Re: smtpd only Mail Server

[Martijn van Duren]

On Sat, 2021-08-21 at 07:20 -0700, latin...@vcn.bc.ca wrote:
> > On Tue, 2021-08-10 at 04:32 -0700, latin...@vcn.bc.ca wrote:
> > > > On Aug 10 01:52:57, latin...@vcn.bc.ca wrote:
> > > > > > - smtpd had its first commit in 2008 and back then was far from
> > > > > >   production ready: So are you using base smtpd, or sendmail, or
> > > > > >   something else?
> > > > > 
> > > > > Yes, 2000 it was sendmail, nginx, apache, smtpd if i remember
> > > correctly;
> > > > > but my question is:
> > > > > 
> > > > > "Could someone please point me to specific openbsd place to look for
> > > > > it?"
> > > > 
> > > > To look for what? smtpd documentation? man smtpd, man spmtpd.conf,
> > > > there's a dkim example right there.
> > > 
> > > Jay in this case it looks out of context, because it is a question after
> > > the explanation! Look for understandable (my level) information related
> > > to
> > > dkim, dmarc, and spf! My field is agriculture!
> > > 
> > > > 
> > > > > > - I assume it's related to outbound mail, but even that is not
> > > > > >   completely clear to me.
> > > > > 
> > > > > No, it is the complete behaviour of dkim, dmarc, and spf. i got 0/10
> > > at
> > > > > this page: https://www.mail-tester.com/ and yes, i can receive
> > > mail, but
> > > > > mine is considered spam!
> > > > 
> > > > The fact that and arbitrary third site "tester" gives you this score
> > > > or another can mean a lot of things. Nobody has seen your DNS or a
> > > > single line of your conig yet, so it's hard to help you really.
> > > > 
> > > 
> > > Well, i never said that it is the last word! I am asking for clear
> > > information for dkim, dmarc, spf, and now dkimproxy and anything related
> > > to send mail correctly; where correctly means "NO qualify my mail as
> > > spam"
> > > 
> > > > > > - Did you just put a dkim txt record in DNS without any additional
> > > > > >   configuration on your mailserver?
> > > > > 
> > > > > ok: i have 2 servers: 1. managed by nsd, which obtained 9.7/10 at
> > > the
> > > > > same
> > > > > web page, not a problem; 2. vultr managed by their dns app, here i
> > > am
> > > > > not
> > > > > able to make it work correctly. What should be the additional
> > > > > configuration on the mail server please?
> > > > 
> > > > What mail server?
> > > > What "additional" configuration?
> > > 
> > > This server:
> > > > > > - Did you just put a dkim txt record in DNS without any additional
> > > > > >   configuration on your mailserver?
> > > 
> > > > 
> > > > If you want help with a mail config,
> > > > you need to show your mail config.
> > > > 
> > > 
> > > No problem:
> > > I am used to use only the base system.
> > > 
> > > #       $OpenBSD: smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles
> > > Exp $
> > > 
> > > # This is the smtpd server system-wide configuration file.
> > > # See smtpd.conf(5) for more information.
> > > 
> > > table aliases file:/etc/mail/aliases
> > > 
> > > listen on socket
> > > 
> > > # To accept external mail, replace with: listen on all
> > > #
> > > listen on all filter "dkimsign"
> > > 
> > > action "local_mail" mbox alias 
> > > action "outbound" relay
> > > 
> > > # Uncomment the following to accept external mail for domain
> > > "example.org"
> > > #
> > > # match from any for domain "example.org" action "local_mail"
> > > match from any for domain "agroena.org" action "local_mail"
> > > match from local for local action "local_mail"
> > > match from local for any action "outbound"
> > > 
> > > # dkim
> > > filter "dkimsign" proc-exec "filter-dkimsign -d agroena.org -s s1 -k
> > > /etc/mail/dkim/private.key" user _dkimsign group _dkimsign
> > > 
> > > 
> > So assuming that you actually installed opensmtpd-filter-dkimsign and
> > everything starts okay, you haven't put the public key in the DNS like
> > you claimed in your original e-mail.
> > $ dig +short txt s1._domainkey.agroena.org
> > $
> > 
> 
> Hello Martijn
> I changed the selector to s=s1 the same at DNS record, and my smtpd.conf
> with 2 lines related to dkim; and my mail is not spam anymore, thanks for
> your help; but it is not signed yet! Can you please help?
> 
> #$OpenBSD: smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles Exp $
> 
> # This is the smtpd server system-wide configuration file.
> # See smtpd.conf(5) for more information.
> 
> table aliases file:/etc/mail/aliases
> 
> listen on socket
> 
> # To accept external mail, replace with: listen on all
> #
> listen on all
> 
> action "local_mail" mbox alias 
> action "outbound" relay
> 
> # Uncomment the following to accept external mail for domain "example.org"
> #
> # match from any for domain "example.org" action "local_mail"
> #match from any for domain "agroena.org" action "local_mail"
> match from local for local action "local_mail"
> match from local for any action "outbound"
> 
> # dkim
> filter "dkimsign" proc-exec "filter-dkimsign -d agroena.org -s s1 -k
> /etc/mail/dkim/agroena.org.private.key" user _dkimsign group 

