subject:"Setting personal mailserver"

Re: Setting personal mailserver

2023-09-09 Thread Tassilo Philipp

Thanks for the link. They don't require it though, according to the doc, 
they don't even enforce it for gmail when using it with own domains.


It's certainly a good practice, though, that's true.



On Sat, Sep 09, 2023 at 01:54:48PM +0900, Pontus Stenetorp wrote:

On Sat 09 Sep 2023, Stuart Longland wrote:

On 9/9/23 01:28, Tassilo Philipp wrote:
[...] I didn't bother with DKIM until Google started mandating 
it for example [...[


Hm... do you have a reference for that? I don't have that 
experience with gmail servers. Also I don't find info about that 
being mandatory, online.


https://support.google.com/a/answer/174124?hl=en#hcfe-content

Sadly, I don't have any log messages to show, because I last had the 
problem in May 2021, and my log retention does not go back that far.


At least from my experience and from reading Google's documentation, Google 
does not *require* both DKIM and SPF, but has since late 2022 or early 2023 
started to randomly reject e-mails that has *neither*:

550-5.7.26 This mail is unauthenticated, which poses a security risk to 
the sender and Gmail users, and has been blocked. The sender must authenticate 
with at least one of SPF or DKIM. For this message, DKIM checks did not pass 
and SPF check for [example.com] did not pass with ip: [127.0.0.1]. The sender 
should visit https://support.google.com/mail/answer/81126#authentication for 
instructions on setting up authentication.

I doubt that DKIM ever hurts though if you have it set up.

Re: Setting personal mailserver

2023-09-08 Thread Pontus Stenetorp

On Sat 09 Sep 2023, Stuart Longland wrote:
> On 9/9/23 01:28, Tassilo Philipp wrote:
> > > [...] I didn't bother with DKIM until Google started mandating
> > > it for example [...[
> > 
> > Hm... do you have a reference for that? I don't have that
> > experience with gmail servers. Also I don't find info about that
> > being mandatory, online.
> 
> https://support.google.com/a/answer/174124?hl=en#hcfe-content
> 
> Sadly, I don't have any log messages to show, because I last had the
> problem in May 2021, and my log retention does not go back that far.

At least from my experience and from reading Google's documentation, Google 
does not *require* both DKIM and SPF, but has since late 2022 or early 2023 
started to randomly reject e-mails that has *neither*:

550-5.7.26 This mail is unauthenticated, which poses a security risk to 
the sender and Gmail users, and has been blocked. The sender must authenticate 
with at least one of SPF or DKIM. For this message, DKIM checks did not pass 
and SPF check for [example.com] did not pass with ip: [127.0.0.1]. The sender 
should visit https://support.google.com/mail/answer/81126#authentication for 
instructions on setting up authentication.

I doubt that DKIM ever hurts though if you have it set up.

Re: Setting personal mailserver

2023-09-08 Thread Stuart D Gathman


On Thu, 7 Sep 2023, Sagar Acharya wrote:


In today's times of mature NLP, you will not be able to differentiate
human mail from bot mail or spam. Only in person verification is
trustworthy.  No. Are you saying that only people who control the
network should send mails? Well DNS exactly is for that. If you find I
send spams, you can easily easily block mails from my domain
humaaraartha.in but it is not wise nor ethical to by default not allow
people to mail.


Acckshully ... when using centralized DNS root zone, ICANN, they
can cancel/spoof domains.  And TLS is worse, as the shadowy TLS
global cabal decides the list of CAs full trusted.  (And browsers
do not support CA veto out of the box.)  This lets the cabal MITM 
your TLS connections.


DNS was designed to be federated - so you can lessen your dependence
on ICANN by running your own root zone, or using a community root zone
like https://www.opennic.org


That issue lies because hardware is not mapped to people. There is no
technological solution for trust hopping between machines. ssh should
be discouraged and each machine, denoted by single IP address should
be mapped to a human. So humaaraartha.in is run by Sagar Acharya.


Yes, see https://github.com/cjdelisle/cjdns and
https://github.com/yggdrasil-network/yggdrasil-go both of which 
create crypto unique authenticated IPv6 addresses.  Use the raw IPv6

to send emails and make phone calls.


Well, what action should be implemented for sending emails. I don't


The scheme I use for fully decentralized opensmtpd and SIP is described 
at https://fedoramagazine.org/decentralize-common-fedora-apps-cjdns/

(Older version of opensmptpd for that article.)

I even have a few people that will talk to me that way.  And no spam.
I do get connects from various spiders looking for mail server listening,
but so far no spam.

It is a hard sell ...

Re: Setting personal mailserver

2023-09-08 Thread Stuart Longland


On 9/9/23 01:28, Tassilo Philipp wrote:
[...] I didn't bother with DKIM until Google started mandating it for 
example [...[


Hm... do you have a reference for that? I don't have that experience 
with gmail servers. Also I don't find info about that being mandatory, 
online.


https://support.google.com/a/answer/174124?hl=en#hcfe-content

Sadly, I don't have any log messages to show, because I last had the 
problem in May 2021, and my log retention does not go back that far.

--
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.

Re: Setting personal mailserver

2023-09-08 Thread Tassilo Philipp

[...] I didn't bother with DKIM until Google started mandating it for
example [...[

Hm... do you have a reference for that? I don't have that experience
with gmail servers. Also I don't find info about that being mandatory,
online.

On Fri, Sep 08, 2023 at 08:24:38AM +1000, Stuart Longland wrote:

On 7/9/23 20:44, Sagar Acharya wrote:

Let the mail providers have their setups. Is it possible to have a
configuration where I have 2 servers, example.com example2.com where I can send
and receive emails on ports say, 777 on plaintext, starttls optional and port
778 with smtps?

Give me a configuration for such a thing.

humaaraartha.in. TXT "v=spf1 ipv4:{myipv4address} -all"
humaaraartha.in. TXT "resports:777,778"
humaaraartha.in. humaaraartha.in. MX 10 humaaraartha.in.
humaaraartha.in. A {myipv4address}
That is all you have, nothing more for both servers. Can you help me send and recieve mails on ports 777,778 with just above DNS and smtpd? I can add SRV records for detection of ports 777, 778 if you want.

Okay, not quite sure what the "resports" TXT record is achieving (a
quick search on the topic didn't reveal any documentation on how it
was supposed to work or correct syntax). I won't labour the point
about outgoing port 25 traffic since others have covered this already.

You can of course use different ports between servers on an
agreed-upon manner. e.g. say we have a server, bnemx.vk4msl.com,
running OpenSMTPD:

vk4msl-bne# cat /etc/mail/smtpd.conf
# $OpenBSD: smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles Exp $

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

#table aliases file:/etc/mail/aliases
table virtualdomains file:/etc/mail/virtualdomains
table virtualusers file:/etc/mail/virtualusers

pki bnemx cert "/etc/ssl/bnemx.vk4msl.com.fullchain.pem"
pki bnemx key "/etc/ssl/private/bnemx.vk4msl.com.key"
pki bnemx dhe auto

listen on socket
listen on all tls pki bnemx

… etc, I won't post the full config.

Those `listen` lines are the key, from smtpd.conf manpage:

listen on interface [family] [options]
Listen on the interface for incoming connections, using the same
syntax as ifconfig(8). The interface parameter may also be an
interface group, an IP address, or a domain name. Listening can
optionally be restricted to a specific address family, which can
be either inet4 or inet6.

In amongst the options:

port [port]
Listen on the given port instead of the default port 25.

So if I chose to, I could add:

listen on all port 777

and then re-start smtpd, I'd now be listening on port 777.

You could then tell your SMTP server to send to port 777 when sending
to my domain.

But doing so would be useless:
- no one else would bother using port 777/tcp: they would most likely
use port 25
- you wouldn't be able to send to any other server, unless they too,
chose to use port 777/tcp.

If you have a good proposal for how such alternative ports could be
advertised (maybe via DNS TXT record), perhaps you could propose that
as a Request For Comment to the Internet Engineering Task Force… and
maybe if enough people thought it was a good idea, it would be adopted
with its own official RFC number (like RFC-821, later replaced by
RFC-2821 and RFC-5321).

That though, won't mean instant ability to pick your own port number.
The "alternate port number" feature would then need to be added to the
various SMTP servers out there. Then sysadmins would need to install
that version.

This may take years, or even never happen in some cases. (Qmail is
still IPv4-only because the author believes IPv6 is unnecessary.)

Regardless of what you think of spam or how to fight it, the truth is
the small fish don't make the rules in this game. You and I are small
fish. I've been mucking around with mail servers pretty much this
whole century so far.

I started with trialling something over dial-up (ever seen a 56kbps
modem screaming under the strain of an outbound mail queue stuffed
with spam? I have!)… moved to using Sendmail on an old Slackware
server hosted on ADSL with 2GB SCSI disks and a self-signed HTTPS
certificate for webmail in 2001. Been running my own server ever
since.

It's not impossible to do it yourself, and dealing with spam is a
constant cat-and-mouse game. Things have become more complex out of
necessity (I didn't bother with DKIM until Google started mandating it
for example), but even then, not overly difficult.

The minimum standard however has changed over the years as
requirements changed. That includes:

- outbound SMTP unblocked -- pretty much since forever since that's
how TCP/IP works
- static IPv4 -- dynamic IPv4 has not been possible since ~2004 or so
- SPF DNS records -- since ~2010 or so

- DKIM signing and DMARC policies --

Re: Setting personal mailserver

2023-09-08 Thread Reio Remma


On 08.09.2023 09:42, Stuart Longland wrote:

Your options are:
1. set up a server outside your ISPs network that can transmit the 
message for you (e.g. if Internode decide to block port 25 or withdraw 
my public IP, I might use my secondary MX as the outbound mail server 
relay.)
2. use your ISPs mail server as a relay (after adding it to your SPF 
records along with any DKIM keys needed)

3. move to an ISP that lets you do this stuff

I'd suggest (3) is your best option… as trying to circumvent firewall 
rules will likely get you disconnected for violating their Terms of 
Service anyway.  (I note humaaraartha.in appears to be hosted by MTNL 
India, but their website is not responding for me at this time.)


You can get a virtual server for 5€/m with a static IP and configurable 
reverse DNS - the same price as getting a mere static IP from my ISP.


Good luck
Reio

Re: Setting personal mailserver

2023-09-08 Thread Stuart Longland


On 8/9/23 15:51, Sagar Acharya wrote:

SRV records would get port, like

https://xmpp.org/extensions/xep-0368.html

The logic would be like, say there is opensmtpd on the other server 
too.


dig _mail._smtp.humaaraartha.in. SRV get_port_from_SRV() if 
found_different_port()  try_port() else  try_25()


Sounds okay… but you'd have to get that supported by:

- sendmail
- postfix
- netqmail
- opensmtpd
- exim
- Microsoft Exchange
- Google's mail server (whatever they call it)
… and umpteen other possible mail servers.

It isn't yet as far as I know.

Another is for the MX record to support `hostname:port`, although one
could argue MX could be readily replaced by SRV.

Also, this does not solve your outbound SMTP issue: it'd only advertise 
to others that "I listen on a different port".


It doesn't tell my server to start listening on a different port.  Nor 
does it tell any firewalls in between to suddenly allow this 
out-of-the-ordinary connection.



Caching can also be done for future requests.


Yeah well, DNS will do that anyway.  That's what the TTL field is for.

You and I are small fish. I've been mucking around with mail 
servers pretty much this whole century so far.
OpenBSD and suckless are moving forward and providing solutions. 
Which mailserver do you use?


Postfix on AlpineLinux is my primary MX.  Simply out of familiarity, I
started with sendmail then later Qmail, but migrated to Postfix some
time around 2006 or so.

OpenSMTPD (and spamd) on OpenBSD is my secondary MX.  I have some custom
scripts that then store the email OpenPGP-encrypted for later collection
by the primary MX in case there's downtime.

The vast majority of my email traffic is direct to the primary MX 
(probably because of spamd's greylisting).



If we can establish that any software be run on any port, then
blocking ports won't make sense. Besides, they can block any domains
and they already do if they find spam there. SPAM is just an excuse.


Moving ports won't solve the problem.  Yes it'd be nice to say, "ohh, by 
the way my SMTP is listening on port 2225", but that won't help you. 
You're expecting the world to move off 25/tcp for SMTP so you can hit it 
behind your ISP's firewall.


That won't happen.

Your options are:
1. set up a server outside your ISPs network that can transmit the 
message for you (e.g. if Internode decide to block port 25 or withdraw 
my public IP, I might use my secondary MX as the outbound mail server 
relay.)
2. use your ISPs mail server as a relay (after adding it to your SPF 
records along with any DKIM keys needed)

3. move to an ISP that lets you do this stuff

I'd suggest (3) is your best option… as trying to circumvent firewall 
rules will likely get you disconnected for violating their Terms of 
Service anyway.  (I note humaaraartha.in appears to be hosted by MTNL 
India, but their website is not responding for me at this time.)

--
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.

Re: Setting personal mailserver

2023-09-07 Thread Sagar Acharya

Thank you Stuart. That is very helpful.

SRV records would get port, like 

https://xmpp.org/extensions/xep-0368.html

The logic would be like, say there is opensmtpd on the other server too.

dig _mail._smtp.humaaraartha.in. SRV
get_port_from_SRV()
if found_different_port()  try_port()
else  try_25()

Caching can also be done for future requests.

> You and I are small fish. I've been mucking around with mail servers pretty 
> much this whole century so far.

