Re: SSL/TLS

[Herbert J. Skuhra]

On Tue, Jul 28, 2015 at 09:05:24PM +0900, tuyosi wrote:
> 
> 
> On 2015e9407f28f% 20:50, Denis Fondras wrote:
> >>are there open relay when ' accept from local for any relay' is replaced .
> >>
> >Nope !
> >"from local" means that only the machine running OpenSMTPd or any
> >*authenticated* client can relay.
> >
> >Moreover, if no rule is matching then OpenSMTPd rejects the mail (default
> >setting = secure setting)
> >
> kind advice .
> 
> surely       i can     send mail from x...@aoiyuma.mydns.jp to y...@gmail.com 
> .
> 
> 
> strangely  i cannot send mail from Y@gmail                    to
> x...@aoiyuma.mydns.jp .
> ---------
> 
> Delivery to the following recipient failed permanently:
> 
>      tuy...@aoiyuma.mydns.jp
> 
> Technical details of permanent failure:
> Google tried to deliver your message, but it was rejected by the server for 
> the recipient domain aoiyuma.mydns.jp by mail.aoiyuma.mydns.jp. 
> [157.7.208.141].
> 
> The error that the other server returned was:
> 530 5.5.1 Invalid command: Must issue an AUTH command first

You have:

listen on em0 port 25  tls pki mail.aoiyuma.mydns.jp auth

From smtpd.conf(5):

If the auth parameter is used, then a client may only start an SMTP transaction
after a successful authentication. Any remote sender that passed SMTPAUTH is
treated as if it was the server's local user that was sending the mail. This
means that filter rules using from local will be matched. If auth-optional is
specified, then SMTPAUTH is not required to establish an SMTP transaction. This
is only useful to let a listener accept incoming mail from untrusted senders
and outgoing mail from authenticated users in situations where it is not
possible to listen on the submission port.

And I think you want smtps on port 465 not tls!

-- 
Herbert

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org