On Fri, Sep 13, 2019 at 08:04:12PM -0300, marcio_silva wrote:
> Hi all,
>
> I am using Hyperbola distro with the following packages:
>
> * opensmtpd 6.4.2p1
> * dkimproxy 1.4.1
>
> I have installed a mail server to send and receive emails with my own domain
> with the following configurations:
>
> * "smtp.libreware.info" as server
> * "libreware.info" as email address
> * "dusseldorf.libreware.info" as PTR in IPv4
> * "smtp.libreware.info" as PTR in IPv6
>
> Features that works well:
>
> * Accessing to port 587 SMTP+TLS
> * Receiving from itself and from another smtp servers around internet (eg.
> riseup.net emails)
> * Sending emails to itself and another @libreware.info users
>
> Issues:
>
> * Port 25 to send emails has not been tested
> * Localhost network has not been tested
> * Accessing to port 465 (SMTPS) is not working
> * Sending email to another smtp servers (eg. f...@libreware.info ->
> b...@example.com) is not working by generating 550 error (550 Invalid
> recipient)
>
> --------------------
>
> smtpd.conf:
>
> ## This is the smtpd server system-wide configuration file.
> ## See smtpd.conf(5), aliases(5) and table(5) for more information.
>
> ca smtp.libreware.info cert
> '/etc/letsencrypt/archive/libreware.info/chain1.pem'
>
> bounce warn-interval '4h'
>
> mta max-deferred 100
>
> pki smtp.libreware.info cert
> '/etc/letsencrypt/archive/libreware.info/fullchain1.pem'
> pki smtp.libreware.info dhe auto
> pki smtp.libreware.info key
> '/etc/letsencrypt/archive/libreware.info/privkey1.pem'
>
> queue compression
> queue ttl '4d'
>
> smtp ciphers
> 'HIGH:AES128:!aNULL:!kDH:!kPSK:!NULL:!kRSA:!kRSAPSK:SHA:SHA256:SHA384:!TLSv1'
> smtp max-message-size '35M'
> smtp sub-addr-delim '+'
>
> table aliases '/etc/smtpd/tables.d/aliases.conf'
> table credentials '/etc/smtpd/tables.d/credentials.conf'
> table domains '/etc/smtpd/tables.d/domains.conf'
> table hostnames_inet '/etc/smtpd/tables.d/hostnames.conf'
> table virtuals '/etc/smtpd/tables.d/virtuals.conf'
>
>
>
> action deliver_to_inet maildir
> '/var/mail/%{user.username}/inbox' \
> alias <aliases>
> action deliver_to_local maildir
> '/var/mail/%{user.username}/inbox' \
> virtual <virtuals>
> action relay_to_inet_smtp relay
> helo-src <hostnames_inet>
> action relay_to_inet_subm relay
> \
> helo-src <hostnames_inet>
> \
> host
> smtp+tls://la...@smtp.libreware.info:25 \
> auth <credentials>
> action relay_to_inet_subms relay
> \
> helo-src <hostnames_inet>
> \
> host
> smtp+tls://la...@smtp.libreware.info:25 \
> auth <credentials>
> action relay_to_local relay
>
> listen on lo port 24 \
> tag lmtp_local
> listen on eth0 auth-optional <credentials>
> \
> ca smtp.libreware.info \
> hostnames <hostnames_inet> \
> mask-src \
> pki smtp.libreware.info \
> port 25 \
> tag smtp_server_starttls \
> tls-require
> listen on eth0 auth <credentials>
> \
> ca smtp.libreware.info \
> hostnames <hostnames_inet> \
> mask-src \
> pki smtp.libreware.info \
> port 465 \
> smtps \
> tag smtps_submission
> listen on eth0 auth <credentials>
> \
> ca smtp.libreware.info \
> hostnames <hostnames_inet> \
> mask-src \
> pki smtp.libreware.info \
> port 587 \
> tag smtp_submission_starttls \
> tls-require
>
Need to add rules to match authenticated users.
match auth from any for any action ...
match auth from any for domain <domains> action ...
