Re: OpenSmtpd + Dovecot failed

2024-06-10 Thread latincom 
> On 2024/06/10 03:22:54 -0700, latin...@vcn.bc.ca wrote:
>> > On 2024/06/10 02:25:26 -0700, latin...@vcn.bc.ca wrote:
>> >> > On 2024/06/09 20:53:53 -0700, latin...@vcn.bc.ca wrote:
>> >> >> Hello
>> >> >>
>> >> >> I am having this log lines and i am not able to find the error,
>> could
>> >> >> someone help please?:
>> >> >> Jun  9 19:57:24 hawk smtpd[37247]: info: OpenSMTPD 7.5.0 starting
>> >> >> Jun  9 19:57:24 hawk smtpd[97671]: warn: table-proc: pipe closed
>> >> >> Jun  9 19:57:24 hawk smtpd[97671]: lookup: table-proc: exiting
>> >> >
>> >> > smtpd dies because of this: an external table died.
>> >> >
>> >> >> [...]
>> >> >> # tables setup
>> >> >> table domains file:/etc/mail/domains
>> >> >> table passwd passwd:/etc/mail/passwd
>>
>> No, because i am not using current!
>> >> OpenBSD 7.5 (GENERIC) #79: Wed Mar 20 15:33:49 MDT 2024
>
> Ops, sorry, I misread the previous mail.
>
> Well, the cause is that table-passwd dies (since it's the only proc
> table you use.)  Did you do anything to that host recently?  Was it
> just installed?  Something had to happen for it to fail.
>
> Unfortunately at the moment I can't try out on a fresh 7.5 install.
>

That is a testing VM, i can do whatever you tell me!

I did:

i installed 7.5, then i tested znc; znc did not installed the adminweb
module; irssi said that it has been installed; then i did a reinstallation
to test znc on 7.4; znc had the exact same behaviour that at 7.5! At that
moment i had znc, OpenSmtp, Dovecot; all the pkg_info list.

At that mpment everything was working correctly. Syspatch lost 2 patches,
i saw it yesterday when smtpd failed, that is all.

There is not syspatch.log and just 001 and 003 patches were installed!

Partitions are only a and b.

Please tell me what must i test.

Re: OpenSmtpd + Dovecot failed

2024-06-10 Thread latincom 
> On 2024/06/10 02:25:26 -0700, latin...@vcn.bc.ca wrote:
>> > On 2024/06/09 20:53:53 -0700, latin...@vcn.bc.ca wrote:
>> >> Hello
>> >>
>> >> I am having this log lines and i am not able to find the error, could
>> >> someone help please?:
>> >> Jun  9 19:57:24 hawk smtpd[37247]: info: OpenSMTPD 7.5.0 starting
>> >> Jun  9 19:57:24 hawk smtpd[97671]: warn: table-proc: pipe closed
>> >> Jun  9 19:57:24 hawk smtpd[97671]: lookup: table-proc: exiting
>> >
>> > smtpd dies because of this: an external table died.
>> >
>> >> [...]
>> >> # tables setup
>> >> table domains file:/etc/mail/domains
>> >> table passwd passwd:/etc/mail/passwd

No, because i am not using current!
>> OpenBSD 7.5 (GENERIC) #79: Wed Mar 20 15:33:49 MDT 2024

Re: OpenSmtpd + Dovecot failed

2024-06-10 Thread latincom 
> On 2024/06/09 20:53:53 -0700, latin...@vcn.bc.ca wrote:
>> Hello
>>
>> I am having this log lines and i am not able to find the error, could
>> someone help please?:
>> Jun  9 19:57:24 hawk smtpd[37247]: info: OpenSMTPD 7.5.0 starting
>> Jun  9 19:57:24 hawk smtpd[97671]: warn: table-proc: pipe closed
>> Jun  9 19:57:24 hawk smtpd[97671]: lookup: table-proc: exiting
>
> smtpd dies because of this: an external table died.
>
>> [...]
>> # tables setup
>> table domains file:/etc/mail/domains
>> table passwd passwd:/etc/mail/passwd
>
> I guess it's table passwd.

yes, i changed passwd: to file: and smtpd started but is nor reachable
from outside. the patches 1 and 3 are not installed!
opensmtpd-extras-6.7.1p0v0 deleted.

