23. December 2017

Courier: 556 Address unavailable

Courier Mail Server has many interesting features. One of the features is support for backscatter blacklist. It helps to protect the server from receiving emails which are not possible to deliver (e.g. in case of some problems with recipient’s account).

The common error message in that case is:

Courier: 556 Address unavailable

It’s not very straightforward how should an administrator resolve error 556. Even after fix of user’s account configuration, the message might appear and the Courier won’t accept an email even after restart. It could be even more confusing when Courier accepts email from some subnets, but it returns 556 Address unavailable on other subnets.

The resolution of the problem is simple: fix backscatter database.

Display list of addresses with on backscatter blacklist:

courier show all

Remove problematic address from the list:

courier clear user@domain

You can remove all addresses:

courier clear all

You can find more about backscatter blacklist in Courier’s documentation.

9. December 2015

Thunderbird and Outlook solution of problem with Courier IMAP sslv3 alert illegal parameter

E-mail clients like Thunderbird or Outlook stopped to communicate with Courier IMAP/SMTP/POP TLS after some upgrade.

The only clue in log file was this error message:

courier couriertls: accept: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter

The problem was that certificate for IMAP (/etc/courier/imapd.pem) and /etc/courier/dhparam.pem were containing too short key. The short key was sufficient in past for encrypted communication. Unfortunately maintainers of Debian package forgot to add fix for upgrade.

It is very simple to fix the issue. Just generate DH with sufficient length.

DH_BITS=2048 mkdhparams

This command will update /etc/courier/dhparm.pem.

Make sure to update all pem files in case that they contain DH record.

Restart services and clients should be able to reconnect without problem.

If you still experience some issues with PEM files check out article PEM routines:PEM_read_bio:no start line.

24. July 2014

couriertls: /etc/courier/esmtpd.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line

After upgrade of Linux distribution Courier stopped to accept emails delivered over TLS or SSL.

There was just nice error message in the log file:

couriertls: /etc/courier/esmtpd.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line

Long story short. The problem was in pem file.

Previous versions of Courier-SSL were able to read files with Windows EOL. The new version is failing with this nice error.

Solution is simple: get rid of Windos EOL.

You can use e.g. dos2unix

dos2unix esmptd.pem

Restart services and everything will work :)