OpenBSD and suckless are moving forward and providing solutions. Which 
mailserver do you use? If we can establish that any software be run on any 
port, then blocking ports won't make sense. Besides, they can block any domains 
and they already do if they find spam there. SPAM is just an excuse.
Thanking you
Sagar Acharya
https://humaaraartha.in



8 Sept 2023, 03:55 by stua...@longlandclan.id.au:

> On 7/9/23 20:44, Sagar Acharya wrote:
>
>> Let the mail providers have their setups. Is it possible to have a 
>> configuration where I have 2 servers, example.com example2.com where I can 
>> send and receive emails on ports say, 777 on plaintext, starttls optional 
>> and port 778 with smtps?
>>
>> Give me a configuration for such a thing.
>>
>> humaaraartha.in.       TXT        "v=spf1 ipv4:{myipv4address} -all"
>> humaaraartha.in.   TXT    "resports:777,778"
>>
> humaaraartha.in. humaaraartha.in.       MX          10 humaaraartha.in.
>
>> humaaraartha.in.       A              {myipv4address}
>> That is all you have, nothing more for both servers. Can you help me send 
>> and recieve mails on ports 777,778 with just above DNS and smtpd? I can add 
>> SRV records for detection of ports 777, 778 if you want.
>>
>
> Okay, not quite sure what the "resports" TXT record is achieving (a quick 
> search on the topic didn't reveal any documentation on how it was supposed to 
> work or correct syntax).  I won't labour the point about outgoing port 25 
> traffic since others have covered this already.
>
> You can of course use different ports between servers on an agreed-upon 
> manner.  e.g. say we have a server, bnemx.vk4msl.com, running OpenSMTPD:
>
>> vk4msl-bne# cat /etc/mail/smtpd.conf 
>>  #   $OpenBSD: 
>> smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles Exp $
>>
>> # This is the smtpd server system-wide configuration file.
>> # See smtpd.conf(5) for more information.
>>
>> #table aliases file:/etc/mail/aliases
>> table virtualdomains file:/etc/mail/virtualdomains
>> table virtualusers file:/etc/mail/virtualusers
>>
>> pki bnemx cert "/etc/ssl/bnemx.vk4msl.com.fullchain.pem"
>> pki bnemx key "/etc/ssl/private/bnemx.vk4msl.com.key"
>> pki bnemx dhe auto
>>
>> listen on socket
>> listen on all tls pki bnemx
>>
> … etc, I won't post the full config.
>
> Those `listen` lines are the key, from smtpd.conf manpage:
>
>> listen on interface [family] [options]
>>  Listen on the interface for incoming connections, using the same
>>  syntax as ifconfig(8).  The interface parameter may also be an
>>  interface group, an IP address, or a domain name.  Listening can
>>  optionally be restricted to a specific address family, which can
>>  be either inet4 or inet6.
>>
>
> In amongst the options:
>
>> port [port]
>>  Listen on the given port instead of the default port 25.
>>
>
> So if I chose to, I could add:
>
> listen on all port 777
>
> and then re-start smtpd, I'd now be listening on port 777.
>
> You could then tell your SMTP server to send to port 777 when sending to my 
> domain.
>
> But doing so would be useless:
> - no one else would bother using port 777/tcp: they would most likely use 
> port 25
> - you wouldn't be able to send to any other server, unless they too, chose to 
> use port 777/tcp.
>
> If you have a good proposal for how such alternative ports could be 
> advertised (maybe via DNS TXT record), perhaps you could propose that as a 
> Request For Comment to the Internet Engineering Task Force… and maybe if 
> enough people thought it was a good idea, it would be adopted with its own 
> official RFC number (like RFC-821, later replaced by RFC-2821 and RFC-5321).
>
> That though, won't mean instant ability to pick your own port number. The 
> "alternate port number" feature would then need to be added to the various 
> SMTP servers out there.  Then sysadmins would need to install that version.
>
> This may take years, or even never happen in some cases.  (Qmail is still 
> IPv4-only because the author believes IPv6 is unnecessary.)
>
> Regardless of what you think of spam or how to fight it, the truth is the 
> small fish don't make the rules in this game.  You and I are small fish.  
> I've been mucking around with mail servers pretty much this whole century so 
> far.
>
> I started with trialling something over dial-up (ever seen a 56kbps modem 
> screaming under the strain of an outbound mail queue stuffed with spam?  I 
> have!)… moved to using

Re: Setting personal mailserver

2023-09-07 Thread Stuart Longland


On 7/9/23 20:44, Sagar Acharya wrote:

Let the mail providers have their setups. Is it possible to have a 
configuration where I have 2 servers, example.com example2.com where I can send 
and receive emails on ports say, 777 on plaintext, starttls optional and port 
778 with smtps?

Give me a configuration for such a thing.

humaaraartha.in.       TXT        "v=spf1 ipv4:{myipv4address} -all"
humaaraartha.in.   TXT    "resports:777,778"

humaaraartha.in. humaaraartha.in.       MX          10 humaaraartha.in.

humaaraartha.in.       A              {myipv4address}
That is all you have, nothing more for both servers. Can you help me send and 
recieve mails on ports 777,778 with just above DNS and smtpd? I can add SRV 
records for detection of ports 777, 778 if you want.


Okay, not quite sure what the "resports" TXT record is achieving (a 
quick search on the topic didn't reveal any documentation on how it was 
supposed to work or correct syntax).  I won't labour the point about 
outgoing port 25 traffic since others have covered this already.


You can of course use different ports between servers on an agreed-upon 
manner.  e.g. say we have a server, bnemx.vk4msl.com, running OpenSMTPD:


vk4msl-bne# cat /etc/mail/smtpd.conf  
#   $OpenBSD: smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles Exp $


# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

#table aliases file:/etc/mail/aliases
table virtualdomains file:/etc/mail/virtualdomains
table virtualusers file:/etc/mail/virtualusers

pki bnemx cert "/etc/ssl/bnemx.vk4msl.com.fullchain.pem"
pki bnemx key "/etc/ssl/private/bnemx.vk4msl.com.key"
pki bnemx dhe auto

listen on socket
listen on all tls pki bnemx

… etc, I won't post the full config.

Those `listen` lines are the key, from smtpd.conf manpage:

 listen on interface [family] [options]
 Listen on the interface for incoming connections, using the same
 syntax as ifconfig(8).  The interface parameter may also be an
 interface group, an IP address, or a domain name.  Listening can
 optionally be restricted to a specific address family, which can
 be either inet4 or inet6.


In amongst the options:

 port [port]
 Listen on the given port instead of the default port 25.


So if I chose to, I could add:

listen on all port 777

and then re-start smtpd, I'd now be listening on port 777.

You could then tell your SMTP server to send to port 777 when sending to 
my domain.


But doing so would be useless:
- no one else would bother using port 777/tcp: they would most likely 
use port 25
- you wouldn't be able to send to any other server, unless they too, 
chose to use port 777/tcp.


If you have a good proposal for how such alternative ports could be 
advertised (maybe via DNS TXT record), perhaps you could propose that as 
a Request For Comment to the Internet Engineering Task Force… and maybe 
if enough people thought it was a good idea, it would be adopted with 
its own official RFC number (like RFC-821, later replaced by RFC-2821 
and RFC-5321).


That though, won't mean instant ability to pick your own port number. 
The "alternate port number" feature would then need to be added to the 
various SMTP servers out there.  Then sysadmins would need to install 
that version.


This may take years, or even never happen in some cases.  (Qmail is 
still IPv4-only because the author believes IPv6 is unnecessary.)


Regardless of what you think of spam or how to fight it, the truth is 
the small fish don't make the rules in this game.  You and I are small 
fish.  I've been mucking around with mail servers pretty much this whole 
century so far.


I started with trialling something over dial-up (ever seen a 56kbps 
modem screaming under the strain of an outbound mail queue stuffed with 
spam?  I have!)… moved to using Sendmail on an old Slackware server 
hosted on ADSL with 2GB SCSI disks and a self-signed HTTPS certificate 
for webmail in 2001.  Been running my own server ever since.


It's not impossible to do it yourself, and dealing with spam is a 
constant cat-and-mouse game.  Things have become more complex out of 
necessity (I didn't bother with DKIM until Google started mandating it 
for example), but even then, not overly difficult.


The minimum standard however has changed over the years as requirements 
changed.  That includes:


- outbound SMTP unblocked -- pretty much since forever since that's how 
TCP/IP works

- static IPv4 -- dynamic IPv4 has not been possible since ~2004 or so
- SPF DNS records -- since ~2010 or so
- DKIM signing and DMARC policies -- since ~2020

Some day, IPv6 may be a requirement as the IPv4 address space dries up.

It's no good "wishing" it to be different.  In the future it may become 
impossible for me to run my own server on the

Re: Setting personal mailserver

2023-09-07 Thread Pontus Stenetorp

On Thu 07 Sep 2023, Tassilo Philipp wrote:
> >
> > Give me a configuration for such a thing. 
> 
> I think several people mentioned by now reading the doc and getting
> familiar with email. This is not trying to be mean, I think you really
> would set it up faster by learning and using it, then also
> understanding it b/c you have to maintain it, than asking over and
> over for some config lines on here.

Seconding this and adding that there is excellent documentation out there that 
will take you all the way there if you bother to read it:

https://github.com/poolpOrg/OpenSMTPD-book

https://man.openbsd.org/smtpd

https://man.openbsd.org/smtpd.conf

https://man.openbsd.org/smtpctl

https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/#installing-and-configuring-dovecot

I would recommend reading them in that specific order, but I have a strong 
bottom up bias.

Re: Setting personal mailserver

2023-09-07 Thread Tassilo Philipp

Give me a configuration for such a thing.

I think several people mentioned by now reading the doc and getting
familiar with email. This is not trying to be mean, I think you really
would set it up faster by learning and using it, then also understanding
it b/c you have to maintain it, than asking over and over for some
config lines on here.

On Thu, Sep 07, 2023 at 12:44:07PM +0200, Sagar Acharya wrote:

I get you, I get you.

Give me a configuration for such a thing.

humaaraartha.in. TXT "v=spf1 ipv4:{myipv4address} -all"
humaaraartha.in. TXT "resports:777,778"humaaraartha.in. humaaraartha.in. MX 10 humaaraartha.in.
humaaraartha.in. A {myipv4address}
That is all you have, nothing more for both servers. Can you help me send and recieve mails on ports 777,778 with just above DNS and smtpd? I can add SRV records for detection of ports 777, 778 if you want.
Thanking you

Sagar Acharya
https://humaaraartha.in

7 Sept 2023, 15:33 by gil...@poolp.org:

September 7, 2023 11:44 AM, "Sagar Acharya" wrote:

In today's times of mature NLP, you will not be able to differentiate human mail from bot mail or
spam. Only in person verification is trustworthy.
No. Are you saying that only people who control the network should send mails? Well DNS exactly is
for that. If you find I send spams, you can easily easily block mails from my domain
humaaraartha.in but it is not wise nor ethical to by default not allow people to mail.

That issue lies because hardware is not mapped to people. There is no technological solution for
trust hopping between machines. ssh should be discouraged and each machine, denoted by single IP
address should be mapped to a human. So humaaraartha.in is run by Sagar Acharya.

My configuration of whitelisting does exactly that. In today's world where each grain can
potentially have an IPv6, I accept requests only from whitelist or at the very least accept from
everyone and prioritize the whitelist.

Well, what action should be implemented for sending emails. I don't get a sending action. I have
changed conf to

action "send" relay helo humaaraartha.inmatch from any for any action "send"
Thanking you

Sagar Acharya
https://humaaraartha.in

As many people told you, domestic connections are no longer suitable for sending mail, wether you
like it or not this is the actual state of the SMTP network and will remain like this because the
big mailer corps control most of the e-mail address space and have decided so. If you ignore this
then you'll be blocked from most recipients, you decide if it's acceptable for you.

Then, if you're domestic connection has outgoing port 25 filtered, you can't work around this and
need a relay host somewhere else that can accept mail on a different port with unfiltered port 25
for outgoing trafic. You can't just switch to a different port and expect it to work this shows a
misunderstanding of how networking, internet and SMTP works.

There's nothing that can be changed in your config that will fix this because the problem isn't a
configuration issue but an issue with understanding both what you're allowed and trying to do.

Re: Setting personal mailserver

2023-09-07 Thread Sagar Acharya

I get you, I get you.

Let the mail providers have their setups. Is it possible to have a 
configuration where I have 2 servers, example.com example2.com where I can send 
and receive emails on ports say, 777 on plaintext, starttls optional and port 
778 with smtps?

Give me a configuration for such a thing. 

humaaraartha.in.       TXT        "v=spf1 ipv4:{myipv4address} -all"
humaaraartha.in.   TXT    "resports:777,778"humaaraartha.in. 
humaaraartha.in.       MX          10 humaaraartha.in. 
humaaraartha.in.       A              {myipv4address}
That is all you have, nothing more for both servers. Can you help me send and 
recieve mails on ports 777,778 with just above DNS and smtpd? I can add SRV 
records for detection of ports 777, 778 if you want.
Thanking you
Sagar Acharya
https://humaaraartha.in



7 Sept 2023, 15:33 by gil...@poolp.org:

> September 7, 2023 11:44 AM, "Sagar Acharya"  wrote:
>
>> In today's times of mature NLP, you will not be able to differentiate human 
>> mail from bot mail or
>> spam. Only in person verification is trustworthy.
>> No. Are you saying that only people who control the network should send 
>> mails? Well DNS exactly is
>> for that. If you find I send spams, you can easily easily block mails from 
>> my domain
>> humaaraartha.in but it is not wise nor ethical to by default not allow 
>> people to mail.
>>
>> That issue lies because hardware is not mapped to people. There is no 
>> technological solution for
>> trust hopping between machines. ssh should be discouraged and each machine, 
>> denoted by single IP
>> address should be mapped to a human. So humaaraartha.in is run by Sagar 
>> Acharya.
>>
>> My configuration of whitelisting does exactly that. In today's world where 
>> each grain can
>> potentially have an IPv6, I accept requests only from whitelist or at the 
>> very least accept from
>> everyone and prioritize the whitelist.
>>
>> Well, what action should be implemented for sending emails. I don't get a 
>> sending action. I have
>> changed conf to
>>
>> action "send" relay helo humaaraartha.inmatch from any for any action "send"
>> Thanking you
>> Sagar Acharya
>> https://humaaraartha.in
>>
>
> As many people told you, domestic connections are no longer suitable for 
> sending mail, wether you
> like it or not this is the actual state of the SMTP network and will remain 
> like this because the
> big mailer corps control most of the e-mail address space and have decided 
> so. If you ignore this
> then you'll be blocked from most recipients, you decide if it's acceptable 
> for you.
>
>
> Then, if you're domestic connection has outgoing port 25 filtered, you can't 
> work around this and
> need a relay host somewhere else that can accept mail on a different port 
> with unfiltered port 25
> for outgoing trafic. You can't just switch to a different port and expect it 
> to work this shows a
> misunderstanding of how networking, internet and SMTP works.
>
> There's nothing that can be changed in your config that will fix this because 
> the problem isn't a
> configuration issue but an issue with understanding both what you're allowed 
> and trying to do.
>

Re: Setting personal mailserver

2023-09-07 Thread gilles

September 7, 2023 11:44 AM, "Sagar Acharya"  wrote:

> In today's times of mature NLP, you will not be able to differentiate human 
> mail from bot mail or
> spam. Only in person verification is trustworthy.
> No. Are you saying that only people who control the network should send 
> mails? Well DNS exactly is
> for that. If you find I send spams, you can easily easily block mails from my 
> domain
> humaaraartha.in but it is not wise nor ethical to by default not allow people 
> to mail.
> 
> That issue lies because hardware is not mapped to people. There is no 
> technological solution for
> trust hopping between machines. ssh should be discouraged and each machine, 
> denoted by single IP
> address should be mapped to a human. So humaaraartha.in is run by Sagar 
> Acharya.
> 
> My configuration of whitelisting does exactly that. In today's world where 
> each grain can
> potentially have an IPv6, I accept requests only from whitelist or at the 
> very least accept from
> everyone and prioritize the whitelist.
> 
> Well, what action should be implemented for sending emails. I don't get a 
> sending action. I have
> changed conf to
> 
> action "send" relay helo humaaraartha.inmatch from any for any action "send"
> Thanking you
> Sagar Acharya
> https://humaaraartha.in
> 

As many people told you, domestic connections are no longer suitable for 
sending mail, wether you
like it or not this is the actual state of the SMTP network and will remain 
like this because the
big mailer corps control most of the e-mail address space and have decided so. 
If you ignore this
then you'll be blocked from most recipients, you decide if it's acceptable for 
you.

