers:
{
"Server": "Cowboy",
"Connection": "close",
"Set-Cookie": "heroku-session-affinity=ADaDaANoA24IAXtpQOD///8HYgAAKehiAA6V12ECbAAAAAJtAAAABXdlYi4ybQAAAAV3ZWIuMWrNqkap0u4H0uG3Btrtlamaq2nQ5w__; Version=1; Expires=Wed, 11-Jan-2017 01:12:09 GMT; Max-Age=86400; Domain=xxxxxxxx.xxxx.xx; Path=/; HttpOnly",
"X-Powered-By": "Express",
"Vary": "Origin",
"Access-Control-Allow-Credentials": "true",
"Content-Type": "application/json; charset=utf-8",
"Content-Length": "30914",
"Etag": "W/\"78c2-veX2kgrO3zh118nYsOP80A\"",
"Set-Cookie": "connect.sid=s%3ACX3tfhPk9nlRtU8e8gtouQIx1kpP07h9.iExm%2F96Dgzuh289nmjwbYO49E0Bq0WwUHmN539IkudI; Path=/; Expires=Thu, 12 Jan 2017 01:12:09 GMT; HttpOnly",
"Date": "Tue, 10 Jan 2017 01:12:09 GMT",
"Via": "1.1 vegur"
}
I need to get the following cookie:
"connect.sid=s%3ACX3tfhPk9nlRtU8e8gtouQIx1kpP07h9.iExm%2F96Dgzuh289nmjwbYO49E0Bq0WwUHmN539IkudI; Path=/; Expires=Thu, 12 Jan 2017 01:12:09 GMT; HttpOnly"
I want to parse the headers and return that cookie, but the following code only displays the cookie that I don't want:
internal final class CookieParser {
internal static func cookie(from response: HTTPURLResponse) -> HTTPCookie? {
print("\n====> Response: \(response)\n")
guard let url = response.url else { return nil }
guard let headerFields = response.allHeaderFields as? HTTPHeaders else { return nil }
print("\n====> Headers: \(headerFields)\n")
let cookies = HTTPCookie.cookies(withResponseHeaderFields: headerFields, for: url)
print("\n====> Cookies: \(cookies)\n")
return nil
}
}
The code above produces the following output:
====> Response: <NSHTTPURLResponse: 0x60800002e160> { URL: http://xxxxxxxx.xxxx.xx/xxx/xx/xxxxx } { status code: 200, headers {
"Access-Control-Allow-Credentials" = true;
Connection = close;
"Content-Length" = 30914;
"Content-Type" = "application/json; charset=utf-8";
Date = "Tue, 10 Jan 2017 01:12:09 GMT";
Etag = "W/\"78c2-veX2kgrO3zh118nYsOP80A\"";
Server = Cowboy;
"Set-Cookie" = "heroku-session-affinity=ADaDaANoA24IAXtpQOD///8HYgAAKehiAA6V12ECbAAAAAJtAAAABXdlYi4ybQAAAAV3ZWIuMWrNqkap0u4H0uG3Btrtlamaq2nQ5w__; Version=1; Expires=Wed, 11-Jan-2017 01:12:09 GMT; Max-Age=86400; Domain=partners.flye.co; Path=/; HttpOnly";
Vary = Origin;
Via = "1.1 vegur";
"X-Powered-By" = Express;
} }
====> Headers: ["Content-Type": "application/json; charset=utf-8", "Content-Length": "30914", "Connection": "close", "Set-Cookie": "heroku-session-affinity=ADaDaANoA24IAXtpQOD///8HYgAAKehiAA6V12ECbAAAAAJtAAAABXdlYi4ybQAAAAV3ZWIuMWrNqkap0u4H0uG3Btrtlamaq2nQ5w__; Version=1; Expires=Wed, 11-Jan-2017 01:12:09 GMT; Max-Age=86400; Domain=partners.flye.co; Path=/; HttpOnly", "Vary": "Origin", "Etag": "W/\"78c2-veX2kgrO3zh118nYsOP80A\"", "Access-Control-Allow-Credentials": "true", "X-Powered-By": "Express", "Date": "Tue, 10 Jan 2017 01:12:09 GMT", "Via": "1.1 vegur", "Server": "Cowboy"]
====> Cookies: [<NSHTTPCookie version:1 name:"heroku-session-affinity" value:"ADaDaANoA24IAXtpQOD///8HYgAAKehiAA6V12ECbAAAAAJtAAAABXdlYi4ybQAAAAV3ZWIuMWrNqkap0u4H0uG3Btrtlamaq2nQ5w__" expiresDate:2017-01-12 00:41:08 +0000 created:2017-01-11 00:41:08 +0000 sessionOnly:FALSE domain:".partners.flye.co" partition:"none" path:"/" isSecure:FALSE>]
The unwanted Set-Cookie value must be replacing the wanted Set-Cookie value in the dictionary of returned headers. Is there a way that I can retrieve the wanted Set-Cookie value before it is replaced?
