Re: Credentials Table
Hi Matt, Can you please describe your setup with regards to two seperate password files? I have had second thoughts and will be adding Dovecot into my setup. IMAP is very convenient and allows me some flexibility. Thanks On 28 Aug 2018, at 7:55 am, Matt Schwartz mailto:matt.schwart...@gmail.com>> wrote: I feel more comfortable having two separate password files for Dovecot and OpenSMTPD. Yes, it's more administrative work but it works fine for my purposes. On Mon, Aug 27, 2018, 2:40 PM Bruno Pagani wrote: The passwd option exists actually, but is provided by opensmtpd-extras. And that’s what I use since it allows keeping the same file for opensmtpd and dovecot. Regards, Bruno Le 27 août 2018 09:31:54 GMT+02:00, Antonino Sidoti mailto:n...@sidoti.id.au>> a écrit : HI, Base on the feedback I am going to use the ‘file’ option for the credentials table in my smtpd.conf; table passed file:/etc/mail/passwd Thanks On 27 Aug 2018, at 5:24 pm, Matt Schwartz mailto:matt.schwart...@gmail.com>> wrote: I simply use the file type. For example: table credentials file:/etc/mail/credentials. I do it this way because it is the simplest form. All I have in the credentials file is username:password. Use smtpctl encrypt to generate the encrypted password for the user. Finally, use smtpctl update table credentials to tell smtpd about the changes. On Sun, Aug 26, 2018, 11:35 PM Antonino Sidoti wrote: Hi, When using a credentials table (man table), what table type do I use with regards to using the table in a smtpd.conf configuration? I have created this table in my smtpd.conf but I am not sure it is correct? table passwd file:/etc/mail/passwd Though I have seen a sample configuration from another site using a different table type; table passwd passwd:/etc/mail/passwd Reading the man page, it does not make any reference to the table type using ‘passwd’. It only talks about ‘file’ and ‘db’. Nino
Re: Credentials Table
I feel more comfortable having two separate password files for Dovecot and OpenSMTPD. Yes, it's more administrative work but it works fine for my purposes. On Mon, Aug 27, 2018, 2:40 PM Bruno Pagani wrote: > The passwd option exists actually, but is provided by opensmtpd-extras. > > And that’s what I use since it allows keeping the same file for opensmtpd > and dovecot. > > Regards, > Bruno > > Le 27 août 2018 09:31:54 GMT+02:00, Antonino Sidoti a > écrit : >> >> HI, >> >> Base on the feedback I am going to use the ‘file’ option for the >> credentials table in my smtpd.conf; >> >> table passed file:/etc/mail/passwd >> >> Thanks >> >> On 27 Aug 2018, at 5:24 pm, Matt Schwartz >> wrote: >> >> I simply use the file type. For example: >> table credentials file:/etc/mail/credentials. >> >> I do it this way because it is the simplest form. All I have in the >> credentials file is username:password. Use smtpctl encrypt to generate the >> encrypted password for the user. Finally, use smtpctl update table >> credentials to tell smtpd about the changes. >> >> On Sun, Aug 26, 2018, 11:35 PM Antonino Sidoti wrote: >> >>> Hi, >>> >>> When using a credentials table (man table), what table type do I use >>> with regards to using the table in a smtpd.conf configuration? >>> >>> I have created this table in my smtpd.conf but I am not sure it is >>> correct? >>> >>> table passwd file:/etc/mail/passwd >>> >>> Though I have seen a sample configuration from another site using a >>> different table type; >>> >>> table passwd passwd:/etc/mail/passwd >>> >>> Reading the man page, it does not make any reference to the table type >>> using ‘passwd’. It only talks about ‘file’ and ‘db’. >>> >>> Nino >> >> >>
Re: Credentials Table
The passwd option exists actually, but is provided by opensmtpd-extras. And that’s what I use since it allows keeping the same file for opensmtpd and dovecot. Regards, Bruno Le 27 août 2018 09:31:54 GMT+02:00, Antonino Sidoti a écrit : >HI, > >Base on the feedback I am going to use the ‘file’ option for the >credentials table in my smtpd.conf; > >table passed file:/etc/mail/passwd > >Thanks > >On 27 Aug 2018, at 5:24 pm, Matt Schwartz >mailto:matt.schwart...@gmail.com>> wrote: > >I simply use the file type. For example: >table credentials file:/etc/mail/credentials. > >I do it this way because it is the simplest form. All I have in the >credentials file is username:password. Use smtpctl encrypt to generate >the encrypted password for the user. Finally, use smtpctl update table >credentials to tell smtpd about the changes. > >On Sun, Aug 26, 2018, 11:35 PM Antonino Sidoti wrote: >Hi, > >When using a credentials table (man table), what table type do I use >with regards to using the table in a smtpd.conf configuration? > >I have created this table in my smtpd.conf but I am not sure it is >correct? > >table passwd file:/etc/mail/passwd > >Though I have seen a sample configuration from another site using a >different table type; > >table passwd passwd:/etc/mail/passwd > >Reading the man page, it does not make any reference to the table type >using ‘passwd’. It only talks about ‘file’ and ‘db’. > >Nino