Then, if you're domestic connection has outgoing port 25 filtered, you can't 
work around this and
need a relay host somewhere else that can accept mail on a different port with 
unfiltered port 25
for outgoing trafic. You can't just switch to a different port and expect it to 
work this shows a
misunderstanding of how networking, internet and SMTP works.

There's nothing that can be changed in your config that will fix this because 
the problem isn't a
configuration issue but an issue with understanding both what you're allowed 
and trying to do.

RE: Setting personal mailserver

2023-09-07 Thread Vigneshwaran Ravichandran

Dear Sagar,

What you mentioned is like, “Just because the grapevine is high on the tree, 
then it must be sour”. Hope you will learn some lessons and not put the blame 
on softwares or standards which is empowering critical part, communication.

Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows

From: Sagar Acharya<mailto:sagaracha...@tutanota.com>
Sent: Thursday, September 7, 2023 5:45 PM
To: Archange<mailto:archa...@activis.me>
Cc: Misc<mailto:misc@opensmtpd.org>
Subject: Re: Setting personal mailserver

In today's times of mature NLP, you will not be able to differentiate human 
mail from bot mail or spam. Only in person verification is trustworthy.
No. Are you saying that only people who control the network should send mails? 
Well DNS exactly is for that. If you find I send spams, you can easily easily 
block mails from my domain humaaraartha.in but it is not wise nor ethical to by 
default not allow people to mail.

That issue lies because hardware is not mapped to people. There is no 
technological solution for trust hopping between machines. ssh should be 
discouraged and each machine, denoted by single IP address should be mapped to 
a human. So humaaraartha.in is run by Sagar Acharya.

My configuration of whitelisting does exactly that. In today's world where each 
grain can potentially have an IPv6, I accept requests only from whitelist or at 
the very least accept from everyone and prioritize the whitelist.

Well, what action should be implemented for sending emails. I don't get a 
sending action. I have changed conf to

action "send" relay helo humaaraartha.inmatch from any for any action "send"
Thanking you
Sagar Acharya
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhumaaraartha.in%2F=05%7C01%7C%7Cd42530dd62fe4c9bf80d08dbaf87238e%7C84df9e7fe9f640afb435%7C1%7C0%7C638296767187028509%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=WMsP99lk%2BM%2FNu2%2BRluBbGYw6yC%2BnT%2Fz6ACk907tgWwY%3D=0<https://humaaraartha.in/>



7 Sept 2023, 14:53 by archa...@activis.me:

> This is not the 80–90’s anymore. Internet is not a friendly place, and the 
> bulk of emails sent today are spams. So most actors are leveraging everything 
> they can to reduce that, and a high entrance barrier to email sending is 
> definitively part of this plan.
>
> That’s why we have (fc)rDNS, SPF, DKIM… And regarding residential IPs, they 
> are hosts of the biggest botnets in the world, so residential ISP tend to 
> block port 25 outgoing by default to limit spam. Some provide you the option 
> to disable the port blocking, but very rare are those that allow you setting 
> the reverse.
>
> On my receiving ends (plural, I handle multiple email servers of various 
> sizes including some with thousands of users), cutting down non (fc)rDNS 
> compliant senders kills 99+% of spam attempts and I’ve never been reached by 
> someone having a false positive on that policy. I don’t see why anyone would 
> want to not have this amazing first layer fence.
>
> Regards.
>
> Le 07/09/2023 à 13:12, Sagar Acharya a écrit :
>
>> Or maybe we can simplify mail systems more. If mail, a system used to send 
>> messages across computers cannot work on "residential" IPs, then we can make 
>> it work on "residential" network since most nodes are "residential". You can 
>> look at.
>>
>> humaaraartha.in.   TXT
>>
>> And you'll find spf records there. Maybe it's just time to say, reduce the 
>> requirements of mail hosting to just static ip and DNS in a world where most 
>> don't even have a static ip!
>> Thanking you
>> Sagar Acharya
>> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhumaaraartha.in%2F=05%7C01%7C%7Cd42530dd62fe4c9bf80d08dbaf87238e%7C84df9e7fe9f640afb435%7C1%7C0%7C638296767187028509%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=WMsP99lk%2BM%2FNu2%2BRluBbGYw6yC%2BnT%2Fz6ACk907tgWwY%3D=0<https://humaaraartha.in/>
>>
>> P.S. I see that you're talking substance and truth to some extent but 
>> discarding residential IPs and this need for reverse dns is outrageous! What 
>> is the point of reverse DNS in today's world?
>> 7 Sept 2023, 14:25 by archa...@activis.me:
>>
>>> Learn the basics. Unfortunately, you do not seem to understand MTA/SMTP.
>>>
>>> So read maybe 
>>> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FpoolpOrg%2FOpenSMTPD-book=05%7C01%7C%7Cd42530dd62fe4c9bf80d08dbaf87238e%7C84df9e7fe9f640afb435%7C1%7C0%7C638296767187028509%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIi

Re: Setting personal mailserver

2023-09-07 Thread Sagar Acharya

In today's times of mature NLP, you will not be able to differentiate human 
mail from bot mail or spam. Only in person verification is trustworthy.
No. Are you saying that only people who control the network should send mails? 
Well DNS exactly is for that. If you find I send spams, you can easily easily 
block mails from my domain humaaraartha.in but it is not wise nor ethical to by 
default not allow people to mail.

That issue lies because hardware is not mapped to people. There is no 
technological solution for trust hopping between machines. ssh should be 
discouraged and each machine, denoted by single IP address should be mapped to 
a human. So humaaraartha.in is run by Sagar Acharya.

My configuration of whitelisting does exactly that. In today's world where each 
grain can potentially have an IPv6, I accept requests only from whitelist or at 
the very least accept from everyone and prioritize the whitelist.

Well, what action should be implemented for sending emails. I don't get a 
sending action. I have changed conf to

action "send" relay helo humaaraartha.inmatch from any for any action "send"
Thanking you
Sagar Acharya
https://humaaraartha.in



7 Sept 2023, 14:53 by archa...@activis.me:

> This is not the 80–90’s anymore. Internet is not a friendly place, and the 
> bulk of emails sent today are spams. So most actors are leveraging everything 
> they can to reduce that, and a high entrance barrier to email sending is 
> definitively part of this plan.
>
> That’s why we have (fc)rDNS, SPF, DKIM… And regarding residential IPs, they 
> are hosts of the biggest botnets in the world, so residential ISP tend to 
> block port 25 outgoing by default to limit spam. Some provide you the option 
> to disable the port blocking, but very rare are those that allow you setting 
> the reverse.
>
> On my receiving ends (plural, I handle multiple email servers of various 
> sizes including some with thousands of users), cutting down non (fc)rDNS 
> compliant senders kills 99+% of spam attempts and I’ve never been reached by 
> someone having a false positive on that policy. I don’t see why anyone would 
> want to not have this amazing first layer fence.
>
> Regards.
>
> Le 07/09/2023 à 13:12, Sagar Acharya a écrit :
>
>> Or maybe we can simplify mail systems more. If mail, a system used to send 
>> messages across computers cannot work on "residential" IPs, then we can make 
>> it work on "residential" network since most nodes are "residential". You can 
>> look at.
>>
>> humaaraartha.in.           TXT
>>
>> And you'll find spf records there. Maybe it's just time to say, reduce the 
>> requirements of mail hosting to just static ip and DNS in a world where most 
>> don't even have a static ip!
>> Thanking you
>> Sagar Acharya
>> https://humaaraartha.in
>>
>> P.S. I see that you're talking substance and truth to some extent but 
>> discarding residential IPs and this need for reverse dns is outrageous! What 
>> is the point of reverse DNS in today's world?
>> 7 Sept 2023, 14:25 by archa...@activis.me:
>>
>>> Learn the basics. Unfortunately, you do not seem to understand MTA/SMTP.
>>>
>>> So read maybe https://github.com/poolpOrg/OpenSMTPD-book, also 
>>> https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/,
>>>  and get a better understanding of SMTP/MTA requirements.
>>>
>>> A public IP is not enough, it has to be not residential or at least you of 
>>> course need port 25 to be open towards the world, which is not your case, 
>>> and you also need to be able to set the reverse for it, while currently
>>>
>>> humaaraartha.in.    IN    A    182.59.136.243
>>>
>>> but
>>>
>>> 243.136.59.182.in-addr.arpa.    IN    PTR 
>>> static-mum-182.59.136.243.mtnl.net.in.
>>>
>>> And I do not expect “Mahanagar Telephone Nigam Limited” to let you set that 
>>> reverse.
>>>
>>> So back to our options : either get a VPS or dedicated server somewhere 
>>> that allow port 25 and setting reverse, or use an email service provider 
>>> that would allow you to relay emails.
>>>
>>> Actually I’m not even sure that your available SMTP options 
>>> (Tutanota/GMail) would allow sending with an arbitrary MAIL FROM (i.e. one 
>>> that is not @tutanota.tld or @gmail.com), and as I don’t have an account on 
>>> either I cannot test that. So you would have to look into 
>>> https://man.openbsd.org/smtpd.conf#host and 
>>> https://man.openbsd.org/smtpd.conf#auth, and check whether any of your 
>>> email providers allow you to send email as @humaaraartha.in (and then you 
>>> might want to provide SPF records allowing them to do so).
>>>
>>> Regards.
>>>
>>> Le 06/09/2023 à 23:40, Sagar Acharya a écrit :
>>>
 So what's the solution? I have a public ip. Can you suggest an edit?
 Thanking you
 Sagar Acharya
 https://humaaraartha.in



 7 Sept 2023, 00:43 by archa...@activis.me:

> Hi,
>
> Le 06/09/2023 à 22:40, Sagar Acharya a écrit :
>
>> I

Re: Setting personal mailserver

2023-09-07 Thread Archange

This is not the 80–90’s anymore. Internet is not a friendly place, and 
the bulk of emails sent today are spams. So most actors are leveraging 
everything they can to reduce that, and a high entrance barrier to email 
sending is definitively part of this plan.


That’s why we have (fc)rDNS, SPF, DKIM… And regarding residential IPs, 
they are hosts of the biggest botnets in the world, so residential ISP 
tend to block port 25 outgoing by default to limit spam. Some provide 
you the option to disable the port blocking, but very rare are those 
that allow you setting the reverse.


On my receiving ends (plural, I handle multiple email servers of various 
sizes including some with thousands of users), cutting down non (fc)rDNS 
compliant senders kills 99+% of spam attempts and I’ve never been 
reached by someone having a false positive on that policy. I don’t see 
why anyone would want to not have this amazing first layer fence.


Regards.

Le 07/09/2023 à 13:12, Sagar Acharya a écrit :

Or maybe we can simplify mail systems more. If mail, a system used to send messages across computers cannot 
work on "residential" IPs, then we can make it work on "residential" network since most 
nodes are "residential". You can look at.

humaaraartha.in.           TXT

And you'll find spf records there. Maybe it's just time to say, reduce the 
requirements of mail hosting to just static ip and DNS in a world where most 
don't even have a static ip!
Thanking you
Sagar Acharya
https://humaaraartha.in

P.S. I see that you're talking substance and truth to some extent but 
discarding residential IPs and this need for reverse dns is outrageous! What is 
the point of reverse DNS in today's world?
7 Sept 2023, 14:25 by archa...@activis.me:


Learn the basics. Unfortunately, you do not seem to understand MTA/SMTP.

So read maybe https://github.com/poolpOrg/OpenSMTPD-book, also 
https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/,
 and get a better understanding of SMTP/MTA requirements.

A public IP is not enough, it has to be not residential or at least you of 
course need port 25 to be open towards the world, which is not your case, and 
you also need to be able to set the reverse for it, while currently

humaaraartha.in.    IN    A    182.59.136.243

but

243.136.59.182.in-addr.arpa.    IN    PTR static-mum-182.59.136.243.mtnl.net.in.

And I do not expect “Mahanagar Telephone Nigam Limited” to let you set that 
reverse.

So back to our options : either get a VPS or dedicated server somewhere that 
allow port 25 and setting reverse, or use an email service provider that would 
allow you to relay emails.

Actually I’m not even sure that your available SMTP options (Tutanota/GMail) 
would allow sending with an arbitrary MAIL FROM (i.e. one that is not 
@tutanota.tld or @gmail.com), and as I don’t have an account on either I cannot 
test that. So you would have to look into 
https://man.openbsd.org/smtpd.conf#host and 
https://man.openbsd.org/smtpd.conf#auth, and check whether any of your email 
providers allow you to send email as @humaaraartha.in (and then you might want 
to provide SPF records allowing them to do so).

Regards.

Le 06/09/2023 à 23:40, Sagar Acharya a écrit :


So what's the solution? I have a public ip. Can you suggest an edit?
Thanking you
Sagar Acharya
https://humaaraartha.in



7 Sept 2023, 00:43 by archa...@activis.me:


Hi,

Le 06/09/2023 à 22:40, Sagar Acharya a écrit :


I checked all network settings. They are perfect. Here is my conf below 
exactly. There's some issue with it.

== smtpd.conf ==
table aliases file:/etc/smtpd/aliases
table whitelist file:/etc/smtpd/whitelist

pki humaaraartha.in cert "path_to_fullchain"
pki humaaraartha.in key "path_to_privkey"

listen on 0.0.0.0 tls pki humaaraartha.in
listen on 0.0.0.0 smtps pki humaaraartha.in

action "local" maildir alias 
action "relay" relay host "smtps://humaaraartha.in" mail-from "@humaaraartha.in"


This line cannot work. You are asking to relay outgoing emails to your own 
server (host is the destination host — Jarod just linked the doc while I was 
writing). They won’t go anywhere. You cannot workaround port 25 being blocked 
by using another port, else port 25 would not be blocked anywhere. You have to 
use an external relay that will accept submission from you on port 465 (smtps) 
or 587 (submission) and then relay on port 25 to the world. That will likely 
have to be one you have an account on (gmail or tutatnota).

