rt verification process so I know
what is failing?
I had this working (with verify required) until my certs timed out
recently & I have clearly cocked up something when updating
everything.
Many Thanks
John Cox
that URL and the
tag checkout just worked for me. What happens if you make another new
(temporary) repo with clone and try again?
Regards
John Cox
Hi
>Hi,
>
>I’ve been using a combination of OpenSMTPd and spamd on OpenBSD (currently at
>6.5) for some time and with success. However, there are still some
>false-negatives and I’m looking at ways of reducing those. One way is by
>making use of RBLs.
>
>(I’ve evaluated delivered spam and the m
Hi
>Hello,
>
>I use aliases in an smtpd config and before upgrade to 6.5 it worked fine.
>After upgrade and rewriting config smtpd starts to reject mails
>addressed to aliases with a reason "550 Invalid recipient". What's
>wrong with new config?
>
>/var/log/maillog:
>
>Apr 29 07:01:48 ns1 smtpd[71
Hi
>2019-01-06 16:21 skrev John Cox:
>> Hi
>>
>> I'm using OpenSMTPD 6.4.0
>>
>> I'm (at least) a little confused as to which sort of certs I should
>> put in the pki cert and ca conf file entries (I can cope with the key
>> entry!)
>
:35:16 azathoth smtpd[87479]: 92975635cb3d86a4 mta
disconnected reason=quit messages=1
Where I seems to succeed with tls and then it says that it has failed.
What is going on?
Thanks
John Cox
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
On Mon, 12 Sep 2016 11:11:09 +0200, you wrote:
>>> I’d be up for it. Although I’m still running 5.9 on my mail server, I’m
>>> thinking of upgrading. I knew that filters are experimental (and really to
>>> test the API, not the filters themselves), however I’ve decided to use some
>>> of them a
>> On 6 Sep 2016, at 14:10, Edgar Pettijohn wrote:
>>
>> I'm thinking of starting a support group for others suffering from filter
>> withdrawal. Upgraded to 6.0 over the weekend and went back to using spampd
>> and sieve. Is there any other options besides amavis? I really miss
>> filter-reg
Hi
> [snip]
>yes, the rationale is explained in the commit log:
>
> Only enable SSL_VERIFY_PEER when the verify option is set on a listener.
>
> Always enabling SSL_VERIFY_PEER unnecessarily increases the number of
> messages/bytes in the TLS handshake and increases our attack sur
Hi
>Hi,
>
>I had misunderstood your mail and the issue when I first read this
>so here's a new answer ;-)
>
>
>On Tue, May 17, 2016 at 08:47:09AM +0100, John Cox wrote:
>> Hi
>>
>> Since I upgraded to OpenBSD 5.9 (I think) I've bee
#x27;t obvious to me.
Regards
JC
>
>Regards,
>
>Marcel
>
>
>Am 17.05.2016 um 09:47 schrieb John Cox:
>> Hi
>>
>> Since I upgraded to OpenBSD 5.9 (I think) I've been getting TLS
>> validation errors in the headers:
>>
>> TLS versio
oming)
What does OpenSMTPD use as its default cert store - as far as I can
tell the .conf lacks CAfile or CApath options?
Testing with openssl s_client suggests that my certs are generally in
order
Any clues?
Many thanks
John Cox
Log file:
May 17 08:26:58 azathoth smtpd[18872]: info: OpenSMTPD
Hi
>Hi guys,
>
>I've been running OpenSMTPD for a long time now forwarding mail to my
>gmail account. It's a pretty basic rig - there are just a series of
>forwarding rules, and different @somedomain.com emails get forwarded
>to different @gmail.com emails. I have DKIM, SPF, and even DMARC all
>s
>accept tagged CLAM_OUT for domain virtual relay via \
>lmtp://127.0.0.1
So is this line finally legal?
Earlier versions of opensmtp would not let you mix virtual and relay
via... (it is something I have always wanted and the reason why I am
still running sendmail on my gateway, but opensmtpd
seems the obvious way of
setting up routes like this (which I want to do as well)
Regards
John Cox
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Hi
>This week I upgraded one of my OpenSMTPD email servers to OpenBSD
>5.6/OpenSMTPD 5.4.3 and all of a sudden I started having all kinds of TLS
>cert verification interoperability problems with my existing FreeBSD
>OpenSMTPD 5.4.2 server.
