Re: Dropping Connections Upon Connect
> On 28 Jul 2023, at 20:06, Stuart D Gathman wrote: > > On Wed, 19 Jul 2023, Pete Long wrote: > >> The filter ‘works’ in the sense that I get “421 Internal Server Error” >> when something matches my regex table. > > That's more likely to discourage the spammer than any rant you might > supply instead. :-) > > But maybe you want to provide a channel for false positives to appeal > the rejection. Good point, no chance of further deliveries being successful due to a configuration error. Yes I could and perhaps should give more info. Thanks. Pete.
Re: Dropping Connections Upon Connect
Hi, I seem to have resolved the issue but time will tell. Using my AOL account as a test, I amended the filter line in smtpd.conf so it read “550 Connection dropped.” *I didn’t put the SMTP error code in before. After doing so, it seems to have resolved the issue.* Here’s the command I used for debugging: smtpd -dv -T all >smtpd.log 2>&1 After sending a couple test mails, I saw this entry in the ’smtpd.log’: lookup: match "sonic304-56.consmr.mail.bf2.yahoo.com" as REGEX in table static:rejecthost -> true 013352e3bbdd5118 filters protocol phase=ehlo, resume=n, action=disconnect, filter=hostrejects, query=sonic304-56.consmr.mail.bf2.yahoo.com, response=550 Connection dropped. I used the same regular expression syntax as shown below ie. ^.*.yahoo.com$ Cool! Pete. > On 19 Jul 2023, at 20:18, Pete Long wrote: > > Hi all, > > Need some help here. > > I would like to find a way to drop connections (with an arbitrary message) > without having to wait for the connecting clients to issue anything at all. > > Here’s my configuration line in /etc/mail/smtpd.conf in OpenBSD 7.3 running > OpenSMTPD 7.0.0: > > filter hostrejects phase ehlo match helo regex disconnect > "Connection dropped.” > > > The filter ‘works’ in the sense that I get “421 Internal Server Error” when > something matches my regex table. > > > Here’s the format of one line in my table: > > ^.*.prod-infinitum.com.mx$ > > > Have I screwed up the regex, the config line or both? > > Please let me know if you require further information. > > Thanks for your time. > > > > Pete. > >
Dropping Connections Upon Connect
Hi all, Need some help here. I would like to find a way to drop connections (with an arbitrary message) without having to wait for the connecting clients to issue anything at all. Here’s my configuration line in /etc/mail/smtpd.conf in OpenBSD 7.3 running OpenSMTPD 7.0.0: filter hostrejects phase ehlo match helo regex disconnect "Connection dropped.” The filter ‘works’ in the sense that I get “421 Internal Server Error” when something matches my regex table. Here’s the format of one line in my table: ^.*.prod-infinitum.com.mx$ Have I screwed up the regex, the config line or both? Please let me know if you require further information. Thanks for your time. Pete.
Re: Remove the first Received header
On Thu, Jan 26, 2023 at 10:58:18PM +0100, Joel Carnat wrote: > Hi, > > When using smtpd as a mail gateway and authenticating from various > desktop/mobile clients, the first Received header always references the > client host, ip, fqdn, etc. Some (maybe stupid) SMTP servers seem to > consider these information when doing SPAM checks so you end getting > blacklisted because the mail comes from a user IP-range and IP is not > referenced in SPF... > > Not sure it even makes sense and/or break SMTP RFCs but, is there a way to > tell smtpd to not include that first "user connection" in the mail headers? Hi Joel, listen on bge0 port submission tls-require pki mydomain.tld auth \ hostname mydomain.tld mask-src The mask-src option does the trick for me. Pete.
Re: Changing Log Messages
Hi, it says right there in the message... Line 13 and 26 in /usr/local/etc/mail/smtpd.conf > service smtpd restart > Performing sanity check on smtpd configuration: > /usr/local/etc/mail/smtpd.conf:13: syntax error > /usr/local/etc/mail/smtpd.conf:26: syntax error > - > Any idea where the syntax error is created > Regards > Hagen.