Regards.

Re: Setting personal mailserver

2023-09-07 Thread Sagar Acharya

Or maybe we can simplify mail systems more. If mail, a system used to send 
messages across computers cannot work on "residential" IPs, then we can make it 
work on "residential" network since most nodes are "residential". You can look 
at.

humaaraartha.in.           TXT

And you'll find spf records there. Maybe it's just time to say, reduce the 
requirements of mail hosting to just static ip and DNS in a world where most 
don't even have a static ip!
Thanking you
Sagar Acharya
https://humaaraartha.in

P.S. I see that you're talking substance and truth to some extent but 
discarding residential IPs and this need for reverse dns is outrageous! What is 
the point of reverse DNS in today's world?
7 Sept 2023, 14:25 by archa...@activis.me:

> Learn the basics. Unfortunately, you do not seem to understand MTA/SMTP.
>
> So read maybe https://github.com/poolpOrg/OpenSMTPD-book, also 
> https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/,
>  and get a better understanding of SMTP/MTA requirements.
>
> A public IP is not enough, it has to be not residential or at least you of 
> course need port 25 to be open towards the world, which is not your case, and 
> you also need to be able to set the reverse for it, while currently
>
> humaaraartha.in.    IN    A    182.59.136.243
>
> but
>
> 243.136.59.182.in-addr.arpa.    IN    PTR 
> static-mum-182.59.136.243.mtnl.net.in.
>
> And I do not expect “Mahanagar Telephone Nigam Limited” to let you set that 
> reverse.
>
> So back to our options : either get a VPS or dedicated server somewhere that 
> allow port 25 and setting reverse, or use an email service provider that 
> would allow you to relay emails.
>
> Actually I’m not even sure that your available SMTP options (Tutanota/GMail) 
> would allow sending with an arbitrary MAIL FROM (i.e. one that is not 
> @tutanota.tld or @gmail.com), and as I don’t have an account on either I 
> cannot test that. So you would have to look into 
> https://man.openbsd.org/smtpd.conf#host and 
> https://man.openbsd.org/smtpd.conf#auth, and check whether any of your email 
> providers allow you to send email as @humaaraartha.in (and then you might 
> want to provide SPF records allowing them to do so).
>
> Regards.
>
> Le 06/09/2023 à 23:40, Sagar Acharya a écrit :
>
>> So what's the solution? I have a public ip. Can you suggest an edit?
>> Thanking you
>> Sagar Acharya
>> https://humaaraartha.in
>>
>>
>>
>> 7 Sept 2023, 00:43 by archa...@activis.me:
>>
>>> Hi,
>>>
>>> Le 06/09/2023 à 22:40, Sagar Acharya a écrit :
>>>
 I checked all network settings. They are perfect. Here is my conf below 
 exactly. There's some issue with it.

 == smtpd.conf ==
 table aliases file:/etc/smtpd/aliases
 table whitelist file:/etc/smtpd/whitelist

 pki humaaraartha.in cert "path_to_fullchain"
 pki humaaraartha.in key "path_to_privkey"

 listen on 0.0.0.0 tls pki humaaraartha.in
 listen on 0.0.0.0 smtps pki humaaraartha.in

 action "local" maildir alias 
 action "relay" relay host "smtps://humaaraartha.in" mail-from 
 "@humaaraartha.in"

>>> This line cannot work. You are asking to relay outgoing emails to your own 
>>> server (host is the destination host — Jarod just linked the doc while I 
>>> was writing). They won’t go anywhere. You cannot workaround port 25 being 
>>> blocked by using another port, else port 25 would not be blocked anywhere. 
>>> You have to use an external relay that will accept submission from you on 
>>> port 465 (smtps) or 587 (submission) and then relay on port 25 to the 
>>> world. That will likely have to be one you have an account on (gmail or 
>>> tutatnota).
>>>
>>> Regards.
>>>

Re: Setting personal mailserver

2023-09-07 Thread Archange


Learn the basics. Unfortunately, you do not seem to understand MTA/SMTP.

So read maybe https://github.com/poolpOrg/OpenSMTPD-book, also 
https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/, 
and get a better understanding of SMTP/MTA requirements.


A public IP is not enough, it has to be not residential or at least you 
of course need port 25 to be open towards the world, which is not your 
case, and you also need to be able to set the reverse for it, while 
currently


humaaraartha.in.    IN    A    182.59.136.243

but

243.136.59.182.in-addr.arpa.    IN    PTR 
static-mum-182.59.136.243.mtnl.net.in.


And I do not expect “Mahanagar Telephone Nigam Limited” to let you set 
that reverse.


So back to our options : either get a VPS or dedicated server somewhere 
that allow port 25 and setting reverse, or use an email service provider 
that would allow you to relay emails.


Actually I’m not even sure that your available SMTP options 
(Tutanota/GMail) would allow sending with an arbitrary MAIL FROM (i.e. 
one that is not @tutanota.tld or @gmail.com), and as I don’t have an 
account on either I cannot test that. So you would have to look into 
https://man.openbsd.org/smtpd.conf#host and 
https://man.openbsd.org/smtpd.conf#auth, and check whether any of your 
email providers allow you to send email as @humaaraartha.in (and then 
you might want to provide SPF records allowing them to do so).


Regards.

Le 06/09/2023 à 23:40, Sagar Acharya a écrit :

So what's the solution? I have a public ip. Can you suggest an edit?
Thanking you
Sagar Acharya
https://humaaraartha.in



7 Sept 2023, 00:43 by archa...@activis.me:


Hi,

Le 06/09/2023 à 22:40, Sagar Acharya a écrit :


I checked all network settings. They are perfect. Here is my conf below 
exactly. There's some issue with it.

== smtpd.conf ==
table aliases file:/etc/smtpd/aliases
table whitelist file:/etc/smtpd/whitelist

pki humaaraartha.in cert "path_to_fullchain"
pki humaaraartha.in key "path_to_privkey"

listen on 0.0.0.0 tls pki humaaraartha.in
listen on 0.0.0.0 smtps pki humaaraartha.in

action "local" maildir alias 
action "relay" relay host "smtps://humaaraartha.in" mail-from "@humaaraartha.in"


This line cannot work. You are asking to relay outgoing emails to your own 
server (host is the destination host — Jarod just linked the doc while I was 
writing). They won’t go anywhere. You cannot workaround port 25 being blocked 
by using another port, else port 25 would not be blocked anywhere. You have to 
use an external relay that will accept submission from you on port 465 (smtps) 
or 587 (submission) and then relay on port 25 to the world. That will likely 
have to be one you have an account on (gmail or tutatnota).

Regards.

Re: Setting personal mailserver

2023-09-06 Thread Sagar Acharya

So what's the solution? I have a public ip. Can you suggest an edit?
Thanking you
Sagar Acharya
https://humaaraartha.in



7 Sept 2023, 00:43 by archa...@activis.me:

> Hi,
>
> Le 06/09/2023 à 22:40, Sagar Acharya a écrit :
>
>> I checked all network settings. They are perfect. Here is my conf below 
>> exactly. There's some issue with it.
>>
>> == smtpd.conf ==
>> table aliases file:/etc/smtpd/aliases
>> table whitelist file:/etc/smtpd/whitelist
>>
>> pki humaaraartha.in cert "path_to_fullchain"
>> pki humaaraartha.in key "path_to_privkey"
>>
>> listen on 0.0.0.0 tls pki humaaraartha.in
>> listen on 0.0.0.0 smtps pki humaaraartha.in
>>
>> action "local" maildir alias 
>> action "relay" relay host "smtps://humaaraartha.in" mail-from 
>> "@humaaraartha.in"
>>
>
> This line cannot work. You are asking to relay outgoing emails to your own 
> server (host is the destination host — Jarod just linked the doc while I was 
> writing). They won’t go anywhere. You cannot workaround port 25 being blocked 
> by using another port, else port 25 would not be blocked anywhere. You have 
> to use an external relay that will accept submission from you on port 465 
> (smtps) or 587 (submission) and then relay on port 25 to the world. That will 
> likely have to be one you have an account on (gmail or tutatnota).
>
> Regards.
>

Re: Setting personal mailserver

2023-09-06 Thread Archange


Hi,

Le 06/09/2023 à 22:40, Sagar Acharya a écrit :

I checked all network settings. They are perfect. Here is my conf below 
exactly. There's some issue with it.

== smtpd.conf ==
table aliases file:/etc/smtpd/aliases
table whitelist file:/etc/smtpd/whitelist

pki humaaraartha.in cert "path_to_fullchain"
pki humaaraartha.in key "path_to_privkey"

listen on 0.0.0.0 tls pki humaaraartha.in
listen on 0.0.0.0 smtps pki humaaraartha.in

action "local" maildir alias 
action "relay" relay host "smtps://humaaraartha.in" mail-from "@humaaraartha.in"


This line cannot work. You are asking to relay outgoing emails to your 
own server (host is the destination host — Jarod just linked the doc 
while I was writing). They won’t go anywhere. You cannot workaround port 
25 being blocked by using another port, else port 25 would not be 
blocked anywhere. You have to use an external relay that will accept 
submission from you on port 465 (smtps) or 587 (submission) and then 
relay on port 25 to the world. That will likely have to be one you have 
an account on (gmail or tutatnota).


Regards.

Re: Setting personal mailserver

2023-09-06 Thread Jarod G.


Hello,

in your configuration, you're relaying your emails to yourself.


action "relay" relay host"smtps://humaaraartha.in"  mail-from "@humaaraartha.in"


from smtpd.conf(5) :


host _relay-url_
 Do not perform MX lookups but relay messages to 
the relay

 host described by relay-url.


Since you're on a residential IP, i would suggest you to find a machine 
with a public v4/v6 address to use as a SMTP relay for both incoming and 
outcoming e-mails. (or you could use it directly to host your main 
opensmtpd instance)


Jarod G.

Le 06/09/2023 à 20:40, Sagar Acharya a écrit :

I checked all network settings. They are perfect. Here is my conf below 
exactly. There's some issue with it.

== smtpd.conf ==
table aliasesfile:/etc/smtpd/aliases
table whitelistfile:/etc/smtpd/whitelist

pki humaaraartha.in cert "path_to_fullchain"
pki humaaraartha.in key "path_to_privkey"

listen on 0.0.0.0 tls pki humaaraartha.in
listen on 0.0.0.0 smtps pki humaaraartha.in

action "local" maildir alias 
action "relay" relay host"smtps://humaaraartha.in"  mail-from "@humaaraartha.in"

match from mail-from  for domain "humaaraartha.in" action "local"
match for any action "relay"
match for local action local
#match from any reject
=

== whitelist =
sagaracha...@tutanota.com
anotherm...@gmail.com===

Network error on destination MXs.
I cannot send mails. I can receive them.
Thanking you
Sagar Acharya
https://humaaraartha.in



3 Sept 2023, 22:26 byalex.misc...@web.de:


Hello Sagar,


is the port reachable from your system? Check with netcat:


nc -v mydomain.com 465



Is the certificate chain complete and are you trusting the root CA?
Verify with openssl:


openssl s_client -connect  mydomain.com:465



(I assume "mydomain.com" is the anonymized form of your actual domain)




Also, as has been requested before: If people here offer their help you
should at least be posting your smtpd.conf file



Kind regards,


Alex




On 03.09.23 16:00, Sagar Acharya wrote:


I have set spf records, TXT as follows:

"v=spf1 ipv4:{myipv4address} -all"

You can dig them at humaaraartha.in

Everything looks spick and span and the error of

smtp-out: No valid route for 
[connector:[]->[relay:mydomain.com,port=465,smtps,mx],0x0]

still remains.
Thanking you
Sagar Acharya
https://humaaraartha.in



3 Sept 2023, 16:45 bys...@gamindustri.fr:


Hello,

Port 465 with implicit TLS for Submissions isn't outdated since RFC 8314, it's 
even the recommended way to use Submissions as STARTTLS (mostly used on 
tcp/587) is a security nightmare.

More details in this PR i made two months ago :
https://github.com/stalwartlabs/website/pull/1#issue-1812289068

Jarod G.

Le 03/09/2023 à 00:26, Reio Remma a écrit :


Port 465 is the deprecated SMTPS submission port, you can't send mail to that.

If you're trying to send out e-mail from a residential IP (even with an 
unblocked outoing port 25), you'll find more problems e.g. receiving servers 
not accepting your e-mails because of your IP having no FCrDNS etc.

Good luck
Reio

On 02.09.2023 21:56, Sagar Acharya wrote:


Port 25 outgoing is blocked. You were correct. I swotched to port 465 with 
config

action "relay" relay hostsmtps://mydomain.com

Such is the error message:
Again there is "Network error on destination MXs"

mta connecting address=smtps://{ipv4}:465 host={xyz}
mta error reason=IO Error: Connection refused
smtp-out: Disabling route [] <-> {ipv4} for 15s
smtp-out: No valid route for 
[connector:[]->[relay:mydomain.com,port=465,smtps,mx],0x0]

DNS

mydomain.com     MX       10 mydomain.com
Port 465 is perfectly open from ISP.
Thanking you
Sagar Acharya
https://humaaraartha.in



2 Sept 2023, 19:58 bytphil...@potion-studios.com:


I tested all of the IPs from your output, and all of them listen on port 25 and 
a smtp server is answering. So if you are relaying to those via port 25, and 
you get a network error (I guess a timeout), then I guess your outgoing port 25 
is blocked. This is relatively common with residential uplinks, ask your ISP to 
open port 25 for you.

That said... I'm only guessing here.


On Sat, Sep 02, 2023 at 03:52:37PM +0200, Sagar Acharya wrote:


I made some progress. I am able to receive mails now but when I send mail 
fromu...@mydomain.com  tosagaracha...@tutanota.com  using mutt , I get,

result="TempFail" stat="Network error on destination MXs"
smtp-out: Enabling route [] <-> 81.3.6.162 (w1.tutanota.de) smtp-out: Enabling route [] 
<-> 185.205.69.211 (185.205.69.211) smtp-out: Enabling route [] <-> 81.3.6.165 
(w4.tutanota.de)
mta error reason=Connection timeout


DNS

mydomain.com.    86400      IN        MX        10 mail.mydomain.com.

Thanking you
Sagar Acharya
https://humaaraartha.in



2 Sept 2023, 05:45 bybub...@live.de:


Hello, pls show your config file.