> match for domain <domains> \
> from any \
> action deliver_to_inet
> match for local \
> from local \
> action deliver_to_local
> match for any \
> from local \
> tag lmtp_local \
> action relay_to_local
> match for any \
> from local \
> tag smtp_server_starttls \
> action relay_to_inet_smtp
> match for any \
> from local \
> tag smtp_submission_starttls \
> action relay_to_inet_subm
> match for any \
> from local \
> tag smtps_submission \
> action relay_to_inet_subms
>
> --------------------
>
> DNS Records (with DNSSEC included):
>
> TTL=900
>
> libreware.info A 130.255.76.200
> libreware.info AAAA 2a02:e00:ffec:45c::1
> libreware.info MX 10 smtp.libreware.info
> libreware.info TXT "v=spf1 a mx
> -all"
> smtp.libreware.info A 130.255.76.200
> smtp.libreware.info AAAA 2a02:e00:ffec:45c::7
> smtp.libreware.info MX 10 smtp.libreware.info
> smtp.libreware.info TXT "v=spf1 a mx
> -all"
> dusseldorf.libreware.info A 130.255.76.200
> dusseldorf.libreware.info AAAA 2a02:e00:ffec:45c::1
> dusseldorf.libreware.info MX 10 smtp.libreware.info
> dusseldorf.libreware.info TXT "v=spf1 a mx
> -all"
>
> ..others... TXT "v=spf1 a mx
> -all"
>
> _25._tcp. TLSA 3 1 2 ..sha512hash...
> _25._tcp.smtp TLSA 3 1 2 ..sha512hash...
> _25._tcp.dusseldorf TLSA 3 1 2 ..sha512hash...
> _465.tcp. TLSA 3 1 2 ..sha512hash...
> _465.tcp.smtp TLSA 3 1 2 ..sha512hash...
> _465.tcp.dusseldorf TLSA 3 1 2 ..sha512hash...
> _587.tcp. TLSA 3 1 2 ..sha512hash...
> _587.tcp.smtp TLSA 3 1 2 ..sha512hash...
> _587.tcp.dusseldorf TLSA 3 1 2 ..sha512hash...
> _submission._tcp SRV 10 0 587
> smtp.libreware.info
> _submissions._tcp SRV 10 0 465
> smtp.libreware.info
> dusseldorf._domainkey TXT "v=DKIM1;h=sha256;k=rsa;s=email;p=..."
> _dmarc TXT
> "v=DMARC1;p=quarantine;pct=20;adkim=s;aspf=s;sp=quarantine;rf=afrf;ri=86400;fo=1;rua=mailto=sysad...@libreware.info;ruf=mailto=sysad...@libreware.info;
>
> Note: DMARC has been added to the DNS Records, however it is not being used
> yet
>
> -------------------------
>
> Test 1 - mar...@libreware.info: -> mar...@libreware.info
>
> * Account '/var/mail/marcio': Connecting to SMTP server:
> smtp.libreware.info:587...
