Hi list,
This is the first time I try to set up an in-house email solution, so there are many concepts that are not clear to me, at least yet. I need some help with this configuration. DKIM and anti-spam measures are not yet considered, just the basics.
What I need:
- The MTA to send emails from 'myhost' domain to the world, using TLS with authentication (it's working)
- Being able to receive email for some accounts: [email protected], [email protected], others later (not working)
- systems mails to be delivered to mbox as usual in unix like systems.
The OS is a FreeBSD 10.2 and OpenSMTPD version 5.7.3p1. OpenSMTPD is running in a jail with IP 192.168.0.8.
The error message I get everytime I try to send an email for one of the above mentioned emails:
>>> 550 Invalid recipient
smtp-in: session 99934343 received invalid command: "RCPT TO:<[email protected]>"
smtp-in: session 99934343 received invalid command: "RCPT TO:<[email protected]>"
(the complete log is below)
------------------------------------
My configuration:
Files used:
# ls
creds mailname recipients smtpd.conf vdomains vusers
creds mailname recipients smtpd.conf vdomains vusers
# cat smtpd.conf | grep -v '^#' | grep -v '^ *$'
pki myhost.pt certificate "/usr/local/etc/ssl/myhost_wosign_apache.crt"
pki myhost.pt key "/usr/local/etc/ssl/private/myhost_wosign_apache.key"
table aliases file:/etc/mail/aliases
table vusers file:/usr/local/etc/mail/vusers
table vdomains file:/usr/local/etc/mail/vdomains
table creds file:/usr/local/etc/mail/creds
table recipients file:/usr/local/etc/mail/recipients
listen on 192.168.0.8 port smtp tls pki myhost.pt auth-optional
listen on 192.168.0.8 port submission tls-require pki myhost.pt auth <creds>
accept for local alias <aliases> deliver to mbox
accept for domain <vdomains> deliver to maildir
accept from local for any relay
pki myhost.pt certificate "/usr/local/etc/ssl/myhost_wosign_apache.crt"
pki myhost.pt key "/usr/local/etc/ssl/private/myhost_wosign_apache.key"
table aliases file:/etc/mail/aliases
table vusers file:/usr/local/etc/mail/vusers
table vdomains file:/usr/local/etc/mail/vdomains
table creds file:/usr/local/etc/mail/creds
table recipients file:/usr/local/etc/mail/recipients
listen on 192.168.0.8 port smtp tls pki myhost.pt auth-optional
listen on 192.168.0.8 port submission tls-require pki myhost.pt auth <creds>
accept for local alias <aliases> deliver to mbox
accept for domain <vdomains> deliver to maildir
accept from local for any relay
The /etc/mail/aliases is unchanged.
# cat vdomains
myhost.pt
*.myhost.pt
myhost.pt
*.myhost.pt
# cat creds
[email protected] $6$Gp2XcD
------------------------------------
What is wrong with this?
About the line "listen on 192.168.0.8 port smtp tls pki myhost.pt auth-optional"
Does this mean that other servers can relay an email to my MTA through port 25 with no auth required? And that if I want to use port 25 to send emails, I'll have to authenticate and use tls?
Is both incoming and outgoing configuration specified in the same line? Seems a bit confusing to me.
=============
The complete log of the transaction when an email is sent to [email protected]:
# cat log.txt
debug: smtp: new client on listener: 0x8028e4000
smtp: 0x802947000: connected to listener 0x8028e4000 [hostname=myhost.pt, port=25, tag=]
smtp: 0x802947000: STATE_NEW -> STATE_CONNECTED
smtp-in: session 922ed1201668f9c2: connection from host mail-ig0-f178.google.com [209.85.213.178] established
smtp: 0x802947000: >>> 220 myhost.pt ESMTP OpenSMTPD
smtp: 0x802947000: <<< EHLO mail-ig0-f178.google.com
smtp: 0x802947000: STATE_CONNECTED -> STATE_HELO
smtp: 0x802947000: >>> 250-myhost.pt Hello mail-ig0-f178.google.com [209.85.213.178], pleased to meet you
smtp: 0x802947000: >>> 250-8BITMIME
smtp: 0x802947000: >>> 250-ENHANCEDSTATUSCODES
smtp: 0x802947000: >>> 250-SIZE 36700160
smtp: 0x802947000: >>> 250-DSN
smtp: 0x802947000: >>> 250-STARTTLS
smtp: 0x802947000: >>> 250 HELP
smtp: 0x802947000: <<< STARTTLS
smtp: 0x802947000: >>> 220 2.0.0: Ready to start TLS
smtp: 0x802947000: STATE_HELO -> STATE_TLS
debug: lka: looking up pki "myhost.pt"
debug: session_start_ssl: switching to SSL
debug: smtp: new client on listener: 0x8028e4000
smtp: 0x802947000: connected to listener 0x8028e4000 [hostname=myhost.pt, port=25, tag=]
