1 Topic by mikenz (edited by mikenz 2021-03-01 13:27:57)

  • mikenz
  • Member
  • Offline
  • Registered: 2021-03-01
  • Posts: 2

Topic: mlmmj bouncing messages - certificate configuration?

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8 MARIADB edition*** but I think I upgraded to 1.3.2 using the upgrade script!
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version: CENTOS 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I recently upgraded from 0.9.8 to 1.3.2 using the upgrade script, which appeared to run without error.  I thought that the upgrade was successful, there is no problem with normal email delivery.  But I just noticed that /etc/iredmail-release has not been updated, I don't know what is going on there, but it may not be related to my current problem.

My email server is small, only used by myself and family, and I host email for a couple of small non-profit organisations that I am involved with.  The server is configured for about 4 domains, each with certificates and DKIM, this has been working well for years.

After the upgrade, I configured an mlmmj email list for a small group of users.  This seemed to work, but when an email is sent to the list the sender often gets a response like:

To: me@domain1.com
From: list@domain2.com
Subject: Bouncing messages from list@domain2.com

Hi, this is the Mlmmj program managing the <volunteers@artforlife.nz>
mailing list.

Some messages to you could not be delivered. If you're seeing this
message it means things are back to normal, and it's merely for your
information.

Here is the list of the bounced messages:
- 2

Firstly it would be nice to know more about the non delivery, what is the "-2" at the end?  The number changes.

In the server mail log, I see (with a few names changed for anonymity):

Feb 28 08:10:01 hostname postfix/10025/smtpd[24458]: connect from localhost[127.0.0.1]
Feb 28 08:10:01 hostname postfix/10025/smtpd[24458]: E995F69C2: client=localhost[127.0.0.1]
Feb 28 08:10:01 hostname postfix/cleanup[24461]: E995F69C2: message-id=<1614499801-24444-mlmmj-4ebd36ab@listdomain>
Feb 28 08:10:01 hostname postfix/qmgr[1513]: E995F69C2: from=<listname+bounces-probe-listusername=gmail.com@listdomain>, size=1726, nrcpt=1 (queue active)
Feb 28 08:10:01 hostname postfix/10025/smtpd[24458]: disconnect from localhost[127.0.0.1]
Feb 28 08:10:01 hostname amavis[22868]: (22868-03) Passed CLEAN {RelayedInternal}, MLMMJ LOCAL [127.0.0.1] <listname+bounces-probe-listusername=gmail.com@listdomain> -> <listusername@gmail.com>, Message-ID: <1614499801-24444-mlmmj-4ebd36ab@listdomain>, mail_id: lr77An8UtpLt, Hits: -, size: 630, queued_as: E995F69C2, dkim_new=dkim:serverdefaultdomain, 241 ms
Feb 28 08:10:02 hostname amavis[22868]: (22868-03) Passed CLEAN, <listname+bounces-probe-listusername=gmail.com@listdomain> -> <listusername@gmail.com>, Hits: -, tag=0, tag2=0, kill=0, queued_as: E995F69C2, L/0/0/0
Feb 28 08:10:03 hostname postfix/smtp[24463]: Trusted TLS connection established to email-smtp.ap-southeast-2.amazonaws.com[54.79.55.21]:587: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 28 08:10:04 hostname postfix/smtp[24463]: E995F69C2: to=<listusername@gmail.com>, relay=email-smtp.ap-southeast-2.amazonaws.com[54.79.55.21]:587, delay=2.4, delays=0.05/0.1/1.4/0.78, dsn=2.0.0, status=sent (250 Ok 01080177e7afa08c-ffaa3568-735f-4449-b768-6267ab0c6d7d-000000)
Feb 28 08:10:04 hostname postfix/qmgr[1513]: E995F69C2: removed

It looks to me like the wrong domain certificate is being used for the email going out from the list.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,787

Re: mlmmj bouncing messages - certificate configuration?

mikenz wrote:

I recently upgraded from 0.9.8 to 1.3.2 using the upgrade script

What "upgrade script" are we talking about? iRedMail doesn't offer such "upgrade script" for upgrading. And /etc/iredmail-release should be updated manually as a remind to tell you which version you're running.

There's no any error in pasted log, no idea why mlmmj bounced.

3 Reply by mikenz (edited by mikenz 2021-03-06 14:48:17)

  • mikenz
  • Member
  • Offline
  • Registered: 2021-03-01
  • Posts: 2

Re: mlmmj bouncing messages - certificate configuration?

To upgrade, I downloaded iRedAdmin-1.2.tar.gz
I ran
tar zxf iRedAdmin-1.2.tar.gz
cd iRedAdmin-1.2/tools/
bash upgrade_iredadmin.sh

I have now got the mlmmj list working, but I had to write an update to the mlmmj source code.

The problem was that I use Amazon SES as a mail delivery service. 

The first problem was that Amazon were bouncing all list emails because they had duplicate 'DKIM-Signature' headers.  This was easily fixed with the addition of a delheaders control file containing  "DKIM-Signature:"

The second problem was more difficult:  Amazon SES is very fussy about the origin of emails, and refuses to send any email where the From: header does not match its approved sender lists.  mlmmj was leaving the From: header untouched, and if (as is generally the case) an email originates from a sender whos is not on the approved list for the Amazon SES account, Amazon bounce the message.  Deleting the From: header allowed emails through, but with (generally) no identification of the sender.

I have added a "mungefrom" option to mlmmj which removes the From: header, and replaces it with a From: header with the list address.  If a Reply-To: header does not exist in the email, then the old From: address is used as a new Reply-To: header.

This seems to be working.

I have not seen any sign that mlmmj is still an actively maintained project, there seem to have been no updates since 2017.   You are welcome to my source code if you want it.

4 Reply by goodcoffee

  • goodcoffee
  • Member
  • Offline
  • Registered: 2020-11-23
  • Posts: 22

Re: mlmmj bouncing messages - certificate configuration?

I have not seen any sign that mlmmj is still an actively maintained project, there seem to have been no updates since 2017.

I'm tagging on this thread, as I'm interested in the status of mlmmj also.

5 Reply by ms2504 (edited by ms2504 2021-03-08 17:24:42)

  • ms2504
  • Member
  • Offline
  • Registered: 2019-06-15
  • Posts: 63

Re: mlmmj bouncing messages - certificate configuration?

mikenz wrote:

To upgrade, I downloaded iRedAdmin-1.2.tar.gz
I ran
tar zxf iRedAdmin-1.2.tar.gz
cd iRedAdmin-1.2/tools/
bash upgrade_iredadmin.sh

There's something not clear.

You can not jump from 0.9.8 to latest release, you must apply every single update from the official list
https://docs.iredmail.org/iredmail.releases.html so update to 0.9.9, update to 1.0 and so on.
Did you apply all the steps?

If not, for sure some sql tables are not updated.

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,787

Re: mlmmj bouncing messages - certificate configuration?

mlmm is not under active development, the original author/maintainers abandoned it.

We have plan to rewrite mlmmj in Golang, but it's not high priority yet.