Re: OpenSMTPD can't parse smarthost

[gene heskett]

On 5/23/24 14:55, to...@tuxteam.de wrote:

On Thu, May 23, 2024 at 01:50:21PM -0400, Jeffrey Walton wrote:

On Thu, May 23, 2024 at 12:08 PM Paul M Foster  wrote:


On Thu, May 23, 2024 at 12:54:31AM -0400, Jeffrey Walton wrote:
[...]

Also, I think you should be using *.home.arpa, and not *.lan.
home.arpa is reserved for private use by ICANN and the IETF. I suspect
*.lan is not reserved for private use.


On a LAN, you can use anything you like. I've used .mars.lan for decades
with no difficulty.


Another example of off the wall, a coyote was the smartest member of the 
canine's I've ever met. This bitch could do simple arithmetic, barking 
the number of times the answer was. This machine is the best of about 8 
here, so whatever has been on this desk has been "coyote" for nearly 40 
years.  Coyotes have a den so the domainname as FQDN in the hosts file 
is coyote.den, I've had zero problems with that since the late 80's when 
coyote.coyote.den was a full blown Amiga 2000 with a 68040 board in it 
with 64 megs of main memory. Never had a winderz machine in real use. 
Bought a lappy with xp in it when I retired in 2002. put mandrake on it, 
blew away the winderz two weeks later cuz winderz couldn't drive the 
radio but mandrake could. It died of a dead battery over a decade back. 
pi based stuff is moving in and the power bill is going down.



Citation, please.


No need. It just works. Of course, if you have domain names
in your LAN which also is "out there", you won't "see" both.

If your LAN is isolated, you can basically do whatever you
want.

And then there are "special" TLDs (.local, I'm looking at
you) where you'll get lots of fun effects should you decide
to use them (zeroconf, I'm looking at you :-)

That's the why of the above recommendation.

Cheers


Cheers, Gene Heskett, CET.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis

Re: OpenSMTPD can't parse smarthost

[tomas]

On Thu, May 23, 2024 at 03:17:00PM -0400, Jeffrey Walton wrote:

[...]

> > If your LAN is isolated, you can basically do whatever you
> > want.
> 
> And then act surprised when networking breaks :)

You just have to understand what's going on, that's all
> 
> > And then there are "special" TLDs (.local, I'm looking at
> > you) where you'll get lots of fun effects should you decide
> > to use them (zeroconf, I'm looking at you :-)
> 
> I _think_ .local is reserved for mDNS. See
> .

It's a while ago -- I went through this in some $BIGCORP.
Windows ops insisted in having the internal top level as
.local (don't ask :-)

For me it was as easy as kicking out Avahi. For the Mac
users it was... interesting :-)

> It looks like .internal and possibly .private are coming soon. See
> 
> and .

Whatever. Your net, your rules. Just make sure the software
you use plays along (Avahi is fond of .local because of
mDNS, for example).

Cheers
-- 
tomás


signature.asc
Description: PGP signature

Re: OpenSMTPD can't parse smarthost

[Jeffrey Walton]

On Thu, May 23, 2024 at 2:54 PM  wrote:
>
> On Thu, May 23, 2024 at 01:50:21PM -0400, Jeffrey Walton wrote:
> > On Thu, May 23, 2024 at 12:08 PM Paul M Foster  
> > wrote:
> > >
> > > On Thu, May 23, 2024 at 12:54:31AM -0400, Jeffrey Walton wrote:
> > >[...]
> > > > Also, I think you should be using *.home.arpa, and not *.lan.
> > > > home.arpa is reserved for private use by ICANN and the IETF. I suspect
> > > > *.lan is not reserved for private use.
> > >
> > > On a LAN, you can use anything you like. I've used .mars.lan for decades
> > > with no difficulty.
> >
> > Citation, please.
>
> No need. It just works. Of course, if you have domain names
> in your LAN which also is "out there", you won't "see" both.

Perhaps that's why you _can't_ use anything you like; and that's why
you should use domains reserved for private use.

Related reading is Brand TLDs (a/k/a/ Vanity Domains) at
.

> If your LAN is isolated, you can basically do whatever you
> want.

And then act surprised when networking breaks :)

> And then there are "special" TLDs (.local, I'm looking at
> you) where you'll get lots of fun effects should you decide
> to use them (zeroconf, I'm looking at you :-)

I _think_ .local is reserved for mDNS. See
.

