smtpd relay error - sender address rejected
Hi, I'm trying to configure smtpd to send some emails to my account at Yandex, but the mail server is returning an error: stat="550 5.7.0 Sender address rejected: not owned by authorized user This is on OpenBSD 7.5. The /etc/mail/smtpd.conf configuration is: # grep -v '^#' /etc/mail/smtpd.conf | grep -v '^$' table aliases file:/etc/mail/aliases table secrets file:/etc/mail/secrets listen on socket listen on lo0 action "local_mail" mbox alias action "outbound" relay host smtps://la...@smtp.yandex.com:465 auth \ mail-from luisvmen...@yandex.com match from local for local action "local_mail" match from local for any action "outbound" # cat /etc/mail/secrets label luisvmen...@yandex.com:mypassword The `smtpd -d` output for an email sent as: $ mail -s "exp" luisvmen...@yandex.com first line . Is: # smtpd -d info: OpenSMTPD 7.5.0 starting smtp connected address=local host=privacy.mydomain.net smtp message msgid= size=415 nrcpt=1 proto=ESMTP smtp envelope evpid= from= to= smtp disconnected reason=quit mta connecting address=smtps://77.88.21.158:465 host=mail-smtp.stable.qloud-b.yandex.net mta connected mta tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256 mta cert-check result="valid" fingerprint="SHA256:b47c39f8286a3301240a6474d9932a14eea3493d10e9f404d47dbcd78be5bff5" mta delivery evpid= from= to= rcpt=<-> source="66.55.44.33" relay="77.88.21.158 (mail-smtp.stable.qloud-b.yandex.net)" delay=3s result="PermFail" stat="550 5.7.0 Sender address rejected: not owned by authorized user 11--" smtp connected address=local host=privacy.mydomain.net smtp message msgid=0123456e size=1955 nrcpt=1 proto=ESMTP smtp envelope evpid=0123456e2c8c3f0c from=<> to= smtp disconnected reason=quit mda delivery evpid=0123456e2c8c3f0c from=<> to= rcpt= user=myuser delay=0s result=Ok stat=Delivered mta disconnected reason=quit messages=0 The email that is delivered to my local user shows some more information: Received: from localhost (privacy.mydomain.net [local]) by privacy.mydomain.net (OpenSMTPD) with ESMTPA id 222 for ; From: Luis Mendes So, it seems that the from is myu...@privacy.mydomain.net and not luisvmen...@yandex.com although I thought that adding the option mail-from luisvmen...@yandex.com to the action "outbound" in smtpd.conf would solve the issue. What should I do to solve this problem? Thanks, Luís
No dhcp renewal of IP
Hi, The interface ure0 is the gateway to the Internet, connected to the ISP. - $ cat hostname.ure0 inet autoconf - Somehow, when this interface loses the IP, the lease is not renewed. - # rcctl get dhcpd dhcpd_class=daemon dhcpd_execdir= dhcpd_flags=em0 dhcpd_logger= dhcpd_rtable=0 dhcpd_timeout=30 dhcpd_user=root - $ cat dhcpd.conf option domain-name "home.lan"; option domain-name-servers 192.168.1.253; max-lease-time 4800; default-lease-time 1200; subnet 192.168.1.0 netmask 255.255.255.0 { option routers 192.168.1.253; range 192.168.1.100 192.168.1.200; host c1 { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.1.7; } host c2 { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.1.12; option domain-name-servers 192.168.1.253; } host c3 { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.1.20; } } - The file /var/log/daemon show many 'sendto: Permission denied' for dhcpleased - Feb 17 05:19:32 comp1 ntpd[59884]: DNS lookup tempfail Feb 17 05:29:43 comp1 last message repeated 9 times Feb 17 05:34:12 comp1 last message repeated 5 times Feb 17 05:34:45 comp1 dhcpleased[11074]: sendto: Permission denied Feb 17 05:34:45 comp1 dhcpleased[11074]: bpf_send_packet: writev: Network is down Feb 17 05:35:32 comp1 ntpd[59884]: DNS lookup tempfail Feb 17 05:36:36 comp1 ntpd[59884]: DNS lookup tempfail Feb 17 05:38:40 comp1 last message repeated 2 times Feb 17 05:45:23 comp1 last message repeated 9 times Feb 17 05:46:00 comp1 dhcpleased[11074]: sendto: Permission denied Feb 17 05:46:00 comp1 dhcpleased[11074]: bpf_send_packet: writev: Network is down Feb 17 05:46:54 comp1 ntpd[59884]: DNS lookup tempfail Feb 17 05:47:21 comp1 ntpd[59884]: DNS lookup tempfail Feb 17 05:48:31 comp1 last message repeated 2 times Feb 17 05:51:11 comp1 last message repeated 2 times Feb 17 05:51:37 comp1 dhcpleased[11074]: sendto: Permission denied Feb 17 05:51:37 comp1 dhcpleased[11074]: bpf_send_packet: writev: Network is down Feb 17 05:51:42 lenovo ntpd[59884]: DNS lookup tempfail - # dhcpleasectl ure0 . ure0 [Bound] inet 8.x.x.x netmask 255.255.255.0 default gateway 8.x.x.1 nameservers 100.x.x.x 100.x.x.z lease 60 minutes dhcp server 15.x.x.x - # rcctl ls failed shows nothing - # rcctl ls stopped | grep dh dhcrelay dhcrelay6 - I must be missing some configuration, but can't find out what. I've searched the web and it seems that I could add a '!dhclient' line to file /etc/hostname.ure0, but it's not the default way of doing this. What is wrong? Thanks, Luis Mendes
Re: Freshrss configuration httpd.conf and fastcgi