I would like to setup a proxy to cache microsoft sharepoint online. However, even getting some progresses, I still could not understand why it is still TCP_MISS.
OS: Centos 7
Squid: initially 3.3.8 (centos default) and upgraded to 3.5.22 later
ssl_bump is utilised for https interception
refresh pattern:
refresh_pattern -i .(xz|rpm) 14400 50% 18000 override-expire override-lastmod ignore-reload ignore-no-cache ignore-private ignore-auth
the test file for downloading is kernel-plus-3.10.0-327.10.1.el7.centos.plus.x86_64.rpm which was uploaded to sharepoint.
with "debug_options 22,70,9", I am getting messages in cache.log as follows:
2016/12/08 16:36:10.383 kid1| ctx: exit level 0
2016/12/08 16:36:10.384 kid1| 22,3| refresh.cc(291) refreshCheck: checking freshness of 'https ://xxx.sharepoint.com/sites/its/itst/int/kernel-plus-3.10.0-327.10.1.el7.centos.plus.x86_64.rpm'
2016/12/08 16:36:10.384 kid1| 22,3| refresh.cc(312) refreshCheck: Matched '.(xz|rpm) 864000 50%% 1080000'
2016/12/08 16:36:10.384 kid1| 22,3| refresh.cc(314) refreshCheck: age: 2225
2016/12/08 16:36:10.384 kid1| 22,3| refresh.cc(316) refreshCheck: check_time: Thu, 08 Dec 2016 21:36:10 GMT
2016/12/08 16:36:10.384 kid1| 22,3| refresh.cc(318) refreshCheck: entry->timestamp: Thu, 08 Dec 2016 20:59:05 GMT
2016/12/08 16:36:10.384 kid1| 22,3| refresh.cc(173) refreshStaleness: STALE: expires 1481230745 < check_time 1481232970
2016/12/08 16:36:10.384 kid1| 22,3| refresh.cc(338) refreshCheck: Staleness = 2225
2016/12/08 16:36:10.384 kid1| 22,3| refresh.cc(362) refreshCheck: YES: Must revalidate stale object (origin set no-cache or private)
2016/12/08 16:36:10.384 kid1| 22,3| refresh.cc(654) getMaxAge: getMaxAge: 'https ://xxx.sharepoint.com/sites/its/itst/int/kernel-plus-3.10.0-327.10.1.el7.centos.plus.x86_64.rpm'
2016/12/08 16:36:12.247 kid1| ctx: enter level 0: 'https ://xxx.sharepoint.com/sites/its/itst/int/kernel-plus-3.10.0-327.10.1.el7.centos.plus.x86_64.rpm'
2016/12/08 16:36:12.247 kid1| 22,3| refresh.cc(291) refreshCheck: checking freshness of 'https ://xxx.sharepoint.com/sites/its/itst/int/kernel-plus-3.10.0-327.10.1.el7.centos.plus.x86_64.rpm'
2016/12/08 16:36:12.247 kid1| 22,3| refresh.cc(312) refreshCheck: Matched '.(xz|rpm) 864000 50%% 1080000'
2016/12/08 16:36:12.247 kid1| 22,3| refresh.cc(314) refreshCheck: age: 63
2016/12/08 16:36:12.247 kid1| 22,3| refresh.cc(316) refreshCheck: check_time: Thu, 08 Dec 2016 21:37:12 GMT
2016/12/08 16:36:12.247 kid1| 22,3| refresh.cc(318) refreshCheck: entry->timestamp: Thu, 08 Dec 2016 21:36:09 GMT
2016/12/08 16:36:12.247 kid1| 22,3| refresh.cc(173) refreshStaleness: STALE: expires 1481232969 < check_time 1481233032
2016/12/08 16:36:12.247 kid1| 22,3| refresh.cc(338) refreshCheck: Staleness = 63
2016/12/08 16:36:12.247 kid1| 22,3| refresh.cc(497) refreshCheck: NO: Serving from cache - even though explicit expiry has passed, we enforce Min value (override-expire option)
2016/12/08 16:36:12.247 kid1| 22,3| http.cc(482) cacheableReply: YES because HTTP status 200
and TCP_MISS in access.log.
my questions are:
1. why did squid refreshcheck twice on one downloading request?
2. I guess that the squid decides to "Serving from cache" in the second refreshcheck, why still TCP_MISS in access.log?
if offline_mode is on, the cache has served the download happily with TCP_OFFLINE_HIT.
Please advise how could I fix the issue.
Thanks in advance.