Re: Changing Log Messages
Hi, the best is probably to implement a custom report ing filter that fits you needs. http://man.openbsd.org/man7/smtpd-filters.7 > Hi, > i would like to use crowdsec to evaluate my mail logs. My current idea is to > block all users that try to login on port 25 > ``` > smtp connected address=43.zzz.yy.xx host= > smtp failed-command command="AUTH LOGIN" result="503 5.5.1 Invalid command: > Command not supported" > ``` > So the trigger is line 2 but the ip address is in line 1 > Unfortunately there seems to be no way for crowdsec parser to evaluate 2 lines > Is there any chance or idea how I could change the logs to include the > address in line 2 > Regards > Hagen Bauer
Re: Another Logging Query
On Wed, Mar 23, 2022 at 11:55:16PM +0200, Reio Remma wrote: > On 23.03.2022 23:41, Pete Long wrote: > > Hi all, > > > > When I run the following command, I see lots of useful information about > > what's happening with OpenSMTPD; particularly with filters. > > > > smtpd -dv -Tlookup > > > > However, I can't seem to find a way to capture the output to a file. I've > > tried 'tee' but my syntax is probably wrong. > > > > Does the command above log events on a different level or are they > > ephemeral? > > > iirc you can also force the running daemon to log to maillog or whatever > it's logging to using 'smtpctl trace lookup' ('smtpctl untrace' to stop), > also 'smtpctl log verbose' and 'smtpctl log brief' might come handy. Thanks again Reio, I'll give that command a try. Pete. smime.p7s Description: S/MIME cryptographic signature
Re: Filter Logging
On Mon, Mar 21, 2022 at 03:58:23PM +0200, Reio Remma wrote: > On 21.03.2022 15:54, Pete Long wrote: > > Hi all, > > > > I have a filter defined in smtpd.conf which looks like the following: > > > > filter rejects phase data match mail-from \ > > disconnect "550 Policy enforcement." > > > > The referenced table contains a list of addresses in the following > > formats: > > > > @dailynuisance.tld > > bigmarketing.tld > > @weneverunsubsribeanyone.tld > > > > First of all, are these valid formats for the filter? > > I see I've set up blacklists with a table like this: > > match \ > from any \ > for any \ > mail-from \ > reject Thanks Reio, that's nice and simple. I'll give that a try. For some reason, I've always placed reject lists in a filter which are are referenced in a 'listen on' line. Perhaps its time for a change :) Pete. smime.p7s Description: S/MIME cryptographic signature
Filter Logging
Hi all, I have a filter defined in smtpd.conf which looks like the following: filter rejects phase data match mail-from \ disconnect "550 Policy enforcement." The referenced table contains a list of addresses in the following formats: @dailynuisance.tld bigmarketing.tld @weneverunsubsribeanyone.tld First of all, are these valid formats for the filter? Secondly, this filter seems to be working well but I don't see any other information in the logs except the 550 and whatever rejection message I've used. I chose the data phase as I previously had a similar filter which acted earlier on in the SMTP transaction but which didn't seem reject all required addresses. I've since stupidly deleted this filter so I cannot be more precise. So to summarise, how can I see more information from my current filter and am I using the correct syntax in the first place for the referenced table? Thanks for your time. Pete. smime.p7s Description: S/MIME cryptographic signature
Re: mutt can't send emails via localhost 25 with error 503 5.5.1
On Sun, Mar 06, 2022 at 02:28:54PM +0100, Jiri Navratil wrote: > Hi, > > I'm using notebook with OpenBSD and every email from mail and from mutt > goes firstly to OpenSMTPD on localhost and then are relayed to my > server with static IP. > > I have been using in OpenBSD 6.7 for mutt > > set smtp_url="smtp://127.0.0.1" > > but after switch to OpenBSD 7.0, I'm getting from OpenSMTPD > > SMTP session failed: 503 5.5.1 Invalid command: Command not supported [...] Hi Jiri, I have a slightly different configuration but all hosts are on the LAN. Here are what I believe to be the relevant config lines for Mutt. I'm using the same version as yourself: Mutt 2.1.3 (2021-09-10), which is running on OpenBSD 7.0. OpenSMTPD is version 7.0.0. set smtp_url = "smtp://ch...@chunkymonkey.tld:587/" set smtp_pass = "superpassw0rd" set ssl_starttls=yes set ssl_verify_host=no Pete. smime.p7s Description: S/MIME cryptographic signature
opensmtpd-filter-dnsbl
Hi all, I hope this is ok but I just wanted to say thanks to the developer of 'opensmtpd-filter-dnsbl' whom I believe is Martijn van Duren. This filter is superb and just what I was looking for in order to use the great resource that is Spamhaus. I can't seem to find a personal email address on the following site so that's why I'm saying thanks on the list: https://openports.pl/path/mail/opensmtpd-filters/dnsbl Here's how I've used it in my smtpd.conf on OpenBSD 7.0: filter dnsbl proc-exec "filter-dnsbl -mv zen.spamhaus.org" listen on em0 tls pki mydomain.tld \ hostname mydomain.tld filter { check_rdns, dnsbl } I will shortly remove the -m flag which just adds headers rather than rejecting the mail. Pete. smime.p7s Description: S/MIME cryptographic signature
Re: dkimsign doesn't sign message sent from mail command
Hey, > listen on vio1 filter "dkimsign_rsa" > match from any for any action "outbound" doesn't that make your box an open relay? I gather this is an vm, but still...
