Thank you for your input Archange, Please see below
On Sun, 20 Sep 2020 03:20:49 +0400 Archange <archa...@activis.me> wrote: > ... > > Just to check something, how are you identifying to the server? Your > current setup implies it is using a system user and password, is that > the case? This is correct. > Other than that, you’re configuration looks very similar to mine. The > other difference I can see is that I know use the more compact `from > auth` instead of `from any auth`, and I seem to remember my former > syntax to be `auth from any` and not `from any auth`, so maybe you could > try one of my two versions? I actually tried both but the error I am getting didn't change. "550 Invalid recipient: <recipi...@gmail.com>" And on sterr "smtp_cert_verify_cb: no-client-cert no rule matched" I wonder if this is somehow related to ipv6. It is a wild guess but I cannot explain why there wouldn't be any client certificate, assuming the client is gmail in this case. Hakan > Le 20/09/2020 à 02:39, Hakan E. Duran a écrit : > > I played around a little bit more and was able to get this error message > > with the command `doas smtpd -d -T rules -v`, which may be a little more > > informative: > > > > > > > > > > 798b98fc3686a31c smtp connected address=111.11.1.111 > > host=111-11-1-111.client.something.com > > debug: looking up pki "mail.name.com" > > debug: session_start_ssl: switching to SSL > > debug: pony: rsae_priv_enc > > 798b98fc3686a31c smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 > > smtp: 0x184169a23000: smtp_cert_verify_cb: no-client-cert > > no rule matched > > 798b98fc3686a31c smtp failed-command command="RCPT > > TO:<recipi...@gmail.com>" result="550 Invalid recipient: > > <recipi...@gmail.com>" > > 798b98fc3686a31c smtp disconnected reason=disconnect > > > > Please notice the more informative line stating: *smtp_cert_verify_cb: > > no-client-cert* > > > > The certificate of concern here cannot be the server's certificate, because > > they are in the right place where smtpd.conf points to. It cannot possibly > > be gmail's certificate either, but that is the client, isn't it? It feels > > like I am hitting a bug here. > > > > Hakan > > > > > > > > On Sat, 19 Sep 2020 12:35:41 -0500 > > "Hakan E. Duran" <ehakandu...@gmail.com> wrote: > > > >> Thank you so much Bryan for your reply. I tried doing it and received a > >> response indicating no rule matched. What am I missing? Here is the > >> complete output of `doas smtpd -d -T rules`: > >> > >> > >> > >> > >> 99d03ce4cb968916 smtp connected address=111.11.1.111 > >> host=111-11-1-111.client.something.com > >> 99d03ce4cb968916 smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 > >> no rule matched > >> 99d03ce4cb968916 smtp failed-command command="RCPT > >> TO:<recipi...@gmail.com>" result="550 Invalid recipient: > >> <recipi...@gmail.com>" > >> 99d03ce4cb968916 smtp disconnected reason=disconnect > >> > >> Thanks again for brainstorming with me. > >> > >> Hakan > >> > >> > >> On Sat, 19 Sep 2020 12:13:06 +0000 > >> br...@sally.org.il wrote: > >> > >>> Hello, > >>> > >>> Maybe I'm crazy but do you want to trace the rules instead of the lookup? > >>> > >>> V/r, > >>> Bryan > >>> September 18, 2020 11:30 PM, "Eyüp Hakan Duran" <ehakandu...@gmail.com > >>> (mailto:ehakandu...@gmail.com?to=%22Ey%C3%BCp%20Hakan%20Duran%22%20<ehakandu...