Mit freundlichen Grüßen, V.Bubnov


01.09.2023, в 21:43, Sagar Acharya  написал(а):

To enable being able to send

Re: Setting personal mailserver

2023-09-06 Thread Sagar Acharya

I checked all network settings. They are perfect. Here is my conf below 
exactly. There's some issue with it.

== smtpd.conf ==
table aliases file:/etc/smtpd/aliases
table whitelist file:/etc/smtpd/whitelist

pki humaaraartha.in cert "path_to_fullchain"
pki humaaraartha.in key "path_to_privkey"

listen on 0.0.0.0 tls pki humaaraartha.in
listen on 0.0.0.0 smtps pki humaaraartha.in

action "local" maildir alias 
action "relay" relay host "smtps://humaaraartha.in" mail-from "@humaaraartha.in"

match from mail-from  for domain "humaaraartha.in" action "local"
match for any action "relay"
match for local action local
#match from any reject
=

== whitelist =
sagaracha...@tutanota.com
anotherm...@gmail.com===

Network error on destination MXs.
I cannot send mails. I can receive them.
Thanking you
Sagar Acharya
https://humaaraartha.in



3 Sept 2023, 22:26 by alex.misc...@web.de:

> Hello Sagar,
>
>
> is the port reachable from your system? Check with netcat:
>
>
> nc -v mydomain.com 465
>
>
>
> Is the certificate chain complete and are you trusting the root CA?
> Verify with openssl:
>
>
> openssl s_client -connect  mydomain.com:465
>
>
>
> (I assume "mydomain.com" is the anonymized form of your actual domain)
>
>
>
>
> Also, as has been requested before: If people here offer their help you
> should at least be posting your smtpd.conf file
>
>
>
> Kind regards,
>
>
> Alex
>
>
>
>
> On 03.09.23 16:00, Sagar Acharya wrote:
>
>> I have set spf records, TXT as follows:
>>
>> "v=spf1 ipv4:{myipv4address} -all"
>>
>> You can dig them at humaaraartha.in
>>
>> Everything looks spick and span and the error of
>>
>> smtp-out: No valid route for 
>> [connector:[]->[relay:mydomain.com,port=465,smtps,mx],0x0]
>>
>> still remains.
>> Thanking you
>> Sagar Acharya
>> https://humaaraartha.in
>>
>>
>>
>> 3 Sept 2023, 16:45 by s...@gamindustri.fr:
>>
>>> Hello,
>>>
>>> Port 465 with implicit TLS for Submissions isn't outdated since RFC 8314, 
>>> it's even the recommended way to use Submissions as STARTTLS (mostly used 
>>> on tcp/587) is a security nightmare.
>>>
>>> More details in this PR i made two months ago :
>>> https://github.com/stalwartlabs/website/pull/1#issue-1812289068
>>>
>>> Jarod G.
>>>
>>> Le 03/09/2023 à 00:26, Reio Remma a écrit :
>>>
 Port 465 is the deprecated SMTPS submission port, you can't send mail to 
 that.

 If you're trying to send out e-mail from a residential IP (even with an 
 unblocked outoing port 25), you'll find more problems e.g. receiving 
 servers not accepting your e-mails because of your IP having no FCrDNS etc.

 Good luck
 Reio

 On 02.09.2023 21:56, Sagar Acharya wrote:

> Port 25 outgoing is blocked. You were correct. I swotched to port 465 
> with config
>
> action "relay" relay host smtps://mydomain.com
>
> Such is the error message:
> Again there is "Network error on destination MXs"
>
> mta connecting address=smtps://{ipv4}:465 host={xyz}
> mta error reason=IO Error: Connection refused
> smtp-out: Disabling route [] <-> {ipv4} for 15s
> smtp-out: No valid route for 
> [connector:[]->[relay:mydomain.com,port=465,smtps,mx],0x0]
>
> DNS
>
> mydomain.com     MX       10 mydomain.com
> Port 465 is perfectly open from ISP.
> Thanking you
> Sagar Acharya
> https://humaaraartha.in
>
>
>
> 2 Sept 2023, 19:58 by tphil...@potion-studios.com:
>
>> I tested all of the IPs from your output, and all of them listen on port 
>> 25 and a smtp server is answering. So if you are relaying to those via 
>> port 25, and you get a network error (I guess a timeout), then I guess 
>> your outgoing port 25 is blocked. This is relatively common with 
>> residential uplinks, ask your ISP to open port 25 for you.
>>
>> That said... I'm only guessing here.
>>
>>
>> On Sat, Sep 02, 2023 at 03:52:37PM +0200, Sagar Acharya wrote:
>>
>>> I made some progress. I am able to receive mails now but when I send 
>>> mail from u...@mydomain.com to sagaracha...@tutanota.com using mutt , I 
>>> get,
>>>
>>> result="TempFail" stat="Network error on destination MXs"
>>> smtp-out: Enabling route [] <-> 81.3.6.162 (w1.tutanota.de) smtp-out: 
>>> Enabling route [] <-> 185.205.69.211 (185.205.69.211) smtp-out: 
>>> Enabling route [] <-> 81.3.6.165 (w4.tutanota.de)
>>> mta error reason=Connection timeout
>>>
>>>
>>> DNS
>>>
>>> mydomain.com.    86400      IN        MX        10 mail.mydomain.com.
>>>
>>> Thanking you
>>> Sagar Acharya
>>> https://humaaraartha.in
>>>
>>>
>>>
>>> 2 Sept 2023, 05:45 by bub...@live.de:
>>>
 Hello, pls show your config file.

 Mit freundlichen Grüßen, V.Bubnov

> 01.09.2023, в 21:43, Sagar Acharya  
> написал(а):

Re: Setting personal mailserver

2023-09-03 Thread Alexander Mischke


Hello Sagar,


is the port reachable from your system? Check with netcat:


nc -v mydomain.com 465



Is the certificate chain complete and are you trusting the root CA?
Verify with openssl:


openssl s_client -connect  mydomain.com:465



(I assume "mydomain.com" is the anonymized form of your actual domain)




Also, as has been requested before: If people here offer their help you
should at least be posting your smtpd.conf file



Kind regards,


Alex




On 03.09.23 16:00, Sagar Acharya wrote:

I have set spf records, TXT as follows:

"v=spf1 ipv4:{myipv4address} -all"

You can dig them at humaaraartha.in

Everything looks spick and span and the error of

smtp-out: No valid route for 
[connector:[]->[relay:mydomain.com,port=465,smtps,mx],0x0]

still remains.
Thanking you
Sagar Acharya
https://humaaraartha.in



3 Sept 2023, 16:45 by s...@gamindustri.fr:


Hello,

Port 465 with implicit TLS for Submissions isn't outdated since RFC 8314, it's 
even the recommended way to use Submissions as STARTTLS (mostly used on 
tcp/587) is a security nightmare.

More details in this PR i made two months ago :
https://github.com/stalwartlabs/website/pull/1#issue-1812289068

Jarod G.

Le 03/09/2023 à 00:26, Reio Remma a écrit :


Port 465 is the deprecated SMTPS submission port, you can't send mail to that.

If you're trying to send out e-mail from a residential IP (even with an 
unblocked outoing port 25), you'll find more problems e.g. receiving servers 
not accepting your e-mails because of your IP having no FCrDNS etc.

Good luck
Reio

On 02.09.2023 21:56, Sagar Acharya wrote:


Port 25 outgoing is blocked. You were correct. I swotched to port 465 with 
config

action "relay" relay host smtps://mydomain.com

Such is the error message:
Again there is "Network error on destination MXs"

mta connecting address=smtps://{ipv4}:465 host={xyz}
mta error reason=IO Error: Connection refused
smtp-out: Disabling route [] <-> {ipv4} for 15s
smtp-out: No valid route for 
[connector:[]->[relay:mydomain.com,port=465,smtps,mx],0x0]

DNS

mydomain.com     MX       10 mydomain.com
Port 465 is perfectly open from ISP.
Thanking you
Sagar Acharya
https://humaaraartha.in



2 Sept 2023, 19:58 by tphil...@potion-studios.com:


I tested all of the IPs from your output, and all of them listen on port 25 and 
a smtp server is answering. So if you are relaying to those via port 25, and 
you get a network error (I guess a timeout), then I guess your outgoing port 25 
is blocked. This is relatively common with residential uplinks, ask your ISP to 
open port 25 for you.

That said... I'm only guessing here.


On Sat, Sep 02, 2023 at 03:52:37PM +0200, Sagar Acharya wrote:


I made some progress. I am able to receive mails now but when I send mail from 
u...@mydomain.com to sagaracha...@tutanota.com using mutt , I get,

result="TempFail" stat="Network error on destination MXs"
smtp-out: Enabling route [] <-> 81.3.6.162 (w1.tutanota.de) smtp-out: Enabling route [] 
<-> 185.205.69.211 (185.205.69.211) smtp-out: Enabling route [] <-> 81.3.6.165 
(w4.tutanota.de)
mta error reason=Connection timeout


DNS

mydomain.com.    86400      IN        MX        10 mail.mydomain.com.

Thanking you
Sagar Acharya
https://humaaraartha.in



2 Sept 2023, 05:45 by bub...@live.de:


Hello, pls show your config file.

Mit freundlichen Grüßen, V.Bubnov


01.09.2023, в 21:43, Sagar Acharya  написал(а):

To enable being able to send mails from my server, I added tls certs.

Now when I send from this email id to u...@mydomain.com , I get the error below.

530
5.5.1 Invalid command: Must issue an AUTH command first (in reply to MAIL FROM 
command)

Since STARTTLS is working on 25, I think things should go smoothly but it isn't 
so. Please help. Thanking you
Sagar Acharya
https://humaaraartha.in



1 Sept 2023, 20:52 by sagaracha...@tutanota.com:


I used mutt for accessing mail. I still am unable to send mail using my server. 
I can receive mails.

I also completed the whitelist. How can I do this?

I want to allow access only upto 25MB attachments from whitelisted emails and 
allow only 1email (only text based) per day from non-whitelisted emails. How do 
I do that?

How do I limit overall size of mailbox and auto-delete old mails?

Thanking you
Sagar Acharya
https://humaaraartha.in



1 Sept 2023, 14:04 by tphil...@potion-studios.com:


  From the doc (smtpd.conf(5)):

maildir [pathname [junk]]
Deliver the message to the maildir in pathname if
specified, or by default to ~/Maildir.

So given your config, you seem to get exactly what you configured.

For your "whitelist", create the match rules for your domains, and for 
everything else use a reject rule at the end.





On Fri, Sep 01, 2023 at 09:59:31AM +0200, Sagar Acharya wrote:

I got a mail, which lies in Maildir, however no mailbox is configured. Is there 
a default mailbox in alpine and how do I access the mail contents in

~/Maildir

My mails are under

~/Maildir/new/

Also, how do I whitelist email ids, say,

Re: Setting personal mailserver

2023-09-03 Thread Sagar Acharya

I have set spf records, TXT as follows:

"v=spf1 ipv4:{myipv4address} -all"

You can dig them at humaaraartha.in

Everything looks spick and span and the error of 

smtp-out: No valid route for 
[connector:[]->[relay:mydomain.com,port=465,smtps,mx],0x0]

still remains.
Thanking you
Sagar Acharya
https://humaaraartha.in



3 Sept 2023, 16:45 by s...@gamindustri.fr:

> Hello,
>
> Port 465 with implicit TLS for Submissions isn't outdated since RFC 8314, 
> it's even the recommended way to use Submissions as STARTTLS (mostly used on 
> tcp/587) is a security nightmare.
>
> More details in this PR i made two months ago :
> https://github.com/stalwartlabs/website/pull/1#issue-1812289068
>
> Jarod G.
>
> Le 03/09/2023 à 00:26, Reio Remma a écrit :
>
>> Port 465 is the deprecated SMTPS submission port, you can't send mail to 
>> that.
>>
>> If you're trying to send out e-mail from a residential IP (even with an 
>> unblocked outoing port 25), you'll find more problems e.g. receiving servers 
>> not accepting your e-mails because of your IP having no FCrDNS etc.
>>
>> Good luck
>> Reio
>>
>> On 02.09.2023 21:56, Sagar Acharya wrote:
>>
>>> Port 25 outgoing is blocked. You were correct. I swotched to port 465 with 
>>> config
>>>
>>> action "relay" relay host smtps://mydomain.com
>>>
>>> Such is the error message:
>>> Again there is "Network error on destination MXs"
>>>
>>> mta connecting address=smtps://{ipv4}:465 host={xyz}
>>> mta error reason=IO Error: Connection refused
>>> smtp-out: Disabling route [] <-> {ipv4} for 15s
>>> smtp-out: No valid route for 
>>> [connector:[]->[relay:mydomain.com,port=465,smtps,mx],0x0]
>>>
>>> DNS
>>>
>>> mydomain.com     MX       10 mydomain.com
>>> Port 465 is perfectly open from ISP.
>>> Thanking you
>>> Sagar Acharya
>>> https://humaaraartha.in
>>>
>>>
>>>
>>> 2 Sept 2023, 19:58 by tphil...@potion-studios.com:
>>>
 I tested all of the IPs from your output, and all of them listen on port 
 25 and a smtp server is answering. So if you are relaying to those via 
 port 25, and you get a network error (I guess a timeout), then I guess 
 your outgoing port 25 is blocked. This is relatively common with 
 residential uplinks, ask your ISP to open port 25 for you.

 That said... I'm only guessing here.


 On Sat, Sep 02, 2023 at 03:52:37PM +0200, Sagar Acharya wrote:

> I made some progress. I am able to receive mails now but when I send mail 
> from u...@mydomain.com to sagaracha...@tutanota.com using mutt , I get,
>
> result="TempFail" stat="Network error on destination MXs"
> smtp-out: Enabling route [] <-> 81.3.6.162 (w1.tutanota.de) smtp-out: 
> Enabling route [] <-> 185.205.69.211 (185.205.69.211) smtp-out: Enabling 
> route [] <-> 81.3.6.165 (w4.tutanota.de)
> mta error reason=Connection timeout
>
>
> DNS
>
> mydomain.com.    86400      IN        MX        10 mail.mydomain.com.
>
> Thanking you
> Sagar Acharya
> https://humaaraartha.in
>
>
>
> 2 Sept 2023, 05:45 by bub...@live.de:
>
>> Hello, pls show your config file.
>>
>> Mit freundlichen Grüßen, V.Bubnov
>>
>>> 01.09.2023, в 21:43, Sagar Acharya  
>>> написал(а):
>>>
>>> To enable being able to send mails from my server, I added tls certs.
>>>
>>> Now when I send from this email id to u...@mydomain.com , I get the 
>>> error below.
>>>
>>> 530
>>> 5.5.1 Invalid command: Must issue an AUTH command first (in reply to 
>>> MAIL FROM command)
>>>
>>> Since STARTTLS is working on 25, I think things should go smoothly but 
>>> it isn't so. Please help. Thanking you
>>> Sagar Acharya
>>> https://humaaraartha.in
>>>
>>>
>>>
>>> 1 Sept 2023, 20:52 by sagaracha...@tutanota.com:
>>>
 I used mutt for accessing mail. I still am unable to send mail using 
 my server. I can receive mails.