OpenBSD 7.5 (GENERIC) #79: Wed Mar 20 15:33:49 MDT 2024
# pkg_info
bzip2-1.0.8p0   block-sorting file compressor, unencumbered
dovecot-2.3.21v0compact IMAP/POP3 server
gettext-runtime-0.22.5 GNU gettext runtime libraries and programs
icu4c-74.2v0International Components for Unicode
intel-firmware-20240514v0 microcode update binaries for Intel CPUs
libexttextcat-3.4.6 UTF-8 aware language guessing library
libiconv-1.17   character set conversion library
libopensmtpd-0.7library for writing opensmtpd filters
libsodium-1.0.19library for network communications and cryptography
libstemmer-2.2.0stemming algorithms for text processing
lz4-1.9.4   fast BSD-licensed data compression
nano-7.2simple editor, inspired by Pico
opensmtpd-extras-6.7.1p0v0 extras for smtpd
opensmtpd-filter-dkimsign-0.5p2 dkim signer integration to the OpenSMTPD
daemon
quirks-7.14 exceptions to pkg_add rules
sqlite3-3.44.2  embedded SQL implementation
updatedb-0p0pkg_add speed up cache
xz-5.4.5library and tools for XZ and LZMA compressed files
znc-1.8.2p6 advanced IRC bouncer
zstd-1.5.5  zstandard fast real-time compression algorithm

>
> Recently the protocol for table was changed.  If you're running
> OpenBSD-CURRENT, remove opensmtpd-extra, install opensmtpd-table-passwd
> and restart smtpd.  No further changes are needed.
>
> (pkg_add -u should warn that opensmtpd-extra is deprecated and show a
> message that suggests to install the right opensmtpd-table-* package.
> It's also in the "following -current" FAQ page, will become part of the
> next OpenBSD release note.)
>
> If you're running a self-built opensmtpd from the github repo on other
> systems, you have to do the same except that you need to grab
> table-passwd from https://github.com/opensmtpd/table-passwd

Thanks man
>

OpenSmtpd + Dovecot failed

2024-06-09 Thread latincom 
Hello

I am having this log lines and i am not able to find the error, could
someone help please?:
Jun  9 19:57:24 hawk smtpd[37247]: info: OpenSMTPD 7.5.0 starting
Jun  9 19:57:24 hawk smtpd[97671]: warn: table-proc: pipe closed
Jun  9 19:57:24 hawk smtpd[97671]: lookup: table-proc: exiting
Jun  9 19:57:24 hawk smtpd[25623]: smtpd: process lka socket closed
Jun  9 19:57:24 hawk dovecot: master: Dovecot v2.3.21 (47349e2482)
starting up for imap, pop3, lmtp
Jun  9 20:27:35 server dovecot: auth-worker(32754): conn unix:auth-worker
(pid=45344,uid=518): auth-worker<1>:
bsdauth(m...@hawk.host.planetofnix.com,IPx,): unknown user
(SHA1 of given password: e37a2178c21633f396315f93f63594dd80a9b737) -
trying the next passdb
Jun  9 20:27:35 server dovecot: auth-worker(98633): conn unix:auth-worker
(pid=45344,uid=518): auth-worker<1>:
bsdauth(m...@hawk.host.planetofnix.com,IPx,): unknown user
(SHA1 of given password: e37a2178c21633f396315f93f63594dd80a9b737) -
trying the next passdb
Jun  9 20:27:35 server dovecot: auth-worker(32754): conn unix:auth-worker
(pid=45344,uid=518): auth-worker<2>:
passwd(m...@hawk.host.planetofnix.com,IPx,): unknown user 
- trying the next userdb

smtpd.conf
# PKI for TLS
pki hawk.host.planetofnix.com cert
"/etc/ssl/hawk.host.planetofnix.com.fullchain.pem"
pki hawk.host.planetofnix.com key
"/etc/ssl/private/hawk.host.planetofnix.com.key"

