On Sun, Dec 02, 2018 at 01:05:56PM +0100, Fran??ois wrote:
> Thanks Gilles for your quick answer.
>
> Based on your recommendations, I have now only this 3 match rules :
>
> match from any mail-from <indesirables> for any reject
> match auth from local action relayer
> match auth from any action distribuer
>
you also need a for on the last rules
not specifying from implies from local,
not specifying for implies for local.
you should most definitely have something along the lines of:
match auth from local for [...]
match auth from auth for [...]
> Below how the server reacts when I try to send an email from my laptop
> connected at the same osmtpd server network to an outside email domain
> (redarmor.net) :
>
> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as NETADDR
> in table static:<anyhost> -> found
> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "redarmor.net" as DOMAIN
> in table static:<anydestination> -> found
> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check ?? [email protected]"
> as MAILADDR in table static:indesirables -> 0
> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as NETADDR
> in table static:<localhost> -> 0
> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as NETADDR
> in table static:<anyhost> -> found
> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "redarmor.net" as DOMAIN
> in table static:<localnames> -> 0
> Dec 2 12:43:12 gabrielle smtpd[1459]: no rule matched
>
> And when I sent an email from outside domain (redarmor.net) to my domain
> (example.org) :
>
> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as
> NETADDR in table static:<anyhost> -> found
> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check ?? example.org" as
> DOMAIN in table static:<anydestination> -> found
> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "[email protected]" as
> MAILADDR in table static:indesirables -> 0
> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as
> NETADDR in table static:<localhost> -> 0
> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as
> NETADDR in table static:<anyhost> -> found
> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check ?? example.org" as
> DOMAIN in table static:<localnames> -> 0
> Dec 2 12:47:02 gabrielle smtpd[1459]: no rule matched
>
> As explained in my first email, this two examples leads to the error message
> result="550 Invalid recipient ??.
>
> I will try a configuration which set explicitly the source for the ?? relayer
> ?? action like this : action ?? relayer" relay src <sources> helo-src
> <helonames> with a table sources set with the local network.
>
> BR, Fran??ois.
>
>
>
>
> > Le 2 d??c. 2018 ?? 12:26, Gilles Chehade <[email protected]> a ??crit :
> >
> > On Sun, Dec 02, 2018 at 11:46:45AM +0100, Fran??ois wrote:
> >> Hello All
> >>
> >> I'm trying to move from Opensmtpd 6.0.2p1 to 6.4.0p2 my email server
> >> hosted at home.
> >> I'm running Linux on Raspberry Pi.
> >>
> >> I didn't face any issue with the release 6.0.2. But after migrated the
> >> smtpd.conf file in 6.4.0p2 format, I'm not able to send or receive emails
> >> properly through smtp protocol.
> >>
> >
> > [...]
> >
> >>
> >> Here after an extract of my smtpd.conf :
> >>
> >> listen on 127.0.0.1
> >> listen on $lan_addr tls-require pki mail.example.org hostname
> >> mail.example.org
> >> listen on $lan_addr smtps pki mail.example.org auth hostname
> >> mail.example.org mask-src
> >> listen on $lan_addr port 587 tls-require pki mail.example.org auth
> >> hostname mail.example.org mask-src
> >>
> >> table aliases file:/etc/aliases
> >> table indesirables { "@qq.com ?? }
> >>
> >> action distribuer mbox alias <aliases>
> >> action relayer relay
> >>
> >> match from any mail-from <indesirables> for any reject
> >> match for local action distribuer
> >> match for any action relayer
> >>
> >> I don't understand my mistake. For information, I compiled the binaries
> >> from the sources, maybe I missed to set something in the Makefile.
> >> Thanks in advance for your support.
> >>
> >
> > The problem is that in 6.0.x authenticated users are considered as local
> > sessions and therefore match you last two rules, but this was not right,
> > it led to some configuration being impossible to express.
> >
> > Starting with 6.4.x, authenticated users are no longer considered local,
> > and rules must explicitly match them:
> >
> > match auth from any [...]
> >
> > The 'auth' criteria is no longer related to the locality, so you're able
> > to write rules that match differently the authenticated users which come
> > from your machine or from others:
> >
> > match auth from local [...]
> > match auth from any [...]
> >
> > Your new ruleset should have one or two additional match rules I guess.
> >
> > Also, while at it, it is now also possible to match non-network sessions
> > with:
> >
> > match from socket [...]
> >
> > This used to only be matched by from local but can now also be matched a
> > bit more precisely.
> >
> >
> > --
> > Gilles Chehade @poolpOrg
> >
> > https://www.poolp.org tip me: https://paypal.me/poolpOrg
> >
> > --
> > You received this mail because you are subscribed to [email protected]
> > To unsubscribe, send a mail to: [email protected]
> >
>
>
> --
> You received this mail because you are subscribed to [email protected]
> To unsubscribe, send a mail to: [email protected]
>
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