 I also completed the whitelist. How can I do this?

 I want to allow access only upto 25MB attachments from whitelisted 
 emails and allow only 1email (only text based) per day from 
 non-whitelisted emails. How do I do that?

 How do I limit overall size of mailbox and auto-delete old mails?

 Thanking you
 Sagar Acharya
 https://humaaraartha.in



 1 Sept 2023, 14:04 by tphil...@potion-studios.com:

>  From the doc (smtpd.conf(5)):
>
> maildir [pathname [junk]]
> Deliver the message to the maildir in pathname if
> specified, or by default to ~/Maildir.
>
> So given your config, you seem to get exactly what you configured.
>
> For your "whitelist", create the match rules for your domains, and 
> for everything else use a reject rule at the end.
>
>
>
>
>>

Re: Setting personal mailserver

2023-09-03 Thread Jarod G.


Hello,

Port 465 with implicit TLS for Submissions isn't outdated since RFC 
8314, it's even the recommended way to use Submissions as STARTTLS 
(mostly used on tcp/587) is a security nightmare.


More details in this PR i made two months ago :
https://github.com/stalwartlabs/website/pull/1#issue-1812289068

Jarod G.

Le 03/09/2023 à 00:26, Reio Remma a écrit :
Port 465 is the deprecated SMTPS submission port, you can't send mail 
to that.


If you're trying to send out e-mail from a residential IP (even with 
an unblocked outoing port 25), you'll find more problems e.g. 
receiving servers not accepting your e-mails because of your IP having 
no FCrDNS etc.


Good luck
Reio

On 02.09.2023 21:56, Sagar Acharya wrote:
Port 25 outgoing is blocked. You were correct. I swotched to port 465 
with config


action "relay" relay host smtps://mydomain.com

Such is the error message:
Again there is "Network error on destination MXs"

mta connecting address=smtps://{ipv4}:465 host={xyz}
mta error reason=IO Error: Connection refused
smtp-out: Disabling route [] <-> {ipv4} for 15s
smtp-out: No valid route for 
[connector:[]->[relay:mydomain.com,port=465,smtps,mx],0x0]


DNS

mydomain.com     MX       10 mydomain.com
Port 465 is perfectly open from ISP.
Thanking you
Sagar Acharya
https://humaaraartha.in



2 Sept 2023, 19:58 by tphil...@potion-studios.com:

I tested all of the IPs from your output, and all of them listen on 
port 25 and a smtp server is answering. So if you are relaying to 
those via port 25, and you get a network error (I guess a timeout), 
then I guess your outgoing port 25 is blocked. This is relatively 
common with residential uplinks, ask your ISP to open port 25 for you.


That said... I'm only guessing here.


On Sat, Sep 02, 2023 at 03:52:37PM +0200, Sagar Acharya wrote:

I made some progress. I am able to receive mails now but when I 
send mail from u...@mydomain.com to sagaracha...@tutanota.com using 
mutt , I get,


result="TempFail" stat="Network error on destination MXs"
smtp-out: Enabling route [] <-> 81.3.6.162 (w1.tutanota.de) 
smtp-out: Enabling route [] <-> 185.205.69.211 (185.205.69.211) 
smtp-out: Enabling route [] <-> 81.3.6.165 (w4.tutanota.de)

mta error reason=Connection timeout


DNS

mydomain.com.    86400      IN        MX        10 mail.mydomain.com.

Thanking you
Sagar Acharya
https://humaaraartha.in



2 Sept 2023, 05:45 by bub...@live.de:


Hello, pls show your config file.

Mit freundlichen Grüßen, V.Bubnov

01.09.2023, в 21:43, Sagar Acharya  
написал(а):


To enable being able to send mails from my server, I added tls 
certs.


Now when I send from this email id to u...@mydomain.com , I get 
the error below.


530
5.5.1 Invalid command: Must issue an AUTH command first (in reply 
to MAIL FROM command)


Since STARTTLS is working on 25, I think things should go 
smoothly but it isn't so. Please help. Thanking you

Sagar Acharya
https://humaaraartha.in



1 Sept 2023, 20:52 by sagaracha...@tutanota.com:

I used mutt for accessing mail. I still am unable to send mail 
using my server. I can receive mails.


I also completed the whitelist. How can I do this?

I want to allow access only upto 25MB attachments from 
whitelisted emails and allow only 1email (only text based) per 
day from non-whitelisted emails. How do I do that?


How do I limit overall size of mailbox and auto-delete old mails?

Thanking you
Sagar Acharya
https://humaaraartha.in



1 Sept 2023, 14:04 by tphil...@potion-studios.com:


 From the doc (smtpd.conf(5)):

maildir [pathname [junk]]
Deliver the message to the maildir in pathname if
specified, or by default to ~/Maildir.

So given your config, you seem to get exactly what you configured.

For your "whitelist", create the match rules for your domains, 
and for everything else use a reject rule at the end.






On Fri, Sep 01, 2023 at 09:59:31AM +0200, Sagar Acharya wrote:

I got a mail, which lies in Maildir, however no mailbox is 
configured. Is there a default mailbox in alpine and how do I 
access the mail contents in


~/Maildir

My mails are under

~/Maildir/new/

Also, how do I whitelist email ids, say, I want mails only from

f...@bar.com
f...@bar2.com
f...@bar3.com

That's it, no other mails.
Thanking you
Sagar Acharya
https://humaaraartha.in



1 Sept 2023, 12:42 by sagaracha...@tutanota.com:


How do I do that? What CLI tool do I use?

While starting the daemon, the configuration is OK as given 
in prompt.


With the DNS configuration I have, where can I send a mail, 
at u...@mydomain.com or at u...@mail.mydomain.com ?


Thanking you
Sagar Acharya
https://humaaraartha.in



31 Aug 2023, 01:06 by stu...@gathman.org:



On Wed, 30 Aug 2023, Sagar Acharya wrote:

I'm facing an issue similar to a person a while ago 
available on archive. I use alpine, and the conf is as below


There is nothing in the mailbox.

Are you looking with alpine, or with CLI tools like ls?  Use 
CLI tools to check that you've configured smtpd to store 
incoming mail

Re: Setting personal mailserver

2023-09-02 Thread Reio Remma

Port 465 is the deprecated SMTPS submission port, you can't send mail to 
that.


If you're trying to send out e-mail from a residential IP (even with an 
unblocked outoing port 25), you'll find more problems e.g. receiving 
servers not accepting your e-mails because of your IP having no FCrDNS etc.


Good luck
Reio

On 02.09.2023 21:56, Sagar Acharya wrote:

Port 25 outgoing is blocked. You were correct. I swotched to port 465 with 
config

action "relay" relay host smtps://mydomain.com

Such is the error message:
Again there is "Network error on destination MXs"

mta connecting address=smtps://{ipv4}:465 host={xyz}
mta error reason=IO Error: Connection refused
smtp-out: Disabling route [] <-> {ipv4} for 15s
smtp-out: No valid route for 
[connector:[]->[relay:mydomain.com,port=465,smtps,mx],0x0]

DNS

mydomain.com     MX       10 mydomain.com
Port 465 is perfectly open from ISP.
Thanking you
Sagar Acharya
https://humaaraartha.in



2 Sept 2023, 19:58 by tphil...@potion-studios.com:


I tested all of the IPs from your output, and all of them listen on port 25 and 
a smtp server is answering. So if you are relaying to those via port 25, and 
you get a network error (I guess a timeout), then I guess your outgoing port 25 
is blocked. This is relatively common with residential uplinks, ask your ISP to 
open port 25 for you.

That said... I'm only guessing here.


On Sat, Sep 02, 2023 at 03:52:37PM +0200, Sagar Acharya wrote:


I made some progress. I am able to receive mails now but when I send mail from 
u...@mydomain.com to sagaracha...@tutanota.com using mutt , I get,

result="TempFail" stat="Network error on destination MXs"
smtp-out: Enabling route [] <-> 81.3.6.162 (w1.tutanota.de) smtp-out: Enabling route [] 
<-> 185.205.69.211 (185.205.69.211) smtp-out: Enabling route [] <-> 81.3.6.165 
(w4.tutanota.de)
mta error reason=Connection timeout


DNS

mydomain.com.    86400      IN        MX        10 mail.mydomain.com.

Thanking you
Sagar Acharya
https://humaaraartha.in



2 Sept 2023, 05:45 by bub...@live.de:


Hello, pls show your config file.

Mit freundlichen Grüßen, V.Bubnov


01.09.2023, в 21:43, Sagar Acharya  написал(а):

To enable being able to send mails from my server, I added tls certs.

Now when I send from this email id to u...@mydomain.com , I get the error below.

530
5.5.1 Invalid command: Must issue an AUTH command first (in reply to MAIL FROM 
command)

Since STARTTLS is working on 25, I think things should go smoothly but it isn't 
so. Please help. Thanking you
Sagar Acharya
https://humaaraartha.in



1 Sept 2023, 20:52 by sagaracha...@tutanota.com:


I used mutt for accessing mail. I still am unable to send mail using my server. 
I can receive mails.

I also completed the whitelist. How can I do this?

I want to allow access only upto 25MB attachments from whitelisted emails and 
allow only 1email (only text based) per day from non-whitelisted emails. How do 
I do that?

How do I limit overall size of mailbox and auto-delete old mails?

Thanking you
Sagar Acharya
https://humaaraartha.in



1 Sept 2023, 14:04 by tphil...@potion-studios.com:


 From the doc (smtpd.conf(5)):

maildir [pathname [junk]]
Deliver the message to the maildir in pathname if
specified, or by default to ~/Maildir.

So given your config, you seem to get exactly what you configured.

For your "whitelist", create the match rules for your domains, and for 
everything else use a reject rule at the end.





On Fri, Sep 01, 2023 at 09:59:31AM +0200, Sagar Acharya wrote:

I got a mail, which lies in Maildir, however no mailbox is configured. Is there 
a default mailbox in alpine and how do I access the mail contents in

~/Maildir

My mails are under

~/Maildir/new/

Also, how do I whitelist email ids, say, I want mails only from

f...@bar.com
f...@bar2.com
f...@bar3.com

That's it, no other mails.
Thanking you
Sagar Acharya
https://humaaraartha.in



1 Sept 2023, 12:42 by sagaracha...@tutanota.com:


How do I do that? What CLI tool do I use?

While starting the daemon, the configuration is OK as given in prompt.

With the DNS configuration I have, where can I send a mail, at 
u...@mydomain.com or at u...@mail.mydomain.com ?

Thanking you
Sagar Acharya
https://humaaraartha.in



31 Aug 2023, 01:06 by stu...@gathman.org:



On Wed, 30 Aug 2023, Sagar Acharya wrote:


I'm facing an issue similar to a person a while ago available on archive. I use 
alpine, and the conf is as below

There is nothing in the mailbox.


Are you looking with alpine, or with CLI tools like ls?  Use CLI tools to check 
that you've configured smtpd to store incoming mail where you think you have.

I go so far as to use raw IPv6 for personal mailbox on various overlay mesh 
vpns like Cjdns and Yggdrasil (giving you personal authenticated IPs 
independent of any ISP).  I just caught up with an online friend that moved 
from Hawaii to New York.  Still works despite changes in ISP and ICANN domains.

Re: Setting personal mailserver

2023-09-02 Thread Sagar Acharya

Port 25 outgoing is blocked. You were correct. I swotched to port 465 with 
config 

action "relay" relay host smtps://mydomain.com

Such is the error message:
Again there is "Network error on destination MXs"

mta connecting address=smtps://{ipv4}:465 host={xyz}
mta error reason=IO Error: Connection refused
smtp-out: Disabling route [] <-> {ipv4} for 15s
smtp-out: No valid route for 
[connector:[]->[relay:mydomain.com,port=465,smtps,mx],0x0]

DNS

mydomain.com     MX       10 mydomain.com
Port 465 is perfectly open from ISP.
Thanking you
Sagar Acharya
https://humaaraartha.in



2 Sept 2023, 19:58 by tphil...@potion-studios.com:

> I tested all of the IPs from your output, and all of them listen on port 25 
> and a smtp server is answering. So if you are relaying to those via port 25, 
> and you get a network error (I guess a timeout), then I guess your outgoing 
> port 25 is blocked. This is relatively common with residential uplinks, ask 
> your ISP to open port 25 for you.
>
> That said... I'm only guessing here.
>
>
> On Sat, Sep 02, 2023 at 03:52:37PM +0200, Sagar Acharya wrote:
>
>> I made some progress. I am able to receive mails now but when I send mail 
>> from u...@mydomain.com to sagaracha...@tutanota.com using mutt , I get,
>>
>> result="TempFail" stat="Network error on destination MXs"
>> smtp-out: Enabling route [] <-> 81.3.6.162 (w1.tutanota.de) smtp-out: 
>> Enabling route [] <-> 185.205.69.211 (185.205.69.211) smtp-out: Enabling 
>> route [] <-> 81.3.6.165 (w4.tutanota.de)
>> mta error reason=Connection timeout
>>
>>
>> DNS
>>
>> mydomain.com.    86400      IN        MX        10 mail.mydomain.com.
>>
>> Thanking you
>> Sagar Acharya
>> https://humaaraartha.in
>>
>>
>>
>> 2 Sept 2023, 05:45 by bub...@live.de:
>>
>>> Hello, pls show your config file.
>>>
>>> Mit freundlichen Grüßen, V.Bubnov
>>>
 01.09.2023, в 21:43, Sagar Acharya  написал(а):

 To enable being able to send mails from my server, I added tls certs.

 Now when I send from this email id to u...@mydomain.com , I get the error 
 below.