Re: userbase question
Sent from my Verizon SmartphoneOn Aug 27, 2018 8:54 AM, Matt Schwartz wrote:>> I am hoping not to have to use sqlite tables. I like the simplicity of > file-based configuration. > On Mon, Aug 27, 2018 at 9:47 AM Reio Remma wrote: > > > > Iirc I got the .forward file working with sqlite tables, where the user query also returned the virtual user’s maildir as an extra parameter. > > > > Good luck, > > Reio > > > > > On 27 Aug 2018, at 16:11, Matt Schwartz wrote: > > > > > > Hello misc@, > > > > > > Below is my configuration file. I am trying to use the userbase > > > parameter and when I try to send an email to myself, I get the 550 > > > Invalid Recipient error. I am trying to get the usrbase parameter > > > working so that I can add a .forward file for virtual users as per the > > > table(5) man page. If I don't use the userbase parameter, mail > > > delivery works just fine. I am not certain what I am doing wrong here. > > > > > > #smtpd.conf > > > pki mail cert "/etc/ssl/smtpd.crt" > > > pki mail key "/etc/ssl/private/smtpd.key" > > > > > > table aliases file:/etc/mail/aliases > > > table addrnames file:/etc/mail/addrnames > > > table credentials file:/etc/mail/credentials > > > table domains file:/etc/mail/domains > > > table virtuals file:/etc/mail/virtuals > > > table usrbase file:/etc/mail/usrbase > > > table rejects file:/etc/mail/rejects > > > > > > # Listeners > > > # > > > listen on lo0 > > > listen on lo0 port 10028 tag DKIM > > > listen on vio0 tls pki mail hostnames > > > listen on vio0 port 587 tls-require pki mail auth \ > > > hostnames > > > > > > # Actions > > > # > > > action "local" mda "/usr/local/bin/rspamc -d %{dest} --mime --exec > > > '/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest} -a > > > %{rcpt}'" alias > > > action "domain" mda "/usr/local/bin/rspamc -d %{dest} --mime --exec > > > '/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest} -a > > > %{rcpt}'" userbase virtual > > > action "dkim" relay host smtp://127.0.0.1:10027 > > > action "relay" relay > > > > > > # Incoming > > > # > > > match from any mail-from for any reject > > > match from local for local action "local" > > > match from any for domain action "domain" > > > > > > # Outgoing > > > # > > > match tag DKIM for any action "relay" > > > match from local for any action "dkim" > > > match auth from any for any action "dkim" > > > > > > #usrbase > > > m...@example.org 2000:2000:/var/vmail/example.org/matt > > > > > > #virtuals > > > m...@example.org vmail > > > > > > Thanks in advance, > > > Matt > > > > > > -- > > > You received this mail because you are subscribed to misc@opensmtpd.org > > > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > > > > > > > > > -- > > You received this mail because you are subscribed to misc@opensmtpd.org > > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > > >> -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org >It seems to be a bug. Look at the thread about forwarding a single email. He has the same issue. I switched to MySQL tables about a year ago and it is so much easier.
Re: userbase question
I am hoping not to have to use sqlite tables. I like the simplicity of
file-based configuration.
On Mon, Aug 27, 2018 at 9:47 AM Reio Remma wrote:
>
> Iirc I got the .forward file working with sqlite tables, where the user query
> also returned the virtual user’s maildir as an extra parameter.
>
> Good luck,
> Reio
>
> > On 27 Aug 2018, at 16:11, Matt Schwartz wrote:
> >
> > Hello misc@,
> >
> > Below is my configuration file. I am trying to use the userbase
> > parameter and when I try to send an email to myself, I get the 550
> > Invalid Recipient error. I am trying to get the usrbase parameter
> > working so that I can add a .forward file for virtual users as per the
> > table(5) man page. If I don't use the userbase parameter, mail
> > delivery works just fine. I am not certain what I am doing wrong here.