Re: OpenSMTPd: Ignoring /etc/hosts file?
Hey, > in my smtpd.conf file I have "relay smtps://host.domain.tld" to be sure the whole smtpd.conf would be useful. Although it looks like wrong syntax. Should probably be "relay host smtps://x.y.z"
[Solved] Submission Creds Only Accepted on LAN?
Hi all, I now have authenticated submission on port 587 working regardless of whether the connecting host has a PTR record. Here are the steps taken: 1) Built OpenSMTPd and associated software from ports on FreeBSD 13. 2) Wiped my iPhone and configured my mail account again. This log excerpt is from my phone this morning: smtp connected address=85.255.235.74 host= Aug 15 08:46:41 [redacted] smtp tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256 Aug 15 08:46:42 [redacted] smtpd [redacted] smtp authentication user=pete result=ok I'm not really sure if I have configured anything different by using ports (I used 'pkg install' previously on another server) but all is good. I have a suspicion that it was actually my phone which was causing the issue. Here are my notes which I hope will help. https://valar.uk.net/smtpd-valar.conf Pete. smime.p7s Description: S/MIME cryptographic signature
Fwd: Submission Creds only Accepted on LAN?
> Begin forwarded message: > > From: Pete Long > Subject: Re: Submission Creds only Accepted on LAN? > Date: 8 August 2021 at 21:04:41 BST > To: misc@opensmtpd.org > > >> On 8 Aug 2021, at 19:55, Reio Remma wrote: >> >> On 08.08.2021 21:53, Pete Long wrote: >>> Hi Reio, >>> >>> Yes it's set with SSL (as Apple's iPhone mail app shows) on port 587. The >>> authentication method is 'password'. >> >> Do you see from smtpd logs that a connection is made and credentials fail? > > Here's the output from 'smtpd -dv -Tlookup' when using my mobile phone: > > > debug: smtpd: offline scanning done > 93d95e59d30926fa smtp connected address=148.252.132.246 host= > debug: looking up pki "mydomain.tld" > debug: session_start_ssl: switching to SSL > debug: pony: rsae_priv_enc > 93d95e59d30926fa smtp tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256 > smtp: 0x800ed5000: smtp_cert_verify_cb: no-client-cert > 93d95e59d30926fa smtp authentication user=pete result=permfail > 93d95e59d30926fa smtp failed-command command="AUTH PLAIN (...)" result="535 > Authentication failed" > 93d95e59d30926fa smtp disconnected reason=disconnect > > > Here's the output when I send on my LAN (same debug command): > > debug: looking up pki "mydomain.tld" > debug: session_start_ssl: switching to SSL > debug: pony: rsae_priv_enc > 93d95e5a86cc1911 smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 > smtp: 0x800ed5000: smtp_cert_verify_cb: no-client-cert > 93d95e5a86cc1911 smtp authentication user=pete result=ok > lookup: match "10.1.2.3" as NETADDR in table static: -> true > lookup: match "outlook.com" as DOMAIN in table static: -> true > > > I don't see the 'lookup: match' lines in the log output when sending from my > phone for some reason. > > > Pete. > As an update and my conclusion for now, submission auth works if there is a PTR record for the connecting IP address (at least with my config). I created a test account and used the very helpful https://www.smtper.net site (which of course has PTR records) to successfully send an email to an outside domain via my OpenSMTP server. I can live with that for now. Pete. smime.p7s Description: S/MIME cryptographic signature
Re: Submission Creds only Accepted on LAN?