# tables setup
table domains file:/etc/mail/domains
table passwd passwd:/etc/mail/passwd
table virtuals file:/etc/mail/virtuals
table hosts file:/etc/mail/hosts
table users file:/etc/mail/users

# Blocks junk mail
filter check_rdns phase connect match !rdns junk
filter check_fcrdns phase connect match !fcrdns junk
filter "dkimsign" proc-exec "filter-dkimsign -d hawk.host.planetofnix.com
-s mail -k /etc/mail/dkim/private.key" user _smtpd group _smtpd

# macros
ipv4 = "104.167.242.198"
ipv6 = "2602:fccf:1:2198::"
check = "pki hawk.host.planetofnix.com mask-src filter { check_rdns
check_fcrdns } hostname hawk.host.planetofnix.com"
authcheck = "pki hawk.host.planetofnix.com auth  mask-src senders
 filter { check_rdns check_fcrdns dkimsign } hostname
hawk.host.planetofnix.com"

# listeners
listen on socket filter "dkimsign"
listen on lo0 filter "dkimsign"
listen on $ipv4 port 25 tls $check
listen on $ipv6 port 25 tls $check
listen on $ipv4 port 465 smtps $authcheck
listen on $ipv6 port 465 smtps $authcheck
listen on $ipv4 port 587 tls-require $authcheck
listen on $ipv6 port 587 tls-require $authcheck

# rules
action "lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual 
action "outbound" relay src $ipv4

match from any for domain  action "lmtp"
match from local for any action "outbound"
match from src  for any action "outbound"
match auth from any for any action "outbound"

dovecot.conf
!include_try local.conf

protocols = imap pop3 lmtp
listen = 104.167.242.198, 2602:fccf:1:2198::
service lmtp {
  user = vmail
}

# smtpd -dv -T smtp
debug: init ssl-tree
info: loading pki information for hawk.host.planetofnix.com
debug: init ca-tree
debug: init ssl-tree
info: loading pki keys for hawk.host.planetofnix.com
debug: using "fs" queue backend
debug: using "ramqueue" scheduler backend
debug: using "ram" stat backend
info: OpenSMTPD 7.5.0 starting
debug: init ssl-tree
info: loading pki information for hawk.host.planetofnix.com
debug: init ca-tree
debug: init ssl-tree
info: loading pki keys for hawk.host.planetofnix.com
debug: using "fs" queue backend
debug: using "ramqueue" scheduler backend
debug: using "ram" stat backend
setup_peer: crypto -> control[65780] fd=5
setup_peer: crypto -> dispatcher[57765] fd=6
setup_done: ca[5903] done
debug: init ssl-tree
info: loading pki information for hawk.host.planetofnix.com
debug: init ca-tree
debug: init ssl-tree
info: loading pki keys for hawk.host.planetofnix.com
debug: using "fs" queue backend
debug: using "ramqueue" scheduler backend
debug: using "ram" stat backend
setup_peer: control -> crypto[5903] fd=5
setup_peer: control -> lookup[57295] fd=6
setup_peer: control -> dispatcher[57765] fd=7
setup_peer: control -> queue[57067] fd=8
setup_peer: control -> scheduler[40727] fd=9
setup_done: control[65780] done
debug: init ssl-tree
info: loading pki information for hawk.host.planetofnix.com
debug: init ca-tree
debug: init ssl-tree
info: loading pki keys for hawk.host.planetofnix.com
debug: using "fs" queue backend
debug: using "ramqueue" scheduler backend
debug: using "ram" stat backend
setup_peer: lookup -> control[65780] fd=5
setup_peer: lookup -> dispatcher[57765] fd=6
setup_peer: lookup -> queue[57067] fd=7
setup_done: lka[57295] done
debug: init ssl-tree
info: loading pki information for hawk.host.planetofnix.com
debug: init ca-tree
debug: init ssl-tree
info: loading pki keys for hawk.host.planetofnix.com
debug: using "fs" queue backend
debug: using "ramqueue" scheduler backend
debug: using "ram" stat backend
setup_peer: queue -> control[65780] fd=5
setup_peer: queue -> dispatcher[57765] fd=6
setup_peer: queue -> lookup[57295]