smtp: 0x802947000: STATE_NEW -> STATE_CONNECTED
smtp-in: session 922ed1201668f9c2: connection from host mail-ig0-f178.google.com [209.85.213.178] established
smtp: 0x802947000: >>> 220 myhost.pt ESMTP OpenSMTPD
smtp: 0x802947000: <<< EHLO mail-ig0-f178.google.com
smtp: 0x802947000: STATE_CONNECTED -> STATE_HELO
smtp: 0x802947000: >>> 250-myhost.pt Hello mail-ig0-f178.google.com [209.85.213.178], pleased to meet you
smtp: 0x802947000: >>> 250-8BITMIME
smtp: 0x802947000: >>> 250-ENHANCEDSTATUSCODES
smtp: 0x802947000: >>> 250-SIZE 36700160
smtp: 0x802947000: >>> 250-DSN
smtp: 0x802947000: >>> 250-STARTTLS
smtp: 0x802947000: >>> 250 HELP
smtp: 0x802947000: <<< STARTTLS
smtp: 0x802947000: >>> 220 2.0.0: Ready to start TLS
smtp: 0x802947000: STATE_HELO -> STATE_TLS
debug: lka: looking up pki "myhost.pt"
debug: session_start_ssl: switching to SSL
debug: pony: rsae_priv_enc [4/1812]
debug: pony: rsae_init
debug: pony: rsae_init
debug: pony: rsae_pub_dec
debug: pony: rsae_bn_mod_exp
debug: pony: rsae_init
debug: pony: rsae_pub_dec
debug: pony: rsae_bn_mod_exp
debug: pony: rsae_pub_dec
debug: pony: rsae_bn_mod_exp
smtp-in: session 922ed1201668f9c2: TLS started version=TLSv1/SSLv3 (TLSv1.2), cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128
debug: certificate 0: len=1156
debug: certificate chain len: 2
debug: certificate 1: len=1012
debug: certificate 2: len=897
smtp-in: session 922ed1201668f9c2: client certificate verification succeeded
smtp: 0x802947000: STATE_TLS -> STATE_HELO
smtp: 0x802947000: <<< EHLO mail-ig0-f178.google.com
smtp: 0x802947000: STATE_HELO -> STATE_HELO
smtp: 0x802947000: >>> 250-myhost.pt Hello mail-ig0-f178.google.com [209.85.213.178], pleased to meet you
smtp: 0x802947000: >>> 250-8BITMIME
smtp: 0x802947000: >>> 250-ENHANCEDSTATUSCODES
smtp: 0x802947000: >>> 250-SIZE 36700160
smtp: 0x802947000: >>> 250-DSN
smtp: 0x802947000: >>> 250-AUTH PLAIN LOGIN
smtp: 0x802947000: >>> 250 HELP
smtp: 0x802947000: <<< MAIL FROM:<[email protected]> SIZE=2323
debug: smtp: SIZE in MAIL FROM command
smtp: 0x802947000: >>> 250 2.0.0: Ok
smtp: 0x802947000: <<< RCPT TO:<[email protected]>
smtp: 0x802947000: >>> 550 Invalid recipient
smtp-in: session 922ed1201668f9c2: received invalid command: "RCPT TO:<[email protected]>"
smtp: 0x802947000: <<< QUIT
smtp: 0x802947000: >>> 221 2.0.0: Bye
smtp: 0x802947000: STATE_HELO -> STATE_QUIT
smtp-in: session 922ed1201668f9c2: connection from host mail-ig0-f178.google.com [209.85.213.178] closed (client sent QUIT)
debug: smtp: 0x802947000: deleting session: done
debug: pony: rsae_finish
debug: pony: rsae_finish
debug: pony: rsae_init
debug: pony: rsae_init
debug: pony: rsae_pub_dec
debug: pony: rsae_bn_mod_exp
debug: pony: rsae_init
debug: pony: rsae_pub_dec
debug: pony: rsae_bn_mod_exp
debug: pony: rsae_pub_dec
debug: pony: rsae_bn_mod_exp
smtp-in: session 922ed1201668f9c2: TLS started version=TLSv1/SSLv3 (TLSv1.2), cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128
debug: certificate 0: len=1156
debug: certificate chain len: 2
debug: certificate 1: len=1012
debug: certificate 2: len=897
smtp-in: session 922ed1201668f9c2: client certificate verification succeeded
smtp: 0x802947000: STATE_TLS -> STATE_HELO
smtp: 0x802947000: <<< EHLO mail-ig0-f178.google.com
smtp: 0x802947000: STATE_HELO -> STATE_HELO
smtp: 0x802947000: >>> 250-myhost.pt Hello mail-ig0-f178.google.com [209.85.213.178], pleased to meet you
smtp: 0x802947000: >>> 250-8BITMIME
smtp: 0x802947000: >>> 250-ENHANCEDSTATUSCODES
smtp: 0x802947000: >>> 250-SIZE 36700160
smtp: 0x802947000: >>> 250-DSN
smtp: 0x802947000: >>> 250-AUTH PLAIN LOGIN
smtp: 0x802947000: >>> 250 HELP
smtp: 0x802947000: <<< MAIL FROM:<[email protected]> SIZE=2323
debug: smtp: SIZE in MAIL FROM command
smtp: 0x802947000: >>> 250 2.0.0: Ok
smtp: 0x802947000: <<< RCPT TO:<[email protected]>
smtp: 0x802947000: >>> 550 Invalid recipient
smtp-in: session 922ed1201668f9c2: received invalid command: "RCPT TO:<[email protected]>"
smtp: 0x802947000: <<< QUIT
smtp: 0x802947000: >>> 221 2.0.0: Bye
smtp: 0x802947000: STATE_HELO -> STATE_QUIT
smtp-in: session 922ed1201668f9c2: connection from host mail-ig0-f178.google.com [209.85.213.178] closed (client sent QUIT)
debug: smtp: 0x802947000: deleting session: done
debug: pony: rsae_finish
debug: pony: rsae_finish
debug: pony: rsae_finish