 530
 5.5.1 Invalid command: Must issue an AUTH command first (in reply to MAIL 
 FROM command)

 Since STARTTLS is working on 25, I think things should go smoothly but it 
 isn't so. Please help. Thanking you
 Sagar Acharya
 https://humaaraartha.in



 1 Sept 2023, 20:52 by sagaracha...@tutanota.com:

> I used mutt for accessing mail. I still am unable to send mail using my 
> server. I can receive mails.
>
> I also completed the whitelist. How can I do this?
>
> I want to allow access only upto 25MB attachments from whitelisted emails 
> and allow only 1email (only text based) per day from non-whitelisted 
> emails. How do I do that?
>
> How do I limit overall size of mailbox and auto-delete old mails?
>
> Thanking you
> Sagar Acharya
> https://humaaraartha.in
>
>
>
> 1 Sept 2023, 14:04 by tphil...@potion-studios.com:
>
>> From the doc (smtpd.conf(5)):
>>
>> maildir [pathname [junk]]
>> Deliver the message to the maildir in pathname if
>> specified, or by default to ~/Maildir.
>>
>> So given your config, you seem to get exactly what you configured.
>>
>> For your "whitelist", create the match rules for your domains, and for 
>> everything else use a reject rule at the end.
>>
>>
>>
>>
>>> On Fri, Sep 01, 2023 at 09:59:31AM +0200, Sagar Acharya wrote:
>>>
>>> I got a mail, which lies in Maildir, however no mailbox is configured. 
>>> Is there a default mailbox in alpine and how do I access the mail 
>>> contents in
>>>
>>> ~/Maildir
>>>
>>> My mails are under
>>>
>>> ~/Maildir/new/
>>>
>>> Also, how do I whitelist email ids, say, I want mails only from
>>>
>>> f...@bar.com
>>> f...@bar2.com
>>> f...@bar3.com
>>>
>>> That's it, no other mails.
>>> Thanking you
>>> Sagar Acharya
>>> https://humaaraartha.in
>>>
>>>
>>>
>>> 1 Sept 2023, 12:42 by sagaracha...@tutanota.com:
>>>
 How do I do that? What CLI tool do I use?

 While starting the daemon, the configuration is OK as given in prompt.

 With the DNS configuration I have, where can I send a mail, at 
 u...@mydomain.com or at u...@mail.mydomain.com ?

 Thanking you
 Sagar Acharya
 https://humaaraartha.in



 31 Aug 2023, 01:06 by stu...@gathman.org:

>
>
> On Wed, 30 Aug 2023, Sagar Acharya wrote:
>
>> I'm facing an issue similar to a person a while ago available on 
>> archive. I use alpine, and the conf is as below
>>
>> There is nothing in the mailbox.
>>
>
> Are you looking with alpine, or with CLI tools like ls?  Use CLI

Re: Setting personal mailserver

2023-09-02 Thread Tassilo Philipp

I tested all of the IPs from your output, and all of them listen on port
25 and a smtp server is answering. So if you are relaying to those via
port 25, and you get a network error (I guess a timeout), then I guess
your outgoing port 25 is blocked. This is relatively common with
residential uplinks, ask your ISP to open port 25 for you.

That said... I'm only guessing here.

On Sat, Sep 02, 2023 at 03:52:37PM +0200, Sagar Acharya wrote:

I made some progress. I am able to receive mails now but when I send mail from
u...@mydomain.com to sagaracha...@tutanota.com using mutt , I get,

result="TempFail" stat="Network error on destination MXs"
smtp-out: Enabling route [] <-> 81.3.6.162 (w1.tutanota.de)
smtp-out: Enabling route [] <-> 185.205.69.211 (185.205.69.211)
smtp-out: Enabling route [] <-> 81.3.6.165 (w4.tutanota.de)

mta error reason=Connection timeout

DNS

mydomain.com. 86400 IN MX 10 mail.mydomain.com.

Thanking you
Sagar Acharya
https://humaaraartha.in

2 Sept 2023, 05:45 by bub...@live.de:

Hello, pls show your config file.

Mit freundlichen Grüßen, V.Bubnov

01.09.2023, в 21:43, Sagar Acharya написал(а):

To enable being able to send mails from my server, I added tls certs.

Now when I send from this email id to u...@mydomain.com , I get the error below.

530
5.5.1 Invalid command: Must issue an AUTH command first (in reply to MAIL
FROM command)

Since STARTTLS is working on 25, I think things should go smoothly but it isn't so. Please help.
Thanking you

Sagar Acharya
https://humaaraartha.in

1 Sept 2023, 20:52 by sagaracha...@tutanota.com:

I used mutt for accessing mail. I still am unable to send mail using my server.
I can receive mails.

I also completed the whitelist. How can I do this?

I want to allow access only upto 25MB attachments from whitelisted emails and
allow only 1email (only text based) per day from non-whitelisted emails. How do
I do that?

How do I limit overall size of mailbox and auto-delete old mails?

Thanking you
Sagar Acharya
https://humaaraartha.in

1 Sept 2023, 14:04 by tphil...@potion-studios.com:

From the doc (smtpd.conf(5)):

maildir [pathname [junk]]
Deliver the message to the maildir in pathname if
specified, or by default to ~/Maildir.

So given your config, you seem to get exactly what you configured.

For your "whitelist", create the match rules for your domains, and for
everything else use a reject rule at the end.

On Fri, Sep 01, 2023 at 09:59:31AM +0200, Sagar Acharya wrote:

I got a mail, which lies in Maildir, however no mailbox is configured. Is there
a default mailbox in alpine and how do I access the mail contents in

~/Maildir

My mails are under

~/Maildir/new/

Also, how do I whitelist email ids, say, I want mails only from

f...@bar.com
f...@bar2.com
f...@bar3.com

That's it, no other mails.
Thanking you
Sagar Acharya
https://humaaraartha.in

1 Sept 2023, 12:42 by sagaracha...@tutanota.com:

How do I do that? What CLI tool do I use?

While starting the daemon, the configuration is OK as given in prompt.

With the DNS configuration I have, where can I send a mail, at
u...@mydomain.com or at u...@mail.mydomain.com ?

Thanking you
Sagar Acharya
https://humaaraartha.in

31 Aug 2023, 01:06 by stu...@gathman.org:

On Wed, 30 Aug 2023, Sagar Acharya wrote:

I'm facing an issue similar to a person a while ago available on archive. I use
alpine, and the conf is as below

There is nothing in the mailbox.

Are you looking with alpine, or with CLI tools like ls? Use CLI tools to check
that you've configured smtpd to store incoming mail where you think you have.

I go so far as to use raw IPv6 for personal mailbox on various overlay mesh
vpns like Cjdns and Yggdrasil (giving you personal authenticated IPs
independent of any ISP). I just caught up with an online friend that moved
from Hawaii to New York. Still works despite changes in ISP and ICANN domains.

Re: Setting personal mailserver

2023-09-02 Thread Sagar Acharya

I made some progress. I am able to receive mails now but when I send mail from 
u...@mydomain.com to sagaracha...@tutanota.com using mutt , I get,

result="TempFail" stat="Network error on destination MXs"
smtp-out: Enabling route [] <-> 81.3.6.162 (w1.tutanota.de)
smtp-out: Enabling route [] <-> 185.205.69.211 (185.205.69.211)
smtp-out: Enabling route [] <-> 81.3.6.165 (w4.tutanota.de)
mta error reason=Connection timeout


DNS

mydomain.com.    86400      IN        MX        10 mail.mydomain.com.

Thanking you
Sagar Acharya
https://humaaraartha.in



2 Sept 2023, 05:45 by bub...@live.de:

> Hello, pls show your config file.
>
> Mit freundlichen Grüßen, V.Bubnov
>
>> 01.09.2023, в 21:43, Sagar Acharya  написал(а):
>>
>> To enable being able to send mails from my server, I added tls certs.
>>
>> Now when I send from this email id to u...@mydomain.com , I get the error 
>> below.
>>
>> 530
>> 5.5.1 Invalid command: Must issue an AUTH command first (in reply to MAIL
>> FROM command)
>>
>> Since STARTTLS is working on 25, I think things should go smoothly but it 
>> isn't so. Please help.
>> Thanking you
>> Sagar Acharya
>> https://humaaraartha.in
>>
>>
>>
>> 1 Sept 2023, 20:52 by sagaracha...@tutanota.com:
>>
>>> I used mutt for accessing mail. I still am unable to send mail using my 
>>> server. I can receive mails.
>>>
>>> I also completed the whitelist. How can I do this?
>>>
>>> I want to allow access only upto 25MB attachments from whitelisted emails 
>>> and allow only 1email (only text based) per day from non-whitelisted 
>>> emails. How do I do that?
>>>
>>> How do I limit overall size of mailbox and auto-delete old mails?
>>>
>>> Thanking you
>>> Sagar Acharya
>>> https://humaaraartha.in
>>>
>>>
>>>
>>> 1 Sept 2023, 14:04 by tphil...@potion-studios.com:
>>>
 From the doc (smtpd.conf(5)):

 maildir [pathname [junk]]
 Deliver the message to the maildir in pathname if
 specified, or by default to ~/Maildir.

 So given your config, you seem to get exactly what you configured.

 For your "whitelist", create the match rules for your domains, and for 
 everything else use a reject rule at the end.




> On Fri, Sep 01, 2023 at 09:59:31AM +0200, Sagar Acharya wrote:
>
> I got a mail, which lies in Maildir, however no mailbox is configured. Is 
> there a default mailbox in alpine and how do I access the mail contents in
>
> ~/Maildir
>
> My mails are under
>
> ~/Maildir/new/
>
> Also, how do I whitelist email ids, say, I want mails only from
>
> f...@bar.com
> f...@bar2.com
> f...@bar3.com
>
> That's it, no other mails.
> Thanking you
> Sagar Acharya
> https://humaaraartha.in
>
>
>
> 1 Sept 2023, 12:42 by sagaracha...@tutanota.com:
>
>> How do I do that? What CLI tool do I use?
>>
>> While starting the daemon, the configuration is OK as given in prompt.
>>
>> With the DNS configuration I have, where can I send a mail, at 
>> u...@mydomain.com or at u...@mail.mydomain.com ?
>>
>> Thanking you
>> Sagar Acharya
>> https://humaaraartha.in
>>
>>
>>
>> 31 Aug 2023, 01:06 by stu...@gathman.org:
>>
>>>
>>>
>>> On Wed, 30 Aug 2023, Sagar Acharya wrote:
>>>
 I'm facing an issue similar to a person a while ago available on 
 archive. I use alpine, and the conf is as below

 There is nothing in the mailbox.

>>>
>>> Are you looking with alpine, or with CLI tools like ls?  Use CLI tools 
>>> to check that you've configured smtpd to store incoming mail where you 
>>> think you have.
>>>
>>> I go so far as to use raw IPv6 for personal mailbox on various overlay 
>>> mesh vpns like Cjdns and Yggdrasil (giving you personal authenticated 
>>> IPs independent of any ISP).  I just caught up with an online friend 
>>> that moved from Hawaii to New York.  Still works despite changes in ISP 
>>> and ICANN domains.
>>>

Re: Setting personal mailserver

2023-09-02 Thread Tassilo Philipp

If you want to apply the logic you are asking for to emails that are 
transmitted, I think you need to work with custom filters for specific 
logic (e.g. looking only at attachment size, per day limits, etc.).


There is no "here you go" answer to that, or simple smtpd.conf 
statements that would do what you want.  For overall message size you 
can use max-message-size (see smtpd.conf(5)), but this doesn't sound 
like it fits your requirement.


That said: I also think you need to dig deeper into how email works, 
in general, and read the docs, thoroughly. Your questions here are 
either very broad, or they simply don't apply to this mailing list.


For example you are asking here how to limit the overall size of the 
mailbox and auto-delete old mails: the answer to that is, that it's 
simply not the SMTP server's job to do any of that, as SMTP is about 
email transmission, not about mailboxes.


In your case (from your original config example), your mailbox is a 
maildir on disk, which you could limit with file system tools, but you 
could use other message delivery agents (MDA) to have finer control of 
what ends up where. Read up on them. Either way, this is the wrong 
mailing list for that.




On Fri, Sep 01, 2023 at 05:22:20PM +0200, Sagar Acharya wrote:
I used mutt for accessing mail. I still am unable to send mail using 
my server. I can receive mails.


I also completed the whitelist. How can I do this?

I want to allow access only upto 25MB attachments from whitelisted 
emails and allow only 1email (only text based) per day from 
non-whitelisted emails. How do I do that?


How do I limit overall size of mailbox and auto-delete old mails? 
Thanking you

Sagar Acharya
https://humaaraartha.in



1 Sept 2023, 14:04 by tphil...@potion-studios.com:


From the doc (smtpd.conf(5)):

 maildir [pathname [junk]]
 Deliver the message to the maildir in pathname if
 specified, or by default to ~/Maildir.

So given your config, you seem to get exactly what you configured.

For your "whitelist", create the match rules for your domains, and for 
everything else use a reject rule at the end.




On Fri, Sep 01, 2023 at 09:59:31AM +0200, Sagar Acharya wrote:


I got a mail, which lies in Maildir, however no mailbox is configured. Is there 
a default mailbox in alpine and how do I access the mail contents in

~/Maildir

My mails are under

~/Maildir/new/

Also, how do I whitelist email ids, say, I want mails only from

f...@bar.com
f...@bar2.com
f...@bar3.com

That's it, no other mails.
Thanking you
Sagar Acharya
https://humaaraartha.in



1 Sept 2023, 12:42 by sagaracha...@tutanota.com:


How do I do that? What CLI tool do I use?

While starting the daemon, the configuration is OK as given in prompt.

With the DNS configuration I have, where can I send a mail, at 
u...@mydomain.com or at u...@mail.mydomain.com ?

Thanking you
Sagar Acharya
https://humaaraartha.in



31 Aug 2023, 01:06 by stu...@gathman.org:




On Wed, 30 Aug 2023, Sagar Acharya wrote:


I'm facing an issue similar to a person a while ago available on archive. I use 
alpine, and the conf is as below

There is nothing in the mailbox.



Are you looking with alpine, or with CLI tools like ls?  Use CLI tools to check 
that you've configured smtpd to store incoming mail where you think you have.

I go so far as to use raw IPv6 for personal mailbox on various overlay mesh 
vpns like Cjdns and Yggdrasil (giving you personal authenticated IPs 
independent of any ISP).  I just caught up with an online friend that moved 
from Hawaii to New York.  Still works despite changes in ISP and ICANN domains.

Re: Setting personal mailserver

2023-09-02 Thread Tassilo Philipp

The error is clear: whatever you connect to requires authentification,
before submitting the mail. So, provide that info.

Authentication is not TLS encryption, so no idea what you mean by you
added TLS certs and that STARTTLS should make it work: it's simply not
authentication.