> On 8 Aug 2021, at 19:55, Reio Remma wrote: > > On 08.08.2021 21:53, Pete Long wrote: >> Hi Reio, >> >> Yes it's set with SSL (as Apple's iPhone mail app shows) on port 587. The >> authentication method is 'password'. > > Do you see from smtpd logs that a connection is made and credentials fail? Here's the output from 'smtpd -dv -Tlookup' when using my mobile phone: debug: smtpd: offline scanning done 93d95e59d30926fa smtp connected address=148.252.132.246 host= debug: looking up pki "mydomain.tld" debug: session_start_ssl: switching to SSL debug: pony: rsae_priv_enc 93d95e59d30926fa smtp tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256 smtp: 0x800ed5000: smtp_cert_verify_cb: no-client-cert 93d95e59d30926fa smtp authentication user=pete result=permfail 93d95e59d30926fa smtp failed-command command="AUTH PLAIN (...)" result="535 Authentication failed" 93d95e59d30926fa smtp disconnected reason=disconnect Here's the output when I send on my LAN (same debug command): debug: looking up pki "mydomain.tld" debug: session_start_ssl: switching to SSL debug: pony: rsae_priv_enc 93d95e5a86cc1911 smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 smtp: 0x800ed5000: smtp_cert_verify_cb: no-client-cert 93d95e5a86cc1911 smtp authentication user=pete result=ok lookup: match "10.1.2.3" as NETADDR in table static: -> true lookup: match "outlook.com" as DOMAIN in table static: -> true I don't see the 'lookup: match' lines in the log output when sending from my phone for some reason. Pete. smime.p7s Description: S/MIME cryptographic signature
Re: Submission Creds only Accepted on LAN?
Hi Reio, Yes it's set with SSL (as Apple's iPhone mail app shows) on port 587. The authentication method is 'password'. Pete. > On 8 Aug 2021, at 19:46, Reio Remma wrote: > > Hello! > > Is your phone configured to submit to port 587? > > Good luck > Reio > > > On 08.08.2021 20:56, Pete Long wrote: >> Oops, I hope this is now visible. >> >> >> Pete. >> >> >>> Begin forwarded message: >>> >>> From: Pete Long >>> Subject: Submission Creds only Accepted on LAN? >>> Date: 8 August 2021 at 18:46:49 BST >>> To: misc+h...@opensmtpd.org >>> >>> Hi, >>> >>> I've just begun using OpenSMTP and find it fascinating with its speed and >>> simplicity. >>> >>> All is working fine except for one issue I can't fix. If I send email from >>> my computer to the OpenSMTP server on my LAN, the creds used for submission >>> work fine. >>> >>> However if I try the same thing from my phone over a 3G connection, the >>> same creds fail. The username/password used is the same as my user account >>> on the VMWare virtual server with FreeBSD 13.0 installed on which OpenSMTP >>> is running ie. no seperate maps. >>> >>> Here's the line in smtpd.conf that I think is relevant: >>> >>> listen on em0 port submission filter { rspamd } tls-require pki >>> mydomain.tld auth hostname mydomain.tld mask-src >>> >>> All outbound mail passes through a smart host as per this line: >>> >>> action "relay" relay host smtp+tls://myauthla...@smarthost.provider.tld:25 >>> auth helo mydomain.tld >>> >>> By the way, I've tried removing the 'filter { rspamd }' section but the >>> same result occurs: non-LAN submission attempts 'permfail' with the same >>> creds that work on a LAN connection. >>> >>> Can anyone help me here? >>> >>> Let me know if you require more information. >>> >>> >>> Thanks. >>> >>> >>> Pete. >> > smime.p7s Description: S/MIME cryptographic signature
Submission Creds only Accepted on LAN?