>
>I was pulling my hair out trying to find out what
control -> lka: pipe closed
warn: scheduler -> queue: pipe closed
warn: ca -> control: pipe closed
warn: pony -> lka: pipe closed
#
Is there any other info that would be useful? I think I can make this
happen quite reliably.
Regards
John Cox
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
"mydomain.com" virtual relay
via tls://internal.mydomain.net pki border.mydomain.net verify
however I am not allowed to mix virtual and relay. Is there any
reason for this? And what would be the "approved" method of doing
what I want?
Many thanks
John Cox
--
You received thi
Hi
I have a set of email addresses that I forward on to other external
addresses. I am getting a significant quantity of mail that targets
these adresses but is rejected by the destination (because it is bad);
the bounce message that I generate then fails to deliver because the
sender was faked.
s snapshots here:
>
>http://www.opensmtpd.org/archives/
>
>The OpenSMTPD team ;-)
>
>
>Summary of changes since last snapshot (opensmtpd-201406192203):
>---
>
>- unfuck build on OpenBSD 5.5 ...
At
Hi
>I need block some sender like "bounce--xxx@*" but I would like to
>configure like:
>
>
>table sender_deny { "bounce-*-*@*" }
>
>
>The below case is working well for www-data@*
>
>
>table sender_deny { "www-data@*" }
On Mon, 9 Jun 2014 10:16:43 +0200, you wrote:
>On Mon, Jun 09, 2014 at 08:39:52AM +0100, John Cox wrote:
>> Hi
>>
>> >>That's not correct no, I get plenty of TLS 1.0 trafic and it has been
>> >>the case for many years
>> >
>> >To parr
Hi
>>That's not correct no, I get plenty of TLS 1.0 trafic and it has been
>>the case for many years
>
>To parrot this on all of my various instances OpenSMTPD and not I get tons
>of TLS 1.0 and SSLv3 traffic, I wish I didn't but it still happens. Heck
>every now and again I see SSLv2 attempts whi
illes
>
>
>On Thu, May 15, 2014 at 09:21:04AM +0100, John Cox wrote:
>> Hi
>>
>> It almost works for me on OpenBSD5.5-stable.
>>
>> Compiles, runs, delivers and then dies
>>
>> Many thanks
>>
>> John Cox
>>
>> # smtp
Hi
It almost works for me on OpenBSD5.5-stable.
Compiles, runs, delivers and then dies
Many thanks
John Cox
# smtpd -d -v
debug: init ssl-tree
info: loading pki information for yidhra.outer.uphall.net
info: OpenSMTPD 201405142324 starting
debug: bounce warning after 4h
debug: using &qu
Hi
Having got the snapshot to compile on OpenBSD5.5-stable I tried it
out. I get datalen errors when I try to send mail to it. Any clues?
Everything works OK on 5.4.2. (run output below)
As a probably separate question, what permissions should there be on
/var/spool/smtpd/*? I had to create us
Hi
>On Tue, May 06, 2014 at 10:17:01AM +0100, John Cox wrote:
>> Hi
>>
>> Is it possible to build snapshots on OpenBSD-5.5-Stable (built from
>> source because as far as I can tell the release ISO still contains
>> Heartbleed)?
>>
>> Neither the Ope
point, but I was hopeful theat the portable vsrsion might
be more portable...
I'd like to follow this project and maybe help if I ever have the time
(which is, at the moment, I admit, unlikely) but I really don't have
the time to try and follow OpenBSD-current
Many thanks
John Cox
On Fri, 25 Apr 2014 06:55:48 -0700, you wrote:
>On Thu, Apr 24, 2014 at 11:13 AM, Ashish SHUKLA wrote:
>
>> On Sat, 19 Apr 2014 08:26:59 +0200, Martin Braun
>> said:
>> > Hi
>>
>> > I was thinking about adding DKIM and SPF to my OpenSMTPD setup as I
>> > have previously run with those, but I am
Hi
>On Sat, 19 Apr 2014 08:26:59 +0200, Martin Braun
>said:
>> Hi
>
>> I was thinking about adding DKIM and SPF to my OpenSMTPD setup as I
>> have previously run with those, but I am in doubt.
>
>> I am thinking about the "worth" of those technologies?
