Re: [OpenSMTPD] portable snapshot opensmtpd-201605221711p1 available
On Sun, 22 May 2016 17:17:53 +0200 (CEST), gilles chehade <gil...@poolp.org> said: | A new opensmtpd portable snapshot is available at: | http://www.opensmtpd.org/archives/opensmtpd-201605221711p1.tar.gz [...] | - bump version to 5.9.1, to be released in May Maybe you can update snapshot release/tag script to force update the SMTPD_VERSION in smtpd/smtpd.h, so it reflects the snapshot version (timestamp). Right now, this snapshot pretends to be 5.9.1, which is not accurate. If this is a valid request, I can open a PR. Thanks! -- Ashish SHUKLA “The two most common things in the Universe are hydrogen and stupidity.” (Harlan Ellison) Sent from my Emacs b��yǢ��m�+)[yƮ�쨹���r��y�h�+kiv��N�r��zǧu���[h�+��칻�&ޢ���kiv��
Re: OpenSMTPD and UUCP
On Wed, 17 Feb 2016 19:37:06 +0500, Sergey Yudin <berem...@gmail.com> said: | Hello guys! | I have unidirectional channel between 2 mail nodes. Only one node can | init a call. So UUCP seems to be a good option to transfer mail in | both directions. | But can you please show the way how to queue mail from OpenSMTPD to UUCP ? Did you try setting up OpenSMTPD in smarthost mode ? It's quite a common configuration, where people like to relay their local computer's email via Gmail, or their ISP's mail, or their own mail relay. -- Ashish SHUKLA “A novice had a problem and could not find a solution. "I know," said the novice, "I'll just use Perl!" The novice now had two problems.” (Erik Naggum) Sent from my Emacs signature.asc Description: PGP signature
Re: Package maintainers
On Fri, 9 Oct 2015 19:41:42 +0200, Gilles Chehade <gil...@poolp.org> said: | EHLO package maintainers, | It would be nice if we had a list and-or IRC channel to communicate with | you and synchronize before releases. | Should I setup something ? Sure, although I think there was an IRC channel #opensmtpd-releases which lasted for few releases, and you stopped hanging out there eventually ;) Setting up a list for the purpose seems like a good/better idea. Thanks! -- Ashish SHUKLA “He that teaches himself has a fool for a master.” (Benjamin Franklin) Sent from my Emacs signature.asc Description: PGP signature
Re: [OpenSMTPD] portable snapshot opensmtpd-201505091607p1 available
On Sat, 16 May 2015 17:41:48 +0200, Gilles Chehade gil...@poolp.org said: | On Mon, May 11, 2015 at 07:46:45PM +0530, Ashish SHUKLA wrote: || On Sat, 9 May 2015 16:13:02 +0200 (CEST), gilles chehade gil...@poolp.org said: || | A new opensmtpd portable snapshot is available at: || || | http://www.opensmtpd.org/archives/opensmtpd-201505091607p1.tar.gz || || | Checksum: || || | SHA256 (opensmtpd-201505091607p1.tar.gz) = || | 8722e8ce4f1e7796c75f170aa3ec63755b4a4220d2f1646244ab4cd76ab63fde || || | A summary of the content of this snapshot is available below. || || | Please test and let us know if it breaks something! || || Quite a few of following build errors: || || #v+ || ../../smtpd/config.c: In function 'init_pipes': || ../../smtpd/config.c:117: error: 'SOCK_NONBLOCK' undeclared (first use in this function) || ../../smtpd/config.c:117: error: (Each undeclared identifier is reported only once || ../../smtpd/config.c:117: error: for each function it appears in.) || #v- || || on FreeBSD 9.x and earlier versions, as SOCK_NONBLOCK is not present there. I || can ofcourse work-around these downstream, but wanted to give you guys a || heads-up. || | The commit that introduced this was reverted yesterday, you should be | able to build from git, the next snapshot will have the revert applied Great, thanks! | -- | Gilles Chehade | https://www.poolp.org @poolpOrg -- Ashish SHUKLA “Vengeance is mine; I will repay.” (Leo Tolstoy, Anna Karenina, (1875–1877)) Sent from my Emacs signature.asc Description: PGP signature
Re: [OpenSMTPD] portable snapshot opensmtpd-201505121836p1 available
