Hi Gianluca,
Thank you for posting your configs.
Please read below.
> Sent: Friday, February 05, 2016 at 3:01 PM
> From: "Gianluca D.Muscelli" <[email protected]>
> To: "Luis Mendes" <[email protected]>
> Cc: [email protected]
> Subject: Re: Invalid recipient
>
> This is my smtpd.conf, no open relay but with Dkim...
>
> queue compression
> queue encryption key 4icidgph7hgfn6glxbhg50hjgcvvjhvvb85
>
> table aliases db:/etc/mail/aliases.db
> table domains file:/etc/mail/domains
> table users file:/etc/mail/users
> table blacklist-recipients file:/etc/mail/blacklist-recipients
>
> pki mail.example.com[http://mail.example.com] key
"/etc/ssl/private/mail.key"
> pki mail.example.com[http://mail.example.com] certificate
"/etc/ssl/mail.crt"
>
> max-message-size 30M
>
> listen on egress pki mail.example.com[http://mail.example.com]
smtps auth hostname example.com[http://example.com]
> listen on egress pki mail.example.com[http://mail.example.com]
tls-require hostname example.com[http://example.com] mask-source
>
> accept from any \
> recipient !<blacklist-recipients> \
> for domain <domains> \
> virtual <users> \
> deliver to maildir "/var/mail/%{user.username}/Inbox"
>
> accept from any \
> recipient !<blacklist-recipients> \
> for local alias <aliases> \
> deliver to maildir "/var/mail/%{user.username}/Inbox"
My best bet were in the above two rules.
I configured my smtpd.conf with:
"""
#accept from any for domain <vdomains> virtual <vusers> deliver to maildir
"/var/mail/%{user.username}/inbox"
accept from any for domain <vdomains> deliver to maildir
"/var/mail/%{user.username}/inbox"
"""
First with the commented line (using virtual <vusers>), afterwards the second
line, without them.
Then with the following:
"""
accept from any for local alias <aliases> deliver to maildir
"/var/mail/%{user.username}/inbox"
"""
But the error message 550 Invalid recipient shows up once more.
Luis
>
> listen on lo0 hostname example.com[http://example.com]
> listen on lo0 port 10028 tag DKIM hostname
example.com[http://example.com] mask-source
>
> accept tagged DKIM \
> for any \
> relay \
> hostname example.com[http://example.com]
>
> accept from local \
> for any \
> relay via smtp://127.0.0.1:10027
Il giorno 05 feb 2016, alle ore 13:38, Luis Mendes
<[email protected][[email protected]]> ha scritto:
Hi list,
This is the first time I try to set up an in-house email solution, so there are
many concepts that are not clear to me, at least yet. I need some help with
this configuration. DKIM and anti-spam measures are not yet considered, just
the basics.
What I need:
- The MTA to send emails from 'myhost' domain to the world, using TLS with
authentication (it's working)
- Being able to receive email for some accounts:
[email protected][[email protected]], [email protected][[email protected]],
others later (not working)
- systems mails to be delivered to mbox as usual in unix like systems.
The OS is a FreeBSD 10.2 and OpenSMTPD version 5.7.3p1. OpenSMTPD is running
in a jail with IP 192.168.0.8.
The error message I get everytime I try to send an email for one of the above
mentioned emails:
>>> 550 Invalid recipient
smtp-in: session 99934343 received invalid command: "RCPT
TO:<[email protected][[email protected]]>"
(the complete log is below)
------------------------------------
My configuration:
Files used:
# ls
creds mailname recipients smtpd.conf vdomains
vusers
# cat smtpd.conf | grep -v '^#' | grep -v '^ *$'
pki myhost.pt[http://myhost.pt] certificate
"/usr/local/etc/ssl/myhost_wosign_apache.crt"
pki myhost.pt[http://myhost.pt] key
"/usr/local/etc/ssl/private/myhost_wosign_apache.key"
table aliases file:/etc/mail/aliases
table vusers file:/usr/local/etc/mail/vusers
table vdomains file:/usr/local/etc/mail/vdomains
table creds file:/usr/local/etc/mail/creds
table recipients file:/usr/local/etc/mail/recipients
listen on 192.168.0.8 port smtp tls pki myhost.pt[http://myhost.pt]
auth-optional
listen on 192.168.0.8 port submission tls-require pki
myhost.pt[http://myhost.pt] auth <creds>
accept for local alias <aliases> deliver to mbox
accept for domain <vdomains> deliver to maildir
accept from local for any relay
The /etc/mail/aliases is unchanged.
# cat vusers
[email protected][[email protected]]
[email protected][[email protected]]
# cat vdomains
myhost.pt[http://myhost.pt]
*.myhost.pt[http://myhost.pt]
# cat creds
[email protected][[email protected]] $6$Gp2XcD
# cat recipients
[email protected][[email protected]]
[email protected]
------------------------------------
What is wrong with this?