>
>> I used to think SPF was a good idea, b
Hi
>User gilles has just rebuilt a master snapshot, available from:
>
>http://www.OpenSMTPD.org/archives/opensmtpd-201403261203.tar.gz
>
>Checksum:
>
> SHA256 (opensmtpd-201403261203.tar.gz) =
> 3fc464a8a26aa3c7adcd1d79e69e2830a2b6ab8ce438d1f70becab11b00dfedb
>
>A summary of the content
>At 02:31 10-03-2014, Marcus MERIGHI wrote:
>>Which to me still seems unfixable as you did not provide anything
>>tangible.
>
>Some people use SPF.
SPF certainly looks like a useful tool for helping with checking
sender identity, but it doesn't look even close to trivial to
implement, and there ma
Hi
>> [snip]
>> Given the similarities in the feel of the conf file to pf.conf I would
>> try to tend towards that (well tested) model where possible to try and
>> keep the confusion for new users as low as possible.
>>
>
>I don't really agree here, the first match approach is much simpler when
>
Hi
>>[snip]
>> as knobs for global default overrides, which can be overriden at the
>> rule level, like we do for "expire"
>
>All good points, and I'm inclined to agree with you that we receive
>some nice granularity by doing it on accept rather than on listen
>(since you've already solved the con
>[snip]
>Well you don't see the issue for your use-case, the issue is that
>for pretty much every other use-case this is not what's desired.
My argument would be that if you don't want that behaviour then you
shouldn't use the modifier, however ...
>We discussed shortly a new kind of rules with e
Hi
>> Is there any chance we could have a rule of the form
>>
>> accept for any virtual no-bounce relay
>>
>> such that if the virtual lookup fails then processing continues to the
>> next line rather than generating a bounce message. This would
>> simplify the generation of forwarding table
Hi
Is there any chance we could have a rule of the form
accept for any virtual no-bounce relay
such that if the virtual lookup fails then processing continues to the
next line rather than generating a bounce message. This would
simplify the generation of forwarding tables.
Maybe
accept f
Hi
> [snip]
>if at the listen-level, we decide that it is not possible to have the
>mechanism apply to a specific domain, it applies to all domains that
>will be match on that interface.
>
> listen on lo0 bounce all-content
> listen on fxp0 bounce headers-only
>
> accept from any for domain
Does this fix my maildir issue?
Thanks
JC
On Thu, 27 Feb 2014 14:23:01 +0100 (CET), you wrote:
>User gilles has just rebuilt a master snapshot, available from:
>
>http://www.OpenSMTPD.org/archives/opensmtpd-201402271419.tar.gz
>
>Checksum:
>
> SHA256 (opensmtpd-201402271419.tar.gz) =
Hi
I have a m/c that receives mail on the border of my domain. It
doesn't want to deliver any mail itself it just wants to deliver to
the mailstore. However it does want to do any required forwarding
and/or rejection to prevent needless internal message traffic (and to
prevent confusion if the m
d (b) can I use
other macros inside a macro?
Many thanks
John Cox
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
ing mail to me without letting them relay onwards.
Also CRL bundles or CRL dirs
Thanks
John Cox
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
ooked and
translated to an IP address via DNS (as em2.example.net) when the
smtpd.conf was parsed or when a message comes in? In either of these
two case I would hope for at least a warning that it couldn't resolve.
Or was it some sort of text match - if so against what?
Many thanks
Joh
sn't any sort of an issue, but I can see it is something
that might be wanted
Many thanks
John Cox
>> I'm clearly missing something here - it seems to me that virtual is a
>> pure superset of alias - why would you ever want to use alias?
>>
>> Thanks
>>
Hi
I'm clearly missing something here - it seems to me that virtual is a
pure superset of alias - why would you ever want to use alias?
Thanks
John Cox
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
like "from
{local, source , $smarthost} for any deliver..." which would
expand to 3 rules like a pf group.
Many thanks
John Cox
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
is there some other auto-magic that forwards it to the right
destination?
Sorry to take up your time, but I'd really like to understand what is
actually meant to happen so I don't waste your time in the future.
Many thanks
John Cox
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
lter - if so
can this be the same table I use for the "virtual" mapping
or is that illegal because it has values too?
I like the look of opensmtpd a lot, but a few more examples in the man
pages or elsewhere with some of the alias & virtual tables populated
might make understanding ex
48 matches
Mail list logo