I'm currently swamped until this Saturday Can you open an issue on our github account so I can work on a fix hopefully this week-end ?
Gilles On Mon, Jan 30, 2017 at 05:31:50PM +0000, Jason Mann wrote: > Noted. I did wonder if it applied to FreeBSD as it wasn't mentioned in the > man page, but I just tried it to see and it appeared to work. > > Changed to 'bce0' but no difference to the TLS (or lack thereof) behaviour. > > Regards, > Jason > > On 30 January 2017 at 16:29, Dima Panov <[email protected]> wrote: > > > 30.01.17 20:28, Jason Mann ??????????: > > > Here it is: > > > > > > --- smtpd.conf --- > > > ca mail.mydomain.net <http://mail.mydomain.net> certificate > > "/usr/local/etc/letsencrypt/archive/mydomain.net/chain1.pem < > > http://mydomain.net/chain1.pem>" > > > pki mail.mydomain.net <http://mail.mydomain.net> certificate > > "/usr/local/etc/letsencrypt/archive/mydomain.net/cert1.pem < > > http://mydomain.net/cert1.pem>" > > > pki mail.mydomain.net <http://mail.mydomain.net> key > > "/usr/local/etc/letsencrypt/archive/mydomain.net/privkey1.pem < > > http://mydomain.net/privkey1.pem>" > > > pki mail.mydomain.net <http://mail.mydomain.net> dhparams > > "/etc/ssl/dh2048.pem" > > > > > > listen on lo0 hostname localhost > > > > > > listen on egress tls-require hostname mail.mydomain.net < > > http://mail.mydomain.net> > > > > > > > You shouldn't use 'egress' macro for interfaces on FreeBSD, it's an > > OpenBSD feature. > > Describe it with a real interfaces names. > > > > listen on lo0 port 25 filter all tls pki my.server.tld ca my.server.tld > > received-auth > > listen on em0 port 25 filter all tls pki my.server.tld ca my.server.tld > > received-auth > > listen on lo0 port 465 filter all smtps pki my.server.tld ca my.server.tld > > received-auth > > listen on em0 port 465 filter all smtps pki my.server.tld ca my.server.tld > > received-auth > > listen on lo0 port 587 filter sub tls-require pki my.server.tld ca > > my.server.tld received-auth > > listen on em0 port 587 filter sub tls-require pki my.server.tld ca > > my.server.tld received-auth > > > > > table aliases db:/usr/local/etc/mail/aliases.db > > > table vdomains file:/usr/local/etc/mail/virtualdomains > > > table vusers file:/usr/local/etc/mail/virtualusers > > > > > > accept from any for domain <vdomains> virtual <vusers> deliver to maildir > > > accept for local alias <aliases> deliver to maildir > > > accept for any relay > > > --- end smtpd.conf --- > > > > > > virtualdomains just lists three domains I own, while virtualusers maps > > jason@ those domains to my local user. > > > > > > Thanks. > > > > > > Jason > > > > > > On 30 January 2017 at 10:24, Gilles Chehade <[email protected] <mailto: > > [email protected]>> wrote: > > > > > > On Fri, Jan 27, 2017 at 02:41:47PM +0000, Jason Mann wrote: > > > > Hello list. > > > > > > > > I'm trying to configure OpenSMTPD 5.9.2 on a FreeBSD server but > > I'm seeing > > > > anomalous behaviour with one of my listen directives. > > > > > > > > The directive in question is: > > > > > > > > listen on egress tls-require hostname mail.mydomain.net < > > http://mail.mydomain.net> > > > > > > > > My only other listen directive is usual localhost one. > > > > > > > > > > can you show your full config please ? > > > > > > > > > > The smtpd.conf man page states: "tls-require may be used to force > > clients > > > > to establish a secure connection before being allowed to start an > > SMTP > > > > transaction". > > > > > > > > I ran a telnet test against the server to see how the forcing of > > TLS takes > > > > place, but it didn't happen. I was able to manually submit a > > message to > > > > OpenSMTPD without TLS as follows: > > > > > > > > $ telnet a.mx.mydomain.net <http://a.mx.mydomain.net> 25 > > > > Trying xxxx:xxx:xx:xxx::x:xxxx... > > > > Connected to a.mx.mydomain.net <http://a.mx.mydomain.net>. > > > > Escape character is '^]'. > > > > 220 mail.mydomain.net <http://mail.mydomain.net> ESMTP OpenSMTPD > > > > HELO jmann-mbp > > > > 250 mail.mydomain.net <http://mail.mydomain.net> Hello jmann-mbp > > > > [IPv6:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx], > > > > pleased to meet you > > > > MAIL FROM:<jmann@jmann-mbp> > > > > 250 2.0.0: Ok > > > > RCPT TO:<[email protected] <mailto:[email protected]>> > > > > 250 2.1.5 Destination address valid: Recipient ok > > > > DATA > > > > 354 Enter mail, end with "." on a line by itself > > > > From: Jason Mann <jmann@jmann-mbp> > > > > To: Jason Mann <[email protected] <mailto:[email protected]>> > > > > Subject: Test 4 > > > > > > > > This is a test. > > > > . > > > > 250 2.0.0: f20f3998 Message accepted for delivery > > > > QUIT > > > > 221 2.0.0: Bye > > > > > > > > What may be wrong here? > > > > > > > > Kind regards, > > > > > > > > Jason > > > > > > -- > > > Gilles Chehade > > > > > > https://www.poolp.org > > @poolpOrg > > > > > > > > > > > > -- > > Dima Panov ([email protected]) > > (X11, KDE, Office)@FreeBSD team > > > > Facebook: http://www.facebook.com/fluffy.khv > > twitter: fluffy_khv | skype: dima.panov | telegram: @dima_panov > > IRC: fluffy@EFNet, fluffykhv@FreeNode > > > > -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