Re: Dokuwiki

2023-09-07 Thread latincom 
>
>> Am 08.09.2023 um 00:38 schrieb latin...@vcn.bc.ca:
>>
>> Hello
>>
>> Does somebody can help? OpenBSD 7.3 Dokuwiki
>> # ps ax |grep dokuwiki
>> 27461 p0  S+p  0:00.01 grep dokuwiki
>
> DokuWiki is not a process. So the above does not make any sense.
>
>
>> The error.log at /www/log is full of this messages and dokuwiki stop
>> working:
>>
>> Access to the script '/dokuwiki' has been denied (see
>> security.limit_extensions)
> …
>> Access to the script '/dokuwiki' has been denied (see
>> security.limit_extensions)
>>
>> Thanks for your attention.
>
> You need to show us the relevant server {} block in your /etc/httpd.conf
> (assuming that you are using httpd(8) as the web server).
>
> The actual error message refers to the php-fpm setting, see
> https://www.php.net/manual/en/install.fpm.configuration.php#security-limit-extensions.
> But feeding the path /dokuwiki to php-fpm does not make any sense, so the
> root cause is somewhere else.
>
> Also you may want to take a look at
> https://www.dokuwiki.org/install:openbsd for some additional hints.
>
>
> This is what a working httpd.conf could look like:
> (You may want to replace the server name with an FQDN or add an alias
> setting. You would also need a port 80 host to redirect to https and to
> handle ACME certificate verification. But that is all standard web server
> stuff, not specific to DokuWiki.)
>
> server "default" {
>   listen on $my_ipv6 tls port 443
>
>   tls {
>   certificate "/etc/ssl/acme/fullchain.pem"
>   key "/etc/ssl/acme/private/privkey.pem"
>   }
>
>   log style combined
>
>   root "/dokuwiki"
>   directory index doku.php
>
>   connection max request body 2097152 # Default is 2M for
> upload_max_filesize and 8M for post_max_size.
>
>   location "/*.inc" { block }
>   location "/*.ht*" { block }
>   location "/data/*" { block }
>   location "/conf/*" { block }
>   location "/bin/*" { block }
>   location "/inc/*" { block }
>   location "/vendor/*" { block }
>
>   location "*.php" {
>   fastcgi socket "/run/php-fpm.sock"
>   }
> }
>
>
> Mike
>
>

Hello Mike yes, it is different! My complete httpd.conf thanks.

# $OpenBSD: httpd.conf,v 1.22 2020/11/04 10:34:18 denis Exp $

server "agroena.org" {
listen on * port 80
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
location * {
block return 302 "https://$HTTP_HOST$REQUEST_URI;
}
}

server "agroena.org" {
listen on * tls port 443
root "/htdocs/agroena.org"
tls {
certificate "/etc/ssl/agroena.org.fullchain.pem"
key "/etc/ssl/private/agroena.org.key"
}
location "/pub/*" {
directory auto index
}
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
}

server "consultores.agroena.org" {
listen on * tls port 443
root "/htdocs/consultores"
tls {
certificate "/etc/ssl/agroena.org.fullchain.pem"
key "/etc/ssl/private/agroena.org.key"
}
location "/pub/*" {
directory auto index
}
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
}

server "historia.agroena.org" {
listen on * tls port 443
root "/dokuwiki"
tls {
certificate "/etc/ssl/agroena.org.fullchain.pem"
key "/etc/ssl/private/agroena.org.key"
}

location "/pub/*" {
directory auto index
}

location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
location "*.php" {
fastcgi socket "/run/php-fpm.sock"
}
location "*~" {
block drop
}
location match "/kb/data/" {
block drop
}
location match "/kb/conf/" {
block drop
}
location match "/kb/bin/" {
block drop
}
location match "/kb/inc/" {
block drop
}
location match "/kb/vendor/" {
block drop
}
}

Re: Announce: OpenSMTPD 7.3.0p0 released

2023-06-17 Thread latincom 
> Hello,
>
> OpenBSD 7.3 ships with the code used to build OpenSMTPD 7.3.0 portable,
> so you're not "affected" by this release: releases announced here are a
> port of OpenSMTPD for other systems.
>
> Gilles
>
>
> June 17, 2023 6:21 PM, latin...@vcn.bc.ca wrote:
>

Thanks so much Gilles the blood pressure came to normal!