On Tue, 12 May 2015 18:36:42 +0200 (CEST), gilles chehade gil...@poolp.org said: | A new opensmtpd portable snapshot is available at: | http://www.opensmtpd.org/archives/opensmtpd-201505121836p1.tar.gz | Checksum: | SHA256 (opensmtpd-201505121836p1.tar.gz) = | 42ccd5cd13377cc84e7040bf0e92a2277ef311c5c27d5dc731abed085a4e6507 | A summary of the content of this snapshot is available below. | Please test and let us know if it breaks something! Tested on FreeBSD 10.x with OpenSSL 1.0.2. Certificate verification which was unexpectedly failing with previous snapshot earlier, and seems to work as expected now. HTH -- Ashish SHUKLA “There was truth and there was untruth, and if you clung to the truth even against the whole world, you were not mad.” (George Orwell, Nineteen Eighty-Four, 1949) Sent from my Emacs signature.asc Description: PGP signature
Re: [OpenSMTPD] portable snapshot opensmtpd-201505091607p1 available
On Sat, 9 May 2015 16:13:02 +0200 (CEST), gilles chehade gil...@poolp.org said: | A new opensmtpd portable snapshot is available at: | http://www.opensmtpd.org/archives/opensmtpd-201505091607p1.tar.gz | Checksum: | SHA256 (opensmtpd-201505091607p1.tar.gz) = | 8722e8ce4f1e7796c75f170aa3ec63755b4a4220d2f1646244ab4cd76ab63fde | A summary of the content of this snapshot is available below. | Please test and let us know if it breaks something! Quite a few of following build errors: #v+ ../../smtpd/config.c: In function 'init_pipes': ../../smtpd/config.c:117: error: 'SOCK_NONBLOCK' undeclared (first use in this function) ../../smtpd/config.c:117: error: (Each undeclared identifier is reported only once ../../smtpd/config.c:117: error: for each function it appears in.) #v- on FreeBSD 9.x and earlier versions, as SOCK_NONBLOCK is not present there. I can ofcourse work-around these downstream, but wanted to give you guys a heads-up. HTH -- Ashish SHUKLA “Real computer scientists don't program in assembler. They don't write in anything less portable than a number two pencil.” Sent from my Emacs signature.asc Description: PGP signature
Re: Announce: OpenSMTPD 5.4.5 released
On Sun, 26 Apr 2015 09:00:24 -0700 (PDT), Richard rich...@aaazen.com said: | I'm building OpenSMTPD 5.4.5 on a Slackware Linux current (amd64) system | which has autoconf 2.69 and automake 1.14 (aclocal-1.14). | The configure gets an error because it seems to require automake 1.15 | but I have 1.14: | CDPATH=${ZSH_VERSION+.}: cd . /bin/sh | /tmp/SBo/opensmtpd-5.4.5p1/missing aclocal-1.15 -I m4 | /tmp/SBo/opensmtpd-5.4.5p1/missing: line 81: aclocal-1.15: command not | found | WARNING: 'aclocal-1.15' is missing on your system. | You should only need it if you modified 'acinclude.m4' or | 'configure.ac' or m4 files included by 'configure.ac'. | The 'aclocal' program is part of the GNU Automake package: | http://www.gnu.org/software/automake | It also requires GNU Autoconf, GNU m4 and Perl in order to run: | http://www.gnu.org/software/autoconf | http://www.gnu.org/software/m4/ | http://www.perl.org/ | make: *** [aclocal.m4] Error 127 | There is a simple work around though and I can get a clean build if I do | this just before the configure: | touch aclocal.m4 Makefile.in #v+ find opensmtpd-5.4.5p1 -type f -name 'Makefile.in' |xargs touch \ opensmtpd-5.4.5p1/aclocal.m4 opensmtpd-5.4.5p1/Makefile.in \ opensmtpd-5.4.5p1/config.h.in opensmtpd-5.4.5p1/configure #v- is what I am using to avoid depending on autotools. HTH -- Ashish SHUKLA “If the master dies and the disciple grieves, the lives of both have been wasted.” Sent from my Emacs signature.asc Description: PGP signature
Re: Announce: OpenSMTPD 5.4.5 released