Oops, I hope this is now visible. Pete. > Begin forwarded message: > > From: Pete Long > Subject: Submission Creds only Accepted on LAN? > Date: 8 August 2021 at 18:46:49 BST > To: misc+h...@opensmtpd.org > > Hi, > > I've just begun using OpenSMTP and find it fascinating with its speed and > simplicity. > > All is working fine except for one issue I can't fix. If I send email from my > computer to the OpenSMTP server on my LAN, the creds used for submission work > fine. > > However if I try the same thing from my phone over a 3G connection, the same > creds fail. The username/password used is the same as my user account on the > VMWare virtual server with FreeBSD 13.0 installed on which OpenSMTP is > running ie. no seperate maps. > > Here's the line in smtpd.conf that I think is relevant: > > listen on em0 port submission filter { rspamd } tls-require pki mydomain.tld > auth hostname mydomain.tld mask-src > > All outbound mail passes through a smart host as per this line: > > action "relay" relay host smtp+tls://myauthla...@smarthost.provider.tld:25 > auth helo mydomain.tld > > By the way, I've tried removing the 'filter { rspamd }' section but the same > result occurs: non-LAN submission attempts 'permfail' with the same creds > that work on a LAN connection. > > Can anyone help me here? > > Let me know if you require more information. > > > Thanks. > > > Pete. smime.p7s Description: S/MIME cryptographic signature
Re: max-message-size
You're right. After a second thought i guess it's not a very good idea.
Re: max-message-size
Would it be possible to add an max-msgsize option to the match clause to get the desired result?
Re: Filter issue
>It seems that the reality is "Finally, a number of decisions must >(mandatory) be taken:" Well sure. A decison has to be made. > filter whitelist \ > chain { test-rdns , test-fcrdns } \ > bypass Is this even valid syntax? AFAIR the decision needs to be specified with the filter. I think it should be something along those lines: filter "white-rdns" phase connect match rdns bypass filter "white-fcrdns" phase connect match fcrdns bypass filter "dnsbl" proc-exec "filter-dnsbl" filter "inbound" chain { "white-rdns","white-fcrdns","dnsbl" } Not sure, what exaclty you are trying to accomplish. Maybe you should post more of your config or intention what you're trying to achieve.
Re: Filter issue
Hey, AFAIK it is not. But you can always chain filters like filter "rdns" phase connect match !rdns disconnect "550 rDNS check failed" filter "fcrdns" phase connect match !fcrdns disconnect "550 fc-rDNS check failed" filter "inbound" chain { "rdns","fcrdns" } > filter whitelist \ > phase connect \ > match rdns \ > match fcrdns \ > bypass > When I test smtpd.conf with "smtpd -n", I get an error on the line "match > fcrdns". > Is it not possible to chain multiple matches in a single filter ?
Re: how to reject a spoofed "From: " address?
Hi, > EMails with a spoofed "From: " address in the EMail header, > matching my own domain? AFAIR the only way to achieve that is a custom filter. > match from any mail-fromfor any reject > match mail-from for any reject These just look at the MAIL FROM in the envelope.
Re: Usage example for filter-dnsbl
Hey, I use the dnsbl filter from umaxx.net so i don't know that specific filter, but something along those lines should do: filter "dnsbl" proc-exec "filter-dnsbl" my.dnsblprovider.com listen on egress filter dnsbl > Hey, > i installed the filter "filter-dnsbl" from here > (http://imperialat.at/dev/filter-dnsbl/) and now i want to add it to my > config. However, i have to admit i have no idea how to do that? In what > "phase" should i put this filter? I looked around but i found a couple > of outdated blog posts on filters, but nothing current. I also read thru > here > (https://github.com/openbsd/src/blob/master/usr.sbin/smtpd/smtpd-filters.7), > but i found nothing. > If someone of you has a working example on how to use that filter, could > you please be so kind and send it to me? > Thanks so much and greetings > Leo
Re: Filter trustee src bypass - syntax error
Hi, filter ... bypass is not a valid syntax in 6.6 release. I assume it will be in 6.7. > Dear all, > Hi! This is the first time I'm posting to this mailinglist. English is > not my native language, so if I'm not making sense, then accept my > apologies. > First of all I would like to tell @Gilles and others that I love > opensmtpd. I've used it now for like two years and I like it way better > than postfix. > I'm trying to setup a filter bypass. I've looked at the example Gilles > has provided on his website. > *** > smtpd.conf > *** > table file:/etc/mail/trustedip > filter trusted phase mail-from match src bypass > listen on all tls pki example.com filter { trusted check_rdns ... } > *** > *** > /etc/mail/trustedip > *** > 192.168.1.0/24 > *** > When I do 'smtpd -n' I get a syntax error on the line where I define the > filter trusted. > I'm not sure what the error is. > I'm running openbsd 6.6 release. > Can someone shed some light on my syntax error? > Thank you! > With regards, > KJ (Klaas Jan) Schuurs