> >
> > #smtpd.conf
> > pki mail cert "/etc/ssl/smtpd.crt"
> > pki mail key "/etc/ssl/private/smtpd.key"
> >
> > table aliases file:/etc/mail/aliases
> > table addrnames file:/etc/mail/addrnames
> > table credentials file:/etc/mail/credentials
> > table domains file:/etc/mail/domains
> > table virtuals file:/etc/mail/virtuals
> > table usrbase file:/etc/mail/usrbase
> > table rejects file:/etc/mail/rejects
> >
> > # Listeners
> > #
> > listen on lo0
> > listen on lo0 port 10028 tag DKIM
> > listen on vio0 tls pki mail hostnames
> > listen on vio0 port 587 tls-require pki mail auth \
> >hostnames
> >
> > # Actions
> > #
> > action "local" mda "/usr/local/bin/rspamc -d %{dest} --mime --exec
> > '/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest} -a
> > %{rcpt}'" alias
> > action "domain" mda "/usr/local/bin/rspamc -d %{dest} --mime --exec
> > '/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest} -a
> > %{rcpt}'" userbase virtual
> > action "dkim" relay host smtp://127.0.0.1:10027
> > action "relay" relay
> >
> > # Incoming
> > #
> > match from any mail-from for any reject
> > match from local for local action "local"
> > match from any for domain action "domain"
> >
> > # Outgoing
> > #
> > match tag DKIM for any action "relay"
> > match from local for any action "dkim"
> > match auth from any for any action "dkim"
> >
> > #usrbase
> > m...@example.org 2000:2000:/var/vmail/example.org/matt
> >
> > #virtuals
> > m...@example.org vmail
> >
> > Thanks in advance,
> > Matt
> >
> > --
> > You received this mail because you are subscribed to misc@opensmtpd.org
> > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> >
>
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: userbase question
Iirc I got the .forward file working with sqlite tables, where the user query
also returned the virtual user’s maildir as an extra parameter.
Good luck,
Reio
> On 27 Aug 2018, at 16:11, Matt Schwartz wrote:
>
> Hello misc@,
>
> Below is my configuration file. I am trying to use the userbase
> parameter and when I try to send an email to myself, I get the 550
> Invalid Recipient error. I am trying to get the usrbase parameter
> working so that I can add a .forward file for virtual users as per the
> table(5) man page. If I don't use the userbase parameter, mail
> delivery works just fine. I am not certain what I am doing wrong here.
>
> #smtpd.conf
> pki mail cert "/etc/ssl/smtpd.crt"
> pki mail key "/etc/ssl/private/smtpd.key"
>
> table aliases file:/etc/mail/aliases
> table addrnames file:/etc/mail/addrnames
> table credentials file:/etc/mail/credentials
> table domains file:/etc/mail/domains
> table virtuals file:/etc/mail/virtuals
> table usrbase file:/etc/mail/usrbase
> table rejects file:/etc/mail/rejects
>
> # Listeners
> #
> listen on lo0
> listen on lo0 port 10028 tag DKIM
> listen on vio0 tls pki mail hostnames
> listen on vio0 port 587 tls-require pki mail auth \
>hostnames
>
> # Actions
> #
> action "local" mda "/usr/local/bin/rspamc -d %{dest} --mime --exec
> '/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest} -a
> %{rcpt}'" alias
> action "domain" mda "/usr/local/bin/rspamc -d %{dest} --mime --exec
> '/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest} -a
> %{rcpt}'" userbase virtual
> action "dkim" relay host smtp://127.0.0.1:10027
> action "relay" relay
>
> # Incoming
> #
> match from any mail-from for any reject
> match from local for local action "local"
> match from any for domain action "domain"
>
> # Outgoing
> #
> match tag DKIM for any action "relay"
> match from local for any action "dkim"
> match auth from any for any action "dkim"
>
> #usrbase
> m...@example.org 2000:2000:/var/vmail/example.org/matt
>
> #virtuals
> m...@example.org vmail
>
> Thanks in advance,
> Matt
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
userbase question
Hello misc@,
Below is my configuration file. I am trying to use the userbase
parameter and when I try to send an email to myself, I get the 550
Invalid Recipient error. I am trying to get the usrbase parameter
working so that I can add a .forward file for virtual users as per the
table(5) man page. If I don't use the userbase parameter, mail
delivery works just fine. I am not certain what I am doing wrong here.