On Mon, 20 Apr 2015 12:29:01 +0300, Török Edwin ed...@etorok.net said: | On 04/20/2015 12:24 PM, Gilles Chehade wrote: || ||| Also I noticed there are no _git_ tags present for the releases in ||| OpenSMTPD/OpenSMTPD git mirror, although I did notice some github specific ||| thing[1], via IRC notifications. ||| || || There seems to be a problem with github, the git command has a correct view || of tags on github, but the web interface doesn't :-/ || | This part of the webinterface shows them correctly (but the dropdown on the mainpage doesn't), and if I do a git pull --tags I get them: | https://github.com/OpenSMTPD/OpenSMTPD/tags Thanks! I see tags now. '--tags' is what I was missing. -- Ashish SHUKLA “I often quote myself; it adds spice to my conversation.” (George Bernard Shaw) Sent from my Emacs signature.asc Description: PGP signature
Re: Announce: OpenSMTPD 5.4.5 released
On Sun, 19 Apr 2015 22:35:55 +0200, Gilles Chehade gil...@poolp.org said: | OpenSMTPD 5.4.5 has just been released. | OpenSMTPD is a FREE implementation of the SMTP protocol with some common | extensions. It allows ordinary machines to exchange e-mails with systems | speaking the SMTP protocol. It implements a fairly large part of RFC5321 | and can already cover a large range of use-cases. | It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, OSX and Linux. | The archives are now available from the main site at www.OpenSMTPD.org | We would like to thank the OpenSMTPD community for their help in testing | the snapshots, reporting bugs, contributing code and packaging for other | systems. | This is a minor release with bugfixes only. | New features since last stable release (5.4.4): | === | * remove a hack introduced a very long time ago and which leads | to a crash when OpenSMTPD is built with gcc's FORTIFY option. | * fix a getlogin()-related issue leading to invalid sender when | an application enqueues mail on behalf of a user. | * fix a logic error in the SNI code leading to [1]: | - possible unexpected disconnect of some clients; | - possible invalid SNI certificate being presented to some clients; | - possible crash of the daemon. Hi, Thanks for the new release. I've couple of issues with this portable release tarball: - Not bootstrapped, aka no configure script present - Outdated/misleading options which don't do anything (since 5.4.4), yet are still present: --with-experimental-* Also I noticed there are no _git_ tags present for the releases in OpenSMTPD/OpenSMTPD git mirror, although I did notice some github specific thing[1], via IRC notifications. References: [1] https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/opensmtpd-5.4.5p1 Thanks! -- Ashish SHUKLA “The energy produced by the breaking down of the atom is a very poor kind of thing. Anyone who expects a source of power from the transformation of these atoms is talking moonshine.” (Ernest Rutherford, after he had split the atom for the first time) Sent from my Emacs signature.asc Description: PGP signature
Re: SSL: fatal access denied with opensmtpd on freebsd
On Mon, 16 Feb 2015 15:20:48 -0300, Hugo Osvaldo Barrera h...@barrera.io said: | On 2015-02-16 19:19, Ashish SHUKLA wrote: || Since this fails at SSL/TLS negotiation, I would try connecting via each || protocol to figure out where it's failing: || || --8---cut here---start-8--- || for i in ssl3 tls1 tls1_1 tls1_2; do || echo || echo $i || echo || echo QUIT |openssl s_client -quiet -CAfile \ || /usr/local/share/certs/ca-root-nss.crt -$i -connect $hostname:25 \ || -starttls smtp || done || --8---cut here---end---8--- || || If it only happens with SSLv3, then I guess it's due to SSLv3 support being || disabled in codebase. || || HTH | I'm only getting an error validating the issuer (which I believe is emited | client-side, right?). But I'm not sure why my local installation is searching | for the CAs in that location: | | ssl3 | | 140396859192976:error:02001002:system library:fopen:No such file or directory:bss_file.c:168:fopen('/usr/local/share/certs/ca-root-nss.crt','r') | 