Hi Michael, On Tue, 16 Jan 2024 12:04:02 +0100 Michael Hekeler wrote: > > I'd like to setup Freshrss to work under httpd and FastCGI. > > Freshrss uses Php. > ^^^ > You need to deploy that script with php-fpm NOT via slowcgi(8) > See the file php-XX in /usr/local/share/doc/pkg-readmes/ for doing this > (where XX is your installed version). Yes, I know and have already configured php-fpm for that. I used slowcgi in order to debug the connection. At least, I read from someone on the web doing that. Is slowcgi really to avoid or is it useful for debugging? > > > As per the documentation, only the freshrss/p directory should be > > exposed. > > https://github.com/FreshRSS/FreshRSS#installation > > > > I'd like Freshrss to be access like: > > http://myserver.tld/freshrss > > > > Then you need something like: .. > > server "myserver.tld" { > > listen on * port 80 > > listen on * tls port 443 > > tls { > > certificate "/etc/ssl/myserver.tld.crt" > > key "/etc/ssl/private/myserver.tld.key" > > } > > root "/htdocs" > > location "/freshrss/*" { root "/freshrss/p" } That's what is configured. server "myserver.tld" { listen on * port 80 listen on * tls port 443 tls { certificate "/etc/ssl/myserver.tld.crt" key "/etc/ssl/private/myserver.tld.key" } root "/htdocs" directory {index "index.php" index "index.html"} location "/freshrss/*" { root "/freshrss/p" fastcgi { socket "/run/php-fpm_freshrss.sock" } } } But still get 'Not found' 404 Not Found OpenBSD httpd At htdocs, the httpd server should serve static pages. Php files are only under /freshrss. So, should I place this? directory {index "index.php" index "index.html"} It would make more sense to have a 'directory' per location, not per server, unless I haven't understood this correctly. I've read the man page several times, but I'd also need some examples that are hard to find. In another server (FreeBSD) there was a similar setup running with Lighttpd. But, it's been very difficult to set this up with OpenBSD's httpd. Thank you, Luis > > > But at http://myserver.tld/freshrss/p/i/ it shows a 403 Forbidden > > status. > > Because there is no index.html in /freshrss/p/i/ > > Please read manpages httpd.conf(5) for setting directory index other > than index.html. > > Test your setup with something like curl(1) or nc(1) not in a browser > like chrome or firefox so that you can see the response clearly and no > cache comes in the way. > > And only open your install to the internet when all is set up well. > Also test if access to configfiles is denied. >
Freshrss configuration httpd.conf and fastcgi
Hi, I'd like to setup Freshrss to work under httpd and FastCGI. Freshrss uses Php. As per the documentation, only the freshrss/p directory should be exposed. https://github.com/FreshRSS/FreshRSS#installation I'd like Freshrss to be access like: http://myserver.tld/freshrss My attempt (lots of them) couldn't make this work. The SSL certificate and key are self-signed. The last configuration I've tried was to be able to access FreshRSS through http://myserver.tlc/freshrss/p so that a rewrite could be done later from http://myserver.tlc/freshrss/ to http://myserver.tlc/freshrss/p types { include "/usr/share/misc/mime.types" } server "myserver.tld" { listen on * port 80 listen on * tls port 443 tls { certificate "/etc/ssl/myserver.tld.crt" key "/etc/ssl/private/myserver.tld.key" } root "/htdocs" location match "/freshrss/p/*.php" { root "/freshrss/p" request strip 2 fastcgi { #strip 2 #fastcgi socket "/run/php-fpm_freshrss.sock" socket "/run/slowcgi.sock" } } location match "/freshrss/p/*" { root "/freshrss/p" request strip 2 } } The directories are structured like: /var/www (chroo) /var/www/htdocs (for other stuff, there's an index.html file that is served) /var/www/freshrss When I access http://myserver.tld/freshrss/p it gets redirected to http://myserver.tld/freshrss/p/i/ as per the index.html Refresh at p/index.html But at http://myserver.tld/freshrss/p/i/ it shows a 403 Forbidden status. I'd also like to understand if the fastcgi strip should be used or not with a request strip option. How do they differ? Should request strip be used only for html or other static files? I'd appreciate some help on this. Thanks in advance, Luis
Stalled nfs mount from disk in standby mode
Hi, I'm running a 7.4 amd64 NFS server that has a sd0 spinning disk. Its only partition is encrypted as sd3i. # mount | grep sd3 /dev/sd3i on /wd_4_tb type ffs (NFS exported, local) # cat /etc/exports /wd_4_tb -alldirs -maproot=root -network=192.168.1.0 -mask=255.255.255.0 At the Slackware Linux NFS client: # mount -v | grep wd_4_tb 192.168.1.253:/wd_4_tb/partilha_casa on /partilha_casa type nfs (rw,nosuid,nodev,noexec,relatime,vers=3,rsize=65536,wsize=65536, namlen=255,soft,proto=tcp,timeo=600,retrans=2,sec=sys, mountaddr=192.168.1.253,mountvers=3,mountport=730,mountproto=udp, local_lock=none,addr=192.168.1.253,_netdev,user=myuser) To reduce electricity consumption costs, at /etc/rc.local, I set: /sbin/atactl sd0 setidle 1800 /sbin/atactl sd0 setstandby 3600 I can mount and unmount the NFS remote filesystem from the Linux client. But after the disk gets in standby mode, I'm unable to unmount the remote filesystem. Even a 'ls -l /parti' then I press TAB and the virtual terminal is hung. After a couple of hours, I could unmount the remote filesystem. Is there anything that can be setup in order to be able to unmount or ls the remote filesystem when its disk is in standby mode? Thanks in advance, -- Luís Mendes