Re: smtpd only Mail Server

[latincom]

> On Tue, 2021-08-10 at 04:32 -0700, latin...@vcn.bc.ca wrote:
>> > On Aug 10 01:52:57, latin...@vcn.bc.ca wrote:
>> > > > - smtpd had its first commit in 2008 and back then was far from
>> > > >   production ready: So are you using base smtpd, or sendmail, or
>> > > >   something else?
>> > >
>> > > Yes, 2000 it was sendmail, nginx, apache, smtpd if i remember
>> correctly;
>> > > but my question is:
>> > >
>> > > "Could someone please point me to specific openbsd place to look for
>> > > it?"
>> >
>> > To look for what? smtpd documentation? man smtpd, man spmtpd.conf,
>> > there's a dkim example right there.
>>
>> Jay in this case it looks out of context, because it is a question after
>> the explanation! Look for understandable (my level) information related
>> to
>> dkim, dmarc, and spf! My field is agriculture!
>>
>> >
>> > > > - I assume it's related to outbound mail, but even that is not
>> > > >   completely clear to me.
>> > >
>> > > No, it is the complete behaviour of dkim, dmarc, and spf. i got 0/10
>> at
>> > > this page: https://www.mail-tester.com/ and yes, i can receive
>> mail, but
>> > > mine is considered spam!
>> >
>> > The fact that and arbitrary third site "tester" gives you this score
>> > or another can mean a lot of things. Nobody has seen your DNS or a
>> > single line of your conig yet, so it's hard to help you really.
>> >
>>
>> Well, i never said that it is the last word! I am asking for clear
>> information for dkim, dmarc, spf, and now dkimproxy and anything related
>> to send mail correctly; where correctly means "NO qualify my mail as
>> spam"
>>
>> > > > - Did you just put a dkim txt record in DNS without any additional
>> > > >   configuration on your mailserver?
>> > >
>> > > ok: i have 2 servers: 1. managed by nsd, which obtained 9.7/10 at
>> the
>> > > same
>> > > web page, not a problem; 2. vultr managed by their dns app, here i
>> am
>> > > not
>> > > able to make it work correctly. What should be the additional
>> > > configuration on the mail server please?
>> >
>> > What mail server?
>> > What "additional" configuration?
>>
>> This server:
>> > > > - Did you just put a dkim txt record in DNS without any additional
>> > > >   configuration on your mailserver?
>>
>> >
>> > If you want help with a mail config,
>> > you need to show your mail config.
>> >
>>
>> No problem:
>> I am used to use only the base system.
>>
>> #       $OpenBSD: smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles
>> Exp $
>>
>> # This is the smtpd server system-wide configuration file.
>> # See smtpd.conf(5) for more information.
>>
>> table aliases file:/etc/mail/aliases
>>
>> listen on socket
>>
>> # To accept external mail, replace with: listen on all
>> #
>> listen on all filter "dkimsign"
>>
>> action "local_mail" mbox alias 
>> action "outbound" relay
>>
>> # Uncomment the following to accept external mail for domain
>> "example.org"
>> #
>> # match from any for domain "example.org" action "local_mail"
>> match from any for domain "agroena.org" action "local_mail"
>> match from local for local action "local_mail"
>> match from local for any action "outbound"
>>
>> # dkim
>> filter "dkimsign" proc-exec "filter-dkimsign -d agroena.org -s s1 -k
>> /etc/mail/dkim/private.key" user _dkimsign group _dkimsign
>>
>>
> So assuming that you actually installed opensmtpd-filter-dkimsign and
> everything starts okay, you haven't put the public key in the DNS like
> you claimed in your original e-mail.
> $ dig +short txt s1._domainkey.agroena.org
> $
>

Hello Martijn
I changed the selector to s=s1 the same at DNS record, and my smtpd.conf
with 2 lines related to dkim; and my mail is not spam anymore, thanks for
your help; but it is not signed yet! Can you please help?