140396859192976:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:171: | 140396859192976:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:253: | 140396859192976:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1456:SSL alert number 40 | 140396859192976:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:644: | | tls1 | | 139719128671888:error:02001002:system library:fopen:No such file or directory:bss_file.c:168:fopen('/usr/local/share/certs/ca-root-nss.crt','r') | 139719128671888:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:171: | 139719128671888:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:253: | depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 1 Primary Intermediate Server CA | verify error:num=20:unable to get local issuer certificate | 250 HELP | 221 2.0.0: Bye | read:errno=0 | | tls1_1 | | 140657221531280:error:02001002:system library:fopen:No such file or directory:bss_file.c:168:fopen('/usr/local/share/certs/ca-root-nss.crt','r') | 140657221531280:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:171: | 140657221531280:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:253: | depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 1 Primary Intermediate Server CA | verify error:num=20:unable to get local issuer certificate | 250 HELP | 221 2.0.0: Bye | read:errno=0 | | tls1_2 | | 140242839791248:error:02001002:system library:fopen:No such file or directory:bss_file.c:168:fopen('/usr/local/share/certs/ca-root-nss.crt','r') | 140242839791248:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:171: | 140242839791248:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:253: | depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 1 Primary Intermediate Server CA | verify error:num=20:unable to get local issuer certificate | 250 HELP | 221 2.0.0: Bye | read:errno=0 | Server-side output: | Feb 16 18:02:53 hydrogen smtpd[98431]: smtp-in: New session 51d510206fc35c4a from host hyperion.barrera.io [190.210.108.249] | Feb 16 18:02:53 hydrogen smtpd[98431]: smtp-in: Disconnecting session 51d510206fc35c4a: IO error: error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number | Feb 16 18:02:54 hydrogen smtpd[98431]: smtp-in: New session 51d510255c37bd0f from host athena.barrera.io [190.210.108.249] | Feb 16 18:02:55 hydrogen smtpd[98431]: smtp-in: Started TLS on session 51d510255c37bd0f: version=TLSv1/SSLv3, cipher=ECDHE-RSA-AES256-SHA, bits=256 | Feb 16 18:02:55 hydrogen smtpd[98431]: smtp-in: Closing session 51d510255c37bd0f | Feb 16 18:02:56 hydrogen smtpd[98431]: smtp-in: New session 51d5102a1953d775 from host athena.barrera.io [190.210.108.249] | Feb 16 18:02:57 hydrogen smtpd[98431]: smtp-in: Started TLS on session 51d5102a1953d775: version=TLSv1/SSLv3, cipher=ECDHE-RSA-AES256-SHA, bits=256 | Feb 16 18:02:57 hydrogen smtpd[98431]: smtp-in: Closing session 51d5102a1953d775 | Feb 16 18:02:58 hydrogen smtpd[98431]: smtp-in: New session 51d5102f86107152 from host athena.barrera.io [190.210.108.249] | Feb 16 18:02:59 hydrogen smtpd[98431]: smtp-in: Started TLS on session 51d5102f86107152: version=TLSv1/SSLv3, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256 | Feb 16 18:02:59 hydrogen smtpd[98431]: smtp-in: Closing session 51d5102f86107152 | # | If I'm mistaken and the error is emited server-side, then that file *does
Re: SSL: fatal access denied with opensmtpd on freebsd