> [17:33:08] SMTP< 220 dusseldorf.libreware.info ESMTP OpenSMTPD
> [17:33:08] ESMTP> EHLO smtp.libreware.info
> [17:33:08] ESMTP< 250-dusseldorf.libreware.info Hello smtp.libreware.info
> [167.57.83.20], pleased to meet you
> [17:33:09] ESMTP< 250-8BITMIME
> [17:33:09] ESMTP< 250-ENHANCEDSTATUSCODES
> [17:33:09] ESMTP< 250-SIZE 36700160
> [17:33:09] ESMTP< 250-DSN
> [17:33:09] ESMTP< 250-STARTTLS
> [17:33:09] ESMTP< 250 HELP
> [17:33:09] ESMTP> STARTTLS
> [17:33:09] ESMTP< 220 2.0.0: Ready to start TLS
> [17:33:10] ESMTP> EHLO smtp.libreware.info
> [17:33:10] ESMTP< 250-dusseldorf.libreware.info Hello smtp.libreware.info
> [public_ipv4], pleased to meet you
> [17:33:10] ESMTP< 250-8BITMIME
> [17:33:10] ESMTP< 250-ENHANCEDSTATUSCODES
> [17:33:10] ESMTP< 250-SIZE 36700160
> [17:33:10] ESMTP< 250-DSN
> [17:33:10] ESMTP< 250-AUTH PLAIN LOGIN
> [17:33:10] ESMTP< 250 HELP
> [17:33:10] ESMTP> [AUTH PLAIN]
> [17:33:10] ESMTP< 235 2.0.0: Authentication succeeded
> [17:33:10] ESMTP> MAIL FROM:<mar...@libreware.info> SIZE=989
> [17:33:10] SMTP< 250 2.0.0: Ok
> [17:33:10] SMTP> RCPT TO:<mar...@libreware.info>
> [17:33:11] SMTP< 250 2.1.5 Destination address valid: Recipient ok
> [17:33:11] SMTP> DATA
> [17:33:11] SMTP< 354 Enter mail, end with "." on a line by itself
> [17:33:11] SMTP> . (EOM)
> [17:33:12] SMTP< 250 2.0.0: 9962f78e Message accepted for delivery
> * Mail sent successfully.
> [17:33:12] SMTP> QUIT
> [17:33:12] SMTP< 221 2.0.0: Bye
>
> -----------------------------
>
> Test 2 - mar...@libreware.info -> hyperb...@yopmail.com
>
> * Account '/var/mail/marcio': Connecting to SMTP server:
> smtp.libreware.info:587...
> [17:34:15] SMTP< 220 dusseldorf.libreware.info ESMTP OpenSMTPD
> [17:34:15] ESMTP> EHLO smtp.libreware.info
> [17:34:15] ESMTP< 250-dusseldorf.libreware.info Hello smtp.libreware.info
> [public_ipv4], pleased to meet you
> [17:34:15] ESMTP< 250-8BITMIME
> [17:34:15] ESMTP< 250-ENHANCEDSTATUSCODES
> [17:34:15] ESMTP< 250-SIZE 36700160
> [17:34:15] ESMTP< 250-DSN
> [17:34:15] ESMTP< 250-STARTTLS
> [17:34:15] ESMTP< 250 HELP
> [17:34:15] ESMTP> STARTTLS
> [17:34:16] ESMTP< 220 2.0.0: Ready to start TLS
> [17:34:16] ESMTP> EHLO smtp.libreware.info
> [17:34:17] ESMTP< 250-dusseldorf.libreware.info Hello smtp.libreware.info
> [public_ipv4], pleased to meet you
> [17:34:17] ESMTP< 250-8BITMIME
> [17:34:17] ESMTP< 250-ENHANCEDSTATUSCODES
> [17:34:17] ESMTP< 250-SIZE 36700160
> [17:34:17] ESMTP< 250-DSN
> [17:34:17] ESMTP< 250-AUTH PLAIN LOGIN
> [17:34:17] ESMTP< 250 HELP
> [17:34:17] ESMTP> [AUTH PLAIN]
> [17:34:17] ESMTP< 235 2.0.0: Authentication succeeded
> [17:34:17] ESMTP> MAIL FROM:<mar...@libreware.info> SIZE=989
> [17:34:17] SMTP< 250 2.0.0: Ok
> [17:34:17] SMTP> RCPT TO:<hyperb...@yopmail.com>
> [17:34:18] SMTP< 550 Invalid recipient
> ** error occurred on SMTP session
> *** Error occurred while sending the message:
> 550 Invalid recipient
>
> -----------------------------------
>
> Thank you very much in advance!
> Marcio
>