#smtpd.conf
pki mail cert "/etc/ssl/smtpd.crt"
pki mail key "/etc/ssl/private/smtpd.key"
table aliases file:/etc/mail/aliases
table addrnames file:/etc/mail/addrnames
table credentials file:/etc/mail/credentials
table domains file:/etc/mail/domains
table virtuals file:/etc/mail/virtuals
table usrbase file:/etc/mail/usrbase
table rejects file:/etc/mail/rejects
# Listeners
#
listen on lo0
listen on lo0 port 10028 tag DKIM
listen on vio0 tls pki mail hostnames
listen on vio0 port 587 tls-require pki mail auth \
hostnames
# Actions
#
action "local" mda "/usr/local/bin/rspamc -d %{dest} --mime --exec
'/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest} -a
%{rcpt}'" alias
action "domain" mda "/usr/local/bin/rspamc -d %{dest} --mime --exec
'/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest} -a
%{rcpt}'" userbase virtual
action "dkim" relay host smtp://127.0.0.1:10027
action "relay" relay
# Incoming
#
match from any mail-from for any reject
match from local for local action "local"
match from any for domain action "domain"
# Outgoing
#
match tag DKIM for any action "relay"
match from local for any action "dkim"
match auth from any for any action "dkim"
#usrbase
m...@example.org 2000:2000:/var/vmail/example.org/matt
#virtuals
m...@example.org vmail
Thanks in advance,
Matt
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: TLS and relay
Hi Pete, I was just looking over the man page for smtpd.conf and there is a way to disable cert verification. There is also a match statement that, while it won't force the connection to be over TLS per se, it just won't allow the transaction to happen if it is not over TLS. action "action01" relay tls-noverify. match tls from domain "example.org" to any action "action01" Hope this helps some, Matt On Mon, Aug 27, 2018 at 8:42 AM Pete wrote: > > Hello, > > i'm trying to get my config up to speed before 6.4, but i wasn't > really able to figure out how to to what i wanted regarding relaying and > TLS. > > Currenly i have: > # Suckers > accept tagged OUT_OK from source for domain relay > # always enforce TLS for outbound > accept tagged OUT_OK from source for any relay tls > > This forces TLS on relay except for a few that don't support it. > In the new config there only seems to be tls no-verify to disable cert > verfication. How do i have to craft the action rules to to force or > disable TLS on relay? Is it even possible? > > > > Pete > > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Credentials Table
HI, Base on the feedback I am going to use the ‘file’ option for the credentials table in my smtpd.conf; table passed file:/etc/mail/passwd Thanks On 27 Aug 2018, at 5:24 pm, Matt Schwartz mailto:matt.schwart...@gmail.com>> wrote: I simply use the file type. For example: table credentials file:/etc/mail/credentials. I do it this way because it is the simplest form. All I have in the credentials file is username:password. Use smtpctl encrypt to generate the encrypted password for the user. Finally, use smtpctl update table credentials to tell smtpd about the changes. On Sun, Aug 26, 2018, 11:35 PM Antonino Sidoti wrote: Hi, When using a credentials table (man table), what table type do I use with regards to using the table in a smtpd.conf configuration? I have created this table in my smtpd.conf but I am not sure it is correct? table passwd file:/etc/mail/passwd Though I have seen a sample configuration from another site using a different table type; table passwd passwd:/etc/mail/passwd Reading the man page, it does not make any reference to the table type using ‘passwd’. It only talks about ‘file’ and ‘db’. Nino
Re: Credentials Table
I simply use the file type. For example: table credentials file:/etc/mail/credentials. I do it this way because it is the simplest form. All I have in the credentials file is username:password. Use smtpctl encrypt to generate the encrypted password for the user. Finally, use smtpctl update table credentials to tell smtpd about the changes. On Sun, Aug 26, 2018, 11:35 PM Antonino Sidoti wrote: > Hi, > > When using a credentials table (man table), what table type do I use with > regards to using the table in a smtpd.conf configuration? > > I have created this table in my smtpd.conf but I am not sure it is > correct? > > table passwd file:/etc/mail/passwd > > Though I have seen a sample configuration from another site using a > different table type; > > table passwd passwd:/etc/mail/passwd > > Reading the man page, it does not make any reference to the table type > using ‘passwd’. It only talks about ‘file’ and ‘db’. > > Nino
Re: Credentials Table
Good morning, n...@sidoti.id.au (Antonino Sidoti), 2018.08.27 (Mon) 05:35 (CEST): > Hi, > > When using a credentials table (man table), what table type do I use > with regards to using the table in a smtpd.conf configuration? Thats up to you: if you use "file" (recommended), then, upon table changes, you have to restart smtpd(8) to read the new contents OR use "smtpctl(8) update table ". If you use "db", then you have to run makemap(8) on your file, which produces a .db, which should be referenced in smtpd.conf. In this case after running makemap smtpd has the new contents. > I have created this table in my smtpd.conf but I am not sure it is > correct? > table passwd file:/etc/mail/passwd "passwd" would be the NAME of your table which you should use in your smtpd.conf if you want to auth, untested example, taken right from smtpd.conf(5): listen on egress auth > Though I have seen a sample configuration from another site using a > different table type; > table passwd passwd:/etc/mail/passwd > Reading the man page, it does not make any reference to the table type > using ‘passwd’. It only talks about ‘file’ and ‘db’. Nope! With OpenBSD software it's more like: If not in manual, then not in code. Neither table(5) nor smtpd.conf(5) contain the string "passwd". But you can use it as a name you want to use. Marcus -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