On Mon, 16 Feb 2015 04:37:55 -0300, Hugo Osvaldo Barrera h...@barrera.io said: | Hi, | I've been tasked with setting up a FreeBSD-based email server. | I've come across an issue, giving an error stating fatal access denied when | attempting to initiate TLS connections (either smtps or with starttls). | The certificates work fine on a test OpenBSD host, so they're not the issue. | I'm amused that both dovecot *and* opensmtpd show almost identical issue, and | suspect that something openssl related might be broken. | debug: smtp: new client on listener: 0x8024eb000 | smtp-in: New session 6f9022aa19efcad6 from host athena.barrera.io [190.210.108.249] | debug: lka: looking up pki mail.asteq.com.ar | debug: session_start_ssl: switching to SSL | debug: pony: rsae_priv_enc | debug: SSL library error: io_dispatch_accept_ssl:SSL_accept: error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied | smtp-in: Disconnecting session 6f9022aa19efcad6: IO error: error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied | debug: smtp: 0x802501000: deleting session: IO error Since this fails at SSL/TLS negotiation, I would try connecting via each protocol to figure out where it's failing: --8---cut here---start-8--- for i in ssl3 tls1 tls1_1 tls1_2; do echo echo $i echo echo QUIT |openssl s_client -quiet -CAfile \ /usr/local/share/certs/ca-root-nss.crt -$i -connect $hostname:25 \ -starttls smtp done --8---cut here---end---8--- If it only happens with SSLv3, then I guess it's due to SSLv3 support being disabled in codebase. HTH -- Ashish SHUKLA “SQL, Lisp, and Haskell are the only programming languages that I've seen where one spends more time thinking than typing.” (Phillip Greenspun) Sent from my Emacs signature.asc Description: PGP signature
Re: Should we use DKIM and SPF?
On Sat, 19 Apr 2014 08:26:59 +0200, Martin Braun yellowgoldm...@gmail.com said: Hi I was thinking about adding DKIM and SPF to my OpenSMTPD setup as I have previously run with those, but I am in doubt. I am thinking about the worth of those technologies? I used to think SPF was a good idea, but SPF fails if someone forwards email to another server. Then the forwarding server is not listed in the SPF entry and the destination mail server will reject the email. SRS[1][2]. References: [1] http://www.openspf.org/SRS [2] http://www.libsrs2.org/ HTH -- Ashish SHUKLA “The three most dangerous things in the world are a programmer with a soldering iron, a hardware type with a program patch and a user with an idea.” (The Wizardry Compiled by Rick Cook) Sent from my Emacs signature.asc Description: PGP signature
Re: Permissions for LMTP UNIX domain socket
On Wed, 05 Mar 2014 13:25:34 +0100, Michael Neumann mneum...@ntecs.de said: Hi, I am having problems to let OpenSMTPD directly talk with dovecot via an LMTP UNIX domain socket. The domain socket is created with _smtpd:_smtpd 0660 permissions: # ls -la /var/run/dovecot/lmtp srw-rw 1 _smtpd _smtpd 0 Mar 4 12:06 /var/run/dovecot/lmtp But somehow the smtpd process can't access it. It shows a smtpd: couldn't establish connection: Permission denied in the output of `smtpctl show queue`. It is working if I give it read/write permissions for everyone (0666). Which permissions should it have? I also tried to give it _smtpq:_smtpd permissions (or root:wheel), but both failed. I am a bit lost here because I don't know which process opens the socket. Can someone enlighten me? :) That's because LMTP delivery (like all delivery backends) work by setuid-ing to the recipient user so the actual delivery takes place in the context of recipient user. So, 666 seems like a workaround, or switch to delivery over TCP/IP. I think a fix would be to distinguish between which delivery backend needs to be setuid'd to the recipient user, so that socket based delivery methods which don't need setuid'd don't actually get setuid'd and get into this issue. HTH -- Ashish SHUKLA “I know what you're thinking -- Did he fire six shots or only five? Well, to tell you the truth, in all the excitement, I kind of lost track myself. But being this is a .44 Magnum, the most powerful handgun in the world, and would blow your head clean off, you've got to ask yourself one question: Do I feel lucky? Well, do you, punk?” (Harry Callahan, badge #2211) Sent from my Emacs signature.asc Description: PGP signature