>> Hello
>>
>> Please excuse my question, if i am lost!
>>
>> I have 3 e-mail servers using OpenSMTPD that come with OpenBSD 7.3.
>>
>> Does this complicated thing that you mentioned is going to affect my
>> servers?
>>
>> I use OpenBSD because its simplicity!
>>
>> Thanks.
>>
>>> OpenSMTPD 7.3.0p0 has just been released.
>>>
>>> OpenSMTPD is a FREE implementation of the SMTP protocol with some
>>> common
>>> extensions. It allows ordinary machines to exchange e-mails with
>>> systems
>>> speaking the SMTP protocol. It implements a fairly large part of
>>> RFC5321
>>> and can already cover a large range of use-cases.
>>>
>>> It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, Linux and OSX.
>>>
>>> The archives are now available from the main site at www.OpenSMTPD.org
>>>
>>> We would like to thank the OpenSMTPD community for their help in
>>> testing
>>> the snapshots, reporting bugs, contributing code and packaging for
>>> other
>>> systems.
>>>
>>> This is a major release with multiple bug fixes and new features.
>>>
>>> Dependencies note:
>>> ==
>>>
>>> This release builds with LibreSSL, or OpenSSL > 1.1.1 optionally with
>>> LibreTLS.
>>>
>>> LibreTLS 3.7.0 has a known regression with OpenSSL 3+, so please use
>>> the bundled one using the `--with-bundled-libtls' configure flag until
>>> it is updated.
>>>
>>> It's preferable to depend on LibreSSL as OpenSMTPD is written and
>>> tested
>>> with that dependency. OpenSSL library is considered as a best effort
>>> target TLS library and provided as a commodity, LibreSSL has become our
>>> target TLS library.
>>>
>>> Changes in this release:
>>> 
>>>
>>> Includes the following security fixes:
>>> - OpenBSD 7.2 errata 20 "smtpd(8) could abort due to a
>>> connection from a local, scoped ipv6 address"
>>> - OpenBSD 7.2 errata 22 "Out of bounds accesses in libc resolver"
>>>
>>> Configuration changes:
>>> - The certificate to use is now selected by looking at the names
>>> found in the certificates themselves rather than the `pki` name.
>>> The set of certificates for a TLS listener must be defined
>>> explicitly by using the `pki` listener option multiple times.
>>>
>>> Synced with OpenBSD 7.3:
>>> - OpenBSD 6.9:
>>> * Introduced smtp(1) `-a` to perform authentication before sending
>>> a message.
>>> * Fixed a memory leak in smtpd(8) resolver.
>>> * Prevented a crash due to premature release of resources by the
>>> smtpd(8) filter state machine.
>>> * Switch to libtls internally.
>>> * Change the way SNI works in smtpd.conf(5). TLS listeners may be
>>> configured with multiple certificates. The matching is based on
>>> the names included in the certificates.
>>> * Allow to specify TLS protocols and ciphers per listener and
>>> relay action.
>>> - OpenBSD 7.0:
>>> * Fixed incorrect status code for expired mails resulting in
>>> misleading bounce report in smtpd(8).
>>> * Added TLS options `cafile=(path)`, `nosni`, `noverify` and
>>> `servername=(name)` to smtp(1).
>>> * Allowed specification of TLS ciphers and protocols in smtp(1).
>>> - OpenBSD 7.1:
>>> * Stop verifying the cert or CA for a relay using opportunistic TLS.
>>> * Enabled TLS verify by default for outbound "smtps://" and
>>> "smtp+tls://", restoring documented smtpd(8) behavior.
>>> - OpenBSD 7.3:
>>> * Prevented smtpd(8) abort due to a connection from a local,
>>> scoped ipv6 address.
>>>
>>> Portable layer changes:
>>> - libbsd and libtls are now optionally used if found.
>>> + Added `--with-libbsd`/`--without-libbsd` configure flag to enable
>>> linking to libbsd-overlay.
>>> + Added `--with-bundled-libtls` to force the usage of the bundled
>>> libtls.
>>>
>>> LibreTLS 3.7.0 (last version at the time of writing) and previous
>>> have a regression with OpenSSL 3+, so please use the bundled one.
>>> See the GitHub issue #1171 for more info.
>>>
>>> - Updated and cleanup of the OpenBSD compats.
>>> + Ported `res_randomid()` from OpenBSD.
>>>
>>> - The configure option `--with-path-CAfile` shouldn't be required
>>> anymore in most systems but it is retained since it could be useful in
>>> some configuration when using the bundled libtls.
>>>
>>> - Various minor portability fixes.
>>>
>>> Checksums:
>>> ==
>>>
>>> SHA256 (opensmtpd-7.3.0p0.tar.gz) =
>>> 2dd7a5a8ca127be7eb491540405684acb3dd04d93ad23d7709accd2b0450cae6
>>>
>>> Verify:
>>> ===
>>>
>>> Starting with version 5.7.1, releases are signed with signify(1).
>>>
>>> You can obtain the public key from our website, check with our
>>> community
>>> that it has not been altered on its way to your machine.
>>>
>>> $ wget

