> On 05 Feb 2016, at 13:38, Luis Mendes <[email protected]> wrote: > > Hi list, > > This is the first time I try to set up an in-house email solution, so there > are many concepts that are not clear to me, at least yet. I need some help > with this configuration. DKIM and anti-spam measures are not yet considered, > just the basics. > > What I need: > - The MTA to send emails from 'myhost' domain to the world, using TLS with > authentication (it's working) > - Being able to receive email for some accounts: [email protected], > [email protected], others later (not working) > - systems mails to be delivered to mbox as usual in unix like systems. > > The OS is a FreeBSD 10.2 and OpenSMTPD version 5.7.3p1. OpenSMTPD is running > in a jail with IP 192.168.0.8. > > The error message I get everytime I try to send an email for one of the above > mentioned emails: > >>> 550 Invalid recipient > smtp-in: session 99934343 received invalid command: "RCPT > TO:<[email protected]>" > (the complete log is below) > > ------------------------------------ > My configuration: > Files used: > # ls > creds mailname recipients smtpd.conf vdomains > vusers > > # cat smtpd.conf | grep -v '^#' | grep -v '^ *$' > pki myhost.pt certificate "/usr/local/etc/ssl/myhost_wosign_apache.crt" > pki myhost.pt key "/usr/local/etc/ssl/private/myhost_wosign_apache.key" > table aliases file:/etc/mail/aliases > table vusers file:/usr/local/etc/mail/vusers > table vdomains file:/usr/local/etc/mail/vdomains > table creds file:/usr/local/etc/mail/creds > table recipients file:/usr/local/etc/mail/recipients > listen on 192.168.0.8 port smtp tls pki myhost.pt auth-optional > listen on 192.168.0.8 port submission tls-require pki myhost.pt auth <creds> > accept for local alias <aliases> deliver to mbox > accept for domain <vdomains> deliver to maildir > accept from local for any relay > > The /etc/mail/aliases is unchanged. > > # cat vusers > [email protected] [email protected] > > # cat vdomains > myhost.pt > *.myhost.pt > > # cat creds > [email protected] $6$Gp2XcD > > # cat recipients > [email protected] > [email protected] > ------------------------------------ > What is wrong with this? > > About the line "listen on 192.168.0.8 port smtp tls pki myhost.pt > auth-optional" > Does this mean that other servers can relay an email to my MTA through port > 25 with no auth required?
Yes. Auth is OPTIONAL. > And that if I want to use port 25 to send emails, I'll have to authenticate > and use tbs? Yes. > Is both incoming and outgoing configuration specified in the same line? > Seems a bit confusing to me. > > ============= > The complete log of the transaction when an email is sent to > [email protected]: > # cat log.txt > debug: smtp: new client on listener: 0x8028e4000 > smtp: 0x802947000: connected to listener 0x8028e4000 [hostname=myhost.pt, > port=25, tag=] > smtp: 0x802947000: STATE_NEW -> STATE_CONNECTED > smtp-in: session 922ed1201668f9c2: connection from host > mail-ig0-f178.google.com [209.85.213.178] established > smtp: 0x802947000: >>> 220 myhost.pt ESMTP OpenSMTPD > smtp: 0x802947000: <<< EHLO mail-ig0-f178.google.com > smtp: 0x802947000: STATE_CONNECTED -> STATE_HELO > smtp: 0x802947000: >>> 250-myhost.pt Hello mail-ig0-f178.google.com > [209.85.213.178], pleased to meet you > smtp: 0x802947000: >>> 250-8BITMIME > smtp: 0x802947000: >>> 250-ENHANCEDSTATUSCODES > smtp: 0x802947000: >>> 250-SIZE 36700160 > smtp: 0x802947000: >>> 250-DSN > smtp: 0x802947000: >>> 250-STARTTLS > smtp: 0x802947000: >>> 250 HELP > smtp: 0x802947000: <<< STARTTLS > smtp: 0x802947000: >>> 220 2.0.0: Ready to start TLS > smtp: 0x802947000: STATE_HELO -> STATE_TLS > debug: lka: looking up pki "myhost.pt" > debug: session_start_ssl: switching to SSL > debug: pony: rsae_priv_enc > [4/1812] > debug: pony: rsae_init > debug: pony: rsae_init > debug: pony: rsae_pub_dec > debug: pony: rsae_bn_mod_exp > debug: pony: rsae_init > debug: pony: rsae_pub_dec > debug: pony: rsae_bn_mod_exp > debug: pony: rsae_pub_dec > debug: pony: rsae_bn_mod_exp > smtp-in: session 922ed1201668f9c2: TLS started version=TLSv1/SSLv3 (TLSv1.2), > cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128 > debug: certificate 0: len=1156 > debug: certificate chain len: 2 > debug: certificate 1: len=1012 > debug: certificate 2: len=897 > smtp-in: session 922ed1201668f9c2: client certificate verification succeeded > smtp: 0x802947000: STATE_TLS -> STATE_HELO > smtp: 0x802947000: <<< EHLO mail-ig0-f178.google.com > smtp: 0x802947000: STATE_HELO -> STATE_HELO > smtp: 0x802947000: >>> 250-myhost.pt Hello mail-ig0-f178.google.com > [209.85.213.178], pleased to meet you > smtp: 0x802947000: >>> 250-8BITMIME > smtp: 0x802947000: >>> 250-ENHANCEDSTATUSCODES > smtp: 0x802947000: >>> 250-SIZE 36700160 > smtp: 0x802947000: >>> 250-DSN > smtp: 0x802947000: >>> 250-AUTH PLAIN LOGIN > smtp: 0x802947000: >>> 250 HELP > smtp: 0x802947000: <<< MAIL FROM:<[email protected]> SIZE=2323 > debug: smtp: SIZE in MAIL FROM command > smtp: 0x802947000: >>> 250 2.0.0: Ok > smtp: 0x802947000: <<< RCPT TO:<[email protected]> > smtp: 0x802947000: >>> 550 Invalid recipient > smtp-in: session 922ed1201668f9c2: received invalid command: "RCPT > TO:<[email protected]>" > smtp: 0x802947000: <<< QUIT > smtp: 0x802947000: >>> 221 2.0.0: Bye > smtp: 0x802947000: STATE_HELO -> STATE_QUIT > smtp-in: session 922ed1201668f9c2: connection from host > mail-ig0-f178.google.com [209.85.213.178] closed (client sent QUIT) > debug: smtp: 0x802947000: deleting session: done > debug: pony: rsae_finish > debug: pony: rsae_finish > debug: pony: rsae_finish > > > -- You received this mail because you are subscribed to [email protected] To > unsubscribe, send a mail to: [email protected]