It looks like .internal and possibly .private are coming soon. See

and .

Jeff

Re: OpenSMTPD can't parse smarthost

[tomas]

On Thu, May 23, 2024 at 01:50:21PM -0400, Jeffrey Walton wrote:
> On Thu, May 23, 2024 at 12:08 PM Paul M Foster  
> wrote:
> >
> > On Thu, May 23, 2024 at 12:54:31AM -0400, Jeffrey Walton wrote:
> >[...]
> > > Also, I think you should be using *.home.arpa, and not *.lan.
> > > home.arpa is reserved for private use by ICANN and the IETF. I suspect
> > > *.lan is not reserved for private use.
> >
> > On a LAN, you can use anything you like. I've used .mars.lan for decades
> > with no difficulty.
> 
> Citation, please.

No need. It just works. Of course, if you have domain names
in your LAN which also is "out there", you won't "see" both.

If your LAN is isolated, you can basically do whatever you
want.

And then there are "special" TLDs (.local, I'm looking at
you) where you'll get lots of fun effects should you decide
to use them (zeroconf, I'm looking at you :-)

That's the why of the above recommendation.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: OpenSMTPD can't parse smarthost

[Paul M Foster]

On Thu, May 23, 2024 at 01:50:21PM -0400, Jeffrey Walton wrote:

> On Thu, May 23, 2024 at 12:08 PM Paul M Foster  
> wrote:
> >
> > On Thu, May 23, 2024 at 12:54:31AM -0400, Jeffrey Walton wrote:
> >[...]
> > > Also, I think you should be using *.home.arpa, and not *.lan.
> > > home.arpa is reserved for private use by ICANN and the IETF. I suspect
> > > *.lan is not reserved for private use.
> >
> > On a LAN, you can use anything you like. I've used .mars.lan for decades
> > with no difficulty.
> 
> Citation, please.
> 

I have none. But contrary to whatever the Deities Of The Internet say, I've
been successfully using *.mars.lan for decades, and others before that,
like *.venus.lan. On a LAN where addresses are not interenet routable, you are, 
de
facto, able to use what you prefer. As long as your /etc/hosts file and
your router agree, there is no code in any application I'm aware of which
prohibits the practice.

If I ever set up a totally new LAN, I may go with *.home though. Or maybe
*.local, as I've heard Macs like that.

Paul

-- 
Paul M. Foster
Personal Blog: http://noferblatz.com
Company Site: http://quillandmouse.com
Software Projects: https://gitlab.com/paulmfoster

Re: OpenSMTPD can't parse smarthost

[Jeffrey Walton]

On Thu, May 23, 2024 at 12:08 PM Paul M Foster  wrote:
>
> On Thu, May 23, 2024 at 12:54:31AM -0400, Jeffrey Walton wrote:
>[...]
> > Also, I think you should be using *.home.arpa, and not *.lan.
> > home.arpa is reserved for private use by ICANN and the IETF. I suspect
> > *.lan is not reserved for private use.
>
> On a LAN, you can use anything you like. I've used .mars.lan for decades
> with no difficulty.

Citation, please.

Jeff

Re: OpenSMTPD can't parse smarthost

[tomas]

On Thu, May 23, 2024 at 07:53:31AM -0400, Paul M Foster wrote:
> On Thu, May 23, 2024 at 12:54:31AM -0400, Jeffrey Walton wrote:
> 
> > On Thu, May 23, 2024 at 12:43 AM Paul M Foster  
> > wrote:
> 
> [snip]
> > 
> > On the video server, run nslookup and see if it can resolve 
> > yosemite.mars.lan.
> 
> Nslookup fails. However, yosemite.mars.lan is in the hosts file and you
> can successfully ping it. It has a fixed (local) IP, which was set in the
> router. I don't understand why nslookup fails when buckaroo knows who
> yosemite is.

Nslookup asks directly your name servers (those in the resolv.conf).
Programs should ask the local resolver [1] , which can (and usually
is) configured to look first in /etc/hosts (that's this line

  hosts: files dns

in your /etc/nsswitch.conf). Some applications (browser, I'm looking
at you!) which deem themselves more important than all the other
snowflakes are starting to bypass this.