@gmail.com>)> > >>> wrote: > >>> Dear all, > >>> > >>> I am aware that this is most probably a silly oversight on my part but I > >>> would really appreciate gentle guidance to the right direction to > >>> overcome this impasse. I truly appreciate your time. > >>> > >>> I rented a VPS, installed OpenBSD 6.7 and set up a mail server as > >>> described here > >>> (https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/). > >>> I double and triple checked all the settings, including MX records, > >>> reverse DNS, etc. and confirmed everything is resolving. Here is my > >>> redacted smtpd.conf: > >>> > >>> -------- > >>> pki mail.name.com (http://mail.name.com) cert > >>> "/etc/ssl/mail.name.com.fullchain.pem" > >>> pki mail.name.com (http://mail.name.com) key > >>> "/etc/ssl/private/mail.name.com.key" > >>> > >>> filter check_dyndns phase connect match rdns regex { '.*.dyn..*', > >>> '.*.dsl..*' } junk > >>> > >>> filter check_rdns phase connect match !rdns junk > >>> > >>> filter check_fcrdns phase connect match !fcrdns junk > >>> > >>> filter senderscore > >>> proc-exec "filter-senderscore -junkBelow 70 -slowFactor 5000" > >>> > >>> filter rspamd proc-exec "filter-rspamd" > >>> table aliases file:/etc/mail/aliases > >>> > >>> listen on all tls pki mail.kumru.club > >>> filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd } > >>> > >>> listen on all port submission tls-require pki mail.name.com > >>> (http://mail.name.com) auth filter rspamd > >>> > >>> action "local_mail" maildir junk alias <aliases> > >>> action "outbound" relay helo mail.name.com (http://mail.name.com) > >>> > >>> match from any for domain "name.com (http://name.com)" action "local_mail" > >>> match for local action "local_mail" > >>> > >>> match from any auth for any action "outbound" > >>> match for any action "outbound" > >>> > >>> ----------------------- > >>> > >>> There is no problem in sending email from within the VPS. Unfortunately > >>> every time I try to send an email from my local computer and try to use > >>> the smtpd server in VPS as a relay, I get a "550 Invalid recipient: > >>> <recipi...@gmail.com (mailto:recipi...@gmail.com)>"error. > >>> > >>> Here is the output of `doas smtpd -d -T lookup` (redacted): > >>> > >>> ------------------------ > >>> info: OpenSMTPD 6.7.0 starting > >>> 24875097a9b2d457 smtp connected address=111.11.1.111 > >>> host=111-11-1-111.client.something.com > >>> (http://111-11-1-111.client.something.com) > >>> lookup: match "111-11-1-111.client.something.com > >>> (http://111-11-1-111.client.something.com)" as REGEX in table > >>> static:<dynamic:0> -> false > >>> 24875097a9b2d457 smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 > >>> lookup: match "111.11.1.111" as NETADDR in table static:<anyhost> -> true > >>> lookup: match "gmail.com (http://gmail.com)" as DOMAIN in table > >>> static:<dynamic:1> -> false > >>> lookup: match "111.11.1.111" as NETADDR in table static:<localhost> -> > >>> false > >>> lookup: match "111.11.1.111" as NETADDR in table static:<anyhost> -> true > >>> lookup: match "gmail.com (http://gmail.com)" as DOMAIN in table > >>> static:<anydestination> -> true > >>> lookup: match "111.11.1.111" as NETADDR in table static:<localhost> -> > >>> false > >>> 24875097a9b2d457 smtp failed-command command="RCPT > >>> TO:<recipi...@gmail.com (mailto:recipi...@gmail.com)>" result="550 > >>> Invalid recipient: <recipi...@gmail.com (mailto:recipi...@gmail.com)>" > >>> 24875097a9b2d457 smtp disconnected reason=disconnect > >>> ------------------------ > >>> > >>> It appears to my untrained and careless eyes that the sender/recipient > >>> combination fits to the "outbound" ruleset and therefore should be > >>> relayed to gmail's smtp; however, it is clearly not the case. I will > >>> truly appreciate any pointers to solve this issue. > >>> > >>> Regards, > >>> > >>> Hakan Duran > >> > >> -- > >> Hakan E. Duran <ehakandu...@gmail.com> > > -- Hakan E. Duran <ehakandu...@gmail.com>