Re: Unable to setup my OpenSMTPd (version 6.6.4p1)
Hey, > match from any for rcpt-to action action_relay shouldn't that be: match from any for domain mydoain.com rcpt-to action action_relay
Re: 550 invalid recipient issue
Hi, shouldn't that read more like >user1:password::userdb_quota_rule=*:storage=1G without the domain part in the passwd file? > > My passwd file where the user mail address are is: > us...@server.com:password::userdb_quota_rule=*:storage=1G > us...@server.com:password:: -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: OpenSMTPD filters
Yay, Christmas is pretty early this year. ;) > Hi, > I have started committing filters support to OpenBSD today in order > to get them nice and ready for the next major release. > The only part missing at this point is DATA filtering which I'll > probably finish by the end of November. > Filters are in development meaning that keywords will change, > protocol will change, they are not intended to be used by lambda > users yet, only by developers willing to change their code every few days. > I wrote about them in an overview here: > https://poolp.org/posts/2018-11-03/opensmtpd-released-and-upcoming-filters-preview/ > Feel free to ask questions :-)b??yǢ??m?+ -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: smtpctl: need root privileges
Hi, it sure is. doas.conf: permit nopass telegraf as root cmd smtpctl args show stats should do the trick. > I've allowed a passwordless sudo in sudoers on CentOS 7 for a certain > user to be able to execute specific smtpd commands. > Albeit, I have no idea if the same is possible on OpenBSD. > Good luck! > Reio > On 25/09/2018 12:23, Joel Carnat wrote: >> Hi, >> >> (Running OpenBSD 6.3/amd64 with OpenSMTPD 6.0.4) >> >> I want `telegraf` to be allowed to run `/usr/sbin/smtpctl show stats`. >> I configured "_smtpq:*:103:_telegraf" in groups and thought it would run. >> But I still get: >> # doas -u _telegraf /usr/sbin/smtpctl show stats >> smtpctl: need root privileges >> >> Is the thread (https://github.com/OpenSMTPD/OpenSMTPD/issues/678) >> still relevant ? >> Is the only way to get stats is to use doas to execute as root ? >> >> Thanks. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: No Error When Failing To Deliver To Maildir
On Thu, Jul 14, 2016 at 10:59 AM, pete wright <nomadlo...@gmail.com> wrote: > Hello, > I am migrating a currently running Postfix+Dovecot-IMAP system to > OpenSMTPd+Dovecot-IMAP system and am running into an odd issue. > > I am unable to deliver messages to the Maildir that I have copied over > from my Postfix box. Yet, I am able to deliver messages to freshly > created accounts on this system - so I believe most of the plumbing > with smtpd is working. What is confusing me is that I am not getting > an error message when I attempt to deliver a message as show here: > > > debug: lka: userinfo :pete > debug: mda: new session 5006d99cf314b917 for user ":pete" > evpid 56810c49185eba8b > debug: mda: no more envelope for ":pete" > debug: mda: got message fd 4 for session 5006d99cf314b917 evpid > 56810c49185eba8b > debug: mda: querying mda fd for session 5006d99cf314b917 evpid > 56810c49185eba8b > debug: smtpd: forking mda for session 5006d99cf314b917: > "/home/pete/Maildir/" as pete > debug: mda: got mda fd 5 for session 5006d99cf314b917 evpid 56810c49185eba8b > debug: mda: end-of-file for session 5006d99cf314b917 evpid 56810c49185eba8b > debug: mda: all data sent for session 5006d99cf314b917 evpid 56810c49185eba8b > debug: smtpd: mda process done for session 5006d99cf314b917: exited abnormally > delivery: TempFail for 56810c49185eba8b: from=<nomadlo...@gmail.com>, > to=<p...