Cheers

[1] this is a library, which comes with a man page
-- 
tomás


signature.asc
Description: PGP signature

Re: OpenSMTPD can't parse smarthost

[Greg Wooledge]

On Thu, May 23, 2024 at 07:53:31AM -0400, Paul M Foster wrote:
> Nslookup fails. However, yosemite.mars.lan is in the hosts file and you
> can successfully ping it. It has a fixed (local) IP, which was set in the
> router. I don't understand why nslookup fails when buckaroo knows who
> yosemite is.

nslookup looks *only* in DNS.

If you want a tool that follows the same hostname lookup policies
that programs like "ping" use, there's getent(1).

hobbit:~$ nslookup hobbit
Server: 127.0.0.1
Address:127.0.0.1#53

** server can't find hobbit: NXDOMAIN

hobbit:~$ getent hosts hobbit
127.0.1.1   hobbit.wooledge.org hobbit
hobbit:~$ getent hosts www.debian.org
2603:400a::bb8::801f:3e www.debian.org

Of course, a lot of people just use "ping" for this same purpose.  It's
not ideal, but it works.

hobbit:~$ ping -c1 hobbit
PING hobbit.wooledge.org (127.0.1.1) 56(84) bytes of data.
64 bytes from hobbit.wooledge.org (127.0.1.1): icmp_seq=1 ttl=64 time=0.015 ms

--- hobbit.wooledge.org ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.015/0.015/0.015/0.000 ms

Re: OpenSMTPD can't parse smarthost

[Paul M Foster]

On Thu, May 23, 2024 at 07:19:08AM +0200, Kamil Jońca wrote:

> Kamil Jońca  writes:
> 
> [...]
> > [...]
> >> action "relay" relay host smtp+notls://pa...@yosemite.mars.lan:25 auth 
> >> 
> >>
> >
> > I have some opensmtpd config around and this line should work.
> > My suspects are:
> > 1. whitespaces / end lines - have you test your config with xxd to check
> > if there CRLF for rexample ?
> > 2. do you have a line
> >
> > --8<---cut here---start->8---
> > paulf username:password
> > --8<---cut here---end--->8---
> >
> > in your secrets file? 
> > HTH
> 
> After closer look I have another doubt:
> https://man.openbsd.org/smtpd.conf
> says:
> --8<---cut here---start->8---
> The label corresponds to an entry in a credentials table, as documented
> in table(5). It is used with the “smtp+tls” and “smtps” protocols for
> authentication. Server certificates for those protocols are verified by
> default.
> 
> --8<---cut here---end--->8---
> So if you use smtp+notls or pure smtp - maybe 'paulf@' is wrong
> here?

I think you may be right.

Paul

-- 
Paul M. Foster
Personal Blog: http://noferblatz.com
Company Site: http://quillandmouse.com
Software Projects: https://gitlab.com/paulmfoster

Re: OpenSMTPD can't parse smarthost

[Paul M Foster]

On Thu, May 23, 2024 at 12:54:31AM -0400, Jeffrey Walton wrote:

> On Thu, May 23, 2024 at 12:43 AM Paul M Foster  
> wrote:

[snip]
> 
> On the video server, run nslookup and see if it can resolve yosemite.mars.lan.

Nslookup fails. However, yosemite.mars.lan is in the hosts file and you
can successfully ping it. It has a fixed (local) IP, which was set in the
router. I don't understand why nslookup fails when buckaroo knows who
yosemite is.

> 
> Looking at the string smtp+notls://pa...@yosemite.mars.lan:25, it
> looks more like a url than a hostname. Maybe that is confusing your
> mail agent.

However, this is standard usage, according to the smptd.conf(5) man page.

> 
> Also, I think you should be using *.home.arpa, and not *.lan.
> home.arpa is reserved for private use by ICANN and the IETF. I suspect
> *.lan is not reserved for private use.

On a LAN, you can use anything you like. I've used .mars.lan for decades
with no difficulty.

Paul

-- 
Paul M. Foster
Personal Blog: http://noferblatz.com
Company Site: http://quillandmouse.com
Software Projects: https://gitlab.com/paulmfoster

Re: OpenSMTPD can't parse smarthost

[tomas]

On Thu, May 23, 2024 at 07:46:30AM -0400, Paul M Foster wrote:
> On Thu, May 23, 2024 at 06:38:11AM +0200, to...@tuxteam.de wrote:

[...]

> > Have you tried leaving out the "paul@" part? [...]