#$OpenBSD: smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles Exp $

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

table aliases file:/etc/mail/aliases

listen on socket

# To accept external mail, replace with: listen on all
#
listen on all

action "local_mail" mbox alias 
action "outbound" relay

# Uncomment the following to accept external mail for domain "example.org"
#
# match from any for domain "example.org" action "local_mail"
#match from any for domain "agroena.org" action "local_mail"
match from local for local action "local_mail"
match from local for any action "outbound"

# dkim
filter "dkimsign" proc-exec "filter-dkimsign -d agroena.org -s s1 -k
/etc/mail/dkim/agroena.org.private.key" user _dkimsign group _dkimsign

Re: smtpd only Mail Server

[latincom]

> Am 10.08.21 13:29 schrieb latin...@vcn.bc.ca:

>> >> > If you want help with a mail config,
>> >> > you need to show your mail config.
>> >> >
>> >>
>> >> No problem:
>> >> I am used to use only the base system.
>> >>
>> >> #       $OpenBSD: smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles
>> >> Exp $
>> >>
>> >> # This is the smtpd server system-wide configuration file.
>> >> # See smtpd.conf(5) for more information.
>> >>
>> >> table aliases file:/etc/mail/aliases
>> >>
>> >> listen on socket
>> >>
>> >> # To accept external mail, replace with: listen on all
>> >> #
>> >> listen on all filter "dkimsign"
>> >>
>> >> action "local_mail" mbox alias 
>> >> action "outbound" relay
>> >>
>> >> # Uncomment the following to accept external mail for domain
>> >> "example.org"
>> >> #
>> >> # match from any for domain "example.org" action "local_mail"
>> >> match from any for domain "agroena.org" action "local_mail"
>> >> match from local for local action "local_mail"
>> >> match from local for any action "outbound"
>> >>
>> >> # dkim
>> >> filter "dkimsign" proc-exec "filter-dkimsign -d agroena.org -s s1 -k
>> >> /etc/mail/dkim/private.key" user _dkimsign group _dkimsign
>> >>
>> >>
>> > So assuming that you actually installed opensmtpd-filter-dkimsign and
>> > everything starts okay, you haven't put the public key in the DNS like
>> > you claimed in your original e-mail.
>> > $ dig +short txt s1._domainkey.agroena.org
>> > $
>> >
>>
>> I am not sure if it is a problem, but the selector is: mail.
>>
>> $ dig +short txt mail._domainkey.agroena.org
>> "k=rsa; t=s; h=sha256;
>> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOGOPbZVPidt2KCGqb38+OOD/cIZZnkpMY67oUPAfjVzP7vjJnxeTUOYtuQPTYv3whE6dwRSDwdw96DELKTjbaJ8DMEDFxbeqZxFl4EivuxuIwRSJVZQ36ed+TnfrPxLQowcno3kIh9je3t2VQ7GfD4WJfPD2GzfVljcTmJP3gNQIDAQAB"
>>
>>
> First you should match the selectors name.
> Either by telling the filter to use the key in selector "mail"
> or by changing the selectors name in DNS to "s1"
> Then you can debug further (e.g. your public key in DNS should match
> /etc/mail/dkim/private.key)
>

Thanks to take the time to respond Michael Hekeler, i am going to test it.