Re: Announce: OpenSMTPD 7.3.0p0 released

2023-06-17 Thread latincom 
> On 2023/06/17 09:21:45 -0700, latin...@vcn.bc.ca wrote:
>> Hello
>>
>> Please excuse my question, if i am lost!
>>
>> I have 3 e-mail servers using OpenSMTPD that come with OpenBSD 7.3.
>>
>> Does this complicated thing that you mentioned is going to affect my
>> servers?
>>
>> I use OpenBSD because its simplicity!
>>
>> Thanks.
>
> I should have probably mentioned more clearly that this was the
> announce for the -portable version that exists to port OpenSMTPD to
> other systems.
>
> So, no, if you're using OpenBSD smtpd is in base you were already
> using the latest version :)
>
>
> Cheers,
>
> Omar Polo
>

Thank Polo for the information.

Re: Announce: OpenSMTPD 7.3.0p0 released

2023-06-17 Thread latincom 
Hello

Please excuse my question, if i am lost!

I have 3 e-mail servers using OpenSMTPD that come with OpenBSD 7.3.

Does this complicated thing that you mentioned is going to affect my servers?

I use OpenBSD because its simplicity!

Thanks.

> OpenSMTPD 7.3.0p0 has just been released.
>
> OpenSMTPD is a FREE implementation of the SMTP protocol with some common
> extensions. It allows ordinary machines to exchange e-mails with systems
> speaking the SMTP protocol. It implements a fairly large part of RFC5321
> and can already cover a large range of use-cases.
>
> It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, Linux and OSX.
>
> The archives are now available from the main site at www.OpenSMTPD.org
>
> We would like to thank the OpenSMTPD community for their help in testing
> the snapshots, reporting bugs, contributing code and packaging for other
> systems.
>
> This is a major release with multiple bug fixes and new features.
>
>
> Dependencies note:
> ==
>
> This release builds with LibreSSL, or OpenSSL > 1.1.1 optionally with
> LibreTLS.
>
> LibreTLS 3.7.0 has a known regression with OpenSSL 3+, so please use
> the bundled one using the `--with-bundled-libtls' configure flag until
> it is updated.
>
> It's preferable to depend on LibreSSL as OpenSMTPD is written and tested
> with that dependency. OpenSSL library is considered as a best effort
> target TLS library and provided as a commodity, LibreSSL has become our
> target TLS library.
>
>
> Changes in this release:
> 
>
> Includes the following security fixes:
>   - OpenBSD 7.2 errata 20 "smtpd(8) could abort due to a
> connection from a local, scoped ipv6 address"
>   - OpenBSD 7.2 errata 22 "Out of bounds accesses in libc resolver"
>
> Configuration changes:
>   - The certificate to use is now selected by looking at the names
> found in the certificates themselves rather than the `pki` name.
> The set of certificates for a TLS listener must be defined
> explicitly by using the `pki` listener option multiple times.
>
> Synced with OpenBSD 7.3:
>   - OpenBSD 6.9:
> * Introduced smtp(1) `-a` to perform authentication before sending
>   a message.
> * Fixed a memory leak in smtpd(8) resolver.
> * Prevented a crash due to premature release of resources by the
>   smtpd(8) filter state machine.
> * Switch to libtls internally.
> * Change the way SNI works in smtpd.conf(5).  TLS listeners may be