Re: Permissions for LMTP UNIX domain socket
On Wed, 05 Mar 2014 13:56:06 +0100, Michael Neumann mneum...@ntecs.de said: Am 05.03.2014 13:41, schrieb Ashish SHUKLA: On Wed, 05 Mar 2014 13:25:34 +0100, Michael Neumann mneum...@ntecs.de said: Hi, I am having problems to let OpenSMTPD directly talk with dovecot via an LMTP UNIX domain socket. The domain socket is created with _smtpd:_smtpd 0660 permissions: # ls -la /var/run/dovecot/lmtp srw-rw 1 _smtpd _smtpd 0 Mar 4 12:06 /var/run/dovecot/lmtp But somehow the smtpd process can't access it. It shows a smtpd: couldn't establish connection: Permission denied in the output of `smtpctl show queue`. It is working if I give it read/write permissions for everyone (0666). Which permissions should it have? I also tried to give it _smtpq:_smtpd permissions (or root:wheel), but both failed. I am a bit lost here because I don't know which process opens the socket. Can someone enlighten me? :) That's because LMTP delivery (like all delivery backends) work by setuid-ing to the recipient user so the actual delivery takes place in the context of recipient user. So, 666 seems like a workaround, or switch to delivery over TCP/IP. Thanks! Does that also mean it will spawn a separate process each time it delivers an email via LMTP? Correct, that's how it works atm. -- Ashish SHUKLA “The only thing that saves us from the bureaucracy is inefficiency. An efficient bureaucracy is the greatest threat to liberty.” (Eugene McCarthy) Sent from my Emacs signature.asc Description: PGP signature
Re: RFC: package maintainers
Hi, On Sat, 26 Oct 2013 10:11:08 -0400, Ryan Kavanagh r...@debian.org said: [...] 2) Add an additional option specifying the subdirectory under which opensmtpd-specific config files should go, say localconfdir, which defaults to %(sysconfdir)/opensmtpd/: a) Install aliases to %(sysconfdir) b) Install all other config files to %(localconfdir). I like this 2nd approach. ATM, FreeBSD port which I maintain patches OpenSMTPD to use $PREFIX/etc/mail for its configuration. The reason would be to keep all OpenSMTPD related configuration files (minus aliases) in one directory. Thanks for bringing this, and like Ryan, I would also prefer to keep downstream customizations/patches as less as possible. Thanks -- Ashish SHUKLA “The Ministry of Peace concerns itself with war, the Ministry of Truth with lies, the Ministry of Love with torture, and the Ministry of Plenty with starvation.” (George Orwell, Nineteen Eighty-Four, 1949) Sent from my Emacs signature.asc Description: PGP signature
Re: propaganda
On Tue, 6 Aug 2013 15:50:57 +0200, Gilles Chehade gil...@poolp.org said: On Tue, Aug 06, 2013 at 07:40:49PM +0600, Denis Fateyev wrote: Congrats! Among the popularity, it brings more tests in production environment, testers and people involved overall. Yes and what really makes me happy is that their configuration file is below 10 lines ;-) but is in English ;-) -- Ashish SHUKLA “The future is not google-able.” (William Gibson, 2004-02-05) Sent from my Emacs signature.asc Description: PGP signature
FreeBSD Port: mail/opensmtpd-devel
Hi everyone, For FreeBSD users, I've added another port for OpenSMTPD, i.e. mail/opensmtpd-devel[1] which uses the development snapshots released by OpenSMTPD team. It'll also provide the experimental features (atm. MySQL, Postgres, SQLite table backends), which aren't in stable port (mail/opensmtpd), which uses released versions. If you observe any FreeBSD specific issues, feel free to email me, or file a PR[2]. References: [1] http://svnweb.freebsd.org/ports/head/mail/opensmtpd-devel/ [2] http://www.freebsd.org/send-pr.html Thanks -- Ashish SHUKLA “It is rare that one can see in a little boy the promise of a man, but one can almost always see in a little girl the threat of a woman.” (Alexandre Dumas) Sent from my Emacs signature.asc Description: PGP signature