@nomadlogic.org>, user=pete, method=file, delay=19h8m11s, > stat=Error ("") > debug: mda: session 5006d99cf314b917 done > debug: mda: user "pete" becomes runnable > debug: mda: all done for user ":pete" > > > Specifically I am stumped by the "stat=Error("")" piece. I have > verified permissions of this users Maildir are correct, and match a > known working account on this server. I have also moved the old > Maildir out of the way and created a empty one. Yet in all cases I > get the same error. I also have removed this local account and > re-added it with no success. Here is my configuration for reference: > > > % uname -ar > FreeBSD vps-mail.nomadlogic.org 10.3-RELEASE-p4 FreeBSD > 10.3-RELEASE-p4 #0: Sat May 28 12:23:44 UTC 2016 > r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 > > % pkg info opensmtpd | grep -e Name -e Version > Name : opensmtpd > Version: 5.9.2p1_1,1 > > > % cat /usr/local/etc/mail/smtpd.conf > # This is the smtpd server system-wide configuration file. > # See smtpd.conf(5) for more information. > > # Macros > pub_int = "vtnet0" > > # PKI config > pki mail.nomadlogic.org certificate > "/usr/local/etc/mail/ssl/mail.nomadlogic.org.crt" > pki mail.nomadlogic.org key "/usr/local/etc/mail/ssl/mail.nomadlogic.org.key" > > # Listen Rules, loopback no auth but encrypt/auth on public > listen on lo0 > listen on $pub_int tls pki mail.nomadlogic.org > > # If you edit the file, you have to run "smtpctl update table aliases" > table aliases file:/etc/mail/aliases > > # accept local messages and deliver to users maildir > accept from any for domain "nomadlogic.org" deliver to maildir > accept from any for domain "nomadlogic.org" alias deliver to maildir > > # allow outgoing emails > accept for any relay > > > Thanks for any troubleshooting tips in advance! > -pete > > Ah - figured this out right after I sent the email - d'oh! For the archives, I have a .forward file in pete's $HOME containing the following: % cat .forward /home/pete/Maildir/ When I moved that out of the way messages started getting delivered correctly. I guess this was setting up some sort of loop? Regardless - maybe someone will find this helpful in the archives one day. -pete -- pete wright www.nycbug.org @nomadlogicLA -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Verifying addresses on Exchange/AD from an edge server
Hi, i also use table_ldap. However i use a slightly patched version (https://marc.info/?l=opensmtpd-misc=142506912505805=2), because if i remember correctly Exchange will close idle connections and table_ldap as it is won't recover from it. /etc/mail/ldap_pdc.conf url ldap://x.x.x.x username CN=yyy,OU=Dienstekonten,OU=Users,OU=MyBusiness,DC=example,DC=com password zzz basedn OU=MyBusiness,DC=example,DC=com mailaddr_filter (&(proxyAddresses=smtp:%s)(|(objectClass=user)(objectClass=group))) mailaddr_attributes mail > Hi, > While I have a nice edge server now that handles inbound spam/av > using OpenSMTPd, Spam Assassin and ClamAV, I want the OpenSMTPd > server to validate legitimate email addresses on initial connection > before accepting, processing, and relaying them onto the primary > Microsoft Exchange Servers. Now I have seen some examples (over on > undeadly) of LDAP to an openldap instance but don't think that will > work in this case? AD does present and permit LDAP lookups and > provides 'proxyaddresses' of smtp addresses associated to the users > accounts but I don't think there is any facility (that I could find) > to perform this for each connection (similar to table myaddresses > ldap://activedirectory). > Has anyone solved this or know how to achieve this? Maybe even a > script that I can run say every 3 hours, a bit of hackery, uniq and > a makemap would get me by as well. > Thanks, > Jason. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: logging filters
But i can't get any logging from it in syslog. Is that by design, or am i missing something obvious? Yes, you are :^) man 5 syslog.conf Hint: facility, level and prog. Well, probably not something _that_ obvious. ;) Even with below config nothing turns up. But when looking at the code, even mail.info should display it. filter_clamav.c: [...] log_info(info: filter-clamav: result %s, l); I need a bigger cluestick. /etc/syslog.conf: *.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages kern.debug;syslog,user.info /var/log/messages auth.info /var/log/authlog authpriv.debug /var/log/secure cron.info /var/cron/log daemon.info /var/log/daemon ftp.info/var/log/xferlog lpr.debug /var/log/lpd-errs mail.info /var/log/maillog mail.* /var/log/maillog.debug #uucp.info /var/log/uucp *.* /var/log/messages.all -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: logging filters
smtpd -d gives me this: [...] info: filter-clamav: result stream: Eicar-Test-Signature FOUND warn: clamav_filter: on_eom: REJECT virus id=44fa746c81ec2474 [...] But i can't get any logging from it in syslog. Is that by design, or am i missing something obvious? For future reference: It's by design. Since i like having clamav messages in my logs this helped: # diff filter_api.c.orig filter_api.c 767c767 log_init(-1); --- log_init(0); -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org