>   configured with multiple certificates.  The matching is based on
>   the names included in the certificates.
> * Allow to specify TLS protocols and ciphers per listener and
>   relay action.
>   - OpenBSD 7.0:
> * Fixed incorrect status code for expired mails resulting in
>   misleading bounce report in smtpd(8).
> * Added TLS options `cafile=(path)`, `nosni`, `noverify` and
>   `servername=(name)` to smtp(1).
> * Allowed specification of TLS ciphers and protocols in smtp(1).
>   - OpenBSD 7.1:
> * Stop verifying the cert or CA for a relay using opportunistic TLS.
> * Enabled TLS verify by default for outbound "smtps://" and
>   "smtp+tls://", restoring documented smtpd(8) behavior.
>   - OpenBSD 7.3:
> * Prevented smtpd(8) abort due to a connection from a local,
>   scoped ipv6 address.
>
> Portable layer changes:
>   - libbsd and libtls are now optionally used if found.
> + Added `--with-libbsd`/`--without-libbsd` configure flag to enable
>   linking to libbsd-overlay.
> + Added `--with-bundled-libtls` to force the usage of the bundled
>   libtls.
>
>   LibreTLS 3.7.0 (last version at the time of writing) and previous
>   have a regression with OpenSSL 3+, so please use the bundled one.
>   See the GitHub issue #1171 for more info.
>
>   - Updated and cleanup of the OpenBSD compats.
> + Ported `res_randomid()` from OpenBSD.
>
>   - The configure option `--with-path-CAfile` shouldn't be required
> anymore in most systems but it is retained since it could be useful in
> some configuration when using the bundled libtls.
>
>   - Various minor portability fixes.
>
> Checksums:
> ==
>
>   SHA256 (opensmtpd-7.3.0p0.tar.gz) =
>   2dd7a5a8ca127be7eb491540405684acb3dd04d93ad23d7709accd2b0450cae6
>
>
> Verify:
> ===
>
> Starting with version 5.7.1, releases are signed with signify(1).
>
> You can obtain the public key from our website, check with our community
> that it has not been altered on its way to your machine.
>
>$ wget https://www.opensmtpd.org/archives/opensmtpd-20181026.pub
>
> Once you are confident the key is correct, you can verify the release as
> described below:
>
> 1- download both release tarball and matching signature file to same
> directory:
>
>$ wget https://www.opensmtpd.org/archives/opensmtpd-7.3.0p0.sum.sig
>$ wget https://www.opensmtpd.org/archives/opensmtpd-7.3.0p0.tar.gz
>
>
> 2- use `signify` to verify that signature file is properly

Re: After sysupgrade 7.2 to 7.3 Opensmtpd + Dovecot

2023-04-28 Thread latincom 
>> It's failing to bind to an address you've set in your config.
>>
>> What does your smtpd.conf look like?
>>
>
> Yes man, thank you Andrew, i ate 1 number!
>
> BTW what Web Mail is recomended by the Project? i could not identify them
> in Packages. I was looking for Squirrel mail.
>
> Thanks again!
>
>

Thank you all for your recommendations.

Re: After sysupgrade 7.2 to 7.3 Opensmtpd + Dovecot

2023-04-25 Thread latincom 
> It's failing to bind to an address you've set in your config.
>
> What does your smtpd.conf look like?
>

Yes man, thank you Andrew, i ate 1 number!

BTW what Web Mail is recomended by the Project? i could not identify them
in Packages. I was looking for Squirrel mail.

Thanks again!