> The smarthost URL is straight out of the man page. The "paulf@" part allows
> OpenSMTP to figure which credential in the "secrets" file to use.

Makes sense, yes.

> 
> However, I took your advice and lopped off the "paulf@" from the URL, and
> managed to get an email through. Go figure.

And this doesn't, but glad you got it working :-)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: OpenSMTPD can't parse smarthost

[Paul M Foster]

On Thu, May 23, 2024 at 06:38:11AM +0200, to...@tuxteam.de wrote:

> On Wed, May 22, 2024 at 09:37:18PM -0400, Paul M Foster wrote:
> > Folks:
> > 
> > Here's a shot in the dark. I've looked up and down the internet, and can't
> > find a solution.
> 
> [...]
> 
> > "warn: Failed to parse smarthost smtp+notls://pa...@yosemite.mars.lan:25"
> > 
> > Note that the "protocol" doesn't matter. I can use "smtp" alone as the
> > protocol, and it still won't parse. And yes, yosemite.mars.lan is in my
> > local hosts file.
> 
> But "p...@yosemite.mars.lan" doesn't look like a host (unless you are
> trying to sneak in the creds in the URL -- then I'd expect something
> like user:pass@host). No idea how opensmtp works and whether it tries
> to parse credentials off the URL.
> 
> Have you tried leaving out the "paul@" part? Do you have access credentials
> elsewhere in your config (typically they are in a separate file to better
> control access to that).

The smarthost URL is straight out of the man page. The "paulf@" part allows
OpenSMTP to figure which credential in the "secrets" file to use.

However, I took your advice and lopped off the "paulf@" from the URL, and
managed to get an email through. Go figure.

Paul


-- 
Paul M. Foster
Personal Blog: http://noferblatz.com
Company Site: http://quillandmouse.com
Software Projects: https://gitlab.com/paulmfoster

Re: OpenSMTPD can't parse smarthost

[Kamil Jońca]

Kamil Jońca  writes:

[...]
> [...]
>> action "relay" relay host smtp+notls://pa...@yosemite.mars.lan:25 auth 
>> 
>>
>
> I have some opensmtpd config around and this line should work.
> My suspects are:
> 1. whitespaces / end lines - have you test your config with xxd to check
> if there CRLF for rexample ?
> 2. do you have a line
>
> --8<---cut here---start->8---
> paulf username:password
> --8<---cut here---end--->8---
>
> in your secrets file? 
> HTH

After closer look I have another doubt:
https://man.openbsd.org/smtpd.conf
says:
--8<---cut here---start->8---
The label corresponds to an entry in a credentials table, as documented
in table(5). It is used with the “smtp+tls” and “smtps” protocols for
authentication. Server certificates for those protocols are verified by
default.

--8<---cut here---end--->8---
So if you use smtp+notls or pure smtp - maybe 'paulf@' is wrong
here?

KJ
-- 
http://stopstopnop.pl/stop_stopnop.pl_o_nas.html
If the human brain were so simple that we could understand it,
we would be so simple we couldn't.

Re: OpenSMTPD can't parse smarthost

[Kamil Jońca]

Paul M Foster  writes:

> Folks:
>
> Here's a shot in the dark. I've looked up and down the internet, and can't
> find a solution.
>
> I have a mini PC which just serves up videos. Daily it backs up to an
> attached drive. This happens with a script in /etc/cron.daily, which
> typically emails results to root. In my case it's aliased to me. I have
> OpenSMTPD installed with this config:
>
> ---
>
[...]
> action "relay" relay host smtp+notls://pa...@yosemite.mars.lan:25 auth 
> 
>

I have some opensmtpd config around and this line should work.
My suspects are:
1. whitespaces / end lines - have you test your config with xxd to check
if there CRLF for rexample ?
2. do you have a line
--8<---cut here---start->8---
paulf username:password
--8<---cut here---end--->8---
in your secrets file? 
HTH




-- 
http://stopstopnop.pl/stop_stopnop.pl_o_nas.html
Support Bingo, keep Grandma off the streets.