Re: smtpd only Mail Server

[Michael Hekeler]

Am 10.08.21 13:29 schrieb latin...@vcn.bc.ca:
> > On Tue, 2021-08-10 at 04:32 -0700, latin...@vcn.bc.ca wrote:
> >> > On Aug 10 01:52:57, latin...@vcn.bc.ca wrote:
> >> > > > - smtpd had its first commit in 2008 and back then was far from
> >> > > >   production ready: So are you using base smtpd, or sendmail, or
> >> > > >   something else?
> >> > >
> >> > > Yes, 2000 it was sendmail, nginx, apache, smtpd if i remember
> >> correctly;
> >> > > but my question is:
> >> > >
> >> > > "Could someone please point me to specific openbsd place to look for
> >> > > it?"
> >> >
> >> > To look for what? smtpd documentation? man smtpd, man spmtpd.conf,
> >> > there's a dkim example right there.
> >>
> >> Jay in this case it looks out of context, because it is a question after
> >> the explanation! Look for understandable (my level) information related
> >> to
> >> dkim, dmarc, and spf! My field is agriculture!
> >>
> >> >
> >> > > > - I assume it's related to outbound mail, but even that is not
> >> > > >   completely clear to me.
> >> > >
> >> > > No, it is the complete behaviour of dkim, dmarc, and spf. i got 0/10
> >> at
> >> > > this page: https://www.mail-tester.com/ and yes, i can receive
> >> mail, but
> >> > > mine is considered spam!
> >> >
> >> > The fact that and arbitrary third site "tester" gives you this score
> >> > or another can mean a lot of things. Nobody has seen your DNS or a
> >> > single line of your conig yet, so it's hard to help you really.
> >> >
> >>
> >> Well, i never said that it is the last word! I am asking for clear
> >> information for dkim, dmarc, spf, and now dkimproxy and anything related
> >> to send mail correctly; where correctly means "NO qualify my mail as
> >> spam"
> >>
> >> > > > - Did you just put a dkim txt record in DNS without any additional
> >> > > >   configuration on your mailserver?
> >> > >
> >> > > ok: i have 2 servers: 1. managed by nsd, which obtained 9.7/10 at
> >> the
> >> > > same
> >> > > web page, not a problem; 2. vultr managed by their dns app, here i
> >> am
> >> > > not
> >> > > able to make it work correctly. What should be the additional
> >> > > configuration on the mail server please?
> >> >
> >> > What mail server?
> >> > What "additional" configuration?
> >>
> >> This server:
> >> > > > - Did you just put a dkim txt record in DNS without any additional
> >> > > >   configuration on your mailserver?
> >>
> >> >
> >> > If you want help with a mail config,
> >> > you need to show your mail config.
> >> >
> >>
> >> No problem:
> >> I am used to use only the base system.
> >>
> >> #       $OpenBSD: smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles
> >> Exp $
> >>
> >> # This is the smtpd server system-wide configuration file.
> >> # See smtpd.conf(5) for more information.
> >>
> >> table aliases file:/etc/mail/aliases
> >>
> >> listen on socket
> >>
> >> # To accept external mail, replace with: listen on all
> >> #
> >> listen on all filter "dkimsign"
> >>
> >> action "local_mail" mbox alias 
> >> action "outbound" relay
> >>
> >> # Uncomment the following to accept external mail for domain
> >> "example.org"
> >> #
> >> # match from any for domain "example.org" action "local_mail"
> >> match from any for domain "agroena.org" action "local_mail"
> >> match from local for local action "local_mail"
> >> match from local for any action "outbound"
> >>
> >> # dkim
> >> filter "dkimsign" proc-exec "filter-dkimsign -d agroena.org -s s1 -k
> >> /etc/mail/dkim/private.key" user _dkimsign group _dkimsign
> >>
> >>
> > So assuming that you actually installed opensmtpd-filter-dkimsign and
> > everything starts okay, you haven't put the public key in the DNS like
> > you claimed in your original e-mail.
> > $ dig +short txt s1._domainkey.agroena.org
> > $
> >
> 
> I am not sure if it is a problem, but the selector is: mail.
> 
> $ dig +short txt mail._domainkey.agroena.org
> "k=rsa; t=s; h=sha256;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOGOPbZVPidt2KCGqb38+OOD/cIZZnkpMY67oUPAfjVzP7vjJnxeTUOYtuQPTYv3whE6dwRSDwdw96DELKTjbaJ8DMEDFxbeqZxFl4EivuxuIwRSJVZQ36ed+TnfrPxLQowcno3kIh9je3t2VQ7GfD4WJfPD2GzfVljcTmJP3gNQIDAQAB"
> 
> 
First you should match the selectors name.
Either by telling the filter to use the key in selector "mail"
or by changing the selectors name in DNS to "s1"
Then you can debug further (e.g. your public key in DNS should match
/etc/mail/dkim/private.key)