About the line "listen on 192.168.0.8 port smtp tls pki
myhost.pt[http://myhost.pt] auth-optional"
Does this mean that other servers can relay an email to my MTA through port 25
with no auth required? And that if I want to use port 25 to send emails, I'll
have to authenticate and use tls?
Is both incoming and outgoing configuration specified in the same line? Seems
a bit confusing to me.
=============
The complete log of the transaction when an email is sent to
[email protected][[email protected]]:
# cat log.txt
debug: smtp: new client on listener: 0x8028e4000
smtp: 0x802947000: connected to listener 0x8028e4000
[hostname=myhost.pt[http://myhost.pt], port=25, tag=]
smtp: 0x802947000: STATE_NEW -> STATE_CONNECTED
smtp-in: session 922ed1201668f9c2: connection from host
mail-ig0-f178.google.com[http://mail-ig0-f178.google.com] [209.85.213.178]
established
smtp: 0x802947000: >>> 220 myhost.pt[http://myhost.pt] ESMTP OpenSMTPD
smtp: 0x802947000: <<< EHLO
mail-ig0-f178.google.com[http://mail-ig0-f178.google.com]
smtp: 0x802947000: STATE_CONNECTED -> STATE_HELO
smtp: 0x802947000: >>> 250-myhost.pt[http://250-myhost.pt] Hello
mail-ig0-f178.google.com[http://mail-ig0-f178.google.com] [209.85.213.178],
pleased to meet you
smtp: 0x802947000: >>> 250-8BITMIME
smtp: 0x802947000: >>> 250-ENHANCEDSTATUSCODES
smtp: 0x802947000: >>> 250-SIZE 36700160
smtp: 0x802947000: >>> 250-DSN
smtp: 0x802947000: >>> 250-STARTTLS
smtp: 0x802947000: >>> 250 HELP
smtp: 0x802947000: <<< STARTTLS
smtp: 0x802947000: >>> 220 2.0.0: Ready to start TLS
smtp: 0x802947000: STATE_HELO -> STATE_TLS
debug: lka: looking up pki "myhost.pt[http://myhost.pt]";
debug: session_start_ssl: switching to SSL
debug: pony: rsae_priv_enc
[4/1812]
debug: pony: rsae_init
debug: pony: rsae_init
debug: pony: rsae_pub_dec
debug: pony: rsae_bn_mod_exp
debug: pony: rsae_init
debug: pony: rsae_pub_dec
debug: pony: rsae_bn_mod_exp
debug: pony: rsae_pub_dec
debug: pony: rsae_bn_mod_exp
smtp-in: session 922ed1201668f9c2: TLS started version=TLSv1/SSLv3 (TLSv1.2),
cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128
debug: certificate 0: len=1156
debug: certificate chain len: 2
debug: certificate 1: len=1012
debug: certificate 2: len=897
smtp-in: session 922ed1201668f9c2: client certificate verification succeeded
smtp: 0x802947000: STATE_TLS -> STATE_HELO
smtp: 0x802947000: <<< EHLO
mail-ig0-f178.google.com[http://mail-ig0-f178.google.com]
smtp: 0x802947000: STATE_HELO -> STATE_HELO
smtp: 0x802947000: >>> 250-myhost.pt[http://250-myhost.pt] Hello
mail-ig0-f178.google.com[http://mail-ig0-f178.google.com] [209.85.213.178],
pleased to meet you
smtp: 0x802947000: >>> 250-8BITMIME
smtp: 0x802947000: >>> 250-ENHANCEDSTATUSCODES
smtp: 0x802947000: >>> 250-SIZE 36700160
smtp: 0x802947000: >>> 250-DSN
smtp: 0x802947000: >>> 250-AUTH PLAIN LOGIN
smtp: 0x802947000: >>> 250 HELP
smtp: 0x802947000: <<< MAIL FROM:<[email protected][[email protected]]>
SIZE=2323
debug: smtp: SIZE in MAIL FROM command
smtp: 0x802947000: >>> 250 2.0.0: Ok
smtp: 0x802947000: <<< RCPT TO:<[email protected][[email protected]]>
smtp: 0x802947000: >>> 550 Invalid recipient
smtp-in: session 922ed1201668f9c2: received invalid command: "RCPT
TO:<[email protected][[email protected]]>"
smtp: 0x802947000: <<< QUIT
smtp: 0x802947000: >>> 221 2.0.0: Bye
smtp: 0x802947000: STATE_HELO -> STATE_QUIT
smtp-in: session 922ed1201668f9c2: connection from host
mail-ig0-f178.google.com[http://mail-ig0-f178.google.com] [209.85.213.178]
closed (client sent QUIT)
debug: smtp: 0x802947000: deleting session: done
debug: pony: rsae_finish
debug: pony: rsae_finish
debug: pony: rsae_finish
-- You received this mail because you are subscribed to
[email protected][[email protected]] To unsubscribe, send a mail to:
[email protected][[email protected]]
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