On Fri, Sep 01, 2023 at 09:42:17PM +0200, Sagar Acharya wrote:

To enable being able to send mails from my server, I added tls certs.

Now when I send from this email id to u...@mydomain.com , I get the error below.

530
5.5.1 Invalid command: Must issue an AUTH command first (in reply to MAIL
FROM command)

Since STARTTLS is working on 25, I think things should go smoothly but it isn't so. Please help.
Thanking you

Sagar Acharya
https://humaaraartha.in

1 Sept 2023, 20:52 by sagaracha...@tutanota.com:

I used mutt for accessing mail. I still am unable to send mail using my server.
I can receive mails.

I also completed the whitelist. How can I do this?

I want to allow access only upto 25MB attachments from whitelisted emails and
allow only 1email (only text based) per day from non-whitelisted emails. How do
I do that?

How do I limit overall size of mailbox and auto-delete old mails?

Thanking you
Sagar Acharya
https://humaaraartha.in

1 Sept 2023, 14:04 by tphil...@potion-studios.com:

From the doc (smtpd.conf(5)):

maildir [pathname [junk]]
Deliver the message to the maildir in pathname if
specified, or by default to ~/Maildir.

So given your config, you seem to get exactly what you configured.

For your "whitelist", create the match rules for your domains, and for
everything else use a reject rule at the end.

On Fri, Sep 01, 2023 at 09:59:31AM +0200, Sagar Acharya wrote:

I got a mail, which lies in Maildir, however no mailbox is configured. Is there
a default mailbox in alpine and how do I access the mail contents in

~/Maildir

My mails are under

~/Maildir/new/

Also, how do I whitelist email ids, say, I want mails only from

f...@bar.com
f...@bar2.com
f...@bar3.com

That's it, no other mails.
Thanking you
Sagar Acharya
https://humaaraartha.in

1 Sept 2023, 12:42 by sagaracha...@tutanota.com:

How do I do that? What CLI tool do I use?

While starting the daemon, the configuration is OK as given in prompt.

With the DNS configuration I have, where can I send a mail, at
u...@mydomain.com or at u...@mail.mydomain.com ?

Thanking you
Sagar Acharya
https://humaaraartha.in

31 Aug 2023, 01:06 by stu...@gathman.org:

On Wed, 30 Aug 2023, Sagar Acharya wrote:

I'm facing an issue similar to a person a while ago available on archive. I use
alpine, and the conf is as below

There is nothing in the mailbox.

Are you looking with alpine, or with CLI tools like ls? Use CLI tools to check
that you've configured smtpd to store incoming mail where you think you have.

Re: Setting personal mailserver

2023-09-01 Thread Sagar Acharya

To enable being able to send mails from my server, I added tls certs.

Now when I send from this email id to u...@mydomain.com , I get the error below.

530
5.5.1 Invalid command: Must issue an AUTH command first (in reply to MAIL
FROM command)

Since STARTTLS is working on 25, I think things should go smoothly but it isn't 
so. Please help.
Thanking you
Sagar Acharya
https://humaaraartha.in



1 Sept 2023, 20:52 by sagaracha...@tutanota.com:

> I used mutt for accessing mail. I still am unable to send mail using my 
> server. I can receive mails.
>
> I also completed the whitelist. How can I do this?
>
> I want to allow access only upto 25MB attachments from whitelisted emails and 
> allow only 1email (only text based) per day from non-whitelisted emails. How 
> do I do that?
>
> How do I limit overall size of mailbox and auto-delete old mails?
>
> Thanking you
> Sagar Acharya
> https://humaaraartha.in
>
>
>
> 1 Sept 2023, 14:04 by tphil...@potion-studios.com:
>
>> From the doc (smtpd.conf(5)):
>>
>> maildir [pathname [junk]]
>> Deliver the message to the maildir in pathname if
>> specified, or by default to ~/Maildir.
>>
>> So given your config, you seem to get exactly what you configured.
>>
>> For your "whitelist", create the match rules for your domains, and for 
>> everything else use a reject rule at the end.
>>
>>
>>
>>
>> On Fri, Sep 01, 2023 at 09:59:31AM +0200, Sagar Acharya wrote:
>>
>>> I got a mail, which lies in Maildir, however no mailbox is configured. Is 
>>> there a default mailbox in alpine and how do I access the mail contents in
>>>
>>> ~/Maildir
>>>
>>> My mails are under
>>>
>>> ~/Maildir/new/
>>>
>>> Also, how do I whitelist email ids, say, I want mails only from
>>>
>>> f...@bar.com
>>> f...@bar2.com
>>> f...@bar3.com
>>>
>>> That's it, no other mails.
>>> Thanking you
>>> Sagar Acharya
>>> https://humaaraartha.in
>>>
>>>
>>>
>>> 1 Sept 2023, 12:42 by sagaracha...@tutanota.com:
>>>
 How do I do that? What CLI tool do I use?

 While starting the daemon, the configuration is OK as given in prompt.

 With the DNS configuration I have, where can I send a mail, at 
 u...@mydomain.com or at u...@mail.mydomain.com ?

 Thanking you
 Sagar Acharya
 https://humaaraartha.in



 31 Aug 2023, 01:06 by stu...@gathman.org:

>
>
> On Wed, 30 Aug 2023, Sagar Acharya wrote:
>
>> I'm facing an issue similar to a person a while ago available on 
>> archive. I use alpine, and the conf is as below
>>
>> There is nothing in the mailbox.
>>
>
> Are you looking with alpine, or with CLI tools like ls?  Use CLI tools to 
> check that you've configured smtpd to store incoming mail where you think 
> you have.
>
> I go so far as to use raw IPv6 for personal mailbox on various overlay 
> mesh vpns like Cjdns and Yggdrasil (giving you personal authenticated IPs 
> independent of any ISP).  I just caught up with an online friend that 
> moved from Hawaii to New York.  Still works despite changes in ISP and 
> ICANN domains.
>

Re: Setting personal mailserver

2023-09-01 Thread Sagar Acharya

I used mutt for accessing mail. I still am unable to send mail using my server. 
I can receive mails.

I also completed the whitelist. How can I do this?

I want to allow access only upto 25MB attachments from whitelisted emails and 
allow only 1email (only text based) per day from non-whitelisted emails. How do 
I do that?

How do I limit overall size of mailbox and auto-delete old mails?
Thanking you
Sagar Acharya
https://humaaraartha.in

1 Sept 2023, 14:04 by tphil...@potion-studios.com:

> From the doc (smtpd.conf(5)):
>
>  maildir [pathname [junk]]
>  Deliver the message to the maildir in pathname if
>  specified, or by default to ~/Maildir.
>
> So given your config, you seem to get exactly what you configured.
>
> For your "whitelist", create the match rules for your domains, and for 
> everything else use a reject rule at the end.
>
>
>
>
> On Fri, Sep 01, 2023 at 09:59:31AM +0200, Sagar Acharya wrote:
>
>> I got a mail, which lies in Maildir, however no mailbox is configured. Is 
>> there a default mailbox in alpine and how do I access the mail contents in
>>
>> ~/Maildir
>>
>> My mails are under
>>
>> ~/Maildir/new/
>>
>> Also, how do I whitelist email ids, say, I want mails only from
>>
>> f...@bar.com
>> f...@bar2.com
>> f...@bar3.com
>>
>> That's it, no other mails.
>> Thanking you
>> Sagar Acharya
>> https://humaaraartha.in
>>
>>
>>
>> 1 Sept 2023, 12:42 by sagaracha...@tutanota.com:
>>
>>> How do I do that? What CLI tool do I use?
>>>
>>> While starting the daemon, the configuration is OK as given in prompt.
>>>
>>> With the DNS configuration I have, where can I send a mail, at 
>>> u...@mydomain.com or at u...@mail.mydomain.com ?
>>>
>>> Thanking you
>>> Sagar Acharya
>>> https://humaaraartha.in
>>>
>>>
>>>
>>> 31 Aug 2023, 01:06 by stu...@gathman.org:
>>>

 On Wed, 30 Aug 2023, Sagar Acharya wrote:

> I'm facing an issue similar to a person a while ago available on archive. 
> I use alpine, and the conf is as below
>
> There is nothing in the mailbox.
>

 Are you looking with alpine, or with CLI tools like ls?  Use CLI tools to 
 check that you've configured smtpd to store incoming mail where you think 
 you have.

 I go so far as to use raw IPv6 for personal mailbox on various overlay 
 mesh vpns like Cjdns and Yggdrasil (giving you personal authenticated IPs 
 independent of any ISP).  I just caught up with an online friend that 
 moved from Hawaii to New York.  Still works despite changes in ISP and 
 ICANN domains.

Re: Setting personal mailserver

2023-09-01 Thread Tassilo Philipp


From the doc (smtpd.conf(5)):

   maildir [pathname [junk]]
 Deliver the message to the maildir in pathname if
 specified, or by default to ~/Maildir.

So given your config, you seem to get exactly what you configured.

For your "whitelist", create the match rules for your domains, and for 
everything else use a reject rule at the end.





On Fri, Sep 01, 2023 at 09:59:31AM +0200, Sagar Acharya wrote:

I got a mail, which lies in Maildir, however no mailbox is configured. Is there 
a default mailbox in alpine and how do I access the mail contents in

~/Maildir

My mails are under

~/Maildir/new/

Also, how do I whitelist email ids, say, I want mails only from

f...@bar.com
f...@bar2.com
f...@bar3.com

That's it, no other mails.
Thanking you
Sagar Acharya
https://humaaraartha.in



1 Sept 2023, 12:42 by sagaracha...@tutanota.com:


How do I do that? What CLI tool do I use?

While starting the daemon, the configuration is OK as given in prompt.

With the DNS configuration I have, where can I send a mail, at 
u...@mydomain.com or at u...@mail.mydomain.com ?

Thanking you
Sagar Acharya
https://humaaraartha.in



31 Aug 2023, 01:06 by stu...@gathman.org:




On Wed, 30 Aug 2023, Sagar Acharya wrote:

I'm facing an issue similar to a person a while ago available on 
archive. I use alpine, and the conf is as below


There is nothing in the mailbox.



Are you looking with alpine, or with CLI tools like ls?  Use CLI tools 
to check that you've configured smtpd to store incoming mail where you 
think you have.


I go so far as to use raw IPv6 for personal mailbox on various overlay 
mesh vpns like Cjdns and Yggdrasil (giving you personal authenticated 
IPs independent of any ISP).  I just caught up with an online 
friend that moved from Hawaii to New York.  Still works despite changes 
in ISP and ICANN domains.

Re: Setting personal mailserver

2023-09-01 Thread Sagar Acharya

I got a mail, which lies in Maildir, however no mailbox is configured. Is there 
a default mailbox in alpine and how do I access the mail contents in

~/Maildir

My mails are under

~/Maildir/new/

Also, how do I whitelist email ids, say, I want mails only from

f...@bar.com
f...@bar2.com
f...@bar3.com

That's it, no other mails.
Thanking you
Sagar Acharya
https://humaaraartha.in



1 Sept 2023, 12:42 by sagaracha...@tutanota.com:

> How do I do that? What CLI tool do I use?
>
> While starting the daemon, the configuration is OK as given in prompt.
>
> With the DNS configuration I have, where can I send a mail, at 
> u...@mydomain.com or at u...@mail.mydomain.com ?
>
> Thanking you
> Sagar Acharya
> https://humaaraartha.in
>
>
>
> 31 Aug 2023, 01:06 by stu...@gathman.org:
>
>>
>>
>> On Wed, 30 Aug 2023, Sagar Acharya wrote:
>>
>>> I'm facing an issue similar to a person a while ago available on
>>> archive. I use alpine, and the conf is as below
>>>
>>> There is nothing in the mailbox.
>>>
>>
>> Are you looking with alpine, or with CLI tools like ls?  Use CLI tools
>> to check that you've configured smtpd to store incoming mail where you
>> think you have.
>>
>> I go so far as to use raw IPv6 for personal mailbox on various overlay
>> mesh vpns like Cjdns and Yggdrasil (giving you personal authenticated
>> IPs independent of any ISP).  I just caught up with an online
>> friend that moved from Hawaii to New York.  Still works despite changes
>> in ISP and ICANN domains.
>>

Re: Setting personal mailserver

2023-09-01 Thread Sagar Acharya

How do I do that? What CLI tool do I use?

While starting the daemon, the configuration is OK as given in prompt.
With the DNS configuration I have, where can I send a mail, at 
u...@mydomain.com or at u...@mail.mydomain.com ?
Thanking you
Sagar Acharya
https://humaaraartha.in



31 Aug 2023, 01:06 by stu...@gathman.org:

>
>
> On Wed, 30 Aug 2023, Sagar Acharya wrote:
>
>> I'm facing an issue similar to a person a while ago available on
>> archive. I use alpine, and the conf is as below
>>
>> There is nothing in the mailbox.
>>
>
> Are you looking with alpine, or with CLI tools like ls?  Use CLI tools
> to check that you've configured smtpd to store incoming mail where you
> think you have.
>
> I go so far as to use raw IPv6 for personal mailbox on various overlay
> mesh vpns like Cjdns and Yggdrasil (giving you personal authenticated
> IPs independent of any ISP).  I just caught up with an online
> friend that moved from Hawaii to New York.  Still works despite changes
> in ISP and ICANN domains.
>

Re: Setting personal mailserver

2023-08-30 Thread Stuart D Gathman





On Wed, 30 Aug 2023, Sagar Acharya wrote:


I'm facing an issue similar to a person a while ago available on
archive. I use alpine, and the conf is as below



There is nothing in the mailbox.


Are you looking with alpine, or with CLI tools like ls?  Use CLI tools
to check that you've configured smtpd to store incoming mail where you
think you have.

I go so far as to use raw IPv6 for personal mailbox on various overlay
mesh vpns like Cjdns and Yggdrasil (giving you personal authenticated
IPs independent of any ISP).  I just caught up with an online
friend that moved from Hawaii to New York.  Still works despite changes
in ISP and ICANN domains.

Setting personal mailserver

2023-08-30 Thread Sagar Acharya

I'm facing an issue similar to a person a while ago available on archive. I use 
alpine, and the conf is as below


table aliases file:/etc/smtpd/aliases

listen on eth0

action "local" maildir alias 
action "relay" relay

match from any for domain "mydomain.com" action "local"
match for local action "local"
match from local for any action "relay"

DNS
--
mail.mydomain.com.       MX       10        mydomain.com.--

smtpd is running and when I send a mail to u...@mydomain.com or 
u...@mail.mydomain.com

There is nothing in the mailbox.
Thanking you
Sagar Acharya
https://humaaraartha.in

38 matches

Mail list logo