Re: smtpd only Mail Server

[latincom]

> On Tue, 2021-08-10 at 04:32 -0700, latin...@vcn.bc.ca wrote:
>> > On Aug 10 01:52:57, latin...@vcn.bc.ca wrote:
>> > > > - smtpd had its first commit in 2008 and back then was far from
>> > > >   production ready: So are you using base smtpd, or sendmail, or
>> > > >   something else?
>> > >
>> > > Yes, 2000 it was sendmail, nginx, apache, smtpd if i remember
>> correctly;
>> > > but my question is:
>> > >
>> > > "Could someone please point me to specific openbsd place to look for
>> > > it?"
>> >
>> > To look for what? smtpd documentation? man smtpd, man spmtpd.conf,
>> > there's a dkim example right there.
>>
>> Jay in this case it looks out of context, because it is a question after
>> the explanation! Look for understandable (my level) information related
>> to
>> dkim, dmarc, and spf! My field is agriculture!
>>
>> >
>> > > > - I assume it's related to outbound mail, but even that is not
>> > > >   completely clear to me.
>> > >
>> > > No, it is the complete behaviour of dkim, dmarc, and spf. i got 0/10
>> at
>> > > this page: https://www.mail-tester.com/ and yes, i can receive
>> mail, but
>> > > mine is considered spam!
>> >
>> > The fact that and arbitrary third site "tester" gives you this score
>> > or another can mean a lot of things. Nobody has seen your DNS or a
>> > single line of your conig yet, so it's hard to help you really.
>> >
>>
>> Well, i never said that it is the last word! I am asking for clear
>> information for dkim, dmarc, spf, and now dkimproxy and anything related
>> to send mail correctly; where correctly means "NO qualify my mail as
>> spam"
>>
>> > > > - Did you just put a dkim txt record in DNS without any additional
>> > > >   configuration on your mailserver?
>> > >
>> > > ok: i have 2 servers: 1. managed by nsd, which obtained 9.7/10 at
>> the
>> > > same
>> > > web page, not a problem; 2. vultr managed by their dns app, here i
>> am
>> > > not
>> > > able to make it work correctly. What should be the additional
>> > > configuration on the mail server please?
>> >
>> > What mail server?
>> > What "additional" configuration?
>>
>> This server:
>> > > > - Did you just put a dkim txt record in DNS without any additional
>> > > >   configuration on your mailserver?
>>
>> >
>> > If you want help with a mail config,
>> > you need to show your mail config.
>> >
>>
>> No problem:
>> I am used to use only the base system.
>>
>> #       $OpenBSD: smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles
>> Exp $
>>
>> # This is the smtpd server system-wide configuration file.
>> # See smtpd.conf(5) for more information.
>>
>> table aliases file:/etc/mail/aliases
>>
>> listen on socket
>>
>> # To accept external mail, replace with: listen on all
>> #
>> listen on all filter "dkimsign"
>>
>> action "local_mail" mbox alias 
>> action "outbound" relay
>>
>> # Uncomment the following to accept external mail for domain
>> "example.org"
>> #
>> # match from any for domain "example.org" action "local_mail"
>> match from any for domain "agroena.org" action "local_mail"
>> match from local for local action "local_mail"
>> match from local for any action "outbound"
>>
>> # dkim
>> filter "dkimsign" proc-exec "filter-dkimsign -d agroena.org -s s1 -k
>> /etc/mail/dkim/private.key" user _dkimsign group _dkimsign
>>
>>
> So assuming that you actually installed opensmtpd-filter-dkimsign and
> everything starts okay, you haven't put the public key in the DNS like
> you claimed in your original e-mail.
> $ dig +short txt s1._domainkey.agroena.org
> $
>

I am not sure if it is a problem, but the selector is: mail.