Re: OpenSMTPD can't parse smarthost

[Jeffrey Walton]

On Thu, May 23, 2024 at 12:43 AM Paul M Foster  wrote:
>
> Folks:
>
> Here's a shot in the dark. I've looked up and down the internet, and can't
> find a solution.
>
> I have a mini PC which just serves up videos. Daily it backs up to an
> attached drive. This happens with a script in /etc/cron.daily, which
> typically emails results to root. In my case it's aliased to me. I have
> OpenSMTPD installed with this config:
>
> ---
>
> #   $OpenBSD: smtpd.conf,v 1.10 2018/05/24 11:40:17 gilles Exp $
>
> # This is the smtpd server system-wide configuration file.
> # See smtpd.conf(5) for more information.
>
> table aliases file:/etc/aliases
> table secrets file:/etc/secrets
>
> listen on localhost
>
> action "relay" relay host smtp+notls://pa...@yosemite.mars.lan:25 auth 
> 
>
> match from local for any action "relay"
>
> ---
>
> Note: yosemite is my desktop machine; that where I want the mail to be
> sent. "paulf" is a tag in the secrets file. Note that this connection
> between the mini PC (buckaroo) and yosemite should be a plain text
> connection, very simple. My username and password are in the secrets file.
>
> When I attempt to send a test message to check this all works (via swaks or
> mail), I get an error message in the /var/log/mail.log file which says:
>
> "warn: Failed to parse smarthost smtp+notls://pa...@yosemite.mars.lan:25"
>
> Note that the "protocol" doesn't matter. I can use "smtp" alone as the
> protocol, and it still won't parse. And yes, yosemite.mars.lan is in my
> local hosts file.

On the video server, run nslookup and see if it can resolve yosemite.mars.lan.

Looking at the string smtp+notls://pa...@yosemite.mars.lan:25, it
looks more like a url than a hostname. Maybe that is confusing your
mail agent.

Also, I think you should be using *.home.arpa, and not *.lan.
home.arpa is reserved for private use by ICANN and the IETF. I suspect
*.lan is not reserved for private use.

Jeff

Re: OpenSMTPD can't parse smarthost

[tomas]

On Wed, May 22, 2024 at 09:37:18PM -0400, Paul M Foster wrote:
> Folks:
> 
> Here's a shot in the dark. I've looked up and down the internet, and can't
> find a solution.

[...]

> "warn: Failed to parse smarthost smtp+notls://pa...@yosemite.mars.lan:25"
> 
> Note that the "protocol" doesn't matter. I can use "smtp" alone as the
> protocol, and it still won't parse. And yes, yosemite.mars.lan is in my
> local hosts file.

But "p...@yosemite.mars.lan" doesn't look like a host (unless you are
trying to sneak in the creds in the URL -- then I'd expect something
like user:pass@host). No idea how opensmtp works and whether it tries
to parse credentials off the URL.

Have you tried leaving out the "paul@" part? Do you have access credentials
elsewhere in your config (typically they are in a separate file to better
control access to that).

Cheers
-- 
t


signature.asc
Description: PGP signature

OpenSMTPD can't parse smarthost

[Paul M Foster]

Folks:

Here's a shot in the dark. I've looked up and down the internet, and can't
find a solution.

I have a mini PC which just serves up videos. Daily it backs up to an
attached drive. This happens with a script in /etc/cron.daily, which
typically emails results to root. In my case it's aliased to me. I have
OpenSMTPD installed with this config:

---

#   $OpenBSD: smtpd.conf,v 1.10 2018/05/24 11:40:17 gilles Exp $

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

table aliases file:/etc/aliases
table secrets file:/etc/secrets

listen on localhost

action "relay" relay host smtp+notls://pa...@yosemite.mars.lan:25 auth 

match from local for any action "relay"

---

Note: yosemite is my desktop machine; that where I want the mail to be
sent. "paulf" is a tag in the secrets file. Note that this connection
between the mini PC (buckaroo) and yosemite should be a plain text
connection, very simple. My username and password are in the secrets file.

When I attempt to send a test message to check this all works (via swaks or
mail), I get an error message in the /var/log/mail.log file which says:

"warn: Failed to parse smarthost smtp+notls://pa...@yosemite.mars.lan:25"

Note that the "protocol" doesn't matter. I can use "smtp" alone as the
protocol, and it still won't parse. And yes, yosemite.mars.lan is in my
local hosts file.

Any help would be appreciated.

Paul


-- 
Paul M. Foster
Personal Blog: http://noferblatz.com
Company Site: http://quillandmouse.com
Software Projects: https://gitlab.com/paulmfoster