On Sat, Aug 24, 2013 at 11:11:34AM +1200, Richard Procter wrote:
> Hi guys,
>
> Thanks for opensmtpd! Gratifying to see sharp guys
> writing good, and well documented, software.
Thanks!
> Just wanted to give some feedback having sat down this
> morning to play with opensmtpd for the first time.
>
> I started with:
>
> listen on internal port submission tls-require tag submit
> accept tagged submit for domain foo.bar \
> virtual { richard = localusername } deliver to maildir
>
> , which is wonderfully legible and concise.
>
> I expected the accept line to match for tls connections
> to my internal interfaces, but sending to rich...@foo.bar
> was rejected:
>
> smtp-in: New session 00000001ce65d943 from host orchid.internal
> [192.168.1.65]
> debug: session_start_ssl: switching to SSL
> smtp-in: Started TLS on session 00000001ce65d943: version=TLSv1/SSLv3,
> cipher=AES128-SHA, bits=128
> smtp-in: Failed command on session 00000001ce65d943: "RCPT
> TO:<rich...@foo.bar>" => 550 Invalid recipient
> smtp-in: Closing session 00000001ce65d943
> debug: smtp: 0x85d03000: deleting session: done
>
> I would have taken less time to diagnose the problem if
>
> # smtpctl trace rules
>
> explicitly mentioned when no rules matched.
Matching on the tag is not enough if "internal" is not the local machine.
As it is written, your rule matches only locally enqueued mails. What you
want is maybe something like:
listen on internal port submission tls-require
accept from any for domain foo.bar virtual { richard = localusername } \
deliver to maildir
The tag is not necessary in that case, since you only have one listener.
You could also restrict to "from internal", but that won't work directly
unless you specify an IP directly (or set of IPs), because hostnames are
not resolved in the "from" clause.
Eric.
--
You received this email because you are subscribed to the "misc@opensmtpd.org"
list
To unsubscribe, send mail with subject: [misc@opensmtpd.org] unregister