$ dig +short txt mail._domainkey.agroena.org
"k=rsa; t=s; h=sha256;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOGOPbZVPidt2KCGqb38+OOD/cIZZnkpMY67oUPAfjVzP7vjJnxeTUOYtuQPTYv3whE6dwRSDwdw96DELKTjbaJ8DMEDFxbeqZxFl4EivuxuIwRSJVZQ36ed+TnfrPxLQowcno3kIh9je3t2VQ7GfD4WJfPD2GzfVljcTmJP3gNQIDAQAB"

Re: smtpd only Mail Server

[Martijn van Duren]

On Tue, 2021-08-10 at 04:32 -0700, latin...@vcn.bc.ca wrote:
> > On Aug 10 01:52:57, latin...@vcn.bc.ca wrote:
> > > > - smtpd had its first commit in 2008 and back then was far from
> > > >   production ready: So are you using base smtpd, or sendmail, or
> > > >   something else?
> > > 
> > > Yes, 2000 it was sendmail, nginx, apache, smtpd if i remember correctly;
> > > but my question is:
> > > 
> > > "Could someone please point me to specific openbsd place to look for
> > > it?"
> > 
> > To look for what? smtpd documentation? man smtpd, man spmtpd.conf,
> > there's a dkim example right there.
> 
> Jay in this case it looks out of context, because it is a question after
> the explanation! Look for understandable (my level) information related to
> dkim, dmarc, and spf! My field is agriculture!
> 
> > 
> > > > - I assume it's related to outbound mail, but even that is not
> > > >   completely clear to me.
> > > 
> > > No, it is the complete behaviour of dkim, dmarc, and spf. i got 0/10 at
> > > this page: https://www.mail-tester.com/ and yes, i can receive mail, but
> > > mine is considered spam!
> > 
> > The fact that and arbitrary third site "tester" gives you this score
> > or another can mean a lot of things. Nobody has seen your DNS or a
> > single line of your conig yet, so it's hard to help you really.
> > 
> 
> Well, i never said that it is the last word! I am asking for clear
> information for dkim, dmarc, spf, and now dkimproxy and anything related
> to send mail correctly; where correctly means "NO qualify my mail as spam"
> 
> > > > - Did you just put a dkim txt record in DNS without any additional
> > > >   configuration on your mailserver?
> > > 
> > > ok: i have 2 servers: 1. managed by nsd, which obtained 9.7/10 at the
> > > same
> > > web page, not a problem; 2. vultr managed by their dns app, here i am
> > > not
> > > able to make it work correctly. What should be the additional
> > > configuration on the mail server please?
> > 
> > What mail server?
> > What "additional" configuration?
> 
> This server:
> > > > - Did you just put a dkim txt record in DNS without any additional
> > > >   configuration on your mailserver?
> 
> > 
> > If you want help with a mail config,
> > you need to show your mail config.
> > 
> 
> No problem:
> I am used to use only the base system.
> 
> #   $OpenBSD: smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles Exp $
> 
> # This is the smtpd server system-wide configuration file.
> # See smtpd.conf(5) for more information.
> 
> table aliases file:/etc/mail/aliases
> 
> listen on socket
> 
> # To accept external mail, replace with: listen on all
> #
> listen on all filter "dkimsign"
> 
> action "local_mail" mbox alias 
> action "outbound" relay
> 
> # Uncomment the following to accept external mail for domain "example.org"
> #
> # match from any for domain "example.org" action "local_mail"
> match from any for domain "agroena.org" action "local_mail"
> match from local for local action "local_mail"
> match from local for any action "outbound"
> 
> # dkim
> filter "dkimsign" proc-exec "filter-dkimsign -d agroena.org -s s1 -k
> /etc/mail/dkim/private.key" user _dkimsign group _dkimsign
> 
> 
So assuming that you actually installed opensmtpd-filter-dkimsign and
everything starts okay, you haven't put the public key in the DNS like
you claimed in your original e-mail.
$ dig +short txt s1._domainkey.agroena.org
$

Re: smtpd only Mail Server

[latincom]

> On Aug 10 01:52:57, latin...@vcn.bc.ca wrote:
>> > - smtpd had its first commit in 2008 and back then was far from
>> >   production ready: So are you using base smtpd, or sendmail, or
>> >   something else?
>>
>> Yes, 2000 it was sendmail, nginx, apache, smtpd if i remember correctly;
>> but my question is:
>>
>> "Could someone please point me to specific openbsd place to look for
>> it?"
>
> To look for what? smtpd documentation? man smtpd, man spmtpd.conf,
> there's a dkim example right there.

Jay in this case it looks out of context, because it is a question after
the explanation! Look for understandable (my level) information related to
dkim, dmarc, and spf! My field is agriculture!

