Re: dual separator?

2014-09-01 Thread Gilles Chehade 
Hi,

On Fri, Aug 22, 2014 at 12:17:54PM -0500, Adam Thompson wrote:
 On 14-08-22 12:09 PM, Claus Assmann wrote:
 On Fri, Aug 22, 2014, Adam Thompson wrote:
 I have a large number of email tags, but use both + and - as a
 separator.
 So far, I'm entering all the - ones into aliases; is there a better way to
 do this?
 In postfix, I was able to use a regex to manipulate incoming addresses to
 Hmm, it might be help to answer your question if you tell us which MTA
 you are using... (or you could switch to postfix...)
 
 Oops... that was meant to go to misc@opensmtpd.org, not m...@openbsd.org.
 That should have made it blindingly obvious, but I'm now using smtpd(8).
 And I've also discovered that the RHS in aliases(5) must be a bare userid,
 and putting a + in there causes newaliases(8) to fail. Not sure why that
 would be intended behaviour, but not sure it's a bug either.
 

There is currently no way of specifying the delimiter, it can only be +
someone opened a ticket on our tracker and after we discuss it it might
change

-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Incomplete error messages from bounced emails?

2014-09-01 Thread Gilles Chehade 
On Sat, Aug 23, 2014 at 12:28:00PM -0300, Hugo Osvaldo Barrera wrote:
 On 2014-08-22 18:32, Giovanni Bechis wrote:
  On 08/22/14 14:30, Hugo Osvaldo Barrera wrote:
   I recently had some messages bounce from gmail.com. I went up to their 
   forums
   to ask what's up, and on the replies, it was pointed out to my that gsmtpd
   actually sends a rather verbose explanation message when it bounces 
   messages
   (eg: if it's spam, invalid return address, blacklisted address, etc).
   
   Here's the thread were this was pointed to me. I'm guessing that sending 
   an
   email from a non-static IP range is enough to trigger a bounce 
   harmelessly:
   https://productforums.google.com/forum/#!msg/gmail/SQQAbew5tfE/-ue8aO07sf8J
   
   Can somebody confirm if these explanations are being dropped by smtpd, if
   they're non-standard, or what's going on?
   
  gmail warnings are splitted in two or more lines and smtpd logs only one of 
  them.
  See https://github.com/OpenSMTPD/OpenSMTPD/issues/365 for details.
   Cheers
Giovanni
  
  -- 
  You received this mail because you are subscribed to misc@opensmtpd.org
  To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
  
 
 Looks like the devs were expecting this to make it to the list and it did not.
 Can we bring that up now? Are there any downsides to implementing this?
 

Yes, we were waiting for the discussion to come up.

There's a downside to implementing this:

Imagine you create an account for me on your server.
I then decide to go rogue and setup a remote MX which will reply with
a HUGE response, say 1000s of lines.

We need to log atomically so:

a- log line can't be written until we're done reading response;
b- session needs to remember every line of the response until done reading;


This leads to some issues:

First, it means that we need to buffer data at the session level.
That amount of data is unknown and if I'm an asshole, I will send tons
of outgoing mails to my rogue server so that there are tons of sessions
buffering tons of data.

Then, do we really want to log the entire response ?
Every time I will send a mail to one recipient, it will fill your logs
with thousands of lines. Without even considering the speed at which I
can amplify your logs filling, what worries me is that it can turn log
files into unreadable garbage where one useful information is lost in
a heap of useless logs.


I understand the problem, I also face it daily but logging all is not
the way to go. We need to find a proper balance, let the discussion
begin ;-)

-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: [userbase] email in login field

2014-09-01 Thread Gilles Chehade 
we may want to support email addresses as login, this can be discussed
it was not designed this way to start with because we didn't support
!system auth but this has changed and the use case has come up a few
times

Gilles


On Wed, Aug 20, 2014 at 06:08:54PM +0200, Giovanni Bechis wrote:
 On Wed, Aug 20, 2014 at 02:16:05PM +0200, Martijn van Duren wrote:
  
   query_alias select COALESCE(destination, REPLACE(maddr, '@',
   '_')), ? as maddr from mail_forwarding where source=maddr;
  
  And of course I was a bit too fast with this one (column aliases can't
  be used in other columns), so if something should work it would be:
  
  query_alias SET @maddr = ?; SELECT COALESCE(destination,
  REPLACE(@maddr, '@', '_')) from mail_forwarding where source=@maddr;
  
  I've tested this one as a proof of concept, yet not in an
  table_mysql.conf setup.
  
  I am curious if this works, so keep me posted. :)
  
 This one seems to work, I created a view to get rid of the SET instructions 
 that does not seem
 to work.
 I will do more tests soon.
  Thanks  Cheers
   Giovanni

 #
 # Sample PostgreSQL configuration file
 #
 # This is an example configuration file for using OpenSMTPD with the 
 PostgreSQL
 # backend for lookups. OpenSMTPD does not have hardcoded tables and you may
 #
 #
 
 host  localhost
 username  user
 password  pass
 database  db
 
 # Alias lookup query
 #
 # rows   = 0
 # fields == 1 (user varchar)
 #
 query_alias   select destination from mail_valias where source=?
 