> On 4/24/23 19:56, latin...@vcn.bc.ca wrote:
>> Hello
>>
>> Does somebody know the exact meaning of the next message at maillog,
>> please?
>>
>> info: OpenSMTPD 7.0.0 starting
>> dispatcher: smtpd: bind: Can't assign requested address
>> smtpd: process control socket closed
>>
>>
>

After sysupgrade 7.2 to 7.3 Opensmtpd + Dovecot

2023-04-24 Thread latincom 
Hello

Does somebody know the exact meaning of the next message at maillog, please?

info: OpenSMTPD 7.0.0 starting
dispatcher: smtpd: bind: Can't assign requested address
smtpd: process control socket closed

smtp ports, protocoles, and authtentication?

2022-09-18 Thread latincom 
Hello

>From the internet:
"In its "secure by default" configuration, OpenSMTPD does not accept to
receive messages from the network, limiting its server capabilities, but
accepts sending to the network, making use of its client capabilities.
Either way, incoming or outgoing, it supports IPv4, IPv6, and
encapsulating SMTP sessions in TLS either by using the SMTPS protocol, or
by using the STARTTLS extension to the SMTP protocol."

What could be the :
"In its "secure by default" configuration, for OpenSMTPD" please?

Re: delivering mail from virtual user

2022-09-16 Thread latincom 
> Hello
>
> i have an Openbsd 7.1, with Opensmtpd + Dovecot; it is working as
> expected. But i ned that 1 Virtual user re-send e-mail to 5 different
> address or users.
>
> I think that it could be made, by 1 alias table, or team table!
>
> But i am not clear how to do it!
>
> Can somebody share some similar situation please? or a contundent and
> clear answer please?
>
> Thanks
>
>

I think that, it is what i need! But i do not have an idea how to add it
to smtpd.conf can somebody help please?

"table domains { agroena.org consultores.ca }
table staff { staff => staff_1,staff_2,staff_3 }
accept for domain  virtual "

PS:
table domains already exist, table staff does not exist.


# PKI for TLS
pki agroena.org cert "/etc/ssl/agroena.org.fullchain.pem"
pki agroena.org key "/etc/ssl/private/agroena.org.key"

# tables setup
table domains file:/etc/mail/domains
table passwd file:/etc/mail/passwd
table virtuals file:/etc/mail/virtuals
table hosts file:/etc/mail/hosts
table users file:/etc/mail/users

# Blocks junk mail
filter check_rdns phase connect match !rdns junk
filter check_fcrdns phase connect match !fcrdns junk
filter "dkimsign" proc-exec "filter-dkimsign -d agroena.org -s mail -k
/etc/mail/dkim/private.key" user _smtpd group _smtpd

# macros
ipv4 = "45.77.223.248"
ipv6 = "2001:19f0:5:3b4d:5400:04ff:fe1a:ee7b"
check = "pki agroena.org mask-src filter { check_rdns check_fcrdns }
hostname agroena.org"
authcheck = "pki agroena.org auth  mask-src senders  filter
{ check_rdns check_fcrdns dkimsign } hostname agroena.org"

# listeners
listen on socket filter "dkimsign"
listen on lo0 filter "dkimsign"
listen on $ipv4 port 25 tls $check
listen on $ipv6 port 25 tls $check
listen on $ipv4 port 465 smtps $authcheck
listen on $ipv6 port 465 smtps $authcheck
listen on $ipv4 port 587 tls-require $authcheck
listen on $ipv6 port 587 tls-require $authcheck

# rules
action "lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual 
action "outbound" relay src $ipv4

match from any for domain  action "lmtp"
match from local for any action "outbound"
match from src  for any action "outbound"
match auth from any for any action "outbound"

delivering mail from virtual user

2022-09-14 Thread latincom 
Hello

i have an Openbsd 7.1, with Opensmtpd + Dovecot; it is working as
expected. But i ned that 1 Virtual user re-send e-mail to 5 different
address or users.

I think that it could be made, by 1 alias table, or team table!

But i am not clear how to do it!

Can somebody share some similar situation please? or a contundent and
clear answer please?

Thanks