>
>> > - I assume it's related to outbound mail, but even that is not
>> >   completely clear to me.
>>
>> No, it is the complete behaviour of dkim, dmarc, and spf. i got 0/10 at
>> this page: https://www.mail-tester.com/ and yes, i can receive mail, but
>> mine is considered spam!
>
> The fact that and arbitrary third site "tester" gives you this score
> or another can mean a lot of things. Nobody has seen your DNS or a
> single line of your conig yet, so it's hard to help you really.
>

Well, i never said that it is the last word! I am asking for clear
information for dkim, dmarc, spf, and now dkimproxy and anything related
to send mail correctly; where correctly means "NO qualify my mail as spam"

>> > - Did you just put a dkim txt record in DNS without any additional
>> >   configuration on your mailserver?
>>
>> ok: i have 2 servers: 1. managed by nsd, which obtained 9.7/10 at the
>> same
>> web page, not a problem; 2. vultr managed by their dns app, here i am
>> not
>> able to make it work correctly. What should be the additional
>> configuration on the mail server please?
>
> What mail server?
> What "additional" configuration?

This server:
>> > - Did you just put a dkim txt record in DNS without any additional
>> >   configuration on your mailserver?

>
> If you want help with a mail config,
> you need to show your mail config.
>

No problem:
I am used to use only the base system.

#   $OpenBSD: smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles Exp $

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

table aliases file:/etc/mail/aliases

listen on socket

# To accept external mail, replace with: listen on all
#
listen on all filter "dkimsign"

action "local_mail" mbox alias 
action "outbound" relay

# Uncomment the following to accept external mail for domain "example.org"
#
# match from any for domain "example.org" action "local_mail"
match from any for domain "agroena.org" action "local_mail"
match from local for local action "local_mail"
match from local for any action "outbound"

# dkim
filter "dkimsign" proc-exec "filter-dkimsign -d agroena.org -s s1 -k
/etc/mail/dkim/private.key" user _dkimsign group _dkimsign

Re: smtpd only Mail Server

[Jan Stary]

On Aug 10 01:52:57, latin...@vcn.bc.ca wrote:
> > - smtpd had its first commit in 2008 and back then was far from
> >   production ready: So are you using base smtpd, or sendmail, or
> >   something else?
> 
> Yes, 2000 it was sendmail, nginx, apache, smtpd if i remember correctly;
> but my question is:
> 
> "Could someone please point me to specific openbsd place to look for it?"

To look for what? smtpd documentation? man smtpd, man spmtpd.conf,
there's a dkim example right there.

> > - I assume it's related to outbound mail, but even that is not
> >   completely clear to me.
> 
> No, it is the complete behaviour of dkim, dmarc, and spf. i got 0/10 at
> this page: https://www.mail-tester.com/ and yes, i can receive mail, but
> mine is considered spam!

The fact that and arbitrary third site "tester" gives you this score
or another can mean a lot of things. Nobody has seen your DNS or a
single line of your conig yet, so it's hard to help you really.

> > - Did you just put a dkim txt record in DNS without any additional
> >   configuration on your mailserver?
> 
> ok: i have 2 servers: 1. managed by nsd, which obtained 9.7/10 at the same
> web page, not a problem; 2. vultr managed by their dns app, here i am not
> able to make it work correctly. What should be the additional
> configuration on the mail server please?

What mail server?
What "additional" configuration?

If you want help with a mail config,
you need to show your mail config.

Re: smtpd only Mail Server

[latincom]

> On Mon, 2021-08-09 at 20:02 -0700, latin...@vcn.bc.ca wrote:
>> Hello
>>
>> i have had a smtpd only mail server for 21 years; but now i have a big
>> problem related to dkim, dmarc, and spf. First, there is not man page,
>> archives are not clear for me, google is confusing; but i have added the
>> corresponding dns records, with the result that dkim is not signing
>> mail!
>>
>> Could someone please point me to specific openbsd place to look for it?
>>
>> thanks
>>
>
> Your information is far from complete, so don't expect anything
> useful from this mail, but:

This is the main OpenBSD list for users, i almost always got useful answers!

> - smtpd had its first commit in 2008 and back then was far from
>   production ready: So are you using base smtpd, or sendmail, or
>   something else?