 
 # Domain lookup query
 #
 # rows   == 1
 # fields == 1 (domain varchar)
 #
 query_domainselect domain from mail_domain where domain=?;
 
 
 # User lookup query
 #
 # rows   == 1
 # fields == 3 (uid int, gid int, directory varchar)
 #
 query_userinfoselect uid,gid,maildir from mail_user where 
 REPLACE(login, '@', '_')=? and server_id=6;
 
 
 # Credentials lookup query
 #
 # rows   == 1
 # fields == 2 (username varchar, password varchar)
 #
 query_credentialsselect login, password from mail_user where login=?;
 
 
 # Netaddr lookup query
 #
 # rows   == 1
 # fields == 1 (netaddr varchar)
 #
 #query_netaddrselect value from netaddr where value=$1;

 MariaDB [dbispconfig] show create view mail_valias\G
 *** 1. row ***
 View: mail_valias
  Create View: CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` 
 SQL SECURITY DEFINER VIEW `mail_valias` AS select `mail_forwarding`.`source` 
 AS 
 `source`,replace(replace(`mail_forwarding`.`destination`,'@','_'),'\r\n',', 
 ') AS `destination` from `mail_forwarding` union select `mail_user`.`email` 
 AS `email`,replace(`mail_user`.`email`,'@','_') AS `replace(email, '@', '_')` 
 from `mail_user`
 character_set_client: utf8
 collation_connection: utf8_general_ci
 1 row in set (0.00 sec)
 
 MariaDB [dbispconfig] \q


-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: dual separator?

2014-09-01 Thread Adam Thompson 

On 14-09-01 03:33 AM, Gilles Chehade wrote:

Hi,

On Fri, Aug 22, 2014 at 12:17:54PM -0500, Adam Thompson wrote:

On 14-08-22 12:09 PM, Claus Assmann wrote:

On Fri, Aug 22, 2014, Adam Thompson wrote:

I have a large number of email tags, but use both + and - as a
separator.
So far, I'm entering all the - ones into aliases; is there a better way to
do this?
In postfix, I was able to use a regex to manipulate incoming addresses to

There is currently no way of specifying the delimiter, it can only be +
someone opened a ticket on our tracker and after we discuss it it might
change


On a related note... there's no publicly-visible link (that I can find) 
on www.opensmtpd.org to www.opensmtpd.org/reporting.html. Google knows 
about it somehow, but I had no other (obvious) way of finding that 
information.


--
-Adam Thompson
 athom...@athompso.net


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

masquerade feature

2014-09-01 Thread RD Thrush 
I would like to convert an OpenBSD system from sendmail to opensmtpd; however,
opensmptd lacks the masquerade feature. Will this feature be added?  The latest
status I've seen is from the github mirror[1].

[1]https://github.com/OpenSMTPD/OpenSMTPD/issues/172

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

smtpd[1175]: fatal: smtp_setup_events: ssl_setup failure: No such file or directory

2014-09-01 Thread Tristan Pilat 
Hello everybody,

I've just migrate my opensmtpd configuration to a new server with
a fresh openbsd 5.5 install (binpatched with openup) and i
encountered a strange problem.

# /etc/rc.d/smtpd start
smtpd(ok)

# tail -f /var/log/maillog 
Sep  1 19:31:45 lea smtpd[16606]: info: startup
Sep  1 19:31:45 lea smtpd[21299]: fatal: smtp_setup_events:
ssl_setup failure: No such file or directory
Sep  1 19:31:45 lea smtpd[16606]: warn: parent - smtp: pipe
closed
Sep  1 19:31:45 lea smtpd[21175]: warn: mfa - smtp: pipe closed
Sep  1 19:31:45 lea smtpd[2208]: warn: lka - smtp: pipe closed
Sep  1 19:31:45 lea smtpd[3501]: warn: queue - smtp: pipe closed
Sep  1 19:31:45 lea smtpd[24581]: warn: control - smtp: pipe
closed
Sep  1 19:31:45 lea smtpd[14104]: warn: mta - lka: pipe closed
Sep  1 19:31:45 lea smtpd[31332]: warn: scheduler - queue: pipe
closed
Sep  1 19:31:45 lea smtpd[31686]: warn: mda - lka: pipe closed

# cat /etc/mail/smtpd.conf  
  
pki lea.tristanpilat.com certificate
/etc/mail/certs/lea.tristanpilat.com.crt
pki lea.tristanpilat.com key
/etc/mail/certs/lea.tristanpilat.com.key

listen on lo0
listen on em0 smtps pki lea.tristanpilat.com auth hostname
lea.tristanpilat.com
listen on em0 tls pki lea.tristanpilat.com hostname
lea.tristanpilat.com

table aliases { admin = contact, postmaster = contact, root =
contact, abuse = contact }

accept for local alias aliases deliver to maildir
accept from any for domain tristanpilat.com alias aliases
deliver to maildir
accept from local for any relay

# ls -la /etc/mail/certs/   
  
total 20
drwxr-xr-x  2 root  wheel   512 Sep  1 13:55 .
drwxr-xr-x  3 root  wheel  1024 Sep  1 13:55 ..
-rw---  1 root  wheel  1720 Aug 31 23:44
lea.tristanpilat.com.crt
-rw---  1 root  wheel  3272 Aug 31 23:44
lea.tristanpilat.com.key

What is wrong with my configuration ? Any idea ?