Yes, 2000 it was sendmail, nginx, apache, smtpd if i remember correctly;
but my question is:

"Could someone please point me to specific openbsd place to look for it?"

> - I assume it's related to outbound mail, but even that is not
>   completely clear to me.

No, it is the complete behaviour of dkim, dmarc, and spf. i got 0/10 at
this page: https://www.mail-tester.com/ and yes, i can receive mail, but
mine is considered spam!

> - Did you just put a dkim txt record in DNS without any additional
>   configuration on your mailserver?

ok: i have 2 servers: 1. managed by nsd, which obtained 9.7/10 at the same
web page, not a problem; 2. vultr managed by their dns app, here i am not
able to make it work correctly. What should be the additional
configuration on the mail server please?

> - If you did configure something, what do you use? (e.g.
>   filter-dkimsign, rspamd, dkimproxy, ...)
> - What kind of errors do you see?

Well, now that you mention it; my first step was pkg_add dkimproxy, and
minutes after, pkg_delete dkimproxy. It was all.

>
> So if I'm taking a blind guess I'd say smtpd, without additional
> configuration on outbound mail. In that case I suggest you install
> opensmtpd-filter-dkimsign from ports and read the readme:
> /usr/local/share/doc/pkg-readmes/opensmtpd-filter-dkimsign and
> filter-dkimsign(8).

Are you saying that i am in need of installing something that is not in
the system? i use only the base system, which for me has been enough.

>
> martijn@

Well at tha end you gave me a lot of information, thanks for that.

Re: smtpd only Mail Server

[artsi0m]

Hello!
>smtpd only mail server for 21 years.
Why not use fdm ? As i know it is developed by OpenBSD members.
>There is no man page for dkim, dmark and spf
OpenBSD developers maintain man pages for base system mostly.
I've never heard about ports maintainers editing port man page.
>google is confusing
I think, you should use more of apropos(1) and read other systems
man pages too.
>specific openbsd place
I've heard about hackathon's being a real thing, also solene@ can advice
you which irc client to use and by the way Stallman advised to solve
similar tasks with the help of people from install fests.

Best regards, Artyom.
‐‐‐ Original Message ‐‐‐

вторник, 10 августа 2021 г., 6:02 ДП,  написал(а):

> Hello
>
> i have had a smtpd only mail server for 21 years; but now i have a big
>
> problem related to dkim, dmarc, and spf. First, there is not man page,
>
> archives are not clear for me, google is confusing; but i have added the
>
> corresponding dns records, with the result that dkim is not signing mail!
>
> Could someone please point me to specific openbsd place to look for it?
>
> thanks

Re: smtpd only Mail Server

[Martijn van Duren]

On Mon, 2021-08-09 at 20:02 -0700, latin...@vcn.bc.ca wrote:
> Hello
> 
> i have had a smtpd only mail server for 21 years; but now i have a big
> problem related to dkim, dmarc, and spf. First, there is not man page,
> archives are not clear for me, google is confusing; but i have added the
> corresponding dns records, with the result that dkim is not signing mail!
> 
> Could someone please point me to specific openbsd place to look for it?
> 
> thanks
> 

Your information is far from complete, so don't expect anything
useful from this mail, but:
- smtpd had its first commit in 2008 and back then was far from
  production ready: So are you using base smtpd, or sendmail, or
  something else?
- I assume it's related to outbound mail, but even that is not
  completely clear to me.
- Did you just put a dkim txt record in DNS without any additional
  configuration on your mailserver?
- If you did configure something, what do you use? (e.g.
  filter-dkimsign, rspamd, dkimproxy, ...)
- What kind of errors do you see?

So if I'm taking a blind guess I'd say smtpd, without additional
configuration on outbound mail. In that case I suggest you install
opensmtpd-filter-dkimsign from ports and read the readme:
/usr/local/share/doc/pkg-readmes/opensmtpd-filter-dkimsign and
filter-dkimsign(8).

martijn@

smtpd only Mail Server

[latincom]

Hello

i have had a smtpd only mail server for 21 years; but now i have a big
problem related to dkim, dmarc, and spf. First, there is not man page,
archives are not clear for me, google is confusing; but i have added the
corresponding dns records, with the result that dkim is not signing mail!

Could someone please point me to specific openbsd place to look for it?

thanks