Thanks for your help.
-- 
Tristan Pilat


pgpRH408ynJG4.pgp
Description: PGP signature

Re: smtpd[1175]: fatal: smtp_setup_events: ssl_setup failure: No such file or directory

2014-09-01 Thread Tristan Pilat 
Thanks for your reply.

Monday 01 Sep 2014 20:29:17 (+0200), Heiko Zimmermann a écrit :
 Hi Tristan,
 
 maybe I’m wrong. But I think user _smtpd has no permission to your *.crt and 
 *.key

I don't think it's the problem cause i have the same rights on
my previous server.

 You could use the smtpd -v option for more output.

Here is the output;

# smtpd -dv  
debug: init ssl-tree
info: loading pki information for lea.tristanpilat.com
info: OpenSMTPD 5.4.2 starting
debug: bounce warning after 4h
debug: using fs queue backend
debug: using ramqueue scheduler backend
debug: using ram stat backend
info: startup [debug mode]
debug: parent_send_config_ruleset: reloading
mfa: building simple chains...
debug: queue: done loading queue into scheduler
debug: parent_send_config_mfa: reloading
mfa: building complex chains...
debug: parent_send_config: configuring smtp
mfa: done building complex chains
mfa: done building default chain
debug: smtp: listen on IPv6:fe80::ca0a:a9ff:fec8:e7d7%em0 port 25
flags 0x1 pki lea.tristanpilat.com
debug: mfa ready
debug: smtp: listen on 195.154.110.80 port 25 flags 0x1 pki
lea.tristanpilat.com
debug: smtp: listen on IPv6:fe80::ca0a:a9ff:fec8:e7d7%em0 port
465 flags 0x4a pki lea.tristanpilat.com
debug: smtp: listen on 195.154.110.80 port 465 flags 0x4a pki
lea.tristanpilat.com
debug: smtp: listen on 127.0.0.1 port 25 flags 0x0 pki 
debug: smtp: listen on IPv6:fe80::1%lo0 port 25 flags 0x0 pki 
debug: smtp: listen on IPv6:::1 port 25 flags 0x0 pki 
debug: SSL library error: ssl_setup: error:0906D06C:PEM
routines:PEM_read_bio:no start line
debug: SSL library error: ssl_setup: error:140DC009:SSL
routines:SSL_CTX_use_certificate_chain_file:PEM lib
fatal: smtp_setup_events: ssl_setup failure: No such file or
directory
warn: parent - smtp: pipe closed
warn: mfa - smtp: pipe closed
warn: lka - smtp: pipe closed
warn: queue - smtp: pipe closed
warn: control - smtp: pipe closed
warn: mda - lka: pipe closed
warn: mta - lka: pipe closed
warn: scheduler - queue: pipe closed

-- 
Tristan Pilat


pgpYo4MHKmhuU.pgp
Description: PGP signature

Re: smtpd[1175]: fatal: smtp_setup_events: ssl_setup failure: No such file or directory

2014-09-01 Thread Tristan Pilat 
Monday 01 Sep 2014 21:12:02 (+0200), Heiko Zimmermann a écrit :
 You think or you tested it?
 
 Test with 644 and you know.
 
I can't :

# smtpd -dv   
debug: init ssl-tree
info: loading pki information for lea.tristanpilat.com
warn:  /etc/mail/certs/lea.tristanpilat.com.key: insecure
permissions: must be at most rwx-- 
fatal: load_pki_tree: failed to load key file

-- 
Tristan Pilat


pgpFRJIvBVqBg.pgp
Description: PGP signature

Re: smtpd[1175]: fatal: smtp_setup_events: ssl_setup failure: No such file or directory

2014-09-01 Thread Tristan Pilat 
Sorry for the noise. My new certificates were broken... 

# openssl genrsa -out /etc/mail/certs/lea.tristanpilat.com.key
4096
# /etc/rc.d/smtpd stop 
openssl req -new -x509 -key /etc/mail/certs/lea.tristanpilat.com.key -out 
/etc/mail/certs/lea.tristanpilat.com.crt -days 365

Now everything works great !

Thanks anyway !
-- 
Tristan Pilat
76 rue Saint Pierre
13005 Marseille
tel. 06 95 55 74 71
http://www.tristanpilat.com


pgpmdnFAoPb8v.pgp
Description: PGP signature